* [PATCH 6.0 000/314] 6.0.10-rc1 review
@ 2022-11-23 8:47 Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 001/314] mtd: rawnand: qcom: handle ret from parse with codeword_fixup Greg Kroah-Hartman
` (321 more replies)
0 siblings, 322 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
This is the start of the stable review cycle for the 6.0.10 release.
There are 314 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.10-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.0.10-rc1
Hawkins Jiawei <yin31149@gmail.com>
ntfs: check overflow when iterating ATTR_RECORDs
Hawkins Jiawei <yin31149@gmail.com>
ntfs: fix out-of-bounds read in ntfs_attr_find()
Hawkins Jiawei <yin31149@gmail.com>
ntfs: fix use-after-free in ntfs_attr_find()
Jiri Olsa <jolsa@kernel.org>
bpf: Prevent bpf program recursion for raw tracepoint probes
Dominique Martinet <asmadeus@codewreck.org>
net/9p: use a dedicated spinlock for trans_fd
Alexander Potapenko <glider@google.com>
mm: fs: initialize fsdata passed to write_begin/write_end interface
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered
Hawkins Jiawei <yin31149@gmail.com>
wifi: wext: use flex array destination for memcpy()
Kees Cook <keescook@chromium.org>
netlink: Bounds-check struct nlmsgerr creation
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
9p/trans_fd: always use O_NONBLOCK read/write
Andreas Gruenbacher <agruenba@redhat.com>
gfs2: Switch from strlcpy to strscpy
Andrew Price <anprice@redhat.com>
gfs2: Check sb_bsize_shift after reading superblock
Dominique Martinet <asmadeus@codewreck.org>
9p: trans_fd/p9_conn_cancel: drop client lock earlier
Eiichi Tsukata <eiichi.tsukata@nutanix.com>
KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()
Eric Dumazet <edumazet@google.com>
kcm: avoid potential race in kcm_tx_work
Eric Dumazet <edumazet@google.com>
tcp: cdg: allow tcp_cdg_release() to be called multiple times
Eric Dumazet <edumazet@google.com>
macvlan: enforce a consistent minimal mtu
Chen Jun <chenjun102@huawei.com>
Input: i8042 - fix leaking of platform device on module removal
Liu Shixin <liushixin2@huawei.com>
arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
Zheng Yejian <zhengyejian1@huawei.com>
tracing: Fix potential null-pointer-access of entry in list 'tr->err_log'
Li Huafei <lihuafei1@huawei.com>
kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
Yuan Can <yuancan@huawei.com>
scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
Yang Yingliang <yangyingliang@huawei.com>
scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
Hangbin Liu <liuhangbin@gmail.com>
net: use struct_group to copy ip/ipv6 header addresses
Alexandru Tachici <alexandru.tachici@analog.com>
net: usb: smsc95xx: fix external PHY reset
Aashish Sharma <shraash@google.com>
tracing: Fix warning on variable 'struct trace_array'
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Include dropped pages in counting dirty patches
Ravi Bangoria <ravi.bangoria@amd.com>
perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling
Jason Gunthorpe <jgg@ziepe.ca>
vfio: Split the register_device ops call into functions
Jason Gunthorpe <jgg@ziepe.ca>
vfio: Rename vfio_ioctl_check_extension()
Marco Elver <elver@google.com>
perf: Improve missing SIGTRAP checking
Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
ASoC: SOF: topology: No need to assign core ID if token parsing failed
Keith Busch <kbusch@kernel.org>
nvme: ensure subsystem reset is single threaded
Keith Busch <kbusch@kernel.org>
nvme: restrict management ioctls to admin
Adrian Hunter <adrian.hunter@intel.com>
perf/x86/intel/pt: Fix sampling using single range output
Sandipan Das <sandipan.das@amd.com>
perf/x86/amd/uncore: Fix memory leak for events array
Mel Gorman <mgorman@techsingularity.net>
x86/fpu: Drop fpregs lock before inheriting FPU permissions
Borys Popławski <borysp@invisiblethingslab.com>
x86/sgx: Add overflow check in sgx_validate_offset_length()
Chris Mason <clm@fb.com>
blk-cgroup: properly pin the parent in blkcg_css_online
Alexander Potapenko <glider@google.com>
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
Gerald Schaefer <gerald.schaefer@linux.ibm.com>
s390/dcssblk: fix deadlock when adding a DCSS
Akira Yokosawa <akiyks@gmail.com>
docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c
Shuah Khan <skhan@linuxfoundation.org>
docs: update mediator contact information in CoC doc
Xiongfeng Wang <wangxiongfeng2@huawei.com>
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
Chevron Li <chevron.li@bayhubtech.com>
mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
Yann Gautier <yann.gautier@foss.st.com>
mmc: core: properly select voltage range without power cycle
Brian Norris <briannorris@chromium.org>
firmware: coreboot: Register bus in module init
Tina Zhang <tina.zhang@intel.com>
iommu/vt-d: Set SRE bit only when hardware has SRS cap
Tina Zhang <tina.zhang@intel.com>
iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries
Benjamin Block <bblock@linux.ibm.com>
scsi: zfcp: Fix double free of FSF request when qdio send fails
Aminuddin Jamaluddin <aminuddin.jamaluddin@intel.com>
net: phy: marvell: add sleep time after enabling the loopback bit
Alban Crequy <albancrequy@linux.microsoft.com>
maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Input: iforce - invert valid length check when fetching device IDs
Xiubo Li <xiubli@redhat.com>
ceph: avoid putting the realm twice when decoding snaps fails
Pavel Begunkov <asml.silence@gmail.com>
io_uring: disallow self-propelled ring polling
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix multishot recv request leaks
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix multishot accept request leaks
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix tw losing poll events
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250_lpss: Configure DMA also w/o DMA filter
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250: Flush DMA Rx on RLSI
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
Mikulas Patocka <mpatocka@redhat.com>
dm ioctl: fix misbehavior if list_versions races with module loading
Zhihao Cheng <chengzhihao1@huawei.com>
dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed
Mitja Spes <mitja@lxnav.com>
iio: pressure: ms5611: changed hardcoded SPI speed to value limited
Mitja Spes <mitja@lxnav.com>
iio: pressure: ms5611: fixed value compensation bug
Saravanan Sekar <sravanhome@gmail.com>
iio: adc: mp2629: fix potential array out of bound access
Saravanan Sekar <sravanhome@gmail.com>
iio: adc: mp2629: fix wrong comparison of channel
Yang Yingliang <yangyingliang@huawei.com>
iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
Yang Yingliang <yangyingliang@huawei.com>
iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
Jonathan Cameron <Jonathan.Cameron@huawei.com>
iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID.
Sven Peter <sven@svenpeter.dev>
usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler
Rajat Khandelwal <rajat.khandelwal@linux.intel.com>
usb: typec: mux: Enter safe mode only when pins need to be reconfigured
Li Jun <jun.li@nxp.com>
usb: cdns3: host: fix endless superspeed hub port reset
Duoming Zhou <duoming@zju.edu.cn>
usb: chipidea: fix deadlock in ci_otg_del_timer
Nicolas Dumazet <ndumazet@google.com>
usb: add NO_LPM quirk for Realforce 87U Keyboard
Reinhard Speyerer <rspmn@arcor.de>
USB: serial: option: add Fibocom FM160 0x0111 composition
Davide Tronchin <davide.tronchin.94@gmail.com>
USB: serial: option: add u-blox LARA-L6 modem
Davide Tronchin <davide.tronchin.94@gmail.com>
USB: serial: option: add u-blox LARA-R6 00B modem
Davide Tronchin <davide.tronchin.94@gmail.com>
USB: serial: option: remove old LARA-R6 PID
Benoît Monin <benoit.monin@gmx.fr>
USB: serial: option: add Sierra Wireless EM9191
Linus Walleij <linus.walleij@linaro.org>
USB: bcma: Make GPIO explicitly optional
Đoàn Trần Công Danh <congdanhqx@gmail.com>
speakup: replace utils' u_char with unsigned char
Mushahid Hussain <mushi.shar@gmail.com>
speakup: fix a segfault caused by switching consoles
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
slimbus: stream: correct presence rate frequencies
Zheng Bin <zhengbin13@huawei.com>
slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m
Tiago Dias Ferreira <tiagodfer@gmail.com>
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
Bean Huo <beanhuo@micron.com>
nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
Pavel Begunkov <asml.silence@gmail.com>
io_uring: update res mask in io_poll_check_events
Janne Grunau <j@jannau.net>
usb: dwc3: Do not get extcon device when usb-role-switch is used
Johan Hovold <johan+linaro@kernel.org>
Revert "usb: dwc3: disable USB core PHY management"
Takashi Iwai <tiwai@suse.de>
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
Emil Flink <emil.flink@gmail.com>
ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
Dillon Varone <Dillon.Varone@amd.com>
drm/amd/display: Fix prefetch calculations for dcn32
Melissa Wen <mwen@igalia.com>
drm/amd/display: don't enable DRM CRTC degamma property for DCE
Roman Li <roman.li@amd.com>
drm/amd/display: Fix optc2_configure warning on dcn314
George Shen <george.shen@amd.com>
drm/amd/display: Support parsing VRAM info v3.0 from VBIOS
Stylon Wang <stylon.wang@amd.com>
drm/amd/display: Fix access timeout to DPIA AUX at boot time
Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
drm/amd/display: Add HUBP surface flip interrupt handler
Stylon Wang <stylon.wang@amd.com>
drm/amd/display: Fix invalid DPIA AUX reply causing system hang
Simon Rettberg <simon.rettberg@rz.uni-freiburg.de>
drm/display: Don't assume dual mode adaptors support i2c sub-addressing
Evan Quan <evan.quan@amd.com>
drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround
Evan Quan <evan.quan@amd.com>
drm/amd/pm: enable runpm support over BACO for SMU13.0.0
Evan Quan <evan.quan@amd.com>
drm/amd/pm: enable runpm support over BACO for SMU13.0.7
Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
platform/x86/amd: pmc: Add new ACPI ID AMDI0009
Mario Limonciello <mario.limonciello@amd.com>
platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks
Yi Yang <yiyang13@huawei.com>
rethook: fix a potential memleak in rethook_alloc()
Shang XiaoJing <shangxiaojing@huawei.com>
tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
Shang XiaoJing <shangxiaojing@huawei.com>
tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Fix race where eprobes can be called before the event
Shang XiaoJing <shangxiaojing@huawei.com>
tracing: Fix wild-memory-access in register_synth_event()
Shang XiaoJing <shangxiaojing@huawei.com>
tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing/ring-buffer: Have polling block on watermark
Wang Yufen <wangyufen@huawei.com>
tracing: Fix memory leak in tracing_read_pipe()
Daniil Tatianin <d-tatianin@yandex-team.ru>
ring_buffer: Do not deactivate non-existant pages
Xiu Jianfeng <xiujianfeng@huawei.com>
ftrace: Fix null pointer dereference in ftrace_add_mod()
Wang Wensheng <wangwensheng4@huawei.com>
ftrace: Optimize the allocation for mcount entries
Wang Wensheng <wangwensheng4@huawei.com>
ftrace: Fix the possible incorrect kernel message
Keith Busch <kbusch@kernel.org>
dm-crypt: provide dma_alignment limit in io_hints
Keith Busch <kbusch@kernel.org>
block: make dma_alignment a stacking queue_limit
Wang Yufen <wangyufen@huawei.com>
netdevsim: Fix memory leak of nsim_dev->fa_cookie
Anastasia Belova <abelova@astralinux.ru>
cifs: add check for returning value of SMB2_set_info_init
Vasily Gorbik <gor@linux.ibm.com>
s390: avoid using global register for current_stack_pointer
Yuan Can <yuancan@huawei.com>
net: thunderbolt: Fix error handling in tbnet_init()
Shang XiaoJing <shangxiaojing@huawei.com>
net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
Shang XiaoJing <shangxiaojing@huawei.com>
net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
cifs: Fix wrong return value checking when GETFLAGS
Sagi Grimberg <sagi@grimberg.me>
nvmet: fix a memory leak in nvmet_auth_set_key
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: don't leak tagger-owned storage on switch driver unbind
Wei Yongjun <weiyongjun1@huawei.com>
net/x25: Fix skb leak in x25_lapb_receive_frame()
Liu Jian <liujian56@huawei.com>
net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open()
Anastasia Belova <abelova@astralinux.ru>
cifs: add check for returning value of SMB2_close_init
David Howells <dhowells@redhat.com>
netfs: Fix dodgy maths
David Howells <dhowells@redhat.com>
netfs: Fix missing xas_retry() calls in xarray iteration
Maximilian Luz <luzmaximilian@gmail.com>
platform/surface: aggregator: Do not check for repeated unsequenced packets
Roger Pau Monné <roger.pau@citrix.com>
platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized
Dan Carpenter <error27@gmail.com>
drbd: use after free in drbd_create_device()
Ido Schimmel <idosch@nvidia.com>
bridge: switchdev: Fix memory leaks when changing VLAN protocol
Guangbin Huang <huangguangbin2@huawei.com>
net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process
Jie Wang <wangjie125@huawei.com>
net: hns3: fix return value check bug of rx copybreak
Jian Shen <shenjian15@huawei.com>
net: hns3: fix incorrect hw rss hash type of rx packet
Yuan Can <yuancan@huawei.com>
net: ena: Fix error handling in ena_init()
Cong Wang <cong.wang@bytedance.com>
kcm: close race conditions on sk_receive_queue
Yuan Can <yuancan@huawei.com>
net: ionic: Fix error handling in ionic_init_module()
Amit Cohen <amcohen@nvidia.com>
mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed
Jingbo Xu <jefflexu@linux.alibaba.com>
erofs: fix missing xas_retry() in fscache mode
Yang Yingliang <yangyingliang@huawei.com>
xen/pcpu: fix possible memory leak in register_pcpu()
Vladimir Oltean <vladimir.oltean@nxp.com>
net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims
Wei Yongjun <weiyongjun1@huawei.com>
net: mhi: Fix memory leak in mhi_net_dellink()
Erico Nunes <nunes.erico@gmail.com>
drm/lima: Fix opp clkname setting in case of missing regulator
Ziyang Xuan <william.xuanziyang@huawei.com>
octeon_ep: ensure get mac address successfully before eth_hw_addr_set()
Ziyang Xuan <william.xuanziyang@huawei.com>
octeon_ep: fix potential memory leak in octep_device_setup()
Ziyang Xuan <william.xuanziyang@huawei.com>
octeon_ep: ensure octep_get_link_status() successfully before octep_link_up()
Ziyang Xuan <william.xuanziyang@huawei.com>
octeon_ep: delete unnecessary napi rollback under set_queues_err in octep_open()
Gaosheng Cui <cuigaosheng1@huawei.com>
bnxt_en: Remove debugfs when pci_register_driver failed
Zhengchao Shao <shaozhengchao@huawei.com>
net: caif: fix double disconnect client in chnl_net_open()
Chuang Wang <nashuiliang@gmail.com>
net: macvlan: Use built-in RCU list checking
Wang ShaoBo <bobo.shaobowang@huawei.com>
mISDN: fix misuse of put_device() in mISDN_register_device()
Zhengchao Shao <shaozhengchao@huawei.com>
net: liquidio: release resources when liquidio driver open failed
Xiaolei Wang <xiaolei.wang@windriver.com>
soc: imx8m: Enable OCOTP clock before reading the register
Jeremy Kerr <jk@codeconstruct.com.au>
mctp i2c: don't count unused / invalid keys for flow release
Mohd Faizal Abdul Rahim <faizal.abdul.rahim@intel.com>
net: stmmac: ensure tx function is not running in stmmac_xdp_release()
Michael Sit Wei Hong <michael.wei.hong.sit@intel.com>
net: phy: dp83867: Fix SGMII FIFO depth for non OF devices
Yuan Can <yuancan@huawei.com>
net: hinic: Fix error handling in hinic_module_init()
Yang Yingliang <yangyingliang@huawei.com>
mISDN: fix possible memory leak in mISDN_dsp_element_register()
Wei Yongjun <weiyongjun1@huawei.com>
net: bgmac: Drop free_netdev() from bgmac_enet_remove()
Niklas Cassel <niklas.cassel@wdc.com>
ata: libata-core: do not issue non-internal commands once EH is pending
Xu Kuohai <xukuohai@huawei.com>
bpf: Initialize same number of free nodes for each pcpu_freelist
Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
cifs: Fix connections leak when tlink setup failed
Pavel Begunkov <asml.silence@gmail.com>
io_uring/poll: fix double poll req->flags races
Liao Chang <liaochang1@huawei.com>
MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
Rongwei Zhang <pudh4418@gmail.com>
MIPS: fix duplicate definitions for exported symbols
Jaco Coetzee <jaco.coetzee@corigine.com>
nfp: change eeprom length to max length enumerators
Yang Yingliang <yangyingliang@huawei.com>
ata: libata-transport: fix error handling in ata_tdev_add()
Yang Yingliang <yangyingliang@huawei.com>
ata: libata-transport: fix error handling in ata_tlink_add()
Yang Yingliang <yangyingliang@huawei.com>
ata: libata-transport: fix error handling in ata_tport_add()
Yang Yingliang <yangyingliang@huawei.com>
ata: libata-transport: fix double ata_host_put() in ata_tport_add()
Peng Fan <peng.fan@nxp.com>
arm64: dts: imx93-pinfunc: drop execution permission
Marek Vasut <marex@denx.de>
arm64: dts: imx8mn: Fix NAND controller size-cells
Jingbo Xu <jefflexu@linux.alibaba.com>
erofs: put metabuf in error path in fscache mode
Marek Vasut <marex@denx.de>
arm64: dts: imx8mm: Fix NAND controller size-cells
Marek Vasut <marex@denx.de>
ARM: dts: imx7: Fix NAND controller size-cells
Alexander Stein <alexander.stein@ew.tq-group.com>
arm64: dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR
Shang XiaoJing <shangxiaojing@huawei.com>
drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
Shang XiaoJing <shangxiaojing@huawei.com>
drm/drv: Fix potential memory leak in drm_dev_init()
Aishwarya Kothari <aishwarya.kothari@toradex.com>
drm/panel: simple: set bpc field for logic technologies displays
Gaosheng Cui <cuigaosheng1@huawei.com>
drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
Zeng Heng <zengheng4@huawei.com>
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
Yang Jihong <yangjihong1@huawei.com>
selftests/bpf: Fix test_progs compilation failure in 32-bit arch
Pu Lehui <pulehui@huawei.com>
selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms
Maciej W. Rozycki <macro@orcam.me.uk>
parport_pc: Avoid FIFO port location truncation
Yang Yingliang <yangyingliang@huawei.com>
siox: fix possible memory leak in siox_device_add()
Sagi Grimberg <sagi@grimberg.me>
nvmet: fix a memory leak
D Scott Phillips <scott@os.amperecomputing.com>
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
pinctrl: mediatek: common-v2: Fix bias-disable for PULL_PU_PD_RSEL_TYPE
Dylan Yudaken <dylany@meta.com>
io_uring: calculate CQEs from the user visible value
Wang Yufen <wangyufen@huawei.com>
bpf: Fix memory leaks in __check_func_call
Jeff Layton <jlayton@kernel.org>
nfsd: put the export reference in nfsd4_verify_deleg_dentry
Serge Semin <Sergey.Semin@baikalelectronics.ru>
block: sed-opal: kmalloc the cmd/resp buffers
Jingbo Xu <jefflexu@linux.alibaba.com>
erofs: get correct count for unmapped range in fscache mode
Jingbo Xu <jefflexu@linux.alibaba.com>
erofs: clean up .read_folio() and .readahead() in fscache mode
Xin Long <lucien.xin@gmail.com>
sctp: clear out_curr if all frag chunks of current msg are pruned
Xin Long <lucien.xin@gmail.com>
sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
Yang Yingliang <yangyingliang@huawei.com>
scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
mtd: onenand: omap2: add dependency on GPMC
Quentin Schulz <quentin.schulz@theobroma-systems.com>
pinctrl: rockchip: list all pins in a possible mux route for PX30
Chen Zhongjin <chenzhongjin@huawei.com>
ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
Vikas Gupta <vikas.gupta@broadcom.com>
bnxt_en: fix the handling of PCIE-AER
Vikas Gupta <vikas.gupta@broadcom.com>
bnxt_en: refactor bnxt_cancel_reservations()
Baisong Zhong <zhongbaisong@huawei.com>
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
Jason Montleon <jmontleo@redhat.com>
ASoC: rt5677: fix legacy dai naming
Jason Montleon <jmontleo@redhat.com>
ASoC: rt5514: fix legacy dai naming
Duoming Zhou <duoming@zju.edu.cn>
tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
Shawn Guo <shawn.guo@linaro.org>
serial: imx: Add missing .thaw_noirq hook
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
Tony Lindgren <tony@atomide.com>
serial: 8250: omap: Flush PM QOS work on remove
Tony Lindgren <tony@atomide.com>
serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
serial: 8250_omap: remove wait loop from Errata i202 workaround
Tony Lindgren <tony@atomide.com>
serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
Claudiu Beznea <claudiu.beznea@microchip.com>
ARM: at91: pm: avoid soft resetting AC DLL
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2780: Fix set_tdm_slot in case of single slot
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2764: Fix set_tdm_slot in case of single slot
Martin Povišer <povik+lin@cutebit.org>
ASoC: tas2770: Fix set_tdm_slot in case of single slot
Ulf Hansson <ulf.hansson@linaro.org>
arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state
Maarten Zanders <maarten.zanders@mind.be>
ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
Chen Zhongjin <chenzhongjin@huawei.com>
ASoC: core: Fix use-after-free in snd_soc_exit()
Mihai Sain <mihai.sain@microchip.com>
ARM: dts: at91: sama7g5: fix signal name of pin PB2
Marek Vasut <marex@denx.de>
spi: stm32: Print summary 'callbacks suppressed' message
Satya Priya <quic_c_skakit@quicinc.com>
arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers
Brian Masney <bmasney@redhat.com>
arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock
Douglas Anderson <dianders@chromium.org>
arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
Douglas Anderson <dianders@chromium.org>
arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
Douglas Anderson <dianders@chromium.org>
arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed
Douglas Anderson <dianders@chromium.org>
arm64: dts: qcom: sc8280xp-crd: Specify which LDO modes are allowed
Douglas Anderson <dianders@chromium.org>
arm64: dts: qcom: sa8295p-adp: Specify which LDO modes are allowed
Douglas Anderson <dianders@chromium.org>
arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
Robert Marko <robimarko@gmail.com>
arm64: dts: qcom: ipq8074: correct APCS register space size
Paolo Bonzini <pbonzini@redhat.com>
KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly
Paolo Bonzini <pbonzini@redhat.com>
KVM: SVM: restore host save area from assembly
Paolo Bonzini <pbonzini@redhat.com>
KVM: SVM: do not allocate struct svm_cpu_data dynamically
Paolo Bonzini <pbonzini@redhat.com>
KVM: SVM: remove dead field from struct svm_cpu_data
James Houghton <jthoughton@google.com>
hugetlbfs: don't delete error page from pagecache
Mike Kravetz <mike.kravetz@oracle.com>
hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache
Ard Biesheuvel <ardb@kernel.org>
arm64: fix rodata=full again
Mike Rapoport <rppt@kernel.org>
arm64/mm: fold check for KFENCE into can_set_direct_map()
Colin Ian King <colin.i.king@gmail.com>
ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
Shyam Prasad N <sprasad@microsoft.com>
cifs: always iterate smb sessions using primary channel
Dan Williams <dan.j.williams@intel.com>
tools/testing/cxl: Fix some error exits
Tony Luck <tony.luck@intel.com>
x86/cpu: Add several Intel server CPU model numbers
Yu Zhe <yuzhe@nfschina.com>
cxl/pmem: Use size_add() against integer overflow
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
Nevenko Stupar <Nevenko.Stupar@amd.com>
drm/amd/display: Investigate tool reported FCLK P-state deviations
George Shen <george.shen@amd.com>
drm/amd/display: Round up DST_after_scaler to nearest int
George Shen <george.shen@amd.com>
drm/amd/display: Use forced DSC bpp in DML
George Shen <george.shen@amd.com>
drm/amd/display: Fix DCN32 DSC delay calculation
Mario Limonciello <mario.limonciello@amd.com>
drm/amd: Fail the suspend if resources can't be evicted
Yifan Zhang <yifan1.zhang@amd.com>
drm/amdgpu: set fb_modifiers_not_supported in vkms
Alvin Lee <Alvin.Lee2@amd.com>
drm/amd/display: Enable timing sync on DCN32
Fangzhi Zuo <Jerry.Zuo@amd.com>
drm/amd/display: Ignore Cable ID Feature
Filipe Manana <fdmanana@suse.com>
btrfs: remove pointless and double ulist frees in error paths of qgroup tests
Nathan Huckleberry <nhuck@google.com>
drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
Nam Cao <namcaov@gmail.com>
i2c: i801: add lis3lv02d's I2C address for Vostro 5568
Thierry Reding <treding@nvidia.com>
i2c: tegra: Allocate DMA memory for DMA engine
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Make tx_prepare time out eventually
Cristian Marussi <cristian.marussi@arm.com>
firmware: arm_scmi: Cleanup the core driver removal callback
Al Viro <viro@zeniv.linux.org.uk>
block: blk_add_rq_to_plug(): clear stale 'last' after flush
Michael Ellerman <mpe@ellerman.id.au>
powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
Li Zhijian <lizhijian@fujitsu.com>
ksefltests: pidfd: Fix wait_states: Test terminated by timeout
Michael Tretter <m.tretter@pengutronix.de>
drm/rockchip: vop2: disable planes when disabling the crtc
Michael Tretter <m.tretter@pengutronix.de>
drm/rockchip: vop2: fix null pointer in plane_atomic_disable
Mario Limonciello <mario.limonciello@amd.com>
ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Fix crasher in gss_unwrap_resp_integ()
Benjamin Coddington <bcodding@redhat.com>
NFSv4: Retry LOCK on OLD_STATEID during delegation return
Qu Wenruo <wqu@suse.com>
btrfs: raid56: properly handle the error when unable to find the missing stripe
Michael Margolin <mrgolin@amazon.com>
RDMA/efa: Add EFA 0xefa2 PCI ID
Jonathan Cameron <Jonathan.Cameron@huawei.com>
cxl/mbox: Add a check on input payload size
Hans de Goede <hdegoede@redhat.com>
ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
Christian König <christian.koenig@amd.com>
drm/scheduler: fix fence ref counting
Alvin Lee <Alvin.Lee2@amd.com>
drm/amd/display: Don't return false if no stream
Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
drm/amd/display: Remove wrong pipe control lock
Gayatri Kammela <gayatri.kammela@linux.intel.com>
platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver
Jelle van der Waa <jvanderwaa@redhat.com>
platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models
Yiqing Yao <yiqing.yao@amd.com>
drm/amdgpu: Adjust MES polling timeout for sriov
Leohearts <leohearts@leohearts.com>
ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table
linkt <xazrael@hotmail.com>
ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List
Shuming Fan <shumingf@realtek.com>
ASoC: rt1308-sdw: add the default value of some registers
Alexandre Belloni <alexandre.belloni@bootlin.com>
rtc: cmos: fix build on non-ACPI platforms
Yong Zhi <yong.zhi@intel.com>
ASoC: Intel: sof_rt5682: Add quirk for Rex board
Ricardo Cañuelo <ricardo.canuelo@collabora.com>
selftests/kexec: fix build for ARCH=x86_64
Ricardo Cañuelo <ricardo.canuelo@collabora.com>
selftests/intel_pstate: fix build for ARCH=x86_64
Ricardo Cañuelo <ricardo.canuelo@collabora.com>
selftests/futex: fix build for clang
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
Siarhei Volkau <lis8215@gmail.com>
ASoC: codecs: jz4725b: fix capture selector naming
Siarhei Volkau <lis8215@gmail.com>
ASoC: codecs: jz4725b: use right control for Capture Volume
Siarhei Volkau <lis8215@gmail.com>
ASoC: codecs: jz4725b: fix reported volume for Master ctl
Siarhei Volkau <lis8215@gmail.com>
ASoC: codecs: jz4725b: add missed Line In power control bit
Mauro Lima <mauro.lima@eclypsium.com>
spi: intel: Fix the offset to get the 64K erase opcode
Xiaolei Wang <xiaolei.wang@windriver.com>
ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
Derek Fang <derek.fang@realtek.com>
ASoC: rt1019: Fix the TDM settings
Derek Fang <derek.fang@realtek.com>
ASoC: rt5682s: Fix the TDM Tx settings
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
Zhang Qilong <zhangqilong3@huawei.com>
ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
Krishna Yarlagadda <kyarlagadda@nvidia.com>
spi: tegra210-quad: Fix combined sequence
Akhil P Oommen <quic_akhilpo@quicinc.com>
drm/msm/gpu: Fix crash during system suspend after unbind
Christian Marangi <ansuelsmth@gmail.com>
mtd: rawnand: qcom: handle ret from parse with codeword_fixup
-------------
Diffstat:
Documentation/driver-api/miscellaneous.rst | 5 +-
.../process/code-of-conduct-interpretation.rst | 2 +-
Makefile | 4 +-
arch/arm/boot/dts/imx7s.dtsi | 4 +-
arch/arm/boot/dts/sama7g5-pinfunc.h | 2 +-
arch/arm/mach-at91/pm_suspend.S | 7 +-
.../boot/dts/freescale/imx8mm-tqma8mqml-mba8mx.dts | 32 ++-
arch/arm64/boot/dts/freescale/imx8mm.dtsi | 4 +-
arch/arm64/boot/dts/freescale/imx8mn.dtsi | 2 +-
arch/arm64/boot/dts/freescale/imx93-pinfunc.h | 0
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 13 +-
arch/arm64/boot/dts/qcom/sa8295p-adp.dts | 12 ++
arch/arm64/boot/dts/qcom/sc7280.dtsi | 3 +-
arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 6 +
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 36 +---
.../boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi | 6 +
.../boot/dts/qcom/sm8250-sony-xperia-edo.dtsi | 6 +
arch/arm64/boot/dts/qcom/sm8250.dtsi | 1 +
arch/arm64/boot/dts/qcom/sm8350-hdk.dts | 12 ++
arch/arm64/include/asm/cputype.h | 2 +-
arch/arm64/include/asm/pgtable.h | 4 +-
arch/arm64/mm/mmu.c | 8 +-
arch/arm64/mm/pageattr.c | 11 +-
arch/mips/kernel/relocate_kernel.S | 15 +-
arch/mips/loongson64/reset.c | 10 +
arch/powerpc/Kconfig | 2 +-
arch/s390/include/asm/processor.h | 11 +-
arch/x86/events/amd/core.c | 5 +-
arch/x86/events/amd/uncore.c | 1 +
arch/x86/events/intel/pt.c | 9 +
arch/x86/include/asm/intel-family.h | 11 +-
arch/x86/kernel/cpu/bugs.c | 13 +-
arch/x86/kernel/cpu/sgx/ioctl.c | 3 +
arch/x86/kernel/fpu/core.c | 2 +-
arch/x86/kvm/kvm-asm-offsets.c | 2 +
arch/x86/kvm/svm/sev.c | 4 +-
arch/x86/kvm/svm/svm.c | 91 ++++-----
arch/x86/kvm/svm/svm.h | 10 +-
arch/x86/kvm/svm/svm_ops.h | 5 -
arch/x86/kvm/svm/vmenter.S | 136 ++++++++++++-
arch/x86/kvm/xen.c | 7 +-
block/blk-cgroup.c | 2 +-
block/blk-core.c | 1 -
block/blk-mq.c | 1 +
block/blk-settings.c | 8 +-
block/sed-opal.c | 32 ++-
drivers/accessibility/speakup/main.c | 2 +-
drivers/accessibility/speakup/utils.h | 2 +-
drivers/acpi/scan.c | 1 +
drivers/acpi/x86/utils.c | 6 +
drivers/ata/libata-scsi.c | 10 +
drivers/ata/libata-transport.c | 19 +-
drivers/block/drbd/drbd_main.c | 4 +-
drivers/cxl/core/mbox.c | 2 +-
drivers/cxl/pmem.c | 2 +-
drivers/firmware/arm_scmi/bus.c | 11 +
drivers/firmware/arm_scmi/common.h | 5 +-
drivers/firmware/arm_scmi/driver.c | 32 +--
drivers/firmware/arm_scmi/mailbox.c | 2 +-
drivers/firmware/arm_scmi/optee.c | 2 +-
drivers/firmware/arm_scmi/shmem.c | 31 ++-
drivers/firmware/arm_scmi/smc.c | 2 +-
drivers/firmware/google/coreboot_table.c | 37 +++-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 15 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 2 +
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 9 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 35 +++-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 6 -
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 10 +-
drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 30 +++
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 12 +-
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 1 +
.../gpu/drm/amd/display/dc/dcn314/dcn314_optc.c | 2 +-
.../amd/display/dc/dcn32/dcn32_resource_helpers.c | 2 +-
.../gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c | 1 +
.../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 7 +-
.../dc/dml/dcn32/display_mode_vba_util_32.c | 2 +-
.../display/dc/dml/dcn32/display_rq_dlg_calc_32.c | 4 +-
.../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 23 +--
drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 8 +
drivers/gpu/drm/amd/pm/swsmu/inc/smu_v11_0.h | 10 +-
drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 11 +-
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 9 +
.../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 30 ++-
.../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 30 ++-
drivers/gpu/drm/display/drm_dp_dual_mode_helper.c | 51 +++--
drivers/gpu/drm/drm_drv.c | 2 +-
drivers/gpu/drm/drm_internal.h | 3 +-
drivers/gpu/drm/imx/imx-tve.c | 5 +-
drivers/gpu/drm/lima/lima_devfreq.c | 15 +-
drivers/gpu/drm/msm/adreno/adreno_device.c | 10 +-
drivers/gpu/drm/msm/msm_gpu.c | 2 +
drivers/gpu/drm/msm/msm_gpu.h | 4 +
drivers/gpu/drm/panel/panel-simple.c | 2 +
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 10 +-
drivers/gpu/drm/scheduler/sched_entity.c | 6 +-
drivers/gpu/drm/vc4/vc4_kms.c | 8 +-
drivers/i2c/busses/i2c-i801.c | 1 +
drivers/i2c/busses/i2c-tegra.c | 16 +-
drivers/iio/accel/bma400_core.c | 24 +--
drivers/iio/adc/at91_adc.c | 4 +-
drivers/iio/adc/mp2629_adc.c | 5 +-
drivers/iio/pressure/ms5611.h | 12 +-
drivers/iio/pressure/ms5611_core.c | 51 ++---
drivers/iio/pressure/ms5611_spi.c | 2 +-
drivers/iio/trigger/iio-trig-sysfs.c | 6 +-
drivers/infiniband/hw/efa/efa_main.c | 4 +-
drivers/input/joystick/iforce/iforce-main.c | 8 +-
drivers/input/serio/i8042.c | 4 -
drivers/iommu/intel/iommu.c | 8 +-
drivers/iommu/intel/pasid.c | 5 +-
drivers/isdn/mISDN/core.c | 2 +-
drivers/isdn/mISDN/dsp_pipeline.c | 3 +-
drivers/md/dm-bufio.c | 2 +
drivers/md/dm-crypt.c | 1 +
drivers/md/dm-ioctl.c | 4 +-
drivers/misc/vmw_vmci/vmci_queue_pair.c | 2 +
drivers/mmc/core/core.c | 8 +-
drivers/mmc/host/sdhci-pci-core.c | 2 +
drivers/mmc/host/sdhci-pci-o2micro.c | 7 +
drivers/mtd/nand/onenand/Kconfig | 1 +
drivers/mtd/nand/raw/qcom_nandc.c | 12 +-
drivers/net/ethernet/amazon/ena/ena_netdev.c | 8 +-
drivers/net/ethernet/atheros/ag71xx.c | 3 +-
drivers/net/ethernet/broadcom/bgmac.c | 1 -
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 62 +++++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c | 3 +-
drivers/net/ethernet/cavium/liquidio/lio_main.c | 34 +++-
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 1 -
.../hisilicon/hns3/hns3_common/hclge_comm_rss.c | 20 --
.../hisilicon/hns3/hns3_common/hclge_comm_rss.h | 2 -
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 167 ++++++++-------
drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 1 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 11 +-
drivers/net/ethernet/huawei/hinic/hinic_main.c | 9 +-
.../net/ethernet/marvell/octeon_ep/octep_main.c | 16 +-
.../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 2 +
.../ethernet/microchip/lan966x/lan966x_ethtool.c | 3 +
.../net/ethernet/microchip/sparx5/sparx5_ethtool.c | 3 +
.../net/ethernet/microchip/sparx5/sparx5_main.c | 3 +
.../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 6 +-
drivers/net/ethernet/pensando/ionic/ionic_main.c | 8 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +
drivers/net/macvlan.c | 6 +-
drivers/net/mctp/mctp-i2c.c | 47 +++--
drivers/net/mhi_net.c | 2 +
drivers/net/netdevsim/dev.c | 1 +
drivers/net/phy/dp83867.c | 7 +
drivers/net/phy/marvell.c | 16 +-
drivers/net/thunderbolt.c | 19 +-
drivers/net/usb/smsc95xx.c | 46 ++++-
drivers/nvme/host/ioctl.c | 6 +
drivers/nvme/host/nvme.h | 16 +-
drivers/nvme/host/pci.c | 4 +
drivers/nvme/target/auth.c | 2 +
drivers/nvme/target/configfs.c | 1 +
drivers/parport/parport_pc.c | 2 +-
drivers/pinctrl/devicetree.c | 2 +
drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 3 +
drivers/pinctrl/pinctrl-rockchip.c | 40 ++++
.../platform/surface/aggregator/ssh_packet_layer.c | 24 ++-
drivers/platform/x86/amd/pmc.c | 3 +-
drivers/platform/x86/intel/pmc/core.c | 2 +
drivers/platform/x86/intel/pmc/pltdrv.c | 9 +
drivers/platform/x86/thinkpad_acpi.c | 4 +-
drivers/rtc/rtc-cmos.c | 3 +
drivers/s390/block/dcssblk.c | 1 +
drivers/s390/scsi/zfcp_fsf.c | 2 +-
drivers/scsi/scsi_debug.c | 6 +-
drivers/scsi/scsi_transport_sas.c | 13 +-
drivers/siox/siox-core.c | 2 +
drivers/slimbus/Kconfig | 2 +-
drivers/slimbus/stream.c | 8 +-
drivers/soc/imx/soc-imx8m.c | 11 +
drivers/spi/spi-intel.c | 2 +-
drivers/spi/spi-stm32.c | 1 +
drivers/spi/spi-tegra210-quad.c | 5 +
drivers/target/loopback/tcm_loop.c | 3 +-
drivers/tty/n_gsm.c | 2 +-
drivers/tty/serial/8250/8250_lpss.c | 17 +-
drivers/tty/serial/8250/8250_omap.c | 45 ++--
drivers/tty/serial/8250/8250_port.c | 7 +-
drivers/tty/serial/fsl_lpuart.c | 76 ++++---
drivers/tty/serial/imx.c | 1 +
drivers/usb/cdns3/host.c | 56 ++---
drivers/usb/chipidea/otg_fsm.c | 2 +
drivers/usb/core/quirks.c | 3 +
drivers/usb/dwc3/core.c | 10 +
drivers/usb/dwc3/host.c | 10 -
drivers/usb/host/bcma-hcd.c | 10 +-
drivers/usb/serial/option.c | 19 +-
drivers/usb/typec/mux/intel_pmc_mux.c | 15 +-
drivers/usb/typec/tipd/core.c | 6 +-
drivers/vfio/vfio_main.c | 50 +++--
drivers/xen/pcpu.c | 2 +-
fs/btrfs/raid56.c | 6 +-
fs/btrfs/tests/qgroup-tests.c | 16 +-
fs/buffer.c | 4 +-
fs/ceph/snap.c | 3 +-
fs/cifs/connect.c | 14 +-
fs/cifs/ioctl.c | 4 +-
fs/cifs/misc.c | 6 +-
fs/cifs/smb2misc.c | 12 +-
fs/cifs/smb2ops.c | 10 +-
fs/cifs/smb2transport.c | 6 +-
fs/erofs/fscache.c | 226 +++++++++------------
fs/gfs2/ops_fstype.c | 17 +-
fs/hugetlbfs/inode.c | 32 ++-
fs/namei.c | 2 +-
fs/netfs/buffered_read.c | 20 +-
fs/netfs/io.c | 3 +
fs/nfs/nfs4proc.c | 6 +-
fs/nfsd/nfs4state.c | 1 +
fs/ntfs/attrib.c | 28 ++-
fs/ntfs/inode.c | 7 +
include/linux/blkdev.h | 15 +-
include/linux/bpf.h | 5 +
include/linux/hugetlb.h | 2 +-
include/linux/io_uring.h | 3 +
include/linux/ring_buffer.h | 2 +-
include/linux/trace.h | 4 +-
include/linux/wireless.h | 10 +-
include/net/ip.h | 2 +-
include/net/ipv6.h | 2 +-
include/soc/at91/sama7-ddr.h | 5 +-
include/uapi/linux/ip.h | 6 +-
include/uapi/linux/ipv6.h | 6 +-
io_uring/io_uring.c | 12 +-
io_uring/io_uring.h | 4 +-
io_uring/net.c | 23 +--
io_uring/poll.c | 41 ++--
kernel/bpf/percpu_freelist.c | 23 +--
kernel/bpf/syscall.c | 11 +
kernel/bpf/trampoline.c | 15 +-
kernel/bpf/verifier.c | 14 +-
kernel/events/core.c | 25 ++-
kernel/kprobes.c | 8 +-
kernel/rseq.c | 19 +-
kernel/trace/bpf_trace.c | 6 +
kernel/trace/ftrace.c | 5 +-
kernel/trace/kprobe_event_gen_test.c | 48 +++--
kernel/trace/rethook.c | 4 +-
kernel/trace/ring_buffer.c | 71 +++++--
kernel/trace/synth_event_gen_test.c | 16 +-
kernel/trace/trace.c | 12 +-
kernel/trace/trace_eprobe.c | 3 +
kernel/trace/trace_events_synth.c | 5 +-
mm/filemap.c | 2 +-
mm/hugetlb.c | 12 +-
mm/maccess.c | 2 +-
mm/memory-failure.c | 5 +-
net/9p/trans_fd.c | 45 ++--
net/bluetooth/l2cap_core.c | 2 +-
net/bpf/test_run.c | 1 +
net/bridge/br_vlan.c | 17 +-
net/caif/chnl_net.c | 3 -
net/dsa/dsa2.c | 10 +
net/dsa/dsa_priv.h | 1 +
net/dsa/master.c | 3 +-
net/dsa/port.c | 16 ++
net/ipv4/tcp_cdg.c | 2 +
net/kcm/kcmsock.c | 60 +-----
net/netfilter/ipset/ip_set_core.c | 8 +-
net/netlink/af_netlink.c | 8 +-
net/sctp/outqueue.c | 13 +-
net/sunrpc/auth_gss/auth_gss.c | 2 +-
net/wireless/wext-core.c | 17 +-
net/x25/x25_dev.c | 2 +-
sound/pci/hda/patch_realtek.c | 2 +
sound/soc/amd/yc/acp6x-mach.c | 21 ++
sound/soc/codecs/jz4725b.c | 34 ++--
sound/soc/codecs/mt6660.c | 8 +-
sound/soc/codecs/rt1019.c | 20 +-
sound/soc/codecs/rt1019.h | 6 +
sound/soc/codecs/rt1308-sdw.h | 2 +
sound/soc/codecs/rt5514-spi.c | 15 +-
sound/soc/codecs/rt5677-spi.c | 19 +-
sound/soc/codecs/rt5682s.c | 15 +-
sound/soc/codecs/rt5682s.h | 1 +
sound/soc/codecs/tas2764.c | 19 +-
sound/soc/codecs/tas2770.c | 20 +-
sound/soc/codecs/tas2780.c | 19 +-
sound/soc/codecs/wm5102.c | 6 +-
sound/soc/codecs/wm5110.c | 6 +-
sound/soc/codecs/wm8962.c | 54 ++++-
sound/soc/codecs/wm8997.c | 6 +-
sound/soc/fsl/fsl_asrc.c | 2 +-
sound/soc/fsl/fsl_esai.c | 2 +-
sound/soc/fsl/fsl_sai.c | 2 +-
sound/soc/intel/boards/sof_rt5682.c | 12 ++
sound/soc/intel/boards/sof_sdw.c | 11 +
sound/soc/soc-core.c | 17 +-
sound/soc/soc-utils.c | 2 +-
sound/soc/sof/topology.c | 20 +-
sound/usb/midi.c | 4 +-
tools/testing/cxl/test/cxl.c | 4 +-
tools/testing/selftests/bpf/test_progs.c | 2 +-
tools/testing/selftests/bpf/test_verifier.c | 2 +-
tools/testing/selftests/futex/functional/Makefile | 6 +-
tools/testing/selftests/intel_pstate/Makefile | 6 +-
tools/testing/selftests/kexec/Makefile | 6 +-
tools/testing/selftests/pidfd/pidfd_wait.c | 10 +
306 files changed, 2496 insertions(+), 1295 deletions(-)
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 001/314] mtd: rawnand: qcom: handle ret from parse with codeword_fixup
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 002/314] drm/msm/gpu: Fix crash during system suspend after unbind Greg Kroah-Hartman
` (320 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian Marangi, Miquel Raynal
From: Christian Marangi <ansuelsmth@gmail.com>
commit 7df140e84a75c89962feef659d686303d3ce75e5 upstream.
With use_codeword_fixup enabled, any return from
mtd_device_parse_register gets overwritten. Aside from the clear bug, this
is also problematic as a parser can EPROBE_DEFER and because this is not
correctly handled, the nand is never rescanned later in the bootup
process.
An example of this problem is when smem requires additional time to be
probed and nandc use qcomsmempart as parser. Parser will return
EPROBE_DEFER but in the current code this ret gets overwritten by
qcom_nand_host_parse_boot_partitions and qcom_nand_host_init_and_register
return 0.
Correctly handle the return code from mtd_device_parse_register so that
any error from this function is not ignored.
Fixes: 862bdedd7f4b ("mtd: nand: raw: qcom_nandc: add support for unprotected spare data pages")
Cc: stable@vger.kernel.org # v6.0+
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20221021165304.19991-1-ansuelsmth@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/raw/qcom_nandc.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/drivers/mtd/nand/raw/qcom_nandc.c
+++ b/drivers/mtd/nand/raw/qcom_nandc.c
@@ -3167,16 +3167,18 @@ static int qcom_nand_host_init_and_regis
ret = mtd_device_parse_register(mtd, probes, NULL, NULL, 0);
if (ret)
- nand_cleanup(chip);
+ goto err;
if (nandc->props->use_codeword_fixup) {
ret = qcom_nand_host_parse_boot_partitions(nandc, host, dn);
- if (ret) {
- nand_cleanup(chip);
- return ret;
- }
+ if (ret)
+ goto err;
}
+ return 0;
+
+err:
+ nand_cleanup(chip);
return ret;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 002/314] drm/msm/gpu: Fix crash during system suspend after unbind
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 001/314] mtd: rawnand: qcom: handle ret from parse with codeword_fixup Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 003/314] spi: tegra210-quad: Fix combined sequence Greg Kroah-Hartman
` (319 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Akhil P Oommen, Rob Clark, Sasha Levin
From: Akhil P Oommen <quic_akhilpo@quicinc.com>
[ Upstream commit 76efc2453d0e8e5d6692ef69981b183ad674edea ]
In adreno_unbind, we should clean up gpu device's drvdata to avoid
accessing a stale pointer during system suspend. Also, check for NULL
ptr in both system suspend/resume callbacks.
Signed-off-by: Akhil P Oommen <quic_akhilpo@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/505075/
Link: https://lore.kernel.org/r/20220928124830.2.I5ee0ac073ccdeb81961e5ec0cce5f741a7207a71@changeid
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/adreno_device.c | 10 +++++++++-
drivers/gpu/drm/msm/msm_gpu.c | 2 ++
drivers/gpu/drm/msm/msm_gpu.h | 4 ++++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/adreno/adreno_device.c b/drivers/gpu/drm/msm/adreno/adreno_device.c
index 24b489b6129a..628806423f7d 100644
--- a/drivers/gpu/drm/msm/adreno/adreno_device.c
+++ b/drivers/gpu/drm/msm/adreno/adreno_device.c
@@ -679,6 +679,9 @@ static int adreno_system_suspend(struct device *dev)
struct msm_gpu *gpu = dev_to_gpu(dev);
int remaining, ret;
+ if (!gpu)
+ return 0;
+
suspend_scheduler(gpu);
remaining = wait_event_timeout(gpu->retire_event,
@@ -700,7 +703,12 @@ static int adreno_system_suspend(struct device *dev)
static int adreno_system_resume(struct device *dev)
{
- resume_scheduler(dev_to_gpu(dev));
+ struct msm_gpu *gpu = dev_to_gpu(dev);
+
+ if (!gpu)
+ return 0;
+
+ resume_scheduler(gpu);
return pm_runtime_force_resume(dev);
}
diff --git a/drivers/gpu/drm/msm/msm_gpu.c b/drivers/gpu/drm/msm/msm_gpu.c
index c2bfcf3f1f40..01aae792ffa9 100644
--- a/drivers/gpu/drm/msm/msm_gpu.c
+++ b/drivers/gpu/drm/msm/msm_gpu.c
@@ -993,4 +993,6 @@ void msm_gpu_cleanup(struct msm_gpu *gpu)
}
msm_devfreq_cleanup(gpu);
+
+ platform_set_drvdata(gpu->pdev, NULL);
}
diff --git a/drivers/gpu/drm/msm/msm_gpu.h b/drivers/gpu/drm/msm/msm_gpu.h
index 4d935fedd2ac..fd22cf4041af 100644
--- a/drivers/gpu/drm/msm/msm_gpu.h
+++ b/drivers/gpu/drm/msm/msm_gpu.h
@@ -282,6 +282,10 @@ struct msm_gpu {
static inline struct msm_gpu *dev_to_gpu(struct device *dev)
{
struct adreno_smmu_priv *adreno_smmu = dev_get_drvdata(dev);
+
+ if (!adreno_smmu)
+ return NULL;
+
return container_of(adreno_smmu, struct msm_gpu, adreno_smmu);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 003/314] spi: tegra210-quad: Fix combined sequence
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 001/314] mtd: rawnand: qcom: handle ret from parse with codeword_fixup Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 002/314] drm/msm/gpu: Fix crash during system suspend after unbind Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 004/314] ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" Greg Kroah-Hartman
` (318 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krishna Yarlagadda, Mark Brown, Sasha Levin
From: Krishna Yarlagadda <kyarlagadda@nvidia.com>
[ Upstream commit 8777dd9dff4020bba66654ec92e4b0ab6367ad30 ]
Return value should be updated to zero in combined sequence routine
if transfer is completed successfully. Currently it holds timeout value
resulting in errors.
Signed-off-by: Krishna Yarlagadda <kyarlagadda@nvidia.com>
Link: https://lore.kernel.org/r/20221001122148.9158-1-kyarlagadda@nvidia.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-tegra210-quad.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/spi/spi-tegra210-quad.c b/drivers/spi/spi-tegra210-quad.c
index c89592b21ffc..904972606bd4 100644
--- a/drivers/spi/spi-tegra210-quad.c
+++ b/drivers/spi/spi-tegra210-quad.c
@@ -1157,6 +1157,11 @@ static int tegra_qspi_combined_seq_xfer(struct tegra_qspi *tqspi,
msg->actual_length += xfer->len;
transfer_phase++;
}
+ if (!xfer->cs_change) {
+ tegra_qspi_transfer_end(spi);
+ spi_transfer_delay_exec(xfer);
+ }
+ ret = 0;
exit:
msg->status = ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 004/314] ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 003/314] spi: tegra210-quad: Fix combined sequence Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 005/314] ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" Greg Kroah-Hartman
` (317 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Qilong, Charles Keepax,
Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit de71d7567e358effd06dfc3e2a154b25f1331c10 ]
This reverts commit fcbb60820cd3008bb44334a0395e5e57ccb77329.
The pm_runtime_disable is redundant when error returns in
wm5102_probe, we just revert the old patch to fix it.
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221010114852.88127-2-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm5102.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm5102.c b/sound/soc/codecs/wm5102.c
index c09c9ac51b3e..af7d324e3352 100644
--- a/sound/soc/codecs/wm5102.c
+++ b/sound/soc/codecs/wm5102.c
@@ -2099,6 +2099,9 @@ static int wm5102_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm5102_digital_vu[i],
WM5102_DIG_VU, WM5102_DIG_VU);
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
ret = arizona_request_irq(arizona, ARIZONA_IRQ_DSP_IRQ1,
"ADSP2 Compressed IRQ", wm5102_adsp2_irq,
wm5102);
@@ -2131,9 +2134,6 @@ static int wm5102_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 005/314] ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 004/314] ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 006/314] ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" Greg Kroah-Hartman
` (316 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Qilong, Charles Keepax,
Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 7d4e966f4cd73ff69bf06934e8e14a33fb7ef447 ]
This reverts commit 86b46bf1feb83898d89a2b4a8d08d21e9ea277a7.
The pm_runtime_disable is redundant when error returns in
wm5110_probe, we just revert the old patch to fix it.
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221010114852.88127-3-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm5110.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm5110.c b/sound/soc/codecs/wm5110.c
index fc634c995834..f3f4a10bf0f7 100644
--- a/sound/soc/codecs/wm5110.c
+++ b/sound/soc/codecs/wm5110.c
@@ -2457,6 +2457,9 @@ static int wm5110_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm5110_digital_vu[i],
WM5110_DIG_VU, WM5110_DIG_VU);
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
ret = arizona_request_irq(arizona, ARIZONA_IRQ_DSP_IRQ1,
"ADSP2 Compressed IRQ", wm5110_adsp2_irq,
wm5110);
@@ -2489,9 +2492,6 @@ static int wm5110_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 006/314] ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 005/314] ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 007/314] ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe Greg Kroah-Hartman
` (315 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Qilong, Charles Keepax,
Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit 68ce83e3bb26feba0fcdd59667fde942b3a600a1 ]
This reverts commit 41a736ac20602f64773e80f0f5b32cde1830a44a.
The pm_runtime_disable is redundant when error returns in
wm8997_probe, we just revert the old patch to fix it.
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221010114852.88127-4-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm8997.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/codecs/wm8997.c b/sound/soc/codecs/wm8997.c
index 77136a521605..210ad662fc26 100644
--- a/sound/soc/codecs/wm8997.c
+++ b/sound/soc/codecs/wm8997.c
@@ -1161,6 +1161,9 @@ static int wm8997_probe(struct platform_device *pdev)
regmap_update_bits(arizona->regmap, wm8997_digital_vu[i],
WM8997_DIG_VU, WM8997_DIG_VU);
+ pm_runtime_enable(&pdev->dev);
+ pm_runtime_idle(&pdev->dev);
+
arizona_init_common(arizona);
ret = arizona_init_vol_limit(arizona);
@@ -1179,9 +1182,6 @@ static int wm8997_probe(struct platform_device *pdev)
goto err_spk_irqs;
}
- pm_runtime_enable(&pdev->dev);
- pm_runtime_idle(&pdev->dev);
-
return ret;
err_spk_irqs:
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 007/314] ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 006/314] ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 008/314] ASoC: rt5682s: Fix the TDM Tx settings Greg Kroah-Hartman
` (314 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Qilong,
AngeloGioacchino Del Regno, Mark Brown, Sasha Levin
From: Zhang Qilong <zhangqilong3@huawei.com>
[ Upstream commit c4ab29b0f3a6f1e167c5a627f7cd036c1d2b7d65 ]
It would be better to keep the pm_runtime enables before the
IRQ and component stuff. Both of those could start triggering
PM runtime events.
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20221008140522.134912-1-zhangqilong3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/mt6660.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/sound/soc/codecs/mt6660.c b/sound/soc/codecs/mt6660.c
index 45e0df13afb9..b8369eeccc30 100644
--- a/sound/soc/codecs/mt6660.c
+++ b/sound/soc/codecs/mt6660.c
@@ -503,14 +503,14 @@ static int mt6660_i2c_probe(struct i2c_client *client)
dev_err(chip->dev, "read chip revision fail\n");
goto probe_fail;
}
+ pm_runtime_set_active(chip->dev);
+ pm_runtime_enable(chip->dev);
ret = devm_snd_soc_register_component(chip->dev,
&mt6660_component_driver,
&mt6660_codec_dai, 1);
- if (!ret) {
- pm_runtime_set_active(chip->dev);
- pm_runtime_enable(chip->dev);
- }
+ if (ret)
+ pm_runtime_disable(chip->dev);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 008/314] ASoC: rt5682s: Fix the TDM Tx settings
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 007/314] ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 009/314] ASoC: rt1019: Fix the TDM settings Greg Kroah-Hartman
` (313 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Derek Fang, Mark Brown, Sasha Levin
From: Derek Fang <derek.fang@realtek.com>
[ Upstream commit d94bf16e920047c9b4ea2b57f7b53b4ff5039d9f ]
Complete the missing and correct the TDM Tx settings.
Signed-off-by: Derek Fang <derek.fang@realtek.com>
Link: https://lore.kernel.org/r/20221012031320.6980-1-derek.fang@realtek.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5682s.c | 15 +++++++++++++--
sound/soc/codecs/rt5682s.h | 1 +
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/rt5682s.c b/sound/soc/codecs/rt5682s.c
index eb47e7cd485a..95fe993d59cb 100644
--- a/sound/soc/codecs/rt5682s.c
+++ b/sound/soc/codecs/rt5682s.c
@@ -1932,7 +1932,7 @@ static int rt5682s_set_tdm_slot(struct snd_soc_dai *dai, unsigned int tx_mask,
unsigned int rx_mask, int slots, int slot_width)
{
struct snd_soc_component *component = dai->component;
- unsigned int cl, val = 0;
+ unsigned int cl, val = 0, tx_slotnum;
if (tx_mask || rx_mask)
snd_soc_component_update_bits(component,
@@ -1941,6 +1941,16 @@ static int rt5682s_set_tdm_slot(struct snd_soc_dai *dai, unsigned int tx_mask,
snd_soc_component_update_bits(component,
RT5682S_TDM_ADDA_CTRL_2, RT5682S_TDM_EN, 0);
+ /* Tx slot configuration */
+ tx_slotnum = hweight_long(tx_mask);
+ if (tx_slotnum) {
+ if (tx_slotnum > slots) {
+ dev_err(component->dev, "Invalid or oversized Tx slots.\n");
+ return -EINVAL;
+ }
+ val |= (tx_slotnum - 1) << RT5682S_TDM_ADC_DL_SFT;
+ }
+
switch (slots) {
case 4:
val |= RT5682S_TDM_TX_CH_4;
@@ -1961,7 +1971,8 @@ static int rt5682s_set_tdm_slot(struct snd_soc_dai *dai, unsigned int tx_mask,
}
snd_soc_component_update_bits(component, RT5682S_TDM_CTRL,
- RT5682S_TDM_TX_CH_MASK | RT5682S_TDM_RX_CH_MASK, val);
+ RT5682S_TDM_TX_CH_MASK | RT5682S_TDM_RX_CH_MASK |
+ RT5682S_TDM_ADC_DL_MASK, val);
switch (slot_width) {
case 8:
diff --git a/sound/soc/codecs/rt5682s.h b/sound/soc/codecs/rt5682s.h
index 7353831c73dd..b660a311b6c2 100644
--- a/sound/soc/codecs/rt5682s.h
+++ b/sound/soc/codecs/rt5682s.h
@@ -899,6 +899,7 @@
#define RT5682S_TDM_RX_CH_8 (0x3 << 8)
#define RT5682S_TDM_ADC_LCA_MASK (0x7 << 4)
#define RT5682S_TDM_ADC_LCA_SFT 4
+#define RT5682S_TDM_ADC_DL_MASK (0x3 << 0)
#define RT5682S_TDM_ADC_DL_SFT 0
/* TDM control 2 (0x007a) */
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 009/314] ASoC: rt1019: Fix the TDM settings
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 008/314] ASoC: rt5682s: Fix the TDM Tx settings Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 010/314] ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK Greg Kroah-Hartman
` (312 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Derek Fang, Mark Brown, Sasha Levin
From: Derek Fang <derek.fang@realtek.com>
[ Upstream commit f2635d45a750182c6d5de15e2d6b059e0c302d7e ]
Complete the missing and correct the TDM settings.
Signed-off-by: Derek Fang <derek.fang@realtek.com>
Link: https://lore.kernel.org/r/20221012030102.4042-1-derek.fang@realtek.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt1019.c | 20 +++++++++++---------
sound/soc/codecs/rt1019.h | 6 ++++++
2 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/sound/soc/codecs/rt1019.c b/sound/soc/codecs/rt1019.c
index b66bfecbb879..49f527c61a7a 100644
--- a/sound/soc/codecs/rt1019.c
+++ b/sound/soc/codecs/rt1019.c
@@ -391,18 +391,18 @@ static int rt1019_set_tdm_slot(struct snd_soc_dai *dai, unsigned int tx_mask,
unsigned int rx_mask, int slots, int slot_width)
{
struct snd_soc_component *component = dai->component;
- unsigned int val = 0, rx_slotnum;
+ unsigned int cn = 0, cl = 0, rx_slotnum;
int ret = 0, first_bit;
switch (slots) {
case 4:
- val |= RT1019_I2S_TX_4CH;
+ cn = RT1019_I2S_TX_4CH;
break;
case 6:
- val |= RT1019_I2S_TX_6CH;
+ cn = RT1019_I2S_TX_6CH;
break;
case 8:
- val |= RT1019_I2S_TX_8CH;
+ cn = RT1019_I2S_TX_8CH;
break;
case 2:
break;
@@ -412,16 +412,16 @@ static int rt1019_set_tdm_slot(struct snd_soc_dai *dai, unsigned int tx_mask,
switch (slot_width) {
case 20:
- val |= RT1019_I2S_DL_20;
+ cl = RT1019_TDM_CL_20;
break;
case 24:
- val |= RT1019_I2S_DL_24;
+ cl = RT1019_TDM_CL_24;
break;
case 32:
- val |= RT1019_I2S_DL_32;
+ cl = RT1019_TDM_CL_32;
break;
case 8:
- val |= RT1019_I2S_DL_8;
+ cl = RT1019_TDM_CL_8;
break;
case 16:
break;
@@ -470,8 +470,10 @@ static int rt1019_set_tdm_slot(struct snd_soc_dai *dai, unsigned int tx_mask,
goto _set_tdm_err_;
}
+ snd_soc_component_update_bits(component, RT1019_TDM_1,
+ RT1019_TDM_CL_MASK, cl);
snd_soc_component_update_bits(component, RT1019_TDM_2,
- RT1019_I2S_CH_TX_MASK | RT1019_I2S_DF_MASK, val);
+ RT1019_I2S_CH_TX_MASK, cn);
_set_tdm_err_:
return ret;
diff --git a/sound/soc/codecs/rt1019.h b/sound/soc/codecs/rt1019.h
index 64df831eeb72..48ba15efb48d 100644
--- a/sound/soc/codecs/rt1019.h
+++ b/sound/soc/codecs/rt1019.h
@@ -95,6 +95,12 @@
#define RT1019_TDM_BCLK_MASK (0x1 << 6)
#define RT1019_TDM_BCLK_NORM (0x0 << 6)
#define RT1019_TDM_BCLK_INV (0x1 << 6)
+#define RT1019_TDM_CL_MASK (0x7)
+#define RT1019_TDM_CL_8 (0x4)
+#define RT1019_TDM_CL_32 (0x3)
+#define RT1019_TDM_CL_24 (0x2)
+#define RT1019_TDM_CL_20 (0x1)
+#define RT1019_TDM_CL_16 (0x0)
/* 0x0401 TDM Control-2 */
#define RT1019_I2S_CH_TX_MASK (0x3 << 6)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 010/314] ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 009/314] ASoC: rt1019: Fix the TDM settings Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 011/314] spi: intel: Fix the offset to get the 64K erase opcode Greg Kroah-Hartman
` (311 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiaolei Wang, Adam Ford,
Charles Keepax, Mark Brown, Sasha Levin
From: Xiaolei Wang <xiaolei.wang@windriver.com>
[ Upstream commit ee1aa2ae3eaa96e70229fa61deee87ef4528ffdf ]
In wm8962 driver, the WM8962_ADDITIONAL_CONTROL_4 is used as a volatile
register, but this register mixes a bunch of volatile status bits and a
bunch of non-volatile control bits. The dapm widgets TEMP_HP and
TEMP_SPK leverages the control bits in this register. After the wm8962
probe, the regmap will bet set to cache only mode, then a read error
like below would be triggered when trying to read the initial power
state of the dapm widgets TEMP_HP and TEMP_SPK.
wm8962 0-001a: ASoC: error at soc_component_read_no_lock
on wm8962.0-001a: -16
In order to fix this issue, we add event handler to actually power
up/down these widgets. With this change, we also need to explicitly
power off these widgets in the wm8962 probe since they are enabled
by default.
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Tested-by: Adam Ford <aford173@gmail.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221010092014.2229246-1-xiaolei.wang@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wm8962.c | 54 +++++++++++++++++++++++++++++++++++++--
1 file changed, 52 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/wm8962.c b/sound/soc/codecs/wm8962.c
index 398c448ea854..6df06fba4377 100644
--- a/sound/soc/codecs/wm8962.c
+++ b/sound/soc/codecs/wm8962.c
@@ -1840,6 +1840,49 @@ SOC_SINGLE_TLV("SPKOUTR Mixer DACR Volume", WM8962_SPEAKER_MIXER_5,
4, 1, 0, inmix_tlv),
};
+static int tp_event(struct snd_soc_dapm_widget *w,
+ struct snd_kcontrol *kcontrol, int event)
+{
+ int ret, reg, val, mask;
+ struct snd_soc_component *component = snd_soc_dapm_to_component(w->dapm);
+
+ ret = pm_runtime_resume_and_get(component->dev);
+ if (ret < 0) {
+ dev_err(component->dev, "Failed to resume device: %d\n", ret);
+ return ret;
+ }
+
+ reg = WM8962_ADDITIONAL_CONTROL_4;
+
+ if (!strcmp(w->name, "TEMP_HP")) {
+ mask = WM8962_TEMP_ENA_HP_MASK;
+ val = WM8962_TEMP_ENA_HP;
+ } else if (!strcmp(w->name, "TEMP_SPK")) {
+ mask = WM8962_TEMP_ENA_SPK_MASK;
+ val = WM8962_TEMP_ENA_SPK;
+ } else {
+ pm_runtime_put(component->dev);
+ return -EINVAL;
+ }
+
+ switch (event) {
+ case SND_SOC_DAPM_POST_PMD:
+ val = 0;
+ fallthrough;
+ case SND_SOC_DAPM_POST_PMU:
+ ret = snd_soc_component_update_bits(component, reg, mask, val);
+ break;
+ default:
+ WARN(1, "Invalid event %d\n", event);
+ pm_runtime_put(component->dev);
+ return -EINVAL;
+ }
+
+ pm_runtime_put(component->dev);
+
+ return 0;
+}
+
static int cp_event(struct snd_soc_dapm_widget *w,
struct snd_kcontrol *kcontrol, int event)
{
@@ -2140,8 +2183,10 @@ SND_SOC_DAPM_SUPPLY("TOCLK", WM8962_ADDITIONAL_CONTROL_1, 0, 0, NULL, 0),
SND_SOC_DAPM_SUPPLY_S("DSP2", 1, WM8962_DSP2_POWER_MANAGEMENT,
WM8962_DSP2_ENA_SHIFT, 0, dsp2_event,
SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_PRE_PMD),
-SND_SOC_DAPM_SUPPLY("TEMP_HP", WM8962_ADDITIONAL_CONTROL_4, 2, 0, NULL, 0),
-SND_SOC_DAPM_SUPPLY("TEMP_SPK", WM8962_ADDITIONAL_CONTROL_4, 1, 0, NULL, 0),
+SND_SOC_DAPM_SUPPLY("TEMP_HP", SND_SOC_NOPM, 0, 0, tp_event,
+ SND_SOC_DAPM_POST_PMU|SND_SOC_DAPM_POST_PMD),
+SND_SOC_DAPM_SUPPLY("TEMP_SPK", SND_SOC_NOPM, 0, 0, tp_event,
+ SND_SOC_DAPM_POST_PMU|SND_SOC_DAPM_POST_PMD),
SND_SOC_DAPM_MIXER("INPGAL", WM8962_LEFT_INPUT_PGA_CONTROL, 4, 0,
inpgal, ARRAY_SIZE(inpgal)),
@@ -3763,6 +3808,11 @@ static int wm8962_i2c_probe(struct i2c_client *i2c)
if (ret < 0)
goto err_pm_runtime;
+ regmap_update_bits(wm8962->regmap, WM8962_ADDITIONAL_CONTROL_4,
+ WM8962_TEMP_ENA_HP_MASK, 0);
+ regmap_update_bits(wm8962->regmap, WM8962_ADDITIONAL_CONTROL_4,
+ WM8962_TEMP_ENA_SPK_MASK, 0);
+
regcache_cache_only(wm8962->regmap, true);
/* The drivers should power up as needed */
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 011/314] spi: intel: Fix the offset to get the 64K erase opcode
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 010/314] ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 012/314] ASoC: codecs: jz4725b: add missed Line In power control bit Greg Kroah-Hartman
` (310 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mauro Lima, Mika Westerberg,
Mark Brown, Sasha Levin
From: Mauro Lima <mauro.lima@eclypsium.com>
[ Upstream commit 6a43cd02ddbc597dc9a1f82c1e433f871a2f6f06 ]
According to documentation, the 64K erase opcode is located in VSCC
range [16:23] instead of [8:15].
Use the proper value to shift the mask over the correct range.
Signed-off-by: Mauro Lima <mauro.lima@eclypsium.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Link: https://lore.kernel.org/r/20221012152135.28353-1-mauro.lima@eclypsium.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-intel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-intel.c b/drivers/spi/spi-intel.c
index 3f6db482b6c7..a1dbd71bf83e 100644
--- a/drivers/spi/spi-intel.c
+++ b/drivers/spi/spi-intel.c
@@ -114,7 +114,7 @@
#define ERASE_OPCODE_SHIFT 8
#define ERASE_OPCODE_MASK (0xff << ERASE_OPCODE_SHIFT)
#define ERASE_64K_OPCODE_SHIFT 16
-#define ERASE_64K_OPCODE_MASK (0xff << ERASE_OPCODE_SHIFT)
+#define ERASE_64K_OPCODE_MASK (0xff << ERASE_64K_OPCODE_SHIFT)
#define INTEL_SPI_TIMEOUT 5000 /* ms */
#define INTEL_SPI_FIFO_SZ 64
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 012/314] ASoC: codecs: jz4725b: add missed Line In power control bit
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 011/314] spi: intel: Fix the offset to get the 64K erase opcode Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 013/314] ASoC: codecs: jz4725b: fix reported volume for Master ctl Greg Kroah-Hartman
` (309 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Siarhei Volkau, Mark Brown, Sasha Levin
From: Siarhei Volkau <lis8215@gmail.com>
[ Upstream commit 1013999b431b4bcdc1f5ae47dd3338122751db31 ]
Line In path stayed powered off during capturing or
bypass to mixer.
Signed-off-by: Siarhei Volkau <lis8215@gmail.com>
Link: https://lore.kernel.org/r/20221016132648.3011729-2-lis8215@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/jz4725b.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/soc/codecs/jz4725b.c b/sound/soc/codecs/jz4725b.c
index 5201a8f6d7b6..cc7a48c96aa4 100644
--- a/sound/soc/codecs/jz4725b.c
+++ b/sound/soc/codecs/jz4725b.c
@@ -236,7 +236,8 @@ static const struct snd_soc_dapm_widget jz4725b_codec_dapm_widgets[] = {
SND_SOC_DAPM_MIXER("DAC to Mixer", JZ4725B_CODEC_REG_CR1,
REG_CR1_DACSEL_OFFSET, 0, NULL, 0),
- SND_SOC_DAPM_MIXER("Line In", SND_SOC_NOPM, 0, 0, NULL, 0),
+ SND_SOC_DAPM_MIXER("Line In", JZ4725B_CODEC_REG_PMR1,
+ REG_PMR1_SB_LIN_OFFSET, 1, NULL, 0),
SND_SOC_DAPM_MIXER("HP Out", JZ4725B_CODEC_REG_CR1,
REG_CR1_HP_DIS_OFFSET, 1, NULL, 0),
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 013/314] ASoC: codecs: jz4725b: fix reported volume for Master ctl
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 012/314] ASoC: codecs: jz4725b: add missed Line In power control bit Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 014/314] ASoC: codecs: jz4725b: use right control for Capture Volume Greg Kroah-Hartman
` (308 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Siarhei Volkau, Mark Brown, Sasha Levin
From: Siarhei Volkau <lis8215@gmail.com>
[ Upstream commit 088777bf65b98cfa4b5378119d0a7d49a58ece44 ]
DAC volume control is the Master Playback Volume at the moment
and it reports wrong levels in alsamixer and other alsa apps.
The patch fixes that, as stated in manual on the jz4725b SoC
(16.6.3.4 Programmable attenuation: GOD) the ctl range varies
from -22.5dB to 0dB with 1.5dB step.
Signed-off-by: Siarhei Volkau <lis8215@gmail.com>
Link: https://lore.kernel.org/r/20221016132648.3011729-3-lis8215@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/jz4725b.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/jz4725b.c b/sound/soc/codecs/jz4725b.c
index cc7a48c96aa4..72549ee2e789 100644
--- a/sound/soc/codecs/jz4725b.c
+++ b/sound/soc/codecs/jz4725b.c
@@ -142,8 +142,8 @@ struct jz_icdc {
struct clk *clk;
};
-static const SNDRV_CTL_TLVD_DECLARE_DB_LINEAR(jz4725b_dac_tlv, -2250, 0);
static const SNDRV_CTL_TLVD_DECLARE_DB_LINEAR(jz4725b_line_tlv, -1500, 600);
+static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(jz4725b_dac_tlv, -2250, 150, 0);
static const struct snd_kcontrol_new jz4725b_codec_controls[] = {
SOC_DOUBLE_TLV("Master Playback Volume",
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 014/314] ASoC: codecs: jz4725b: use right control for Capture Volume
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 013/314] ASoC: codecs: jz4725b: fix reported volume for Master ctl Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 015/314] ASoC: codecs: jz4725b: fix capture selector naming Greg Kroah-Hartman
` (307 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Siarhei Volkau, Mark Brown, Sasha Levin
From: Siarhei Volkau <lis8215@gmail.com>
[ Upstream commit 1538e2c8c9b7e7a656effcc6e4e7cfe8c1b405fd ]
Line In Bypass control is used as Master Capture at the moment
this is completely incorrect.
Current control routed to Mixer instead of ADC, thus can't affect
Capture path. ADC control shall be used instead.
ADC volume control parameters are different, so the patch fixes that
as well. Manual says (16.6.3.2 Programmable input attenuation amplifier:
PGATM) that gain varies in range 0dB..22.5dB with 1.5dB step.
Signed-off-by: Siarhei Volkau <lis8215@gmail.com>
Link: https://lore.kernel.org/r/20221016132648.3011729-4-lis8215@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/jz4725b.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/sound/soc/codecs/jz4725b.c b/sound/soc/codecs/jz4725b.c
index 72549ee2e789..4363d898a7d4 100644
--- a/sound/soc/codecs/jz4725b.c
+++ b/sound/soc/codecs/jz4725b.c
@@ -136,13 +136,16 @@ enum {
#define REG_CGR3_GO1L_OFFSET 0
#define REG_CGR3_GO1L_MASK (0x1f << REG_CGR3_GO1L_OFFSET)
+#define REG_CGR10_GIL_OFFSET 0
+#define REG_CGR10_GIR_OFFSET 4
+
struct jz_icdc {
struct regmap *regmap;
void __iomem *base;
struct clk *clk;
};
-static const SNDRV_CTL_TLVD_DECLARE_DB_LINEAR(jz4725b_line_tlv, -1500, 600);
+static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(jz4725b_adc_tlv, 0, 150, 0);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(jz4725b_dac_tlv, -2250, 150, 0);
static const struct snd_kcontrol_new jz4725b_codec_controls[] = {
@@ -151,11 +154,11 @@ static const struct snd_kcontrol_new jz4725b_codec_controls[] = {
REG_CGR1_GODL_OFFSET,
REG_CGR1_GODR_OFFSET,
0xf, 1, jz4725b_dac_tlv),
- SOC_DOUBLE_R_TLV("Master Capture Volume",
- JZ4725B_CODEC_REG_CGR3,
- JZ4725B_CODEC_REG_CGR2,
- REG_CGR2_GO1R_OFFSET,
- 0x1f, 1, jz4725b_line_tlv),
+ SOC_DOUBLE_TLV("Master Capture Volume",
+ JZ4725B_CODEC_REG_CGR10,
+ REG_CGR10_GIL_OFFSET,
+ REG_CGR10_GIR_OFFSET,
+ 0xf, 0, jz4725b_adc_tlv),
SOC_SINGLE("Master Playback Switch", JZ4725B_CODEC_REG_CR1,
REG_CR1_DAC_MUTE_OFFSET, 1, 1),
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 015/314] ASoC: codecs: jz4725b: fix capture selector naming
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 014/314] ASoC: codecs: jz4725b: use right control for Capture Volume Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 016/314] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 Greg Kroah-Hartman
` (306 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Siarhei Volkau, Mark Brown, Sasha Levin
From: Siarhei Volkau <lis8215@gmail.com>
[ Upstream commit 80852f8268769715db335a22305e81a0c4a38a84 ]
At the moment Capture source selector appears on Playback
tab in the alsamixer and has a senseless name.
Let's fix that.
Signed-off-by: Siarhei Volkau <lis8215@gmail.com>
Link: https://lore.kernel.org/r/20221016132648.3011729-5-lis8215@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/jz4725b.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/sound/soc/codecs/jz4725b.c b/sound/soc/codecs/jz4725b.c
index 4363d898a7d4..d57c2c6a3add 100644
--- a/sound/soc/codecs/jz4725b.c
+++ b/sound/soc/codecs/jz4725b.c
@@ -183,7 +183,7 @@ static SOC_VALUE_ENUM_SINGLE_DECL(jz4725b_codec_adc_src_enum,
jz4725b_codec_adc_src_texts,
jz4725b_codec_adc_src_values);
static const struct snd_kcontrol_new jz4725b_codec_adc_src_ctrl =
- SOC_DAPM_ENUM("Route", jz4725b_codec_adc_src_enum);
+ SOC_DAPM_ENUM("ADC Source Capture Route", jz4725b_codec_adc_src_enum);
static const struct snd_kcontrol_new jz4725b_codec_mixer_controls[] = {
SOC_DAPM_SINGLE("Line In Bypass", JZ4725B_CODEC_REG_CR1,
@@ -228,7 +228,7 @@ static const struct snd_soc_dapm_widget jz4725b_codec_dapm_widgets[] = {
SND_SOC_DAPM_ADC("ADC", "Capture",
JZ4725B_CODEC_REG_PMR1, REG_PMR1_SB_ADC_OFFSET, 1),
- SND_SOC_DAPM_MUX("ADC Source", SND_SOC_NOPM, 0, 0,
+ SND_SOC_DAPM_MUX("ADC Source Capture Route", SND_SOC_NOPM, 0, 0,
&jz4725b_codec_adc_src_ctrl),
/* Mixer */
@@ -287,11 +287,11 @@ static const struct snd_soc_dapm_route jz4725b_codec_dapm_routes[] = {
{"Mixer", NULL, "DAC to Mixer"},
{"Mixer to ADC", NULL, "Mixer"},
- {"ADC Source", "Mixer", "Mixer to ADC"},
- {"ADC Source", "Line In", "Line In"},
- {"ADC Source", "Mic 1", "Mic 1"},
- {"ADC Source", "Mic 2", "Mic 2"},
- {"ADC", NULL, "ADC Source"},
+ {"ADC Source Capture Route", "Mixer", "Mixer to ADC"},
+ {"ADC Sourc Capture Routee", "Line In", "Line In"},
+ {"ADC Source Capture Route", "Mic 1", "Mic 1"},
+ {"ADC Source Capture Route", "Mic 2", "Mic 2"},
+ {"ADC", NULL, "ADC Source Capture Route"},
{"Out Stage", NULL, "Mixer"},
{"HP Out", NULL, "Out Stage"},
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 016/314] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 015/314] ASoC: codecs: jz4725b: fix capture selector naming Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 017/314] selftests/futex: fix build for clang Greg Kroah-Hartman
` (305 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pierre-Louis Bossart,
Ranjani Sridharan, Bard Liao, Mark Brown, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit 41deb2db64997d01110faaf763bd911d490dfde7 ]
Some NUC15 LAPBC710 devices don't expose the same DMI information as
the Intel reference, add additional entry in the match table.
BugLink: https://github.com/thesofproject/linux/issues/3885
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20221017204054.207512-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/sof_sdw.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c
index 2ff30b40a1e4..ee9857dc3135 100644
--- a/sound/soc/intel/boards/sof_sdw.c
+++ b/sound/soc/intel/boards/sof_sdw.c
@@ -202,6 +202,17 @@ static const struct dmi_system_id sof_sdw_quirk_table[] = {
SOF_SDW_PCH_DMIC |
RT711_JD1),
},
+ {
+ /* NUC15 LAPBC710 skews */
+ .callback = sof_sdw_quirk_cb,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Intel Corporation"),
+ DMI_MATCH(DMI_BOARD_NAME, "LAPBC710"),
+ },
+ .driver_data = (void *)(SOF_SDW_TGL_HDMI |
+ SOF_SDW_PCH_DMIC |
+ RT711_JD1),
+ },
/* TigerLake-SDCA devices */
{
.callback = sof_sdw_quirk_cb,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 017/314] selftests/futex: fix build for clang
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 016/314] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 018/314] selftests/intel_pstate: fix build for ARCH=x86_64 Greg Kroah-Hartman
` (304 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Cañuelo,
André Almeida, Shuah Khan, Sasha Levin
From: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
[ Upstream commit 03cab65a07e083b6c1010fbc8f9b817e9aca75d9 ]
Don't use the test-specific header files as source files to force a
target dependency, as clang will complain if more than one source file
is used for a compile command with a single '-o' flag.
Use the proper Makefile variables instead as defined in
tools/testing/selftests/lib.mk.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Reviewed-by: André Almeida <andrealmeid@igalia.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/futex/functional/Makefile | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/futex/functional/Makefile b/tools/testing/selftests/futex/functional/Makefile
index 732149011692..5a0e0df8de9b 100644
--- a/tools/testing/selftests/futex/functional/Makefile
+++ b/tools/testing/selftests/futex/functional/Makefile
@@ -3,11 +3,11 @@ INCLUDES := -I../include -I../../ -I../../../../../usr/include/
CFLAGS := $(CFLAGS) -g -O2 -Wall -D_GNU_SOURCE -pthread $(INCLUDES) $(KHDR_INCLUDES)
LDLIBS := -lpthread -lrt
-HEADERS := \
+LOCAL_HDRS := \
../include/futextest.h \
../include/atomic.h \
../include/logging.h
-TEST_GEN_FILES := \
+TEST_GEN_PROGS := \
futex_wait_timeout \
futex_wait_wouldblock \
futex_requeue_pi \
@@ -24,5 +24,3 @@ TEST_PROGS := run.sh
top_srcdir = ../../../../..
DEFAULT_INSTALL_HDR_PATH := 1
include ../../lib.mk
-
-$(TEST_GEN_FILES): $(HEADERS)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 018/314] selftests/intel_pstate: fix build for ARCH=x86_64
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 017/314] selftests/futex: fix build for clang Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 019/314] selftests/kexec: " Greg Kroah-Hartman
` (303 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Cañuelo, Shuah Khan,
Sasha Levin
From: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
[ Upstream commit beb7d862ed4ac6aa14625418970f22a7d55b8615 ]
Handle the scenario where the build is launched with the ARCH envvar
defined as x86_64.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/intel_pstate/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/intel_pstate/Makefile b/tools/testing/selftests/intel_pstate/Makefile
index 39f0fa2a8fd6..05d66ef50c97 100644
--- a/tools/testing/selftests/intel_pstate/Makefile
+++ b/tools/testing/selftests/intel_pstate/Makefile
@@ -2,10 +2,10 @@
CFLAGS := $(CFLAGS) -Wall -D_GNU_SOURCE
LDLIBS += -lm
-uname_M := $(shell uname -m 2>/dev/null || echo not)
-ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
+ARCH ?= $(shell uname -m 2>/dev/null || echo not)
+ARCH_PROCESSED := $(shell echo $(ARCH) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
-ifeq (x86,$(ARCH))
+ifeq (x86,$(ARCH_PROCESSED))
TEST_GEN_FILES := msr aperf
endif
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 019/314] selftests/kexec: fix build for ARCH=x86_64
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 018/314] selftests/intel_pstate: fix build for ARCH=x86_64 Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 020/314] ASoC: Intel: sof_rt5682: Add quirk for Rex board Greg Kroah-Hartman
` (302 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ricardo Cañuelo, Shuah Khan,
Sasha Levin
From: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
[ Upstream commit 2a8e366b23fea29a5308f71ba49555e3c8c664f1 ]
Handle the scenario where the build is launched with the ARCH envvar
defined as x86_64.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/kexec/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/kexec/Makefile b/tools/testing/selftests/kexec/Makefile
index 806a150648c3..67fe7a46cb62 100644
--- a/tools/testing/selftests/kexec/Makefile
+++ b/tools/testing/selftests/kexec/Makefile
@@ -1,10 +1,10 @@
# SPDX-License-Identifier: GPL-2.0-only
# Makefile for kexec tests
-uname_M := $(shell uname -m 2>/dev/null || echo not)
-ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
+ARCH ?= $(shell uname -m 2>/dev/null || echo not)
+ARCH_PROCESSED := $(shell echo $(ARCH) | sed -e s/i.86/x86/ -e s/x86_64/x86/)
-ifeq ($(ARCH),$(filter $(ARCH),x86 ppc64le))
+ifeq ($(ARCH_PROCESSED),$(filter $(ARCH_PROCESSED),x86 ppc64le))
TEST_PROGS := test_kexec_load.sh test_kexec_file_load.sh
TEST_FILES := kexec_common_lib.sh
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 020/314] ASoC: Intel: sof_rt5682: Add quirk for Rex board
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 019/314] selftests/kexec: " Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 021/314] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
` (301 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bard Liao, Curtis Malainey,
Yong Zhi, Pierre-Louis Bossart, Mark Brown, Sasha Levin
From: Yong Zhi <yong.zhi@intel.com>
[ Upstream commit b4dd2e3758709aa8a2abd1ac34c56bd09b980039 ]
Add mtl_mx98357_rt5682 driver data for Chrome Rex board support.
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Curtis Malainey <cujomalainey@chromium.org>
Signed-off-by: Yong Zhi <yong.zhi@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20221017205728.210813-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/boards/sof_rt5682.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sound/soc/intel/boards/sof_rt5682.c b/sound/soc/intel/boards/sof_rt5682.c
index 045965312245..30c53dca342e 100644
--- a/sound/soc/intel/boards/sof_rt5682.c
+++ b/sound/soc/intel/boards/sof_rt5682.c
@@ -225,6 +225,18 @@ static const struct dmi_system_id sof_rt5682_quirk_table[] = {
SOF_RT5682_SSP_AMP(2) |
SOF_RT5682_NUM_HDMIDEV(4)),
},
+ {
+ .callback = sof_rt5682_quirk_cb,
+ .matches = {
+ DMI_MATCH(DMI_PRODUCT_FAMILY, "Google_Rex"),
+ },
+ .driver_data = (void *)(SOF_RT5682_MCLK_EN |
+ SOF_RT5682_SSP_CODEC(2) |
+ SOF_SPEAKER_AMP_PRESENT |
+ SOF_RT5682_SSP_AMP(0) |
+ SOF_RT5682_NUM_HDMIDEV(4)
+ ),
+ },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 021/314] rtc: cmos: fix build on non-ACPI platforms
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 020/314] ASoC: Intel: sof_rt5682: Add quirk for Rex board Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 022/314] ASoC: rt1308-sdw: add the default value of some registers Greg Kroah-Hartman
` (300 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Alexandre Belloni, Sasha Levin
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
[ Upstream commit db4e955ae333567dea02822624106c0b96a2f84f ]
Now that rtc_wake_setup is called outside of cmos_wake_setup, it also need
to be defined on non-ACPI platforms.
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20221018203512.2532407-1-alexandre.belloni@bootlin.com
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-cmos.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
index bdb1df843c78..31aa11e0e7d4 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -1344,6 +1344,9 @@ static void cmos_check_acpi_rtc_status(struct device *dev,
{
}
+static void rtc_wake_setup(struct device *dev)
+{
+}
#endif
#ifdef CONFIG_PNP
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 022/314] ASoC: rt1308-sdw: add the default value of some registers
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 021/314] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 023/314] ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List Greg Kroah-Hartman
` (299 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shuming Fan, Mark Brown, Sasha Levin
From: Shuming Fan <shumingf@realtek.com>
[ Upstream commit 75d8b1662ca5c20cf8365575222abaef18ff1f50 ]
The driver missed the default value of register 0xc070/0xc360.
This patch adds that default value to avoid invalid register access
when the device doesn't be enumerated yet.
BugLink: https://github.com/thesofproject/linux/issues/3924
Signed-off-by: Shuming Fan <shumingf@realtek.com>
Link: https://lore.kernel.org/r/20221019095715.31082-1-shumingf@realtek.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt1308-sdw.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/rt1308-sdw.h b/sound/soc/codecs/rt1308-sdw.h
index 6668e19d85d4..b5f231f708cb 100644
--- a/sound/soc/codecs/rt1308-sdw.h
+++ b/sound/soc/codecs/rt1308-sdw.h
@@ -139,10 +139,12 @@ static const struct reg_default rt1308_reg_defaults[] = {
{ 0x3005, 0x23 },
{ 0x3008, 0x02 },
{ 0x300a, 0x00 },
+ { 0xc000 | (RT1308_DATA_PATH << 4), 0x00 },
{ 0xc003 | (RT1308_DAC_SET << 4), 0x00 },
{ 0xc000 | (RT1308_POWER << 4), 0x00 },
{ 0xc001 | (RT1308_POWER << 4), 0x00 },
{ 0xc002 | (RT1308_POWER << 4), 0x00 },
+ { 0xc000 | (RT1308_POWER_STATUS << 4), 0x00 },
};
#define RT1308_SDW_OFFSET 0xc000
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 023/314] ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 022/314] ASoC: rt1308-sdw: add the default value of some registers Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 024/314] ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table Greg Kroah-Hartman
` (298 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linkt, Mario Limonciello,
Mark Brown, Sasha Levin
From: linkt <xazrael@hotmail.com>
[ Upstream commit a450b5c8739248069e11f72129fca61a56125577 ]
Lenovo ThinkBook 14 Gen 4+ ARA and ThinkBook 16 Gen 4+ ARA
need to be added to the list of quirks for the microphone to work properly.
Signed-off-by: linkt <xazrael@hotmail.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/MEYPR01MB8397A3C27DE6206FA3EF834DB6239@MEYPR01MB8397.ausprd01.prod.outlook.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index 2cb50d5cf1a9..09a8aceff22f 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -45,6 +45,20 @@ static struct snd_soc_card acp6x_card = {
};
static const struct dmi_system_id yc_acp_quirk_table[] = {
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "21D0"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "21D1"),
+ }
+ },
{
.driver_data = &acp6x_card,
.matches = {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 024/314] ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 023/314] ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 025/314] drm/amdgpu: Adjust MES polling timeout for sriov Greg Kroah-Hartman
` (297 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Taroe Leohearts, Mark Brown, Sasha Levin
From: Leohearts <leohearts@leohearts.com>
[ Upstream commit a75481fa00cc06a8763e1795b93140407948c03a ]
Lenovo Thinkbook 14+ 2022 (ThinkBook 14 G4+ ARA) uses Ryzen
6000 processor, and has the same microphone problem as other
ThinkPads with AMD Ryzen 6000 series CPUs, which has been
listed in https://bugzilla.kernel.org/show_bug.cgi?id=216267.
Adding 21D0 to quirks table solves this microphone problem
for ThinkBook 14 G4+ ARA.
Signed-off-by: Taroe Leohearts <leohearts@leohearts.com>
Link: https://lore.kernel.org/r/26B141B486BEF706+313d1732-e00c-ea41-3123-0d048d40ebb6@leohearts.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index 09a8aceff22f..6c0f1de10429 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -52,6 +52,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "21D0"),
}
},
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "21D0"),
+ }
+ },
{
.driver_data = &acp6x_card,
.matches = {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 025/314] drm/amdgpu: Adjust MES polling timeout for sriov
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 024/314] ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 026/314] platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models Greg Kroah-Hartman
` (296 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yiqing Yao, Alex Deucher, Sasha Levin
From: Yiqing Yao <yiqing.yao@amd.com>
[ Upstream commit 226dcfad349f23f7744d02b24f8ec3bc4f6198ac ]
[why]
MES response time in sriov may be longer than default value
due to reset or init in other VF. A timeout value specific
to sriov is needed.
[how]
When in sriov, adjust the timeout value to calculated
worst case scenario.
Signed-off-by: Yiqing Yao <yiqing.yao@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
index 2dd827472d6e..3bff0ae15e64 100644
--- a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
@@ -96,7 +96,14 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes,
struct amdgpu_device *adev = mes->adev;
struct amdgpu_ring *ring = &mes->ring;
unsigned long flags;
+ signed long timeout = adev->usec_timeout;
+ if (amdgpu_emu_mode) {
+ timeout *= 100;
+ } else if (amdgpu_sriov_vf(adev)) {
+ /* Worst case in sriov where all other 15 VF timeout, each VF needs about 600ms */
+ timeout = 15 * 600 * 1000;
+ }
BUG_ON(size % 4 != 0);
spin_lock_irqsave(&mes->ring_lock, flags);
@@ -116,7 +123,7 @@ static int mes_v11_0_submit_pkt_and_poll_completion(struct amdgpu_mes *mes,
DRM_DEBUG("MES msg=%d was emitted\n", x_pkt->header.opcode);
r = amdgpu_fence_wait_polling(ring, ring->fence_drv.sync_seq,
- adev->usec_timeout * (amdgpu_emu_mode ? 100 : 1));
+ timeout);
if (r < 1) {
DRM_ERROR("MES failed to response msg=%d\n",
x_pkt->header.opcode);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 026/314] platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 025/314] drm/amdgpu: Adjust MES polling timeout for sriov Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 027/314] platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver Greg Kroah-Hartman
` (295 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jelle van der Waa, Hans de Goede,
Sasha Levin
From: Jelle van der Waa <jvanderwaa@redhat.com>
[ Upstream commit a10d50983f7befe85acf95ea7dbf6ba9187c2d70 ]
thinkpad_acpi was reporting 2 fans on a ThinkPad T14s gen 1, even though
the laptop has only 1 fan.
The second, not present fan always reads 65535 (-1 in 16 bit signed),
ignore fans which report 65535 to avoid reporting the non present fan.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
Link: https://lore.kernel.org/r/20221019194751.5392-1-jvanderwaa@redhat.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/thinkpad_acpi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index 2dbb9fc011a7..353507d18e11 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -263,6 +263,8 @@ enum tpacpi_hkey_event_t {
#define TPACPI_DBG_BRGHT 0x0020
#define TPACPI_DBG_MIXER 0x0040
+#define FAN_NOT_PRESENT 65535
+
#define strlencmp(a, b) (strncmp((a), (b), strlen(b)))
@@ -8876,7 +8878,7 @@ static int __init fan_init(struct ibm_init_struct *iibm)
/* Try and probe the 2nd fan */
tp_features.second_fan = 1; /* needed for get_speed to work */
res = fan2_get_speed(&speed);
- if (res >= 0) {
+ if (res >= 0 && speed != FAN_NOT_PRESENT) {
/* It responded - so let's assume it's there */
tp_features.second_fan = 1;
tp_features.second_fan_ctl = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 027/314] platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 026/314] platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 028/314] drm/amd/display: Remove wrong pipe control lock Greg Kroah-Hartman
` (294 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Srinivas Pandruvada,
Andy Shevchenko, David Box, Rajneesh Bhardwaj, Gayatri Kammela,
Hans de Goede, Sasha Levin
From: Gayatri Kammela <gayatri.kammela@linux.intel.com>
[ Upstream commit 555a68dd681b7437a2708001d465c85f6dfa6955 ]
Add Raptor Lake client parts (both RPL and RPL_S) support to pmc core
driver. Raptor Lake client parts reuse all the Alder Lake PCH IPs.
Cc: Srinivas Pandruvada <srinivas.pandruvada@intel.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: David Box <david.e.box@intel.com>
Acked-by: Rajneesh Bhardwaj <irenic.rajneesh@gmail.com>
Signed-off-by: Gayatri Kammela <gayatri.kammela@linux.intel.com>
Link: https://lore.kernel.org/r/20220912233307.409954-2-gayatri.kammela@linux.intel.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/pmc/core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/platform/x86/intel/pmc/core.c b/drivers/platform/x86/intel/pmc/core.c
index a1fe1e0dcf4a..17ec5825d13d 100644
--- a/drivers/platform/x86/intel/pmc/core.c
+++ b/drivers/platform/x86/intel/pmc/core.c
@@ -1914,6 +1914,8 @@ static const struct x86_cpu_id intel_pmc_core_ids[] = {
X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_N, &tgl_reg_map),
X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, &adl_reg_map),
X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, &tgl_reg_map),
+ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, &adl_reg_map),
+ X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, &adl_reg_map),
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 028/314] drm/amd/display: Remove wrong pipe control lock
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 027/314] platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 029/314] drm/amd/display: Dont return false if no stream Greg Kroah-Hartman
` (293 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Wheeler, Qingqing Zhuo,
Rodrigo Siqueira, Alex Deucher, Sasha Levin
From: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
[ Upstream commit ca08a1725d0d78efca8d2dbdbce5ea70355da0f2 ]
When using a device based on DCN32/321,
we have an issue where a second
4k@60Hz display does not light up,
and the system becomes unresponsive
for a few minutes. In the debug process,
it was possible to see a hang
in the function dcn20_post_unlock_program_front_end
in this part:
for (j = 0; j < TIMEOUT_FOR_PIPE_ENABLE_MS*1000
&& hubp->funcs->hubp_is_flip_pending(hubp); j++)
mdelay(1);
}
The hubp_is_flip_pending always returns positive
for waiting pending flips which is a symptom of
pipe hang. Additionally, the dmesg log shows
this message after a few minutes:
BUG: soft lockup - CPU#4 stuck for 26s!
...
[ +0.000003] dcn20_post_unlock_program_front_end+0x112/0x340 [amdgpu]
[ +0.000171] dc_commit_state_no_check+0x63d/0xbf0 [amdgpu]
[ +0.000155] ? dc_validate_global_state+0x358/0x3d0 [amdgpu]
[ +0.000154] dc_commit_state+0xe2/0xf0 [amdgpu]
This confirmed the hypothesis that we had a pipe
hanging somewhere. Next, after checking the
ftrace entries, we have the below weird
sequence:
[..]
2) | dcn10_lock_all_pipes [amdgpu]() {
2) 0.120 us | optc1_is_tg_enabled [amdgpu]();
2) | dcn20_pipe_control_lock [amdgpu]() {
2) | dc_dmub_srv_clear_inbox0_ack [amdgpu]() {
2) 0.121 us | amdgpu_dm_dmub_reg_write [amdgpu]();
2) 0.551 us | }
2) | dc_dmub_srv_send_inbox0_cmd [amdgpu]() {
2) 0.110 us | amdgpu_dm_dmub_reg_write [amdgpu]();
2) 0.511 us | }
2) | dc_dmub_srv_wait_for_inbox0_ack [amdgpu]() {
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
2) 0.110 us | amdgpu_dm_dmub_reg_read [amdgpu]();
[..]
We are not expected to read from dmub register
so many times and for so long. From the trace log,
it was possible to identify that the function
dcn20_pipe_control_lock was triggering the dmub
operation when it was unnecessary and causing
the hang issue. This commit drops the unnecessary
dmub code and, consequently, fixes the second display not
lighting up the issue.
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
index 598ce872a8d7..0f30df523fdf 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
@@ -1262,16 +1262,6 @@ void dcn20_pipe_control_lock(
lock,
&hw_locks,
&inst_flags);
- } else if (pipe->stream && pipe->stream->mall_stream_config.type == SUBVP_MAIN) {
- union dmub_inbox0_cmd_lock_hw hw_lock_cmd = { 0 };
- hw_lock_cmd.bits.command_code = DMUB_INBOX0_CMD__HW_LOCK;
- hw_lock_cmd.bits.hw_lock_client = HW_LOCK_CLIENT_DRIVER;
- hw_lock_cmd.bits.lock_pipe = 1;
- hw_lock_cmd.bits.otg_inst = pipe->stream_res.tg->inst;
- hw_lock_cmd.bits.lock = lock;
- if (!lock)
- hw_lock_cmd.bits.should_release = 1;
- dmub_hw_lock_mgr_inbox0_cmd(dc->ctx->dmub_srv, hw_lock_cmd);
} else if (pipe->plane_state != NULL && pipe->plane_state->triplebuffer_flips) {
if (lock)
pipe->stream_res.tg->funcs->triplebuffer_lock(pipe->stream_res.tg);
@@ -1848,7 +1838,7 @@ void dcn20_post_unlock_program_front_end(
for (j = 0; j < TIMEOUT_FOR_PIPE_ENABLE_MS*1000
&& hubp->funcs->hubp_is_flip_pending(hubp); j++)
- mdelay(1);
+ udelay(1);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 029/314] drm/amd/display: Dont return false if no stream
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 028/314] drm/amd/display: Remove wrong pipe control lock Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 030/314] drm/scheduler: fix fence ref counting Greg Kroah-Hartman
` (292 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Wheeler, Rodrigo Siqueira,
Qingqing Zhuo, Alvin Lee, Alex Deucher, Sasha Levin
From: Alvin Lee <Alvin.Lee2@amd.com>
[ Upstream commit abe4d9f03fae76c9650b0d942faf6990b35c377b ]
pipe_ctx[i] exists even if the pipe is not
in use. If the pipe is not in use it will
always have a null stream, so don't return
false in this case.
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Alvin Lee <Alvin.Lee2@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c
index 1f195c5b3377..13cd1f2e50ca 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource_helpers.c
@@ -187,7 +187,7 @@ bool dcn32_all_pipes_have_stream_and_plane(struct dc *dc,
struct pipe_ctx *pipe = &context->res_ctx.pipe_ctx[i];
if (!pipe->stream)
- return false;
+ continue;
if (!pipe->plane_state)
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 030/314] drm/scheduler: fix fence ref counting
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 029/314] drm/amd/display: Dont return false if no stream Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 031/314] ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] Greg Kroah-Hartman
` (291 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König,
Andrey Grodzovsky, Sasha Levin
From: Christian König <christian.koenig@amd.com>
[ Upstream commit b3af84383e7abdc5e63435817bb73a268e7c3637 ]
We leaked dependency fences when processes were beeing killed.
Additional to that grab a reference to the last scheduled fence.
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Andrey Grodzovsky <andrey.grodzovsky@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220929180151.139751-1-christian.koenig@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/scheduler/sched_entity.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c
index 6b25b2f4f5a3..7ef1a086a6fb 100644
--- a/drivers/gpu/drm/scheduler/sched_entity.c
+++ b/drivers/gpu/drm/scheduler/sched_entity.c
@@ -207,6 +207,7 @@ static void drm_sched_entity_kill_jobs_cb(struct dma_fence *f,
struct drm_sched_job *job = container_of(cb, struct drm_sched_job,
finish_cb);
+ dma_fence_put(f);
INIT_WORK(&job->work, drm_sched_entity_kill_jobs_work);
schedule_work(&job->work);
}
@@ -234,8 +235,10 @@ static void drm_sched_entity_kill_jobs(struct drm_sched_entity *entity)
struct drm_sched_fence *s_fence = job->s_fence;
/* Wait for all dependencies to avoid data corruptions */
- while ((f = drm_sched_job_dependency(job, entity)))
+ while ((f = drm_sched_job_dependency(job, entity))) {
dma_fence_wait(f, false);
+ dma_fence_put(f);
+ }
drm_sched_fence_scheduled(s_fence);
dma_fence_set_error(&s_fence->finished, -ESRCH);
@@ -250,6 +253,7 @@ static void drm_sched_entity_kill_jobs(struct drm_sched_entity *entity)
continue;
}
+ dma_fence_get(entity->last_scheduled);
r = dma_fence_add_callback(entity->last_scheduled,
&job->finish_cb,
drm_sched_entity_kill_jobs_cb);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 031/314] ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 030/314] drm/scheduler: fix fence ref counting Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 032/314] cxl/mbox: Add a check on input payload size Greg Kroah-Hartman
` (290 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit fa153b7cddce795662d38f78a87612c166c0f692 ]
Some x86/ACPI laptops with MIPI cameras have a LATT2021 ACPI device
in the _DEP dependency list of the ACPI devices for the camera-sensors
(which have flags.honor_deps set).
The _DDN for the LATT2021 device is "Lattice FW Update Client Driver",
suggesting that this is used for firmware updates of something. There
is no Linux driver for this and if Linux gets support for updates it
will likely be in userspace through fwupd.
For now add the LATT2021 HID to acpi_ignore_dep_ids[] so that
acpi_dev_ready_for_enumeration() will return true once the other _DEP
dependencies are met.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/scan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index 42cec8120f18..adfeb5770efd 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -796,6 +796,7 @@ static bool acpi_info_matches_ids(struct acpi_device_info *info,
static const char * const acpi_ignore_dep_ids[] = {
"PNP0D80", /* Windows-compatible System Power Management Controller */
"INT33BD", /* Intel Baytrail Mailbox Device */
+ "LATT2021", /* Lattice FW Update Client Driver */
NULL
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 032/314] cxl/mbox: Add a check on input payload size
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 031/314] ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 033/314] RDMA/efa: Add EFA 0xefa2 PCI ID Greg Kroah-Hartman
` (289 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Cameron, Dan Williams, Sasha Levin
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[ Upstream commit cf00b33058b196b4db928419dde68993b15a975b ]
A bug in the LSA code resulted in transfers slightly larger
than the mailbox size. Let us make it easier to catch similar
issues in future by adding a low level check.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/20220815154044.24733-2-Jonathan.Cameron@huawei.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cxl/core/mbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
index 16176b9278b4..0c90f13870a4 100644
--- a/drivers/cxl/core/mbox.c
+++ b/drivers/cxl/core/mbox.c
@@ -174,7 +174,7 @@ int cxl_mbox_send_cmd(struct cxl_dev_state *cxlds, u16 opcode, void *in,
};
int rc;
- if (out_size > cxlds->payload_size)
+ if (in_size > cxlds->payload_size || out_size > cxlds->payload_size)
return -E2BIG;
rc = cxlds->mbox_send(cxlds, &mbox_cmd);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 033/314] RDMA/efa: Add EFA 0xefa2 PCI ID
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 032/314] cxl/mbox: Add a check on input payload size Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 034/314] btrfs: raid56: properly handle the error when unable to find the missing stripe Greg Kroah-Hartman
` (288 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Firas Jahjah, Yossi Leybovich,
Michael Margolin, Leon Romanovsky, Sasha Levin
From: Michael Margolin <mrgolin@amazon.com>
[ Upstream commit b75927cff13e0b3b652a12da7eb9a012911799e8 ]
Add support for 0xefa2 devices.
Reviewed-by: Firas Jahjah <firasj@amazon.com>
Reviewed-by: Yossi Leybovich <sleybo@amazon.com>
Signed-off-by: Michael Margolin <mrgolin@amazon.com>
Link: https://lore.kernel.org/r/20221020151949.1768-1-mrgolin@amazon.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/efa/efa_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/efa/efa_main.c b/drivers/infiniband/hw/efa/efa_main.c
index 94b94cca4870..15ee92081118 100644
--- a/drivers/infiniband/hw/efa/efa_main.c
+++ b/drivers/infiniband/hw/efa/efa_main.c
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0 OR BSD-2-Clause
/*
- * Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All rights reserved.
+ * Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All rights reserved.
*/
#include <linux/module.h>
@@ -14,10 +14,12 @@
#define PCI_DEV_ID_EFA0_VF 0xefa0
#define PCI_DEV_ID_EFA1_VF 0xefa1
+#define PCI_DEV_ID_EFA2_VF 0xefa2
static const struct pci_device_id efa_pci_tbl[] = {
{ PCI_VDEVICE(AMAZON, PCI_DEV_ID_EFA0_VF) },
{ PCI_VDEVICE(AMAZON, PCI_DEV_ID_EFA1_VF) },
+ { PCI_VDEVICE(AMAZON, PCI_DEV_ID_EFA2_VF) },
{ }
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 034/314] btrfs: raid56: properly handle the error when unable to find the missing stripe
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 033/314] RDMA/efa: Add EFA 0xefa2 PCI ID Greg Kroah-Hartman
@ 2022-11-23 8:47 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 035/314] NFSv4: Retry LOCK on OLD_STATEID during delegation return Greg Kroah-Hartman
` (287 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:47 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, David Sterba, Sasha Levin
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit f15fb2cd979a07fbfc666e2f04b8b30ec9233b2a ]
In raid56_alloc_missing_rbio(), if we can not determine where the
missing device is inside the full stripe, we just BUG_ON().
This is not necessary especially the only caller inside scrub.c is
already properly checking the return value, and will treat it as a
memory allocation failure.
Fix the error handling by:
- Add an extra warning for the reason
Although personally speaking it may be better to be an ASSERT().
- Properly free the allocated rbio
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/raid56.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c
index 2feb5c20641a..a21b9e085d1b 100644
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2767,8 +2767,10 @@ raid56_alloc_missing_rbio(struct bio *bio, struct btrfs_io_context *bioc)
rbio->faila = find_logical_bio_stripe(rbio, bio);
if (rbio->faila == -1) {
- BUG();
- kfree(rbio);
+ btrfs_warn_rl(fs_info,
+ "can not determine the failed stripe number for full stripe %llu",
+ bioc->raid_map[0]);
+ __free_raid_bio(rbio);
return NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 035/314] NFSv4: Retry LOCK on OLD_STATEID during delegation return
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-11-23 8:47 ` [PATCH 6.0 034/314] btrfs: raid56: properly handle the error when unable to find the missing stripe Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 036/314] SUNRPC: Fix crasher in gss_unwrap_resp_integ() Greg Kroah-Hartman
` (286 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gonzalo Siero Humet,
Benjamin Coddington, Anna Schumaker, Sasha Levin
From: Benjamin Coddington <bcodding@redhat.com>
[ Upstream commit f5ea16137a3fa2858620dc9084466491c128535f ]
There's a small window where a LOCK sent during a delegation return can
race with another OPEN on client, but the open stateid has not yet been
updated. In this case, the client doesn't handle the OLD_STATEID error
from the server and will lose this lock, emitting:
"NFS: nfs4_handle_delegation_recall_error: unhandled error -10024".
Fix this by sending the task through the nfs4 error handling in
nfs4_lock_done() when we may have to reconcile our stateid with what the
server believes it to be. For this case, the result is a retry of the
LOCK operation with the updated stateid.
Reported-by: Gonzalo Siero Humet <gsierohu@redhat.com>
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 3ed14a2a84a4..313e9145b6c9 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -7137,6 +7137,7 @@ static void nfs4_lock_done(struct rpc_task *task, void *calldata)
{
struct nfs4_lockdata *data = calldata;
struct nfs4_lock_state *lsp = data->lsp;
+ struct nfs_server *server = NFS_SERVER(d_inode(data->ctx->dentry));
if (!nfs4_sequence_done(task, &data->res.seq_res))
return;
@@ -7144,8 +7145,7 @@ static void nfs4_lock_done(struct rpc_task *task, void *calldata)
data->rpc_status = task->tk_status;
switch (task->tk_status) {
case 0:
- renew_lease(NFS_SERVER(d_inode(data->ctx->dentry)),
- data->timestamp);
+ renew_lease(server, data->timestamp);
if (data->arg.new_lock && !data->cancelled) {
data->fl.fl_flags &= ~(FL_SLEEP | FL_ACCESS);
if (locks_lock_inode_wait(lsp->ls_state->inode, &data->fl) < 0)
@@ -7166,6 +7166,8 @@ static void nfs4_lock_done(struct rpc_task *task, void *calldata)
if (!nfs4_stateid_match(&data->arg.open_stateid,
&lsp->ls_state->open_stateid))
goto out_restart;
+ else if (nfs4_async_handle_error(task, server, lsp->ls_state, NULL) == -EAGAIN)
+ goto out_restart;
} else if (!nfs4_stateid_match(&data->arg.lock_stateid,
&lsp->ls_stateid))
goto out_restart;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 036/314] SUNRPC: Fix crasher in gss_unwrap_resp_integ()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 035/314] NFSv4: Retry LOCK on OLD_STATEID during delegation return Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 037/314] ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Greg Kroah-Hartman
` (285 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chuck Lever, Anna Schumaker, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 8a0fa3ff3b606b55c4edc71ad133e61529b64549 ]
If a zero length is passed to kmalloc() it returns 0x10, which is
not a valid address. gss_unwrap_resp_integ() subsequently crashes
when it attempts to dereference that pointer.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/auth_gss/auth_gss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index a31a27816cc0..7bb247c51e2f 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -1989,7 +1989,7 @@ gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred,
goto unwrap_failed;
mic.len = len;
mic.data = kmalloc(len, GFP_KERNEL);
- if (!mic.data)
+ if (ZERO_OR_NULL_PTR(mic.data))
goto unwrap_failed;
if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len))
goto unwrap_failed;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 037/314] ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 036/314] SUNRPC: Fix crasher in gss_unwrap_resp_integ() Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 038/314] drm/rockchip: vop2: fix null pointer in plane_atomic_disable Greg Kroah-Hartman
` (284 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello,
Rafael J. Wysocki, Sasha Levin, Julius Brockmann
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 2124becad797245d49252d2d733aee0322233d7e ]
commit 018d6711c26e4 ("ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1
for StorageD3Enable") introduced a quirk to allow a system with ambiguous
use of _ADR 0 to force StorageD3Enable.
Julius Brockmann reports that Inspiron 16 5625 suffers that same symptoms.
Add this other system to the list as well.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216440
Reported-and-tested-by: Julius Brockmann <mail@juliusbrockmann.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/x86/utils.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c
index d7cdd8406c84..950a93922ca8 100644
--- a/drivers/acpi/x86/utils.c
+++ b/drivers/acpi/x86/utils.c
@@ -219,6 +219,12 @@ static const struct dmi_system_id force_storage_d3_dmi[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 14 7425 2-in-1"),
}
},
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 16 5625"),
+ }
+ },
{}
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 038/314] drm/rockchip: vop2: fix null pointer in plane_atomic_disable
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 037/314] ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 039/314] drm/rockchip: vop2: disable planes when disabling the crtc Greg Kroah-Hartman
` (283 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Tretter, Heiko Stuebner,
Sasha Levin
From: Michael Tretter <m.tretter@pengutronix.de>
[ Upstream commit 471bf2406c043491b1a8288e5f04bc278f7d7ca1 ]
If the vop2_plane_atomic_disable function is called with NULL as a
state, accessing the old_pstate runs into a null pointer exception.
However, the drm_atomic_helper_disable_planes_on_crtc function calls the
atomic_disable callback with state NULL.
Allow to disable a plane without passing a plane state by checking the
old_pstate only if a state is passed.
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20221028095206.2136601-2-m.tretter@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index f9aa8b96c695..bf9c3e92e1cd 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -997,13 +997,15 @@ static int vop2_plane_atomic_check(struct drm_plane *plane,
static void vop2_plane_atomic_disable(struct drm_plane *plane,
struct drm_atomic_state *state)
{
- struct drm_plane_state *old_pstate = drm_atomic_get_old_plane_state(state, plane);
+ struct drm_plane_state *old_pstate = NULL;
struct vop2_win *win = to_vop2_win(plane);
struct vop2 *vop2 = win->vop2;
drm_dbg(vop2->drm, "%s disable\n", win->data->name);
- if (!old_pstate->crtc)
+ if (state)
+ old_pstate = drm_atomic_get_old_plane_state(state, plane);
+ if (old_pstate && !old_pstate->crtc)
return;
vop2_win_disable(win);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 039/314] drm/rockchip: vop2: disable planes when disabling the crtc
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 038/314] drm/rockchip: vop2: fix null pointer in plane_atomic_disable Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 040/314] ksefltests: pidfd: Fix wait_states: Test terminated by timeout Greg Kroah-Hartman
` (282 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Tretter, Heiko Stuebner,
Sasha Levin
From: Michael Tretter <m.tretter@pengutronix.de>
[ Upstream commit 447fb14bf07905b880c9ed1ea92c53d6dd0649d7 ]
The vop2 driver needs to explicitly disable the planes if the crtc is
disabled. Unless the planes are explicitly disabled, the address of the
last framebuffer is kept in the registers of the VOP2. When re-enabling
the encoder after it has been disabled by the driver, the VOP2 will
start and read the framebuffer that has been freed but is still pointed
to by the register. The iommu will catch these read accesses and print
errors.
Explicitly disable the planes when the crtc is disabled to reset the
registers.
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20221028095206.2136601-3-m.tretter@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
index bf9c3e92e1cd..1fc04019dfd8 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
@@ -878,10 +878,14 @@ static void vop2_crtc_atomic_disable(struct drm_crtc *crtc,
{
struct vop2_video_port *vp = to_vop2_video_port(crtc);
struct vop2 *vop2 = vp->vop2;
+ struct drm_crtc_state *old_crtc_state;
int ret;
vop2_lock(vop2);
+ old_crtc_state = drm_atomic_get_old_crtc_state(state, crtc);
+ drm_atomic_helper_disable_planes_on_crtc(old_crtc_state, false);
+
drm_crtc_vblank_off(crtc);
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 040/314] ksefltests: pidfd: Fix wait_states: Test terminated by timeout
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 039/314] drm/rockchip: vop2: disable planes when disabling the crtc Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 041/314] powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec Greg Kroah-Hartman
` (281 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philip Li, kernel test robot,
Li Zhijian, Christian Brauner (Microsoft),
Shuah Khan, Sasha Levin
From: Li Zhijian <lizhijian@fujitsu.com>
[ Upstream commit 88e1f16ba58665e9edfce437ea487da2fa759af9 ]
0Day/LKP observed that the kselftest blocks forever since one of the
pidfd_wait doesn't terminate in 1 of 30 runs. After digging into
the source, we found that it blocks at:
ASSERT_EQ(sys_waitid(P_PIDFD, pidfd, &info, WCONTINUED, NULL), 0);
wait_states has below testing flow:
CHILD PARENT
---------------+--------------
1 STOP itself
2 WAIT for CHILD STOPPED
3 SIGNAL CHILD to CONT
4 CONT
5 STOP itself
5' WAIT for CHILD CONT
6 WAIT for CHILD STOPPED
The problem is that the kernel cannot ensure the order of 5 and 5', once
5 goes first, the test will fail.
we can reproduce it by:
$ while true; do make run_tests -C pidfd; done
Introduce a blocking read in child process to make sure the parent can
check its WCONTINUED.
CC: Philip Li <philip.li@intel.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/pidfd/pidfd_wait.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tools/testing/selftests/pidfd/pidfd_wait.c b/tools/testing/selftests/pidfd/pidfd_wait.c
index 070c1c876df1..c3e2a3041f55 100644
--- a/tools/testing/selftests/pidfd/pidfd_wait.c
+++ b/tools/testing/selftests/pidfd/pidfd_wait.c
@@ -95,20 +95,28 @@ TEST(wait_states)
.flags = CLONE_PIDFD | CLONE_PARENT_SETTID,
.exit_signal = SIGCHLD,
};
+ int pfd[2];
pid_t pid;
siginfo_t info = {
.si_signo = 0,
};
+ ASSERT_EQ(pipe(pfd), 0);
pid = sys_clone3(&args);
ASSERT_GE(pid, 0);
if (pid == 0) {
+ char buf[2];
+
+ close(pfd[1]);
kill(getpid(), SIGSTOP);
+ ASSERT_EQ(read(pfd[0], buf, 1), 1);
+ close(pfd[0]);
kill(getpid(), SIGSTOP);
exit(EXIT_SUCCESS);
}
+ close(pfd[0]);
ASSERT_EQ(sys_waitid(P_PIDFD, pidfd, &info, WSTOPPED, NULL), 0);
ASSERT_EQ(info.si_signo, SIGCHLD);
ASSERT_EQ(info.si_code, CLD_STOPPED);
@@ -117,6 +125,8 @@ TEST(wait_states)
ASSERT_EQ(sys_pidfd_send_signal(pidfd, SIGCONT, NULL, 0), 0);
ASSERT_EQ(sys_waitid(P_PIDFD, pidfd, &info, WCONTINUED, NULL), 0);
+ ASSERT_EQ(write(pfd[1], "C", 1), 1);
+ close(pfd[1]);
ASSERT_EQ(info.si_signo, SIGCHLD);
ASSERT_EQ(info.si_code, CLD_CONTINUED);
ASSERT_EQ(info.si_pid, parent_tid);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 041/314] powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 040/314] ksefltests: pidfd: Fix wait_states: Test terminated by timeout Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 042/314] block: blk_add_rq_to_plug(): clear stale last after flush Greg Kroah-Hartman
` (280 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 2153fc9623e5465f503d793d4c94ad65e9ec9b5f ]
There's a build failure for Book3E without AltiVec:
Error: cc1: error: AltiVec not supported in this target
make[6]: *** [/linux/scripts/Makefile.build:250:
drivers/gpu/drm/amd/amdgpu/../display/dc/dml/display_mode_lib.o] Error 1
This happens because the amdgpu build is only gated by
PPC_LONG_DOUBLE_128, but that symbol can be enabled even though AltiVec
is disabled.
The only user of PPC_LONG_DOUBLE_128 is amdgpu, so just add a dependency
on AltiVec to that symbol to fix the build.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221027125626.1383092-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index cbe7bb029aec..c1d36a22de30 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -284,7 +284,7 @@ config PPC
#
config PPC_LONG_DOUBLE_128
- depends on PPC64
+ depends on PPC64 && ALTIVEC
def_bool $(success,test "$(shell,echo __LONG_DOUBLE_128__ | $(CC) -E -P -)" = 1)
config PPC_BARRIER_NOSPEC
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 042/314] block: blk_add_rq_to_plug(): clear stale last after flush
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 041/314] powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 043/314] firmware: arm_scmi: Cleanup the core driver removal callback Greg Kroah-Hartman
` (279 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Al Viro, Jens Axboe, Sasha Levin
From: Al Viro <viro@zeniv.linux.org.uk>
[ Upstream commit 878eb6e48f240d02ed1c9298020a0b6370695f24 ]
blk_mq_flush_plug_list() empties ->mq_list and request we'd peeked there
before that call is gone; in any case, we are not dealing with a mix
of requests for different queues now - there's no requests left in the
plug.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index edf41959a705..4402e4ecb8b1 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -1183,6 +1183,7 @@ static void blk_add_rq_to_plug(struct blk_plug *plug, struct request *rq)
(!blk_queue_nomerges(rq->q) &&
blk_rq_bytes(last) >= BLK_PLUG_FLUSH_SIZE)) {
blk_mq_flush_plug_list(plug, false);
+ last = NULL;
trace_block_plug(rq->q);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 043/314] firmware: arm_scmi: Cleanup the core driver removal callback
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 042/314] block: blk_add_rq_to_plug(): clear stale last after flush Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 044/314] firmware: arm_scmi: Make tx_prepare time out eventually Greg Kroah-Hartman
` (278 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König,
Cristian Marussi, Sudeep Holla, Sasha Levin
From: Cristian Marussi <cristian.marussi@arm.com>
[ Upstream commit 3f4071cbd2063b917486d1047a4da47718215fee ]
Platform drivers .remove callbacks are not supposed to fail and report
errors. Such errors are indeed ignored by the core platform drivers
and the driver unbind process is anyway completed.
The SCMI core platform driver as it is now, instead, bails out reporting
an error in case of an explicit unbind request.
Fix the removal path by adding proper device links between the core SCMI
device and the SCMI protocol devices so that a full SCMI stack unbind is
triggered when the core driver is removed. The remove process does not
bail out anymore on the anomalous conditions triggered by an explicit
unbind but the user is still warned.
Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Link: https://lore.kernel.org/r/20221028140833.280091-1-cristian.marussi@arm.com
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/bus.c | 11 +++++++++++
drivers/firmware/arm_scmi/common.h | 1 +
drivers/firmware/arm_scmi/driver.c | 31 ++++++++++++++++++------------
3 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/drivers/firmware/arm_scmi/bus.c b/drivers/firmware/arm_scmi/bus.c
index d4e23101448a..35bb70724d44 100644
--- a/drivers/firmware/arm_scmi/bus.c
+++ b/drivers/firmware/arm_scmi/bus.c
@@ -216,9 +216,20 @@ void scmi_device_destroy(struct scmi_device *scmi_dev)
device_unregister(&scmi_dev->dev);
}
+void scmi_device_link_add(struct device *consumer, struct device *supplier)
+{
+ struct device_link *link;
+
+ link = device_link_add(consumer, supplier, DL_FLAG_AUTOREMOVE_CONSUMER);
+
+ WARN_ON(!link);
+}
+
void scmi_set_handle(struct scmi_device *scmi_dev)
{
scmi_dev->handle = scmi_handle_get(&scmi_dev->dev);
+ if (scmi_dev->handle)
+ scmi_device_link_add(&scmi_dev->dev, scmi_dev->handle->dev);
}
int scmi_protocol_register(const struct scmi_protocol *proto)
diff --git a/drivers/firmware/arm_scmi/common.h b/drivers/firmware/arm_scmi/common.h
index 61aba7447c32..9b87b5b69535 100644
--- a/drivers/firmware/arm_scmi/common.h
+++ b/drivers/firmware/arm_scmi/common.h
@@ -97,6 +97,7 @@ static inline void unpack_scmi_header(u32 msg_hdr, struct scmi_msg_hdr *hdr)
struct scmi_revision_info *
scmi_revision_area_get(const struct scmi_protocol_handle *ph);
int scmi_handle_put(const struct scmi_handle *handle);
+void scmi_device_link_add(struct device *consumer, struct device *supplier);
struct scmi_handle *scmi_handle_get(struct device *dev);
void scmi_set_handle(struct scmi_device *scmi_dev);
void scmi_setup_protocol_implemented(const struct scmi_protocol_handle *ph,
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index 9022f5ee29aa..244d94eeb092 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -2277,10 +2277,16 @@ int scmi_protocol_device_request(const struct scmi_device_id *id_table)
sdev = scmi_get_protocol_device(child, info,
id_table->protocol_id,
id_table->name);
- /* Set handle if not already set: device existed */
- if (sdev && !sdev->handle)
- sdev->handle =
- scmi_handle_get_from_info_unlocked(info);
+ if (sdev) {
+ /* Set handle if not already set: device existed */
+ if (!sdev->handle)
+ sdev->handle =
+ scmi_handle_get_from_info_unlocked(info);
+ /* Relink consumer and suppliers */
+ if (sdev->handle)
+ scmi_device_link_add(&sdev->dev,
+ sdev->handle->dev);
+ }
} else {
dev_err(info->dev,
"Failed. SCMI protocol %d not active.\n",
@@ -2479,20 +2485,17 @@ void scmi_free_channel(struct scmi_chan_info *cinfo, struct idr *idr, int id)
static int scmi_remove(struct platform_device *pdev)
{
- int ret = 0, id;
+ int ret, id;
struct scmi_info *info = platform_get_drvdata(pdev);
struct device_node *child;
mutex_lock(&scmi_list_mutex);
if (info->users)
- ret = -EBUSY;
- else
- list_del(&info->node);
+ dev_warn(&pdev->dev,
+ "Still active SCMI users will be forcibly unbound.\n");
+ list_del(&info->node);
mutex_unlock(&scmi_list_mutex);
- if (ret)
- return ret;
-
scmi_notification_exit(&info->handle);
mutex_lock(&info->protocols_mtx);
@@ -2504,7 +2507,11 @@ static int scmi_remove(struct platform_device *pdev)
idr_destroy(&info->active_protocols);
/* Safe to free channels since no more users */
- return scmi_cleanup_txrx_channels(info);
+ ret = scmi_cleanup_txrx_channels(info);
+ if (ret)
+ dev_warn(&pdev->dev, "Failed to cleanup SCMI channels.\n");
+
+ return 0;
}
static ssize_t protocol_version_show(struct device *dev,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 044/314] firmware: arm_scmi: Make tx_prepare time out eventually
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 043/314] firmware: arm_scmi: Cleanup the core driver removal callback Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 045/314] i2c: tegra: Allocate DMA memory for DMA engine Greg Kroah-Hartman
` (277 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YaxiongTian, Vincent Guittot,
Etienne Carriere, Florian Fainelli, Cristian Marussi,
Sudeep Holla, Sasha Levin
From: Cristian Marussi <cristian.marussi@arm.com>
[ Upstream commit 59172b212ec0dbb97ceb5671d912e6e61fa802d5 ]
SCMI transports based on shared memory, at start of transmissions, have
to wait for the shared Tx channel area to be eventually freed by the
SCMI platform before accessing the channel. In fact the channel is owned
by the SCMI platform until marked as free by the platform itself and,
as such, cannot be used by the agent until relinquished.
As a consequence a badly misbehaving SCMI platform firmware could lock
the channel indefinitely and make the kernel side SCMI stack loop
forever waiting for such channel to be freed, possibly hanging the
whole boot sequence.
Add a timeout to the existent Tx waiting spin-loop so that, when the
system ends up in this situation, the SCMI stack can at least bail-out,
nosily warn the user, and abort the transmission.
Reported-by: YaxiongTian <iambestgod@outlook.com>
Suggested-by: YaxiongTian <iambestgod@outlook.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Etienne Carriere <etienne.carriere@linaro.org>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Link: https://lore.kernel.org/r/20221028140833.280091-3-cristian.marussi@arm.com
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/arm_scmi/common.h | 4 +++-
drivers/firmware/arm_scmi/driver.c | 1 +
drivers/firmware/arm_scmi/mailbox.c | 2 +-
drivers/firmware/arm_scmi/optee.c | 2 +-
drivers/firmware/arm_scmi/shmem.c | 31 +++++++++++++++++++++++++----
drivers/firmware/arm_scmi/smc.c | 2 +-
6 files changed, 34 insertions(+), 8 deletions(-)
diff --git a/drivers/firmware/arm_scmi/common.h b/drivers/firmware/arm_scmi/common.h
index 9b87b5b69535..a1c0154c31c6 100644
--- a/drivers/firmware/arm_scmi/common.h
+++ b/drivers/firmware/arm_scmi/common.h
@@ -118,6 +118,7 @@ void scmi_protocol_release(const struct scmi_handle *handle, u8 protocol_id);
*
* @dev: Reference to device in the SCMI hierarchy corresponding to this
* channel
+ * @rx_timeout_ms: The configured RX timeout in milliseconds.
* @handle: Pointer to SCMI entity handle
* @no_completion_irq: Flag to indicate that this channel has no completion
* interrupt mechanism for synchronous commands.
@@ -127,6 +128,7 @@ void scmi_protocol_release(const struct scmi_handle *handle, u8 protocol_id);
*/
struct scmi_chan_info {
struct device *dev;
+ unsigned int rx_timeout_ms;
struct scmi_handle *handle;
bool no_completion_irq;
void *transport_info;
@@ -233,7 +235,7 @@ void scmi_free_channel(struct scmi_chan_info *cinfo, struct idr *idr, int id);
struct scmi_shared_mem;
void shmem_tx_prepare(struct scmi_shared_mem __iomem *shmem,
- struct scmi_xfer *xfer);
+ struct scmi_xfer *xfer, struct scmi_chan_info *cinfo);
u32 shmem_read_header(struct scmi_shared_mem __iomem *shmem);
void shmem_fetch_response(struct scmi_shared_mem __iomem *shmem,
struct scmi_xfer *xfer);
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index 244d94eeb092..f818d00bb2c6 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -2013,6 +2013,7 @@ static int scmi_chan_setup(struct scmi_info *info, struct device *dev,
return -ENOMEM;
cinfo->dev = dev;
+ cinfo->rx_timeout_ms = info->desc->max_rx_timeout_ms;
ret = info->desc->ops->chan_setup(cinfo, info->dev, tx);
if (ret)
diff --git a/drivers/firmware/arm_scmi/mailbox.c b/drivers/firmware/arm_scmi/mailbox.c
index 08ff4d110beb..1e40cb035044 100644
--- a/drivers/firmware/arm_scmi/mailbox.c
+++ b/drivers/firmware/arm_scmi/mailbox.c
@@ -36,7 +36,7 @@ static void tx_prepare(struct mbox_client *cl, void *m)
{
struct scmi_mailbox *smbox = client_to_scmi_mailbox(cl);
- shmem_tx_prepare(smbox->shmem, m);
+ shmem_tx_prepare(smbox->shmem, m, smbox->cinfo);
}
static void rx_callback(struct mbox_client *cl, void *m)
diff --git a/drivers/firmware/arm_scmi/optee.c b/drivers/firmware/arm_scmi/optee.c
index f42dad997ac9..2a7aeab40e54 100644
--- a/drivers/firmware/arm_scmi/optee.c
+++ b/drivers/firmware/arm_scmi/optee.c
@@ -498,7 +498,7 @@ static int scmi_optee_send_message(struct scmi_chan_info *cinfo,
msg_tx_prepare(channel->req.msg, xfer);
ret = invoke_process_msg_channel(channel, msg_command_size(xfer));
} else {
- shmem_tx_prepare(channel->req.shmem, xfer);
+ shmem_tx_prepare(channel->req.shmem, xfer, cinfo);
ret = invoke_process_smt_channel(channel);
}
diff --git a/drivers/firmware/arm_scmi/shmem.c b/drivers/firmware/arm_scmi/shmem.c
index 0e3eaea5d852..1dfe534b8518 100644
--- a/drivers/firmware/arm_scmi/shmem.c
+++ b/drivers/firmware/arm_scmi/shmem.c
@@ -5,10 +5,13 @@
* Copyright (C) 2019 ARM Ltd.
*/
+#include <linux/ktime.h>
#include <linux/io.h>
#include <linux/processor.h>
#include <linux/types.h>
+#include <asm-generic/bug.h>
+
#include "common.h"
/*
@@ -30,16 +33,36 @@ struct scmi_shared_mem {
};
void shmem_tx_prepare(struct scmi_shared_mem __iomem *shmem,
- struct scmi_xfer *xfer)
+ struct scmi_xfer *xfer, struct scmi_chan_info *cinfo)
{
+ ktime_t stop;
+
/*
* Ideally channel must be free by now unless OS timeout last
* request and platform continued to process the same, wait
* until it releases the shared memory, otherwise we may endup
- * overwriting its response with new message payload or vice-versa
+ * overwriting its response with new message payload or vice-versa.
+ * Giving up anyway after twice the expected channel timeout so as
+ * not to bail-out on intermittent issues where the platform is
+ * occasionally a bit slower to answer.
+ *
+ * Note that after a timeout is detected we bail-out and carry on but
+ * the transport functionality is probably permanently compromised:
+ * this is just to ease debugging and avoid complete hangs on boot
+ * due to a misbehaving SCMI firmware.
*/
- spin_until_cond(ioread32(&shmem->channel_status) &
- SCMI_SHMEM_CHAN_STAT_CHANNEL_FREE);
+ stop = ktime_add_ms(ktime_get(), 2 * cinfo->rx_timeout_ms);
+ spin_until_cond((ioread32(&shmem->channel_status) &
+ SCMI_SHMEM_CHAN_STAT_CHANNEL_FREE) ||
+ ktime_after(ktime_get(), stop));
+ if (!(ioread32(&shmem->channel_status) &
+ SCMI_SHMEM_CHAN_STAT_CHANNEL_FREE)) {
+ WARN_ON_ONCE(1);
+ dev_err(cinfo->dev,
+ "Timeout waiting for a free TX channel !\n");
+ return;
+ }
+
/* Mark channel busy + clear error */
iowrite32(0x0, &shmem->channel_status);
iowrite32(xfer->hdr.poll_completion ? 0 : SCMI_SHMEM_FLAG_INTR_ENABLED,
diff --git a/drivers/firmware/arm_scmi/smc.c b/drivers/firmware/arm_scmi/smc.c
index 745acfdd0b3d..87a7b13cf868 100644
--- a/drivers/firmware/arm_scmi/smc.c
+++ b/drivers/firmware/arm_scmi/smc.c
@@ -188,7 +188,7 @@ static int smc_send_message(struct scmi_chan_info *cinfo,
*/
smc_channel_lock_acquire(scmi_info, xfer);
- shmem_tx_prepare(scmi_info->shmem, xfer);
+ shmem_tx_prepare(scmi_info->shmem, xfer, cinfo);
arm_smccc_1_1_invoke(scmi_info->func_id, 0, 0, 0, 0, 0, 0, 0, &res);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 045/314] i2c: tegra: Allocate DMA memory for DMA engine
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 044/314] firmware: arm_scmi: Make tx_prepare time out eventually Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 046/314] i2c: i801: add lis3lv02ds I2C address for Vostro 5568 Greg Kroah-Hartman
` (276 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Robin Murphy, Thierry Reding,
Wolfram Sang, Sasha Levin
From: Thierry Reding <treding@nvidia.com>
[ Upstream commit cdbf26251d3b35c4ccaea0c3a6de4318f727d3d2 ]
When the I2C controllers are running in DMA mode, it is the DMA engine
that performs the memory accesses rather than the I2C controller. Pass
the DMA engine's struct device pointer to the DMA API to make sure the
correct DMA operations are used.
This fixes an issue where the DMA engine's SMMU stream ID needs to be
misleadingly set for the I2C controllers in device tree.
Suggested-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-tegra.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c
index 031c78ac42e6..a24cc413c89b 100644
--- a/drivers/i2c/busses/i2c-tegra.c
+++ b/drivers/i2c/busses/i2c-tegra.c
@@ -284,6 +284,7 @@ struct tegra_i2c_dev {
struct dma_chan *tx_dma_chan;
struct dma_chan *rx_dma_chan;
unsigned int dma_buf_size;
+ struct device *dma_dev;
dma_addr_t dma_phys;
void *dma_buf;
@@ -420,7 +421,7 @@ static int tegra_i2c_dma_submit(struct tegra_i2c_dev *i2c_dev, size_t len)
static void tegra_i2c_release_dma(struct tegra_i2c_dev *i2c_dev)
{
if (i2c_dev->dma_buf) {
- dma_free_coherent(i2c_dev->dev, i2c_dev->dma_buf_size,
+ dma_free_coherent(i2c_dev->dma_dev, i2c_dev->dma_buf_size,
i2c_dev->dma_buf, i2c_dev->dma_phys);
i2c_dev->dma_buf = NULL;
}
@@ -467,10 +468,13 @@ static int tegra_i2c_init_dma(struct tegra_i2c_dev *i2c_dev)
i2c_dev->tx_dma_chan = chan;
+ WARN_ON(i2c_dev->tx_dma_chan->device != i2c_dev->rx_dma_chan->device);
+ i2c_dev->dma_dev = chan->device->dev;
+
i2c_dev->dma_buf_size = i2c_dev->hw->quirks->max_write_len +
I2C_PACKET_HEADER_SIZE;
- dma_buf = dma_alloc_coherent(i2c_dev->dev, i2c_dev->dma_buf_size,
+ dma_buf = dma_alloc_coherent(i2c_dev->dma_dev, i2c_dev->dma_buf_size,
&dma_phys, GFP_KERNEL | __GFP_NOWARN);
if (!dma_buf) {
dev_err(i2c_dev->dev, "failed to allocate DMA buffer\n");
@@ -1267,7 +1271,7 @@ static int tegra_i2c_xfer_msg(struct tegra_i2c_dev *i2c_dev,
if (i2c_dev->dma_mode) {
if (i2c_dev->msg_read) {
- dma_sync_single_for_device(i2c_dev->dev,
+ dma_sync_single_for_device(i2c_dev->dma_dev,
i2c_dev->dma_phys,
xfer_size, DMA_FROM_DEVICE);
@@ -1275,7 +1279,7 @@ static int tegra_i2c_xfer_msg(struct tegra_i2c_dev *i2c_dev,
if (err)
return err;
} else {
- dma_sync_single_for_cpu(i2c_dev->dev,
+ dma_sync_single_for_cpu(i2c_dev->dma_dev,
i2c_dev->dma_phys,
xfer_size, DMA_TO_DEVICE);
}
@@ -1288,7 +1292,7 @@ static int tegra_i2c_xfer_msg(struct tegra_i2c_dev *i2c_dev,
memcpy(i2c_dev->dma_buf + I2C_PACKET_HEADER_SIZE,
msg->buf, msg->len);
- dma_sync_single_for_device(i2c_dev->dev,
+ dma_sync_single_for_device(i2c_dev->dma_dev,
i2c_dev->dma_phys,
xfer_size, DMA_TO_DEVICE);
@@ -1339,7 +1343,7 @@ static int tegra_i2c_xfer_msg(struct tegra_i2c_dev *i2c_dev,
}
if (i2c_dev->msg_read && i2c_dev->msg_err == I2C_ERR_NONE) {
- dma_sync_single_for_cpu(i2c_dev->dev,
+ dma_sync_single_for_cpu(i2c_dev->dma_dev,
i2c_dev->dma_phys,
xfer_size, DMA_FROM_DEVICE);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 046/314] i2c: i801: add lis3lv02ds I2C address for Vostro 5568
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 045/314] i2c: tegra: Allocate DMA memory for DMA engine Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 047/314] drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Greg Kroah-Hartman
` (275 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nam Cao, Jean Delvare,
Pali Rohár, Wolfram Sang, Sasha Levin
From: Nam Cao <namcaov@gmail.com>
[ Upstream commit d6643d7207c572c1b0305ed505101f15502c6c87 ]
Dell Vostro 5568 laptop has lis3lv02d, but its i2c address is not known
to the kernel. Add this address.
Output of "cat /sys/devices/platform/lis3lv02d/position" on Dell Vostro
5568 laptop:
- Horizontal: (-18,0,1044)
- Front elevated: (522,-18,1080)
- Left elevated: (-18,-360,1080)
- Upside down: (36,108,-1134)
Signed-off-by: Nam Cao <namcaov@gmail.com>
Reviewed-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-i801.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c
index a176296f4fff..e46561e095c6 100644
--- a/drivers/i2c/busses/i2c-i801.c
+++ b/drivers/i2c/busses/i2c-i801.c
@@ -1243,6 +1243,7 @@ static const struct {
*/
{ "Latitude 5480", 0x29 },
{ "Vostro V131", 0x1d },
+ { "Vostro 5568", 0x29 },
};
static void register_dell_lis3lv02d_i2c_device(struct i801_priv *priv)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 047/314] drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 046/314] i2c: i801: add lis3lv02ds I2C address for Vostro 5568 Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 048/314] btrfs: remove pointless and double ulist frees in error paths of qgroup tests Greg Kroah-Hartman
` (274 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, llvm,
Nathan Huckleberry, Nathan Chancellor, Fabio Estevam,
Philipp Zabel, Sasha Levin
From: Nathan Huckleberry <nhuck@google.com>
[ Upstream commit fc007fb815ab5395c3962c09b79a1630b0fbed9c ]
The mode_valid field in drm_connector_helper_funcs is expected to be of
type:
enum drm_mode_status (* mode_valid) (struct drm_connector *connector,
struct drm_display_mode *mode);
The mismatched return type breaks forward edge kCFI since the underlying
function definition does not match the function hook definition.
The return type of imx_tve_connector_mode_valid should be changed from
int to enum drm_mode_status.
Reported-by: Dan Carpenter <error27@gmail.com>
Link: https://github.com/ClangBuiltLinux/linux/issues/1703
Cc: llvm@lists.linux.dev
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220913205544.155106-1-nhuck@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/imx-tve.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/imx/imx-tve.c b/drivers/gpu/drm/imx/imx-tve.c
index 6b34fac3f73a..ab4d1c878fda 100644
--- a/drivers/gpu/drm/imx/imx-tve.c
+++ b/drivers/gpu/drm/imx/imx-tve.c
@@ -218,8 +218,9 @@ static int imx_tve_connector_get_modes(struct drm_connector *connector)
return ret;
}
-static int imx_tve_connector_mode_valid(struct drm_connector *connector,
- struct drm_display_mode *mode)
+static enum drm_mode_status
+imx_tve_connector_mode_valid(struct drm_connector *connector,
+ struct drm_display_mode *mode)
{
struct imx_tve *tve = con_to_tve(connector);
unsigned long rate;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 048/314] btrfs: remove pointless and double ulist frees in error paths of qgroup tests
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 047/314] drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 049/314] drm/amd/display: Ignore Cable ID Feature Greg Kroah-Hartman
` (273 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit d0ea17aec12ea0f7b9d2ed727d8ef8169d1e7699 ]
Several places in the qgroup self tests follow the pattern of freeing the
ulist pointer they passed to btrfs_find_all_roots() if the call to that
function returned an error. That is pointless because that function always
frees the ulist in case it returns an error.
Also In some places like at test_multiple_refs(), after a call to
btrfs_qgroup_account_extent() we also leave "old_roots" and "new_roots"
pointing to ulists that were freed, because btrfs_qgroup_account_extent()
has freed those ulists, and if after that the next call to
btrfs_find_all_roots() fails, we call ulist_free() on the "old_roots"
ulist again, resulting in a double free.
So remove those calls to reduce the code size and avoid double ulist
free in case of an error.
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/tests/qgroup-tests.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/fs/btrfs/tests/qgroup-tests.c b/fs/btrfs/tests/qgroup-tests.c
index 843dd3d3adbe..63676ea19f29 100644
--- a/fs/btrfs/tests/qgroup-tests.c
+++ b/fs/btrfs/tests/qgroup-tests.c
@@ -225,7 +225,6 @@ static int test_no_shared_qgroup(struct btrfs_root *root,
*/
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &old_roots, false);
if (ret) {
- ulist_free(old_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -240,7 +239,6 @@ static int test_no_shared_qgroup(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &new_roots, false);
if (ret) {
ulist_free(old_roots);
- ulist_free(new_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -252,17 +250,18 @@ static int test_no_shared_qgroup(struct btrfs_root *root,
return ret;
}
+ /* btrfs_qgroup_account_extent() always frees the ulists passed to it. */
+ old_roots = NULL;
+ new_roots = NULL;
+
if (btrfs_verify_qgroup_counts(fs_info, BTRFS_FS_TREE_OBJECTID,
nodesize, nodesize)) {
test_err("qgroup counts didn't match expected values");
return -EINVAL;
}
- old_roots = NULL;
- new_roots = NULL;
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &old_roots, false);
if (ret) {
- ulist_free(old_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -276,7 +275,6 @@ static int test_no_shared_qgroup(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &new_roots, false);
if (ret) {
ulist_free(old_roots);
- ulist_free(new_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -326,7 +324,6 @@ static int test_multiple_refs(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &old_roots, false);
if (ret) {
- ulist_free(old_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -341,7 +338,6 @@ static int test_multiple_refs(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &new_roots, false);
if (ret) {
ulist_free(old_roots);
- ulist_free(new_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -361,7 +357,6 @@ static int test_multiple_refs(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &old_roots, false);
if (ret) {
- ulist_free(old_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -376,7 +371,6 @@ static int test_multiple_refs(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &new_roots, false);
if (ret) {
ulist_free(old_roots);
- ulist_free(new_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -402,7 +396,6 @@ static int test_multiple_refs(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &old_roots, false);
if (ret) {
- ulist_free(old_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
@@ -417,7 +410,6 @@ static int test_multiple_refs(struct btrfs_root *root,
ret = btrfs_find_all_roots(&trans, fs_info, nodesize, 0, &new_roots, false);
if (ret) {
ulist_free(old_roots);
- ulist_free(new_roots);
test_err("couldn't find old roots: %d", ret);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 049/314] drm/amd/display: Ignore Cable ID Feature
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 048/314] btrfs: remove pointless and double ulist frees in error paths of qgroup tests Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 050/314] drm/amd/display: Enable timing sync on DCN32 Greg Kroah-Hartman
` (272 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Broadworth, Roman Li,
Rodrigo Siqueira, Fangzhi Zuo, Alex Deucher, Sasha Levin
From: Fangzhi Zuo <Jerry.Zuo@amd.com>
[ Upstream commit 14aed119942f6c2f1286022323139f7404db5d2b ]
Ignore cable ID for DP2 receivers that does not support the feature.
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Reviewed-by: Roman Li <Roman.Li@amd.com>
Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Fangzhi Zuo <Jerry.Zuo@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 3be70848b202..54c76ed1ad75 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1549,6 +1549,9 @@ static int amdgpu_dm_init(struct amdgpu_device *adev)
adev->dm.dc->debug.visual_confirm = amdgpu_dc_visual_confirm;
+ /* TODO: Remove after DP2 receiver gets proper support of Cable ID feature */
+ adev->dm.dc->debug.ignore_cable_id = true;
+
r = dm_dmub_hw_init(adev);
if (r) {
DRM_ERROR("DMUB interface failed to initialize: status=%d\n", r);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 050/314] drm/amd/display: Enable timing sync on DCN32
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 049/314] drm/amd/display: Ignore Cable ID Feature Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 051/314] drm/amdgpu: set fb_modifiers_not_supported in vkms Greg Kroah-Hartman
` (271 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Broadworth, Martin Leung,
Jun Lei, Rodrigo Siqueira, Alvin Lee, Alex Deucher, Sasha Levin
From: Alvin Lee <Alvin.Lee2@amd.com>
[ Upstream commit c3d3f35b725bf9c93bec6d3c056f6bb7cfd27403 ]
Missed enabling timing sync on DCN32 because DCN32 has a different DML
param.
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Reviewed-by: Martin Leung <Martin.Leung@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alvin Lee <Alvin.Lee2@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c
index d34e0f1314d9..bc4f48ea8d4c 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn20/dcn20_fpu.c
@@ -1228,6 +1228,7 @@ int dcn20_populate_dml_pipes_from_context(
pipes[pipe_cnt].pipe.src.dcc = false;
pipes[pipe_cnt].pipe.src.dcc_rate = 1;
pipes[pipe_cnt].pipe.dest.synchronized_vblank_all_planes = synchronized_vblank;
+ pipes[pipe_cnt].pipe.dest.synchronize_timings = synchronized_vblank;
pipes[pipe_cnt].pipe.dest.hblank_start = timing->h_total - timing->h_front_porch;
pipes[pipe_cnt].pipe.dest.hblank_end = pipes[pipe_cnt].pipe.dest.hblank_start
- timing->h_addressable
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 051/314] drm/amdgpu: set fb_modifiers_not_supported in vkms
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 050/314] drm/amd/display: Enable timing sync on DCN32 Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 052/314] drm/amd: Fail the suspend if resources cant be evicted Greg Kroah-Hartman
` (270 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yifan Zhang, Guchun Chen, Tim Huang,
Alex Deucher, Sasha Levin
From: Yifan Zhang <yifan1.zhang@amd.com>
[ Upstream commit 89b3554782e6b65894f0551e9e0a82ad02dac94d ]
This patch to fix the gdm3 start failure with virual display:
/usr/libexec/gdm-x-session[1711]: (II) AMDGPU(0): Setting screen physical size to 270 x 203
/usr/libexec/gdm-x-session[1711]: (EE) AMDGPU(0): Failed to make import prime FD as pixmap: 22
/usr/libexec/gdm-x-session[1711]: (EE) AMDGPU(0): failed to set mode: Invalid argument
/usr/libexec/gdm-x-session[1711]: (WW) AMDGPU(0): Failed to set mode on CRTC 0
/usr/libexec/gdm-x-session[1711]: (EE) AMDGPU(0): Failed to enable any CRTC
gnome-shell[1840]: Running GNOME Shell (using mutter 42.2) as a X11 window and compositing manager
/usr/libexec/gdm-x-session[1711]: (EE) AMDGPU(0): failed to set mode: Invalid argument
vkms doesn't have modifiers support, set fb_modifiers_not_supported to bring the gdm back.
Signed-off-by: Yifan Zhang <yifan1.zhang@amd.com>
Acked-by: Guchun Chen <guchun.chen@amd.com>
Reviewed-by: Tim Huang <Tim.Huang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c
index 576849e95296..f69827aefb57 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c
@@ -500,6 +500,8 @@ static int amdgpu_vkms_sw_init(void *handle)
adev_to_drm(adev)->mode_config.fb_base = adev->gmc.aper_base;
+ adev_to_drm(adev)->mode_config.fb_modifiers_not_supported = true;
+
r = amdgpu_display_modeset_create_props(adev);
if (r)
return r;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 052/314] drm/amd: Fail the suspend if resources cant be evicted
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 051/314] drm/amdgpu: set fb_modifiers_not_supported in vkms Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 053/314] drm/amd/display: Fix DCN32 DSC delay calculation Greg Kroah-Hartman
` (269 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, post, Mario Limonciello,
Alex Deucher, Christian König, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 8d4de331f1b24a22d18e3c6116aa25228cf54854 ]
If a system does not have swap and memory is under 100% usage,
amdgpu will fail to evict resources. Currently the suspend
carries on proceeding to reset the GPU:
```
[drm] evicting device resources failed
[drm:amdgpu_device_ip_suspend_phase2 [amdgpu]] *ERROR* suspend of IP block <vcn_v3_0> failed -12
[drm] free PSP TMR buffer
[TTM] Failed allocating page table
[drm] evicting device resources failed
amdgpu 0000:03:00.0: amdgpu: MODE1 reset
amdgpu 0000:03:00.0: amdgpu: GPU mode1 reset
amdgpu 0000:03:00.0: amdgpu: GPU smu mode1 reset
```
At this point if the suspend actually succeeded I think that amdgpu
would have recovered because the GPU would have power cut off and
restored. However the kernel fails to continue the suspend from the
memory pressure and amdgpu fails to run the "resume" from the aborted
suspend.
```
ACPI: PM: Preparing to enter system sleep state S3
SLUB: Unable to allocate memory on node -1, gfp=0xdc0(GFP_KERNEL|__GFP_ZERO)
cache: Acpi-State, object size: 80, buffer size: 80, default order: 0, min order: 0
node 0: slabs: 22, objs: 1122, free: 0
ACPI Error: AE_NO_MEMORY, Could not update object reference count (20210730/utdelete-651)
[drm:psp_hw_start [amdgpu]] *ERROR* PSP load kdb failed!
[drm:psp_resume [amdgpu]] *ERROR* PSP resume failed
[drm:amdgpu_device_fw_loading [amdgpu]] *ERROR* resume of IP block <psp> failed -62
amdgpu 0000:03:00.0: amdgpu: amdgpu_device_ip_resume failed (-62).
PM: dpm_run_callback(): pci_pm_resume+0x0/0x100 returns -62
amdgpu 0000:03:00.0: PM: failed to resume async: error -62
```
To avoid this series of unfortunate events, fail amdgpu's suspend
when the memory eviction fails. This will let the system gracefully
recover and the user can try suspend again when the memory pressure
is relieved.
Reported-by: post@davidak.de
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2223
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
index 9170aeaad93e..e0c960cc1d2e 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -4055,15 +4055,18 @@ void amdgpu_device_fini_sw(struct amdgpu_device *adev)
* at suspend time.
*
*/
-static void amdgpu_device_evict_resources(struct amdgpu_device *adev)
+static int amdgpu_device_evict_resources(struct amdgpu_device *adev)
{
+ int ret;
+
/* No need to evict vram on APUs for suspend to ram or s2idle */
if ((adev->in_s3 || adev->in_s0ix) && (adev->flags & AMD_IS_APU))
- return;
+ return 0;
- if (amdgpu_ttm_evict_resources(adev, TTM_PL_VRAM))
+ ret = amdgpu_ttm_evict_resources(adev, TTM_PL_VRAM);
+ if (ret)
DRM_WARN("evicting device resources failed\n");
-
+ return ret;
}
/*
@@ -4113,7 +4116,9 @@ int amdgpu_device_suspend(struct drm_device *dev, bool fbcon)
if (!adev->in_s0ix)
amdgpu_amdkfd_suspend(adev, adev->in_runpm);
- amdgpu_device_evict_resources(adev);
+ r = amdgpu_device_evict_resources(adev);
+ if (r)
+ return r;
amdgpu_fence_driver_hw_fini(adev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 053/314] drm/amd/display: Fix DCN32 DSC delay calculation
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 052/314] drm/amd: Fail the suspend if resources cant be evicted Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 054/314] drm/amd/display: Use forced DSC bpp in DML Greg Kroah-Hartman
` (268 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Alex Hung, George Shen,
Mark Broadworth, Alex Deucher, Sasha Levin
From: George Shen <george.shen@amd.com>
[ Upstream commit bad610c97c08eef3ed1fa769a8b08b94f95b451e ]
[Why]
DCN32 DSC delay calculation had an unintentional integer division,
resulting in a mismatch against the DML spreadsheet.
[How]
Cast numerator to double before performing the division.
Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
Acked-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c
index 365d290bba99..67af8f4df8b8 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c
@@ -1746,7 +1746,7 @@ unsigned int dml32_DSCDelayRequirement(bool DSCEnabled,
}
DSCDelayRequirement_val = DSCDelayRequirement_val + (HTotal - HActive) *
- dml_ceil(DSCDelayRequirement_val / HActive, 1);
+ dml_ceil((double)DSCDelayRequirement_val / HActive, 1);
DSCDelayRequirement_val = DSCDelayRequirement_val * PixelClock / PixelClockBackEnd;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 054/314] drm/amd/display: Use forced DSC bpp in DML
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 053/314] drm/amd/display: Fix DCN32 DSC delay calculation Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 055/314] drm/amd/display: Round up DST_after_scaler to nearest int Greg Kroah-Hartman
` (267 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Alex Hung, George Shen,
Mark Broadworth, Alex Deucher, Sasha Levin
From: George Shen <george.shen@amd.com>
[ Upstream commit ab007e5db5d3b8b8975c7eec69992ff38fe2a46c ]
[Why]
DSC config is calculated separately from DML calculations.
DML should use these separately calculated DSC params. The issue is
that the calculated bpp is not properly propagated into DML.
[How]
Correctly used forced_bpp value in DML.
Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
Acked-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 2 +-
drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
index 52525833a99b..6704465fe5b6 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
@@ -1627,7 +1627,7 @@ static void mode_support_configuration(struct vba_vars_st *v,
&& !mode_lib->vba.MSOOrODMSplitWithNonDPLink
&& !mode_lib->vba.NotEnoughLanesForMSO
&& mode_lib->vba.LinkCapacitySupport[i] == true && !mode_lib->vba.P2IWith420
- && !mode_lib->vba.DSCOnlyIfNecessaryWithBPP
+ //&& !mode_lib->vba.DSCOnlyIfNecessaryWithBPP
&& !mode_lib->vba.DSC422NativeNotSupported
&& !mode_lib->vba.MPCCombineMethodIncompatible
&& mode_lib->vba.ODMCombine2To1SupportCheckOK[i] == true
diff --git a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
index 503e7d984ff0..cb34ac0af349 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
@@ -624,7 +624,7 @@ static void fetch_pipe_params(struct display_mode_lib *mode_lib)
mode_lib->vba.skip_dio_check[mode_lib->vba.NumberOfActivePlanes] =
dout->is_virtual;
- if (!dout->dsc_enable)
+ if (dout->dsc_enable)
mode_lib->vba.ForcedOutputLinkBPP[mode_lib->vba.NumberOfActivePlanes] = dout->output_bpp;
else
mode_lib->vba.ForcedOutputLinkBPP[mode_lib->vba.NumberOfActivePlanes] = 0.0;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 055/314] drm/amd/display: Round up DST_after_scaler to nearest int
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 054/314] drm/amd/display: Use forced DSC bpp in DML Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 056/314] drm/amd/display: Investigate tool reported FCLK P-state deviations Greg Kroah-Hartman
` (266 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Alex Hung, George Shen,
Mark Broadworth, Alex Deucher, Sasha Levin
From: George Shen <george.shen@amd.com>
[ Upstream commit 8dc323133d74518e3b5b07242e2b2f088799ea6e ]
[Why]
The DST_after_scaler value that DML spreadsheet outputs is
generally the driver value round up to the nearest int.
Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
Acked-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/dc/dml/dcn32/display_rq_dlg_calc_32.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_rq_dlg_calc_32.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_rq_dlg_calc_32.c
index a1276f6b9581..395ae8761980 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_rq_dlg_calc_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_rq_dlg_calc_32.c
@@ -291,8 +291,8 @@ void dml32_rq_dlg_get_dlg_reg(struct display_mode_lib *mode_lib,
dml_print("DML_DLG: %s: vready_after_vcount0 = %d\n", __func__, dlg_regs->vready_after_vcount0);
- dst_x_after_scaler = get_dst_x_after_scaler(mode_lib, e2e_pipe_param, num_pipes, pipe_idx);
- dst_y_after_scaler = get_dst_y_after_scaler(mode_lib, e2e_pipe_param, num_pipes, pipe_idx);
+ dst_x_after_scaler = dml_ceil(get_dst_x_after_scaler(mode_lib, e2e_pipe_param, num_pipes, pipe_idx), 1);
+ dst_y_after_scaler = dml_ceil(get_dst_y_after_scaler(mode_lib, e2e_pipe_param, num_pipes, pipe_idx), 1);
// do some adjustment on the dst_after scaler to account for odm combine mode
dml_print("DML_DLG: %s: input dst_x_after_scaler = %d\n", __func__, dst_x_after_scaler);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 056/314] drm/amd/display: Investigate tool reported FCLK P-state deviations
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 055/314] drm/amd/display: Round up DST_after_scaler to nearest int Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 057/314] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Greg Kroah-Hartman
` (265 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chaitanya Dhere, Jasdeep Dhillon,
Alex Hung, Nevenko Stupar, Mark Broadworth, Alex Deucher,
Sasha Levin
From: Nevenko Stupar <Nevenko.Stupar@amd.com>
[ Upstream commit 7461016c5706eb8c477752bf69e5c9f5a38f502b ]
[Why]
Fix for some of the tool reported modes for FCLK
P-state deviations and UCLK P-state deviations that
are coming from DSC terms and/or Scaling terms
causing MinActiveFCLKChangeLatencySupported
and MaxActiveDRAMClockChangeLatencySupported
incorrectly calculated in DML for these configurations.
Reviewed-by: Chaitanya Dhere <Chaitanya.Dhere@amd.com>
Acked-by: Jasdeep Dhillon <jdhillon@amd.com>
Acked-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: Nevenko Stupar <Nevenko.Stupar@amd.com>
Tested-by: Mark Broadworth <mark.broadworth@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
index 6704465fe5b6..ea80874474e3 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
@@ -364,7 +364,8 @@ static void DISPCLKDPPCLKDCFCLKDeepSleepPrefetchParametersWatermarksAndPerforman
for (k = 0; k < mode_lib->vba.NumberOfActiveSurfaces; ++k) {
v->DSCDelay[k] = dml32_DSCDelayRequirement(mode_lib->vba.DSCEnabled[k],
mode_lib->vba.ODMCombineEnabled[k], mode_lib->vba.DSCInputBitPerComponent[k],
- mode_lib->vba.OutputBpp[k], mode_lib->vba.HActive[k], mode_lib->vba.HTotal[k],
+ mode_lib->vba.OutputBppPerState[mode_lib->vba.VoltageLevel][k],
+ mode_lib->vba.HActive[k], mode_lib->vba.HTotal[k],
mode_lib->vba.NumberOfDSCSlices[k], mode_lib->vba.OutputFormat[k],
mode_lib->vba.Output[k], mode_lib->vba.PixelClock[k],
mode_lib->vba.PixelClockBackEnd[k]);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 057/314] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 056/314] drm/amd/display: Investigate tool reported FCLK P-state deviations Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 058/314] cxl/pmem: Use size_add() against integer overflow Greg Kroah-Hartman
` (264 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luiz Augusto von Dentz,
Tedd Ho-Jeong An, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit f937b758a188d6fd328a81367087eddbb2fce50f ]
l2cap_global_chan_by_psm shall not return fixed channels as they are not
meant to be connected by (S)PSM.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/l2cap_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 4df3d0ed6c80..9c24947aa41e 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1990,7 +1990,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
if (link_type == LE_LINK && c->src_type == BDADDR_BREDR)
continue;
- if (c->psm == psm) {
+ if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) {
int src_match, dst_match;
int src_any, dst_any;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 058/314] cxl/pmem: Use size_add() against integer overflow
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 057/314] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 059/314] x86/cpu: Add several Intel server CPU model numbers Greg Kroah-Hartman
` (263 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Zhe, Dan Williams, Sasha Levin
From: Yu Zhe <yuzhe@nfschina.com>
[ Upstream commit 4f1aa35f1fb7d51b125487c835982af792697ecb ]
"struct_size() + n" may cause a integer overflow,
use size_add() to handle it.
Signed-off-by: Yu Zhe <yuzhe@nfschina.com>
Link: https://lore.kernel.org/r/20220927070247.23148-1-yuzhe@nfschina.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cxl/pmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cxl/pmem.c b/drivers/cxl/pmem.c
index faade12279f0..e0646097a3d4 100644
--- a/drivers/cxl/pmem.c
+++ b/drivers/cxl/pmem.c
@@ -151,7 +151,7 @@ static int cxl_pmem_set_config_data(struct cxl_dev_state *cxlds,
return -EINVAL;
/* 4-byte status follows the input data in the payload */
- if (struct_size(cmd, in_buf, cmd->in_length) + 4 > buf_len)
+ if (size_add(struct_size(cmd, in_buf, cmd->in_length), 4) > buf_len)
return -EINVAL;
set_lsa =
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 059/314] x86/cpu: Add several Intel server CPU model numbers
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 058/314] cxl/pmem: Use size_add() against integer overflow Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 060/314] tools/testing/cxl: Fix some error exits Greg Kroah-Hartman
` (262 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tony Luck, Borislav Petkov,
Dave Hansen, Sasha Levin
From: Tony Luck <tony.luck@intel.com>
[ Upstream commit 7beade0dd41d42d797ccb7791b134a77fcebf35b ]
These servers are all on the public versions of the roadmap. The model
numbers for Grand Ridge, Granite Rapids, and Sierra Forest were included
in the September 2022 edition of the Instruction Set Extensions document.
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/r/20221103203310.5058-1-tony.luck@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/intel-family.h | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
index 5d75fe229342..347707d459c6 100644
--- a/arch/x86/include/asm/intel-family.h
+++ b/arch/x86/include/asm/intel-family.h
@@ -107,6 +107,11 @@
#define INTEL_FAM6_SAPPHIRERAPIDS_X 0x8F /* Golden Cove */
+#define INTEL_FAM6_EMERALDRAPIDS_X 0xCF
+
+#define INTEL_FAM6_GRANITERAPIDS_X 0xAD
+#define INTEL_FAM6_GRANITERAPIDS_D 0xAE
+
#define INTEL_FAM6_ALDERLAKE 0x97 /* Golden Cove / Gracemont */
#define INTEL_FAM6_ALDERLAKE_L 0x9A /* Golden Cove / Gracemont */
#define INTEL_FAM6_ALDERLAKE_N 0xBE
@@ -118,7 +123,7 @@
#define INTEL_FAM6_METEORLAKE 0xAC
#define INTEL_FAM6_METEORLAKE_L 0xAA
-/* "Small Core" Processors (Atom) */
+/* "Small Core" Processors (Atom/E-Core) */
#define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */
#define INTEL_FAM6_ATOM_BONNELL_MID 0x26 /* Silverthorne, Lincroft */
@@ -145,6 +150,10 @@
#define INTEL_FAM6_ATOM_TREMONT 0x96 /* Elkhart Lake */
#define INTEL_FAM6_ATOM_TREMONT_L 0x9C /* Jasper Lake */
+#define INTEL_FAM6_SIERRAFOREST_X 0xAF
+
+#define INTEL_FAM6_GRANDRIDGE 0xB6
+
/* Xeon Phi */
#define INTEL_FAM6_XEON_PHI_KNL 0x57 /* Knights Landing */
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 060/314] tools/testing/cxl: Fix some error exits
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 059/314] x86/cpu: Add several Intel server CPU model numbers Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 061/314] cifs: always iterate smb sessions using primary channel Greg Kroah-Hartman
` (261 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Jiang, Vishal Verma,
Dan Williams, Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit 86e86c3cb63325c12ea99fbce2cc5bafba86bb40 ]
Fix a few typos where 'goto err_port' was used rather than the object
specific cleanup.
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
Link: https://lore.kernel.org/r/166752184255.947915.16163477849330181425.stgit@dwillia2-xfh.jf.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/cxl/test/cxl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/cxl/test/cxl.c b/tools/testing/cxl/test/cxl.c
index a072b2d3e726..133e4c73d370 100644
--- a/tools/testing/cxl/test/cxl.c
+++ b/tools/testing/cxl/test/cxl.c
@@ -695,7 +695,7 @@ static __init int cxl_test_init(void)
pdev = platform_device_alloc("cxl_switch_uport", i);
if (!pdev)
- goto err_port;
+ goto err_uport;
pdev->dev.parent = &root_port->dev;
rc = platform_device_add(pdev);
@@ -713,7 +713,7 @@ static __init int cxl_test_init(void)
pdev = platform_device_alloc("cxl_switch_dport", i);
if (!pdev)
- goto err_port;
+ goto err_dport;
pdev->dev.parent = &uport->dev;
rc = platform_device_add(pdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 061/314] cifs: always iterate smb sessions using primary channel
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 060/314] tools/testing/cxl: Fix some error exits Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 062/314] ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" Greg Kroah-Hartman
` (260 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N,
Paulo Alcantara (SUSE),
Steve French, Sasha Levin
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit 8abcaeaed38109e5ccaf40218e0e9e387f07bfe6 ]
smb sessions and tcons currently hang off primary channel only.
Secondary channels have the lists as empty. Whenever there's a
need to iterate sessions or tcons, we should use the list in the
corresponding primary channel.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/misc.c | 6 +++++-
fs/cifs/smb2misc.c | 12 ++++++++++--
fs/cifs/smb2ops.c | 6 +++++-
fs/cifs/smb2transport.c | 6 +++++-
4 files changed, 25 insertions(+), 5 deletions(-)
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 87f60f736731..35085fa86636 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -400,6 +400,7 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
{
struct smb_hdr *buf = (struct smb_hdr *)buffer;
struct smb_com_lock_req *pSMB = (struct smb_com_lock_req *)buf;
+ struct TCP_Server_Info *pserver;
struct cifs_ses *ses;
struct cifs_tcon *tcon;
struct cifsInodeInfo *pCifsInode;
@@ -464,9 +465,12 @@ is_valid_oplock_break(char *buffer, struct TCP_Server_Info *srv)
if (!(pSMB->LockType & LOCKING_ANDX_OPLOCK_RELEASE))
return false;
+ /* If server is a channel, select the primary channel */
+ pserver = CIFS_SERVER_IS_CHAN(srv) ? srv->primary_server : srv;
+
/* look up tcon based on tid & uid */
spin_lock(&cifs_tcp_ses_lock);
- list_for_each_entry(ses, &srv->smb_ses_list, smb_ses_list) {
+ list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
if (tcon->tid != buf->Tid)
continue;
diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
index d73e5672aac4..3bcd3ac65dc1 100644
--- a/fs/cifs/smb2misc.c
+++ b/fs/cifs/smb2misc.c
@@ -135,6 +135,7 @@ static __u32 get_neg_ctxt_len(struct smb2_hdr *hdr, __u32 len,
int
smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *server)
{
+ struct TCP_Server_Info *pserver;
struct smb2_hdr *shdr = (struct smb2_hdr *)buf;
struct smb2_pdu *pdu = (struct smb2_pdu *)shdr;
int hdr_size = sizeof(struct smb2_hdr);
@@ -143,6 +144,9 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *server)
__u32 calc_len; /* calculated length */
__u64 mid;
+ /* If server is a channel, select the primary channel */
+ pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
+
/*
* Add function to do table lookup of StructureSize by command
* ie Validate the wct via smb2_struct_sizes table above
@@ -155,7 +159,7 @@ smb2_check_message(char *buf, unsigned int len, struct TCP_Server_Info *server)
/* decrypt frame now that it is completely read in */
spin_lock(&cifs_tcp_ses_lock);
- list_for_each_entry(iter, &server->smb_ses_list, smb_ses_list) {
+ list_for_each_entry(iter, &pserver->smb_ses_list, smb_ses_list) {
if (iter->Suid == le64_to_cpu(thdr->SessionId)) {
ses = iter;
break;
@@ -671,6 +675,7 @@ bool
smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
{
struct smb2_oplock_break *rsp = (struct smb2_oplock_break *)buffer;
+ struct TCP_Server_Info *pserver;
struct cifs_ses *ses;
struct cifs_tcon *tcon;
struct cifsInodeInfo *cinode;
@@ -691,9 +696,12 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
cifs_dbg(FYI, "oplock level 0x%x\n", rsp->OplockLevel);
+ /* If server is a channel, select the primary channel */
+ pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
+
/* look up tcon based on tid & uid */
spin_lock(&cifs_tcp_ses_lock);
- list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
+ list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
spin_lock(&tcon->open_file_lock);
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 14376437187a..c258a7b122b6 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -2288,14 +2288,18 @@ static void
smb2_is_network_name_deleted(char *buf, struct TCP_Server_Info *server)
{
struct smb2_hdr *shdr = (struct smb2_hdr *)buf;
+ struct TCP_Server_Info *pserver;
struct cifs_ses *ses;
struct cifs_tcon *tcon;
if (shdr->Status != STATUS_NETWORK_NAME_DELETED)
return;
+ /* If server is a channel, select the primary channel */
+ pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
+
spin_lock(&cifs_tcp_ses_lock);
- list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
+ list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
list_for_each_entry(tcon, &ses->tcon_list, tcon_list) {
if (tcon->tid == le32_to_cpu(shdr->Id.SyncId.TreeId)) {
spin_lock(&tcon->tc_lock);
diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c
index 4640fc4a8b13..da85cfd7803b 100644
--- a/fs/cifs/smb2transport.c
+++ b/fs/cifs/smb2transport.c
@@ -140,9 +140,13 @@ int smb2_get_sign_key(__u64 ses_id, struct TCP_Server_Info *server, u8 *key)
static struct cifs_ses *
smb2_find_smb_ses_unlocked(struct TCP_Server_Info *server, __u64 ses_id)
{
+ struct TCP_Server_Info *pserver;
struct cifs_ses *ses;
- list_for_each_entry(ses, &server->smb_ses_list, smb_ses_list) {
+ /* If server is a channel, select the primary channel */
+ pserver = CIFS_SERVER_IS_CHAN(server) ? server->primary_server : server;
+
+ list_for_each_entry(ses, &pserver->smb_ses_list, smb_ses_list) {
if (ses->Suid != ses_id)
continue;
++ses->ses_count;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 062/314] ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 061/314] cifs: always iterate smb sessions using primary channel Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 063/314] arm64/mm: fold check for KFENCE into can_set_direct_map() Greg Kroah-Hartman
` (259 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Colin Ian King,
Philippe Mathieu-Daudé,
Paul Cercueil, Mark Brown, Sasha Levin
From: Colin Ian King <colin.i.king@gmail.com>
[ Upstream commit df496157a5afa1b6d1f4c46ad6549c2c346d1e59 ]
There are two spelling mistakes in codec routing description. Fix it.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Paul Cercueil <paul@crapouillou.net>
Link: https://lore.kernel.org/r/20221019071639.1003730-1-colin.i.king@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/jz4725b.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/codecs/jz4725b.c b/sound/soc/codecs/jz4725b.c
index d57c2c6a3add..71ea576f7e67 100644
--- a/sound/soc/codecs/jz4725b.c
+++ b/sound/soc/codecs/jz4725b.c
@@ -288,7 +288,7 @@ static const struct snd_soc_dapm_route jz4725b_codec_dapm_routes[] = {
{"Mixer to ADC", NULL, "Mixer"},
{"ADC Source Capture Route", "Mixer", "Mixer to ADC"},
- {"ADC Sourc Capture Routee", "Line In", "Line In"},
+ {"ADC Source Capture Route", "Line In", "Line In"},
{"ADC Source Capture Route", "Mic 1", "Mic 1"},
{"ADC Source Capture Route", "Mic 2", "Mic 2"},
{"ADC", NULL, "ADC Source Capture Route"},
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 063/314] arm64/mm: fold check for KFENCE into can_set_direct_map()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 062/314] ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 064/314] arm64: fix rodata=full again Greg Kroah-Hartman
` (258 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Rapoport, Anshuman Khandual,
Catalin Marinas, Sasha Levin
From: Mike Rapoport <rppt@linux.ibm.com>
[ Upstream commit b9dd04a20f81333e4b99662f1bbaf7c9e3a1e137 ]
KFENCE requires linear map to be mapped at page granularity, so that it
is possible to protect/unprotect single pages, just like with
rodata_full and DEBUG_PAGEALLOC.
Instead of repating
can_set_direct_map() || IS_ENABLED(CONFIG_KFENCE)
make can_set_direct_map() handle the KFENCE case.
This also prevents potential false positives in kernel_page_present()
that may return true for non-present page if CONFIG_KFENCE is enabled.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Link: https://lore.kernel.org/r/20220921074841.382615-1-rppt@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Stable-dep-of: 2081b3bd0c11 ("arm64: fix rodata=full again")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/mm/mmu.c | 8 ++------
arch/arm64/mm/pageattr.c | 8 +++++++-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index eb489302c28a..e8de94dd5a60 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -539,7 +539,7 @@ static void __init map_mem(pgd_t *pgdp)
*/
BUILD_BUG_ON(pgd_index(direct_map_end - 1) == pgd_index(direct_map_end));
- if (can_set_direct_map() || IS_ENABLED(CONFIG_KFENCE))
+ if (can_set_direct_map())
flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
/*
@@ -1551,11 +1551,7 @@ int arch_add_memory(int nid, u64 start, u64 size,
VM_BUG_ON(!mhp_range_allowed(start, size, true));
- /*
- * KFENCE requires linear map to be mapped at page granularity, so that
- * it is possible to protect/unprotect single pages in the KFENCE pool.
- */
- if (can_set_direct_map() || IS_ENABLED(CONFIG_KFENCE))
+ if (can_set_direct_map())
flags |= NO_BLOCK_MAPPINGS | NO_CONT_MAPPINGS;
__create_pgd_mapping(swapper_pg_dir, start, __phys_to_virt(start),
diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index 64e985eaa52d..d107c3d434e2 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -21,7 +21,13 @@ bool rodata_full __ro_after_init = IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED
bool can_set_direct_map(void)
{
- return rodata_full || debug_pagealloc_enabled();
+ /*
+ * rodata_full, DEBUG_PAGEALLOC and KFENCE require linear map to be
+ * mapped at page granularity, so that it is possible to
+ * protect/unprotect single pages.
+ */
+ return rodata_full || debug_pagealloc_enabled() ||
+ IS_ENABLED(CONFIG_KFENCE);
}
static int change_page_range(pte_t *ptep, unsigned long addr, void *data)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 064/314] arm64: fix rodata=full again
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 063/314] arm64/mm: fold check for KFENCE into can_set_direct_map() Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 065/314] hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache Greg Kroah-Hartman
` (257 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel, Will Deacon,
Catalin Marinas, Sasha Levin
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit 2081b3bd0c11757725dcab9ba5d38e1bddb03459 ]
Commit 2e8cff0a0eee87b2 ("arm64: fix rodata=full") addressed a couple of
issues with the rodata= kernel command line option, which is not a
simple boolean on arm64, and inadvertently got broken due to changes in
the generic bool handling.
Unfortunately, the resulting code never clears the rodata_full boolean
variable if it defaults to true and rodata=on or rodata=off is passed,
as the generic code is not aware of the existence of this variable.
Given the way this code is plumbed together, clearing rodata_full when
returning false from arch_parse_debug_rodata() may result in
inconsistencies if the generic code decides that it cannot parse the
right hand side, so the best way to deal with this is to only take
rodata_full in account if rodata_enabled is also true.
Fixes: 2e8cff0a0eee ("arm64: fix rodata=full")
Cc: <stable@vger.kernel.org> # 6.0.x
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221103170015.4124426-1-ardb@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/mm/pageattr.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index d107c3d434e2..5922178d7a06 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -26,7 +26,7 @@ bool can_set_direct_map(void)
* mapped at page granularity, so that it is possible to
* protect/unprotect single pages.
*/
- return rodata_full || debug_pagealloc_enabled() ||
+ return (rodata_enabled && rodata_full) || debug_pagealloc_enabled() ||
IS_ENABLED(CONFIG_KFENCE);
}
@@ -102,7 +102,8 @@ static int change_memory_common(unsigned long addr, int numpages,
* If we are manipulating read-only permissions, apply the same
* change to the linear mapping of the pages that back this VM area.
*/
- if (rodata_full && (pgprot_val(set_mask) == PTE_RDONLY ||
+ if (rodata_enabled &&
+ rodata_full && (pgprot_val(set_mask) == PTE_RDONLY ||
pgprot_val(clear_mask) == PTE_RDONLY)) {
for (i = 0; i < area->nr_pages; i++) {
__change_memory_common((u64)page_address(area->pages[i]),
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 065/314] hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 064/314] arm64: fix rodata=full again Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 066/314] hugetlbfs: dont delete error page from pagecache Greg Kroah-Hartman
` (256 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Kravetz, Miaohe Lin,
Andrea Arcangeli, Aneesh Kumar K.V, Axel Rasmussen,
David Hildenbrand, Davidlohr Bueso, James Houghton,
Kirill A. Shutemov, Michal Hocko, Mina Almasry, Muchun Song,
Naoya Horiguchi, Pasha Tatashin, Peter Xu, Prakash Sangappa,
Sven Schnelle, Andrew Morton, Sasha Levin
From: Mike Kravetz <mike.kravetz@oracle.com>
[ Upstream commit 7e1813d48dd30e6c6f235f6661d1bc108fcab528 ]
remove_huge_page removes a hugetlb page from the page cache. Change to
hugetlb_delete_from_page_cache as it is a more descriptive name.
huge_add_to_page_cache is global in scope, but only deals with hugetlb
pages. For consistency and clarity, rename to hugetlb_add_to_page_cache.
Link: https://lkml.kernel.org/r/20220914221810.95771-4-mike.kravetz@oracle.com
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: James Houghton <jthoughton@google.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mina Almasry <almasrymina@google.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Naoya Horiguchi <naoya.horiguchi@linux.dev>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Prakash Sangappa <prakash.sangappa@oracle.com>
Cc: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Stable-dep-of: 8625147cafaa ("hugetlbfs: don't delete error page from pagecache")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/hugetlbfs/inode.c | 21 ++++++++++-----------
include/linux/hugetlb.h | 2 +-
mm/hugetlb.c | 8 ++++----
3 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index f7a5b5124d8a..b6406e7ab64b 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -364,7 +364,7 @@ static int hugetlbfs_write_end(struct file *file, struct address_space *mapping,
return -EINVAL;
}
-static void remove_huge_page(struct page *page)
+static void hugetlb_delete_from_page_cache(struct page *page)
{
ClearPageDirty(page);
ClearPageUptodate(page);
@@ -487,15 +487,14 @@ static void remove_inode_hugepages(struct inode *inode, loff_t lstart,
folio_lock(folio);
/*
* We must free the huge page and remove from page
- * cache (remove_huge_page) BEFORE removing the
- * region/reserve map (hugetlb_unreserve_pages). In
- * rare out of memory conditions, removal of the
- * region/reserve map could fail. Correspondingly,
- * the subpool and global reserve usage count can need
- * to be adjusted.
+ * cache BEFORE removing the region/reserve map
+ * (hugetlb_unreserve_pages). In rare out of memory
+ * conditions, removal of the region/reserve map could
+ * fail. Correspondingly, the subpool and global
+ * reserve usage count can need to be adjusted.
*/
VM_BUG_ON(HPageRestoreReserve(&folio->page));
- remove_huge_page(&folio->page);
+ hugetlb_delete_from_page_cache(&folio->page);
freed++;
if (!truncate_op) {
if (unlikely(hugetlb_unreserve_pages(inode,
@@ -737,7 +736,7 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset,
}
clear_huge_page(page, addr, pages_per_huge_page(h));
__SetPageUptodate(page);
- error = huge_add_to_page_cache(page, mapping, index);
+ error = hugetlb_add_to_page_cache(page, mapping, index);
if (unlikely(error)) {
restore_reserve_on_error(h, &pseudo_vma, addr, page);
put_page(page);
@@ -749,7 +748,7 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset,
SetHPageMigratable(page);
/*
- * unlock_page because locked by huge_add_to_page_cache()
+ * unlock_page because locked by hugetlb_add_to_page_cache()
* put_page() due to reference from alloc_huge_page()
*/
unlock_page(page);
@@ -994,7 +993,7 @@ static int hugetlbfs_error_remove_page(struct address_space *mapping,
struct inode *inode = mapping->host;
pgoff_t index = page->index;
- remove_huge_page(page);
+ hugetlb_delete_from_page_cache(page);
if (unlikely(hugetlb_unreserve_pages(inode, index, index + 1, 1)))
hugetlb_fix_reserve_counts(inode);
diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
index 67c88b82fc32..53db3648207a 100644
--- a/include/linux/hugetlb.h
+++ b/include/linux/hugetlb.h
@@ -665,7 +665,7 @@ struct page *alloc_huge_page_nodemask(struct hstate *h, int preferred_nid,
nodemask_t *nmask, gfp_t gfp_mask);
struct page *alloc_huge_page_vma(struct hstate *h, struct vm_area_struct *vma,
unsigned long address);
-int huge_add_to_page_cache(struct page *page, struct address_space *mapping,
+int hugetlb_add_to_page_cache(struct page *page, struct address_space *mapping,
pgoff_t idx);
void restore_reserve_on_error(struct hstate *h, struct vm_area_struct *vma,
unsigned long address, struct page *page);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index ecc197d24efb..5e414c90f82f 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5445,7 +5445,7 @@ static bool hugetlbfs_pagecache_present(struct hstate *h,
return page != NULL;
}
-int huge_add_to_page_cache(struct page *page, struct address_space *mapping,
+int hugetlb_add_to_page_cache(struct page *page, struct address_space *mapping,
pgoff_t idx)
{
struct folio *folio = page_folio(page);
@@ -5583,7 +5583,7 @@ static vm_fault_t hugetlb_no_page(struct mm_struct *mm,
new_page = true;
if (vma->vm_flags & VM_MAYSHARE) {
- int err = huge_add_to_page_cache(page, mapping, idx);
+ int err = hugetlb_add_to_page_cache(page, mapping, idx);
if (err) {
put_page(page);
if (err == -EEXIST)
@@ -6008,11 +6008,11 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm,
/*
* Serialization between remove_inode_hugepages() and
- * huge_add_to_page_cache() below happens through the
+ * hugetlb_add_to_page_cache() below happens through the
* hugetlb_fault_mutex_table that here must be hold by
* the caller.
*/
- ret = huge_add_to_page_cache(page, mapping, idx);
+ ret = hugetlb_add_to_page_cache(page, mapping, idx);
if (ret)
goto out_release_nounlock;
page_in_pagecache = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 066/314] hugetlbfs: dont delete error page from pagecache
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 065/314] hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 067/314] KVM: SVM: remove dead field from struct svm_cpu_data Greg Kroah-Hartman
` (255 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, James Houghton, Mike Kravetz,
Naoya Horiguchi, Yang Shi, Axel Rasmussen, Miaohe Lin,
Muchun Song, Andrew Morton, Sasha Levin
From: James Houghton <jthoughton@google.com>
[ Upstream commit 8625147cafaa9ba74713d682f5185eb62cb2aedb ]
This change is very similar to the change that was made for shmem [1], and
it solves the same problem but for HugeTLBFS instead.
Currently, when poison is found in a HugeTLB page, the page is removed
from the page cache. That means that attempting to map or read that
hugepage in the future will result in a new hugepage being allocated
instead of notifying the user that the page was poisoned. As [1] states,
this is effectively memory corruption.
The fix is to leave the page in the page cache. If the user attempts to
use a poisoned HugeTLB page with a syscall, the syscall will fail with
EIO, the same error code that shmem uses. For attempts to map the page,
the thread will get a BUS_MCEERR_AR SIGBUS.
[1]: commit a76054266661 ("mm: shmem: don't truncate page if memory failure happens")
Link: https://lkml.kernel.org/r/20221018200125.848471-1-jthoughton@google.com
Signed-off-by: James Houghton <jthoughton@google.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Tested-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Reviewed-by: Yang Shi <shy828301@gmail.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: James Houghton <jthoughton@google.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/hugetlbfs/inode.c | 13 ++++++-------
mm/hugetlb.c | 4 ++++
mm/memory-failure.c | 5 ++++-
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index b6406e7ab64b..fbcfa6bfee80 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -328,6 +328,12 @@ static ssize_t hugetlbfs_read_iter(struct kiocb *iocb, struct iov_iter *to)
} else {
unlock_page(page);
+ if (PageHWPoison(page)) {
+ put_page(page);
+ retval = -EIO;
+ break;
+ }
+
/*
* We have the page, copy it to user space buffer.
*/
@@ -990,13 +996,6 @@ static int hugetlbfs_migrate_folio(struct address_space *mapping,
static int hugetlbfs_error_remove_page(struct address_space *mapping,
struct page *page)
{
- struct inode *inode = mapping->host;
- pgoff_t index = page->index;
-
- hugetlb_delete_from_page_cache(page);
- if (unlikely(hugetlb_unreserve_pages(inode, index, index + 1, 1)))
- hugetlb_fix_reserve_counts(inode);
-
return 0;
}
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 5e414c90f82f..dbb558e71e9e 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -6021,6 +6021,10 @@ int hugetlb_mcopy_atomic_pte(struct mm_struct *dst_mm,
ptl = huge_pte_lockptr(h, dst_mm, dst_pte);
spin_lock(ptl);
+ ret = -EIO;
+ if (PageHWPoison(page))
+ goto out_release_unlock;
+
/*
* Recheck the i_size after holding PT lock to make sure not
* to leave any page mapped (as page_mapped()) beyond the end
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index e7ac570dda75..4d302f6b02fc 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1079,6 +1079,7 @@ static int me_huge_page(struct page_state *ps, struct page *p)
int res;
struct page *hpage = compound_head(p);
struct address_space *mapping;
+ bool extra_pins = false;
if (!PageHuge(hpage))
return MF_DELAYED;
@@ -1086,6 +1087,8 @@ static int me_huge_page(struct page_state *ps, struct page *p)
mapping = page_mapping(hpage);
if (mapping) {
res = truncate_error_page(hpage, page_to_pfn(p), mapping);
+ /* The page is kept in page cache. */
+ extra_pins = true;
unlock_page(hpage);
} else {
unlock_page(hpage);
@@ -1103,7 +1106,7 @@ static int me_huge_page(struct page_state *ps, struct page *p)
}
}
- if (has_extra_refcount(ps, p, false))
+ if (has_extra_refcount(ps, p, extra_pins))
res = MF_FAILED;
return res;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 067/314] KVM: SVM: remove dead field from struct svm_cpu_data
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 066/314] hugetlbfs: dont delete error page from pagecache Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 068/314] KVM: SVM: do not allocate struct svm_cpu_data dynamically Greg Kroah-Hartman
` (254 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit 181d0fb0bb023e8996b1cf7970e3708d72442b0b ]
The "cpu" field of struct svm_cpu_data has been write-only since commit
4b656b120249 ("KVM: SVM: force new asid on vcpu migration", 2009-08-05).
Remove it.
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stable-dep-of: e287bd005ad9 ("KVM: SVM: restore host save area from assembly")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/svm/svm.c | 1 -
arch/x86/kvm/svm/svm.h | 2 --
2 files changed, 3 deletions(-)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 454746641a48..ecf4d8233e49 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -667,7 +667,6 @@ static int svm_cpu_init(int cpu)
sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
if (!sd)
return ret;
- sd->cpu = cpu;
sd->save_area = alloc_page(GFP_KERNEL | __GFP_ZERO);
if (!sd->save_area)
goto free_cpu_data;
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 7ff1879e73c5..8a8894d948a0 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -281,8 +281,6 @@ struct vcpu_svm {
};
struct svm_cpu_data {
- int cpu;
-
u64 asid_generation;
u32 max_asid;
u32 next_asid;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 068/314] KVM: SVM: do not allocate struct svm_cpu_data dynamically
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 067/314] KVM: SVM: remove dead field from struct svm_cpu_data Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 069/314] KVM: SVM: restore host save area from assembly Greg Kroah-Hartman
` (253 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Christopherson, Paolo Bonzini,
Sasha Levin
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit 73412dfeea724e6bd775ba64d21157ff322eac9a ]
The svm_data percpu variable is a pointer, but it is allocated via
svm_hardware_setup() when KVM is loaded. Unlike hardware_enable()
this means that it is never NULL for the whole lifetime of KVM, and
static allocation does not waste any memory compared to the status quo.
It is also more efficient and more easily handled from assembly code,
so do it and don't look back.
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stable-dep-of: e287bd005ad9 ("KVM: SVM: restore host save area from assembly")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/svm/sev.c | 4 ++--
arch/x86/kvm/svm/svm.c | 41 +++++++++++++++--------------------------
arch/x86/kvm/svm/svm.h | 2 +-
3 files changed, 18 insertions(+), 29 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index c9c9bd453a97..efaaef2b7ae1 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -196,7 +196,7 @@ static void sev_asid_free(struct kvm_sev_info *sev)
__set_bit(sev->asid, sev_reclaim_asid_bitmap);
for_each_possible_cpu(cpu) {
- sd = per_cpu(svm_data, cpu);
+ sd = per_cpu_ptr(&svm_data, cpu);
sd->sev_vmcbs[sev->asid] = NULL;
}
@@ -2600,7 +2600,7 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm)
void pre_sev_run(struct vcpu_svm *svm, int cpu)
{
- struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
int asid = sev_get_asid(svm->vcpu.kvm);
/* Assign the asid allocated with this SEV guest */
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index ecf4d8233e49..6b2f332f5d54 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -245,7 +245,7 @@ struct kvm_ldttss_desc {
u32 zero1;
} __attribute__((packed));
-DEFINE_PER_CPU(struct svm_cpu_data *, svm_data);
+DEFINE_PER_CPU(struct svm_cpu_data, svm_data);
/*
* Only MSR_TSC_AUX is switched via the user return hook. EFER is switched via
@@ -583,12 +583,7 @@ static int svm_hardware_enable(void)
pr_err("%s: err EOPNOTSUPP on %d\n", __func__, me);
return -EINVAL;
}
- sd = per_cpu(svm_data, me);
- if (!sd) {
- pr_err("%s: svm_data is NULL on %d\n", __func__, me);
- return -EINVAL;
- }
-
+ sd = per_cpu_ptr(&svm_data, me);
sd->asid_generation = 1;
sd->max_asid = cpuid_ebx(SVM_CPUID_FUNC) - 1;
sd->next_asid = sd->max_asid + 1;
@@ -648,41 +643,35 @@ static int svm_hardware_enable(void)
static void svm_cpu_uninit(int cpu)
{
- struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
- if (!sd)
+ if (!sd->save_area)
return;
- per_cpu(svm_data, cpu) = NULL;
kfree(sd->sev_vmcbs);
__free_page(sd->save_area);
- kfree(sd);
+ sd->save_area = NULL;
}
static int svm_cpu_init(int cpu)
{
- struct svm_cpu_data *sd;
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
int ret = -ENOMEM;
- sd = kzalloc(sizeof(struct svm_cpu_data), GFP_KERNEL);
- if (!sd)
- return ret;
+ memset(sd, 0, sizeof(struct svm_cpu_data));
sd->save_area = alloc_page(GFP_KERNEL | __GFP_ZERO);
if (!sd->save_area)
- goto free_cpu_data;
+ return ret;
ret = sev_cpu_init(sd);
if (ret)
goto free_save_area;
- per_cpu(svm_data, cpu) = sd;
-
return 0;
free_save_area:
__free_page(sd->save_area);
-free_cpu_data:
- kfree(sd);
+ sd->save_area = NULL;
return ret;
}
@@ -1426,7 +1415,7 @@ static void svm_clear_current_vmcb(struct vmcb *vmcb)
int i;
for_each_online_cpu(i)
- cmpxchg(&per_cpu(svm_data, i)->current_vmcb, vmcb, NULL);
+ cmpxchg(per_cpu_ptr(&svm_data.current_vmcb, i), vmcb, NULL);
}
static void svm_vcpu_free(struct kvm_vcpu *vcpu)
@@ -1451,7 +1440,7 @@ static void svm_vcpu_free(struct kvm_vcpu *vcpu)
static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
- struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
if (sev_es_guest(vcpu->kvm))
sev_es_unmap_ghcb(svm);
@@ -1488,7 +1477,7 @@ static void svm_prepare_host_switch(struct kvm_vcpu *vcpu)
static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
- struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu);
if (sd->current_vmcb != svm->vmcb) {
sd->current_vmcb = svm->vmcb;
@@ -3443,7 +3432,7 @@ static int svm_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
static void reload_tss(struct kvm_vcpu *vcpu)
{
- struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
sd->tss_desc->type = 9; /* available 32/64-bit TSS */
load_TR_desc();
@@ -3451,7 +3440,7 @@ static void reload_tss(struct kvm_vcpu *vcpu)
static void pre_svm_run(struct kvm_vcpu *vcpu)
{
- struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
struct vcpu_svm *svm = to_svm(vcpu);
/*
@@ -3920,7 +3909,7 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu)
if (sev_es_guest(vcpu->kvm)) {
__svm_sev_es_vcpu_run(svm);
} else {
- struct svm_cpu_data *sd = per_cpu(svm_data, vcpu->cpu);
+ struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
__svm_vcpu_run(svm);
vmload(__sme_page_pa(sd->save_area));
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 8a8894d948a0..f1483209e186 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -294,7 +294,7 @@ struct svm_cpu_data {
struct vmcb **sev_vmcbs;
};
-DECLARE_PER_CPU(struct svm_cpu_data *, svm_data);
+DECLARE_PER_CPU(struct svm_cpu_data, svm_data);
void recalc_intercepts(struct vcpu_svm *svm);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 069/314] KVM: SVM: restore host save area from assembly
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 068/314] KVM: SVM: do not allocate struct svm_cpu_data dynamically Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 070/314] KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly Greg Kroah-Hartman
` (252 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor,
Sean Christopherson, Paolo Bonzini, Sasha Levin, Andrew Cooper
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit e287bd005ad9d85dd6271dd795d3ecfb6bca46ad ]
Allow access to the percpu area via the GS segment base, which is
needed in order to access the saved host spec_ctrl value. In linux-next
FILL_RETURN_BUFFER also needs to access percpu data.
For simplicity, the physical address of the save area is added to struct
svm_cpu_data.
Cc: stable@vger.kernel.org
Fixes: a149180fbcf3 ("x86: Add magic AMD return-thunk")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Analyzed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/kvm-asm-offsets.c | 1 +
arch/x86/kvm/svm/svm.c | 14 ++++++--------
arch/x86/kvm/svm/svm.h | 2 ++
arch/x86/kvm/svm/svm_ops.h | 5 -----
arch/x86/kvm/svm/vmenter.S | 17 +++++++++++++++++
5 files changed, 26 insertions(+), 13 deletions(-)
diff --git a/arch/x86/kvm/kvm-asm-offsets.c b/arch/x86/kvm/kvm-asm-offsets.c
index f83e88b85bf2..1b805cd24d66 100644
--- a/arch/x86/kvm/kvm-asm-offsets.c
+++ b/arch/x86/kvm/kvm-asm-offsets.c
@@ -18,6 +18,7 @@ static void __used common(void)
OFFSET(SVM_current_vmcb, vcpu_svm, current_vmcb);
OFFSET(SVM_vmcb01, vcpu_svm, vmcb01);
OFFSET(KVM_VMCB_pa, kvm_vmcb_info, pa);
+ OFFSET(SD_save_area_pa, svm_cpu_data, save_area_pa);
}
if (IS_ENABLED(CONFIG_KVM_INTEL)) {
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 6b2f332f5d54..c14fabd662f6 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -594,7 +594,7 @@ static int svm_hardware_enable(void)
wrmsrl(MSR_EFER, efer | EFER_SVME);
- wrmsrl(MSR_VM_HSAVE_PA, __sme_page_pa(sd->save_area));
+ wrmsrl(MSR_VM_HSAVE_PA, sd->save_area_pa);
if (static_cpu_has(X86_FEATURE_TSCRATEMSR)) {
/*
@@ -650,6 +650,7 @@ static void svm_cpu_uninit(int cpu)
kfree(sd->sev_vmcbs);
__free_page(sd->save_area);
+ sd->save_area_pa = 0;
sd->save_area = NULL;
}
@@ -667,6 +668,7 @@ static int svm_cpu_init(int cpu)
if (ret)
goto free_save_area;
+ sd->save_area_pa = __sme_page_pa(sd->save_area);
return 0;
free_save_area:
@@ -1452,7 +1454,7 @@ static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu)
* Save additional host state that will be restored on VMEXIT (sev-es)
* or subsequent vmload of host save area.
*/
- vmsave(__sme_page_pa(sd->save_area));
+ vmsave(sd->save_area_pa);
if (sev_es_guest(vcpu->kvm)) {
struct sev_es_save_area *hostsa;
hostsa = (struct sev_es_save_area *)(page_address(sd->save_area) + 0x400);
@@ -3906,14 +3908,10 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu)
guest_state_enter_irqoff();
- if (sev_es_guest(vcpu->kvm)) {
+ if (sev_es_guest(vcpu->kvm))
__svm_sev_es_vcpu_run(svm);
- } else {
- struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, vcpu->cpu);
-
+ else
__svm_vcpu_run(svm);
- vmload(__sme_page_pa(sd->save_area));
- }
guest_state_exit_irqoff();
}
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index f1483209e186..8744f3b1d217 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -288,6 +288,8 @@ struct svm_cpu_data {
struct kvm_ldttss_desc *tss_desc;
struct page *save_area;
+ unsigned long save_area_pa;
+
struct vmcb *current_vmcb;
/* index = sev_asid, value = vmcb pointer */
diff --git a/arch/x86/kvm/svm/svm_ops.h b/arch/x86/kvm/svm/svm_ops.h
index 9430d6437c9f..36c8af87a707 100644
--- a/arch/x86/kvm/svm/svm_ops.h
+++ b/arch/x86/kvm/svm/svm_ops.h
@@ -61,9 +61,4 @@ static __always_inline void vmsave(unsigned long pa)
svm_asm1(vmsave, "a" (pa), "memory");
}
-static __always_inline void vmload(unsigned long pa)
-{
- svm_asm1(vmload, "a" (pa), "memory");
-}
-
#endif /* __KVM_X86_SVM_OPS_H */
diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S
index 5bc2ed7d79c0..57440acfc73e 100644
--- a/arch/x86/kvm/svm/vmenter.S
+++ b/arch/x86/kvm/svm/vmenter.S
@@ -49,6 +49,14 @@ SYM_FUNC_START(__svm_vcpu_run)
#endif
push %_ASM_BX
+ /*
+ * Save variables needed after vmexit on the stack, in inverse
+ * order compared to when they are needed.
+ */
+
+ /* Needed to restore access to percpu variables. */
+ __ASM_SIZE(push) PER_CPU_VAR(svm_data + SD_save_area_pa)
+
/* Save @svm. */
push %_ASM_ARG1
@@ -124,6 +132,11 @@ SYM_FUNC_START(__svm_vcpu_run)
5: vmsave %_ASM_AX
6:
+ /* Restores GSBASE among other things, allowing access to percpu data. */
+ pop %_ASM_AX
+7: vmload %_ASM_AX
+8:
+
#ifdef CONFIG_RETPOLINE
/* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */
FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE
@@ -187,10 +200,14 @@ SYM_FUNC_START(__svm_vcpu_run)
50: cmpb $0, kvm_rebooting
jne 6b
ud2
+70: cmpb $0, kvm_rebooting
+ jne 8b
+ ud2
_ASM_EXTABLE(1b, 10b)
_ASM_EXTABLE(3b, 30b)
_ASM_EXTABLE(5b, 50b)
+ _ASM_EXTABLE(7b, 70b)
SYM_FUNC_END(__svm_vcpu_run)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 070/314] KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 069/314] KVM: SVM: restore host save area from assembly Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 071/314] arm64: dts: qcom: ipq8074: correct APCS register space size Greg Kroah-Hartman
` (251 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jim Mattson, Sean Christopherson,
Paolo Bonzini, Sasha Levin
From: Paolo Bonzini <pbonzini@redhat.com>
[ Upstream commit 9f2febf3f04daebdaaa5a43cfa20e3844905c0f9 ]
Restoration of the host IA32_SPEC_CTRL value is probably too late
with respect to the return thunk training sequence.
With respect to the user/kernel boundary, AMD says, "If software chooses
to toggle STIBP (e.g., set STIBP on kernel entry, and clear it on kernel
exit), software should set STIBP to 1 before executing the return thunk
training sequence." I assume the same requirements apply to the guest/host
boundary. The return thunk training sequence is in vmenter.S, quite close
to the VM-exit. On hosts without V_SPEC_CTRL, however, the host's
IA32_SPEC_CTRL value is not restored until much later.
To avoid this, move the restoration of host SPEC_CTRL to assembly and,
for consistency, move the restoration of the guest SPEC_CTRL as well.
This is not particularly difficult, apart from some care to cover both
32- and 64-bit, and to share code between SEV-ES and normal vmentry.
Cc: stable@vger.kernel.org
Fixes: a149180fbcf3 ("x86: Add magic AMD return-thunk")
Suggested-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/bugs.c | 13 +---
arch/x86/kvm/kvm-asm-offsets.c | 1 +
arch/x86/kvm/svm/svm.c | 37 ++++------
arch/x86/kvm/svm/svm.h | 4 +-
arch/x86/kvm/svm/vmenter.S | 119 ++++++++++++++++++++++++++++++++-
5 files changed, 136 insertions(+), 38 deletions(-)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index da7c361f47e0..6ec0b7ce7453 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -196,22 +196,15 @@ void __init check_bugs(void)
}
/*
- * NOTE: This function is *only* called for SVM. VMX spec_ctrl handling is
- * done in vmenter.S.
+ * NOTE: This function is *only* called for SVM, since Intel uses
+ * MSR_IA32_SPEC_CTRL for SSBD.
*/
void
x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
{
- u64 msrval, guestval = guest_spec_ctrl, hostval = spec_ctrl_current();
+ u64 guestval, hostval;
struct thread_info *ti = current_thread_info();
- if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
- if (hostval != guestval) {
- msrval = setguest ? guestval : hostval;
- wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
- }
- }
-
/*
* If SSBD is not handled in MSR_SPEC_CTRL on AMD, update
* MSR_AMD64_L2_CFG or MSR_VIRT_SPEC_CTRL if supported.
diff --git a/arch/x86/kvm/kvm-asm-offsets.c b/arch/x86/kvm/kvm-asm-offsets.c
index 1b805cd24d66..24a710d37323 100644
--- a/arch/x86/kvm/kvm-asm-offsets.c
+++ b/arch/x86/kvm/kvm-asm-offsets.c
@@ -16,6 +16,7 @@ static void __used common(void)
BLANK();
OFFSET(SVM_vcpu_arch_regs, vcpu_svm, vcpu.arch.regs);
OFFSET(SVM_current_vmcb, vcpu_svm, current_vmcb);
+ OFFSET(SVM_spec_ctrl, vcpu_svm, spec_ctrl);
OFFSET(SVM_vmcb01, vcpu_svm, vmcb01);
OFFSET(KVM_VMCB_pa, kvm_vmcb_info, pa);
OFFSET(SD_save_area_pa, svm_cpu_data, save_area_pa);
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index c14fabd662f6..e80756ab141b 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -722,6 +722,15 @@ static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr)
u32 offset;
u32 *msrpm;
+ /*
+ * For non-nested case:
+ * If the L01 MSR bitmap does not intercept the MSR, then we need to
+ * save it.
+ *
+ * For nested case:
+ * If the L02 MSR bitmap does not intercept the MSR, then we need to
+ * save it.
+ */
msrpm = is_guest_mode(vcpu) ? to_svm(vcpu)->nested.msrpm:
to_svm(vcpu)->msrpm;
@@ -3902,16 +3911,16 @@ static fastpath_t svm_exit_handlers_fastpath(struct kvm_vcpu *vcpu)
return EXIT_FASTPATH_NONE;
}
-static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu)
+static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu, bool spec_ctrl_intercepted)
{
struct vcpu_svm *svm = to_svm(vcpu);
guest_state_enter_irqoff();
if (sev_es_guest(vcpu->kvm))
- __svm_sev_es_vcpu_run(svm);
+ __svm_sev_es_vcpu_run(svm, spec_ctrl_intercepted);
else
- __svm_vcpu_run(svm);
+ __svm_vcpu_run(svm, spec_ctrl_intercepted);
guest_state_exit_irqoff();
}
@@ -3919,6 +3928,7 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vcpu *vcpu)
static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
+ bool spec_ctrl_intercepted = msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL);
trace_kvm_entry(vcpu);
@@ -3977,26 +3987,7 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu)
if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL))
x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
- svm_vcpu_enter_exit(vcpu);
-
- /*
- * We do not use IBRS in the kernel. If this vCPU has used the
- * SPEC_CTRL MSR it may have left it on; save the value and
- * turn it off. This is much more efficient than blindly adding
- * it to the atomic save/restore list. Especially as the former
- * (Saving guest MSRs on vmexit) doesn't even exist in KVM.
- *
- * For non-nested case:
- * If the L01 MSR bitmap does not intercept the MSR, then we need to
- * save it.
- *
- * For nested case:
- * If the L02 MSR bitmap does not intercept the MSR, then we need to
- * save it.
- */
- if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL) &&
- unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
- svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
+ svm_vcpu_enter_exit(vcpu, spec_ctrl_intercepted);
if (!sev_es_guest(vcpu->kvm))
reload_tss(vcpu);
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 8744f3b1d217..ea3049b978ea 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -683,7 +683,7 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm);
/* vmenter.S */
-void __svm_sev_es_vcpu_run(struct vcpu_svm *svm);
-void __svm_vcpu_run(struct vcpu_svm *svm);
+void __svm_sev_es_vcpu_run(struct vcpu_svm *svm, bool spec_ctrl_intercepted);
+void __svm_vcpu_run(struct vcpu_svm *svm, bool spec_ctrl_intercepted);
#endif
diff --git a/arch/x86/kvm/svm/vmenter.S b/arch/x86/kvm/svm/vmenter.S
index 57440acfc73e..34367dc203f2 100644
--- a/arch/x86/kvm/svm/vmenter.S
+++ b/arch/x86/kvm/svm/vmenter.S
@@ -32,9 +32,69 @@
.section .noinstr.text, "ax"
+.macro RESTORE_GUEST_SPEC_CTRL
+ /* No need to do anything if SPEC_CTRL is unset or V_SPEC_CTRL is set */
+ ALTERNATIVE_2 "", \
+ "jmp 800f", X86_FEATURE_MSR_SPEC_CTRL, \
+ "", X86_FEATURE_V_SPEC_CTRL
+801:
+.endm
+.macro RESTORE_GUEST_SPEC_CTRL_BODY
+800:
+ /*
+ * SPEC_CTRL handling: if the guest's SPEC_CTRL value differs from the
+ * host's, write the MSR. This is kept out-of-line so that the common
+ * case does not have to jump.
+ *
+ * IMPORTANT: To avoid RSB underflow attacks and any other nastiness,
+ * there must not be any returns or indirect branches between this code
+ * and vmentry.
+ */
+ movl SVM_spec_ctrl(%_ASM_DI), %eax
+ cmp PER_CPU_VAR(x86_spec_ctrl_current), %eax
+ je 801b
+ mov $MSR_IA32_SPEC_CTRL, %ecx
+ xor %edx, %edx
+ wrmsr
+ jmp 801b
+.endm
+
+.macro RESTORE_HOST_SPEC_CTRL
+ /* No need to do anything if SPEC_CTRL is unset or V_SPEC_CTRL is set */
+ ALTERNATIVE_2 "", \
+ "jmp 900f", X86_FEATURE_MSR_SPEC_CTRL, \
+ "", X86_FEATURE_V_SPEC_CTRL
+901:
+.endm
+.macro RESTORE_HOST_SPEC_CTRL_BODY
+900:
+ /* Same for after vmexit. */
+ mov $MSR_IA32_SPEC_CTRL, %ecx
+
+ /*
+ * Load the value that the guest had written into MSR_IA32_SPEC_CTRL,
+ * if it was not intercepted during guest execution.
+ */
+ cmpb $0, (%_ASM_SP)
+ jnz 998f
+ rdmsr
+ movl %eax, SVM_spec_ctrl(%_ASM_DI)
+998:
+
+ /* Now restore the host value of the MSR if different from the guest's. */
+ movl PER_CPU_VAR(x86_spec_ctrl_current), %eax
+ cmp SVM_spec_ctrl(%_ASM_DI), %eax
+ je 901b
+ xor %edx, %edx
+ wrmsr
+ jmp 901b
+.endm
+
+
/**
* __svm_vcpu_run - Run a vCPU via a transition to SVM guest mode
* @svm: struct vcpu_svm *
+ * @spec_ctrl_intercepted: bool
*/
SYM_FUNC_START(__svm_vcpu_run)
push %_ASM_BP
@@ -54,17 +114,26 @@ SYM_FUNC_START(__svm_vcpu_run)
* order compared to when they are needed.
*/
+ /* Accessed directly from the stack in RESTORE_HOST_SPEC_CTRL. */
+ push %_ASM_ARG2
+
/* Needed to restore access to percpu variables. */
__ASM_SIZE(push) PER_CPU_VAR(svm_data + SD_save_area_pa)
- /* Save @svm. */
+ /* Finally save @svm. */
push %_ASM_ARG1
.ifnc _ASM_ARG1, _ASM_DI
- /* Move @svm to RDI. */
+ /*
+ * Stash @svm in RDI early. On 32-bit, arguments are in RAX, RCX
+ * and RDX which are clobbered by RESTORE_GUEST_SPEC_CTRL.
+ */
mov %_ASM_ARG1, %_ASM_DI
.endif
+ /* Clobbers RAX, RCX, RDX. */
+ RESTORE_GUEST_SPEC_CTRL
+
/*
* Use a single vmcb (vmcb01 because it's always valid) for
* context switching guest state via VMLOAD/VMSAVE, that way
@@ -142,6 +211,9 @@ SYM_FUNC_START(__svm_vcpu_run)
FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE
#endif
+ /* Clobbers RAX, RCX, RDX. */
+ RESTORE_HOST_SPEC_CTRL
+
/*
* Mitigate RETBleed for AMD/Hygon Zen uarch. RET should be
* untrained as soon as we exit the VM and are back to the
@@ -177,6 +249,9 @@ SYM_FUNC_START(__svm_vcpu_run)
xor %r15d, %r15d
#endif
+ /* "Pop" @spec_ctrl_intercepted. */
+ pop %_ASM_BX
+
pop %_ASM_BX
#ifdef CONFIG_X86_64
@@ -191,6 +266,9 @@ SYM_FUNC_START(__svm_vcpu_run)
pop %_ASM_BP
RET
+ RESTORE_GUEST_SPEC_CTRL_BODY
+ RESTORE_HOST_SPEC_CTRL_BODY
+
10: cmpb $0, kvm_rebooting
jne 2b
ud2
@@ -214,6 +292,7 @@ SYM_FUNC_END(__svm_vcpu_run)
/**
* __svm_sev_es_vcpu_run - Run a SEV-ES vCPU via a transition to SVM guest mode
* @svm: struct vcpu_svm *
+ * @spec_ctrl_intercepted: bool
*/
SYM_FUNC_START(__svm_sev_es_vcpu_run)
push %_ASM_BP
@@ -228,8 +307,30 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run)
#endif
push %_ASM_BX
+ /*
+ * Save variables needed after vmexit on the stack, in inverse
+ * order compared to when they are needed.
+ */
+
+ /* Accessed directly from the stack in RESTORE_HOST_SPEC_CTRL. */
+ push %_ASM_ARG2
+
+ /* Save @svm. */
+ push %_ASM_ARG1
+
+.ifnc _ASM_ARG1, _ASM_DI
+ /*
+ * Stash @svm in RDI early. On 32-bit, arguments are in RAX, RCX
+ * and RDX which are clobbered by RESTORE_GUEST_SPEC_CTRL.
+ */
+ mov %_ASM_ARG1, %_ASM_DI
+.endif
+
+ /* Clobbers RAX, RCX, RDX. */
+ RESTORE_GUEST_SPEC_CTRL
+
/* Get svm->current_vmcb->pa into RAX. */
- mov SVM_current_vmcb(%_ASM_ARG1), %_ASM_AX
+ mov SVM_current_vmcb(%_ASM_DI), %_ASM_AX
mov KVM_VMCB_pa(%_ASM_AX), %_ASM_AX
/* Enter guest mode */
@@ -239,11 +340,17 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run)
2: cli
+ /* Pop @svm to RDI, guest registers have been saved already. */
+ pop %_ASM_DI
+
#ifdef CONFIG_RETPOLINE
/* IMPORTANT: Stuff the RSB immediately after VM-Exit, before RET! */
FILL_RETURN_BUFFER %_ASM_AX, RSB_CLEAR_LOOPS, X86_FEATURE_RETPOLINE
#endif
+ /* Clobbers RAX, RCX, RDX. */
+ RESTORE_HOST_SPEC_CTRL
+
/*
* Mitigate RETBleed for AMD/Hygon Zen uarch. RET should be
* untrained as soon as we exit the VM and are back to the
@@ -253,6 +360,9 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run)
*/
UNTRAIN_RET
+ /* "Pop" @spec_ctrl_intercepted. */
+ pop %_ASM_BX
+
pop %_ASM_BX
#ifdef CONFIG_X86_64
@@ -267,6 +377,9 @@ SYM_FUNC_START(__svm_sev_es_vcpu_run)
pop %_ASM_BP
RET
+ RESTORE_GUEST_SPEC_CTRL_BODY
+ RESTORE_HOST_SPEC_CTRL_BODY
+
3: cmpb $0, kvm_rebooting
jne 2b
ud2
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 071/314] arm64: dts: qcom: ipq8074: correct APCS register space size
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 070/314] KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 072/314] arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed Greg Kroah-Hartman
` (250 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Robert Marko, Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit 40b21d466a86bd5b10d24f59746ed41283a9b3f6 ]
APCS DTS addition that was merged, was not supposed to get merged as it
was part of patch series that was superseded by 2 more patch series
that resolved issues with this one and greatly simplified things.
Since it already got merged, start by correcting the register space
size as APCS will not be providing regmap for PLL and it will conflict
with the standalone A53 PLL node.
Fixes: 50ed9fffec3a ("arm64: dts: qcom: ipq8074: add APCS node")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220818220628.339366-8-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
index b9bf43215ada..79351c6157ea 100644
--- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
@@ -668,7 +668,7 @@ watchdog: watchdog@b017000 {
apcs_glb: mailbox@b111000 {
compatible = "qcom,ipq8074-apcs-apps-global";
- reg = <0x0b111000 0x6000>;
+ reg = <0x0b111000 0x1000>;
#clock-cells = <1>;
#mbox-cells = <1>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 072/314] arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 071/314] arm64: dts: qcom: ipq8074: correct APCS register space size Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 073/314] arm64: dts: qcom: sa8295p-adp: " Greg Kroah-Hartman
` (249 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andrew Halaney,
Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit bd9f3dcf42d943b53190f99bcdbcfe98a56ac4cd ]
This board uses RPMH, specifies "regulator-allow-set-load" for LDOs,
but doesn't specify any modes with "regulator-allowed-modes".
Prior to commit efb0cb50c427 ("regulator: qcom-rpmh: Implement
get_optimum_mode(), not set_load()") the above meant that we were able
to set either LPM or HPM mode. After that commit (and fixes [1]) we'll
be stuck at the initial mode. Discussion of this has resulted in the
decision that the old dts files were wrong and should be fixed to
fully restore old functionality.
Let's re-enable the old functionality by fixing the dts.
NOTE: while here, let's also remove the nonsensical
"regulator-allow-set-load" on the fixed regulator "vreg_s4a_1p8".
[1] https://lore.kernel.org/r/20220824142229.RFT.v2.2.I6f77860e5cd98bf5c67208fa9edda4a08847c304@changeid
Fixes: 5b85e8f2225c ("arm64: dts: qcom: sa8155p-adp: Add base dts file")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220829094903.v2.1.Id59c32b560c4662d8b3697de2bd494d08d654806@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
index ba547ca9fc6b..ddb9cb182152 100644
--- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
+++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
@@ -43,7 +43,6 @@ vreg_s4a_1p8: smps4 {
regulator-always-on;
regulator-boot-on;
- regulator-allow-set-load;
vin-supply = <&vreg_3p3>;
};
@@ -137,6 +136,9 @@ vreg_l5a_0p88: ldo5 {
regulator-max-microvolt = <880000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l7a_1p8: ldo7 {
@@ -152,6 +154,9 @@ vreg_l10a_2p96: ldo10 {
regulator-max-microvolt = <2960000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l11a_0p8: ldo11 {
@@ -258,6 +263,9 @@ vreg_l5c_1p2: ldo5 {
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l7c_1p8: ldo7 {
@@ -273,6 +281,9 @@ vreg_l8c_1p2: ldo8 {
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l10c_3p3: ldo10 {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 073/314] arm64: dts: qcom: sa8295p-adp: Specify which LDO modes are allowed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 072/314] arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 074/314] arm64: dts: qcom: sc8280xp-crd: " Greg Kroah-Hartman
` (248 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andrew Halaney,
Konrad Dybcio, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 09a1710b3e12e7ac8d871506bc395a9e8a0f63d6 ]
This board uses RPMH, specifies "regulator-allow-set-load" for LDOs,
but doesn't specify any modes with "regulator-allowed-modes".
Prior to commit efb0cb50c427 ("regulator: qcom-rpmh: Implement
get_optimum_mode(), not set_load()") the above meant that we were able
to set either LPM or HPM mode. After that commit (and fixes [1]) we'll
be stuck at the initial mode. Discussion of this has resulted in the
decision that the old dts files were wrong and should be fixed to
fully restore old functionality.
Let's re-enable the old functionality by fixing the dts.
[1] https://lore.kernel.org/r/20220824142229.RFT.v2.2.I6f77860e5cd98bf5c67208fa9edda4a08847c304@changeid
Fixes: 519183af39b2 ("arm64: dts: qcom: add SA8540P and ADP")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220829094903.v2.2.I430a56702ab0af65244e62667bb7743107de0c96@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sa8295p-adp.dts | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sa8295p-adp.dts b/arch/arm64/boot/dts/qcom/sa8295p-adp.dts
index ca5f5ad32ce5..5b16ac76fefb 100644
--- a/arch/arm64/boot/dts/qcom/sa8295p-adp.dts
+++ b/arch/arm64/boot/dts/qcom/sa8295p-adp.dts
@@ -83,6 +83,9 @@ vreg_l3c: ldo3 {
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l4c: ldo4 {
@@ -98,6 +101,9 @@ vreg_l6c: ldo6 {
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l7c: ldo7 {
@@ -113,6 +119,9 @@ vreg_l10c: ldo10 {
regulator-max-microvolt = <2504000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l17c: ldo17 {
@@ -121,6 +130,9 @@ vreg_l17c: ldo17 {
regulator-max-microvolt = <2504000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 074/314] arm64: dts: qcom: sc8280xp-crd: Specify which LDO modes are allowed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 073/314] arm64: dts: qcom: sa8295p-adp: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 075/314] arm64: dts: qcom: sm8150-xperia-kumano: " Greg Kroah-Hartman
` (247 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andrew Halaney,
Konrad Dybcio, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit a4543e21ae363f4f094fb3c3503d77029e0c5d90 ]
This board uses RPMH, specifies "regulator-allow-set-load" for LDOs,
but doesn't specify any modes with "regulator-allowed-modes".
Prior to commit efb0cb50c427 ("regulator: qcom-rpmh: Implement
get_optimum_mode(), not set_load()") the above meant that we were able
to set either LPM or HPM mode. After that commit (and fixes [1]) we'll
be stuck at the initial mode. Discussion of this has resulted in the
decision that the old dts files were wrong and should be fixed to
fully restore old functionality.
Let's re-enable the old functionality by fixing the dts.
[1] https://lore.kernel.org/r/20220824142229.RFT.v2.2.I6f77860e5cd98bf5c67208fa9edda4a08847c304@changeid
Fixes: ccd3517faf18 ("arm64: dts: qcom: sc8280xp: Add reference device")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220829094903.v2.3.Ie7d2c50d2b42ef2d364f3a0c8e300e5ce1875b79@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp-crd.dts | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts
index 6792e88b2c6c..a3796502d425 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts
+++ b/arch/arm64/boot/dts/qcom/sc8280xp-crd.dts
@@ -124,6 +124,9 @@ vreg_l7c: ldo7 {
regulator-max-microvolt = <2504000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l13c: ldo13 {
@@ -146,6 +149,9 @@ vreg_l3d: ldo3 {
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l4d: ldo4 {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 075/314] arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 074/314] arm64: dts: qcom: sc8280xp-crd: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 076/314] arm64: dts: qcom: sm8250-xperia-edo: " Greg Kroah-Hartman
` (246 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andrew Halaney,
Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit aa30e786202e4ed1df980442d305658441f65859 ]
This board uses RPMH, specifies "regulator-allow-set-load" for LDOs,
but doesn't specify any modes with "regulator-allowed-modes".
Prior to commit efb0cb50c427 ("regulator: qcom-rpmh: Implement
get_optimum_mode(), not set_load()") the above meant that we were able
to set either LPM or HPM mode. After that commit (and fixes [1]) we'll
be stuck at the initial mode. Discussion of this has resulted in the
decision that the old dts files were wrong and should be fixed to
fully restore old functionality.
Let's re-enable the old functionality by fixing the dts.
[1] https://lore.kernel.org/r/20220824142229.RFT.v2.2.I6f77860e5cd98bf5c67208fa9edda4a08847c304@changeid
Fixes: d0a6ce59ea4e ("arm64: dts: qcom: sm8150: Add support for SONY Xperia 1 / 5 (Kumano platform)")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220829094903.v2.4.I51d60414a42ba9e3008e208d60a04c9ffc425fa7@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi b/arch/arm64/boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi
index 014fe3a31548..fb6e5a140c9f 100644
--- a/arch/arm64/boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8150-sony-xperia-kumano.dtsi
@@ -348,6 +348,9 @@ vreg_l6c_2p9: ldo6 {
regulator-max-microvolt = <2960000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l7c_3p0: ldo7 {
@@ -367,6 +370,9 @@ vreg_l9c_2p9: ldo9 {
regulator-max-microvolt = <2960000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l10c_3p3: ldo10 {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 076/314] arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 075/314] arm64: dts: qcom: sm8150-xperia-kumano: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 077/314] arm64: dts: qcom: sm8350-hdk: " Greg Kroah-Hartman
` (245 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andrew Halaney,
Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit b7870d460c05ce31e2311036d91de1e2e0b32cea ]
This board uses RPMH, specifies "regulator-allow-set-load" for LDOs,
but doesn't specify any modes with "regulator-allowed-modes".
Prior to commit efb0cb50c427 ("regulator: qcom-rpmh: Implement
get_optimum_mode(), not set_load()") the above meant that we were able
to set either LPM or HPM mode. After that commit (and fixes [1]) we'll
be stuck at the initial mode. Discussion of this has resulted in the
decision that the old dts files were wrong and should be fixed to
fully restore old functionality.
Let's re-enable the old functionality by fixing the dts.
[1] https://lore.kernel.org/r/20220824142229.RFT.v2.2.I6f77860e5cd98bf5c67208fa9edda4a08847c304@changeid
Fixes: 69cdb97ef652 ("arm64: dts: qcom: sm8250: Add support for SONY Xperia 1 II / 5 II (Edo platform)")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220829094903.v2.5.Ie446d5183d8b1e9ec4e32228ca300e604e3315eb@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8250-sony-xperia-edo.dtsi | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sm8250-sony-xperia-edo.dtsi b/arch/arm64/boot/dts/qcom/sm8250-sony-xperia-edo.dtsi
index 549e0a2aa9fe..5428aab3058d 100644
--- a/arch/arm64/boot/dts/qcom/sm8250-sony-xperia-edo.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8250-sony-xperia-edo.dtsi
@@ -317,6 +317,9 @@ vreg_l6c_2p9: ldo6 {
regulator-max-microvolt = <2960000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l7c_2p85: ldo7 {
@@ -339,6 +342,9 @@ vreg_l9c_2p9: ldo9 {
regulator-max-microvolt = <2960000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l10c_3p3: ldo10 {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 077/314] arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 076/314] arm64: dts: qcom: sm8250-xperia-edo: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 078/314] arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock Greg Kroah-Hartman
` (244 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andrew Halaney,
Vinod Koul, Konrad Dybcio, Bjorn Andersson, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 1ce8aaf6abdc35cde555924418b3d4516b4ec871 ]
This board uses RPMH, specifies "regulator-allow-set-load" for LDOs,
but doesn't specify any modes with "regulator-allowed-modes".
Prior to commit efb0cb50c427 ("regulator: qcom-rpmh: Implement
get_optimum_mode(), not set_load()") the above meant that we were able
to set either LPM or HPM mode. After that commit (and fixes [1]) we'll
be stuck at the initial mode. Discussion of this has resulted in the
decision that the old dts files were wrong and should be fixed to
fully restore old functionality.
Let's re-enable the old functionality by fixing the dts.
[1] https://lore.kernel.org/r/20220824142229.RFT.v2.2.I6f77860e5cd98bf5c67208fa9edda4a08847c304@changeid
Fixes: 9208c19f2124 ("arm64: dts: qcom: Introduce SM8350 HDK")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Andrew Halaney <ahalaney@redhat.com>
Reviewed-by: Vinod Koul <vkoul@kernel.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220829094903.v2.6.I6799be85cf36d3b494f803cba767a569080624f5@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8350-hdk.dts | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/arch/arm64/boot/dts/qcom/sm8350-hdk.dts b/arch/arm64/boot/dts/qcom/sm8350-hdk.dts
index 0fcf5bd88fc7..69ae6503c2f6 100644
--- a/arch/arm64/boot/dts/qcom/sm8350-hdk.dts
+++ b/arch/arm64/boot/dts/qcom/sm8350-hdk.dts
@@ -107,6 +107,9 @@ vreg_l5b_0p88: ldo5 {
regulator-max-microvolt = <888000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l6b_1p2: ldo6 {
@@ -115,6 +118,9 @@ vreg_l6b_1p2: ldo6 {
regulator-max-microvolt = <1208000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l7b_2p96: ldo7 {
@@ -123,6 +129,9 @@ vreg_l7b_2p96: ldo7 {
regulator-max-microvolt = <2504000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
vreg_l9b_1p2: ldo9 {
@@ -131,6 +140,9 @@ vreg_l9b_1p2: ldo9 {
regulator-max-microvolt = <1200000>;
regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>;
regulator-allow-set-load;
+ regulator-allowed-modes =
+ <RPMH_REGULATOR_MODE_LPM
+ RPMH_REGULATOR_MODE_HPM>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 078/314] arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 077/314] arm64: dts: qcom: sm8350-hdk: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 079/314] arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy Greg Kroah-Hartman
` (243 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Konrad Dybcio,
Brian Masney, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 8d6b458ce6e93286a607e54f787f7a86067f58bd ]
The GCC_UFS_REF_CLKREF_CLK must be enabled or the second UFS controller
fails to enumerate on sa8295p-adp.
Note that the vendor kernel enables both GCC_UFS_REF_CLKREF_CLK and
GCC_UFS_1_CARD_CLKREF_CLK and it is possible that the former should be
modelled as a parent of the latter. The clock driver also has a
GCC_UFS_CARD_CLKREF_CLK clock which the firmware appears to enable on
the ADP.
The usual lack of documentation for Qualcomm SoCs makes this a highly
annoying guessing game, but as the second controller works on the ADP
without either card reference clock enabled, only enable
GCC_UFS_REF_CLKREF_CLK for now.
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
Reviewed-by: Brian Masney <bmasney@redhat.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221005143305.388-1-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index 49ea8b5612fc..92cbe84de0e5 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -959,7 +959,7 @@ ufs_card_phy: phy@1da7000 {
ranges;
clock-names = "ref",
"ref_aux";
- clocks = <&gcc GCC_UFS_1_CARD_CLKREF_CLK>,
+ clocks = <&gcc GCC_UFS_REF_CLKREF_CLK>,
<&gcc GCC_UFS_CARD_PHY_AUX_CLK>;
resets = <&ufs_card_hc 0>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 079/314] arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 078/314] arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 080/314] arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers Greg Kroah-Hartman
` (242 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Masney, Johan Hovold,
Bjorn Andersson, Sasha Levin
From: Brian Masney <bmasney@redhat.com>
[ Upstream commit f3aa975e230e060c07dcfdf3fe92b59809422c13 ]
The first UFS host controller fails to start on the SA8540P automotive
board (QDrive3) due to the following errors:
ufshcd-qcom 1d84000.ufs: ufshcd_query_flag: Sending flag query for idn 18 failed, err = 253
ufshcd-qcom 1d84000.ufs: ufshcd_query_flag: Sending flag query for idn 18 failed, err = 253
ufshcd-qcom 1d84000.ufs: ufshcd_query_flag: Sending flag query for idn 18 failed, err = 253
ufshcd-qcom 1d84000.ufs: ufshcd_query_flag_retry: query attribute, opcode 5, idn 18, failed
with error 253 after 3 retries
The system eventually fails to boot with the warning:
gcc_ufs_phy_axi_clk status stuck at 'off'
This issue can be worked around by adding clk_ignore_unused to the
kernel command line since the system firmware sets up this clock for us.
Let's fix this issue by updating the ref clock on ufs_mem_phy. Note
that the downstream MSM 5.4 sources list this as ref_clk_parent. With
this patch, the SA8540P is able to be booted without clk_ignore_unused.
Signed-off-by: Brian Masney <bmasney@redhat.com>
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Tested-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221006145529.755521-1-bmasney@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index 92cbe84de0e5..cdc395d53c5a 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -891,7 +891,7 @@ ufs_mem_phy: phy@1d87000 {
ranges;
clock-names = "ref",
"ref_aux";
- clocks = <&rpmhcc RPMH_CXO_CLK>,
+ clocks = <&gcc GCC_UFS_REF_CLKREF_CLK>,
<&gcc GCC_UFS_PHY_PHY_AUX_CLK>;
resets = <&ufs_mem_hc 0>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 080/314] arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 079/314] arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 081/314] arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers Greg Kroah-Hartman
` (241 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 31b3b3059791be536e2ec0c6830767b596af340f ]
The USB0 SS PHY node had the PCS_MISC register block (0x1200) replaced
with PCS_USB (0x1700).
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220919094454.1574-2-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index cdc395d53c5a..e3e192877a88 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -1184,7 +1184,7 @@ usb_0_ssphy: usb3-phy@88eb400 {
<0 0x088ec400 0 0x1f0>,
<0 0x088eba00 0 0x100>,
<0 0x088ebc00 0 0x3ec>,
- <0 0x088ec700 0 0x64>;
+ <0 0x088ec200 0 0x18>;
#phy-cells = <0>;
#clock-cells = <0>;
clocks = <&gcc GCC_USB3_PRIM_PHY_PIPE_CLK>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 081/314] arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 080/314] arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 082/314] arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers Greg Kroah-Hartman
` (240 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 81cad26c6c3984d01b0612069c70ffd820f62dfa ]
The USB1 SS PHY node had the RX1 register block (0x600) replaced with
RX2 (0xc00).
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220919094454.1574-3-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index e3e192877a88..2b8eea373163 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -1242,7 +1242,7 @@ usb_1_qmpphy: phy-wrapper@8904000 {
usb_1_ssphy: usb3-phy@8903400 {
reg = <0 0x08903400 0 0x100>,
- <0 0x08903c00 0 0x3ec>,
+ <0 0x08903600 0 0x3ec>,
<0 0x08904400 0 0x1f0>,
<0 0x08903a00 0 0x100>,
<0 0x08903c00 0 0x3ec>,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 082/314] arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 081/314] arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 083/314] arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes Greg Kroah-Hartman
` (239 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 8723c3f290c7b798c0cbd89998576e6b365bda3a ]
With the current binding, the PCS register block (0x1400) needs to
include the PCS_USB registers (0x1700).
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220919094454.1574-4-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index 2b8eea373163..cf6d1063bb84 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -1181,7 +1181,7 @@ usb_0_qmpphy: phy-wrapper@88ec000 {
usb_0_ssphy: usb3-phy@88eb400 {
reg = <0 0x088eb400 0 0x100>,
<0 0x088eb600 0 0x3ec>,
- <0 0x088ec400 0 0x1f0>,
+ <0 0x088ec400 0 0x364>,
<0 0x088eba00 0 0x100>,
<0 0x088ebc00 0 0x3ec>,
<0 0x088ec200 0 0x18>;
@@ -1243,7 +1243,7 @@ usb_1_qmpphy: phy-wrapper@8904000 {
usb_1_ssphy: usb3-phy@8903400 {
reg = <0 0x08903400 0 0x100>,
<0 0x08903600 0 0x3ec>,
- <0 0x08904400 0 0x1f0>,
+ <0 0x08904400 0 0x364>,
<0 0x08903a00 0 0x100>,
<0 0x08903c00 0 0x3ec>,
<0 0x08904200 0 0x18>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 083/314] arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 082/314] arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 084/314] arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size Greg Kroah-Hartman
` (238 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Bjorn Andersson, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 7cdfb7a54ac88f7cb6d830ebb78bdbcbcb44bb4c ]
The DP PHY register layout of the current binding do not apply to the
newer USB4/USB3/DP PHY which uses a different register layout entirely.
Drop the DP PHY subnodes until the binding has been updated to prevent
the driver from corrupting unrelated registers.
Note that this is also needed in order to not break USB with an upcoming
PHY driver change that checks for overlapping register regions.
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220919094454.1574-5-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 20 --------------------
1 file changed, 20 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index cf6d1063bb84..2a702abcf51e 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -1191,16 +1191,6 @@ usb_0_ssphy: usb3-phy@88eb400 {
clock-names = "pipe0";
clock-output-names = "usb0_phy_pipe_clk_src";
};
-
- usb_0_dpphy: dp-phy@88ed200 {
- reg = <0 0x088ed200 0 0x200>,
- <0 0x088ed400 0 0x200>,
- <0 0x088eda00 0 0x200>,
- <0 0x088ea600 0 0x200>,
- <0 0x088ea800 0 0x200>;
- #clock-cells = <1>;
- #phy-cells = <0>;
- };
};
usb_1_hsphy: phy@8902000 {
@@ -1253,16 +1243,6 @@ usb_1_ssphy: usb3-phy@8903400 {
clock-names = "pipe0";
clock-output-names = "usb1_phy_pipe_clk_src";
};
-
- usb_1_dpphy: dp-phy@8904200 {
- reg = <0 0x08904200 0 0x200>,
- <0 0x08904400 0 0x200>,
- <0 0x08904a00 0 0x200>,
- <0 0x08904600 0 0x200>,
- <0 0x08904800 0 0x200>;
- #clock-cells = <1>;
- #phy-cells = <0>;
- };
};
system-cache-controller@9200000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 084/314] arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 083/314] arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 085/314] arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280 Greg Kroah-Hartman
` (237 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Brian Masney,
Bjorn Andersson, Sasha Levin, Andrew Halaney
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 8703d55bd5eac642275fe91b34ac62ad0ad312b5 ]
The size of the UFS PHY serdes register region is 0x1c8 and the
corresponding 'reg' property should specifically not include the
adjacent regions that are defined in the child node (e.g. tx and rx).
Fixes: 152d1faf1e2f ("arm64: dts: qcom: add SC8280XP platform")
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Tested-by: Andrew Halaney <ahalaney@redhat.com> #Qdrive3/sa8540p-adp-ride
Reviewed-by: Brian Masney <bmasney@redhat.com>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20220915141601.18435-1-johan+linaro@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
index 2a702abcf51e..6d82dea3675b 100644
--- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi
@@ -885,7 +885,7 @@ ufs_mem_hc: ufs@1d84000 {
ufs_mem_phy: phy@1d87000 {
compatible = "qcom,sc8280xp-qmp-ufs-phy";
- reg = <0 0x01d87000 0 0xe10>;
+ reg = <0 0x01d87000 0 0x1c8>;
#address-cells = <2>;
#size-cells = <2>;
ranges;
@@ -953,7 +953,7 @@ ufs_card_hc: ufs@1da4000 {
ufs_card_phy: phy@1da7000 {
compatible = "qcom,sc8280xp-qmp-ufs-phy";
- reg = <0 0x01da7000 0 0xe10>;
+ reg = <0 0x01da7000 0 0x1c8>;
#address-cells = <2>;
#size-cells = <2>;
ranges;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 085/314] arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 084/314] arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 086/314] spi: stm32: Print summary callbacks suppressed message Greg Kroah-Hartman
` (236 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Satya Priya, Neil Armstrong,
Bjorn Andersson, Sasha Levin
From: Satya Priya <quic_c_skakit@quicinc.com>
[ Upstream commit cb1d0aaa674e99957b85af570cb2730145af01df ]
Add the reset register offset for clock gating.
Fixes: 9499240d15f2 ("arm64: dts: qcom: sc7280: Add lpasscore & lpassaudio clock controllers")
Signed-off-by: Satya Priya <quic_c_skakit@quicinc.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/1663674495-25748-1-git-send-email-quic_c_skakit@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7280.dtsi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi
index 51ed691075ad..b3c3844f97a0 100644
--- a/arch/arm64/boot/dts/qcom/sc7280.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi
@@ -2177,7 +2177,8 @@ lpasscc: lpasscc@3000000 {
lpass_audiocc: clock-controller@3300000 {
compatible = "qcom,sc7280-lpassaudiocc";
- reg = <0 0x03300000 0 0x30000>;
+ reg = <0 0x03300000 0 0x30000>,
+ <0 0x032a9000 0 0x1000>;
clocks = <&rpmhcc RPMH_CXO_CLK>,
<&lpass_aon LPASS_AON_CC_MAIN_RCG_CLK_SRC>;
clock-names = "bi_tcxo", "lpass_aon_cc_main_rcg_clk_src";
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 086/314] spi: stm32: Print summary callbacks suppressed message
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 085/314] arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280 Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 087/314] ARM: dts: at91: sama7g5: fix signal name of pin PB2 Greg Kroah-Hartman
` (235 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Mark Brown, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 195583504be28df5d608a4677dd796117aea875f ]
The original fix "spi: stm32: Rate-limit the 'Communication suspended' message"
still leads to "stm32h7_spi_irq_thread: 1696 callbacks suppressed" spew in the
kernel log. Since this 'Communication suspended' message is a debug print, add
RATELIMIT_MSG_ON_RELEASE flag to inhibit the "callbacks suspended" part during
normal operation and only print summary at the end.
Fixes: ea8be08cc9358 ("spi: stm32: Rate-limit the 'Communication suspended' message")
Signed-off-by: Marek Vasut <marex@denx.de>
Link: https://lore.kernel.org/r/20221018183513.206706-1-marex@denx.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-stm32.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c
index 6fe617b445a5..3c2fa2e2f94a 100644
--- a/drivers/spi/spi-stm32.c
+++ b/drivers/spi/spi-stm32.c
@@ -886,6 +886,7 @@ static irqreturn_t stm32h7_spi_irq_thread(int irq, void *dev_id)
static DEFINE_RATELIMIT_STATE(rs,
DEFAULT_RATELIMIT_INTERVAL * 10,
1);
+ ratelimit_set_flags(&rs, RATELIMIT_MSG_ON_RELEASE);
if (__ratelimit(&rs))
dev_dbg_ratelimited(spi->dev, "Communication suspended\n");
if (!spi->cur_usedma && (spi->rx_buf && (spi->rx_len > 0)))
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 087/314] ARM: dts: at91: sama7g5: fix signal name of pin PB2
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 086/314] spi: stm32: Print summary callbacks suppressed message Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 088/314] ASoC: core: Fix use-after-free in snd_soc_exit() Greg Kroah-Hartman
` (234 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mihai Sain, Tudor Ambarus,
Nicolas Ferre, Claudiu Beznea, Sasha Levin
From: Mihai Sain <mihai.sain@microchip.com>
[ Upstream commit 2b4337c8409b4e9e5aed15c597e4031dd567bdd8 ]
The signal name of pin PB2 with function F is FLEXCOM11_IO1
as it is defined in the datasheet.
Fixes: 7540629e2fc7 ("ARM: dts: at91: add sama7g5 SoC DT and sama7g5-ek")
Signed-off-by: Mihai Sain <mihai.sain@microchip.com>
Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20221017083119.1643-1-mihai.sain@microchip.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/sama7g5-pinfunc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/sama7g5-pinfunc.h b/arch/arm/boot/dts/sama7g5-pinfunc.h
index 4eb30445d205..6e87f0d4b8fc 100644
--- a/arch/arm/boot/dts/sama7g5-pinfunc.h
+++ b/arch/arm/boot/dts/sama7g5-pinfunc.h
@@ -261,7 +261,7 @@
#define PIN_PB2__FLEXCOM6_IO0 PINMUX_PIN(PIN_PB2, 2, 1)
#define PIN_PB2__ADTRG PINMUX_PIN(PIN_PB2, 3, 1)
#define PIN_PB2__A20 PINMUX_PIN(PIN_PB2, 4, 1)
-#define PIN_PB2__FLEXCOM11_IO0 PINMUX_PIN(PIN_PB2, 6, 3)
+#define PIN_PB2__FLEXCOM11_IO1 PINMUX_PIN(PIN_PB2, 6, 3)
#define PIN_PB3 35
#define PIN_PB3__GPIO PINMUX_PIN(PIN_PB3, 0, 0)
#define PIN_PB3__RF1 PINMUX_PIN(PIN_PB3, 1, 1)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 088/314] ASoC: core: Fix use-after-free in snd_soc_exit()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 087/314] ARM: dts: at91: sama7g5: fix signal name of pin PB2 Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 089/314] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
` (233 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Mark Brown, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 6ec27c53886c8963729885bcf2dd996eba2767a7 ]
KASAN reports a use-after-free:
BUG: KASAN: use-after-free in device_del+0xb5b/0xc60
Read of size 8 at addr ffff888008655050 by task rmmod/387
CPU: 2 PID: 387 Comm: rmmod
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Call Trace:
<TASK>
dump_stack_lvl+0x79/0x9a
print_report+0x17f/0x47b
kasan_report+0xbb/0xf0
device_del+0xb5b/0xc60
platform_device_del.part.0+0x24/0x200
platform_device_unregister+0x2e/0x40
snd_soc_exit+0xa/0x22 [snd_soc_core]
__do_sys_delete_module.constprop.0+0x34f/0x5b0
do_syscall_64+0x3a/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
...
</TASK>
It's bacause in snd_soc_init(), snd_soc_util_init() is possble to fail,
but its ret is ignored, which makes soc_dummy_dev unregistered twice.
snd_soc_init()
snd_soc_util_init()
platform_device_register_simple(soc_dummy_dev)
platform_driver_register() # fail
platform_device_unregister(soc_dummy_dev)
platform_driver_register() # success
...
snd_soc_exit()
snd_soc_util_exit()
# soc_dummy_dev will be unregistered for second time
To fix it, handle error and stop snd_soc_init() when util_init() fail.
Also clean debugfs when util_init() or driver_register() fail.
Fixes: fb257897bf20 ("ASoC: Work around allmodconfig failure")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221028031603.59416-1-chenzhongjin@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-core.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index e824ff1a9fc0..3d057784cbd5 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -3472,10 +3472,23 @@ EXPORT_SYMBOL_GPL(snd_soc_of_get_dai_link_cpus);
static int __init snd_soc_init(void)
{
+ int ret;
+
snd_soc_debugfs_init();
- snd_soc_util_init();
+ ret = snd_soc_util_init();
+ if (ret)
+ goto err_util_init;
- return platform_driver_register(&soc_driver);
+ ret = platform_driver_register(&soc_driver);
+ if (ret)
+ goto err_register;
+ return 0;
+
+err_register:
+ snd_soc_util_exit();
+err_util_init:
+ snd_soc_debugfs_exit();
+ return ret;
}
module_init(snd_soc_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 089/314] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 088/314] ASoC: core: Fix use-after-free in snd_soc_exit() Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 090/314] arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state Greg Kroah-Hartman
` (232 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maarten Zanders, Daniel Baluta,
Mark Brown, Sasha Levin
From: Maarten Zanders <maarten.zanders@mind.be>
[ Upstream commit 6a564338a23cefcfc29c4a535b98402d13efdda6 ]
When CONFIG_PM=N, pm_runtime_put_sync() returns -ENOSYS
which breaks the probe function of these drivers.
Other users of pm_runtime_put_sync() typically don't check
the return value. In order to keep the program flow as
intended, check for -ENOSYS.
This commit is similar to commit 0434d3f (omap-mailbox.c).
Fixes: cab04ab5900f ("ASoC: fsl_asrc: Don't use devm_regmap_init_mmio_clk")
Fixes: 203773e39347 ("ASoC: fsl_esai: Don't use devm_regmap_init_mmio_clk")
Fixes: 2277e7e36b4b ("ASoC: fsl_sai: Don't use devm_regmap_init_mmio_clk")
Signed-off-by: Maarten Zanders <maarten.zanders@mind.be>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Link: https://lore.kernel.org/r/20221028141129.100702-1-maarten.zanders@mind.be
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_asrc.c | 2 +-
sound/soc/fsl/fsl_esai.c | 2 +-
sound/soc/fsl/fsl_sai.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/fsl/fsl_asrc.c b/sound/soc/fsl/fsl_asrc.c
index aa5edf32d988..d90adb6ee43d 100644
--- a/sound/soc/fsl/fsl_asrc.c
+++ b/sound/soc/fsl/fsl_asrc.c
@@ -1224,7 +1224,7 @@ static int fsl_asrc_probe(struct platform_device *pdev)
}
ret = pm_runtime_put_sync(&pdev->dev);
- if (ret < 0)
+ if (ret < 0 && ret != -ENOSYS)
goto err_pm_get_sync;
ret = devm_snd_soc_register_component(&pdev->dev, &fsl_asrc_component,
diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
index 5c21fc490fce..17fefd27ec90 100644
--- a/sound/soc/fsl/fsl_esai.c
+++ b/sound/soc/fsl/fsl_esai.c
@@ -1069,7 +1069,7 @@ static int fsl_esai_probe(struct platform_device *pdev)
regmap_write(esai_priv->regmap, REG_ESAI_RSMB, 0);
ret = pm_runtime_put_sync(&pdev->dev);
- if (ret < 0)
+ if (ret < 0 && ret != -ENOSYS)
goto err_pm_get_sync;
/*
diff --git a/sound/soc/fsl/fsl_sai.c b/sound/soc/fsl/fsl_sai.c
index d430eece1d6b..887063f9cbea 100644
--- a/sound/soc/fsl/fsl_sai.c
+++ b/sound/soc/fsl/fsl_sai.c
@@ -1415,7 +1415,7 @@ static int fsl_sai_probe(struct platform_device *pdev)
}
ret = pm_runtime_put_sync(dev);
- if (ret < 0)
+ if (ret < 0 && ret != -ENOSYS)
goto err_pm_get_sync;
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 090/314] arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 089/314] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 091/314] ASoC: tas2770: Fix set_tdm_slot in case of single slot Greg Kroah-Hartman
` (231 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Amit Pundir, Ulf Hansson,
Sudeep Holla, Bjorn Andersson, Sasha Levin
From: Ulf Hansson <ulf.hansson@linaro.org>
[ Upstream commit cadaa773bcf161184fa428180516bae33a7bc667 ]
To support the deeper cluster idle state for sm8250 platforms, some
additional synchronization is needed between the rpmh-rsc device and the
CPU cluster PM domain. Until that is supported, let's disable the cluster
idle state.
This fixes a problem that has been reported for the Qcom RB5 platform (see
below), but most likely other sm8250 platforms suffers from similar issues,
so let's make the fix generic for sm8250.
vreg_l11c_3p3: failed to enable: -ETIMEDOUT
qcom-rpmh-regulator 18200000.rsc:pm8150l-rpmh-regulators: ldo11: devm_regulator_register() failed, ret=-110
qcom-rpmh-regulator: probe of 18200000.rsc:pm8150l-rpmh-regulators failed with error -110
Reported-by: Amit Pundir <amit.pundir@linaro.org>
Fixes: 32bc936d7321 ("arm64: dts: qcom: sm8250: Add cpuidle states")
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Tested-by: Amit Pundir <amit.pundir@linaro.org>
Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20221027115745.240516-1-ulf.hansson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8250.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/qcom/sm8250.dtsi b/arch/arm64/boot/dts/qcom/sm8250.dtsi
index bc773e210023..052b4dbc1ee4 100644
--- a/arch/arm64/boot/dts/qcom/sm8250.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8250.dtsi
@@ -334,6 +334,7 @@ CLUSTER_SLEEP_0: cluster-sleep-0 {
exit-latency-us = <6562>;
min-residency-us = <9987>;
local-timer-stop;
+ status = "disabled";
};
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 091/314] ASoC: tas2770: Fix set_tdm_slot in case of single slot
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 090/314] arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 092/314] ASoC: tas2764: " Greg Kroah-Hartman
` (230 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jos Dehaes, Martin Povišer,
Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit e59bf547a7dd366f93bfebb7487959580ca6c0ec ]
There's a special branch in the set_tdm_slot op for the case of nslots
being 1, but:
(1) That branch can never work (there's a check for tx_mask being
non-zero, later there's another check for it *being* zero; one or
the other always throws -EINVAL).
(2) The intention of the branch seems to be what the general other
branch reduces to in case of nslots being 1.
For those reasons remove the 'nslots being 1' special case.
Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver")
Suggested-by: Jos Dehaes <jos.dehaes@gmail.com>
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20221027095800.16094-1-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2770.c | 20 ++++++--------------
1 file changed, 6 insertions(+), 14 deletions(-)
diff --git a/sound/soc/codecs/tas2770.c b/sound/soc/codecs/tas2770.c
index b6765235a4b3..8557759acb1f 100644
--- a/sound/soc/codecs/tas2770.c
+++ b/sound/soc/codecs/tas2770.c
@@ -395,21 +395,13 @@ static int tas2770_set_dai_tdm_slot(struct snd_soc_dai *dai,
if (tx_mask == 0 || rx_mask != 0)
return -EINVAL;
- if (slots == 1) {
- if (tx_mask != 1)
- return -EINVAL;
-
- left_slot = 0;
- right_slot = 0;
+ left_slot = __ffs(tx_mask);
+ tx_mask &= ~(1 << left_slot);
+ if (tx_mask == 0) {
+ right_slot = left_slot;
} else {
- left_slot = __ffs(tx_mask);
- tx_mask &= ~(1 << left_slot);
- if (tx_mask == 0) {
- right_slot = left_slot;
- } else {
- right_slot = __ffs(tx_mask);
- tx_mask &= ~(1 << right_slot);
- }
+ right_slot = __ffs(tx_mask);
+ tx_mask &= ~(1 << right_slot);
}
if (tx_mask != 0 || left_slot >= slots || right_slot >= slots)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 092/314] ASoC: tas2764: Fix set_tdm_slot in case of single slot
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 091/314] ASoC: tas2770: Fix set_tdm_slot in case of single slot Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 093/314] ASoC: tas2780: " Greg Kroah-Hartman
` (229 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jos Dehaes, Martin Povišer,
Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit faac764ea1ea6898d93e46c403271fb105c0906e ]
There's a special branch in the set_tdm_slot op for the case of nslots
being 1, but:
(1) That branch can never work (there's a check for tx_mask being
non-zero, later there's another check for it *being* zero; one or
the other always throws -EINVAL).
(2) The intention of the branch seems to be what the general other
branch reduces to in case of nslots being 1.
For those reasons remove the 'nslots being 1' special case.
Fixes: 827ed8a0fa50 ("ASoC: tas2764: Add the driver for the TAS2764")
Suggested-by: Jos Dehaes <jos.dehaes@gmail.com>
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20221027095800.16094-2-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2764.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/sound/soc/codecs/tas2764.c b/sound/soc/codecs/tas2764.c
index 39902f77a2e0..6c87c3cf5ef7 100644
--- a/sound/soc/codecs/tas2764.c
+++ b/sound/soc/codecs/tas2764.c
@@ -386,20 +386,13 @@ static int tas2764_set_dai_tdm_slot(struct snd_soc_dai *dai,
if (tx_mask == 0 || rx_mask != 0)
return -EINVAL;
- if (slots == 1) {
- if (tx_mask != 1)
- return -EINVAL;
- left_slot = 0;
- right_slot = 0;
+ left_slot = __ffs(tx_mask);
+ tx_mask &= ~(1 << left_slot);
+ if (tx_mask == 0) {
+ right_slot = left_slot;
} else {
- left_slot = __ffs(tx_mask);
- tx_mask &= ~(1 << left_slot);
- if (tx_mask == 0) {
- right_slot = left_slot;
- } else {
- right_slot = __ffs(tx_mask);
- tx_mask &= ~(1 << right_slot);
- }
+ right_slot = __ffs(tx_mask);
+ tx_mask &= ~(1 << right_slot);
}
if (tx_mask != 0 || left_slot >= slots || right_slot >= slots)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 093/314] ASoC: tas2780: Fix set_tdm_slot in case of single slot
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 092/314] ASoC: tas2764: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 094/314] ARM: at91: pm: avoid soft resetting AC DLL Greg Kroah-Hartman
` (228 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jos Dehaes, Martin Povišer,
Mark Brown, Sasha Levin
From: Martin Povišer <povik+lin@cutebit.org>
[ Upstream commit 6f934afa6a980bb8d3ce73836b1a9922685e50d7 ]
There's a special branch in the set_tdm_slot op for the case of nslots
being 1, but:
(1) That branch can never work (there's a check for tx_mask being
non-zero, later there's another check for it *being* zero; one or
the other always throws -EINVAL).
(2) The intention of the branch seems to be what the general other
branch reduces to in case of nslots being 1.
For those reasons remove the 'nslots being 1' special case.
Fixes: eae9f9ce181b ("ASoC: add tas2780 driver")
Suggested-by: Jos Dehaes <jos.dehaes@gmail.com>
Signed-off-by: Martin Povišer <povik+lin@cutebit.org>
Link: https://lore.kernel.org/r/20221027095800.16094-3-povik+lin@cutebit.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/tas2780.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/sound/soc/codecs/tas2780.c b/sound/soc/codecs/tas2780.c
index a6db6f0e5431..afdf0c863aa1 100644
--- a/sound/soc/codecs/tas2780.c
+++ b/sound/soc/codecs/tas2780.c
@@ -380,20 +380,13 @@ static int tas2780_set_dai_tdm_slot(struct snd_soc_dai *dai,
if (tx_mask == 0 || rx_mask != 0)
return -EINVAL;
- if (slots == 1) {
- if (tx_mask != 1)
- return -EINVAL;
- left_slot = 0;
- right_slot = 0;
+ left_slot = __ffs(tx_mask);
+ tx_mask &= ~(1 << left_slot);
+ if (tx_mask == 0) {
+ right_slot = left_slot;
} else {
- left_slot = __ffs(tx_mask);
- tx_mask &= ~(1 << left_slot);
- if (tx_mask == 0) {
- right_slot = left_slot;
- } else {
- right_slot = __ffs(tx_mask);
- tx_mask &= ~(1 << right_slot);
- }
+ right_slot = __ffs(tx_mask);
+ tx_mask &= ~(1 << right_slot);
}
if (tx_mask != 0 || left_slot >= slots || right_slot >= slots)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 094/314] ARM: at91: pm: avoid soft resetting AC DLL
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 093/314] ASoC: tas2780: " Greg Kroah-Hartman
@ 2022-11-23 8:48 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 095/314] serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() Greg Kroah-Hartman
` (227 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:48 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit cef8cdc0d0e7c701fe4dcfba4ed3fd25d28a6020 ]
Do not soft reset AC DLL as controller is buggy and this operation my
introduce glitches in the controller leading to undefined behavior.
Fixes: f0bbf17958e8 ("ARM: at91: pm: add self-refresh support for sama7g5")
Depends-on: a02875c4cbd6 ("ARM: at91: pm: fix self-refresh for sama7g5")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Link: https://lore.kernel.org/r/20221026124114.985876-2-claudiu.beznea@microchip.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-at91/pm_suspend.S | 7 ++++++-
include/soc/at91/sama7-ddr.h | 5 ++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mach-at91/pm_suspend.S b/arch/arm/mach-at91/pm_suspend.S
index ffed4d949042..e4904faf1753 100644
--- a/arch/arm/mach-at91/pm_suspend.S
+++ b/arch/arm/mach-at91/pm_suspend.S
@@ -169,10 +169,15 @@ sr_ena_2:
cmp tmp1, #UDDRC_STAT_SELFREF_TYPE_SW
bne sr_ena_2
- /* Put DDR PHY's DLL in bypass mode for non-backup modes. */
+ /* Disable DX DLLs for non-backup modes. */
cmp r7, #AT91_PM_BACKUP
beq sr_ena_3
+ /* Do not soft reset the AC DLL. */
+ ldr tmp1, [r3, DDR3PHY_ACDLLCR]
+ bic tmp1, tmp1, DDR3PHY_ACDLLCR_DLLSRST
+ str tmp1, [r3, DDR3PHY_ACDLLCR]
+
/* Disable DX DLLs. */
ldr tmp1, [r3, #DDR3PHY_DX0DLLCR]
orr tmp1, tmp1, #DDR3PHY_DXDLLCR_DLLDIS
diff --git a/include/soc/at91/sama7-ddr.h b/include/soc/at91/sama7-ddr.h
index 6ce3bd22f6c6..5ad7ac2e3a7c 100644
--- a/include/soc/at91/sama7-ddr.h
+++ b/include/soc/at91/sama7-ddr.h
@@ -26,7 +26,10 @@
#define DDR3PHY_PGSR (0x0C) /* DDR3PHY PHY General Status Register */
#define DDR3PHY_PGSR_IDONE (1 << 0) /* Initialization Done */
-#define DDR3PHY_ACIOCR (0x24) /* DDR3PHY AC I/O Configuration Register */
+#define DDR3PHY_ACDLLCR (0x14) /* DDR3PHY AC DLL Control Register */
+#define DDR3PHY_ACDLLCR_DLLSRST (1 << 30) /* DLL Soft Reset */
+
+#define DDR3PHY_ACIOCR (0x24) /* DDR3PHY AC I/O Configuration Register */
#define DDR3PHY_ACIOCR_CSPDD_CS0 (1 << 18) /* CS#[0] Power Down Driver */
#define DDR3PHY_ACIOCR_CKPDD_CK0 (1 << 8) /* CK[0] Power Down Driver */
#define DDR3PHY_ACIORC_ACPDD (1 << 3) /* AC Power Down Driver */
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 095/314] serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-11-23 8:48 ` [PATCH 6.0 094/314] ARM: at91: pm: avoid soft resetting AC DLL Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 096/314] serial: 8250_omap: remove wait loop from Errata i202 workaround Greg Kroah-Hartman
` (226 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Merlijn Wajer, Romain Naour,
Ivaylo Dimitrov, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit 93810191f5d23652c0b8a1a9b3a4a89d6fd5063e ]
There are cases where omap8250_set_mctrl() may get called after the
UART has already autoidled causing an asynchronous external abort.
This can happen on ttyport_open():
mem_serial_in from omap8250_set_mctrl+0x38/0xa0
omap8250_set_mctrl from uart_update_mctrl+0x4c/0x58
uart_update_mctrl from uart_dtr_rts+0x60/0xa8
uart_dtr_rts from tty_port_block_til_ready+0xd0/0x2a8
tty_port_block_til_ready from uart_open+0x14/0x1c
uart_open from ttyport_open+0x64/0x148
And on ttyport_close():
omap8250_set_mctrl from uart_update_mctrl+0x3c/0x48
uart_update_mctrl from uart_dtr_rts+0x54/0x9c
uart_dtr_rts from tty_port_shutdown+0x78/0x9c
tty_port_shutdown from tty_port_close+0x3c/0x74
tty_port_close from ttyport_close+0x40/0x58
It can also happen on disassociate_ctty() calling uart_shutdown()
that ends up calling omap8250_set_mctrl().
Let's fix the issue by adding missing PM runtime calls to
omap8250_set_mctrl(). To do this, we need to add __omap8250_set_mctrl()
that can be called from both omap8250_set_mctrl(), and from runtime PM
resume path when restoring the registers.
Fixes: 61929cf0169d ("tty: serial: Add 8250-core based omap driver")
Reported-by: Merlijn Wajer <merlijn@wizzup.org>
Reported-by: Romain Naour <romain.naour@smile.fr>
Reported-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Depends-on: dd8088d5a896 ("PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter")
Link: https://lore.kernel.org/r/20221024063613.25943-1-tony@atomide.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_omap.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c
index 38ee3e42251a..03a026bdba3c 100644
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -157,7 +157,11 @@ static u32 uart_read(struct uart_8250_port *up, u32 reg)
return readl(up->port.membase + (reg << up->port.regshift));
}
-static void omap8250_set_mctrl(struct uart_port *port, unsigned int mctrl)
+/*
+ * Called on runtime PM resume path from omap8250_restore_regs(), and
+ * omap8250_set_mctrl().
+ */
+static void __omap8250_set_mctrl(struct uart_port *port, unsigned int mctrl)
{
struct uart_8250_port *up = up_to_u8250p(port);
struct omap8250_priv *priv = up->port.private_data;
@@ -181,6 +185,20 @@ static void omap8250_set_mctrl(struct uart_port *port, unsigned int mctrl)
}
}
+static void omap8250_set_mctrl(struct uart_port *port, unsigned int mctrl)
+{
+ int err;
+
+ err = pm_runtime_resume_and_get(port->dev);
+ if (err)
+ return;
+
+ __omap8250_set_mctrl(port, mctrl);
+
+ pm_runtime_mark_last_busy(port->dev);
+ pm_runtime_put_autosuspend(port->dev);
+}
+
/*
* Work Around for Errata i202 (2430, 3430, 3630, 4430 and 4460)
* The access to uart register after MDR1 Access
@@ -341,7 +359,7 @@ static void omap8250_restore_regs(struct uart_8250_port *up)
omap8250_update_mdr1(up, priv);
- up->port.ops->set_mctrl(&up->port, up->port.mctrl);
+ __omap8250_set_mctrl(&up->port, up->port.mctrl);
if (up->port.rs485.flags & SER_RS485_ENABLED)
serial8250_em485_stop_tx(up);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 096/314] serial: 8250_omap: remove wait loop from Errata i202 workaround
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 095/314] serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 097/314] serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() Greg Kroah-Hartman
` (225 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen,
Matthias Schiffer, Sasha Levin
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
[ Upstream commit e828e56684d61b17317e0cfdef83791fa61cb76b ]
We were occasionally seeing the "Errata i202: timedout" on an AM335x
board when repeatedly opening and closing a UART connected to an active
sender. As new input may arrive at any time, it is possible to miss the
"RX FIFO empty" condition, forcing the loop to wait until it times out.
Nothing in the i202 Advisory states that such a wait is even necessary;
other FIFO clear functions like serial8250_clear_fifos() do not wait
either. For this reason, it seems safe to remove the wait, fixing the
mentioned issue.
Fixes: 61929cf0169d ("tty: serial: Add 8250-core based omap driver")
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Link: https://lore.kernel.org/r/20221013112339.2540767-1-matthias.schiffer@ew.tq-group.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_omap.c | 17 -----------------
1 file changed, 17 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c
index 03a026bdba3c..c772735035b5 100644
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -211,27 +211,10 @@ static void omap8250_set_mctrl(struct uart_port *port, unsigned int mctrl)
static void omap_8250_mdr1_errataset(struct uart_8250_port *up,
struct omap8250_priv *priv)
{
- u8 timeout = 255;
-
serial_out(up, UART_OMAP_MDR1, priv->mdr1);
udelay(2);
serial_out(up, UART_FCR, up->fcr | UART_FCR_CLEAR_XMIT |
UART_FCR_CLEAR_RCVR);
- /*
- * Wait for FIFO to empty: when empty, RX_FIFO_E bit is 0 and
- * TX_FIFO_E bit is 1.
- */
- while (UART_LSR_THRE != (serial_in(up, UART_LSR) &
- (UART_LSR_THRE | UART_LSR_DR))) {
- timeout--;
- if (!timeout) {
- /* Should *never* happen. we warn and carry on */
- dev_crit(up->port.dev, "Errata i202: timedout %x\n",
- serial_in(up, UART_LSR));
- break;
- }
- udelay(1);
- }
}
static void omap_8250_get_divisor(struct uart_port *port, unsigned int baud,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 097/314] serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 096/314] serial: 8250_omap: remove wait loop from Errata i202 workaround Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 098/314] serial: 8250: omap: Flush PM QOS work on remove Greg Kroah-Hartman
` (224 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit e3f0c638f428fd66b5871154b62706772045f91a ]
On remove, we get an error for "Runtime PM usage count underflow!". I guess
this driver is mostly built-in, and this issue has gone unnoticed for a
while. Somehow I did not catch this issue with my earlier fix done with
commit 4e0f5cc65098 ("serial: 8250_omap: Fix probe and remove for PM
runtime").
Fixes: 4e0f5cc65098 ("serial: 8250_omap: Fix probe and remove for PM runtime")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Depends-on: dd8088d5a896 ("PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter")
Link: https://lore.kernel.org/r/20221028105813.54290-1-tony@atomide.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_omap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c
index c772735035b5..3ba1526ccd20 100644
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -1461,6 +1461,11 @@ static int omap8250_probe(struct platform_device *pdev)
static int omap8250_remove(struct platform_device *pdev)
{
struct omap8250_priv *priv = platform_get_drvdata(pdev);
+ int err;
+
+ err = pm_runtime_resume_and_get(&pdev->dev);
+ if (err)
+ return err;
pm_runtime_dont_use_autosuspend(&pdev->dev);
pm_runtime_put_sync(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 098/314] serial: 8250: omap: Flush PM QOS work on remove
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 097/314] serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 099/314] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset Greg Kroah-Hartman
` (223 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit d0b68629bd2fb61e0171a62f2e8da3db322f5cf6 ]
Rebinding 8250_omap in a loop will at some point produce a warning for
kernel/power/qos.c:296 cpu_latency_qos_update_request() with error
"cpu_latency_qos_update_request called for unknown object". Let's flush
the possibly pending PM QOS work scheduled from omap8250_runtime_suspend()
before we disable runtime PM.
Fixes: 61929cf0169d ("tty: serial: Add 8250-core based omap driver")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20221028110044.54719-1-tony@atomide.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_omap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c
index 3ba1526ccd20..b96fbf8d31df 100644
--- a/drivers/tty/serial/8250/8250_omap.c
+++ b/drivers/tty/serial/8250/8250_omap.c
@@ -1469,6 +1469,7 @@ static int omap8250_remove(struct platform_device *pdev)
pm_runtime_dont_use_autosuspend(&pdev->dev);
pm_runtime_put_sync(&pdev->dev);
+ flush_work(&priv->qos_work);
pm_runtime_disable(&pdev->dev);
serial8250_unregister_port(priv->line);
cpu_latency_qos_remove_request(&priv->pm_qos_request);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 099/314] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 098/314] serial: 8250: omap: Flush PM QOS work on remove Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 100/314] serial: imx: Add missing .thaw_noirq hook Greg Kroah-Hartman
` (222 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sherry Sun, Sasha Levin
From: Sherry Sun <sherry.sun@nxp.com>
[ Upstream commit 76bad3f88750f8cc465c489e6846249e0bc3d8f5 ]
lpuart_global_reset() shouldn't break the on-going transmit engine, need
to recover the on-going data transfer after reset.
This can help earlycon here, since commit 60f361722ad2 ("serial:
fsl_lpuart: Reset prior to registration") moved lpuart_global_reset()
before uart_add_one_port(), earlycon is writing during global reset,
as global reset will disable the TX and clear the baud rate register,
which caused the earlycon cannot work any more after reset, needs to
restore the baud rate and re-enable the transmitter to recover the
earlycon write.
Also move the lpuart_global_reset() down, then we can reuse the
lpuart32_tx_empty() without declaration.
Fixes: bd5305dcabbc ("tty: serial: fsl_lpuart: do software reset for imx7ulp and imx8qxp")
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Link: https://lore.kernel.org/r/20221024085844.22786-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 76 +++++++++++++++++++++------------
1 file changed, 49 insertions(+), 27 deletions(-)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 34990901c805..c8297102e087 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -12,6 +12,7 @@
#include <linux/dmaengine.h>
#include <linux/dmapool.h>
#include <linux/io.h>
+#include <linux/iopoll.h>
#include <linux/irq.h>
#include <linux/module.h>
#include <linux/of.h>
@@ -404,33 +405,6 @@ static unsigned int lpuart_get_baud_clk_rate(struct lpuart_port *sport)
#define lpuart_enable_clks(x) __lpuart_enable_clks(x, true)
#define lpuart_disable_clks(x) __lpuart_enable_clks(x, false)
-static int lpuart_global_reset(struct lpuart_port *sport)
-{
- struct uart_port *port = &sport->port;
- void __iomem *global_addr;
- int ret;
-
- if (uart_console(port))
- return 0;
-
- ret = clk_prepare_enable(sport->ipg_clk);
- if (ret) {
- dev_err(sport->port.dev, "failed to enable uart ipg clk: %d\n", ret);
- return ret;
- }
-
- if (is_imx7ulp_lpuart(sport) || is_imx8qxp_lpuart(sport)) {
- global_addr = port->membase + UART_GLOBAL - IMX_REG_OFF;
- writel(UART_GLOBAL_RST, global_addr);
- usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
- writel(0, global_addr);
- usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
- }
-
- clk_disable_unprepare(sport->ipg_clk);
- return 0;
-}
-
static void lpuart_stop_tx(struct uart_port *port)
{
unsigned char temp;
@@ -2641,6 +2615,54 @@ static const struct serial_rs485 lpuart_rs485_supported = {
/* delay_rts_* and RX_DURING_TX are not supported */
};
+static int lpuart_global_reset(struct lpuart_port *sport)
+{
+ struct uart_port *port = &sport->port;
+ void __iomem *global_addr;
+ unsigned long ctrl, bd;
+ unsigned int val = 0;
+ int ret;
+
+ ret = clk_prepare_enable(sport->ipg_clk);
+ if (ret) {
+ dev_err(sport->port.dev, "failed to enable uart ipg clk: %d\n", ret);
+ return ret;
+ }
+
+ if (is_imx7ulp_lpuart(sport) || is_imx8qxp_lpuart(sport)) {
+ /*
+ * If the transmitter is used by earlycon, wait for transmit engine to
+ * complete and then reset.
+ */
+ ctrl = lpuart32_read(port, UARTCTRL);
+ if (ctrl & UARTCTRL_TE) {
+ bd = lpuart32_read(&sport->port, UARTBAUD);
+ if (read_poll_timeout(lpuart32_tx_empty, val, val, 1, 100000, false,
+ port)) {
+ dev_warn(sport->port.dev,
+ "timeout waiting for transmit engine to complete\n");
+ clk_disable_unprepare(sport->ipg_clk);
+ return 0;
+ }
+ }
+
+ global_addr = port->membase + UART_GLOBAL - IMX_REG_OFF;
+ writel(UART_GLOBAL_RST, global_addr);
+ usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
+ writel(0, global_addr);
+ usleep_range(GLOBAL_RST_MIN_US, GLOBAL_RST_MAX_US);
+
+ /* Recover the transmitter for earlycon. */
+ if (ctrl & UARTCTRL_TE) {
+ lpuart32_write(port, bd, UARTBAUD);
+ lpuart32_write(port, ctrl, UARTCTRL);
+ }
+ }
+
+ clk_disable_unprepare(sport->ipg_clk);
+ return 0;
+}
+
static int lpuart_probe(struct platform_device *pdev)
{
const struct lpuart_soc_data *sdata = of_device_get_match_data(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 100/314] serial: imx: Add missing .thaw_noirq hook
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 099/314] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 101/314] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Greg Kroah-Hartman
` (221 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Martin Kaiser, Shawn Guo, Sasha Levin
From: Shawn Guo <shawn.guo@linaro.org>
[ Upstream commit 4561d8008a467cb05ac632a215391d6b787f40aa ]
The following warning is seen with non-console UART instance when
system hibernates.
[ 37.371969] ------------[ cut here ]------------
[ 37.376599] uart3_root_clk already disabled
[ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0
...
[ 37.506986] Call trace:
[ 37.509432] clk_core_disable+0xa4/0xb0
[ 37.513270] clk_disable+0x34/0x50
[ 37.516672] imx_uart_thaw+0x38/0x5c
[ 37.520250] platform_pm_thaw+0x30/0x6c
[ 37.524089] dpm_run_callback.constprop.0+0x3c/0xd4
[ 37.528972] device_resume+0x7c/0x160
[ 37.532633] dpm_resume+0xe8/0x230
[ 37.536036] hibernation_snapshot+0x288/0x430
[ 37.540397] hibernate+0x10c/0x2e0
[ 37.543798] state_store+0xc4/0xd0
[ 37.547203] kobj_attr_store+0x1c/0x30
[ 37.550953] sysfs_kf_write+0x48/0x60
[ 37.554619] kernfs_fop_write_iter+0x118/0x1ac
[ 37.559063] new_sync_write+0xe8/0x184
[ 37.562812] vfs_write+0x230/0x290
[ 37.566214] ksys_write+0x68/0xf4
[ 37.569529] __arm64_sys_write+0x20/0x2c
[ 37.573452] invoke_syscall.constprop.0+0x50/0xf0
[ 37.578156] do_el0_svc+0x11c/0x150
[ 37.581648] el0_svc+0x30/0x140
[ 37.584792] el0t_64_sync_handler+0xe8/0xf0
[ 37.588976] el0t_64_sync+0x1a0/0x1a4
[ 37.592639] ---[ end trace 56e22eec54676d75 ]---
On hibernating, pm core calls into related hooks in sequence like:
.freeze
.freeze_noirq
.thaw_noirq
.thaw
With .thaw_noirq hook being absent, the clock will be disabled in a
unbalanced call which results the warning above.
imx_uart_freeze()
clk_prepare_enable()
imx_uart_suspend_noirq()
clk_disable()
imx_uart_thaw
clk_disable_unprepare()
Adding the missing .thaw_noirq hook as imx_uart_resume_noirq() will have
the call sequence corrected as below and thus fix the warning.
imx_uart_freeze()
clk_prepare_enable()
imx_uart_suspend_noirq()
clk_disable()
imx_uart_resume_noirq()
clk_enable()
imx_uart_thaw
clk_disable_unprepare()
Fixes: 09df0b3464e5 ("serial: imx: fix endless loop during suspend")
Reviewed-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
Link: https://lore.kernel.org/r/20221012121353.2346280-1-shawn.guo@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/imx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c
index 278b4033a3cc..57e3fda979ea 100644
--- a/drivers/tty/serial/imx.c
+++ b/drivers/tty/serial/imx.c
@@ -2594,6 +2594,7 @@ static const struct dev_pm_ops imx_uart_pm_ops = {
.suspend_noirq = imx_uart_suspend_noirq,
.resume_noirq = imx_uart_resume_noirq,
.freeze_noirq = imx_uart_suspend_noirq,
+ .thaw_noirq = imx_uart_resume_noirq,
.restore_noirq = imx_uart_resume_noirq,
.suspend = imx_uart_suspend,
.resume = imx_uart_resume,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 101/314] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 100/314] serial: imx: Add missing .thaw_noirq hook Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 102/314] ASoC: rt5514: fix legacy dai naming Greg Kroah-Hartman
` (220 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 7b7dfe4833c70a11cdfa51b38705103bd31eddaa ]
The function gsm_dlci_t1() is a timer handler that runs in an
atomic context, but it calls "kzalloc(..., GFP_KERNEL)" that
may sleep. As a result, the sleep-in-atomic-context bug will
happen. The process is shown below:
gsm_dlci_t1()
gsm_dlci_open()
gsm_modem_update()
gsm_modem_upd_via_msc()
gsm_control_send()
kzalloc(sizeof(.., GFP_KERNEL) //may sleep
This patch changes the gfp_t parameter of kzalloc() from GFP_KERNEL to
GFP_ATOMIC in order to mitigate the bug.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20221002040709.27849-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 01c112e2e214..2a0de70e0be4 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1670,7 +1670,7 @@ static struct gsm_control *gsm_control_send(struct gsm_mux *gsm,
unsigned int command, u8 *data, int clen)
{
struct gsm_control *ctrl = kzalloc(sizeof(struct gsm_control),
- GFP_KERNEL);
+ GFP_ATOMIC);
unsigned long flags;
if (ctrl == NULL)
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 102/314] ASoC: rt5514: fix legacy dai naming
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 101/314] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 103/314] ASoC: rt5677: " Greg Kroah-Hartman
` (219 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Montleon, Charles Keepax,
Mark Brown, Sasha Levin
From: Jason Montleon <jmontleo@redhat.com>
[ Upstream commit 392cc13c5ec72ccd6bbfb1bc2339502cc59dd285 ]
Starting with 6.0-rc1 these messages are logged and the sound card
is unavailable. Adding legacy_dai_naming to the rt5514-spi causes
it to function properly again.
[ 16.928454] kbl_r5514_5663_max kbl_r5514_5663_max: ASoC: CPU DAI
spi-PRP0001:00 not registered
[ 16.928561] platform kbl_r5514_5663_max: deferred probe pending
Fixes: fc34ece41f71 ("ASoC: Refactor non_legacy_dai_naming flag")
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216641
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221103144612.4431-1-jmontleo@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5514-spi.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/sound/soc/codecs/rt5514-spi.c b/sound/soc/codecs/rt5514-spi.c
index 1a25a3787935..362663abcb89 100644
--- a/sound/soc/codecs/rt5514-spi.c
+++ b/sound/soc/codecs/rt5514-spi.c
@@ -298,13 +298,14 @@ static int rt5514_spi_pcm_new(struct snd_soc_component *component,
}
static const struct snd_soc_component_driver rt5514_spi_component = {
- .name = DRV_NAME,
- .probe = rt5514_spi_pcm_probe,
- .open = rt5514_spi_pcm_open,
- .hw_params = rt5514_spi_hw_params,
- .hw_free = rt5514_spi_hw_free,
- .pointer = rt5514_spi_pcm_pointer,
- .pcm_construct = rt5514_spi_pcm_new,
+ .name = DRV_NAME,
+ .probe = rt5514_spi_pcm_probe,
+ .open = rt5514_spi_pcm_open,
+ .hw_params = rt5514_spi_hw_params,
+ .hw_free = rt5514_spi_hw_free,
+ .pointer = rt5514_spi_pcm_pointer,
+ .pcm_construct = rt5514_spi_pcm_new,
+ .legacy_dai_naming = 1,
};
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 103/314] ASoC: rt5677: fix legacy dai naming
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 102/314] ASoC: rt5514: fix legacy dai naming Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 104/314] bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Greg Kroah-Hartman
` (218 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Montleon, Charles Keepax,
Mark Brown, Sasha Levin
From: Jason Montleon <jmontleo@redhat.com>
[ Upstream commit a1dca8774faf3f77eb34fa0ac6f3e2b82290b1e4 ]
Starting with 6.0-rc1 the CPU DAI is not registered and the sound
card is unavailable. Adding legacy_dai_naming causes it to function
properly again.
Fixes: fc34ece41f71 ("ASoC: Refactor non_legacy_dai_naming flag")
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Link: https://lore.kernel.org/r/20221103144612.4431-2-jmontleo@redhat.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5677-spi.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/sound/soc/codecs/rt5677-spi.c b/sound/soc/codecs/rt5677-spi.c
index 8f3993a4c1cc..d25703dd7499 100644
--- a/sound/soc/codecs/rt5677-spi.c
+++ b/sound/soc/codecs/rt5677-spi.c
@@ -396,15 +396,16 @@ static int rt5677_spi_pcm_probe(struct snd_soc_component *component)
}
static const struct snd_soc_component_driver rt5677_spi_dai_component = {
- .name = DRV_NAME,
- .probe = rt5677_spi_pcm_probe,
- .open = rt5677_spi_pcm_open,
- .close = rt5677_spi_pcm_close,
- .hw_params = rt5677_spi_hw_params,
- .hw_free = rt5677_spi_hw_free,
- .prepare = rt5677_spi_prepare,
- .pointer = rt5677_spi_pcm_pointer,
- .pcm_construct = rt5677_spi_pcm_new,
+ .name = DRV_NAME,
+ .probe = rt5677_spi_pcm_probe,
+ .open = rt5677_spi_pcm_open,
+ .close = rt5677_spi_pcm_close,
+ .hw_params = rt5677_spi_hw_params,
+ .hw_free = rt5677_spi_hw_free,
+ .prepare = rt5677_spi_prepare,
+ .pointer = rt5677_spi_pcm_pointer,
+ .pcm_construct = rt5677_spi_pcm_new,
+ .legacy_dai_naming = 1,
};
/* Select a suitable transfer command for the next transfer to ensure
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 104/314] bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 103/314] ASoC: rt5677: " Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 105/314] bnxt_en: refactor bnxt_cancel_reservations() Greg Kroah-Hartman
` (217 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Baisong Zhong, Daniel Borkmann,
Eric Dumazet, Sasha Levin
From: Baisong Zhong <zhongbaisong@huawei.com>
[ Upstream commit d3fd203f36d46aa29600a72d57a1b61af80e4a25 ]
We got a syzkaller problem because of aarch64 alignment fault
if KFENCE enabled. When the size from user bpf program is an odd
number, like 399, 407, etc, it will cause the struct skb_shared_info's
unaligned access. As seen below:
BUG: KFENCE: use-after-free read in __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032
Use-after-free read at 0xffff6254fffac077 (in kfence-#213):
__lse_atomic_add arch/arm64/include/asm/atomic_lse.h:26 [inline]
arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline]
arch_atomic_inc include/linux/atomic-arch-fallback.h:270 [inline]
atomic_inc include/asm-generic/atomic-instrumented.h:241 [inline]
__skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032
skb_clone+0xf4/0x214 net/core/skbuff.c:1481
____bpf_clone_redirect net/core/filter.c:2433 [inline]
bpf_clone_redirect+0x78/0x1c0 net/core/filter.c:2420
bpf_prog_d3839dd9068ceb51+0x80/0x330
bpf_dispatcher_nop_func include/linux/bpf.h:728 [inline]
bpf_test_run+0x3c0/0x6c0 net/bpf/test_run.c:53
bpf_prog_test_run_skb+0x638/0xa7c net/bpf/test_run.c:594
bpf_prog_test_run kernel/bpf/syscall.c:3148 [inline]
__do_sys_bpf kernel/bpf/syscall.c:4441 [inline]
__se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381
kfence-#213: 0xffff6254fffac000-0xffff6254fffac196, size=407, cache=kmalloc-512
allocated by task 15074 on cpu 0 at 1342.585390s:
kmalloc include/linux/slab.h:568 [inline]
kzalloc include/linux/slab.h:675 [inline]
bpf_test_init.isra.0+0xac/0x290 net/bpf/test_run.c:191
bpf_prog_test_run_skb+0x11c/0xa7c net/bpf/test_run.c:512
bpf_prog_test_run kernel/bpf/syscall.c:3148 [inline]
__do_sys_bpf kernel/bpf/syscall.c:4441 [inline]
__se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381
__arm64_sys_bpf+0x50/0x60 kernel/bpf/syscall.c:4381
To fix the problem, we adjust @size so that (@size + @hearoom) is a
multiple of SMP_CACHE_BYTES. So we make sure the struct skb_shared_info
is aligned to a cache line.
Fixes: 1cf1cae963c2 ("bpf: introduce BPF_PROG_TEST_RUN command")
Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/bpf/20221102081620.1465154-1-zhongbaisong@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bpf/test_run.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index d11209367dd0..b422238f9f86 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -733,6 +733,7 @@ static void *bpf_test_init(const union bpf_attr *kattr, u32 user_size,
if (user_size > size)
return ERR_PTR(-EMSGSIZE);
+ size = SKB_DATA_ALIGN(size);
data = kzalloc(size + headroom + tailroom, GFP_USER);
if (!data)
return ERR_PTR(-ENOMEM);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 105/314] bnxt_en: refactor bnxt_cancel_reservations()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 104/314] bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 106/314] bnxt_en: fix the handling of PCIE-AER Greg Kroah-Hartman
` (216 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vikas Gupta, Michael Chan,
Jakub Kicinski, Sasha Levin
From: Vikas Gupta <vikas.gupta@broadcom.com>
[ Upstream commit b4c66425771ddb910316c7b4cd7fa0614098ec45 ]
Introduce bnxt_clear_reservations() to clear the reserved attributes only.
This will be used in the next patch to fix PCI AER handling.
Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 0cf736a18a1e ("bnxt_en: fix the handling of PCIE-AER")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index be5df8fca264..72915f40c7a0 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -9983,17 +9983,12 @@ static int bnxt_try_recover_fw(struct bnxt *bp)
return -ENODEV;
}
-int bnxt_cancel_reservations(struct bnxt *bp, bool fw_reset)
+static void bnxt_clear_reservations(struct bnxt *bp, bool fw_reset)
{
struct bnxt_hw_resc *hw_resc = &bp->hw_resc;
- int rc;
if (!BNXT_NEW_RM(bp))
- return 0; /* no resource reservations required */
-
- rc = bnxt_hwrm_func_resc_qcaps(bp, true);
- if (rc)
- netdev_err(bp->dev, "resc_qcaps failed\n");
+ return; /* no resource reservations required */
hw_resc->resv_cp_rings = 0;
hw_resc->resv_stat_ctxs = 0;
@@ -10006,6 +10001,20 @@ int bnxt_cancel_reservations(struct bnxt *bp, bool fw_reset)
bp->tx_nr_rings = 0;
bp->rx_nr_rings = 0;
}
+}
+
+int bnxt_cancel_reservations(struct bnxt *bp, bool fw_reset)
+{
+ int rc;
+
+ if (!BNXT_NEW_RM(bp))
+ return 0; /* no resource reservations required */
+
+ rc = bnxt_hwrm_func_resc_qcaps(bp, true);
+ if (rc)
+ netdev_err(bp->dev, "resc_qcaps failed\n");
+
+ bnxt_clear_reservations(bp, fw_reset);
return rc;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 106/314] bnxt_en: fix the handling of PCIE-AER
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 105/314] bnxt_en: refactor bnxt_cancel_reservations() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 107/314] ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Greg Kroah-Hartman
` (215 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vikas Gupta, Michael Chan,
Jakub Kicinski, Sasha Levin
From: Vikas Gupta <vikas.gupta@broadcom.com>
[ Upstream commit 0cf736a18a1e804037839bd8df9e36f0efdb8745 ]
Fix the sequence required for PCIE-AER. While slot reset occurs, firmware
might not be ready and the driver needs to check for its recovery. We
also need to remap the health registers for some chips and clear the
resource reservations. The resources will be allocated again during
bnxt_io_resume().
Fixes: fb1e6e562b37 ("bnxt_en: Fix AER recovery.")
Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 29 ++++++++++++++++++-
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 +
.../net/ethernet/broadcom/bnxt/bnxt_hwrm.c | 3 +-
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 72915f40c7a0..55d4efbb8614 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -13922,7 +13922,9 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev)
pci_ers_result_t result = PCI_ERS_RESULT_DISCONNECT;
struct net_device *netdev = pci_get_drvdata(pdev);
struct bnxt *bp = netdev_priv(netdev);
- int err = 0, off;
+ int retry = 0;
+ int err = 0;
+ int off;
netdev_info(bp->dev, "PCI Slot Reset\n");
@@ -13950,11 +13952,36 @@ static pci_ers_result_t bnxt_io_slot_reset(struct pci_dev *pdev)
pci_restore_state(pdev);
pci_save_state(pdev);
+ bnxt_inv_fw_health_reg(bp);
+ bnxt_try_map_fw_health_reg(bp);
+
+ /* In some PCIe AER scenarios, firmware may take up to
+ * 10 seconds to become ready in the worst case.
+ */
+ do {
+ err = bnxt_try_recover_fw(bp);
+ if (!err)
+ break;
+ retry++;
+ } while (retry < BNXT_FW_SLOT_RESET_RETRY);
+
+ if (err) {
+ dev_err(&pdev->dev, "Firmware not ready\n");
+ goto reset_exit;
+ }
+
err = bnxt_hwrm_func_reset(bp);
if (!err)
result = PCI_ERS_RESULT_RECOVERED;
+
+ bnxt_ulp_irq_stop(bp);
+ bnxt_clear_int_mode(bp);
+ err = bnxt_init_int_mode(bp);
+ bnxt_ulp_irq_restart(bp, err);
}
+reset_exit:
+ bnxt_clear_reservations(bp, true);
rtnl_unlock();
return result;
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
index b1b17f911300..d5fa43cfe524 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
@@ -1621,6 +1621,7 @@ struct bnxt_fw_health {
#define BNXT_FW_RETRY 5
#define BNXT_FW_IF_RETRY 10
+#define BNXT_FW_SLOT_RESET_RETRY 4
enum board_idx {
BCM57301,
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c
index b01d42928a53..132442f16fe6 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c
@@ -476,7 +476,8 @@ static int __hwrm_send(struct bnxt *bp, struct bnxt_hwrm_ctx *ctx)
memset(ctx->resp, 0, PAGE_SIZE);
req_type = le16_to_cpu(ctx->req->req_type);
- if (BNXT_NO_FW_ACCESS(bp) && req_type != HWRM_FUNC_RESET) {
+ if (BNXT_NO_FW_ACCESS(bp) &&
+ (req_type != HWRM_FUNC_RESET && req_type != HWRM_VER_GET)) {
netdev_dbg(bp->dev, "hwrm req_type 0x%x skipped, FW channel down\n",
req_type);
goto exit;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 107/314] ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 106/314] bnxt_en: fix the handling of PCIE-AER Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 108/314] pinctrl: rockchip: list all pins in a possible mux route for PX30 Greg Kroah-Hartman
` (214 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Zhongjin, Mark Brown, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 314d34fe7f0a5836cb0472950c1f17744b4efde8 ]
snd_soc_util_exit() is called in __init snd_soc_init() for cleanup.
Remove the __exit annotation for it to fix the build warning:
WARNING: modpost: sound/soc/snd-soc-core.o: section mismatch in reference: init_module (section: .init.text) -> snd_soc_util_exit (section: .exit.text)
Fixes: 6ec27c53886c ("ASoC: core: Fix use-after-free in snd_soc_exit()")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Link: https://lore.kernel.org/r/20221031134031.256511-1-chenzhongjin@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/soc-utils.c b/sound/soc/soc-utils.c
index 70c380c0ac7b..d1308904e6e0 100644
--- a/sound/soc/soc-utils.c
+++ b/sound/soc/soc-utils.c
@@ -263,7 +263,7 @@ int __init snd_soc_util_init(void)
return ret;
}
-void __exit snd_soc_util_exit(void)
+void snd_soc_util_exit(void)
{
platform_driver_unregister(&soc_dummy_driver);
platform_device_unregister(soc_dummy_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 108/314] pinctrl: rockchip: list all pins in a possible mux route for PX30
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 107/314] ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 109/314] mtd: onenand: omap2: add dependency on GPMC Greg Kroah-Hartman
` (213 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quentin Schulz, Linus Walleij, Sasha Levin
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[ Upstream commit bee55f2e7a44e7a7676e264b42f026e34bd244d9 ]
The mux routes are incomplete for the PX30. This was discovered because
we had a HW design using cif-clkoutm1 with the correct pinmux in the
Device Tree but the clock would still not work.
There are actually two muxing required: the pin muxing (performed by the
usual Device Tree pinctrl nodes) and the "function" muxing (m0 vs m1;
performed by the mux routing inside the driver). The pin muxing was
correct but the function muxing was not.
This adds the missing pins and their configuration for the mux routes
that are already specified in the driver.
Note that there are some "conflicts": it is possible *in Device Tree* to
(attempt to) mux the pins for e.g. clkoutm1 and clkinm0 at the same time
but this is actually not possible in hardware (because both share the
same bit for the function muxing). Since it is an impossible hardware
design, it is not deemed necessary to prevent the user from attempting
to "misconfigure" the pins/functions.
Fixes: 87065ca9b8e5 ("pinctrl: rockchip: Add pinctrl support for PX30")
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Link: https://lore.kernel.org/r/20221017-upstream-px30-cif-clkoutm1-v1-0-4ea1389237f7@theobroma-systems.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-rockchip.c | 40 ++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/drivers/pinctrl/pinctrl-rockchip.c b/drivers/pinctrl/pinctrl-rockchip.c
index c84bd0e1ce5a..f4d2b64c0670 100644
--- a/drivers/pinctrl/pinctrl-rockchip.c
+++ b/drivers/pinctrl/pinctrl-rockchip.c
@@ -632,14 +632,54 @@ static void rockchip_get_recalced_mux(struct rockchip_pin_bank *bank, int pin,
}
static struct rockchip_mux_route_data px30_mux_route_data[] = {
+ RK_MUXROUTE_SAME(2, RK_PB4, 1, 0x184, BIT(16 + 7)), /* cif-d0m0 */
+ RK_MUXROUTE_SAME(3, RK_PA1, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d0m1 */
+ RK_MUXROUTE_SAME(2, RK_PB6, 1, 0x184, BIT(16 + 7)), /* cif-d1m0 */
+ RK_MUXROUTE_SAME(3, RK_PA2, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d1m1 */
RK_MUXROUTE_SAME(2, RK_PA0, 1, 0x184, BIT(16 + 7)), /* cif-d2m0 */
RK_MUXROUTE_SAME(3, RK_PA3, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d2m1 */
+ RK_MUXROUTE_SAME(2, RK_PA1, 1, 0x184, BIT(16 + 7)), /* cif-d3m0 */
+ RK_MUXROUTE_SAME(3, RK_PA5, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d3m1 */
+ RK_MUXROUTE_SAME(2, RK_PA2, 1, 0x184, BIT(16 + 7)), /* cif-d4m0 */
+ RK_MUXROUTE_SAME(3, RK_PA7, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d4m1 */
+ RK_MUXROUTE_SAME(2, RK_PA3, 1, 0x184, BIT(16 + 7)), /* cif-d5m0 */
+ RK_MUXROUTE_SAME(3, RK_PB0, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d5m1 */
+ RK_MUXROUTE_SAME(2, RK_PA4, 1, 0x184, BIT(16 + 7)), /* cif-d6m0 */
+ RK_MUXROUTE_SAME(3, RK_PB1, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d6m1 */
+ RK_MUXROUTE_SAME(2, RK_PA5, 1, 0x184, BIT(16 + 7)), /* cif-d7m0 */
+ RK_MUXROUTE_SAME(3, RK_PB4, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d7m1 */
+ RK_MUXROUTE_SAME(2, RK_PA6, 1, 0x184, BIT(16 + 7)), /* cif-d8m0 */
+ RK_MUXROUTE_SAME(3, RK_PB6, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d8m1 */
+ RK_MUXROUTE_SAME(2, RK_PA7, 1, 0x184, BIT(16 + 7)), /* cif-d9m0 */
+ RK_MUXROUTE_SAME(3, RK_PB7, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d9m1 */
+ RK_MUXROUTE_SAME(2, RK_PB7, 1, 0x184, BIT(16 + 7)), /* cif-d10m0 */
+ RK_MUXROUTE_SAME(3, RK_PC6, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d10m1 */
+ RK_MUXROUTE_SAME(2, RK_PC0, 1, 0x184, BIT(16 + 7)), /* cif-d11m0 */
+ RK_MUXROUTE_SAME(3, RK_PC7, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-d11m1 */
+ RK_MUXROUTE_SAME(2, RK_PB0, 1, 0x184, BIT(16 + 7)), /* cif-vsyncm0 */
+ RK_MUXROUTE_SAME(3, RK_PD1, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-vsyncm1 */
+ RK_MUXROUTE_SAME(2, RK_PB1, 1, 0x184, BIT(16 + 7)), /* cif-hrefm0 */
+ RK_MUXROUTE_SAME(3, RK_PD2, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-hrefm1 */
+ RK_MUXROUTE_SAME(2, RK_PB2, 1, 0x184, BIT(16 + 7)), /* cif-clkinm0 */
+ RK_MUXROUTE_SAME(3, RK_PD3, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-clkinm1 */
+ RK_MUXROUTE_SAME(2, RK_PB3, 1, 0x184, BIT(16 + 7)), /* cif-clkoutm0 */
+ RK_MUXROUTE_SAME(3, RK_PD0, 3, 0x184, BIT(16 + 7) | BIT(7)), /* cif-clkoutm1 */
RK_MUXROUTE_SAME(3, RK_PC6, 2, 0x184, BIT(16 + 8)), /* pdm-m0 */
RK_MUXROUTE_SAME(2, RK_PC6, 1, 0x184, BIT(16 + 8) | BIT(8)), /* pdm-m1 */
+ RK_MUXROUTE_SAME(3, RK_PD3, 2, 0x184, BIT(16 + 8)), /* pdm-sdi0m0 */
+ RK_MUXROUTE_SAME(2, RK_PC5, 2, 0x184, BIT(16 + 8) | BIT(8)), /* pdm-sdi0m1 */
RK_MUXROUTE_SAME(1, RK_PD3, 2, 0x184, BIT(16 + 10)), /* uart2-rxm0 */
RK_MUXROUTE_SAME(2, RK_PB6, 2, 0x184, BIT(16 + 10) | BIT(10)), /* uart2-rxm1 */
+ RK_MUXROUTE_SAME(1, RK_PD2, 2, 0x184, BIT(16 + 10)), /* uart2-txm0 */
+ RK_MUXROUTE_SAME(2, RK_PB4, 2, 0x184, BIT(16 + 10) | BIT(10)), /* uart2-txm1 */
RK_MUXROUTE_SAME(0, RK_PC1, 2, 0x184, BIT(16 + 9)), /* uart3-rxm0 */
RK_MUXROUTE_SAME(1, RK_PB7, 2, 0x184, BIT(16 + 9) | BIT(9)), /* uart3-rxm1 */
+ RK_MUXROUTE_SAME(0, RK_PC0, 2, 0x184, BIT(16 + 9)), /* uart3-txm0 */
+ RK_MUXROUTE_SAME(1, RK_PB6, 2, 0x184, BIT(16 + 9) | BIT(9)), /* uart3-txm1 */
+ RK_MUXROUTE_SAME(0, RK_PC2, 2, 0x184, BIT(16 + 9)), /* uart3-ctsm0 */
+ RK_MUXROUTE_SAME(1, RK_PB4, 2, 0x184, BIT(16 + 9) | BIT(9)), /* uart3-ctsm1 */
+ RK_MUXROUTE_SAME(0, RK_PC3, 2, 0x184, BIT(16 + 9)), /* uart3-rtsm0 */
+ RK_MUXROUTE_SAME(1, RK_PB5, 2, 0x184, BIT(16 + 9) | BIT(9)), /* uart3-rtsm1 */
};
static struct rockchip_mux_route_data rk3128_mux_route_data[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 109/314] mtd: onenand: omap2: add dependency on GPMC
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 108/314] pinctrl: rockchip: list all pins in a possible mux route for PX30 Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 110/314] scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Greg Kroah-Hartman
` (212 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Krzysztof Kozlowski, Roger Quadros, Miquel Raynal, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit c717b9b7d6de9e024e47f7cd5bbff49f581d3db9 ]
OMAP2 OneNAND driver uses gpmc_omap_onenand_set_timings() provided by
OMAP_GPMC driver, so the latter cannot be module if OneNAND driver is
built-in:
/usr/bin/arm-linux-gnueabi-ld: drivers/mtd/nand/onenand/onenand_omap2.o: in function `omap2_onenand_probe':
onenand_omap2.c:(.text+0x520): undefined reference to `gpmc_omap_onenand_set_timings'
The OMAP_GPMC is also a runtime dependency.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 854fd9209b20 ("memory: omap-gpmc: Allow building as a module")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Roger Quadros <rogerq@kernel.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20221107091520.127053-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/onenand/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mtd/nand/onenand/Kconfig b/drivers/mtd/nand/onenand/Kconfig
index 34d9a7a82ad4..c94bf483541e 100644
--- a/drivers/mtd/nand/onenand/Kconfig
+++ b/drivers/mtd/nand/onenand/Kconfig
@@ -26,6 +26,7 @@ config MTD_ONENAND_OMAP2
tristate "OneNAND on OMAP2/OMAP3 support"
depends on ARCH_OMAP2 || ARCH_OMAP3 || (COMPILE_TEST && ARM)
depends on OF || COMPILE_TEST
+ depends on OMAP_GPMC
help
Support for a OneNAND flash device connected to an OMAP2/OMAP3 SoC
via the GPMC memory controller.
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 110/314] scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 109/314] mtd: onenand: omap2: add dependency on GPMC Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 111/314] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent Greg Kroah-Hartman
` (211 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Garry, Yang Yingliang,
Jason Yan, Martin K. Petersen, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 5d7bebf2dfb0dc97aac1fbace0910e557ecdb16f ]
If transport_add_device() fails in sas_phy_add(), the kernel will crash
trying to delete the device in transport_remove_device() called from
sas_remove_host().
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108
CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x54/0x3d0
lr : device_del+0x37c/0x3d0
Call trace:
device_del+0x54/0x3d0
attribute_container_class_device_del+0x28/0x38
transport_remove_classdev+0x6c/0x80
attribute_container_device_trigger+0x108/0x110
transport_remove_device+0x28/0x38
sas_phy_delete+0x30/0x60 [scsi_transport_sas]
do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas]
device_for_each_child+0x68/0xb0
sas_remove_children+0x40/0x50 [scsi_transport_sas]
sas_remove_host+0x20/0x38 [scsi_transport_sas]
hisi_sas_remove+0x40/0x68 [hisi_sas_main]
hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw]
platform_remove+0x2c/0x60
Fix this by checking and handling return value of transport_add_device()
in sas_phy_add().
Fixes: c7ebbbce366c ("[SCSI] SAS transport class")
Suggested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221107124828.115557-1-yangyingliang@huawei.com
Reviewed-by: John Garry <john.g.garry@oracle.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_transport_sas.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c
index 2f88c61216ee..74b99f2b0b74 100644
--- a/drivers/scsi/scsi_transport_sas.c
+++ b/drivers/scsi/scsi_transport_sas.c
@@ -722,12 +722,17 @@ int sas_phy_add(struct sas_phy *phy)
int error;
error = device_add(&phy->dev);
- if (!error) {
- transport_add_device(&phy->dev);
- transport_configure_device(&phy->dev);
+ if (error)
+ return error;
+
+ error = transport_add_device(&phy->dev);
+ if (error) {
+ device_del(&phy->dev);
+ return error;
}
+ transport_configure_device(&phy->dev);
- return error;
+ return 0;
}
EXPORT_SYMBOL(sas_phy_add);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 111/314] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 110/314] scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 112/314] sctp: clear out_curr if all frag chunks of current msg are pruned Greg Kroah-Hartman
` (210 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xin Long, Jakub Kicinski, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 9f0b773210c27a8f5d98ddb2fc4ba60a42a3285f ]
Since commit 5bbbbe32a431 ("sctp: introduce stream scheduler foundations"),
sctp_stream_outq_migrate() has been called in sctp_stream_init/update to
removes those chunks to streams higher than the new max. There is no longer
need to do such check in sctp_prsctp_prune_unsent().
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 2f201ae14ae0 ("sctp: clear out_curr if all frag chunks of current msg are pruned")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/outqueue.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index e213aaf45d67..c99fe3dc19bc 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -384,6 +384,7 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
{
struct sctp_outq *q = &asoc->outqueue;
struct sctp_chunk *chk, *temp;
+ struct sctp_stream_out *sout;
q->sched->unsched_all(&asoc->stream);
@@ -398,12 +399,9 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
sctp_sched_dequeue_common(q, chk);
asoc->sent_cnt_removable--;
asoc->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
- if (chk->sinfo.sinfo_stream < asoc->stream.outcnt) {
- struct sctp_stream_out *streamout =
- SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
- streamout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
- }
+ sout = SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
+ sout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
sctp_chunk_free(chk);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 112/314] sctp: clear out_curr if all frag chunks of current msg are pruned
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 111/314] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 113/314] erofs: clean up .read_folio() and .readahead() in fscache mode Greg Kroah-Hartman
` (209 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhen Chen, Caowangbao, Xin Long,
Jakub Kicinski, Sasha Levin
From: Xin Long <lucien.xin@gmail.com>
[ Upstream commit 2f201ae14ae0f91dbf1cffea7bb1e29e81d4d108 ]
A crash was reported by Zhen Chen:
list_del corruption, ffffa035ddf01c18->next is NULL
WARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0
RIP: 0010:__list_del_entry_valid+0x59/0xe0
Call Trace:
sctp_sched_dequeue_common+0x17/0x70 [sctp]
sctp_sched_fcfs_dequeue+0x37/0x50 [sctp]
sctp_outq_flush_data+0x85/0x360 [sctp]
sctp_outq_uncork+0x77/0xa0 [sctp]
sctp_cmd_interpreter.constprop.0+0x164/0x1450 [sctp]
sctp_side_effects+0x37/0xe0 [sctp]
sctp_do_sm+0xd0/0x230 [sctp]
sctp_primitive_SEND+0x2f/0x40 [sctp]
sctp_sendmsg_to_asoc+0x3fa/0x5c0 [sctp]
sctp_sendmsg+0x3d5/0x440 [sctp]
sock_sendmsg+0x5b/0x70
and in sctp_sched_fcfs_dequeue() it dequeued a chunk from stream
out_curr outq while this outq was empty.
Normally stream->out_curr must be set to NULL once all frag chunks of
current msg are dequeued, as we can see in sctp_sched_dequeue_done().
However, in sctp_prsctp_prune_unsent() as it is not a proper dequeue,
sctp_sched_dequeue_done() is not called to do this.
This patch is to fix it by simply setting out_curr to NULL when the
last frag chunk of current msg is dequeued from out_curr stream in
sctp_prsctp_prune_unsent().
Fixes: 5bbbbe32a431 ("sctp: introduce stream scheduler foundations")
Reported-by: Zhen Chen <chenzhen126@huawei.com>
Tested-by: Caowangbao <caowangbao@huawei.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/outqueue.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index c99fe3dc19bc..20831079fb09 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -403,6 +403,11 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
sout = SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
sout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
+ /* clear out_curr if all frag chunks are pruned */
+ if (asoc->stream.out_curr == sout &&
+ list_is_last(&chk->frag_list, &chk->msg->chunks))
+ asoc->stream.out_curr = NULL;
+
msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
sctp_chunk_free(chk);
if (msg_len <= 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 113/314] erofs: clean up .read_folio() and .readahead() in fscache mode
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 112/314] sctp: clear out_curr if all frag chunks of current msg are pruned Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 114/314] erofs: get correct count for unmapped range " Greg Kroah-Hartman
` (208 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jingbo Xu, Jia Zhu, Gao Xiang, Sasha Levin
From: Jingbo Xu <jefflexu@linux.alibaba.com>
[ Upstream commit 1ae9470c3e14624b0f4d8741c22b5a94062c0e33 ]
The implementation of these two functions in fscache mode is almost the
same. Extract the same part as a generic helper to remove the code
duplication.
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Jia Zhu <zhujia.zj@bytedance.com>
Link: https://lore.kernel.org/r/20220922062414.20437-1-jefflexu@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Stable-dep-of: e6d9f9ba111b ("erofs: get correct count for unmapped range in fscache mode")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/fscache.c | 213 ++++++++++++++++++---------------------------
1 file changed, 83 insertions(+), 130 deletions(-)
diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index b5fd9d71e67f..508b1a4df15e 100644
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -234,113 +234,111 @@ static int erofs_fscache_meta_read_folio(struct file *data, struct folio *folio)
return ret;
}
-static int erofs_fscache_read_folio_inline(struct folio *folio,
- struct erofs_map_blocks *map)
-{
- struct super_block *sb = folio_mapping(folio)->host->i_sb;
- struct erofs_buf buf = __EROFS_BUF_INITIALIZER;
- erofs_blk_t blknr;
- size_t offset, len;
- void *src, *dst;
-
- /* For tail packing layout, the offset may be non-zero. */
- offset = erofs_blkoff(map->m_pa);
- blknr = erofs_blknr(map->m_pa);
- len = map->m_llen;
-
- src = erofs_read_metabuf(&buf, sb, blknr, EROFS_KMAP);
- if (IS_ERR(src))
- return PTR_ERR(src);
-
- dst = kmap_local_folio(folio, 0);
- memcpy(dst, src + offset, len);
- memset(dst + len, 0, PAGE_SIZE - len);
- kunmap_local(dst);
-
- erofs_put_metabuf(&buf);
- return 0;
-}
-
-static int erofs_fscache_read_folio(struct file *file, struct folio *folio)
+/*
+ * Read into page cache in the range described by (@pos, @len).
+ *
+ * On return, the caller is responsible for page unlocking if the output @unlock
+ * is true, or the callee will take this responsibility through netfs_io_request
+ * interface.
+ *
+ * The return value is the number of bytes successfully handled, or negative
+ * error code on failure. The only exception is that, the length of the range
+ * instead of the error code is returned on failure after netfs_io_request is
+ * allocated, so that .readahead() could advance rac accordingly.
+ */
+static int erofs_fscache_data_read(struct address_space *mapping,
+ loff_t pos, size_t len, bool *unlock)
{
- struct inode *inode = folio_mapping(folio)->host;
+ struct inode *inode = mapping->host;
struct super_block *sb = inode->i_sb;
+ struct netfs_io_request *rreq;
struct erofs_map_blocks map;
struct erofs_map_dev mdev;
- struct netfs_io_request *rreq;
- erofs_off_t pos;
- loff_t pstart;
+ struct iov_iter iter;
+ size_t count;
int ret;
- DBG_BUGON(folio_size(folio) != EROFS_BLKSIZ);
+ *unlock = true;
- pos = folio_pos(folio);
map.m_la = pos;
-
ret = erofs_map_blocks(inode, &map, EROFS_GET_BLOCKS_RAW);
if (ret)
- goto out_unlock;
+ return ret;
- if (!(map.m_flags & EROFS_MAP_MAPPED)) {
- folio_zero_range(folio, 0, folio_size(folio));
- goto out_uptodate;
+ if (map.m_flags & EROFS_MAP_META) {
+ struct erofs_buf buf = __EROFS_BUF_INITIALIZER;
+ erofs_blk_t blknr;
+ size_t offset, size;
+ void *src;
+
+ /* For tail packing layout, the offset may be non-zero. */
+ offset = erofs_blkoff(map.m_pa);
+ blknr = erofs_blknr(map.m_pa);
+ size = map.m_llen;
+
+ src = erofs_read_metabuf(&buf, sb, blknr, EROFS_KMAP);
+ if (IS_ERR(src))
+ return PTR_ERR(src);
+
+ iov_iter_xarray(&iter, READ, &mapping->i_pages, pos, PAGE_SIZE);
+ if (copy_to_iter(src + offset, size, &iter) != size)
+ return -EFAULT;
+ iov_iter_zero(PAGE_SIZE - size, &iter);
+ erofs_put_metabuf(&buf);
+ return PAGE_SIZE;
}
- if (map.m_flags & EROFS_MAP_META) {
- ret = erofs_fscache_read_folio_inline(folio, &map);
- goto out_uptodate;
+ count = min_t(size_t, map.m_llen - (pos - map.m_la), len);
+ DBG_BUGON(!count || count % PAGE_SIZE);
+
+ if (!(map.m_flags & EROFS_MAP_MAPPED)) {
+ iov_iter_xarray(&iter, READ, &mapping->i_pages, pos, count);
+ iov_iter_zero(count, &iter);
+ return count;
}
mdev = (struct erofs_map_dev) {
.m_deviceid = map.m_deviceid,
.m_pa = map.m_pa,
};
-
ret = erofs_map_dev(sb, &mdev);
if (ret)
- goto out_unlock;
-
-
- rreq = erofs_fscache_alloc_request(folio_mapping(folio),
- folio_pos(folio), folio_size(folio));
- if (IS_ERR(rreq)) {
- ret = PTR_ERR(rreq);
- goto out_unlock;
- }
+ return ret;
- pstart = mdev.m_pa + (pos - map.m_la);
- return erofs_fscache_read_folios_async(mdev.m_fscache->cookie,
- rreq, pstart);
+ rreq = erofs_fscache_alloc_request(mapping, pos, count);
+ if (IS_ERR(rreq))
+ return PTR_ERR(rreq);
-out_uptodate:
- if (!ret)
- folio_mark_uptodate(folio);
-out_unlock:
- folio_unlock(folio);
- return ret;
+ *unlock = false;
+ erofs_fscache_read_folios_async(mdev.m_fscache->cookie,
+ rreq, mdev.m_pa + (pos - map.m_la));
+ return count;
}
-static void erofs_fscache_advance_folios(struct readahead_control *rac,
- size_t len, bool unlock)
+static int erofs_fscache_read_folio(struct file *file, struct folio *folio)
{
- while (len) {
- struct folio *folio = readahead_folio(rac);
- len -= folio_size(folio);
- if (unlock) {
+ bool unlock;
+ int ret;
+
+ DBG_BUGON(folio_size(folio) != EROFS_BLKSIZ);
+
+ ret = erofs_fscache_data_read(folio_mapping(folio), folio_pos(folio),
+ folio_size(folio), &unlock);
+ if (unlock) {
+ if (ret > 0)
folio_mark_uptodate(folio);
- folio_unlock(folio);
- }
+ folio_unlock(folio);
}
+ return ret < 0 ? ret : 0;
}
static void erofs_fscache_readahead(struct readahead_control *rac)
{
- struct inode *inode = rac->mapping->host;
- struct super_block *sb = inode->i_sb;
- size_t len, count, done = 0;
- erofs_off_t pos;
- loff_t start, offset;
- int ret;
+ struct folio *folio;
+ size_t len, done = 0;
+ loff_t start, pos;
+ bool unlock;
+ int ret, size;
if (!readahead_count(rac))
return;
@@ -349,67 +347,22 @@ static void erofs_fscache_readahead(struct readahead_control *rac)
len = readahead_length(rac);
do {
- struct erofs_map_blocks map;
- struct erofs_map_dev mdev;
- struct netfs_io_request *rreq;
-
pos = start + done;
- map.m_la = pos;
-
- ret = erofs_map_blocks(inode, &map, EROFS_GET_BLOCKS_RAW);
- if (ret)
+ ret = erofs_fscache_data_read(rac->mapping, pos,
+ len - done, &unlock);
+ if (ret <= 0)
return;
- offset = start + done;
- count = min_t(size_t, map.m_llen - (pos - map.m_la),
- len - done);
-
- if (!(map.m_flags & EROFS_MAP_MAPPED)) {
- struct iov_iter iter;
-
- iov_iter_xarray(&iter, READ, &rac->mapping->i_pages,
- offset, count);
- iov_iter_zero(count, &iter);
-
- erofs_fscache_advance_folios(rac, count, true);
- ret = count;
- continue;
- }
-
- if (map.m_flags & EROFS_MAP_META) {
- struct folio *folio = readahead_folio(rac);
-
- ret = erofs_fscache_read_folio_inline(folio, &map);
- if (!ret) {
+ size = ret;
+ while (size) {
+ folio = readahead_folio(rac);
+ size -= folio_size(folio);
+ if (unlock) {
folio_mark_uptodate(folio);
- ret = folio_size(folio);
+ folio_unlock(folio);
}
-
- folio_unlock(folio);
- continue;
}
-
- mdev = (struct erofs_map_dev) {
- .m_deviceid = map.m_deviceid,
- .m_pa = map.m_pa,
- };
- ret = erofs_map_dev(sb, &mdev);
- if (ret)
- return;
-
- rreq = erofs_fscache_alloc_request(rac->mapping, offset, count);
- if (IS_ERR(rreq))
- return;
- /*
- * Drop the ref of folios here. Unlock them in
- * rreq_unlock_folios() when rreq complete.
- */
- erofs_fscache_advance_folios(rac, count, false);
- ret = erofs_fscache_read_folios_async(mdev.m_fscache->cookie,
- rreq, mdev.m_pa + (pos - map.m_la));
- if (!ret)
- ret = count;
- } while (ret > 0 && ((done += ret) < len));
+ } while ((done += ret) < len);
}
static const struct address_space_operations erofs_fscache_meta_aops = {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 114/314] erofs: get correct count for unmapped range in fscache mode
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 113/314] erofs: clean up .read_folio() and .readahead() in fscache mode Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 115/314] block: sed-opal: kmalloc the cmd/resp buffers Greg Kroah-Hartman
` (207 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jingbo Xu, Gao Xiang, Chao Yu, Sasha Levin
From: Jingbo Xu <jefflexu@linux.alibaba.com>
[ Upstream commit e6d9f9ba111b56154f1b1120252aff269cebd49c ]
For unmapped range, the returned map.m_llen is zero, and thus the
calculated count is unexpected zero.
Prior to the refactoring introduced by commit 1ae9470c3e14 ("erofs:
clean up .read_folio() and .readahead() in fscache mode"), only the
readahead routine suffers from this. With the refactoring of making
.read_folio() and .readahead() calling one common routine, both
read_folio and readahead have this issue now.
Fix this by calculating count separately in unmapped condition.
Fixes: c665b394b9e8 ("erofs: implement fscache-based data readahead")
Fixes: 1ae9470c3e14 ("erofs: clean up .read_folio() and .readahead() in fscache mode")
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20221104054028.52208-3-jefflexu@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/fscache.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index 508b1a4df15e..8585e324298c 100644
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -288,15 +288,16 @@ static int erofs_fscache_data_read(struct address_space *mapping,
return PAGE_SIZE;
}
- count = min_t(size_t, map.m_llen - (pos - map.m_la), len);
- DBG_BUGON(!count || count % PAGE_SIZE);
-
if (!(map.m_flags & EROFS_MAP_MAPPED)) {
+ count = len;
iov_iter_xarray(&iter, READ, &mapping->i_pages, pos, count);
iov_iter_zero(count, &iter);
return count;
}
+ count = min_t(size_t, map.m_llen - (pos - map.m_la), len);
+ DBG_BUGON(!count || count % PAGE_SIZE);
+
mdev = (struct erofs_map_dev) {
.m_deviceid = map.m_deviceid,
.m_pa = map.m_pa,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 115/314] block: sed-opal: kmalloc the cmd/resp buffers
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 114/314] erofs: get correct count for unmapped range " Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 116/314] nfsd: put the export reference in nfsd4_verify_deleg_dentry Greg Kroah-Hartman
` (206 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Serge Semin, Christoph Hellwig,
Jens Axboe, Sasha Levin
From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[ Upstream commit f829230dd51974c1f4478900ed30bb77ba530b40 ]
In accordance with [1] the DMA-able memory buffers must be
cacheline-aligned otherwise the cache writing-back and invalidation
performed during the mapping may cause the adjacent data being lost. It's
specifically required for the DMA-noncoherent platforms [2]. Seeing the
opal_dev.{cmd,resp} buffers are implicitly used for DMAs in the NVME and
SCSI/SD drivers in framework of the nvme_sec_submit() and sd_sec_submit()
methods respectively they must be cacheline-aligned to prevent the denoted
problem. One of the option to guarantee that is to kmalloc the buffers
[2]. Let's explicitly allocate them then instead of embedding into the
opal_dev structure instance.
Note this fix was inspired by the commit c94b7f9bab22 ("nvme-hwmon:
kmalloc the NVME SMART log buffer").
[1] Documentation/core-api/dma-api.rst
[2] Documentation/core-api/dma-api-howto.rst
Fixes: 455a7b238cd6 ("block: Add Sed-opal library")
Signed-off-by: Serge Semin <Sergey.Semin@baikalelectronics.ru>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20221107203944.31686-1-Sergey.Semin@baikalelectronics.ru
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/sed-opal.c | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/block/sed-opal.c b/block/sed-opal.c
index 9700197000f2..55cd37e868c0 100644
--- a/block/sed-opal.c
+++ b/block/sed-opal.c
@@ -88,8 +88,8 @@ struct opal_dev {
u64 lowest_lba;
size_t pos;
- u8 cmd[IO_BUFFER_LENGTH];
- u8 resp[IO_BUFFER_LENGTH];
+ u8 *cmd;
+ u8 *resp;
struct parsed_resp parsed;
size_t prev_d_len;
@@ -2134,6 +2134,8 @@ void free_opal_dev(struct opal_dev *dev)
return;
clean_opal_dev(dev);
+ kfree(dev->resp);
+ kfree(dev->cmd);
kfree(dev);
}
EXPORT_SYMBOL(free_opal_dev);
@@ -2146,17 +2148,39 @@ struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
if (!dev)
return NULL;
+ /*
+ * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
+ * sure the allocated buffer is DMA-safe in that regard.
+ */
+ dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
+ if (!dev->cmd)
+ goto err_free_dev;
+
+ dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
+ if (!dev->resp)
+ goto err_free_cmd;
+
INIT_LIST_HEAD(&dev->unlk_lst);
mutex_init(&dev->dev_lock);
dev->data = data;
dev->send_recv = send_recv;
if (check_opal_support(dev) != 0) {
pr_debug("Opal is not supported on this device\n");
- kfree(dev);
- return NULL;
+ goto err_free_resp;
}
return dev;
+
+err_free_resp:
+ kfree(dev->resp);
+
+err_free_cmd:
+ kfree(dev->cmd);
+
+err_free_dev:
+ kfree(dev);
+
+ return NULL;
}
EXPORT_SYMBOL(init_opal_dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 116/314] nfsd: put the export reference in nfsd4_verify_deleg_dentry
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 115/314] block: sed-opal: kmalloc the cmd/resp buffers Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 117/314] bpf: Fix memory leaks in __check_func_call Greg Kroah-Hartman
` (205 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yongcheng Yang, Jeff Layton,
Chuck Lever, Sasha Levin
From: Jeff Layton <jlayton@kernel.org>
[ Upstream commit 50256e4793a5e5ab77703c82a47344ad2e774a59 ]
nfsd_lookup_dentry returns an export reference in addition to the dentry
ref. Ensure that we put it too.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2138866
Fixes: 876c553cb410 ("NFSD: verify the opened dentry after setting a delegation")
Reported-by: Yongcheng Yang <yoyang@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/nfs4state.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 0bc36472f8b7..ddb2bf078fda 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5313,6 +5313,7 @@ nfsd4_verify_deleg_dentry(struct nfsd4_open *open, struct nfs4_file *fp,
if (err)
return -EAGAIN;
+ exp_put(exp);
dput(child);
if (child != file_dentry(fp->fi_deleg_file->nf_file))
return -EAGAIN;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 117/314] bpf: Fix memory leaks in __check_func_call
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 116/314] nfsd: put the export reference in nfsd4_verify_deleg_dentry Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 118/314] io_uring: calculate CQEs from the user visible value Greg Kroah-Hartman
` (204 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Yufen, Martin KaFai Lau, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit eb86559a691cea5fa63e57a03ec3dc9c31e97955 ]
kmemleak reports this issue:
unreferenced object 0xffff88817139d000 (size 2048):
comm "test_progs", pid 33246, jiffies 4307381979 (age 45851.820s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<0000000045f075f0>] kmalloc_trace+0x27/0xa0
[<0000000098b7c90a>] __check_func_call+0x316/0x1230
[<00000000b4c3c403>] check_helper_call+0x172e/0x4700
[<00000000aa3875b7>] do_check+0x21d8/0x45e0
[<000000001147357b>] do_check_common+0x767/0xaf0
[<00000000b5a595b4>] bpf_check+0x43e3/0x5bc0
[<0000000011e391b1>] bpf_prog_load+0xf26/0x1940
[<0000000007f765c0>] __sys_bpf+0xd2c/0x3650
[<00000000839815d6>] __x64_sys_bpf+0x75/0xc0
[<00000000946ee250>] do_syscall_64+0x3b/0x90
[<0000000000506b7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
The root case here is: In function prepare_func_exit(), the callee is
not released in the abnormal scenario after "state->curframe--;". To
fix, move "state->curframe--;" to the very bottom of the function,
right when we free callee and reset frame[] pointer to NULL, as Andrii
suggested.
In addition, function __check_func_call() has a similar problem. In
the abnormal scenario before "state->curframe++;", the callee also
should be released by free_func_state().
Fixes: 69c087ba6225 ("bpf: Add bpf_for_each_map_elem() helper")
Fixes: fd978bf7fd31 ("bpf: Add reference tracking to verifier")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Link: https://lore.kernel.org/r/1667884291-15666-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 69fb46fdf763..b781075dd510 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6674,11 +6674,11 @@ static int __check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn
/* Transfer references to the callee */
err = copy_reference_state(callee, caller);
if (err)
- return err;
+ goto err_out;
err = set_callee_state_cb(env, caller, callee, *insn_idx);
if (err)
- return err;
+ goto err_out;
clear_caller_saved_regs(env, caller->regs);
@@ -6695,6 +6695,11 @@ static int __check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn
print_verifier_state(env, callee, true);
}
return 0;
+
+err_out:
+ free_func_state(callee);
+ state->frame[state->curframe + 1] = NULL;
+ return err;
}
int map_set_for_each_callback_args(struct bpf_verifier_env *env,
@@ -6880,8 +6885,7 @@ static int prepare_func_exit(struct bpf_verifier_env *env, int *insn_idx)
return -EINVAL;
}
- state->curframe--;
- caller = state->frame[state->curframe];
+ caller = state->frame[state->curframe - 1];
if (callee->in_callback_fn) {
/* enforce R0 return value range [0, 1]. */
struct tnum range = tnum_range(0, 1);
@@ -6920,7 +6924,7 @@ static int prepare_func_exit(struct bpf_verifier_env *env, int *insn_idx)
}
/* clear everything in the callee */
free_func_state(callee);
- state->frame[state->curframe + 1] = NULL;
+ state->frame[state->curframe--] = NULL;
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 118/314] io_uring: calculate CQEs from the user visible value
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 117/314] bpf: Fix memory leaks in __check_func_call Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 119/314] pinctrl: mediatek: common-v2: Fix bias-disable for PULL_PU_PD_RSEL_TYPE Greg Kroah-Hartman
` (203 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dylan Yudaken, Jens Axboe, Sasha Levin
From: Dylan Yudaken <dylany@meta.com>
[ Upstream commit 0fc8c2acbfc789a977a50a4a9812a8e4b37958ce ]
io_cqring_wait (and it's wake function io_has_work) used cached_cq_tail in
order to calculate the number of CQEs. cached_cq_tail is set strictly
before the user visible rings->cq.tail
However as far as userspace is concerned, if io_uring_enter(2) is called
with a minimum number of events, they will verify by checking
rings->cq.tail.
It is therefore possible for io_uring_enter(2) to return early with fewer
events visible to the user.
Instead make the wait functions read from the user visible value, so there
will be no discrepency.
This is triggered eventually by the following reproducer:
struct io_uring_sqe *sqe;
struct io_uring_cqe *cqe;
unsigned int cqe_ready;
struct io_uring ring;
int ret, i;
ret = io_uring_queue_init(N, &ring, 0);
assert(!ret);
while(true) {
for (i = 0; i < N; i++) {
sqe = io_uring_get_sqe(&ring);
io_uring_prep_nop(sqe);
sqe->flags |= IOSQE_ASYNC;
}
ret = io_uring_submit(&ring);
assert(ret == N);
do {
ret = io_uring_wait_cqes(&ring, &cqe, N, NULL, NULL);
} while(ret == -EINTR);
cqe_ready = io_uring_cq_ready(&ring);
assert(!ret);
assert(cqe_ready == N);
io_uring_cq_advance(&ring, N);
}
Fixes: ad3eb2c89fb2 ("io_uring: split overflow state into SQ and CQ side")
Signed-off-by: Dylan Yudaken <dylany@meta.com>
Link: https://lore.kernel.org/r/20221108153016.1854297-1-dylany@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/io_uring.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index d29f397f095e..f347e81e2d98 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -171,6 +171,11 @@ static inline unsigned int __io_cqring_events(struct io_ring_ctx *ctx)
return ctx->cached_cq_tail - READ_ONCE(ctx->rings->cq.head);
}
+static inline unsigned int __io_cqring_events_user(struct io_ring_ctx *ctx)
+{
+ return READ_ONCE(ctx->rings->cq.tail) - READ_ONCE(ctx->rings->cq.head);
+}
+
static bool io_match_linked(struct io_kiocb *head)
{
struct io_kiocb *req;
@@ -2163,7 +2168,7 @@ struct io_wait_queue {
static inline bool io_should_wake(struct io_wait_queue *iowq)
{
struct io_ring_ctx *ctx = iowq->ctx;
- int dist = ctx->cached_cq_tail - (int) iowq->cq_tail;
+ int dist = READ_ONCE(ctx->rings->cq.tail) - (int) iowq->cq_tail;
/*
* Wake up if we have enough events, or if a timeout occurred since we
@@ -2240,7 +2245,8 @@ static int io_cqring_wait(struct io_ring_ctx *ctx, int min_events,
do {
io_cqring_overflow_flush(ctx);
- if (io_cqring_events(ctx) >= min_events)
+ /* if user messes with these they will just get an early return */
+ if (__io_cqring_events_user(ctx) >= min_events)
return 0;
if (!io_run_task_work())
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 119/314] pinctrl: mediatek: common-v2: Fix bias-disable for PULL_PU_PD_RSEL_TYPE
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 118/314] io_uring: calculate CQEs from the user visible value Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 120/314] arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro Greg Kroah-Hartman
` (202 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, AngeloGioacchino Del Regno,
Linus Walleij, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit fed74d75277da865da9ba334d3f5d5e3e327971d ]
In pinctrl-paris we're calling the .bias_set_combo() callback when we
are asked to set the pin bias to either pull up/down or pull disable.
On newer platforms, this callback is mtk_pinconf_bias_set_combo(),
located in pinctrl-mtk-common-v2.c: this will check the "pull type"
assigned to the requested pin and in case said pin's pull type is
MTK_PULL_PU_PD_RSEL_TYPE, this function will set RSEL first, PUPD
last, which is fine.
The issue comes when we're requesting PIN_CONFIG_BIAS_DISABLE, as
this does *not* require setting RSEL but only PU_PD: in this case,
the arg is MTK_DISABLE (zero), which is not a supported RSEL, due
to which function mtk_pinconf_bias_set_rsel() returns a failure;
because of that, mtk_pinconf_bias_set_pu_pd() is never called,
hence the pin bias is never set to DISABLE.
To fix this issue, add a check to mtk_pinconf_bias_set_rsel(): if
we are entering that function with no pullup requested and at the
same time the arg is MTK_DISABLE, this means that we're trying to
disable pin bias, hence it's safe to return cleanly without ever
setting any RSEL register.
This makes mtk_pinconf_bias_set_combo() happy, going on with setting
the PU_PD registers, which is the only action to actually take to
disable bias on a pin/pingroup.
Fixes: fb34a9ae383a ("pinctrl: mediatek: support rsel feature")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/20221104105605.33720-1-angelogioacchino.delregno@collabora.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c b/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
index e1ae3beb9f72..b7921b59eb7b 100644
--- a/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
+++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c
@@ -709,6 +709,9 @@ static int mtk_pinconf_bias_set_rsel(struct mtk_pinctrl *hw,
{
int err, rsel_val;
+ if (!pullup && arg == MTK_DISABLE)
+ return 0;
+
if (hw->rsel_si_unit) {
/* find pin rsel_index from pin_rsel array*/
err = mtk_hw_pin_rsel_lookup(hw, desc, pullup, arg, &rsel_val);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 120/314] arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 119/314] pinctrl: mediatek: common-v2: Fix bias-disable for PULL_PU_PD_RSEL_TYPE Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 121/314] nvmet: fix a memory leak Greg Kroah-Hartman
` (201 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven,
D Scott Phillips, Catalin Marinas, Sasha Levin
From: D Scott Phillips <scott@os.amperecomputing.com>
[ Upstream commit 8ec8490a1950efeccb00967698cf7cb2fcd25ca7 ]
CONFIG_UBSAN_SHIFT with gcc-5 complains that the shifting of
ARM_CPU_IMP_AMPERE (0xC0) into bits [31:24] by MIDR_CPU_MODEL() is
undefined behavior. Well, sort of, it actually spells the error as:
arch/arm64/kernel/proton-pack.c: In function 'spectre_bhb_loop_affected':
arch/arm64/include/asm/cputype.h:44:2: error: initializer element is not constant
(((imp) << MIDR_IMPLEMENTOR_SHIFT) | \
^
This isn't an issue for other Implementor codes, as all the other codes
have zero in the top bit and so are representable as a signed int.
Cast the implementor code to unsigned in MIDR_CPU_MODEL to remove the
undefined behavior.
Fixes: 0e5d5ae837c8 ("arm64: Add AMPERE1 to the Spectre-BHB affected list")
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: D Scott Phillips <scott@os.amperecomputing.com>
Link: https://lore.kernel.org/r/20221102160106.1096948-1-scott@os.amperecomputing.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/cputype.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
index abc418650fec..65e53ef5a396 100644
--- a/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -41,7 +41,7 @@
(((midr) & MIDR_IMPLEMENTOR_MASK) >> MIDR_IMPLEMENTOR_SHIFT)
#define MIDR_CPU_MODEL(imp, partnum) \
- (((imp) << MIDR_IMPLEMENTOR_SHIFT) | \
+ ((_AT(u32, imp) << MIDR_IMPLEMENTOR_SHIFT) | \
(0xf << MIDR_ARCHITECTURE_SHIFT) | \
((partnum) << MIDR_PARTNUM_SHIFT))
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 121/314] nvmet: fix a memory leak
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 120/314] arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 122/314] siox: fix possible memory leak in siox_device_add() Greg Kroah-Hartman
` (200 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sagi Grimberg, Chaitanya Kulkarni,
Christoph Hellwig, Sasha Levin
From: Sagi Grimberg <sagi@grimberg.me>
[ Upstream commit e65fdf530f55c5e387db14470a59a399faa29613 ]
We need to also free the dhchap_ctrl_secret when releasing nvmet_host.
kmemleak complaint:
--
unreferenced object 0xffff99b1cbca5140 (size 64):
comm "check", pid 4864, jiffies 4305092436 (age 2913.583s)
hex dump (first 32 bytes):
44 48 48 43 2d 31 3a 30 30 3a 65 36 2b 41 63 44 DHHC-1:00:e6+AcD
39 76 47 4d 52 57 59 78 67 54 47 44 51 59 47 78 9vGMRWYxgTGDQYGx
backtrace:
[<00000000c07d369d>] kstrdup+0x2e/0x60
[<000000001372171c>] 0xffffffffc0cceec6
[<0000000010dbf50b>] 0xffffffffc0cc6783
[<000000007465e93c>] configfs_write_iter+0xb1/0x120
[<0000000039c23f62>] vfs_write+0x2be/0x3c0
[<000000002da4351c>] ksys_write+0x5f/0xe0
[<00000000d5011e32>] do_syscall_64+0x38/0x90
[<00000000503870cf>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/configfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
index 2bcd60758919..7f52d9dac443 100644
--- a/drivers/nvme/target/configfs.c
+++ b/drivers/nvme/target/configfs.c
@@ -1811,6 +1811,7 @@ static void nvmet_host_release(struct config_item *item)
#ifdef CONFIG_NVME_TARGET_AUTH
kfree(host->dhchap_secret);
+ kfree(host->dhchap_ctrl_secret);
#endif
kfree(host);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 122/314] siox: fix possible memory leak in siox_device_add()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 121/314] nvmet: fix a memory leak Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 123/314] parport_pc: Avoid FIFO port location truncation Greg Kroah-Hartman
` (199 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang,
Uwe Kleine-König, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 6e63153db50059fb78b8a8447b132664887d24e3 ]
If device_register() returns error in siox_device_add(),
the name allocated by dev_set_name() need be freed. As
comment of device_register() says, it should use put_device()
to give up the reference in the error path. So fix this
by calling put_device(), then the name can be freed in
kobject_cleanup(), and sdevice is freed in siox_device_release(),
set it to null in error path.
Fixes: bbecb07fa0af ("siox: new driver framework for eckelmann SIOX")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20221104021334.618189-1-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/siox/siox-core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/siox/siox-core.c b/drivers/siox/siox-core.c
index 7c4f32d76966..561408583b2b 100644
--- a/drivers/siox/siox-core.c
+++ b/drivers/siox/siox-core.c
@@ -839,6 +839,8 @@ static struct siox_device *siox_device_add(struct siox_master *smaster,
err_device_register:
/* don't care to make the buffer smaller again */
+ put_device(&sdevice->dev);
+ sdevice = NULL;
err_buf_alloc:
siox_master_unlock(smaster);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 123/314] parport_pc: Avoid FIFO port location truncation
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 122/314] siox: fix possible memory leak in siox_device_add() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 124/314] selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms Greg Kroah-Hartman
` (198 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej W. Rozycki, Sudip Mukherjee,
Sasha Levin
From: Maciej W. Rozycki <macro@orcam.me.uk>
[ Upstream commit ab126f51c93a15093df604f661c9480854c005a3 ]
Match the data type of a temporary holding a reference to the FIFO port
with the type of the original reference coming from `struct parport',
avoiding data truncation with LP64 ports such as SPARC64 that refer to
PCI port I/O locations via their corresponding MMIO addresses and will
therefore have non-zero bits in the high 32-bit part of the reference.
And in any case it is cleaner to have the data types matching here.
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Link: https://lore.kernel.org/linux-pci/20220419033752.GA1101844@bhelgaas/
Acked-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2209231912550.29493@angie.orcam.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/parport/parport_pc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c
index eda4ded4d5e5..925be41eeebe 100644
--- a/drivers/parport/parport_pc.c
+++ b/drivers/parport/parport_pc.c
@@ -468,7 +468,7 @@ static size_t parport_pc_fifo_write_block_pio(struct parport *port,
const unsigned char *bufp = buf;
size_t left = length;
unsigned long expire = jiffies + port->physport->cad->timeout;
- const int fifo = FIFO(port);
+ const unsigned long fifo = FIFO(port);
int poll_for = 8; /* 80 usecs */
const struct parport_pc_private *priv = port->physport->private_data;
const int fifo_depth = priv->fifo_depth;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 124/314] selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 123/314] parport_pc: Avoid FIFO port location truncation Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 125/314] selftests/bpf: Fix test_progs compilation failure in 32-bit arch Greg Kroah-Hartman
` (197 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pu Lehui, Yonghong Song,
Martin KaFai Lau, Sasha Levin
From: Pu Lehui <pulehui@huawei.com>
[ Upstream commit 0811664da064c6d7ca64c02f5579f758a007e52d ]
When cross-compiling test_verifier for 32-bit platforms, the casting error is shown below:
test_verifier.c:1263:27: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
1263 | info.xlated_prog_insns = (__u64)*buf;
| ^
cc1: all warnings being treated as errors
Fix it by adding zero-extension for it.
Fixes: 933ff53191eb ("selftests/bpf: specify expected instructions in test_verifier tests")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221108121945.4104644-1-pulehui@huaweicloud.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_verifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
index f9d553fbf68a..ce97a9262698 100644
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -1260,7 +1260,7 @@ static int get_xlated_program(int fd_prog, struct bpf_insn **buf, int *cnt)
bzero(&info, sizeof(info));
info.xlated_prog_len = xlated_prog_len;
- info.xlated_prog_insns = (__u64)*buf;
+ info.xlated_prog_insns = (__u64)(unsigned long)*buf;
if (bpf_obj_get_info_by_fd(fd_prog, &info, &info_len)) {
perror("second bpf_obj_get_info_by_fd failed");
goto out_free_buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 125/314] selftests/bpf: Fix test_progs compilation failure in 32-bit arch
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 124/314] selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 126/314] pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Greg Kroah-Hartman
` (196 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Jihong, Yonghong Song,
Martin KaFai Lau, Sasha Levin
From: Yang Jihong <yangjihong1@huawei.com>
[ Upstream commit 5704bc7e8991164b14efb748b5afa0715c25fac3 ]
test_progs fails to be compiled in the 32-bit arch, log is as follows:
test_progs.c:1013:52: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=]
1013 | sprintf(buf, "MSG_TEST_LOG (cnt: %ld, last: %d)",
| ~~^
| |
| long int
| %d
1014 | strlen(msg->test_log.log_buf),
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| size_t {aka unsigned int}
Fix it.
Fixes: 91b2c0afd00c ("selftests/bpf: Add parallelism to test_progs")
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221108015857.132457-1-yangjihong1@huawei.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_progs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index 3561c97701f2..a07b8ae64bf8 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -993,7 +993,7 @@ static inline const char *str_msg(const struct msg *msg, char *buf)
msg->subtest_done.have_log);
break;
case MSG_TEST_LOG:
- sprintf(buf, "MSG_TEST_LOG (cnt: %ld, last: %d)",
+ sprintf(buf, "MSG_TEST_LOG (cnt: %zu, last: %d)",
strlen(msg->test_log.log_buf),
msg->test_log.is_last);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 126/314] pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 125/314] selftests/bpf: Fix test_progs compilation failure in 32-bit arch Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 127/314] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms Greg Kroah-Hartman
` (195 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zeng Heng, Linus Walleij, Sasha Levin
From: Zeng Heng <zengheng4@huawei.com>
[ Upstream commit 91d5c5060ee24fe8da88cd585bb43b843d2f0dce ]
Here is the BUG report by KASAN about null pointer dereference:
BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50
Read of size 1 at addr 0000000000000000 by task python3/2640
Call Trace:
strcmp
__of_find_property
of_find_property
pinctrl_dt_to_map
kasprintf() would return NULL pointer when kmalloc() fail to allocate.
So directly return ENOMEM, if kasprintf() return NULL pointer.
Fixes: 57291ce295c0 ("pinctrl: core device tree mapping table parsing support")
Signed-off-by: Zeng Heng <zengheng4@huawei.com>
Link: https://lore.kernel.org/r/20221110082056.2014898-1-zengheng4@huawei.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/devicetree.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pinctrl/devicetree.c b/drivers/pinctrl/devicetree.c
index ef898ee8ca6b..6e0a40962f38 100644
--- a/drivers/pinctrl/devicetree.c
+++ b/drivers/pinctrl/devicetree.c
@@ -220,6 +220,8 @@ int pinctrl_dt_to_map(struct pinctrl *p, struct pinctrl_dev *pctldev)
for (state = 0; ; state++) {
/* Retrieve the pinctrl-* property */
propname = kasprintf(GFP_KERNEL, "pinctrl-%d", state);
+ if (!propname)
+ return -ENOMEM;
prop = of_find_property(np, propname, &size);
kfree(propname);
if (!prop) {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 127/314] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 126/314] pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 128/314] drm/panel: simple: set bpc field for logic technologies displays Greg Kroah-Hartman
` (194 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Maxime Ripard, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit dba9e3467425800f9d3a14e8b6a0f85c731c1650 ]
The drm_atomic_get_new_private_obj_state() function returns NULL
on error path, drm_atomic_get_old_private_obj_state() function
returns NULL on error path, too, they does not return error pointers.
By the way, vc4_hvs_get_new/old_global_state() should return
ERR_PTR(-EINVAL), otherwise there will be null-ptr-defer issue,
such as follows:
In function vc4_atomic_commit_tail():
|-- old_hvs_state = vc4_hvs_get_old_global_state(state); <-- return NULL
|-- if (WARN_ON(IS_ERR(old_hvs_state))) <-- no return
|-- unsigned long state_rate = max(old_hvs_state->core_clock_rate,
new_hvs_state->core_clock_rate); <-- null-ptr-defer
Fixes: 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20221110094445.2930509-6-cuigaosheng1@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_kms.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_kms.c b/drivers/gpu/drm/vc4/vc4_kms.c
index b45dcdfd7306..a3678178b022 100644
--- a/drivers/gpu/drm/vc4/vc4_kms.c
+++ b/drivers/gpu/drm/vc4/vc4_kms.c
@@ -198,8 +198,8 @@ vc4_hvs_get_new_global_state(struct drm_atomic_state *state)
struct drm_private_state *priv_state;
priv_state = drm_atomic_get_new_private_obj_state(state, &vc4->hvs_channels);
- if (IS_ERR(priv_state))
- return ERR_CAST(priv_state);
+ if (!priv_state)
+ return ERR_PTR(-EINVAL);
return to_vc4_hvs_state(priv_state);
}
@@ -211,8 +211,8 @@ vc4_hvs_get_old_global_state(struct drm_atomic_state *state)
struct drm_private_state *priv_state;
priv_state = drm_atomic_get_old_private_obj_state(state, &vc4->hvs_channels);
- if (IS_ERR(priv_state))
- return ERR_CAST(priv_state);
+ if (!priv_state)
+ return ERR_PTR(-EINVAL);
return to_vc4_hvs_state(priv_state);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 128/314] drm/panel: simple: set bpc field for logic technologies displays
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 127/314] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 129/314] drm/drv: Fix potential memory leak in drm_dev_init() Greg Kroah-Hartman
` (193 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aishwarya Kothari,
Francesco Dolcini, Douglas Anderson, Sasha Levin
From: Aishwarya Kothari <aishwarya.kothari@toradex.com>
[ Upstream commit 876153ab068b2507a19aa3ef481f5b00a2cc780f ]
In case bpc is not set for a panel it then throws a WARN(). Add bpc to
the panels logictechno_lt170410_2whc and logictechno_lt161010_2nh.
Fixes: 5728fe7fa539 ("drm/panel: simple: add display timings for logic technologies displays")
Signed-off-by: Aishwarya Kothari <aishwarya.kothari@toradex.com>
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220831141622.39605-1-francesco.dolcini@toradex.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-simple.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
index 1e716c23019a..eb938bfb0573 100644
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -2505,6 +2505,7 @@ static const struct display_timing logictechno_lt161010_2nh_timing = {
static const struct panel_desc logictechno_lt161010_2nh = {
.timings = &logictechno_lt161010_2nh_timing,
.num_timings = 1,
+ .bpc = 6,
.size = {
.width = 154,
.height = 86,
@@ -2534,6 +2535,7 @@ static const struct display_timing logictechno_lt170410_2whc_timing = {
static const struct panel_desc logictechno_lt170410_2whc = {
.timings = &logictechno_lt170410_2whc_timing,
.num_timings = 1,
+ .bpc = 8,
.size = {
.width = 217,
.height = 136,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 129/314] drm/drv: Fix potential memory leak in drm_dev_init()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 128/314] drm/panel: simple: set bpc field for logic technologies displays Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 130/314] drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() Greg Kroah-Hartman
` (192 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Lyude Paul, Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit ff963634f7b2e0dc011349abb3fb81a0d074f443 ]
drm_dev_init() will add drm_dev_init_release() as a callback. When
drmm_add_action() failed, the release function won't be added. As the
result, the ref cnt added by device_get() in drm_dev_init() won't be put
by drm_dev_init_release(), which leads to the memleak. Use
drmm_add_action_or_reset() instead of drmm_add_action() to prevent
memleak.
unreferenced object 0xffff88810bc0c800 (size 2048):
comm "modprobe", pid 8322, jiffies 4305809845 (age 15.292s)
hex dump (first 32 bytes):
e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................
20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<.............
backtrace:
[<000000007251f72d>] __kmalloc+0x4b/0x1c0
[<0000000045f21f26>] platform_device_alloc+0x2d/0xe0
[<000000004452a479>] platform_device_register_full+0x24/0x1c0
[<0000000089f4ea61>] 0xffffffffa0736051
[<00000000235b2441>] do_one_initcall+0x7a/0x380
[<0000000001a4a177>] do_init_module+0x5c/0x230
[<000000002bf8a8e2>] load_module+0x227d/0x2420
[<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140
[<00000000c99fc324>] do_syscall_64+0x3f/0x90
[<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: 2cbf7fc6718b ("drm: Use drmm_ for drm_dev_init cleanup")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221101070716.9189-2-shangxiaojing@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_drv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index 8214a0b1ab7f..203bf8d6c34c 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -615,7 +615,7 @@ static int drm_dev_init(struct drm_device *dev,
mutex_init(&dev->clientlist_mutex);
mutex_init(&dev->master_mutex);
- ret = drmm_add_action(dev, drm_dev_init_release, NULL);
+ ret = drmm_add_action_or_reset(dev, drm_dev_init_release, NULL);
if (ret)
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 130/314] drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 129/314] drm/drv: Fix potential memory leak in drm_dev_init() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 131/314] arm64: dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR Greg Kroah-Hartman
` (191 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Lyude Paul, Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit 4979524f5a2a8210e87fde2f642b0dc060860821 ]
drm_vblank_init() call drmm_add_action_or_reset() with
drm_vblank_init_release() as action. If __drmm_add_action() failed, will
directly call drm_vblank_init_release() with the vblank whose worker is
NULL. As the resule, a null-ptr-deref will happen in
kthread_destroy_worker(). Add the NULL check before calling
drm_vblank_destroy_worker().
BUG: null-ptr-deref
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty
RIP: 0010:kthread_destroy_worker+0x25/0xb0
Call Trace:
<TASK>
drm_vblank_init_release+0x124/0x220 [drm]
? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]
__drmm_add_action_or_reset+0x41/0x50 [drm]
drm_vblank_init+0x282/0x310 [drm]
vkms_init+0x35f/0x1000 [vkms]
? 0xffffffffc4508000
? lock_is_held_type+0xd7/0x130
? __kmem_cache_alloc_node+0x1c2/0x2b0
? lock_is_held_type+0xd7/0x130
? 0xffffffffc4508000
do_one_initcall+0xd0/0x4f0
...
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Fixes: 5e6c2b4f9161 ("drm/vblank: Add vblank works")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221101070716.9189-3-shangxiaojing@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_internal.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_internal.h b/drivers/gpu/drm/drm_internal.h
index 7bb98e6a446d..5ea5e260118c 100644
--- a/drivers/gpu/drm/drm_internal.h
+++ b/drivers/gpu/drm/drm_internal.h
@@ -104,7 +104,8 @@ static inline void drm_vblank_flush_worker(struct drm_vblank_crtc *vblank)
static inline void drm_vblank_destroy_worker(struct drm_vblank_crtc *vblank)
{
- kthread_destroy_worker(vblank->worker);
+ if (vblank->worker)
+ kthread_destroy_worker(vblank->worker);
}
int drm_vblank_worker_init(struct drm_vblank_crtc *vblank);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 131/314] arm64: dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 130/314] drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 132/314] ARM: dts: imx7: Fix NAND controller size-cells Greg Kroah-Hartman
` (190 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 63fd9437ec81899fc36bb642d558378bc89aa4f9 ]
Using extcon USB host mode works properly on DR interface, e.g.
enabling/disabling VBUS. But USB device mode is not working.
Fix this by switching to usb-role-switch instead.
Fixes: dfcd1b6f7620 ("arm64: dts: freescale: add initial device tree for TQMa8MQML with i.MX8MM")
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../dts/freescale/imx8mm-tqma8mqml-mba8mx.dts | 32 +++++++++++++++----
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mm-tqma8mqml-mba8mx.dts b/arch/arm64/boot/dts/freescale/imx8mm-tqma8mqml-mba8mx.dts
index 7e0aeb2db305..a0aeac619929 100644
--- a/arch/arm64/boot/dts/freescale/imx8mm-tqma8mqml-mba8mx.dts
+++ b/arch/arm64/boot/dts/freescale/imx8mm-tqma8mqml-mba8mx.dts
@@ -34,11 +34,25 @@ reg_usdhc2_vmmc: regulator-vmmc {
off-on-delay-us = <12000>;
};
- extcon_usbotg1: extcon-usbotg1 {
- compatible = "linux,extcon-usb-gpio";
+ connector {
+ compatible = "gpio-usb-b-connector", "usb-b-connector";
+ type = "micro";
+ label = "X19";
pinctrl-names = "default";
- pinctrl-0 = <&pinctrl_usb1_extcon>;
- id-gpio = <&gpio1 10 GPIO_ACTIVE_HIGH>;
+ pinctrl-0 = <&pinctrl_usb1_connector>;
+ id-gpios = <&gpio1 10 GPIO_ACTIVE_HIGH>;
+
+ ports {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ port@0 {
+ reg = <0>;
+ usb_dr_connector: endpoint {
+ remote-endpoint = <&usb1_drd_sw>;
+ };
+ };
+ };
};
};
@@ -105,13 +119,19 @@ &usbotg1 {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_usbotg1>;
dr_mode = "otg";
- extcon = <&extcon_usbotg1>;
srp-disable;
hnp-disable;
adp-disable;
power-active-high;
over-current-active-low;
+ usb-role-switch;
status = "okay";
+
+ port {
+ usb1_drd_sw: endpoint {
+ remote-endpoint = <&usb_dr_connector>;
+ };
+ };
};
&usbotg2 {
@@ -231,7 +251,7 @@ pinctrl_usbotg1: usbotg1grp {
<MX8MM_IOMUXC_GPIO1_IO13_USB1_OTG_OC 0x84>;
};
- pinctrl_usb1_extcon: usb1-extcongrp {
+ pinctrl_usb1_connector: usb1-connectorgrp {
fsl,pins = <MX8MM_IOMUXC_GPIO1_IO10_GPIO1_IO10 0x1c0>;
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 132/314] ARM: dts: imx7: Fix NAND controller size-cells
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 131/314] arm64: dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 133/314] arm64: dts: imx8mm: " Greg Kroah-Hartman
` (189 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Shawn Guo, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 753395ea1e45c724150070b5785900b6a44bd5fb ]
The NAND controller size-cells should be 0 per DT bindings.
Fix the following warning produces by DT bindings check:
"
nand-controller@33002000: #size-cells:0:0: 0 was expected
nand-controller@33002000: Unevaluated properties are not allowed ('#address-cells', '#size-cells' were unexpected)
"
Fix the missing space in node name too.
Fixes: e7495a45a76de ("ARM: dts: imx7: add GPMI NAND and APBH DMA")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx7s.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/imx7s.dtsi b/arch/arm/boot/dts/imx7s.dtsi
index 29148285f9fc..1dc3bfac30b6 100644
--- a/arch/arm/boot/dts/imx7s.dtsi
+++ b/arch/arm/boot/dts/imx7s.dtsi
@@ -1270,10 +1270,10 @@ dma_apbh: dma-apbh@33000000 {
clocks = <&clks IMX7D_NAND_USDHC_BUS_RAWNAND_CLK>;
};
- gpmi: nand-controller@33002000{
+ gpmi: nand-controller@33002000 {
compatible = "fsl,imx7d-gpmi-nand";
#address-cells = <1>;
- #size-cells = <1>;
+ #size-cells = <0>;
reg = <0x33002000 0x2000>, <0x33004000 0x4000>;
reg-names = "gpmi-nand", "bch";
interrupts = <GIC_SPI 14 IRQ_TYPE_LEVEL_HIGH>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 133/314] arm64: dts: imx8mm: Fix NAND controller size-cells
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 132/314] ARM: dts: imx7: Fix NAND controller size-cells Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 134/314] erofs: put metabuf in error path in fscache mode Greg Kroah-Hartman
` (188 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Shawn Guo, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 1610233bc2c2cae2dff9e101e6ea5ef69cceb0e9 ]
The NAND controller size-cells should be 0 per DT bindings.
Fix the following warning produces by DT bindings check:
"
nand-controller@33002000: #size-cells:0:0: 0 was expected
nand-controller@33002000: Unevaluated properties are not allowed ('#address-cells', '#size-cells' were unexpected)
"
Fix the missing space in node name too.
Fixes: a05ea40eb384e ("arm64: dts: imx: Add i.mx8mm dtsi support")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx8mm.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mm.dtsi b/arch/arm64/boot/dts/freescale/imx8mm.dtsi
index dabd94dc30c4..50ef92915c67 100644
--- a/arch/arm64/boot/dts/freescale/imx8mm.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mm.dtsi
@@ -1244,10 +1244,10 @@ dma_apbh: dma-controller@33000000 {
clocks = <&clk IMX8MM_CLK_NAND_USDHC_BUS_RAWNAND_CLK>;
};
- gpmi: nand-controller@33002000{
+ gpmi: nand-controller@33002000 {
compatible = "fsl,imx8mm-gpmi-nand", "fsl,imx7d-gpmi-nand";
#address-cells = <1>;
- #size-cells = <1>;
+ #size-cells = <0>;
reg = <0x33002000 0x2000>, <0x33004000 0x4000>;
reg-names = "gpmi-nand", "bch";
interrupts = <GIC_SPI 14 IRQ_TYPE_LEVEL_HIGH>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 134/314] erofs: put metabuf in error path in fscache mode
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 133/314] arm64: dts: imx8mm: " Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 135/314] arm64: dts: imx8mn: Fix NAND controller size-cells Greg Kroah-Hartman
` (187 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jingbo Xu, Gao Xiang, Jia Zhu,
Chao Yu, Sasha Levin
From: Jingbo Xu <jefflexu@linux.alibaba.com>
[ Upstream commit 75e43355cbe4d5948a79bd592f2ffecb9f75f75d ]
For tail packing layout, put metabuf when error is encountered.
Fixes: 1ae9470c3e14 ("erofs: clean up .read_folio() and .readahead() in fscache mode")
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Jia Zhu <zhujia.zj@bytedance.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20221104054028.52208-2-jefflexu@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/fscache.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index 8585e324298c..79af25f0a56c 100644
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -281,8 +281,10 @@ static int erofs_fscache_data_read(struct address_space *mapping,
return PTR_ERR(src);
iov_iter_xarray(&iter, READ, &mapping->i_pages, pos, PAGE_SIZE);
- if (copy_to_iter(src + offset, size, &iter) != size)
+ if (copy_to_iter(src + offset, size, &iter) != size) {
+ erofs_put_metabuf(&buf);
return -EFAULT;
+ }
iov_iter_zero(PAGE_SIZE - size, &iter);
erofs_put_metabuf(&buf);
return PAGE_SIZE;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 135/314] arm64: dts: imx8mn: Fix NAND controller size-cells
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 134/314] erofs: put metabuf in error path in fscache mode Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 136/314] arm64: dts: imx93-pinfunc: drop execution permission Greg Kroah-Hartman
` (186 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Shawn Guo, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 5468e93b5b1083eaa729f98e59da18c85d9c4126 ]
The NAND controller size-cells should be 0 per DT bindings.
Fix the following warning produces by DT bindings check:
"
nand-controller@33002000: #size-cells:0:0: 0 was expected
nand-controller@33002000: Unevaluated properties are not allowed ('#address-cells', '#size-cells' were unexpected)
"
Fixes: 6c3debcbae47a ("arm64: dts: freescale: Add i.MX8MN dtsi support")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx8mn.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mn.dtsi b/arch/arm64/boot/dts/freescale/imx8mn.dtsi
index ad0b99adf691..67b554ba690c 100644
--- a/arch/arm64/boot/dts/freescale/imx8mn.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mn.dtsi
@@ -1102,7 +1102,7 @@ dma_apbh: dma-controller@33000000 {
gpmi: nand-controller@33002000 {
compatible = "fsl,imx8mn-gpmi-nand", "fsl,imx7d-gpmi-nand";
#address-cells = <1>;
- #size-cells = <1>;
+ #size-cells = <0>;
reg = <0x33002000 0x2000>, <0x33004000 0x4000>;
reg-names = "gpmi-nand", "bch";
interrupts = <GIC_SPI 14 IRQ_TYPE_LEVEL_HIGH>;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 136/314] arm64: dts: imx93-pinfunc: drop execution permission
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 135/314] arm64: dts: imx8mn: Fix NAND controller size-cells Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 137/314] ata: libata-transport: fix double ata_host_put() in ata_tport_add() Greg Kroah-Hartman
` (185 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peng Fan, Shawn Guo, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 2db1fdb25d209a88112fd82eb493976d66057d10 ]
Drop the header file execution permission
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Fixes: ec8b5b5058ea ("arm64: dts: freescale: Add i.MX93 dtsi support")
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/freescale/imx93-pinfunc.h | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100755 => 100644 arch/arm64/boot/dts/freescale/imx93-pinfunc.h
diff --git a/arch/arm64/boot/dts/freescale/imx93-pinfunc.h b/arch/arm64/boot/dts/freescale/imx93-pinfunc.h
old mode 100755
new mode 100644
--
2.35.1
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 137/314] ata: libata-transport: fix double ata_host_put() in ata_tport_add()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 136/314] arm64: dts: imx93-pinfunc: drop execution permission Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 138/314] ata: libata-transport: fix error handling " Greg Kroah-Hartman
` (184 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Damien Le Moal, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 8c76310740807ade5ecdab5888f70ecb6d35732e ]
In the error path in ata_tport_add(), when calling put_device(),
ata_tport_release() is called, it will put the refcount of 'ap->host'.
And then ata_host_put() is called again, the refcount is decreased
to 0, ata_host_release() is called, all ports are freed and set to
null.
When unbinding the device after failure, ata_host_stop() is called
to release the resources, it leads a null-ptr-deref(), because all
the ports all freed and null.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ata_host_stop+0x3c/0x84 [libata]
lr : release_nodes+0x64/0xd0
Call trace:
ata_host_stop+0x3c/0x84 [libata]
release_nodes+0x64/0xd0
devres_release_all+0xbc/0x1b0
device_unbind_cleanup+0x20/0x70
really_probe+0x158/0x320
__driver_probe_device+0x84/0x120
driver_probe_device+0x44/0x120
__driver_attach+0xb4/0x220
bus_for_each_dev+0x78/0xdc
driver_attach+0x2c/0x40
bus_add_driver+0x184/0x240
driver_register+0x80/0x13c
__pci_register_driver+0x4c/0x60
ahci_pci_driver_init+0x30/0x1000 [ahci]
Fix this by removing redundant ata_host_put() in the error path.
Fixes: 2623c7a5f279 ("libata: add refcounting to ata_host")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-transport.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/ata/libata-transport.c b/drivers/ata/libata-transport.c
index a7e9a75410a3..105da3ec5eaa 100644
--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -317,7 +317,6 @@ int ata_tport_add(struct device *parent,
tport_err:
transport_destroy_device(dev);
put_device(dev);
- ata_host_put(ap->host);
return error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 138/314] ata: libata-transport: fix error handling in ata_tport_add()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 137/314] ata: libata-transport: fix double ata_host_put() in ata_tport_add() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 139/314] ata: libata-transport: fix error handling in ata_tlink_add() Greg Kroah-Hartman
` (183 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Damien Le Moal, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 3613dbe3909dcc637fe6be00e4dc43b4aa0470ee ]
In ata_tport_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
device_del+0x48/0x39c
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tport_delete+0x34/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tport_add().
Fixes: d9027470b886 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-transport.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libata-transport.c b/drivers/ata/libata-transport.c
index 105da3ec5eaa..ef53bdfbcbb2 100644
--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -301,7 +301,9 @@ int ata_tport_add(struct device *parent,
pm_runtime_enable(dev);
pm_runtime_forbid(dev);
- transport_add_device(dev);
+ error = transport_add_device(dev);
+ if (error)
+ goto tport_transport_add_err;
transport_configure_device(dev);
error = ata_tlink_add(&ap->link);
@@ -312,6 +314,7 @@ int ata_tport_add(struct device *parent,
tport_link_err:
transport_remove_device(dev);
+ tport_transport_add_err:
device_del(dev);
tport_err:
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 139/314] ata: libata-transport: fix error handling in ata_tlink_add()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 138/314] ata: libata-transport: fix error handling " Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 140/314] ata: libata-transport: fix error handling in ata_tdev_add() Greg Kroah-Hartman
` (182 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Damien Le Moal, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit cf0816f6322c5c37ee52655f928e91ecf32da103 ]
In ata_tlink_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
device_del+0x48/0x39c
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tlink_delete+0x88/0xb0 [libata]
ata_tport_delete+0x2c/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tlink_add().
Fixes: d9027470b886 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-transport.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libata-transport.c b/drivers/ata/libata-transport.c
index ef53bdfbcbb2..aac9336e8153 100644
--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -458,7 +458,9 @@ int ata_tlink_add(struct ata_link *link)
goto tlink_err;
}
- transport_add_device(dev);
+ error = transport_add_device(dev);
+ if (error)
+ goto tlink_transport_err;
transport_configure_device(dev);
ata_for_each_dev(ata_dev, link, ALL) {
@@ -473,6 +475,7 @@ int ata_tlink_add(struct ata_link *link)
ata_tdev_delete(ata_dev);
}
transport_remove_device(dev);
+ tlink_transport_err:
device_del(dev);
tlink_err:
transport_destroy_device(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 140/314] ata: libata-transport: fix error handling in ata_tdev_add()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 139/314] ata: libata-transport: fix error handling in ata_tlink_add() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 141/314] nfp: change eeprom length to max length enumerators Greg Kroah-Hartman
` (181 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Damien Le Moal, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 1ff36351309e3eadcff297480baf4785e726de9b ]
In ata_tdev_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x3a0
lr : device_del+0x44/0x3a0
Call trace:
device_del+0x48/0x3a0
attribute_container_class_device_del+0x28/0x40
transport_remove_classdev+0x60/0x7c
attribute_container_device_trigger+0x118/0x120
transport_remove_device+0x20/0x30
ata_tdev_delete+0x24/0x50 [libata]
ata_tlink_delete+0x40/0xa0 [libata]
ata_tport_delete+0x2c/0x60 [libata]
ata_port_detach+0x148/0x1b0 [libata]
ata_pci_remove_one+0x50/0x80 [libata]
ahci_remove_one+0x4c/0x8c [ahci]
Fix this by checking and handling return value of transport_add_device()
in ata_tdev_add(). In the error path, device_del() is called to delete
the device which was added earlier in this function, and ata_tdev_free()
is called to free ata_dev.
Fixes: d9027470b886 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-transport.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libata-transport.c b/drivers/ata/libata-transport.c
index aac9336e8153..e4fb9d1b9b39 100644
--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -713,7 +713,13 @@ static int ata_tdev_add(struct ata_device *ata_dev)
return error;
}
- transport_add_device(dev);
+ error = transport_add_device(dev);
+ if (error) {
+ device_del(dev);
+ ata_tdev_free(ata_dev);
+ return error;
+ }
+
transport_configure_device(dev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 141/314] nfp: change eeprom length to max length enumerators
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 140/314] ata: libata-transport: fix error handling in ata_tdev_add() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 142/314] MIPS: fix duplicate definitions for exported symbols Greg Kroah-Hartman
` (180 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jaco Coetzee, Louis Peens,
Simon Horman, David S. Miller, Sasha Levin
From: Jaco Coetzee <jaco.coetzee@corigine.com>
[ Upstream commit f3a72878a3de720661b7ed0d6b7f7c506ddb8a52 ]
Extend the size of QSFP EEPROM for types SSF8436 and SFF8636
from 256 to 640 bytes in order to expose all the EEPROM pages by
ethtool.
For SFF-8636 and SFF-8436 specifications, the driver exposes
256 bytes of EEPROM data for ethtool's get_module_eeprom()
callback, resulting in "netlink error: Invalid argument" when
an EEPROM read with an offset larger than 256 bytes is attempted.
Changing the length enumerators to the _MAX_LEN
variants exposes all 640 bytes of the EEPROM allowing upper
pages 1, 2 and 3 to be read.
Fixes: 96d971e307cc ("ethtool: Add fallback to get_module_eeprom from netlink command")
Signed-off-by: Jaco Coetzee <jaco.coetzee@corigine.com>
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
index b1b1b648e40c..b19bff0db1fd 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
@@ -1440,15 +1440,15 @@ nfp_port_get_module_info(struct net_device *netdev,
if (data < 0x3) {
modinfo->type = ETH_MODULE_SFF_8436;
- modinfo->eeprom_len = ETH_MODULE_SFF_8436_LEN;
+ modinfo->eeprom_len = ETH_MODULE_SFF_8436_MAX_LEN;
} else {
modinfo->type = ETH_MODULE_SFF_8636;
- modinfo->eeprom_len = ETH_MODULE_SFF_8636_LEN;
+ modinfo->eeprom_len = ETH_MODULE_SFF_8636_MAX_LEN;
}
break;
case NFP_INTERFACE_QSFP28:
modinfo->type = ETH_MODULE_SFF_8636;
- modinfo->eeprom_len = ETH_MODULE_SFF_8636_LEN;
+ modinfo->eeprom_len = ETH_MODULE_SFF_8636_MAX_LEN;
break;
default:
netdev_err(netdev, "Unsupported module 0x%x detected\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 142/314] MIPS: fix duplicate definitions for exported symbols
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 141/314] nfp: change eeprom length to max length enumerators Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 143/314] MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed Greg Kroah-Hartman
` (179 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rongwei Zhang, Nathan Chancellor,
Thomas Bogendoerfer, Sasha Levin
From: Rongwei Zhang <pudh4418@gmail.com>
[ Upstream commit 612d80784fdc0c2e2ee2e2d901a55ef2f72ebf4b ]
Building with clang-14 fails with:
AS arch/mips/kernel/relocate_kernel.o
<unknown>:0: error: symbol 'kexec_args' is already defined
<unknown>:0: error: symbol 'secondary_kexec_args' is already defined
<unknown>:0: error: symbol 'kexec_start_address' is already defined
<unknown>:0: error: symbol 'kexec_indirection_page' is already defined
<unknown>:0: error: symbol 'relocate_new_kernel_size' is already defined
It turns out EXPORT defined in asm/asm.h expands to a symbol definition,
so there is no need to define these symbols again. Remove duplicated
symbol definitions.
Fixes: 7aa1c8f47e7e ("MIPS: kdump: Add support")
Signed-off-by: Rongwei Zhang <pudh4418@gmail.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/relocate_kernel.S | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/arch/mips/kernel/relocate_kernel.S b/arch/mips/kernel/relocate_kernel.S
index cfde14b48fd8..f5b2ef979b43 100644
--- a/arch/mips/kernel/relocate_kernel.S
+++ b/arch/mips/kernel/relocate_kernel.S
@@ -145,8 +145,7 @@ LEAF(kexec_smp_wait)
* kexec_args[0..3] are used to prepare register values.
*/
-kexec_args:
- EXPORT(kexec_args)
+EXPORT(kexec_args)
arg0: PTR_WD 0x0
arg1: PTR_WD 0x0
arg2: PTR_WD 0x0
@@ -159,8 +158,7 @@ arg3: PTR_WD 0x0
* their registers a0-a3. secondary_kexec_args[0..3] are used
* to prepare register values.
*/
-secondary_kexec_args:
- EXPORT(secondary_kexec_args)
+EXPORT(secondary_kexec_args)
s_arg0: PTR_WD 0x0
s_arg1: PTR_WD 0x0
s_arg2: PTR_WD 0x0
@@ -171,19 +169,16 @@ kexec_flag:
#endif
-kexec_start_address:
- EXPORT(kexec_start_address)
+EXPORT(kexec_start_address)
PTR_WD 0x0
.size kexec_start_address, PTRSIZE
-kexec_indirection_page:
- EXPORT(kexec_indirection_page)
+EXPORT(kexec_indirection_page)
PTR_WD 0
.size kexec_indirection_page, PTRSIZE
relocate_new_kernel_end:
-relocate_new_kernel_size:
- EXPORT(relocate_new_kernel_size)
+EXPORT(relocate_new_kernel_size)
PTR_WD relocate_new_kernel_end - relocate_new_kernel
.size relocate_new_kernel_size, PTRSIZE
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 143/314] MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 142/314] MIPS: fix duplicate definitions for exported symbols Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 144/314] io_uring/poll: fix double poll req->flags races Greg Kroah-Hartman
` (178 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liao Chang, Thomas Bogendoerfer,
Sasha Levin
From: Liao Chang <liaochang1@huawei.com>
[ Upstream commit fa706927f4722a2df723b2a28d139b1904a3e7fa ]
Add WARN_ON on kexec related kmalloc failed, avoid to pass NULL pointer
to following memcpy and loongson_kexec_prepare.
Fixes: 6ce48897ce47 ("MIPS: Loongson64: Add kexec/kdump support")
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/loongson64/reset.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/arch/mips/loongson64/reset.c b/arch/mips/loongson64/reset.c
index 758d5d26aaaa..e420800043b0 100644
--- a/arch/mips/loongson64/reset.c
+++ b/arch/mips/loongson64/reset.c
@@ -16,6 +16,7 @@
#include <asm/bootinfo.h>
#include <asm/idle.h>
#include <asm/reboot.h>
+#include <asm/bug.h>
#include <loongson.h>
#include <boot_param.h>
@@ -159,8 +160,17 @@ static int __init mips_reboot_setup(void)
#ifdef CONFIG_KEXEC
kexec_argv = kmalloc(KEXEC_ARGV_SIZE, GFP_KERNEL);
+ if (WARN_ON(!kexec_argv))
+ return -ENOMEM;
+
kdump_argv = kmalloc(KEXEC_ARGV_SIZE, GFP_KERNEL);
+ if (WARN_ON(!kdump_argv))
+ return -ENOMEM;
+
kexec_envp = kmalloc(KEXEC_ENVP_SIZE, GFP_KERNEL);
+ if (WARN_ON(!kexec_envp))
+ return -ENOMEM;
+
fw_arg1 = KEXEC_ARGV_ADDR;
memcpy(kexec_envp, (void *)fw_arg2, KEXEC_ENVP_SIZE);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 144/314] io_uring/poll: fix double poll req->flags races
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 143/314] MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 145/314] cifs: Fix connections leak when tlink setup failed Greg Kroah-Hartman
` (177 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe, Sasha Levin
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit 30a33669fa21cd3dc7d92a00ba736358059014b7 ]
io_poll_double_prepare() | io_poll_wake()
| poll->head = NULL
smp_load(&poll->head); /* NULL */ |
flags = req->flags; |
| req->flags &= ~SINGLE_POLL;
req->flags = flags | DOUBLE_POLL |
The idea behind io_poll_double_prepare() is to serialise with the
first poll entry by taking the wq lock. However, it's not safe to assume
that io_poll_wake() is not running when we can't grab the lock and so we
may race modifying req->flags.
Skip double poll setup if that happens. It's ok because the first poll
entry will only be removed when it's definitely completing, e.g.
pollfree or oneshot with a valid mask.
Fixes: 49f1c68e048f1 ("io_uring: optimise submission side poll_refs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7fab2d502f6121a7d7b199fe4d914a43ca9cdfd.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/poll.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/io_uring/poll.c b/io_uring/poll.c
index 0d9f49c575e0..97c214aa688c 100644
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -394,7 +394,8 @@ static int io_poll_wake(struct wait_queue_entry *wait, unsigned mode, int sync,
return 1;
}
-static void io_poll_double_prepare(struct io_kiocb *req)
+/* fails only when polling is already completing by the first entry */
+static bool io_poll_double_prepare(struct io_kiocb *req)
{
struct wait_queue_head *head;
struct io_poll *poll = io_poll_get_single(req);
@@ -403,20 +404,20 @@ static void io_poll_double_prepare(struct io_kiocb *req)
rcu_read_lock();
head = smp_load_acquire(&poll->head);
/*
- * poll arm may not hold ownership and so race with
- * io_poll_wake() by modifying req->flags. There is only one
- * poll entry queued, serialise with it by taking its head lock.
+ * poll arm might not hold ownership and so race for req->flags with
+ * io_poll_wake(). There is only one poll entry queued, serialise with
+ * it by taking its head lock. As we're still arming the tw hanlder
+ * is not going to be run, so there are no races with it.
*/
- if (head)
+ if (head) {
spin_lock_irq(&head->lock);
-
- req->flags |= REQ_F_DOUBLE_POLL;
- if (req->opcode == IORING_OP_POLL_ADD)
- req->flags |= REQ_F_ASYNC_DATA;
-
- if (head)
+ req->flags |= REQ_F_DOUBLE_POLL;
+ if (req->opcode == IORING_OP_POLL_ADD)
+ req->flags |= REQ_F_ASYNC_DATA;
spin_unlock_irq(&head->lock);
+ }
rcu_read_unlock();
+ return !!head;
}
static void __io_queue_proc(struct io_poll *poll, struct io_poll_table *pt,
@@ -454,7 +455,11 @@ static void __io_queue_proc(struct io_poll *poll, struct io_poll_table *pt,
/* mark as double wq entry */
wqe_private |= IO_WQE_F_DOUBLE;
io_init_poll_iocb(poll, first->events, first->wait.func);
- io_poll_double_prepare(req);
+ if (!io_poll_double_prepare(req)) {
+ /* the request is completing, just back off */
+ kfree(poll);
+ return;
+ }
*poll_ptr = poll;
} else {
/* fine to modify, there is no poll queued to race with us */
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 145/314] cifs: Fix connections leak when tlink setup failed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 144/314] io_uring/poll: fix double poll req->flags races Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 146/314] bpf: Initialize same number of free nodes for each pcpu_freelist Greg Kroah-Hartman
` (176 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE),
Zhang Xiaoxu, Steve French, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit 1dcdf5f5b2137185cbdd5385f29949ab3da4f00c ]
If the tlink setup failed, lost to put the connections, then
the module refcnt leak since the cifsd kthread not exit.
Also leak the fscache info, and for next mount with fsc, it will
print the follow errors:
CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST)
Let's check the result of tlink setup, and do some cleanup.
Fixes: 56c762eb9bee ("cifs: Refactor out cifs_mount()")
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/connect.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index c2c36451a883..317ca1be9c4c 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -3846,9 +3846,13 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
uuid_copy(&cifs_sb->dfs_mount_id, &mnt_ctx.mount_id);
out:
- free_xid(mnt_ctx.xid);
cifs_try_adding_channels(cifs_sb, mnt_ctx.ses);
- return mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ rc = mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ if (rc)
+ goto error;
+
+ free_xid(mnt_ctx.xid);
+ return rc;
error:
dfs_cache_put_refsrv_sessions(&mnt_ctx.mount_id);
@@ -3875,8 +3879,12 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx)
goto error;
}
+ rc = mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ if (rc)
+ goto error;
+
free_xid(mnt_ctx.xid);
- return mount_setup_tlink(cifs_sb, mnt_ctx.ses, mnt_ctx.tcon);
+ return rc;
error:
mount_put_conns(&mnt_ctx);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 146/314] bpf: Initialize same number of free nodes for each pcpu_freelist
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 145/314] cifs: Fix connections leak when tlink setup failed Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 147/314] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
` (175 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xu Kuohai, Andrii Nakryiko,
Yonghong Song, Sasha Levin
From: Xu Kuohai <xukuohai@huawei.com>
[ Upstream commit 4b45cd81f737d79d0fbfc0d320a1e518e7f0bbf0 ]
pcpu_freelist_populate() initializes nr_elems / num_possible_cpus() + 1
free nodes for some CPUs, and then possibly one CPU with fewer nodes,
followed by remaining cpus with 0 nodes. For example, when nr_elems == 256
and num_possible_cpus() == 32, CPU 0~27 each gets 9 free nodes, CPU 28 gets
4 free nodes, CPU 29~31 get 0 free nodes, while in fact each CPU should get
8 nodes equally.
This patch initializes nr_elems / num_possible_cpus() free nodes for each
CPU firstly, then allocates the remaining free nodes by one for each CPU
until no free nodes left.
Fixes: e19494edab82 ("bpf: introduce percpu_freelist")
Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221110122128.105214-1-xukuohai@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/percpu_freelist.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/kernel/bpf/percpu_freelist.c b/kernel/bpf/percpu_freelist.c
index 00b874c8e889..2ffb741eee8d 100644
--- a/kernel/bpf/percpu_freelist.c
+++ b/kernel/bpf/percpu_freelist.c
@@ -102,22 +102,21 @@ void pcpu_freelist_populate(struct pcpu_freelist *s, void *buf, u32 elem_size,
u32 nr_elems)
{
struct pcpu_freelist_head *head;
- int i, cpu, pcpu_entries;
+ unsigned int cpu, cpu_idx, i, j, n, m;
- pcpu_entries = nr_elems / num_possible_cpus() + 1;
- i = 0;
+ n = nr_elems / num_possible_cpus();
+ m = nr_elems % num_possible_cpus();
+ cpu_idx = 0;
for_each_possible_cpu(cpu) {
-again:
head = per_cpu_ptr(s->freelist, cpu);
- /* No locking required as this is not visible yet. */
- pcpu_freelist_push_node(head, buf);
- i++;
- buf += elem_size;
- if (i == nr_elems)
- break;
- if (i % pcpu_entries)
- goto again;
+ j = n + (cpu_idx < m ? 1 : 0);
+ for (i = 0; i < j; i++) {
+ /* No locking required as this is not visible yet. */
+ pcpu_freelist_push_node(head, buf);
+ buf += elem_size;
+ }
+ cpu_idx++;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 147/314] ata: libata-core: do not issue non-internal commands once EH is pending
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 146/314] bpf: Initialize same number of free nodes for each pcpu_freelist Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 148/314] net: bgmac: Drop free_netdev() from bgmac_enet_remove() Greg Kroah-Hartman
` (174 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Cassel, John Garry,
Damien Le Moal, Sasha Levin
From: Niklas Cassel <niklas.cassel@wdc.com>
[ Upstream commit e20e81a24a4d58744a29715aac2f795cd1651955 ]
While the ATA specification states that a device should return command
aborted for all commands queued after the device has entered error state,
since ATA only keeps the sense data for the latest command (in non-NCQ
case), we really don't want to send block layer commands to the device
after it has entered error state. (Only ATA EH commands should be sent,
to read the sense data etc.)
Currently, scsi_queue_rq() will check if scsi_host_in_recovery()
(state is SHOST_RECOVERY), and if so, it will _not_ issue a command via:
scsi_dispatch_cmd() -> host->hostt->queuecommand() (ata_scsi_queuecmd())
-> __ata_scsi_queuecmd() -> ata_scsi_translate() -> ata_qc_issue()
Before commit e494f6a72839 ("[SCSI] improved eh timeout handler"),
when receiving a TFES error IRQ, the call chain looked like this:
ahci_error_intr() -> ata_port_abort() -> ata_do_link_abort() ->
ata_qc_complete() -> ata_qc_schedule_eh() -> blk_abort_request() ->
blk_rq_timed_out() -> q->rq_timed_out_fn() (scsi_times_out()) ->
scsi_eh_scmd_add() -> scsi_host_set_state(shost, SHOST_RECOVERY)
Which meant that as soon as an error IRQ was serviced, SHOST_RECOVERY
would be set.
However, after commit e494f6a72839 ("[SCSI] improved eh timeout handler"),
scsi_times_out() will instead call scsi_abort_command() which will queue
delayed work, and the worker function scmd_eh_abort_handler() will call
scsi_eh_scmd_add(), which calls scsi_host_set_state(shost, SHOST_RECOVERY).
So now, after the TFES error IRQ has been serviced, we need to wait for
the SCSI workqueue to run its work before SHOST_RECOVERY gets set.
It is worth noting that, even before commit e494f6a72839 ("[SCSI] improved
eh timeout handler"), we could receive an error IRQ from the time when
scsi_queue_rq() checks scsi_host_in_recovery(), to the time when
ata_scsi_queuecmd() is actually called.
In order to handle both the delayed setting of SHOST_RECOVERY and the
window where we can receive an error IRQ, add a check against
ATA_PFLAG_EH_PENDING (which gets set when servicing the error IRQ),
inside ata_scsi_queuecmd() itself, while holding the ap->lock.
(Since the ap->lock is held while servicing IRQs.)
Fixes: e494f6a72839 ("[SCSI] improved eh timeout handler")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/libata-scsi.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index b0e442a75690..d86e32b71efa 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3966,9 +3966,19 @@ static inline ata_xlat_func_t ata_get_xlat_func(struct ata_device *dev, u8 cmd)
int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev)
{
+ struct ata_port *ap = dev->link->ap;
u8 scsi_op = scmd->cmnd[0];
ata_xlat_func_t xlat_func;
+ /*
+ * scsi_queue_rq() will defer commands if scsi_host_in_recovery().
+ * However, this check is done without holding the ap->lock (a libata
+ * specific lock), so we can have received an error irq since then,
+ * therefore we must check if EH is pending, while holding ap->lock.
+ */
+ if (ap->pflags & (ATA_PFLAG_EH_PENDING | ATA_PFLAG_EH_IN_PROGRESS))
+ return SCSI_MLQUEUE_DEVICE_BUSY;
+
if (unlikely(!scmd->cmd_len))
goto bad_cdb_len;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 148/314] net: bgmac: Drop free_netdev() from bgmac_enet_remove()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 147/314] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 149/314] mISDN: fix possible memory leak in mISDN_dsp_element_register() Greg Kroah-Hartman
` (173 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Yongjun, Jakub Kicinski, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 6f928ab8ee9bfbcb0e631c47ea8a16c3d5116ff1 ]
netdev is allocated in bgmac_alloc() with devm_alloc_etherdev() and will
be auto released in ->remove and ->probe failure path. Using free_netdev()
in bgmac_enet_remove() leads to double free.
Fixes: 34a5102c3235 ("net: bgmac: allocate struct bgmac just once & don't copy it")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20221109150136.2991171-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bgmac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bgmac.c b/drivers/net/ethernet/broadcom/bgmac.c
index 93580484a3f4..91c054eef701 100644
--- a/drivers/net/ethernet/broadcom/bgmac.c
+++ b/drivers/net/ethernet/broadcom/bgmac.c
@@ -1568,7 +1568,6 @@ void bgmac_enet_remove(struct bgmac *bgmac)
phy_disconnect(bgmac->net_dev->phydev);
netif_napi_del(&bgmac->napi);
bgmac_dma_free(bgmac);
- free_netdev(bgmac->net_dev);
}
EXPORT_SYMBOL_GPL(bgmac_enet_remove);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 149/314] mISDN: fix possible memory leak in mISDN_dsp_element_register()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 148/314] net: bgmac: Drop free_netdev() from bgmac_enet_remove() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 150/314] net: hinic: Fix error handling in hinic_module_init() Greg Kroah-Hartman
` (172 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Jakub Kicinski, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 98a2ac1ca8fd6eca6867726fe238d06e75eb1acd ]
Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's
bus_id string array"), the name of device is allocated dynamically,
use put_device() to give up the reference, so that the name can be
freed in kobject_cleanup() when the refcount is 0.
The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the
kfree() is removed. list_del() is called in mISDN_dsp_dev_release(),
so it need be initialized.
Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221109132832.3270119-1-yangyingliang@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/mISDN/dsp_pipeline.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/isdn/mISDN/dsp_pipeline.c b/drivers/isdn/mISDN/dsp_pipeline.c
index c3b2c99b5cd5..cfbcd9e973c2 100644
--- a/drivers/isdn/mISDN/dsp_pipeline.c
+++ b/drivers/isdn/mISDN/dsp_pipeline.c
@@ -77,6 +77,7 @@ int mISDN_dsp_element_register(struct mISDN_dsp_element *elem)
if (!entry)
return -ENOMEM;
+ INIT_LIST_HEAD(&entry->list);
entry->elem = elem;
entry->dev.class = elements_class;
@@ -107,7 +108,7 @@ int mISDN_dsp_element_register(struct mISDN_dsp_element *elem)
device_unregister(&entry->dev);
return ret;
err1:
- kfree(entry);
+ put_device(&entry->dev);
return ret;
}
EXPORT_SYMBOL(mISDN_dsp_element_register);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 150/314] net: hinic: Fix error handling in hinic_module_init()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 149/314] mISDN: fix possible memory leak in mISDN_dsp_element_register() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 151/314] net: phy: dp83867: Fix SGMII FIFO depth for non OF devices Greg Kroah-Hartman
` (171 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Leon Romanovsky,
Jakub Kicinski, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 8eab9be56cc6b702a445d2b6d0256aa0992316b3 ]
A problem about hinic create debugfs failed is triggered with the
following log given:
[ 931.419023] debugfs: Directory 'hinic' with parent '/' already present!
The reason is that hinic_module_init() returns pci_register_driver()
directly without checking its return value, if pci_register_driver()
failed, it returns without destroy the newly created debugfs, resulting
the debugfs of hinic can never be created later.
hinic_module_init()
hinic_dbg_register_debugfs() # create debugfs directory
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when pci_register_driver() returns error.
Fixes: 253ac3a97921 ("hinic: add support to query sq info")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221110021642.80378-1-yuancan@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/huawei/hinic/hinic_main.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/huawei/hinic/hinic_main.c b/drivers/net/ethernet/huawei/hinic/hinic_main.c
index c23ee2ddbce3..1a6534c35ef3 100644
--- a/drivers/net/ethernet/huawei/hinic/hinic_main.c
+++ b/drivers/net/ethernet/huawei/hinic/hinic_main.c
@@ -1478,8 +1478,15 @@ static struct pci_driver hinic_driver = {
static int __init hinic_module_init(void)
{
+ int ret;
+
hinic_dbg_register_debugfs(HINIC_DRV_NAME);
- return pci_register_driver(&hinic_driver);
+
+ ret = pci_register_driver(&hinic_driver);
+ if (ret)
+ hinic_dbg_unregister_debugfs();
+
+ return ret;
}
static void __exit hinic_module_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 151/314] net: phy: dp83867: Fix SGMII FIFO depth for non OF devices
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 150/314] net: hinic: Fix error handling in hinic_module_init() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 152/314] net: stmmac: ensure tx function is not running in stmmac_xdp_release() Greg Kroah-Hartman
` (170 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Sit Wei Hong, Andrew Lunn,
Jakub Kicinski, Sasha Levin
From: Michael Sit Wei Hong <michael.wei.hong.sit@intel.com>
[ Upstream commit e2a54350dc9642e7dfc07335ca355581caa9dbfe ]
Current driver code will read device tree node information,
and set default values if there is no info provided.
This is not done in non-OF devices leading to SGMII fifo depths being
set to the smallest size.
This patch sets the value to the default value of the PHY as stated in the
PHY datasheet.
Fixes: 4dc08dcc9f6f ("net: phy: dp83867: introduce critical chip default init for non-of platform")
Signed-off-by: Michael Sit Wei Hong <michael.wei.hong.sit@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20221110054938.925347-1-michael.wei.hong.sit@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/dp83867.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/phy/dp83867.c b/drivers/net/phy/dp83867.c
index 417527f8bbf5..7446d5c6c714 100644
--- a/drivers/net/phy/dp83867.c
+++ b/drivers/net/phy/dp83867.c
@@ -682,6 +682,13 @@ static int dp83867_of_init(struct phy_device *phydev)
*/
dp83867->io_impedance = DP83867_IO_MUX_CFG_IO_IMPEDANCE_MIN / 2;
+ /* For non-OF device, the RX and TX FIFO depths are taken from
+ * default value. So, we init RX & TX FIFO depths here
+ * so that it is configured correctly later in dp83867_config_init();
+ */
+ dp83867->tx_fifo_depth = DP83867_PHYCR_FIFO_DEPTH_4_B_NIB;
+ dp83867->rx_fifo_depth = DP83867_PHYCR_FIFO_DEPTH_4_B_NIB;
+
return 0;
}
#endif /* CONFIG_OF_MDIO */
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 152/314] net: stmmac: ensure tx function is not running in stmmac_xdp_release()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 151/314] net: phy: dp83867: Fix SGMII FIFO depth for non OF devices Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 153/314] mctp i2c: dont count unused / invalid keys for flow release Greg Kroah-Hartman
` (169 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Song Yoong Siang,
Mohd Faizal Abdul Rahim, Noor Azura Ahmad Tarmizi,
Jakub Kicinski, Sasha Levin
From: Mohd Faizal Abdul Rahim <faizal.abdul.rahim@intel.com>
[ Upstream commit 77711683a50477de39757d67ab1a3638220d6860 ]
When stmmac_xdp_release() is called, there is a possibility that tx
function is still running on other queues which will lead to tx queue
timed out and reset adapter.
This commit ensure that tx function is not running xdp before release
flow continue to run.
Fixes: ac746c8520d9 ("net: stmmac: enhance XDP ZC driver level switching performance")
Signed-off-by: Song Yoong Siang <yoong.siang.song@intel.com>
Signed-off-by: Mohd Faizal Abdul Rahim <faizal.abdul.rahim@intel.com>
Signed-off-by: Noor Azura Ahmad Tarmizi <noor.azura.ahmad.tarmizi@intel.com>
Link: https://lore.kernel.org/r/20221110064552.22504-1-noor.azura.ahmad.tarmizi@linux.intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index bc060ef558d3..02827829463f 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -6564,6 +6564,9 @@ void stmmac_xdp_release(struct net_device *dev)
struct stmmac_priv *priv = netdev_priv(dev);
u32 chan;
+ /* Ensure tx function is not running */
+ netif_tx_disable(dev);
+
/* Disable NAPI process */
stmmac_disable_all_queues(priv);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 153/314] mctp i2c: dont count unused / invalid keys for flow release
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 152/314] net: stmmac: ensure tx function is not running in stmmac_xdp_release() Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 154/314] soc: imx8m: Enable OCOTP clock before reading the register Greg Kroah-Hartman
` (168 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jian Zhang, Jeremy Kerr,
Jakub Kicinski, Sasha Levin
From: Jeremy Kerr <jk@codeconstruct.com.au>
[ Upstream commit 9cbd48d5fa14e4c65f8580de16686077f7cea02b ]
We're currently hitting the WARN_ON in mctp_i2c_flow_release:
if (midev->release_count > midev->i2c_lock_count) {
WARN_ONCE(1, "release count overflow");
This may be hit if we expire a flow before sending the first packet it
contains - as we will not be pairing the increment of release_count
(performed on flow release) with the i2c lock operation (only
performed on actual TX).
To fix this, only release a flow if we've encountered it previously (ie,
dev_flow_state does not indicate NEW), as we will mark the flow as
ACTIVE at the same time as accounting for the i2c lock operation. We
also need to add an INVALID flow state, to indicate when we've done the
release.
Fixes: f5b8abf9fc3d ("mctp i2c: MCTP I2C binding driver")
Reported-by: Jian Zhang <zhangjian.3032@bytedance.com>
Tested-by: Jian Zhang <zhangjian.3032@bytedance.com>
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Link: https://lore.kernel.org/r/20221110053135.329071-1-jk@codeconstruct.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/mctp/mctp-i2c.c | 47 +++++++++++++++++++++++++------------
1 file changed, 32 insertions(+), 15 deletions(-)
diff --git a/drivers/net/mctp/mctp-i2c.c b/drivers/net/mctp/mctp-i2c.c
index 53846c6b56ca..aca3697b0962 100644
--- a/drivers/net/mctp/mctp-i2c.c
+++ b/drivers/net/mctp/mctp-i2c.c
@@ -43,6 +43,7 @@
enum {
MCTP_I2C_FLOW_STATE_NEW = 0,
MCTP_I2C_FLOW_STATE_ACTIVE,
+ MCTP_I2C_FLOW_STATE_INVALID,
};
/* List of all struct mctp_i2c_client
@@ -374,12 +375,18 @@ mctp_i2c_get_tx_flow_state(struct mctp_i2c_dev *midev, struct sk_buff *skb)
*/
if (!key->valid) {
state = MCTP_I2C_TX_FLOW_INVALID;
-
- } else if (key->dev_flow_state == MCTP_I2C_FLOW_STATE_NEW) {
- key->dev_flow_state = MCTP_I2C_FLOW_STATE_ACTIVE;
- state = MCTP_I2C_TX_FLOW_NEW;
} else {
- state = MCTP_I2C_TX_FLOW_EXISTING;
+ switch (key->dev_flow_state) {
+ case MCTP_I2C_FLOW_STATE_NEW:
+ key->dev_flow_state = MCTP_I2C_FLOW_STATE_ACTIVE;
+ state = MCTP_I2C_TX_FLOW_NEW;
+ break;
+ case MCTP_I2C_FLOW_STATE_ACTIVE:
+ state = MCTP_I2C_TX_FLOW_EXISTING;
+ break;
+ default:
+ state = MCTP_I2C_TX_FLOW_INVALID;
+ }
}
spin_unlock_irqrestore(&key->lock, flags);
@@ -617,21 +624,31 @@ static void mctp_i2c_release_flow(struct mctp_dev *mdev,
{
struct mctp_i2c_dev *midev = netdev_priv(mdev->dev);
+ bool queue_release = false;
unsigned long flags;
spin_lock_irqsave(&midev->lock, flags);
- midev->release_count++;
- spin_unlock_irqrestore(&midev->lock, flags);
-
- /* Ensure we have a release operation queued, through the fake
- * marker skb
+ /* if we have seen the flow/key previously, we need to pair the
+ * original lock with a release
*/
- spin_lock(&midev->tx_queue.lock);
- if (!midev->unlock_marker.next)
- __skb_queue_tail(&midev->tx_queue, &midev->unlock_marker);
- spin_unlock(&midev->tx_queue.lock);
+ if (key->dev_flow_state == MCTP_I2C_FLOW_STATE_ACTIVE) {
+ midev->release_count++;
+ queue_release = true;
+ }
+ key->dev_flow_state = MCTP_I2C_FLOW_STATE_INVALID;
+ spin_unlock_irqrestore(&midev->lock, flags);
- wake_up(&midev->tx_wq);
+ if (queue_release) {
+ /* Ensure we have a release operation queued, through the fake
+ * marker skb
+ */
+ spin_lock(&midev->tx_queue.lock);
+ if (!midev->unlock_marker.next)
+ __skb_queue_tail(&midev->tx_queue,
+ &midev->unlock_marker);
+ spin_unlock(&midev->tx_queue.lock);
+ wake_up(&midev->tx_wq);
+ }
}
static const struct net_device_ops mctp_i2c_ops = {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 154/314] soc: imx8m: Enable OCOTP clock before reading the register
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 153/314] mctp i2c: dont count unused / invalid keys for flow release Greg Kroah-Hartman
@ 2022-11-23 8:49 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 155/314] net: liquidio: release resources when liquidio driver open failed Greg Kroah-Hartman
` (167 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiaolei Wang, Lucas Stach,
Shawn Guo, Sasha Levin
From: Xiaolei Wang <xiaolei.wang@windriver.com>
[ Upstream commit 836fb30949d9edf91d7de696a884ceeae7e426d2 ]
Commit 7d981405d0fd ("soc: imx8m: change to use platform driver") ever
removed the dependency on bootloader for enabling OCOTP clock. It
helped to fix a kexec kernel hang issue. But unfortunately it caused
a regression on CAAM driver and got reverted.
This is the second try to enable the OCOTP clock by directly calling
clock API instead of indirectly enabling the clock via nvmem API.
Fixes: ac34de14ac30 ("Revert "soc: imx8m: change to use platform driver"")
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/imx/soc-imx8m.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/soc/imx/soc-imx8m.c b/drivers/soc/imx/soc-imx8m.c
index cc57a384d74d..28144c699b0c 100644
--- a/drivers/soc/imx/soc-imx8m.c
+++ b/drivers/soc/imx/soc-imx8m.c
@@ -11,6 +11,7 @@
#include <linux/platform_device.h>
#include <linux/arm-smccc.h>
#include <linux/of.h>
+#include <linux/clk.h>
#define REV_B1 0x21
@@ -56,6 +57,7 @@ static u32 __init imx8mq_soc_revision(void)
void __iomem *ocotp_base;
u32 magic;
u32 rev;
+ struct clk *clk;
np = of_find_compatible_node(NULL, NULL, "fsl,imx8mq-ocotp");
if (!np)
@@ -63,6 +65,13 @@ static u32 __init imx8mq_soc_revision(void)
ocotp_base = of_iomap(np, 0);
WARN_ON(!ocotp_base);
+ clk = of_clk_get_by_name(np, NULL);
+ if (!clk) {
+ WARN_ON(!clk);
+ return 0;
+ }
+
+ clk_prepare_enable(clk);
/*
* SOC revision on older imx8mq is not available in fuses so query
@@ -79,6 +88,8 @@ static u32 __init imx8mq_soc_revision(void)
soc_uid <<= 32;
soc_uid |= readl_relaxed(ocotp_base + OCOTP_UID_LOW);
+ clk_disable_unprepare(clk);
+ clk_put(clk);
iounmap(ocotp_base);
of_node_put(np);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 155/314] net: liquidio: release resources when liquidio driver open failed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-11-23 8:49 ` [PATCH 6.0 154/314] soc: imx8m: Enable OCOTP clock before reading the register Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 156/314] mISDN: fix misuse of put_device() in mISDN_register_device() Greg Kroah-Hartman
` (166 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhengchao Shao, Leon Romanovsky,
David S. Miller, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 8979f428a4afc215e390006e5ea19fd4e22c7ca9 ]
When liquidio driver open failed, it doesn't release resources. Compile
tested only.
Fixes: 5b07aee11227 ("liquidio: MSIX support for CN23XX")
Fixes: dbc97bfd3918 ("net: liquidio: Add missing null pointer checks")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/cavium/liquidio/lio_main.c | 34 ++++++++++++++-----
1 file changed, 26 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
index bee35ce60171..bf6a72143040 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -1799,13 +1799,10 @@ static int liquidio_open(struct net_device *netdev)
ifstate_set(lio, LIO_IFSTATE_RUNNING);
- if (OCTEON_CN23XX_PF(oct)) {
- if (!oct->msix_on)
- if (setup_tx_poll_fn(netdev))
- return -1;
- } else {
- if (setup_tx_poll_fn(netdev))
- return -1;
+ if (!OCTEON_CN23XX_PF(oct) || (OCTEON_CN23XX_PF(oct) && !oct->msix_on)) {
+ ret = setup_tx_poll_fn(netdev);
+ if (ret)
+ goto err_poll;
}
netif_tx_start_all_queues(netdev);
@@ -1818,7 +1815,7 @@ static int liquidio_open(struct net_device *netdev)
/* tell Octeon to start forwarding packets to host */
ret = send_rx_ctrl_cmd(lio, 1);
if (ret)
- return ret;
+ goto err_rx_ctrl;
/* start periodical statistics fetch */
INIT_DELAYED_WORK(&lio->stats_wk.work, lio_fetch_stats);
@@ -1829,6 +1826,27 @@ static int liquidio_open(struct net_device *netdev)
dev_info(&oct->pci_dev->dev, "%s interface is opened\n",
netdev->name);
+ return 0;
+
+err_rx_ctrl:
+ if (!OCTEON_CN23XX_PF(oct) || (OCTEON_CN23XX_PF(oct) && !oct->msix_on))
+ cleanup_tx_poll_fn(netdev);
+err_poll:
+ if (lio->ptp_clock) {
+ ptp_clock_unregister(lio->ptp_clock);
+ lio->ptp_clock = NULL;
+ }
+
+ if (oct->props[lio->ifidx].napi_enabled == 1) {
+ list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
+ napi_disable(napi);
+
+ oct->props[lio->ifidx].napi_enabled = 0;
+
+ if (OCTEON_CN23XX_PF(oct))
+ oct->droq[0]->ops.poll_mode = 0;
+ }
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 156/314] mISDN: fix misuse of put_device() in mISDN_register_device()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 155/314] net: liquidio: release resources when liquidio driver open failed Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 157/314] net: macvlan: Use built-in RCU list checking Greg Kroah-Hartman
` (165 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang ShaoBo, David S. Miller, Sasha Levin
From: Wang ShaoBo <bobo.shaobowang@huawei.com>
[ Upstream commit 2d25107e111a85c56f601a5470f1780ec054e6ac ]
We should not release reference by put_device() before calling device_initialize().
Fixes: e7d1d4d9ac0d ("mISDN: fix possible memory leak in mISDN_register_device()")
Signed-off-by: Wang ShaoBo <bobo.shaobowang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/isdn/mISDN/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/isdn/mISDN/core.c b/drivers/isdn/mISDN/core.c
index 7ea0100f218a..90ee56d07a6e 100644
--- a/drivers/isdn/mISDN/core.c
+++ b/drivers/isdn/mISDN/core.c
@@ -222,7 +222,7 @@ mISDN_register_device(struct mISDNdevice *dev,
err = get_free_devid();
if (err < 0)
- goto error1;
+ return err;
dev->id = err;
device_initialize(&dev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 157/314] net: macvlan: Use built-in RCU list checking
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 156/314] mISDN: fix misuse of put_device() in mISDN_register_device() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 158/314] net: caif: fix double disconnect client in chnl_net_open() Greg Kroah-Hartman
` (164 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chuang Wang, David S. Miller, Sasha Levin
From: Chuang Wang <nashuiliang@gmail.com>
[ Upstream commit 5df1341ea822292275c56744aab9c536d75c33be ]
hlist_for_each_entry_rcu() has built-in RCU and lock checking.
Pass cond argument to hlist_for_each_entry_rcu() to silence false
lockdep warning when CONFIG_PROVE_RCU_LIST is enabled.
Execute as follow:
ip link add link eth0 type macvlan mode source macaddr add <MAC-ADDR>
The rtnl_lock is held when macvlan_hash_lookup_source() or
macvlan_fill_info_macaddr() are called in the non-RCU read side section.
So, pass lockdep_rtnl_is_held() to silence false lockdep warning.
Fixes: 79cf79abce71 ("macvlan: add source mode")
Signed-off-by: Chuang Wang <nashuiliang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macvlan.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 9983d37ee87d..059e4ff0e510 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -141,7 +141,7 @@ static struct macvlan_source_entry *macvlan_hash_lookup_source(
u32 idx = macvlan_eth_hash(addr);
struct hlist_head *h = &vlan->port->vlan_source_hash[idx];
- hlist_for_each_entry_rcu(entry, h, hlist) {
+ hlist_for_each_entry_rcu(entry, h, hlist, lockdep_rtnl_is_held()) {
if (ether_addr_equal_64bits(entry->addr, addr) &&
entry->vlan == vlan)
return entry;
@@ -1647,7 +1647,7 @@ static int macvlan_fill_info_macaddr(struct sk_buff *skb,
struct hlist_head *h = &vlan->port->vlan_source_hash[i];
struct macvlan_source_entry *entry;
- hlist_for_each_entry_rcu(entry, h, hlist) {
+ hlist_for_each_entry_rcu(entry, h, hlist, lockdep_rtnl_is_held()) {
if (entry->vlan != vlan)
continue;
if (nla_put(skb, IFLA_MACVLAN_MACADDR, ETH_ALEN, entry->addr))
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 158/314] net: caif: fix double disconnect client in chnl_net_open()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 157/314] net: macvlan: Use built-in RCU list checking Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 159/314] bnxt_en: Remove debugfs when pci_register_driver failed Greg Kroah-Hartman
` (163 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhengchao Shao, David S. Miller,
Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 8fbb53c8bfd8c56ecf1f78dc821778b58f505503 ]
When connecting to client timeout, disconnect client for twice in
chnl_net_open(). Remove one. Compile tested only.
Fixes: 2aa40aef9deb ("caif: Use link layer MTU instead of fixed MTU")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/caif/chnl_net.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c
index 4d63ef13a1fd..f35fc87c453a 100644
--- a/net/caif/chnl_net.c
+++ b/net/caif/chnl_net.c
@@ -310,9 +310,6 @@ static int chnl_net_open(struct net_device *dev)
if (result == 0) {
pr_debug("connect timeout\n");
- caif_disconnect_client(dev_net(dev), &priv->chnl);
- priv->state = CAIF_DISCONNECTED;
- pr_debug("state disconnected\n");
result = -ETIMEDOUT;
goto error;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 159/314] bnxt_en: Remove debugfs when pci_register_driver failed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 158/314] net: caif: fix double disconnect client in chnl_net_open() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 160/314] octeon_ep: delete unnecessary napi rollback under set_queues_err in octep_open() Greg Kroah-Hartman
` (162 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Leon Romanovsky,
Michael Chan, David S. Miller, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 991aef4ee4f6eb999924f429b943441a32835c8f ]
When pci_register_driver failed, we need to remove debugfs,
which will caused a resource leak, fix it.
Resource leak logs as follows:
[ 52.184456] debugfs: Directory 'bnxt_en' with parent '/' already present!
Fixes: cabfb09d87bd ("bnxt_en: add debugfs support for DIM")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 55d4efbb8614..57cabe20aa12 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -14037,8 +14037,16 @@ static struct pci_driver bnxt_pci_driver = {
static int __init bnxt_init(void)
{
+ int err;
+
bnxt_debug_init();
- return pci_register_driver(&bnxt_pci_driver);
+ err = pci_register_driver(&bnxt_pci_driver);
+ if (err) {
+ bnxt_debug_exit();
+ return err;
+ }
+
+ return 0;
}
static void __exit bnxt_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 160/314] octeon_ep: delete unnecessary napi rollback under set_queues_err in octep_open()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 159/314] bnxt_en: Remove debugfs when pci_register_driver failed Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 161/314] octeon_ep: ensure octep_get_link_status() successfully before octep_link_up() Greg Kroah-Hartman
` (161 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, David S. Miller, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 298b83e180d53a310f9b47e3bf13b7b583e75e9c ]
octep_napi_add() and octep_napi_enable() are all after
netif_set_real_num_{tx,rx}_queues() in octep_open(), so it is unnecessary
napi rollback under set_queues_err. Delete them to fix it.
Fixes: 37d79d059606 ("octeon_ep: add Tx/Rx processing and interrupt support")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
index 97f080c66dd4..7083c995d0c1 100644
--- a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
+++ b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
@@ -527,8 +527,6 @@ static int octep_open(struct net_device *netdev)
return 0;
set_queues_err:
- octep_napi_disable(oct);
- octep_napi_delete(oct);
octep_clean_irqs(oct);
setup_irq_err:
octep_free_oqs(oct);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 161/314] octeon_ep: ensure octep_get_link_status() successfully before octep_link_up()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 160/314] octeon_ep: delete unnecessary napi rollback under set_queues_err in octep_open() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 162/314] octeon_ep: fix potential memory leak in octep_device_setup() Greg Kroah-Hartman
` (160 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, David S. Miller, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 9d3ff7131877fb092185c369fbb14b57ac4e7cec ]
octep_get_link_status() can fail because send mbox message failed, then
octep_get_link_status() will return ret less than 0. Excute octep_link_up()
as long as ret is not equal to 0 in octep_open() now. That is not correct.
The value type of link.state is enum octep_ctrl_net_state. Positive value
represents up. Excute octep_link_up() when ret is bigger than 0.
Fixes: 862cd659a6fb ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
index 7083c995d0c1..92ca3e502465 100644
--- a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
+++ b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
@@ -521,7 +521,7 @@ static int octep_open(struct net_device *netdev)
octep_oq_dbell_init(oct);
ret = octep_get_link_status(oct);
- if (ret)
+ if (ret > 0)
octep_link_up(netdev);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 162/314] octeon_ep: fix potential memory leak in octep_device_setup()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 161/314] octeon_ep: ensure octep_get_link_status() successfully before octep_link_up() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 163/314] octeon_ep: ensure get mac address successfully before eth_hw_addr_set() Greg Kroah-Hartman
` (159 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, David S. Miller, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit e4041be97b15302ebfffda8bbd45f3b2d096048f ]
When occur unsupported_dev and mbox init errors, it did not free oct->conf
and iounmap() oct->mmio[i].hw_addr. That would trigger memory leak problem.
Add kfree() for oct->conf and iounmap() for oct->mmio[i].hw_addr under
unsupported_dev and mbox init errors to fix the problem.
Fixes: 862cd659a6fb ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
index 92ca3e502465..ac1e37afbe7b 100644
--- a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
+++ b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
@@ -956,7 +956,7 @@ int octep_device_setup(struct octep_device *oct)
ret = octep_ctrl_mbox_init(ctrl_mbox);
if (ret) {
dev_err(&pdev->dev, "Failed to initialize control mbox\n");
- return -1;
+ goto unsupported_dev;
}
oct->ctrl_mbox_ifstats_offset = OCTEP_CTRL_MBOX_SZ(ctrl_mbox->h2fq.elem_sz,
ctrl_mbox->h2fq.elem_cnt,
@@ -966,6 +966,10 @@ int octep_device_setup(struct octep_device *oct)
return 0;
unsupported_dev:
+ for (i = 0; i < OCTEP_MMIO_REGIONS; i++)
+ iounmap(oct->mmio[i].hw_addr);
+
+ kfree(oct->conf);
return -1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 163/314] octeon_ep: ensure get mac address successfully before eth_hw_addr_set()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 162/314] octeon_ep: fix potential memory leak in octep_device_setup() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 164/314] drm/lima: Fix opp clkname setting in case of missing regulator Greg Kroah-Hartman
` (158 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ziyang Xuan, David S. Miller, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 848ffce2f0c93f3481052340a919123a21f808b6 ]
octep_get_mac_addr() can fail because send mbox message failed. If this
happens, octep_dev->mac_addr will be zero. It should not continue to
initialize. Add exception handling for octep_get_mac_addr() to fix it.
Fixes: 862cd659a6fb ("octeon_ep: Add driver framework and device initialization")
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeon_ep/octep_main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
index ac1e37afbe7b..8a6a81bcec5c 100644
--- a/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
+++ b/drivers/net/ethernet/marvell/octeon_ep/octep_main.c
@@ -1072,7 +1072,11 @@ static int octep_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
netdev->max_mtu = OCTEP_MAX_MTU;
netdev->mtu = OCTEP_DEFAULT_MTU;
- octep_get_mac_addr(octep_dev, octep_dev->mac_addr);
+ err = octep_get_mac_addr(octep_dev, octep_dev->mac_addr);
+ if (err) {
+ dev_err(&pdev->dev, "Failed to get mac address\n");
+ goto register_dev_err;
+ }
eth_hw_addr_set(netdev, octep_dev->mac_addr);
err = register_netdev(netdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 164/314] drm/lima: Fix opp clkname setting in case of missing regulator
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 163/314] octeon_ep: ensure get mac address successfully before eth_hw_addr_set() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 165/314] net: mhi: Fix memory leak in mhi_net_dellink() Greg Kroah-Hartman
` (157 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Viresh Kumar, Erico Nunes, Qiang Yu,
Sasha Levin
From: Erico Nunes <nunes.erico@gmail.com>
[ Upstream commit e17a025a47c66ca8499ae88d8046c4f0d7c9c057 ]
Commit d8c32d3971e4 ("drm/lima: Migrate to dev_pm_opp_set_config()")
introduced a regression as it may undo the clk_names setting in case
the optional regulator is missing. This resulted in test and performance
regressions with lima.
Restore the old behavior where clk_names is set separately so it is not
undone in case of a missing optional regulator.
Fixes: d8c32d3971e4 ("drm/lima: Migrate to dev_pm_opp_set_config()")
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Signed-off-by: Qiang Yu <yuq825@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221027073200.3885839-1-nunes.erico@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/lima/lima_devfreq.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/lima/lima_devfreq.c b/drivers/gpu/drm/lima/lima_devfreq.c
index 011be7ff51e1..bc8fb4e38d0a 100644
--- a/drivers/gpu/drm/lima/lima_devfreq.c
+++ b/drivers/gpu/drm/lima/lima_devfreq.c
@@ -112,11 +112,6 @@ int lima_devfreq_init(struct lima_device *ldev)
unsigned long cur_freq;
int ret;
const char *regulator_names[] = { "mali", NULL };
- const char *clk_names[] = { "core", NULL };
- struct dev_pm_opp_config config = {
- .regulator_names = regulator_names,
- .clk_names = clk_names,
- };
if (!device_property_present(dev, "operating-points-v2"))
/* Optional, continue without devfreq */
@@ -124,7 +119,15 @@ int lima_devfreq_init(struct lima_device *ldev)
spin_lock_init(&ldevfreq->lock);
- ret = devm_pm_opp_set_config(dev, &config);
+ /*
+ * clkname is set separately so it is not affected by the optional
+ * regulator setting which may return error.
+ */
+ ret = devm_pm_opp_set_clkname(dev, "core");
+ if (ret)
+ return ret;
+
+ ret = devm_pm_opp_set_regulators(dev, regulator_names);
if (ret) {
/* Continue if the optional regulator is missing */
if (ret != -ENODEV)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 165/314] net: mhi: Fix memory leak in mhi_net_dellink()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 164/314] drm/lima: Fix opp clkname setting in case of missing regulator Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 166/314] net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims Greg Kroah-Hartman
` (156 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Yongjun, David S. Miller, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit f7c125bd79f50ec6094761090be81d02726ec6f4 ]
MHI driver registers network device without setting the
needs_free_netdev flag, and does NOT call free_netdev() when
unregisters network device, which causes a memory leak.
This patch calls free_netdev() to fix it since netdev_priv
is used after unregister.
Fixes: 13adac032982 ("net: mhi_net: Register wwan_ops for link creation")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/mhi_net.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/mhi_net.c b/drivers/net/mhi_net.c
index 0b1b6f650104..0b9d37979133 100644
--- a/drivers/net/mhi_net.c
+++ b/drivers/net/mhi_net.c
@@ -343,6 +343,8 @@ static void mhi_net_dellink(struct mhi_device *mhi_dev, struct net_device *ndev)
kfree_skb(mhi_netdev->skbagg_head);
+ free_netdev(ndev);
+
dev_set_drvdata(&mhi_dev->dev, NULL);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 166/314] net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 165/314] net: mhi: Fix memory leak in mhi_net_dellink() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 167/314] xen/pcpu: fix possible memory leak in register_pcpu() Greg Kroah-Hartman
` (155 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fabio Estevam, Steffen Bätz,
Vladimir Oltean, Fabio Estevam, David S. Miller, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit ed1fe1bebe18884b11e5536b5ac42e3a48960835 ]
There are multi-generational drivers like mv88e6xxx which have code like
this:
int mv88e6xxx_port_hwtstamp_get(struct dsa_switch *ds, int port,
struct ifreq *ifr)
{
if (!chip->info->ptp_support)
return -EOPNOTSUPP;
...
}
DSA wants to deny PTP timestamping on the master if the switch supports
timestamping too. However it currently relies on the presence of the
port_hwtstamp_get() callback to determine PTP capability, and this
clearly does not work in that case (method is present but returns
-EOPNOTSUPP).
We should not deny PTP on the DSA master for those switches which truly
do not support hardware timestamping.
Create a dsa_port_supports_hwtstamp() method which actually probes for
support by calling port_hwtstamp_get() and seeing whether that returned
-EOPNOTSUPP or not.
Fixes: f685e609a301 ("net: dsa: Deny PTP on master if switch supports it")
Link: https://patchwork.kernel.org/project/netdevbpf/patch/20221110124345.3901389-1-festevam@gmail.com/
Reported-by: Fabio Estevam <festevam@gmail.com>
Reported-by: Steffen Bätz <steffen@innosonix.de>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Tested-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/dsa/dsa_priv.h | 1 +
net/dsa/master.c | 3 +--
net/dsa/port.c | 16 ++++++++++++++++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/net/dsa/dsa_priv.h b/net/dsa/dsa_priv.h
index d9722e49864b..acea875c05e5 100644
--- a/net/dsa/dsa_priv.h
+++ b/net/dsa/dsa_priv.h
@@ -201,6 +201,7 @@ static inline struct net_device *dsa_master_find_slave(struct net_device *dev,
}
/* port.c */
+bool dsa_port_supports_hwtstamp(struct dsa_port *dp, struct ifreq *ifr);
void dsa_port_set_tag_protocol(struct dsa_port *cpu_dp,
const struct dsa_device_ops *tag_ops);
int dsa_port_set_state(struct dsa_port *dp, u8 state, bool do_fast_age);
diff --git a/net/dsa/master.c b/net/dsa/master.c
index 2851e44c4cf0..46b1f0455a7b 100644
--- a/net/dsa/master.c
+++ b/net/dsa/master.c
@@ -204,8 +204,7 @@ static int dsa_master_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
* switch in the tree that is PTP capable.
*/
list_for_each_entry(dp, &dst->ports, list)
- if (dp->ds->ops->port_hwtstamp_get ||
- dp->ds->ops->port_hwtstamp_set)
+ if (dsa_port_supports_hwtstamp(dp, ifr))
return -EBUSY;
break;
}
diff --git a/net/dsa/port.c b/net/dsa/port.c
index a8895ee3cd60..9ac87063cca8 100644
--- a/net/dsa/port.c
+++ b/net/dsa/port.c
@@ -109,6 +109,22 @@ static bool dsa_port_can_configure_learning(struct dsa_port *dp)
return !err;
}
+bool dsa_port_supports_hwtstamp(struct dsa_port *dp, struct ifreq *ifr)
+{
+ struct dsa_switch *ds = dp->ds;
+ int err;
+
+ if (!ds->ops->port_hwtstamp_get || !ds->ops->port_hwtstamp_set)
+ return false;
+
+ /* "See through" shim implementations of the "get" method.
+ * This will clobber the ifreq structure, but we will either return an
+ * error, or the master will overwrite it with proper values.
+ */
+ err = ds->ops->port_hwtstamp_get(ds, dp->index, ifr);
+ return err != -EOPNOTSUPP;
+}
+
int dsa_port_set_state(struct dsa_port *dp, u8 state, bool do_fast_age)
{
struct dsa_switch *ds = dp->ds;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 167/314] xen/pcpu: fix possible memory leak in register_pcpu()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 166/314] net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 168/314] erofs: fix missing xas_retry() in fscache mode Greg Kroah-Hartman
` (154 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Juergen Gross, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit da36a2a76b01b210ffaa55cdc2c99bc8783697c5 ]
In device_add(), dev_set_name() is called to allocate name, if it returns
error, the name need be freed. As comment of device_register() says, it
should use put_device() to give up the reference in the error path. So fix
this by calling put_device(), then the name can be freed in kobject_cleanup().
Fixes: f65c9bb3fb72 ("xen/pcpu: Xen physical cpus online/offline sys interface")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20221110152441.401630-1-yangyingliang@huawei.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/pcpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/xen/pcpu.c b/drivers/xen/pcpu.c
index 47aa3a1ccaf5..fd3a644b0855 100644
--- a/drivers/xen/pcpu.c
+++ b/drivers/xen/pcpu.c
@@ -228,7 +228,7 @@ static int register_pcpu(struct pcpu *pcpu)
err = device_register(dev);
if (err) {
- pcpu_release(dev);
+ put_device(dev);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 168/314] erofs: fix missing xas_retry() in fscache mode
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 167/314] xen/pcpu: fix possible memory leak in register_pcpu() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 169/314] mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed Greg Kroah-Hartman
` (153 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Howells, Gao Xiang, Jia Zhu,
Jingbo Xu, Sasha Levin
From: Jingbo Xu <jefflexu@linux.alibaba.com>
[ Upstream commit 37020bbb71d911431e16c2c940b97cf86ae4f2f6 ]
The xarray iteration only holds the RCU read lock and thus may encounter
XA_RETRY_ENTRY if there's process modifying the xarray concurrently.
This will cause oops when referring to the invalid entry.
Fix this by adding the missing xas_retry(), which will make the
iteration wind back to the root node if XA_RETRY_ENTRY is encountered.
Fixes: d435d53228dd ("erofs: change to use asynchronous io for fscache readpage/readahead")
Suggested-by: David Howells <dhowells@redhat.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Jia Zhu <zhujia.zj@bytedance.com>
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Link: https://lore.kernel.org/r/20221114121943.29987-1-jefflexu@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/fscache.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index 79af25f0a56c..46ab2b3f9a3c 100644
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -69,11 +69,15 @@ static void erofs_fscache_rreq_unlock_folios(struct netfs_io_request *rreq)
rcu_read_lock();
xas_for_each(&xas, folio, last_page) {
- unsigned int pgpos =
- (folio_index(folio) - start_page) * PAGE_SIZE;
- unsigned int pgend = pgpos + folio_size(folio);
+ unsigned int pgpos, pgend;
bool pg_failed = false;
+ if (xas_retry(&xas, folio))
+ continue;
+
+ pgpos = (folio_index(folio) - start_page) * PAGE_SIZE;
+ pgend = pgpos + folio_size(folio);
+
for (;;) {
if (!subreq) {
pg_failed = true;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 169/314] mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 168/314] erofs: fix missing xas_retry() in fscache mode Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 170/314] net: ionic: Fix error handling in ionic_init_module() Greg Kroah-Hartman
` (152 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Amit Cohen, Ido Schimmel,
Petr Machata, Jakub Kicinski, Sasha Levin
From: Amit Cohen <amcohen@nvidia.com>
[ Upstream commit 30f5312d2c722107364f266cfa98ef4f0857c1fb ]
FDB entries that perform VXLAN encapsulation with an IPv6 underlay hold
a reference on a resource - the KVDL entry where the IPv6 underlay
destination IP is stored. For that, the driver maintains two hash tables:
1. Maps IPv6 to KVDL index
2. Maps {MAC, FID index} to IPv6 address
When a FDB entry is removed, the second table is used to find the relevant
IPv6 address and the first table is used to remove the reference count and
free the index if is not used anymore.
In order for a packet to be forwarded to a single remote VTEP, FDB
entries need to be configured at both the bridge and VXLAN devices' FDB
tables. Both entries are squashed into one {MAC, VLAN/VNI} -> IP entry
in the hardware. Therefore, in case one entry is removed, the entry will
be removed from the hardware and the remaining entry will be unmarked
with 'offload' flag since it is not offloaded anymore.
For example, the two FDB entries should be added to allow packets to be
forwarded via vx10:
$ bridge fdb add dev vx10 aa:bb:cc:dd:ee:ff self static dst 2001:db8:5::1
$ bridge fdb add dev vx10 aa:bb:cc:dd:ee:ff master static vlan 10
When one entry will be removed, the second one will not be offloaded
anymore. When the first entry (in VXLAN FDB) will be removed / will not be
offloaded anymore, the two mappings in IPv6 hash tables will be removed.
In case that the second entry is removed before the first one, unexpected
warnings[1][2] will be shown in user space as a result of removing the
first entry. The issue is that not offloaded entry is removed, the driver
tries to search the relevant entries in the hash tables, does not find them
and therefore warns.
Do not handle removing of not offloaded VXLAN FDB entries, as they were
already removed when the offload flag was removed.
[1]:
WARNING: CPU: 1 PID: 239 at drivers/net/ethernet/mellanox/mlxsw/spectrum_nve.c:914 mlxsw_sp_nve_ipv6_addr_map_del+0x6b/0x80 [mlxsw_spectrum]
...
Hardware name: Mellanox Technologies Ltd. Mellanox switch/Mellanox switch, BIOS 4.6.5 05/21/2015
Workqueue: mlxsw_core_ordered mlxsw_sp_switchdev_vxlan_fdb_event_work [mlxsw_spectrum]
RIP: 0010:mlxsw_sp_nve_ipv6_addr_map_del+0x6b/0x80 [mlxsw_spectrum]
...
Call Trace:
<TASK>
mlxsw_sp_port_fdb_tunnel_uc_op+0x6cf/0x7b0 [mlxsw_spectrum]
mlxsw_sp_switchdev_vxlan_fdb_event_work+0x17c/0x420 [mlxsw_spectrum]
? finish_task_switch.isra.0+0x8c/0x290
process_one_work+0x1cd/0x390
worker_thread+0x48/0x3c0
? process_one_work+0x390/0x390
kthread+0xe0/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
[2]:
WARNING: CPU: 0 PID: 239 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3035 mlxsw_sp_ipv6_addr_put+0x142/0x220 [mlxsw_spectrum]
...
Hardware name: Mellanox Technologies Ltd. Mellanox switch/Mellanox switch, BIOS 4.6.5 05/21/2015
Workqueue: mlxsw_core_ordered mlxsw_sp_switchdev_vxlan_fdb_event_work [mlxsw_spectrum]
RIP: 0010:mlxsw_sp_ipv6_addr_put+0x142/0x220 [mlxsw_spectrum]
...
Call Trace:
<TASK>
? mlxsw_sp_port_fdb_tun_uc_op6_sfd_write+0x5c1/0x610 [mlxsw_spectrum]
mlxsw_sp_port_fdb_tunnel_uc_op+0x6ec/0x7b0 [mlxsw_spectrum]
mlxsw_sp_switchdev_vxlan_fdb_event_work+0x17c/0x420 [mlxsw_spectrum]
? finish_task_switch.isra.0+0x8c/0x290
process_one_work+0x1cd/0x390
worker_thread+0x48/0x3c0
? process_one_work+0x390/0x390
kthread+0xe0/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 0860c7641634 ("mlxsw: spectrum_nve: Keep track of IPv6 addresses used by FDB entries")
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Link: https://lore.kernel.org/r/c186de8cbd28e3eb661e06f31f7f2f2dff30020f.1668184350.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
index 4efccd942fb8..1290b2d3eae6 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
@@ -3470,6 +3470,8 @@ mlxsw_sp_switchdev_vxlan_fdb_del(struct mlxsw_sp *mlxsw_sp,
u16 vid;
vxlan_fdb_info = &switchdev_work->vxlan_fdb_info;
+ if (!vxlan_fdb_info->offloaded)
+ return;
bridge_device = mlxsw_sp_bridge_device_find(mlxsw_sp->bridge, br_dev);
if (!bridge_device)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 170/314] net: ionic: Fix error handling in ionic_init_module()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 169/314] mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 171/314] kcm: close race conditions on sk_receive_queue Greg Kroah-Hartman
` (151 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Shannon Nelson,
Jakub Kicinski, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 280c0f7cd0aa4d190619b18243110e052a90775c ]
A problem about ionic create debugfs failed is triggered with the
following log given:
[ 415.799514] debugfs: Directory 'ionic' with parent '/' already present!
The reason is that ionic_init_module() returns ionic_bus_register_driver()
directly without checking its return value, if ionic_bus_register_driver()
failed, it returns without destroy the newly created debugfs, resulting
the debugfs of ionic can never be created later.
ionic_init_module()
ionic_debugfs_create() # create debugfs directory
ionic_bus_register_driver()
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when ionic_bus_register_driver() returns error.
Fixes: fbfb8031533c ("ionic: Add hardware init and device commands")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Acked-by: Shannon Nelson <snelson@pensando.io>
Link: https://lore.kernel.org/r/20221113092929.19161-1-yuancan@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/pensando/ionic/ionic_main.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/pensando/ionic/ionic_main.c b/drivers/net/ethernet/pensando/ionic/ionic_main.c
index 56f93b030551..5456c2b15d9b 100644
--- a/drivers/net/ethernet/pensando/ionic/ionic_main.c
+++ b/drivers/net/ethernet/pensando/ionic/ionic_main.c
@@ -687,8 +687,14 @@ int ionic_port_reset(struct ionic *ionic)
static int __init ionic_init_module(void)
{
+ int ret;
+
ionic_debugfs_create();
- return ionic_bus_register_driver();
+ ret = ionic_bus_register_driver();
+ if (ret)
+ ionic_debugfs_destroy();
+
+ return ret;
}
static void __exit ionic_cleanup_module(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 171/314] kcm: close race conditions on sk_receive_queue
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 170/314] net: ionic: Fix error handling in ionic_init_module() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 172/314] net: ena: Fix error handling in ena_init() Greg Kroah-Hartman
` (150 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+278279efdd2730dd14bf,
shaozhengchao, Paolo Abeni, Tom Herbert, Cong Wang, Sasha Levin
From: Cong Wang <cong.wang@bytedance.com>
[ Upstream commit 5121197ecc5db58c07da95eb1ff82b98b121a221 ]
sk->sk_receive_queue is protected by skb queue lock, but for KCM
sockets its RX path takes mux->rx_lock to protect more than just
skb queue. However, kcm_recvmsg() still only grabs the skb queue
lock, so race conditions still exist.
We can teach kcm_recvmsg() to grab mux->rx_lock too but this would
introduce a potential performance regression as struct kcm_mux can
be shared by multiple KCM sockets.
So we have to enforce skb queue lock in requeue_rx_msgs() and handle
skb peek case carefully in kcm_wait_data(). Fortunately,
skb_recv_datagram() already handles it nicely and is widely used by
other sockets, we can just switch to skb_recv_datagram() after
getting rid of the unnecessary sock lock in kcm_recvmsg() and
kcm_splice_read(). Side note: SOCK_DONE is not used by KCM sockets,
so it is safe to get rid of this check too.
I ran the original syzbot reproducer for 30 min without seeing any
issue.
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Reported-by: syzbot+278279efdd2730dd14bf@syzkaller.appspotmail.com
Reported-by: shaozhengchao <shaozhengchao@huawei.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Tom Herbert <tom@herbertland.com>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Link: https://lore.kernel.org/r/20221114005119.597905-1-xiyou.wangcong@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/kcm/kcmsock.c | 58 +++++------------------------------------------
1 file changed, 6 insertions(+), 52 deletions(-)
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index befc62606cdf..9e4b40a30a72 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -222,7 +222,7 @@ static void requeue_rx_msgs(struct kcm_mux *mux, struct sk_buff_head *head)
struct sk_buff *skb;
struct kcm_sock *kcm;
- while ((skb = __skb_dequeue(head))) {
+ while ((skb = skb_dequeue(head))) {
/* Reset destructor to avoid calling kcm_rcv_ready */
skb->destructor = sock_rfree;
skb_orphan(skb);
@@ -1085,53 +1085,17 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
return err;
}
-static struct sk_buff *kcm_wait_data(struct sock *sk, int flags,
- long timeo, int *err)
-{
- struct sk_buff *skb;
-
- while (!(skb = skb_peek(&sk->sk_receive_queue))) {
- if (sk->sk_err) {
- *err = sock_error(sk);
- return NULL;
- }
-
- if (sock_flag(sk, SOCK_DONE))
- return NULL;
-
- if ((flags & MSG_DONTWAIT) || !timeo) {
- *err = -EAGAIN;
- return NULL;
- }
-
- sk_wait_data(sk, &timeo, NULL);
-
- /* Handle signals */
- if (signal_pending(current)) {
- *err = sock_intr_errno(timeo);
- return NULL;
- }
- }
-
- return skb;
-}
-
static int kcm_recvmsg(struct socket *sock, struct msghdr *msg,
size_t len, int flags)
{
struct sock *sk = sock->sk;
struct kcm_sock *kcm = kcm_sk(sk);
int err = 0;
- long timeo;
struct strp_msg *stm;
int copied = 0;
struct sk_buff *skb;
- timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
-
- lock_sock(sk);
-
- skb = kcm_wait_data(sk, flags, timeo, &err);
+ skb = skb_recv_datagram(sk, flags, &err);
if (!skb)
goto out;
@@ -1162,14 +1126,11 @@ static int kcm_recvmsg(struct socket *sock, struct msghdr *msg,
/* Finished with message */
msg->msg_flags |= MSG_EOR;
KCM_STATS_INCR(kcm->stats.rx_msgs);
- skb_unlink(skb, &sk->sk_receive_queue);
- kfree_skb(skb);
}
}
out:
- release_sock(sk);
-
+ skb_free_datagram(sk, skb);
return copied ? : err;
}
@@ -1179,7 +1140,6 @@ static ssize_t kcm_splice_read(struct socket *sock, loff_t *ppos,
{
struct sock *sk = sock->sk;
struct kcm_sock *kcm = kcm_sk(sk);
- long timeo;
struct strp_msg *stm;
int err = 0;
ssize_t copied;
@@ -1187,11 +1147,7 @@ static ssize_t kcm_splice_read(struct socket *sock, loff_t *ppos,
/* Only support splice for SOCKSEQPACKET */
- timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
-
- lock_sock(sk);
-
- skb = kcm_wait_data(sk, flags, timeo, &err);
+ skb = skb_recv_datagram(sk, flags, &err);
if (!skb)
goto err_out;
@@ -1219,13 +1175,11 @@ static ssize_t kcm_splice_read(struct socket *sock, loff_t *ppos,
* finish reading the message.
*/
- release_sock(sk);
-
+ skb_free_datagram(sk, skb);
return copied;
err_out:
- release_sock(sk);
-
+ skb_free_datagram(sk, skb);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 172/314] net: ena: Fix error handling in ena_init()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 171/314] kcm: close race conditions on sk_receive_queue Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 173/314] net: hns3: fix incorrect hw rss hash type of rx packet Greg Kroah-Hartman
` (149 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Shay Agroskin,
Paolo Abeni, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit d349e9be5a2c2d7588a2c4e4bfa0bb3dc1226769 ]
The ena_init() won't destroy workqueue created by
create_singlethread_workqueue() when pci_register_driver() failed.
Call destroy_workqueue() when pci_register_driver() failed to prevent the
resource leak.
Fixes: 1738cd3ed342 ("net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Acked-by: Shay Agroskin <shayagr@amazon.com>
Link: https://lore.kernel.org/r/20221114025659.124726-1-yuancan@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/amazon/ena/ena_netdev.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_netdev.c b/drivers/net/ethernet/amazon/ena/ena_netdev.c
index 6a356a6cee15..41c821348476 100644
--- a/drivers/net/ethernet/amazon/ena/ena_netdev.c
+++ b/drivers/net/ethernet/amazon/ena/ena_netdev.c
@@ -4545,13 +4545,19 @@ static struct pci_driver ena_pci_driver = {
static int __init ena_init(void)
{
+ int ret;
+
ena_wq = create_singlethread_workqueue(DRV_MODULE_NAME);
if (!ena_wq) {
pr_err("Failed to create workqueue\n");
return -ENOMEM;
}
- return pci_register_driver(&ena_pci_driver);
+ ret = pci_register_driver(&ena_pci_driver);
+ if (ret)
+ destroy_workqueue(ena_wq);
+
+ return ret;
}
static void __exit ena_cleanup(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 173/314] net: hns3: fix incorrect hw rss hash type of rx packet
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 172/314] net: ena: Fix error handling in ena_init() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 174/314] net: hns3: fix return value check bug of rx copybreak Greg Kroah-Hartman
` (148 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jian Shen, Hao Lan, Paolo Abeni,
Sasha Levin
From: Jian Shen <shenjian15@huawei.com>
[ Upstream commit a56cad694767ebdb7d80f27ffc239db46fff64de ]
Currently, the HNS3 driver reports the rss hash type
of each packet based on the rss hash tuples set. It
always reports PKT_HASH_TYPE_L4, without checking the
type of current packet. It's incorrect.
Fixes it by reporting it base on the packet type.
Fixes: 796640778c26 ("net: hns3: support RXD advanced layout")
Fixes: 232fc64b6e62 ("net: hns3: Add HW RSS hash information to RX skb")
Fixes: ea4858670717 ("net: hns3: handle the BD info on the last BD of the packet")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Hao Lan <lanhao@huawei.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 1 -
| 20 ---
| 2 -
.../net/ethernet/hisilicon/hns3/hns3_enet.c | 163 ++++++++++--------
.../net/ethernet/hisilicon/hns3/hns3_enet.h | 1 +
.../hisilicon/hns3/hns3pf/hclge_main.c | 1 -
6 files changed, 94 insertions(+), 94 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hnae3.h b/drivers/net/ethernet/hisilicon/hns3/hnae3.h
index 94f80e1c4020..bf7daab88689 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hnae3.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hnae3.h
@@ -790,7 +790,6 @@ struct hnae3_knic_private_info {
const struct hnae3_dcb_ops *dcb_ops;
u16 int_rl_setting;
- enum pkt_hash_types rss_type;
void __iomem *io_base;
};
--git a/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.c b/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.c
index e23729ac3bb8..ae2736549526 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.c
@@ -191,23 +191,6 @@ u32 hclge_comm_get_rss_key_size(struct hnae3_handle *handle)
return HCLGE_COMM_RSS_KEY_SIZE;
}
-void hclge_comm_get_rss_type(struct hnae3_handle *nic,
- struct hclge_comm_rss_tuple_cfg *rss_tuple_sets)
-{
- if (rss_tuple_sets->ipv4_tcp_en ||
- rss_tuple_sets->ipv4_udp_en ||
- rss_tuple_sets->ipv4_sctp_en ||
- rss_tuple_sets->ipv6_tcp_en ||
- rss_tuple_sets->ipv6_udp_en ||
- rss_tuple_sets->ipv6_sctp_en)
- nic->kinfo.rss_type = PKT_HASH_TYPE_L4;
- else if (rss_tuple_sets->ipv4_fragment_en ||
- rss_tuple_sets->ipv6_fragment_en)
- nic->kinfo.rss_type = PKT_HASH_TYPE_L3;
- else
- nic->kinfo.rss_type = PKT_HASH_TYPE_NONE;
-}
-
int hclge_comm_parse_rss_hfunc(struct hclge_comm_rss_cfg *rss_cfg,
const u8 hfunc, u8 *hash_algo)
{
@@ -344,9 +327,6 @@ int hclge_comm_set_rss_input_tuple(struct hnae3_handle *nic,
req->ipv6_sctp_en = rss_cfg->rss_tuple_sets.ipv6_sctp_en;
req->ipv6_fragment_en = rss_cfg->rss_tuple_sets.ipv6_fragment_en;
- if (is_pf)
- hclge_comm_get_rss_type(nic, &rss_cfg->rss_tuple_sets);
-
ret = hclge_comm_cmd_send(hw, &desc, 1);
if (ret)
dev_err(&hw->cmq.csq.pdev->dev,
--git a/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.h b/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.h
index 946d166a452d..92af3d2980d3 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_rss.h
@@ -95,8 +95,6 @@ struct hclge_comm_rss_tc_mode_cmd {
};
u32 hclge_comm_get_rss_key_size(struct hnae3_handle *handle);
-void hclge_comm_get_rss_type(struct hnae3_handle *nic,
- struct hclge_comm_rss_tuple_cfg *rss_tuple_sets);
void hclge_comm_rss_indir_init_cfg(struct hnae3_ae_dev *ae_dev,
struct hclge_comm_rss_cfg *rss_cfg);
int hclge_comm_get_rss_tuple(struct hclge_comm_rss_cfg *rss_cfg, int flow_type,
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 35d70041b9e8..944f36e4d66f 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -105,26 +105,28 @@ static const struct pci_device_id hns3_pci_tbl[] = {
};
MODULE_DEVICE_TABLE(pci, hns3_pci_tbl);
-#define HNS3_RX_PTYPE_ENTRY(ptype, l, s, t) \
+#define HNS3_RX_PTYPE_ENTRY(ptype, l, s, t, h) \
{ ptype, \
l, \
CHECKSUM_##s, \
HNS3_L3_TYPE_##t, \
- 1 }
+ 1, \
+ h}
#define HNS3_RX_PTYPE_UNUSED_ENTRY(ptype) \
- { ptype, 0, CHECKSUM_NONE, HNS3_L3_TYPE_PARSE_FAIL, 0 }
+ { ptype, 0, CHECKSUM_NONE, HNS3_L3_TYPE_PARSE_FAIL, 0, \
+ PKT_HASH_TYPE_NONE }
static const struct hns3_rx_ptype hns3_rx_ptype_tbl[] = {
HNS3_RX_PTYPE_UNUSED_ENTRY(0),
- HNS3_RX_PTYPE_ENTRY(1, 0, COMPLETE, ARP),
- HNS3_RX_PTYPE_ENTRY(2, 0, COMPLETE, RARP),
- HNS3_RX_PTYPE_ENTRY(3, 0, COMPLETE, LLDP),
- HNS3_RX_PTYPE_ENTRY(4, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(5, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(6, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(7, 0, COMPLETE, CNM),
- HNS3_RX_PTYPE_ENTRY(8, 0, NONE, PARSE_FAIL),
+ HNS3_RX_PTYPE_ENTRY(1, 0, COMPLETE, ARP, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(2, 0, COMPLETE, RARP, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(3, 0, COMPLETE, LLDP, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(4, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(5, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(6, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(7, 0, COMPLETE, CNM, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(8, 0, NONE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
HNS3_RX_PTYPE_UNUSED_ENTRY(9),
HNS3_RX_PTYPE_UNUSED_ENTRY(10),
HNS3_RX_PTYPE_UNUSED_ENTRY(11),
@@ -132,36 +134,36 @@ static const struct hns3_rx_ptype hns3_rx_ptype_tbl[] = {
HNS3_RX_PTYPE_UNUSED_ENTRY(13),
HNS3_RX_PTYPE_UNUSED_ENTRY(14),
HNS3_RX_PTYPE_UNUSED_ENTRY(15),
- HNS3_RX_PTYPE_ENTRY(16, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(17, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(18, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(19, 0, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(20, 0, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(21, 0, NONE, IPV4),
- HNS3_RX_PTYPE_ENTRY(22, 0, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(23, 0, NONE, IPV4),
- HNS3_RX_PTYPE_ENTRY(24, 0, NONE, IPV4),
- HNS3_RX_PTYPE_ENTRY(25, 0, UNNECESSARY, IPV4),
+ HNS3_RX_PTYPE_ENTRY(16, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(17, 0, COMPLETE, IPV4, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(18, 0, COMPLETE, IPV4, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(19, 0, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(20, 0, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(21, 0, NONE, IPV4, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(22, 0, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(23, 0, NONE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(24, 0, NONE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(25, 0, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
HNS3_RX_PTYPE_UNUSED_ENTRY(26),
HNS3_RX_PTYPE_UNUSED_ENTRY(27),
HNS3_RX_PTYPE_UNUSED_ENTRY(28),
- HNS3_RX_PTYPE_ENTRY(29, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(30, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(31, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(32, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(33, 1, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(34, 1, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(35, 1, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(36, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(37, 0, COMPLETE, IPV4),
+ HNS3_RX_PTYPE_ENTRY(29, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(30, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(31, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(32, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(33, 1, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(34, 1, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(35, 1, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(36, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(37, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
HNS3_RX_PTYPE_UNUSED_ENTRY(38),
- HNS3_RX_PTYPE_ENTRY(39, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(40, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(41, 1, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(42, 1, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(43, 1, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(44, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(45, 0, COMPLETE, IPV6),
+ HNS3_RX_PTYPE_ENTRY(39, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(40, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(41, 1, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(42, 1, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(43, 1, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(44, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(45, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
HNS3_RX_PTYPE_UNUSED_ENTRY(46),
HNS3_RX_PTYPE_UNUSED_ENTRY(47),
HNS3_RX_PTYPE_UNUSED_ENTRY(48),
@@ -227,35 +229,35 @@ static const struct hns3_rx_ptype hns3_rx_ptype_tbl[] = {
HNS3_RX_PTYPE_UNUSED_ENTRY(108),
HNS3_RX_PTYPE_UNUSED_ENTRY(109),
HNS3_RX_PTYPE_UNUSED_ENTRY(110),
- HNS3_RX_PTYPE_ENTRY(111, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(112, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(113, 0, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(114, 0, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(115, 0, NONE, IPV6),
- HNS3_RX_PTYPE_ENTRY(116, 0, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(117, 0, NONE, IPV6),
- HNS3_RX_PTYPE_ENTRY(118, 0, NONE, IPV6),
- HNS3_RX_PTYPE_ENTRY(119, 0, UNNECESSARY, IPV6),
+ HNS3_RX_PTYPE_ENTRY(111, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(112, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(113, 0, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(114, 0, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(115, 0, NONE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(116, 0, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(117, 0, NONE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(118, 0, NONE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(119, 0, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
HNS3_RX_PTYPE_UNUSED_ENTRY(120),
HNS3_RX_PTYPE_UNUSED_ENTRY(121),
HNS3_RX_PTYPE_UNUSED_ENTRY(122),
- HNS3_RX_PTYPE_ENTRY(123, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(124, 0, COMPLETE, PARSE_FAIL),
- HNS3_RX_PTYPE_ENTRY(125, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(126, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(127, 1, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(128, 1, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(129, 1, UNNECESSARY, IPV4),
- HNS3_RX_PTYPE_ENTRY(130, 0, COMPLETE, IPV4),
- HNS3_RX_PTYPE_ENTRY(131, 0, COMPLETE, IPV4),
+ HNS3_RX_PTYPE_ENTRY(123, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(124, 0, COMPLETE, PARSE_FAIL, PKT_HASH_TYPE_NONE),
+ HNS3_RX_PTYPE_ENTRY(125, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(126, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(127, 1, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(128, 1, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(129, 1, UNNECESSARY, IPV4, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(130, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(131, 0, COMPLETE, IPV4, PKT_HASH_TYPE_L3),
HNS3_RX_PTYPE_UNUSED_ENTRY(132),
- HNS3_RX_PTYPE_ENTRY(133, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(134, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(135, 1, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(136, 1, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(137, 1, UNNECESSARY, IPV6),
- HNS3_RX_PTYPE_ENTRY(138, 0, COMPLETE, IPV6),
- HNS3_RX_PTYPE_ENTRY(139, 0, COMPLETE, IPV6),
+ HNS3_RX_PTYPE_ENTRY(133, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(134, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(135, 1, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(136, 1, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(137, 1, UNNECESSARY, IPV6, PKT_HASH_TYPE_L4),
+ HNS3_RX_PTYPE_ENTRY(138, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
+ HNS3_RX_PTYPE_ENTRY(139, 0, COMPLETE, IPV6, PKT_HASH_TYPE_L3),
HNS3_RX_PTYPE_UNUSED_ENTRY(140),
HNS3_RX_PTYPE_UNUSED_ENTRY(141),
HNS3_RX_PTYPE_UNUSED_ENTRY(142),
@@ -4129,15 +4131,35 @@ static int hns3_set_gro_and_checksum(struct hns3_enet_ring *ring,
}
static void hns3_set_rx_skb_rss_type(struct hns3_enet_ring *ring,
- struct sk_buff *skb, u32 rss_hash)
+ struct sk_buff *skb, u32 rss_hash,
+ u32 l234info, u32 ol_info)
{
- struct hnae3_handle *handle = ring->tqp->handle;
- enum pkt_hash_types rss_type;
+ enum pkt_hash_types rss_type = PKT_HASH_TYPE_NONE;
+ struct net_device *netdev = ring_to_netdev(ring);
+ struct hns3_nic_priv *priv = netdev_priv(netdev);
- if (rss_hash)
- rss_type = handle->kinfo.rss_type;
- else
- rss_type = PKT_HASH_TYPE_NONE;
+ if (test_bit(HNS3_NIC_STATE_RXD_ADV_LAYOUT_ENABLE, &priv->state)) {
+ u32 ptype = hnae3_get_field(ol_info, HNS3_RXD_PTYPE_M,
+ HNS3_RXD_PTYPE_S);
+
+ rss_type = hns3_rx_ptype_tbl[ptype].hash_type;
+ } else {
+ int l3_type = hnae3_get_field(l234info, HNS3_RXD_L3ID_M,
+ HNS3_RXD_L3ID_S);
+ int l4_type = hnae3_get_field(l234info, HNS3_RXD_L4ID_M,
+ HNS3_RXD_L4ID_S);
+
+ if (l3_type == HNS3_L3_TYPE_IPV4 ||
+ l3_type == HNS3_L3_TYPE_IPV6) {
+ if (l4_type == HNS3_L4_TYPE_UDP ||
+ l4_type == HNS3_L4_TYPE_TCP ||
+ l4_type == HNS3_L4_TYPE_SCTP)
+ rss_type = PKT_HASH_TYPE_L4;
+ else if (l4_type == HNS3_L4_TYPE_IGMP ||
+ l4_type == HNS3_L4_TYPE_ICMP)
+ rss_type = PKT_HASH_TYPE_L3;
+ }
+ }
skb_set_hash(skb, rss_hash, rss_type);
}
@@ -4240,7 +4262,8 @@ static int hns3_handle_bdinfo(struct hns3_enet_ring *ring, struct sk_buff *skb)
ring->tqp_vector->rx_group.total_bytes += len;
- hns3_set_rx_skb_rss_type(ring, skb, le32_to_cpu(desc->rx.rss_hash));
+ hns3_set_rx_skb_rss_type(ring, skb, le32_to_cpu(desc->rx.rss_hash),
+ l234info, ol_info);
return 0;
}
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.h b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.h
index 4a3253692dcc..408635d11a24 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.h
@@ -404,6 +404,7 @@ struct hns3_rx_ptype {
u32 ip_summed : 2;
u32 l3_type : 4;
u32 valid : 1;
+ u32 hash_type: 3;
};
struct ring_stats {
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index fae79764dc44..bd9a3b8f9e79 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -4662,7 +4662,6 @@ static int hclge_set_rss_tuple(struct hnae3_handle *handle,
return ret;
}
- hclge_comm_get_rss_type(&vport->nic, &hdev->rss_cfg.rss_tuple_sets);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 174/314] net: hns3: fix return value check bug of rx copybreak
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 173/314] net: hns3: fix incorrect hw rss hash type of rx packet Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 175/314] net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process Greg Kroah-Hartman
` (147 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jie Wang, Hao Lan, Paolo Abeni, Sasha Levin
From: Jie Wang <wangjie125@huawei.com>
[ Upstream commit 29df7c695ed67a8fa32bb7805bad8fe2a76c1f88 ]
The refactoring of rx copybreak modifies the original return logic, which
will make this feature unavailable. So this patch fixes the return logic of
rx copybreak.
Fixes: e74a726da2c4 ("net: hns3: refactor hns3_nic_reuse_page()")
Fixes: 99f6b5fb5f63 ("net: hns3: use bounce buffer when rx page can not be reused")
Signed-off-by: Jie Wang <wangjie125@huawei.com>
Signed-off-by: Hao Lan <lanhao@huawei.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 944f36e4d66f..44d4265f109a 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -3736,8 +3736,8 @@ static void hns3_nic_reuse_page(struct sk_buff *skb, int i,
desc_cb->reuse_flag = 1;
} else if (frag_size <= ring->rx_copybreak) {
ret = hns3_handle_rx_copybreak(skb, i, ring, pull_len, desc_cb);
- if (ret)
- goto out;
+ if (!ret)
+ return;
}
out:
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 175/314] net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 174/314] net: hns3: fix return value check bug of rx copybreak Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 176/314] bridge: switchdev: Fix memory leaks when changing VLAN protocol Greg Kroah-Hartman
` (146 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Guangbin Huang, Hao Lan,
Paolo Abeni, Sasha Levin
From: Guangbin Huang <huangguangbin2@huawei.com>
[ Upstream commit 510d7b6ae842e59ee00d57e5f07ac15131b6d899 ]
Currently, if driver is in phy-imp(phy controlled by imp firmware) mode, as
driver did not update phy link ksettings after initialization process or
not update advertising when getting phy link ksettings from firmware, it
may set incorrect phy link ksettings for firmware in resetting process.
So fix it.
Fixes: f5f2b3e4dcc0 ("net: hns3: add support for imp-controlled PHYs")
Fixes: c5ef83cbb1e9 ("net: hns3: fix for phy_addr error in hclge_mac_mdio_config")
Fixes: 2312e050f42b ("net: hns3: Fix for deadlock problem occurring when unregistering ae_algo")
Signed-off-by: Guangbin Huang <huangguangbin2@huawei.com>
Signed-off-by: Hao Lan <lanhao@huawei.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
index bd9a3b8f9e79..7e8a60f2401c 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c
@@ -3246,6 +3246,7 @@ static int hclge_update_tp_port_info(struct hclge_dev *hdev)
hdev->hw.mac.autoneg = cmd.base.autoneg;
hdev->hw.mac.speed = cmd.base.speed;
hdev->hw.mac.duplex = cmd.base.duplex;
+ linkmode_copy(hdev->hw.mac.advertising, cmd.link_modes.advertising);
return 0;
}
@@ -11373,9 +11374,12 @@ static int hclge_init_ae_dev(struct hnae3_ae_dev *ae_dev)
if (ret)
goto err_msi_irq_uninit;
- if (hdev->hw.mac.media_type == HNAE3_MEDIA_TYPE_COPPER &&
- !hnae3_dev_phy_imp_supported(hdev)) {
- ret = hclge_mac_mdio_config(hdev);
+ if (hdev->hw.mac.media_type == HNAE3_MEDIA_TYPE_COPPER) {
+ if (hnae3_dev_phy_imp_supported(hdev))
+ ret = hclge_update_tp_port_info(hdev);
+ else
+ ret = hclge_mac_mdio_config(hdev);
+
if (ret)
goto err_msi_irq_uninit;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 176/314] bridge: switchdev: Fix memory leaks when changing VLAN protocol
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 175/314] net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 177/314] drbd: use after free in drbd_create_device() Greg Kroah-Hartman
` (145 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vlad Buslov, Ido Schimmel,
Nikolay Aleksandrov, Paolo Abeni, Sasha Levin
From: Ido Schimmel <idosch@nvidia.com>
[ Upstream commit 9d45921ee4cb364910097e7d1b7558559c2f9fd2 ]
The bridge driver can offload VLANs to the underlying hardware either
via switchdev or the 8021q driver. When the former is used, the VLAN is
marked in the bridge driver with the 'BR_VLFLAG_ADDED_BY_SWITCHDEV'
private flag.
To avoid the memory leaks mentioned in the cited commit, the bridge
driver will try to delete a VLAN via the 8021q driver if the VLAN is not
marked with the previously mentioned flag.
When the VLAN protocol of the bridge changes, switchdev drivers are
notified via the 'SWITCHDEV_ATTR_ID_BRIDGE_VLAN_PROTOCOL' attribute, but
the 8021q driver is also called to add the existing VLANs with the new
protocol and delete them with the old protocol.
In case the VLANs were offloaded via switchdev, the above behavior is
both redundant and buggy. Redundant because the VLANs are already
programmed in hardware and drivers that support VLAN protocol change
(currently only mlx5) change the protocol upon the switchdev attribute
notification. Buggy because the 8021q driver is called despite these
VLANs being marked with 'BR_VLFLAG_ADDED_BY_SWITCHDEV'. This leads to
memory leaks [1] when the VLANs are deleted.
Fix by not calling the 8021q driver for VLANs that were already
programmed via switchdev.
[1]
unreferenced object 0xffff8881f6771200 (size 256):
comm "ip", pid 446855, jiffies 4298238841 (age 55.240s)
hex dump (first 32 bytes):
00 00 7f 0e 83 88 ff ff 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000012819ac>] vlan_vid_add+0x437/0x750
[<00000000f2281fad>] __br_vlan_set_proto+0x289/0x920
[<000000000632b56f>] br_changelink+0x3d6/0x13f0
[<0000000089d25f04>] __rtnl_newlink+0x8ae/0x14c0
[<00000000f6276baf>] rtnl_newlink+0x5f/0x90
[<00000000746dc902>] rtnetlink_rcv_msg+0x336/0xa00
[<000000001c2241c0>] netlink_rcv_skb+0x11d/0x340
[<0000000010588814>] netlink_unicast+0x438/0x710
[<00000000e1a4cd5c>] netlink_sendmsg+0x788/0xc40
[<00000000e8992d4e>] sock_sendmsg+0xb0/0xe0
[<00000000621b8f91>] ____sys_sendmsg+0x4ff/0x6d0
[<000000000ea26996>] ___sys_sendmsg+0x12e/0x1b0
[<00000000684f7e25>] __sys_sendmsg+0xab/0x130
[<000000004538b104>] do_syscall_64+0x3d/0x90
[<0000000091ed9678>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Fixes: 279737939a81 ("net: bridge: Fix VLANs memory leak")
Reported-by: Vlad Buslov <vladbu@nvidia.com>
Tested-by: Vlad Buslov <vladbu@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20221114084509.860831-1-idosch@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bridge/br_vlan.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 6e53dc991409..9ffd40b8270c 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -959,6 +959,8 @@ int __br_vlan_set_proto(struct net_bridge *br, __be16 proto,
list_for_each_entry(p, &br->port_list, list) {
vg = nbp_vlan_group(p);
list_for_each_entry(vlan, &vg->vlan_list, vlist) {
+ if (vlan->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV)
+ continue;
err = vlan_vid_add(p->dev, proto, vlan->vid);
if (err)
goto err_filt;
@@ -973,8 +975,11 @@ int __br_vlan_set_proto(struct net_bridge *br, __be16 proto,
/* Delete VLANs for the old proto from the device filter. */
list_for_each_entry(p, &br->port_list, list) {
vg = nbp_vlan_group(p);
- list_for_each_entry(vlan, &vg->vlan_list, vlist)
+ list_for_each_entry(vlan, &vg->vlan_list, vlist) {
+ if (vlan->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV)
+ continue;
vlan_vid_del(p->dev, oldproto, vlan->vid);
+ }
}
return 0;
@@ -983,13 +988,19 @@ int __br_vlan_set_proto(struct net_bridge *br, __be16 proto,
attr.u.vlan_protocol = ntohs(oldproto);
switchdev_port_attr_set(br->dev, &attr, NULL);
- list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
+ list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist) {
+ if (vlan->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV)
+ continue;
vlan_vid_del(p->dev, proto, vlan->vid);
+ }
list_for_each_entry_continue_reverse(p, &br->port_list, list) {
vg = nbp_vlan_group(p);
- list_for_each_entry(vlan, &vg->vlan_list, vlist)
+ list_for_each_entry(vlan, &vg->vlan_list, vlist) {
+ if (vlan->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV)
+ continue;
vlan_vid_del(p->dev, proto, vlan->vid);
+ }
}
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 177/314] drbd: use after free in drbd_create_device()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 176/314] bridge: switchdev: Fix memory leaks when changing VLAN protocol Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 178/314] platform/x86/intel: pmc: Dont unconditionally attach Intel PMC when virtualized Greg Kroah-Hartman
` (144 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter,
Christoph Böhmwalder, Jens Axboe, Sasha Levin
From: Dan Carpenter <error27@gmail.com>
[ Upstream commit a7a1598189228b5007369a9622ccdf587be0730f ]
The drbd_destroy_connection() frees the "connection" so use the _safe()
iterator to prevent a use after free.
Fixes: b6f85ef9538b ("drbd: Iterate over all connections")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com>
Link: https://lore.kernel.org/r/Y3Jd5iZRbNQ9w6gm@kili
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/drbd/drbd_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index f3e4db16fd07..8532b839a343 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -2672,7 +2672,7 @@ static int init_submitter(struct drbd_device *device)
enum drbd_ret_code drbd_create_device(struct drbd_config_context *adm_ctx, unsigned int minor)
{
struct drbd_resource *resource = adm_ctx->resource;
- struct drbd_connection *connection;
+ struct drbd_connection *connection, *n;
struct drbd_device *device;
struct drbd_peer_device *peer_device, *tmp_peer_device;
struct gendisk *disk;
@@ -2789,7 +2789,7 @@ enum drbd_ret_code drbd_create_device(struct drbd_config_context *adm_ctx, unsig
return NO_ERROR;
out_idr_remove_from_resource:
- for_each_connection(connection, resource) {
+ for_each_connection_safe(connection, n, resource) {
peer_device = idr_remove(&connection->peer_devices, vnr);
if (peer_device)
kref_put(&connection->kref, drbd_destroy_connection);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 178/314] platform/x86/intel: pmc: Dont unconditionally attach Intel PMC when virtualized
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 177/314] drbd: use after free in drbd_create_device() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 179/314] platform/surface: aggregator: Do not check for repeated unsequenced packets Greg Kroah-Hartman
` (143 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Pau Monné,
David E. Box, Andy Shevchenko, Hans de Goede, Sasha Levin
From: Roger Pau Monné <roger.pau@citrix.com>
[ Upstream commit 2dbfb3f33350e1e868d3d7ed4c176d8777150878 ]
The current logic in the Intel PMC driver will forcefully attach it
when detecting any CPU on the intel_pmc_core_platform_ids array,
even if the matching ACPI device is not present.
There's no checking in pmc_core_probe() to assert that the PMC device
is present, and hence on virtualized environments the PMC device
probes successfully, even if the underlying registers are not present.
Before commit 21ae43570940 ("platform/x86: intel_pmc_core: Substitute PCI
with CPUID enumeration") the driver would check for the presence of a
specific PCI device, and that prevented the driver from attaching when
running virtualized.
Fix by only forcefully attaching the PMC device when not running
virtualized. Note that virtualized platforms can still get the device
to load if the appropriate ACPI device is present on the tables
provided to the VM.
Make an exception for the Xen initial domain, which does have full
hardware access, and hence can attach to the PMC if present.
Fixes: 21ae43570940 ("platform/x86: intel_pmc_core: Substitute PCI with CPUID enumeration")
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: David E. Box <david.e.box@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20221110163145.80374-1-roger.pau@citrix.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/pmc/pltdrv.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/intel/pmc/pltdrv.c b/drivers/platform/x86/intel/pmc/pltdrv.c
index 15ca8afdd973..ddfba38c2104 100644
--- a/drivers/platform/x86/intel/pmc/pltdrv.c
+++ b/drivers/platform/x86/intel/pmc/pltdrv.c
@@ -18,6 +18,8 @@
#include <asm/cpu_device_id.h>
#include <asm/intel-family.h>
+#include <xen/xen.h>
+
static void intel_pmc_core_release(struct device *dev)
{
kfree(dev);
@@ -53,6 +55,13 @@ static int __init pmc_core_platform_init(void)
if (acpi_dev_present("INT33A1", NULL, -1))
return -ENODEV;
+ /*
+ * Skip forcefully attaching the device for VMs. Make an exception for
+ * Xen dom0, which does have full hardware access.
+ */
+ if (cpu_feature_enabled(X86_FEATURE_HYPERVISOR) && !xen_initial_domain())
+ return -ENODEV;
+
if (!x86_match_cpu(intel_pmc_core_platform_ids))
return -ENODEV;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 179/314] platform/surface: aggregator: Do not check for repeated unsequenced packets
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 178/314] platform/x86/intel: pmc: Dont unconditionally attach Intel PMC when virtualized Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 180/314] netfs: Fix missing xas_retry() calls in xarray iteration Greg Kroah-Hartman
` (142 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maximilian Luz, Hans de Goede, Sasha Levin
From: Maximilian Luz <luzmaximilian@gmail.com>
[ Upstream commit d9a477f643eb3de71fbea5ae6103b800ceb8f547 ]
Currently, we check any received packet whether we have already seen it
previously, regardless of the packet type (sequenced / unsequenced). We
do this by checking the sequence number. This assumes that sequence
numbers are valid for both sequenced and unsequenced packets. However,
this assumption appears to be incorrect.
On some devices, the sequence number field of unsequenced packets (in
particular HID input events on the Surface Pro 9) is always zero. As a
result, the current retransmission check kicks in and discards all but
the first unsequenced packet, breaking (among other things) keyboard and
touchpad input.
Note that we have, so far, only seen packets being retransmitted in
sequenced communication. In particular, this happens when there is an
ACK timeout, causing the EC (or us) to re-send the packet waiting for an
ACK. Arguably, retransmission / duplication of unsequenced packets
should not be an issue as there is no logical condition (such as an ACK
timeout) to determine when a packet should be sent again.
Therefore, remove the retransmission check for unsequenced packets
entirely to resolve the issue.
Fixes: c167b9c7e3d6 ("platform/surface: Add Surface Aggregator subsystem")
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Link: https://lore.kernel.org/r/20221113185951.224759-1-luzmaximilian@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../surface/aggregator/ssh_packet_layer.c | 24 +++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/surface/aggregator/ssh_packet_layer.c b/drivers/platform/surface/aggregator/ssh_packet_layer.c
index 6748fe4ac5d5..def8d7ac541f 100644
--- a/drivers/platform/surface/aggregator/ssh_packet_layer.c
+++ b/drivers/platform/surface/aggregator/ssh_packet_layer.c
@@ -1596,16 +1596,32 @@ static void ssh_ptl_timeout_reap(struct work_struct *work)
ssh_ptl_tx_wakeup_packet(ptl);
}
-static bool ssh_ptl_rx_retransmit_check(struct ssh_ptl *ptl, u8 seq)
+static bool ssh_ptl_rx_retransmit_check(struct ssh_ptl *ptl, const struct ssh_frame *frame)
{
int i;
+ /*
+ * Ignore unsequenced packets. On some devices (notably Surface Pro 9),
+ * unsequenced events will always be sent with SEQ=0x00. Attempting to
+ * detect retransmission would thus just block all events.
+ *
+ * While sequence numbers would also allow detection of retransmitted
+ * packets in unsequenced communication, they have only ever been used
+ * to cover edge-cases in sequenced transmission. In particular, the
+ * only instance of packets being retransmitted (that we are aware of)
+ * is due to an ACK timeout. As this does not happen in unsequenced
+ * communication, skip the retransmission check for those packets
+ * entirely.
+ */
+ if (frame->type == SSH_FRAME_TYPE_DATA_NSQ)
+ return false;
+
/*
* Check if SEQ has been seen recently (i.e. packet was
* re-transmitted and we should ignore it).
*/
for (i = 0; i < ARRAY_SIZE(ptl->rx.blocked.seqs); i++) {
- if (likely(ptl->rx.blocked.seqs[i] != seq))
+ if (likely(ptl->rx.blocked.seqs[i] != frame->seq))
continue;
ptl_dbg(ptl, "ptl: ignoring repeated data packet\n");
@@ -1613,7 +1629,7 @@ static bool ssh_ptl_rx_retransmit_check(struct ssh_ptl *ptl, u8 seq)
}
/* Update list of blocked sequence IDs. */
- ptl->rx.blocked.seqs[ptl->rx.blocked.offset] = seq;
+ ptl->rx.blocked.seqs[ptl->rx.blocked.offset] = frame->seq;
ptl->rx.blocked.offset = (ptl->rx.blocked.offset + 1)
% ARRAY_SIZE(ptl->rx.blocked.seqs);
@@ -1624,7 +1640,7 @@ static void ssh_ptl_rx_dataframe(struct ssh_ptl *ptl,
const struct ssh_frame *frame,
const struct ssam_span *payload)
{
- if (ssh_ptl_rx_retransmit_check(ptl, frame->seq))
+ if (ssh_ptl_rx_retransmit_check(ptl, frame))
return;
ptl->ops.data_received(ptl, payload);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 180/314] netfs: Fix missing xas_retry() calls in xarray iteration
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 179/314] platform/surface: aggregator: Do not check for repeated unsequenced packets Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 181/314] netfs: Fix dodgy maths Greg Kroah-Hartman
` (141 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, George Law, David Howells,
Jeff Layton, Jingbo Xu, Matthew Wilcox, linux-cachefs,
linux-fsdevel, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 7e043a80b5dae5c2d2cf84031501de7827fd6c00 ]
netfslib has a number of places in which it performs iteration of an xarray
whilst being under the RCU read lock. It *should* call xas_retry() as the
first thing inside of the loop and do "continue" if it returns true in case
the xarray walker passed out a special value indicating that the walk needs
to be redone from the root[*].
Fix this by adding the missing retry checks.
[*] I wonder if this should be done inside xas_find(), xas_next_node() and
suchlike, but I'm told that's not an simple change to effect.
This can cause an oops like that below. Note the faulting address - this
is an internal value (|0x2) returned from xarray.
BUG: kernel NULL pointer dereference, address: 0000000000000402
...
RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]
...
Call Trace:
netfs_rreq_assess+0xa6/0x240 [netfs]
netfs_readpage+0x173/0x3b0 [netfs]
? init_wait_var_entry+0x50/0x50
filemap_read_page+0x33/0xf0
filemap_get_pages+0x2f2/0x3f0
filemap_read+0xaa/0x320
? do_filp_open+0xb2/0x150
? rmqueue+0x3be/0xe10
ceph_read_iter+0x1fe/0x680 [ceph]
? new_sync_read+0x115/0x1a0
new_sync_read+0x115/0x1a0
vfs_read+0xf3/0x180
ksys_read+0x5f/0xe0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
Changes:
========
ver #2)
- Changed an unsigned int to a size_t to reduce the likelihood of an
overflow as per Willy's suggestion.
- Added an additional patch to fix the maths.
Fixes: 3d3c95046742 ("netfs: Provide readahead and readpage netfs helpers")
Reported-by: George Law <glaw@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
cc: Matthew Wilcox <willy@infradead.org>
cc: linux-cachefs@redhat.com
cc: linux-fsdevel@vger.kernel.org
Link: https://lore.kernel.org/r/166749229733.107206.17482609105741691452.stgit@warthog.procyon.org.uk/ # v1
Link: https://lore.kernel.org/r/166757987929.950645.12595273010425381286.stgit@warthog.procyon.org.uk/ # v2
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/netfs/buffered_read.c | 9 +++++++--
fs/netfs/io.c | 3 +++
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/fs/netfs/buffered_read.c b/fs/netfs/buffered_read.c
index 0ce535852151..baf668fb4315 100644
--- a/fs/netfs/buffered_read.c
+++ b/fs/netfs/buffered_read.c
@@ -46,10 +46,15 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq)
rcu_read_lock();
xas_for_each(&xas, folio, last_page) {
- unsigned int pgpos = (folio_index(folio) - start_page) * PAGE_SIZE;
- unsigned int pgend = pgpos + folio_size(folio);
+ unsigned int pgpos, pgend;
bool pg_failed = false;
+ if (xas_retry(&xas, folio))
+ continue;
+
+ pgpos = (folio_index(folio) - start_page) * PAGE_SIZE;
+ pgend = pgpos + folio_size(folio);
+
for (;;) {
if (!subreq) {
pg_failed = true;
diff --git a/fs/netfs/io.c b/fs/netfs/io.c
index 428925899282..e374767d1b68 100644
--- a/fs/netfs/io.c
+++ b/fs/netfs/io.c
@@ -121,6 +121,9 @@ static void netfs_rreq_unmark_after_write(struct netfs_io_request *rreq,
XA_STATE(xas, &rreq->mapping->i_pages, subreq->start / PAGE_SIZE);
xas_for_each(&xas, folio, (subreq->start + subreq->len - 1) / PAGE_SIZE) {
+ if (xas_retry(&xas, folio))
+ continue;
+
/* We might have multiple writes from the same huge
* folio, but we mustn't unlock a folio more than once.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 181/314] netfs: Fix dodgy maths
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 180/314] netfs: Fix missing xas_retry() calls in xarray iteration Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 182/314] cifs: add check for returning value of SMB2_close_init Greg Kroah-Hartman
` (140 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox, David Howells,
Jeff Layton, Jingbo Xu, linux-cachefs, linux-fsdevel,
Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 5e51c627c5acbcf82bb552e17533a79d2a6a2600 ]
Fix the dodgy maths in netfs_rreq_unlock_folios(). start_page could be
inside the folio, in which case the calculation of pgpos will be come up
with a negative number (though for the moment rreq->start is rounded down
earlier and folios would have to get merged whilst locked)
Alter how this works to just frame the tracking in terms of absolute file
positions, rather than offsets from the start of the I/O request. This
simplifies the maths and makes it easier to follow.
Fix the issue by using folio_pos() and folio_size() to calculate the end
position of the page.
Fixes: 3d3c95046742 ("netfs: Provide readahead and readpage netfs helpers")
Reported-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
cc: linux-cachefs@redhat.com
cc: linux-fsdevel@vger.kernel.org
Link: https://lore.kernel.org/r/Y2SJw7w1IsIik3nb@casper.infradead.org/
Link: https://lore.kernel.org/r/166757988611.950645.7626959069846893164.stgit@warthog.procyon.org.uk/ # v2
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/netfs/buffered_read.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/fs/netfs/buffered_read.c b/fs/netfs/buffered_read.c
index baf668fb4315..7679a68e8193 100644
--- a/fs/netfs/buffered_read.c
+++ b/fs/netfs/buffered_read.c
@@ -17,9 +17,9 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq)
{
struct netfs_io_subrequest *subreq;
struct folio *folio;
- unsigned int iopos, account = 0;
pgoff_t start_page = rreq->start / PAGE_SIZE;
pgoff_t last_page = ((rreq->start + rreq->len) / PAGE_SIZE) - 1;
+ size_t account = 0;
bool subreq_failed = false;
XA_STATE(xas, &rreq->mapping->i_pages, start_page);
@@ -39,23 +39,23 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq)
*/
subreq = list_first_entry(&rreq->subrequests,
struct netfs_io_subrequest, rreq_link);
- iopos = 0;
subreq_failed = (subreq->error < 0);
trace_netfs_rreq(rreq, netfs_rreq_trace_unlock);
rcu_read_lock();
xas_for_each(&xas, folio, last_page) {
- unsigned int pgpos, pgend;
+ loff_t pg_end;
bool pg_failed = false;
if (xas_retry(&xas, folio))
continue;
- pgpos = (folio_index(folio) - start_page) * PAGE_SIZE;
- pgend = pgpos + folio_size(folio);
+ pg_end = folio_pos(folio) + folio_size(folio) - 1;
for (;;) {
+ loff_t sreq_end;
+
if (!subreq) {
pg_failed = true;
break;
@@ -63,11 +63,11 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq)
if (test_bit(NETFS_SREQ_COPY_TO_CACHE, &subreq->flags))
folio_start_fscache(folio);
pg_failed |= subreq_failed;
- if (pgend < iopos + subreq->len)
+ sreq_end = subreq->start + subreq->len - 1;
+ if (pg_end < sreq_end)
break;
account += subreq->transferred;
- iopos += subreq->len;
if (!list_is_last(&subreq->rreq_link, &rreq->subrequests)) {
subreq = list_next_entry(subreq, rreq_link);
subreq_failed = (subreq->error < 0);
@@ -75,7 +75,8 @@ void netfs_rreq_unlock_folios(struct netfs_io_request *rreq)
subreq = NULL;
subreq_failed = false;
}
- if (pgend == iopos)
+
+ if (pg_end == sreq_end)
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 182/314] cifs: add check for returning value of SMB2_close_init
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 181/314] netfs: Fix dodgy maths Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 183/314] net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() Greg Kroah-Hartman
` (139 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anastasia Belova, Steve French, Sasha Levin
From: Anastasia Belova <abelova@astralinux.ru>
[ Upstream commit d520de6cb42e88a1d008b54f935caf9fc05951da ]
If the returning value of SMB2_close_init is an error-value,
exit the function.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 352d96f3acc6 ("cifs: multichannel: move channel selection above transport layer")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index c258a7b122b6..86a1f282c8b4 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1133,6 +1133,8 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
rqst[2].rq_nvec = 1;
rc = SMB2_close_init(tcon, server,
&rqst[2], COMPOUND_FID, COMPOUND_FID, false);
+ if (rc)
+ goto sea_exit;
smb2_set_related(&rqst[2]);
rc = compound_send_recv(xid, ses, server,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 183/314] net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 182/314] cifs: add check for returning value of SMB2_close_init Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 184/314] net/x25: Fix skb leak in x25_lapb_receive_frame() Greg Kroah-Hartman
` (138 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liu Jian, Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Liu Jian <liujian56@huawei.com>
[ Upstream commit c9b895c6878bdb6789dc1d7af60fd10f4a9f1937 ]
If ag71xx_hw_enable() fails, call phylink_disconnect_phy() to clean up.
And if phylink_of_phy_connect() fails, nothing needs to be done.
Compile tested only.
Fixes: 892e09153fa3 ("net: ag71xx: port to phylink")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/20221114095549.40342-1-liujian56@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/ag71xx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/atheros/ag71xx.c b/drivers/net/ethernet/atheros/ag71xx.c
index e461f4764066..e23d8734d4e4 100644
--- a/drivers/net/ethernet/atheros/ag71xx.c
+++ b/drivers/net/ethernet/atheros/ag71xx.c
@@ -1427,7 +1427,7 @@ static int ag71xx_open(struct net_device *ndev)
if (ret) {
netif_err(ag, link, ndev, "phylink_of_phy_connect filed with err: %i\n",
ret);
- goto err;
+ return ret;
}
max_frame_len = ag71xx_max_frame_len(ndev->mtu);
@@ -1448,6 +1448,7 @@ static int ag71xx_open(struct net_device *ndev)
err:
ag71xx_rings_cleanup(ag);
+ phylink_disconnect_phy(ag->phylink);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 184/314] net/x25: Fix skb leak in x25_lapb_receive_frame()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 183/314] net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 185/314] net: dsa: dont leak tagger-owned storage on switch driver unbind Greg Kroah-Hartman
` (137 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Yongjun, Martin Schiller,
Jakub Kicinski, Sasha Levin
From: Wei Yongjun <weiyongjun1@huawei.com>
[ Upstream commit 2929cceb2fcf0ded7182562e4888afafece82cce ]
x25_lapb_receive_frame() using skb_copy() to get a private copy of
skb, the new skb should be freed in the undersized/fragmented skb
error handling path. Otherwise there is a memory leak.
Fixes: cb101ed2c3c7 ("x25: Handle undersized/fragmented skbs")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Acked-by: Martin Schiller <ms@dev.tdt.de>
Link: https://lore.kernel.org/r/20221114110519.514538-1-weiyongjun@huaweicloud.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/x25/x25_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/x25/x25_dev.c b/net/x25/x25_dev.c
index 5259ef8f5242..748d8630ab58 100644
--- a/net/x25/x25_dev.c
+++ b/net/x25/x25_dev.c
@@ -117,7 +117,7 @@ int x25_lapb_receive_frame(struct sk_buff *skb, struct net_device *dev,
if (!pskb_may_pull(skb, 1)) {
x25_neigh_put(nb);
- return 0;
+ goto drop;
}
switch (skb->data[0]) {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 185/314] net: dsa: dont leak tagger-owned storage on switch driver unbind
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 184/314] net/x25: Fix skb leak in x25_lapb_receive_frame() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 186/314] nvmet: fix a memory leak in nvmet_auth_set_key Greg Kroah-Hartman
` (136 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Saeed Mahameed,
Florian Fainelli, Jakub Kicinski, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 4e0c19fcb8b5323716140fa82b79aa9f60e60407 ]
In the initial commit dc452a471dba ("net: dsa: introduce tagger-owned
storage for private and shared data"), we had a call to
tag_ops->disconnect(dst) issued from dsa_tree_free(), which is called at
tree teardown time.
There were problems with connecting to a switch tree as a whole, so this
got reworked to connecting to individual switches within the tree. In
this process, tag_ops->disconnect(ds) was made to be called only from
switch.c (cross-chip notifiers emitted as a result of dynamic tag proto
changes), but the normal driver teardown code path wasn't replaced with
anything.
Solve this problem by adding a function that does the opposite of
dsa_switch_setup_tag_protocol(), which is called from the equivalent
spot in dsa_switch_teardown(). The positioning here also ensures that we
won't have any use-after-free in tagging protocol (*rcv) ops, since the
teardown sequence is as follows:
dsa_tree_teardown
-> dsa_tree_teardown_master
-> dsa_master_teardown
-> unsets master->dsa_ptr, making no further packets match the
ETH_P_XDSA packet type handler
-> dsa_tree_teardown_ports
-> dsa_port_teardown
-> dsa_slave_destroy
-> unregisters DSA net devices, there is even a synchronize_net()
in unregister_netdevice_many()
-> dsa_tree_teardown_switches
-> dsa_switch_teardown
-> dsa_switch_teardown_tag_protocol
-> finally frees the tagger-owned storage
Fixes: 7f2973149c22 ("net: dsa: make tagging protocols connect to individual switches from a tree")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Saeed Mahameed <saeed@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20221114143551.1906361-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/dsa/dsa2.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
index e537655e442b..befa954b0a47 100644
--- a/net/dsa/dsa2.c
+++ b/net/dsa/dsa2.c
@@ -850,6 +850,14 @@ static int dsa_switch_setup_tag_protocol(struct dsa_switch *ds)
return err;
}
+static void dsa_switch_teardown_tag_protocol(struct dsa_switch *ds)
+{
+ const struct dsa_device_ops *tag_ops = ds->dst->tag_ops;
+
+ if (tag_ops->disconnect)
+ tag_ops->disconnect(ds);
+}
+
static int dsa_switch_setup(struct dsa_switch *ds)
{
struct dsa_devlink_priv *dl_priv;
@@ -953,6 +961,8 @@ static void dsa_switch_teardown(struct dsa_switch *ds)
ds->slave_mii_bus = NULL;
}
+ dsa_switch_teardown_tag_protocol(ds);
+
if (ds->ops->teardown)
ds->ops->teardown(ds);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 186/314] nvmet: fix a memory leak in nvmet_auth_set_key
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 185/314] net: dsa: dont leak tagger-owned storage on switch driver unbind Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 187/314] cifs: Fix wrong return value checking when GETFLAGS Greg Kroah-Hartman
` (135 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sagi Grimberg, Christoph Hellwig,
Sasha Levin
From: Sagi Grimberg <sagi@grimberg.me>
[ Upstream commit 0a52566279b4ee65ecd2503d7b7342851f84755c ]
When changing dhchap secrets we need to release the old
secrets as well.
kmemleak complaint:
--
unreferenced object 0xffff8c7f44ed8180 (size 64):
comm "check", pid 7304, jiffies 4295686133 (age 72034.246s)
hex dump (first 32 bytes):
44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq
79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8
backtrace:
[<00000000b6fc5071>] kstrdup+0x2e/0x60
[<00000000f0f4633f>] 0xffffffffc0e07ee6
[<0000000053006c05>] 0xffffffffc0dff783
[<00000000419ae922>] configfs_write_iter+0xb1/0x120
[<000000008183c424>] vfs_write+0x2be/0x3c0
[<000000009005a2a5>] ksys_write+0x5f/0xe0
[<00000000cd495c89>] do_syscall_64+0x38/0x90
[<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/auth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index c4113b43dbfe..4dcddcf95279 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -45,9 +45,11 @@ int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
if (!dhchap_secret)
return -ENOMEM;
if (set_ctrl) {
+ kfree(host->dhchap_ctrl_secret);
host->dhchap_ctrl_secret = strim(dhchap_secret);
host->dhchap_ctrl_key_hash = key_hash;
} else {
+ kfree(host->dhchap_secret);
host->dhchap_secret = strim(dhchap_secret);
host->dhchap_key_hash = key_hash;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 187/314] cifs: Fix wrong return value checking when GETFLAGS
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 186/314] nvmet: fix a memory leak in nvmet_auth_set_key Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 188/314] net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init() Greg Kroah-Hartman
` (134 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Xiaoxu, Steve French, Sasha Levin
From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
[ Upstream commit 92bbd67a55fee50743b42825d1c016e7fd5c79f9 ]
The return value of CIFSGetExtAttr is negative, should be checked
with -EOPNOTSUPP rather than EOPNOTSUPP.
Fixes: 64a5cfa6db94 ("Allow setting per-file compression via SMB2/3")
Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/ioctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/ioctl.c b/fs/cifs/ioctl.c
index b6e6e5d6c8dd..baccda02deab 100644
--- a/fs/cifs/ioctl.c
+++ b/fs/cifs/ioctl.c
@@ -343,7 +343,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
rc = put_user(ExtAttrBits &
FS_FL_USER_VISIBLE,
(int __user *)arg);
- if (rc != EOPNOTSUPP)
+ if (rc != -EOPNOTSUPP)
break;
}
#endif /* CONFIG_CIFS_ALLOW_INSECURE_LEGACY */
@@ -373,7 +373,7 @@ long cifs_ioctl(struct file *filep, unsigned int command, unsigned long arg)
* pSMBFile->fid.netfid,
* extAttrBits,
* &ExtAttrMask);
- * if (rc != EOPNOTSUPP)
+ * if (rc != -EOPNOTSUPP)
* break;
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 188/314] net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 187/314] cifs: Fix wrong return value checking when GETFLAGS Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 189/314] net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() Greg Kroah-Hartman
` (133 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Horatiu Vultur,
David S. Miller, Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit ba86af3733aece88dbcee0dfebf7e2dcfefb2be4 ]
lan966x_stats_init() calls create_singlethread_workqueue() and not
checked the ret value, which may return NULL. And a null-ptr-deref may
happen:
lan966x_stats_init()
create_singlethread_workqueue() # failed, lan966x->stats_queue is NULL
queue_delayed_work()
queue_delayed_work_on()
__queue_delayed_work() # warning here, but continue
__queue_work() # access wq->flags, null-ptr-deref
Check the ret value and return -ENOMEM if it is NULL.
Fixes: 12c2d0a5b8e2 ("net: lan966x: add ethtool configuration and statistics")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Reviewed-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c b/drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c
index fea42542be28..06811c60d598 100644
--- a/drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c
+++ b/drivers/net/ethernet/microchip/lan966x/lan966x_ethtool.c
@@ -716,6 +716,9 @@ int lan966x_stats_init(struct lan966x *lan966x)
snprintf(queue_name, sizeof(queue_name), "%s-stats",
dev_name(lan966x->dev));
lan966x->stats_queue = create_singlethread_workqueue(queue_name);
+ if (!lan966x->stats_queue)
+ return -ENOMEM;
+
INIT_DELAYED_WORK(&lan966x->stats_work, lan966x_check_stats_work);
queue_delayed_work(lan966x->stats_queue, &lan966x->stats_work,
LAN966X_STATS_CHECK_DELAY);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 189/314] net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 188/314] net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 190/314] net: thunderbolt: Fix error handling in tbnet_init() Greg Kroah-Hartman
` (132 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, David S. Miller,
Sasha Levin
From: Shang XiaoJing <shangxiaojing@huawei.com>
[ Upstream commit 639f5d006e36bb303f525d9479448c412b720c39 ]
sparx_stats_init() calls create_singlethread_workqueue() and not
checked the ret value, which may return NULL. And a null-ptr-deref may
happen:
sparx_stats_init()
create_singlethread_workqueue() # failed, sparx5->stats_queue is NULL
queue_delayed_work()
queue_delayed_work_on()
__queue_delayed_work() # warning here, but continue
__queue_work() # access wq->flags, null-ptr-deref
Check the ret value and return -ENOMEM if it is NULL. So as
sparx5_start().
Fixes: af4b11022e2d ("net: sparx5: add ethtool configuration and statistics support")
Fixes: b37a1bae742f ("net: sparx5: add mactable support")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.c | 3 +++
drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.c b/drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.c
index 6b0febcb7fa9..01f3a3a41cdb 100644
--- a/drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.c
+++ b/drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.c
@@ -1253,6 +1253,9 @@ int sparx_stats_init(struct sparx5 *sparx5)
snprintf(queue_name, sizeof(queue_name), "%s-stats",
dev_name(sparx5->dev));
sparx5->stats_queue = create_singlethread_workqueue(queue_name);
+ if (!sparx5->stats_queue)
+ return -ENOMEM;
+
INIT_DELAYED_WORK(&sparx5->stats_work, sparx5_check_stats_work);
queue_delayed_work(sparx5->stats_queue, &sparx5->stats_work,
SPX5_STATS_CHECK_DELAY);
diff --git a/drivers/net/ethernet/microchip/sparx5/sparx5_main.c b/drivers/net/ethernet/microchip/sparx5/sparx5_main.c
index 01be7bd84181..30815c0e3f76 100644
--- a/drivers/net/ethernet/microchip/sparx5/sparx5_main.c
+++ b/drivers/net/ethernet/microchip/sparx5/sparx5_main.c
@@ -657,6 +657,9 @@ static int sparx5_start(struct sparx5 *sparx5)
snprintf(queue_name, sizeof(queue_name), "%s-mact",
dev_name(sparx5->dev));
sparx5->mact_queue = create_singlethread_workqueue(queue_name);
+ if (!sparx5->mact_queue)
+ return -ENOMEM;
+
INIT_DELAYED_WORK(&sparx5->mact_work, sparx5_mact_pull_work);
queue_delayed_work(sparx5->mact_queue, &sparx5->mact_work,
SPX5_MACT_PULL_DELAY);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 190/314] net: thunderbolt: Fix error handling in tbnet_init()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 189/314] net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 191/314] s390: avoid using global register for current_stack_pointer Greg Kroah-Hartman
` (131 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Mika Westerberg,
David S. Miller, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2 ]
A problem about insmod thunderbolt-net failed is triggered with following
log given while lsmod does not show thunderbolt_net:
insmod: ERROR: could not insert module thunderbolt-net.ko: File exists
The reason is that tbnet_init() returns tb_register_service_driver()
directly without checking its return value, if tb_register_service_driver()
failed, it returns without removing property directory, resulting the
property directory can never be created later.
tbnet_init()
tb_register_property_dir() # register property directory
tb_register_service_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without remove property directory
Fix by remove property directory when tb_register_service_driver() returns
error.
Fixes: e69b6c02b4c3 ("net: Add support for networking over Thunderbolt cable")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/thunderbolt.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/net/thunderbolt.c b/drivers/net/thunderbolt.c
index ab3f04562980..8391f8303499 100644
--- a/drivers/net/thunderbolt.c
+++ b/drivers/net/thunderbolt.c
@@ -1379,12 +1379,21 @@ static int __init tbnet_init(void)
TBNET_MATCH_FRAGS_ID | TBNET_64K_FRAMES);
ret = tb_register_property_dir("network", tbnet_dir);
- if (ret) {
- tb_property_free_dir(tbnet_dir);
- return ret;
- }
+ if (ret)
+ goto err_free_dir;
+
+ ret = tb_register_service_driver(&tbnet_driver);
+ if (ret)
+ goto err_unregister;
- return tb_register_service_driver(&tbnet_driver);
+ return 0;
+
+err_unregister:
+ tb_unregister_property_dir("network", tbnet_dir);
+err_free_dir:
+ tb_property_free_dir(tbnet_dir);
+
+ return ret;
}
module_init(tbnet_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 191/314] s390: avoid using global register for current_stack_pointer
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 190/314] net: thunderbolt: Fix error handling in tbnet_init() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 192/314] cifs: add check for returning value of SMB2_set_info_init Greg Kroah-Hartman
` (130 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev, Sasha Levin
From: Vasily Gorbik <gor@linux.ibm.com>
[ Upstream commit e3c11025bcd2142a61abe5806b2f86a0e78118df ]
Commit 30de14b1884b ("s390: current_stack_pointer shouldn't be a
function") made current_stack_pointer a global register variable like
on many other architectures. Unfortunately on s390 it uncovers old
gcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87
("S/390: Fix PR89775. Stackpointer save/restore instructions removed")]
and backported to gcc-8.4 and later. Due to this bug gcc versions prior
to 8.4 generate broken code which leads to stack corruptions.
Current minimal gcc version required to build the kernel is declared
as 5.1. It is not possible to fix all old gcc versions, so work
around this problem by avoiding using global register variable for
current_stack_pointer.
Fixes: 30de14b1884b ("s390: current_stack_pointer shouldn't be a function")
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/include/asm/processor.h | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/s390/include/asm/processor.h b/arch/s390/include/asm/processor.h
index bd66f8e34949..00f45d8f1efa 100644
--- a/arch/s390/include/asm/processor.h
+++ b/arch/s390/include/asm/processor.h
@@ -202,7 +202,16 @@ unsigned long __get_wchan(struct task_struct *p);
/* Has task runtime instrumentation enabled ? */
#define is_ri_task(tsk) (!!(tsk)->thread.ri_cb)
-register unsigned long current_stack_pointer asm("r15");
+/* avoid using global register due to gcc bug in versions < 8.4 */
+#define current_stack_pointer (__current_stack_pointer())
+
+static __always_inline unsigned long __current_stack_pointer(void)
+{
+ unsigned long sp;
+
+ asm volatile("lgr %0,15" : "=d" (sp));
+ return sp;
+}
static __always_inline unsigned short stap(void)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 192/314] cifs: add check for returning value of SMB2_set_info_init
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 191/314] s390: avoid using global register for current_stack_pointer Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 193/314] netdevsim: Fix memory leak of nsim_dev->fa_cookie Greg Kroah-Hartman
` (129 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Anastasia Belova, Steve French, Sasha Levin
From: Anastasia Belova <abelova@astralinux.ru>
[ Upstream commit a51e5d293dd1c2e7bf6f7be788466cd9b5d280fb ]
If the returning value of SMB2_set_info_init is an error-value,
exit the function.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 0967e5457954 ("cifs: use a compound for setting an xattr")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 86a1f282c8b4..b724bf42b540 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1123,6 +1123,8 @@ smb2_set_ea(const unsigned int xid, struct cifs_tcon *tcon,
COMPOUND_FID, current->tgid,
FILE_FULL_EA_INFORMATION,
SMB2_O_INFO_FILE, 0, data, size);
+ if (rc)
+ goto sea_exit;
smb2_set_next_command(tcon, &rqst[1]);
smb2_set_related(&rqst[1]);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 193/314] netdevsim: Fix memory leak of nsim_dev->fa_cookie
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 192/314] cifs: add check for returning value of SMB2_set_info_init Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 194/314] block: make dma_alignment a stacking queue_limit Greg Kroah-Hartman
` (128 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Yufen, Jiri Pirko,
Jakub Kicinski, Sasha Levin
From: Wang Yufen <wangyufen@huawei.com>
[ Upstream commit 064bc7312bd09a48798418663090be0c776183db ]
kmemleak reports this issue:
unreferenced object 0xffff8881bac872d0 (size 8):
comm "sh", pid 58603, jiffies 4481524462 (age 68.065s)
hex dump (first 8 bytes):
04 00 00 00 de ad be ef ........
backtrace:
[<00000000c80b8577>] __kmalloc+0x49/0x150
[<000000005292b8c6>] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim]
[<0000000093d78e77>] full_proxy_write+0xf3/0x180
[<000000005a662c16>] vfs_write+0x1c5/0xaf0
[<000000007aabf84a>] ksys_write+0xed/0x1c0
[<000000005f1d2e47>] do_syscall_64+0x3b/0x90
[<000000006001c6ec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
The issue occurs in the following scenarios:
nsim_dev_trap_fa_cookie_write()
kmalloc() fa_cookie
nsim_dev->fa_cookie = fa_cookie
..
nsim_drv_remove()
The fa_cookie allocked in nsim_dev_trap_fa_cookie_write() is not freed. To
fix, add kfree(nsim_dev->fa_cookie) to nsim_drv_remove().
Fixes: d3cbb907ae57 ("netdevsim: add ACL trap reporting cookie as a metadata")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Cc: Jiri Pirko <jiri@mellanox.com>
Link: https://lore.kernel.org/r/1668504625-14698-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/netdevsim/dev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/netdevsim/dev.c b/drivers/net/netdevsim/dev.c
index b17e4e94a060..38562ed833da 100644
--- a/drivers/net/netdevsim/dev.c
+++ b/drivers/net/netdevsim/dev.c
@@ -1675,6 +1675,7 @@ void nsim_drv_remove(struct nsim_bus_dev *nsim_bus_dev)
ARRAY_SIZE(nsim_devlink_params));
devl_resources_unregister(devlink);
kfree(nsim_dev->vfconfigs);
+ kfree(nsim_dev->fa_cookie);
devl_unlock(devlink);
devlink_free(devlink);
dev_set_drvdata(&nsim_bus_dev->dev, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 194/314] block: make dma_alignment a stacking queue_limit
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 193/314] netdevsim: Fix memory leak of nsim_dev->fa_cookie Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 195/314] dm-crypt: provide dma_alignment limit in io_hints Greg Kroah-Hartman
` (127 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Christoph Hellwig,
Jens Axboe, Sasha Levin
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit c964d62f5cab7b43dd0534f22a96eab386c6ec5d ]
Device mappers had always been getting the default 511 dma mask, but
the underlying device might have a larger alignment requirement. Since
this value is used to determine alloweable direct-io alignment, this
needs to be a stackable limit.
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20221110184501.2451620-2-kbusch@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 86e4d3e8d183 ("dm-crypt: provide dma_alignment limit in io_hints")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-core.c | 1 -
block/blk-settings.c | 8 +++++---
include/linux/blkdev.h | 15 ++++++++-------
3 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 651057c4146b..2fbdf17f2206 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -426,7 +426,6 @@ struct request_queue *blk_alloc_queue(int node_id, bool alloc_srcu)
PERCPU_REF_INIT_ATOMIC, GFP_KERNEL))
goto fail_stats;
- blk_queue_dma_alignment(q, 511);
blk_set_default_limits(&q->limits);
q->nr_requests = BLKDEV_DEFAULT_RQ;
diff --git a/block/blk-settings.c b/block/blk-settings.c
index 8bb9eef5310e..4949ed3ce7c9 100644
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -57,6 +57,7 @@ void blk_set_default_limits(struct queue_limits *lim)
lim->misaligned = 0;
lim->zoned = BLK_ZONED_NONE;
lim->zone_write_granularity = 0;
+ lim->dma_alignment = 511;
}
EXPORT_SYMBOL(blk_set_default_limits);
@@ -600,6 +601,7 @@ int blk_stack_limits(struct queue_limits *t, struct queue_limits *b,
t->io_min = max(t->io_min, b->io_min);
t->io_opt = lcm_not_zero(t->io_opt, b->io_opt);
+ t->dma_alignment = max(t->dma_alignment, b->dma_alignment);
/* Set non-power-of-2 compatible chunk_sectors boundary */
if (b->chunk_sectors)
@@ -773,7 +775,7 @@ EXPORT_SYMBOL(blk_queue_virt_boundary);
**/
void blk_queue_dma_alignment(struct request_queue *q, int mask)
{
- q->dma_alignment = mask;
+ q->limits.dma_alignment = mask;
}
EXPORT_SYMBOL(blk_queue_dma_alignment);
@@ -795,8 +797,8 @@ void blk_queue_update_dma_alignment(struct request_queue *q, int mask)
{
BUG_ON(mask > PAGE_SIZE);
- if (mask > q->dma_alignment)
- q->dma_alignment = mask;
+ if (mask > q->limits.dma_alignment)
+ q->limits.dma_alignment = mask;
}
EXPORT_SYMBOL(blk_queue_update_dma_alignment);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 84b13fdd34a7..79624711fda7 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -311,6 +311,13 @@ struct queue_limits {
unsigned char discard_misaligned;
unsigned char raid_partial_stripes_expensive;
enum blk_zoned_model zoned;
+
+ /*
+ * Drivers that set dma_alignment to less than 511 must be prepared to
+ * handle individual bvec's that are not a multiple of a SECTOR_SIZE
+ * due to possible offsets.
+ */
+ unsigned int dma_alignment;
};
typedef int (*report_zones_cb)(struct blk_zone *zone, unsigned int idx,
@@ -456,12 +463,6 @@ struct request_queue {
unsigned long nr_requests; /* Max # of requests */
unsigned int dma_pad_mask;
- /*
- * Drivers that set dma_alignment to less than 511 must be prepared to
- * handle individual bvec's that are not a multiple of a SECTOR_SIZE
- * due to possible offsets.
- */
- unsigned int dma_alignment;
#ifdef CONFIG_BLK_INLINE_ENCRYPTION
struct blk_crypto_profile *crypto_profile;
@@ -1311,7 +1312,7 @@ static inline sector_t bdev_zone_sectors(struct block_device *bdev)
static inline int queue_dma_alignment(const struct request_queue *q)
{
- return q ? q->dma_alignment : 511;
+ return q ? q->limits.dma_alignment : 511;
}
static inline unsigned int bdev_dma_alignment(struct block_device *bdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 195/314] dm-crypt: provide dma_alignment limit in io_hints
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 194/314] block: make dma_alignment a stacking queue_limit Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 196/314] ftrace: Fix the possible incorrect kernel message Greg Kroah-Hartman
` (126 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitrii Tcvetkov, Keith Busch,
Mike Snitzer, Jens Axboe, Sasha Levin, Eric Biggers
From: Keith Busch <kbusch@kernel.org>
[ Upstream commit 86e4d3e8d1838ca88fb9267e669c36f6c8f7c6cd ]
This device mapper needs bio vectors to be sized and memory aligned to
the logical block size. Set the minimum required queue limit
accordingly.
Link: https://lore.kernel.org/linux-block/20221101001558.648ee024@xps.demsh.org/
Fixes: b1a000d3b8ec5 ("block: relax direct io memory alignment")
Reportred-by: Eric Biggers <ebiggers@kernel.org>
Reported-by: Dmitrii Tcvetkov <me@demsh.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Mike Snitzer <snitzer@kernel.org>
Link: https://lore.kernel.org/r/20221110184501.2451620-3-kbusch@meta.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-crypt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 159c6806c19b..2653516bcdef 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -3630,6 +3630,7 @@ static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits)
limits->physical_block_size =
max_t(unsigned, limits->physical_block_size, cc->sector_size);
limits->io_min = max_t(unsigned, limits->io_min, cc->sector_size);
+ limits->dma_alignment = limits->logical_block_size - 1;
}
static struct target_type crypt_target = {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 196/314] ftrace: Fix the possible incorrect kernel message
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 195/314] dm-crypt: provide dma_alignment limit in io_hints Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 197/314] ftrace: Optimize the allocation for mcount entries Greg Kroah-Hartman
` (125 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, mark.rutland,
Wang Wensheng, Steven Rostedt (Google)
From: Wang Wensheng <wangwensheng4@huawei.com>
commit 08948caebe93482db1adfd2154eba124f66d161d upstream.
If the number of mcount entries is an integer multiple of
ENTRIES_PER_PAGE, the page count showing on the console would be wrong.
Link: https://lkml.kernel.org/r/20221109094434.84046-2-wangwensheng4@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <mark.rutland@arm.com>
Cc: stable@vger.kernel.org
Fixes: 5821e1b74f0d0 ("function tracing: fix wrong pos computing when read buffer has been fulfilled")
Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -7394,7 +7394,7 @@ void __init ftrace_init(void)
}
pr_info("ftrace: allocating %ld entries in %ld pages\n",
- count, count / ENTRIES_PER_PAGE + 1);
+ count, DIV_ROUND_UP(count, ENTRIES_PER_PAGE));
ret = ftrace_process_locs(NULL,
__start_mcount_loc,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 197/314] ftrace: Optimize the allocation for mcount entries
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 196/314] ftrace: Fix the possible incorrect kernel message Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 198/314] ftrace: Fix null pointer dereference in ftrace_add_mod() Greg Kroah-Hartman
` (124 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, mark.rutland,
Wang Wensheng, Steven Rostedt (Google)
From: Wang Wensheng <wangwensheng4@huawei.com>
commit bcea02b096333dc74af987cb9685a4dbdd820840 upstream.
If we can't allocate this size, try something smaller with half of the
size. Its order should be decreased by one instead of divided by two.
Link: https://lkml.kernel.org/r/20221109094434.84046-3-wangwensheng4@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <mark.rutland@arm.com>
Cc: stable@vger.kernel.org
Fixes: a79008755497d ("ftrace: Allocate the mcount record pages as groups")
Signed-off-by: Wang Wensheng <wangwensheng4@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -3193,7 +3193,7 @@ static int ftrace_allocate_records(struc
/* if we can't allocate this size, try something smaller */
if (!order)
return -ENOMEM;
- order >>= 1;
+ order--;
goto again;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 198/314] ftrace: Fix null pointer dereference in ftrace_add_mod()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 197/314] ftrace: Optimize the allocation for mcount entries Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 199/314] ring_buffer: Do not deactivate non-existant pages Greg Kroah-Hartman
` (123 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiu Jianfeng, Steven Rostedt (Google)
From: Xiu Jianfeng <xiujianfeng@huawei.com>
commit 19ba6c8af9382c4c05dc6a0a79af3013b9a35cd0 upstream.
The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}
of @ftrace_mode->list are NULL, it's not a valid state to call list_del().
If kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free
tag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del()
will write prev->next and next->prev, where null pointer dereference
happens.
BUG: kernel NULL pointer dereference, address: 0000000000000008
Oops: 0002 [#1] PREEMPT SMP NOPTI
Call Trace:
<TASK>
ftrace_mod_callback+0x20d/0x220
? do_filp_open+0xd9/0x140
ftrace_process_regex.isra.51+0xbf/0x130
ftrace_regex_write.isra.52.part.53+0x6e/0x90
vfs_write+0xee/0x3a0
? __audit_filter_op+0xb1/0x100
? auditd_test_task+0x38/0x50
ksys_write+0xa5/0xe0
do_syscall_64+0x3a/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Kernel panic - not syncing: Fatal exception
So call INIT_LIST_HEAD() to initialize the list member to fix this issue.
Link: https://lkml.kernel.org/r/20221116015207.30858-1-xiujianfeng@huawei.com
Cc: stable@vger.kernel.org
Fixes: 673feb9d76ab ("ftrace: Add :mod: caching infrastructure to trace_array")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ftrace.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1289,6 +1289,7 @@ static int ftrace_add_mod(struct trace_a
if (!ftrace_mod)
return -ENOMEM;
+ INIT_LIST_HEAD(&ftrace_mod->list);
ftrace_mod->func = kstrdup(func, GFP_KERNEL);
ftrace_mod->module = kstrdup(module, GFP_KERNEL);
ftrace_mod->enable = enable;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 199/314] ring_buffer: Do not deactivate non-existant pages
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 198/314] ftrace: Fix null pointer dereference in ftrace_add_mod() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 200/314] tracing: Fix memory leak in tracing_read_pipe() Greg Kroah-Hartman
` (122 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniil Tatianin, Steven Rostedt (Google)
From: Daniil Tatianin <d-tatianin@yandex-team.ru>
commit 56f4ca0a79a9f1af98f26c54b9b89ba1f9bcc6bd upstream.
rb_head_page_deactivate() expects cpu_buffer to contain a valid list of
->pages, so verify that the list is actually present before calling it.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Link: https://lkml.kernel.org/r/20221114143129.3534443-1-d-tatianin@yandex-team.ru
Cc: stable@vger.kernel.org
Fixes: 77ae365eca895 ("ring-buffer: make lockless")
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1769,9 +1769,9 @@ static void rb_free_cpu_buffer(struct ri
free_buffer_page(cpu_buffer->reader_page);
- rb_head_page_deactivate(cpu_buffer);
-
if (head) {
+ rb_head_page_deactivate(cpu_buffer);
+
list_for_each_entry_safe(bpage, tmp, head, list) {
list_del_init(&bpage->list);
free_buffer_page(bpage);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 200/314] tracing: Fix memory leak in tracing_read_pipe()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 199/314] ring_buffer: Do not deactivate non-existant pages Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 201/314] tracing/ring-buffer: Have polling block on watermark Greg Kroah-Hartman
` (121 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu (Google),
Wang Yufen, Steven Rostedt (Google)
From: Wang Yufen <wangyufen@huawei.com>
commit 649e72070cbbb8600eb823833e4748f5a0815116 upstream.
kmemleak reports this issue:
unreferenced object 0xffff888105a18900 (size 128):
comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)
hex dump (first 32 bytes):
25 73 00 90 81 88 ff ff 26 05 00 00 42 01 58 04 %s......&...B.X.
03 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000560143a1>] __kmalloc_node_track_caller+0x4a/0x140
[<000000006af00822>] krealloc+0x8d/0xf0
[<00000000c309be6a>] trace_iter_expand_format+0x99/0x150
[<000000005a53bdb6>] trace_check_vprintf+0x1e0/0x11d0
[<0000000065629d9d>] trace_event_printf+0xb6/0xf0
[<000000009a690dc7>] trace_raw_output_bpf_trace_printk+0x89/0xc0
[<00000000d22db172>] print_trace_line+0x73c/0x1480
[<00000000cdba76ba>] tracing_read_pipe+0x45c/0x9f0
[<0000000015b58459>] vfs_read+0x17b/0x7c0
[<000000004aeee8ed>] ksys_read+0xed/0x1c0
[<0000000063d3d898>] do_syscall_64+0x3b/0x90
[<00000000a06dda7f>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
iter->fmt alloced in
tracing_read_pipe() -> .. ->trace_iter_expand_format(), but not
freed, to fix, add free in tracing_release_pipe()
Link: https://lkml.kernel.org/r/1667819090-4643-1-git-send-email-wangyufen@huawei.com
Cc: stable@vger.kernel.org
Fixes: efbbdaa22bb7 ("tracing: Show real address for trace event arguments")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6657,6 +6657,7 @@ static int tracing_release_pipe(struct i
mutex_unlock(&trace_types_lock);
free_cpumask_var(iter->started);
+ kfree(iter->fmt);
mutex_destroy(&iter->mutex);
kfree(iter);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 201/314] tracing/ring-buffer: Have polling block on watermark
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 200/314] tracing: Fix memory leak in tracing_read_pipe() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 202/314] tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() Greg Kroah-Hartman
` (120 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linux Trace Kernel,
Masami Hiramatsu, Mathieu Desnoyers, Primiano Tucci,
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 42fb0a1e84ff525ebe560e2baf9451ab69127e2b upstream.
Currently the way polling works on the ring buffer is broken. It will
return immediately if there's any data in the ring buffer whereas a read
will block until the watermark (defined by the tracefs buffer_percent file)
is hit.
That is, a select() or poll() will return as if there's data available,
but then the following read will block. This is broken for the way
select()s and poll()s are supposed to work.
Have the polling on the ring buffer also block the same way reads and
splice does on the ring buffer.
Link: https://lkml.kernel.org/r/20221020231427.41be3f26@gandalf.local.home
Cc: Linux Trace Kernel <linux-trace-kernel@vger.kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Primiano Tucci <primiano@google.com>
Cc: stable@vger.kernel.org
Fixes: 1e0d6714aceb7 ("ring-buffer: Do not wake up a splice waiter when page is not full")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ring_buffer.h | 2 -
kernel/trace/ring_buffer.c | 55 ++++++++++++++++++++++++++++----------------
kernel/trace/trace.c | 2 -
3 files changed, 38 insertions(+), 21 deletions(-)
--- a/include/linux/ring_buffer.h
+++ b/include/linux/ring_buffer.h
@@ -100,7 +100,7 @@ __ring_buffer_alloc(unsigned long size,
int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full);
__poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
- struct file *filp, poll_table *poll_table);
+ struct file *filp, poll_table *poll_table, int full);
void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu);
#define RING_BUFFER_ALL_CPUS -1
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -907,6 +907,21 @@ size_t ring_buffer_nr_dirty_pages(struct
return cnt - read;
}
+static __always_inline bool full_hit(struct trace_buffer *buffer, int cpu, int full)
+{
+ struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu];
+ size_t nr_pages;
+ size_t dirty;
+
+ nr_pages = cpu_buffer->nr_pages;
+ if (!nr_pages || !full)
+ return true;
+
+ dirty = ring_buffer_nr_dirty_pages(buffer, cpu);
+
+ return (dirty * 100) > (full * nr_pages);
+}
+
/*
* rb_wake_up_waiters - wake up tasks waiting for ring buffer input
*
@@ -1046,22 +1061,20 @@ int ring_buffer_wait(struct trace_buffer
!ring_buffer_empty_cpu(buffer, cpu)) {
unsigned long flags;
bool pagebusy;
- size_t nr_pages;
- size_t dirty;
+ bool done;
if (!full)
break;
raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page;
- nr_pages = cpu_buffer->nr_pages;
- dirty = ring_buffer_nr_dirty_pages(buffer, cpu);
+ done = !pagebusy && full_hit(buffer, cpu, full);
+
if (!cpu_buffer->shortest_full ||
cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
- if (!pagebusy &&
- (!nr_pages || (dirty * 100) > full * nr_pages))
+ if (done)
break;
}
@@ -1087,6 +1100,7 @@ int ring_buffer_wait(struct trace_buffer
* @cpu: the cpu buffer to wait on
* @filp: the file descriptor
* @poll_table: The poll descriptor
+ * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS
*
* If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon
* as data is added to any of the @buffer's cpu buffers. Otherwise
@@ -1096,14 +1110,15 @@ int ring_buffer_wait(struct trace_buffer
* zero otherwise.
*/
__poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
- struct file *filp, poll_table *poll_table)
+ struct file *filp, poll_table *poll_table, int full)
{
struct ring_buffer_per_cpu *cpu_buffer;
struct rb_irq_work *work;
- if (cpu == RING_BUFFER_ALL_CPUS)
+ if (cpu == RING_BUFFER_ALL_CPUS) {
work = &buffer->irq_work;
- else {
+ full = 0;
+ } else {
if (!cpumask_test_cpu(cpu, buffer->cpumask))
return -EINVAL;
@@ -1111,8 +1126,14 @@ __poll_t ring_buffer_poll_wait(struct tr
work = &cpu_buffer->irq_work;
}
- poll_wait(filp, &work->waiters, poll_table);
- work->waiters_pending = true;
+ if (full) {
+ poll_wait(filp, &work->full_waiters, poll_table);
+ work->full_waiters_pending = true;
+ } else {
+ poll_wait(filp, &work->waiters, poll_table);
+ work->waiters_pending = true;
+ }
+
/*
* There's a tight race between setting the waiters_pending and
* checking if the ring buffer is empty. Once the waiters_pending bit
@@ -1128,6 +1149,9 @@ __poll_t ring_buffer_poll_wait(struct tr
*/
smp_mb();
+ if (full)
+ return full_hit(buffer, cpu, full) ? EPOLLIN | EPOLLRDNORM : 0;
+
if ((cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) ||
(cpu != RING_BUFFER_ALL_CPUS && !ring_buffer_empty_cpu(buffer, cpu)))
return EPOLLIN | EPOLLRDNORM;
@@ -3155,10 +3179,6 @@ static void rb_commit(struct ring_buffer
static __always_inline void
rb_wakeups(struct trace_buffer *buffer, struct ring_buffer_per_cpu *cpu_buffer)
{
- size_t nr_pages;
- size_t dirty;
- size_t full;
-
if (buffer->irq_work.waiters_pending) {
buffer->irq_work.waiters_pending = false;
/* irq_work_queue() supplies it's own memory barriers */
@@ -3182,10 +3202,7 @@ rb_wakeups(struct trace_buffer *buffer,
cpu_buffer->last_pages_touch = local_read(&cpu_buffer->pages_touched);
- full = cpu_buffer->shortest_full;
- nr_pages = cpu_buffer->nr_pages;
- dirty = ring_buffer_nr_dirty_pages(buffer, cpu_buffer->cpu);
- if (full && nr_pages && (dirty * 100) <= full * nr_pages)
+ if (!full_hit(buffer, cpu_buffer->cpu, cpu_buffer->shortest_full))
return;
cpu_buffer->irq_work.wakeup_full = true;
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6682,7 +6682,7 @@ trace_poll(struct trace_iterator *iter,
return EPOLLIN | EPOLLRDNORM;
else
return ring_buffer_poll_wait(iter->array_buffer->buffer, iter->cpu_file,
- filp, poll_table);
+ filp, poll_table, iter->tr->buffer_percent);
}
static __poll_t
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 202/314] tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 201/314] tracing/ring-buffer: Have polling block on watermark Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 203/314] tracing: Fix wild-memory-access in register_synth_event() Greg Kroah-Hartman
` (119 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, zanussi, fengguang.wu,
Shang XiaoJing, Steven Rostedt (Google)
From: Shang XiaoJing <shangxiaojing@huawei.com>
commit a4527fef9afe5c903c718d0cd24609fe9c754250 upstream.
test_gen_synth_cmd() only free buf in fail path, hence buf will leak
when there is no failure. Add kfree(buf) to prevent the memleak. The
same reason and solution in test_empty_synth_event().
unreferenced object 0xffff8881127de000 (size 2048):
comm "modprobe", pid 247, jiffies 4294972316 (age 78.756s)
hex dump (first 32 bytes):
20 67 65 6e 5f 73 79 6e 74 68 5f 74 65 73 74 20 gen_synth_test
20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 64 5f pid_t next_pid_
backtrace:
[<000000004254801a>] kmalloc_trace+0x26/0x100
[<0000000039eb1cf5>] 0xffffffffa00083cd
[<000000000e8c3bc8>] 0xffffffffa00086ba
[<00000000c293d1ea>] do_one_initcall+0xdb/0x480
[<00000000aa189e6d>] do_init_module+0x1cf/0x680
[<00000000d513222b>] load_module+0x6a50/0x70a0
[<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0
[<00000000b36c4c0f>] do_syscall_64+0x3f/0x90
[<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
unreferenced object 0xffff8881127df000 (size 2048):
comm "modprobe", pid 247, jiffies 4294972324 (age 78.728s)
hex dump (first 32 bytes):
20 65 6d 70 74 79 5f 73 79 6e 74 68 5f 74 65 73 empty_synth_tes
74 20 20 70 69 64 5f 74 20 6e 65 78 74 5f 70 69 t pid_t next_pi
backtrace:
[<000000004254801a>] kmalloc_trace+0x26/0x100
[<00000000d4db9a3d>] 0xffffffffa0008071
[<00000000c31354a5>] 0xffffffffa00086ce
[<00000000c293d1ea>] do_one_initcall+0xdb/0x480
[<00000000aa189e6d>] do_init_module+0x1cf/0x680
[<00000000d513222b>] load_module+0x6a50/0x70a0
[<000000001fd4d529>] __do_sys_finit_module+0x12f/0x1c0
[<00000000b36c4c0f>] do_syscall_64+0x3f/0x90
[<00000000bbf20cf3>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Link: https://lkml.kernel.org/r/20221117012346.22647-2-shangxiaojing@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <zanussi@kernel.org>
Cc: <fengguang.wu@intel.com>
Cc: stable@vger.kernel.org
Fixes: 9fe41efaca08 ("tracing: Add synth event generation test module")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/synth_event_gen_test.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
--- a/kernel/trace/synth_event_gen_test.c
+++ b/kernel/trace/synth_event_gen_test.c
@@ -120,15 +120,13 @@ static int __init test_gen_synth_cmd(voi
/* Now generate a gen_synth_test event */
ret = synth_event_trace_array(gen_synth_test, vals, ARRAY_SIZE(vals));
- out:
+ free:
+ kfree(buf);
return ret;
delete:
/* We got an error after creating the event, delete it */
synth_event_delete("gen_synth_test");
- free:
- kfree(buf);
-
- goto out;
+ goto free;
}
/*
@@ -227,15 +225,13 @@ static int __init test_empty_synth_event
/* Now trace an empty_synth_test event */
ret = synth_event_trace_array(empty_synth_test, vals, ARRAY_SIZE(vals));
- out:
+ free:
+ kfree(buf);
return ret;
delete:
/* We got an error after creating the event, delete it */
synth_event_delete("empty_synth_test");
- free:
- kfree(buf);
-
- goto out;
+ goto free;
}
static struct synth_field_desc create_synth_test_fields[] = {
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 203/314] tracing: Fix wild-memory-access in register_synth_event()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 202/314] tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 204/314] tracing: Fix race where eprobes can be called before the event Greg Kroah-Hartman
` (118 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, mhiramat, zanussi,
fengguang.wu, Steven Rostedt (Google)
From: Shang XiaoJing <shangxiaojing@huawei.com>
commit 1b5f1c34d3f5a664a57a5a7557a50e4e3cc2505c upstream.
In register_synth_event(), if set_synth_event_print_fmt() failed, then
both trace_remove_event_call() and unregister_trace_event() will be
called, which means the trace_event_call will call
__unregister_trace_event() twice. As the result, the second unregister
will causes the wild-memory-access.
register_synth_event
set_synth_event_print_fmt failed
trace_remove_event_call
event_remove
if call->event.funcs then
__unregister_trace_event (first call)
unregister_trace_event
__unregister_trace_event (second call)
Fix the bug by avoiding to call the second __unregister_trace_event() by
checking if the first one is called.
general protection fault, probably for non-canonical address
0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI
KASAN: maybe wild-memory-access in range
[0xdead000000000120-0xdead000000000127]
CPU: 0 PID: 3807 Comm: modprobe Not tainted
6.1.0-rc1-00186-g76f33a7eedb4 #299
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:unregister_trace_event+0x6e/0x280
Code: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48
b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02
00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b
RSP: 0018:ffff88810413f370 EFLAGS: 00010a06
RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000
RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20
RBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481
R10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122
R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028
FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__create_synth_event+0x1e37/0x1eb0
create_or_delete_synth_event+0x110/0x250
synth_event_run_command+0x2f/0x110
test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test]
synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test]
do_one_initcall+0xdb/0x480
do_init_module+0x1cf/0x680
load_module+0x6a50/0x70a0
__do_sys_finit_module+0x12f/0x1c0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Link: https://lkml.kernel.org/r/20221117012346.22647-3-shangxiaojing@huawei.com
Fixes: 4b147936fa50 ("tracing: Add support for 'synthetic' events")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Cc: stable@vger.kernel.org
Cc: <mhiramat@kernel.org>
Cc: <zanussi@kernel.org>
Cc: <fengguang.wu@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_synth.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -828,10 +828,9 @@ static int register_synth_event(struct s
}
ret = set_synth_event_print_fmt(call);
- if (ret < 0) {
+ /* unregister_trace_event() will be called inside */
+ if (ret < 0)
trace_remove_event_call(call);
- goto err;
- }
out:
return ret;
err:
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 204/314] tracing: Fix race where eprobes can be called before the event
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 203/314] tracing: Fix wild-memory-access in register_synth_event() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 205/314] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() Greg Kroah-Hartman
` (117 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linux Trace Kernel,
Tzvetomir Stoyanov, Tom Zanussi, Masami Hiramatsu (Google),
Rafael Mendonca, Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 94eedf3dded5fb472ce97bfaf3ac1c6c29c35d26 upstream.
The flag that tells the event to call its triggers after reading the event
is set for eprobes after the eprobe is enabled. This leads to a race where
the eprobe may be triggered at the beginning of the event where the record
information is NULL. The eprobe then dereferences the NULL record causing
a NULL kernel pointer bug.
Test for a NULL record to keep this from happening.
Link: https://lore.kernel.org/linux-trace-kernel/20221116192552.1066630-1-rafaelmendsr@gmail.com/
Link: https://lore.kernel.org/linux-trace-kernel/20221117214249.2addbe10@gandalf.local.home
Cc: Linux Trace Kernel <linux-trace-kernel@vger.kernel.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: stable@vger.kernel.org
Fixes: 7491e2c442781 ("tracing: Add a probe that attaches to trace events")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reported-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_eprobe.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/trace/trace_eprobe.c
+++ b/kernel/trace/trace_eprobe.c
@@ -560,6 +560,9 @@ static void eprobe_trigger_func(struct e
{
struct eprobe_data *edata = data->private_data;
+ if (unlikely(!rec))
+ return;
+
__eprobe_trace_func(edata, rec);
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 205/314] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 204/314] tracing: Fix race where eprobes can be called before the event Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 206/314] tracing: kprobe: Fix potential null-ptr-deref on trace_array " Greg Kroah-Hartman
` (116 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Masami Hiramatsu (Google)
From: Shang XiaoJing <shangxiaojing@huawei.com>
commit e0d75267f59d7084e0468bd68beeb1bf9c71d7c0 upstream.
When trace_get_event_file() failed, gen_kretprobe_test will be assigned
as the error code. If module kprobe_event_gen_test is removed now, the
null pointer dereference will happen in kprobe_event_gen_test_exit().
Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL
before dereference them.
BUG: kernel NULL pointer dereference, address: 0000000000000012
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 3 PID: 2210 Comm: modprobe Not tainted
6.1.0-rc1-00171-g2159299a3b74-dirty #217
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]
Code: Unable to access opcode bytes at 0xffffffff9ffffff2.
RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246
RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000
RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c
RBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800
R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f56b75be540(0000) GS:ffff88813bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__x64_sys_delete_module+0x206/0x380
? lockdep_hardirqs_on_prepare+0xd8/0x190
? syscall_enter_from_user_mode+0x1c/0x50
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Link: https://lore.kernel.org/all/20221108015130.28326-2-shangxiaojing@huawei.com/
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/kprobe_event_gen_test.c | 44 ++++++++++++++++++++++-------------
1 file changed, 28 insertions(+), 16 deletions(-)
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -73,6 +73,10 @@ static struct trace_event_file *gen_kret
#define KPROBE_GEN_TEST_ARG3 NULL
#endif
+static bool trace_event_file_is_valid(struct trace_event_file *input)
+{
+ return input && !IS_ERR(input);
+}
/*
* Test to make sure we can create a kprobe event, then add more
@@ -217,10 +221,12 @@ static int __init kprobe_event_gen_test_
ret = test_gen_kretprobe_cmd();
if (ret) {
- WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
- "kprobes",
- "gen_kretprobe_test", false));
- trace_put_event_file(gen_kretprobe_test);
+ if (trace_event_file_is_valid(gen_kretprobe_test)) {
+ WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
+ "kprobes",
+ "gen_kretprobe_test", false));
+ trace_put_event_file(gen_kretprobe_test);
+ }
WARN_ON(kprobe_event_delete("gen_kretprobe_test"));
}
@@ -229,24 +235,30 @@ static int __init kprobe_event_gen_test_
static void __exit kprobe_event_gen_test_exit(void)
{
- /* Disable the event or you can't remove it */
- WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr,
- "kprobes",
- "gen_kprobe_test", false));
+ if (trace_event_file_is_valid(gen_kprobe_test)) {
+ /* Disable the event or you can't remove it */
+ WARN_ON(trace_array_set_clr_event(gen_kprobe_test->tr,
+ "kprobes",
+ "gen_kprobe_test", false));
+
+ /* Now give the file and instance back */
+ trace_put_event_file(gen_kprobe_test);
+ }
- /* Now give the file and instance back */
- trace_put_event_file(gen_kprobe_test);
/* Now unregister and free the event */
WARN_ON(kprobe_event_delete("gen_kprobe_test"));
- /* Disable the event or you can't remove it */
- WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
- "kprobes",
- "gen_kretprobe_test", false));
+ if (trace_event_file_is_valid(gen_kretprobe_test)) {
+ /* Disable the event or you can't remove it */
+ WARN_ON(trace_array_set_clr_event(gen_kretprobe_test->tr,
+ "kprobes",
+ "gen_kretprobe_test", false));
+
+ /* Now give the file and instance back */
+ trace_put_event_file(gen_kretprobe_test);
+ }
- /* Now give the file and instance back */
- trace_put_event_file(gen_kretprobe_test);
/* Now unregister and free the event */
WARN_ON(kprobe_event_delete("gen_kretprobe_test"));
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 206/314] tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 205/314] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 207/314] rethook: fix a potential memleak in rethook_alloc() Greg Kroah-Hartman
` (115 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shang XiaoJing, Masami Hiramatsu (Google)
From: Shang XiaoJing <shangxiaojing@huawei.com>
commit 22ea4ca9631eb137e64e5ab899e9c89cb6670959 upstream.
When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it
will goto delete, which will call kprobe_event_delete() and release the
corresponding resource. However, the trace_array in gen_kretprobe_test
will point to the invalid resource. Set gen_kretprobe_test to NULL
after called kprobe_event_delete() to prevent null-ptr-deref.
BUG: kernel NULL pointer dereference, address: 0000000000000070
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 246 Comm: modprobe Tainted: G W
6.1.0-rc1-00174-g9522dc5c87da-dirty #248
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0
Code: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c
01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65
70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f
RSP: 0018:ffffc9000159fe00 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000
RDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064
R13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000
FS: 00007f89eeff6540(0000) GS:ffff88813b600000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__ftrace_set_clr_event+0x3e/0x60
trace_array_set_clr_event+0x35/0x50
? 0xffffffffa0000000
kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]
__x64_sys_delete_module+0x206/0x380
? lockdep_hardirqs_on_prepare+0xd8/0x190
? syscall_enter_from_user_mode+0x1c/0x50
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f89eeb061b7
Link: https://lore.kernel.org/all/20221108015130.28326-3-shangxiaojing@huawei.com/
Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Cc: stable@vger.kernel.org
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/kprobe_event_gen_test.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/kernel/trace/kprobe_event_gen_test.c
+++ b/kernel/trace/kprobe_event_gen_test.c
@@ -143,6 +143,8 @@ static int __init test_gen_kprobe_cmd(vo
kfree(buf);
return ret;
delete:
+ if (trace_event_file_is_valid(gen_kprobe_test))
+ gen_kprobe_test = NULL;
/* We got an error after creating the event, delete it */
ret = kprobe_event_delete("gen_kprobe_test");
goto out;
@@ -206,6 +208,8 @@ static int __init test_gen_kretprobe_cmd
kfree(buf);
return ret;
delete:
+ if (trace_event_file_is_valid(gen_kretprobe_test))
+ gen_kretprobe_test = NULL;
/* We got an error after creating the event, delete it */
ret = kprobe_event_delete("gen_kretprobe_test");
goto out;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 207/314] rethook: fix a potential memleak in rethook_alloc()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 206/314] tracing: kprobe: Fix potential null-ptr-deref on trace_array " Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 208/314] platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks Greg Kroah-Hartman
` (114 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yi Yang, Masami Hiramatsu (Google)
From: Yi Yang <yiyang13@huawei.com>
commit 0a1ebe35cb3b7aa1f4b26b37e2a0b9ae68dc4ffb upstream.
In rethook_alloc(), the variable rh is not freed or passed out
if handler is NULL, which could lead to a memleak, fix it.
Link: https://lore.kernel.org/all/20221110104438.88099-1-yiyang13@huawei.com/
[Masami: Add "rethook:" tag to the title.]
Fixes: 54ecbe6f1ed5 ("rethook: Add a generic return hook")
Cc: stable@vger.kernel.org
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Acke-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/rethook.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/kernel/trace/rethook.c
+++ b/kernel/trace/rethook.c
@@ -83,8 +83,10 @@ struct rethook *rethook_alloc(void *data
{
struct rethook *rh = kzalloc(sizeof(struct rethook), GFP_KERNEL);
- if (!rh || !handler)
+ if (!rh || !handler) {
+ kfree(rh);
return NULL;
+ }
rh->data = data;
rh->handler = handler;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 208/314] platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 207/314] rethook: fix a potential memleak in rethook_alloc() Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 209/314] platform/x86/amd: pmc: Add new ACPI ID AMDI0009 Greg Kroah-Hartman
` (113 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, liyupeng, Mario Limonciello, Hans de Goede
From: Mario Limonciello <mario.limonciello@amd.com>
commit a5b5fb0fc47ddc7d1ed6a0365197639a01bc1f3a upstream.
commit b37fe34c8309 ("platform/x86/amd: pmc: remove CONFIG_DEBUG_FS
checks") removed most CONFIG_DEBUG_FS checks, but there were some
left that were reported to cause compile test failures.
Remove the remaining checks, and also the unnecessary CONFIG_SUSPEND
used in the same place.
Reported-by: liyupeng@zbhlos.com
Fixes: b37fe34c8309 ("platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216679
Link: https://lore.kernel.org/r/20221108023323.19304-1-mario.limonciello@amd.com
Cc: stable@vger.kernel.org
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/amd/pmc.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/platform/x86/amd/pmc.c
+++ b/drivers/platform/x86/amd/pmc.c
@@ -274,7 +274,6 @@ static const struct file_operations amd_
.release = amd_pmc_stb_debugfs_release_v2,
};
-#if defined(CONFIG_SUSPEND) || defined(CONFIG_DEBUG_FS)
static int amd_pmc_setup_smu_logging(struct amd_pmc_dev *dev)
{
if (dev->cpu_id == AMD_CPU_ID_PCO) {
@@ -349,7 +348,6 @@ static int get_metrics_table(struct amd_
memcpy_fromio(table, pdev->smu_virt_addr, sizeof(struct smu_metrics));
return 0;
}
-#endif /* CONFIG_SUSPEND || CONFIG_DEBUG_FS */
#ifdef CONFIG_SUSPEND
static void amd_pmc_validate_deepest(struct amd_pmc_dev *pdev)
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 209/314] platform/x86/amd: pmc: Add new ACPI ID AMDI0009
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 208/314] platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 210/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.7 Greg Kroah-Hartman
` (112 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Sundar S K, Mario Limonciello,
Hans de Goede
From: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
commit 6412518f5cb953cbd84b6746db9741bfc92be40a upstream.
Add new a new ACPI ID AMDI0009 used by upcoming AMD platform to the pmc
supported list of devices.
Cc: stable@vger.kernel.org # 6.0
Signed-off-by: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20221109083346.361603-1-Shyam-sundar.S-k@amd.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/platform/x86/amd/pmc.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/platform/x86/amd/pmc.c
+++ b/drivers/platform/x86/amd/pmc.c
@@ -918,6 +918,7 @@ static const struct acpi_device_id amd_p
{"AMDI0006", 0},
{"AMDI0007", 0},
{"AMDI0008", 0},
+ {"AMDI0009", 0},
{"AMD0004", 0},
{"AMD0005", 0},
{ }
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 210/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.7
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 209/314] platform/x86/amd: pmc: Add new ACPI ID AMDI0009 Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 211/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.0 Greg Kroah-Hartman
` (111 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Evan Quan, Hawking Zhang, Feifei Xu,
Alex Deucher
From: Evan Quan <evan.quan@amd.com>
commit df7c013efc1a0da8861099802b2d6ab2aacaeb1b upstream.
Enable SMU13.0.7 runpm support.
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
.../drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 30 +++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
index c4102cfb734c..d74debc584f8 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c
@@ -122,6 +122,7 @@ static struct cmn2asic_msg_mapping smu_v13_0_7_message_map[SMU_MSG_MAX_COUNT] =
MSG_MAP(PrepareMp1ForUnload, PPSMC_MSG_PrepareMp1ForUnload, 0),
MSG_MAP(SetMGpuFanBoostLimitRpm, PPSMC_MSG_SetMGpuFanBoostLimitRpm, 0),
MSG_MAP(DFCstateControl, PPSMC_MSG_SetExternalClientDfCstateAllow, 0),
+ MSG_MAP(ArmD3, PPSMC_MSG_ArmD3, 0),
};
static struct cmn2asic_mapping smu_v13_0_7_clk_map[SMU_CLK_COUNT] = {
@@ -1578,6 +1579,31 @@ static int smu_v13_0_7_set_mp1_state(struct smu_context *smu,
return ret;
}
+static int smu_v13_0_7_baco_enter(struct smu_context *smu)
+{
+ struct smu_baco_context *smu_baco = &smu->smu_baco;
+ struct amdgpu_device *adev = smu->adev;
+
+ if (adev->in_runpm && smu_cmn_is_audio_func_enabled(adev))
+ return smu_v13_0_baco_set_armd3_sequence(smu,
+ smu_baco->maco_support ? BACO_SEQ_BAMACO : BACO_SEQ_BACO);
+ else
+ return smu_v13_0_baco_enter(smu);
+}
+
+static int smu_v13_0_7_baco_exit(struct smu_context *smu)
+{
+ struct amdgpu_device *adev = smu->adev;
+
+ if (adev->in_runpm && smu_cmn_is_audio_func_enabled(adev)) {
+ /* Wait for PMFW handling for the Dstate change */
+ usleep_range(10000, 11000);
+ return smu_v13_0_baco_set_armd3_sequence(smu, BACO_SEQ_ULPS);
+ } else {
+ return smu_v13_0_baco_exit(smu);
+ }
+}
+
static bool smu_v13_0_7_is_mode1_reset_supported(struct smu_context *smu)
{
struct amdgpu_device *adev = smu->adev;
@@ -1655,8 +1681,8 @@ static const struct pptable_funcs smu_v13_0_7_ppt_funcs = {
.baco_is_support = smu_v13_0_baco_is_support,
.baco_get_state = smu_v13_0_baco_get_state,
.baco_set_state = smu_v13_0_baco_set_state,
- .baco_enter = smu_v13_0_baco_enter,
- .baco_exit = smu_v13_0_baco_exit,
+ .baco_enter = smu_v13_0_7_baco_enter,
+ .baco_exit = smu_v13_0_7_baco_exit,
.mode1_reset_is_support = smu_v13_0_7_is_mode1_reset_supported,
.mode1_reset = smu_v13_0_mode1_reset,
.set_mp1_state = smu_v13_0_7_set_mp1_state,
--
2.38.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 211/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.0
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 210/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.7 Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 212/314] drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround Greg Kroah-Hartman
` (110 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Evan Quan, Hawking Zhang, Feifei Xu,
Alex Deucher
From: Evan Quan <evan.quan@amd.com>
commit 8652da45d09abe1b3174dbb80dc5176b8c3fa08e upstream.
Enable SMU13.0.0 runpm support.
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 8 +++++
drivers/gpu/drm/amd/pm/swsmu/inc/smu_v11_0.h | 10 ------
drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 11 +-----
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 -
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 9 +++++
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 30 +++++++++++++++++--
6 files changed, 50 insertions(+), 20 deletions(-)
--- a/drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h
+++ b/drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h
@@ -1372,6 +1372,14 @@ enum smu_cmn2asic_mapping_type {
CMN2ASIC_MAPPING_WORKLOAD,
};
+enum smu_baco_seq {
+ BACO_SEQ_BACO = 0,
+ BACO_SEQ_MSR,
+ BACO_SEQ_BAMACO,
+ BACO_SEQ_ULPS,
+ BACO_SEQ_COUNT,
+};
+
#define MSG_MAP(msg, index, valid_in_vf) \
[SMU_MSG_##msg] = {1, (index), (valid_in_vf)}
--- a/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v11_0.h
+++ b/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v11_0.h
@@ -147,14 +147,6 @@ struct smu_11_5_power_context {
uint32_t max_fast_ppt_limit;
};
-enum smu_v11_0_baco_seq {
- BACO_SEQ_BACO = 0,
- BACO_SEQ_MSR,
- BACO_SEQ_BAMACO,
- BACO_SEQ_ULPS,
- BACO_SEQ_COUNT,
-};
-
#if defined(SWSMU_CODE_LAYER_L2) || defined(SWSMU_CODE_LAYER_L3)
int smu_v11_0_init_microcode(struct smu_context *smu);
@@ -257,7 +249,7 @@ int smu_v11_0_baco_enter(struct smu_cont
int smu_v11_0_baco_exit(struct smu_context *smu);
int smu_v11_0_baco_set_armd3_sequence(struct smu_context *smu,
- enum smu_v11_0_baco_seq baco_seq);
+ enum smu_baco_seq baco_seq);
int smu_v11_0_mode1_reset(struct smu_context *smu);
--- a/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h
+++ b/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h
@@ -123,14 +123,6 @@ struct smu_13_0_power_context {
enum smu_13_0_power_state power_state;
};
-enum smu_v13_0_baco_seq {
- BACO_SEQ_BACO = 0,
- BACO_SEQ_MSR,
- BACO_SEQ_BAMACO,
- BACO_SEQ_ULPS,
- BACO_SEQ_COUNT,
-};
-
#if defined(SWSMU_CODE_LAYER_L2) || defined(SWSMU_CODE_LAYER_L3)
int smu_v13_0_init_microcode(struct smu_context *smu);
@@ -217,6 +209,9 @@ int smu_v13_0_set_azalia_d3_pme(struct s
int smu_v13_0_get_max_sustainable_clocks_by_dc(struct smu_context *smu,
struct pp_smu_nv_clock_table *max_clocks);
+int smu_v13_0_baco_set_armd3_sequence(struct smu_context *smu,
+ enum smu_baco_seq baco_seq);
+
bool smu_v13_0_baco_is_support(struct smu_context *smu);
enum smu_baco_state smu_v13_0_baco_get_state(struct smu_context *smu);
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c
@@ -1576,7 +1576,7 @@ int smu_v11_0_set_azalia_d3_pme(struct s
}
int smu_v11_0_baco_set_armd3_sequence(struct smu_context *smu,
- enum smu_v11_0_baco_seq baco_seq)
+ enum smu_baco_seq baco_seq)
{
return smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_ArmD3, baco_seq, NULL);
}
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c
@@ -2219,6 +2219,15 @@ int smu_v13_0_gfx_ulv_control(struct smu
return ret;
}
+int smu_v13_0_baco_set_armd3_sequence(struct smu_context *smu,
+ enum smu_baco_seq baco_seq)
+{
+ return smu_cmn_send_smc_msg_with_param(smu,
+ SMU_MSG_ArmD3,
+ baco_seq,
+ NULL);
+}
+
bool smu_v13_0_baco_is_support(struct smu_context *smu)
{
struct smu_baco_context *smu_baco = &smu->smu_baco;
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c
@@ -120,6 +120,7 @@ static struct cmn2asic_msg_mapping smu_v
MSG_MAP(Mode1Reset, PPSMC_MSG_Mode1Reset, 0),
MSG_MAP(PrepareMp1ForUnload, PPSMC_MSG_PrepareMp1ForUnload, 0),
MSG_MAP(DFCstateControl, PPSMC_MSG_SetExternalClientDfCstateAllow, 0),
+ MSG_MAP(ArmD3, PPSMC_MSG_ArmD3, 0),
};
static struct cmn2asic_mapping smu_v13_0_0_clk_map[SMU_CLK_COUNT] = {
@@ -1566,6 +1567,31 @@ static int smu_v13_0_0_set_power_profile
NULL);
}
+static int smu_v13_0_0_baco_enter(struct smu_context *smu)
+{
+ struct smu_baco_context *smu_baco = &smu->smu_baco;
+ struct amdgpu_device *adev = smu->adev;
+
+ if (adev->in_runpm && smu_cmn_is_audio_func_enabled(adev))
+ return smu_v13_0_baco_set_armd3_sequence(smu,
+ smu_baco->maco_support ? BACO_SEQ_BAMACO : BACO_SEQ_BACO);
+ else
+ return smu_v13_0_baco_enter(smu);
+}
+
+static int smu_v13_0_0_baco_exit(struct smu_context *smu)
+{
+ struct amdgpu_device *adev = smu->adev;
+
+ if (adev->in_runpm && smu_cmn_is_audio_func_enabled(adev)) {
+ /* Wait for PMFW handling for the Dstate change */
+ usleep_range(10000, 11000);
+ return smu_v13_0_baco_set_armd3_sequence(smu, BACO_SEQ_ULPS);
+ } else {
+ return smu_v13_0_baco_exit(smu);
+ }
+}
+
static bool smu_v13_0_0_is_mode1_reset_supported(struct smu_context *smu)
{
struct amdgpu_device *adev = smu->adev;
@@ -1827,8 +1853,8 @@ static const struct pptable_funcs smu_v1
.baco_is_support = smu_v13_0_baco_is_support,
.baco_get_state = smu_v13_0_baco_get_state,
.baco_set_state = smu_v13_0_baco_set_state,
- .baco_enter = smu_v13_0_baco_enter,
- .baco_exit = smu_v13_0_baco_exit,
+ .baco_enter = smu_v13_0_0_baco_enter,
+ .baco_exit = smu_v13_0_0_baco_exit,
.mode1_reset_is_support = smu_v13_0_0_is_mode1_reset_supported,
.mode1_reset = smu_v13_0_mode1_reset,
.set_mp1_state = smu_v13_0_0_set_mp1_state,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 212/314] drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 211/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.0 Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 213/314] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
` (109 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Evan Quan, Hawking Zhang, Feifei Xu,
Alex Deucher
From: Evan Quan <evan.quan@amd.com>
commit 4b14841c9a820e484bc8c4c3f5a6fed1bc528cbc upstream.
The workaround designed for some specific ASICs is wrongly applied
to SMU13 ASICs. That leads to some runpm hang.
Signed-off-by: Evan Quan <evan.quan@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
--- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
@@ -1131,22 +1131,21 @@ static int smu_smc_hw_setup(struct smu_c
uint64_t features_supported;
int ret = 0;
- if (adev->in_suspend && smu_is_dpm_running(smu)) {
- dev_info(adev->dev, "dpm has been enabled\n");
- /* this is needed specifically */
- switch (adev->ip_versions[MP1_HWIP][0]) {
- case IP_VERSION(11, 0, 7):
- case IP_VERSION(11, 0, 11):
- case IP_VERSION(11, 5, 0):
- case IP_VERSION(11, 0, 12):
+ switch (adev->ip_versions[MP1_HWIP][0]) {
+ case IP_VERSION(11, 0, 7):
+ case IP_VERSION(11, 0, 11):
+ case IP_VERSION(11, 5, 0):
+ case IP_VERSION(11, 0, 12):
+ if (adev->in_suspend && smu_is_dpm_running(smu)) {
+ dev_info(adev->dev, "dpm has been enabled\n");
ret = smu_system_features_control(smu, true);
if (ret)
dev_err(adev->dev, "Failed system features control!\n");
- break;
- default:
- break;
+ return ret;
}
- return ret;
+ break;
+ default:
+ break;
}
ret = smu_init_display_count(smu, 0);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 213/314] drm/display: Dont assume dual mode adaptors support i2c sub-addressing
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 212/314] drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 214/314] drm/amd/display: Fix invalid DPIA AUX reply causing system hang Greg Kroah-Hartman
` (108 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Rettberg, Rafael Gieschke,
Ville Syrjälä,
Jani Nikula
From: Simon Rettberg <simon.rettberg@rz.uni-freiburg.de>
commit 5954acbacbd1946b96ce8ee799d309cb0cd3cb9d upstream.
Current dual mode adaptor ("DP++") detection code assumes that all
adaptors support i2c sub-addressing for read operations from the
DP-HDMI adaptor ID buffer. It has been observed that multiple
adaptors do not in fact support this, and always return data starting
at register 0. On affected adaptors, the code fails to read the proper
registers that would identify the device as a type 2 adaptor, and
handles those as type 1, limiting the TMDS clock to 165MHz, even if
the according register would announce a higher TMDS clock.
Fix this by always reading the ID buffer starting from offset 0, and
discarding any bytes before the actual offset of interest.
We tried finding authoritative documentation on whether or not this is
allowed behaviour, but since all the official VESA docs are paywalled,
the best we could come up with was the spec sheet for Texas Instruments'
SNx5DP149 chip family.[1] It explicitly mentions that sub-addressing is
supported for register writes, but *not* for reads (See NOTE in
section 8.5.3). Unless TI openly decided to violate the VESA spec, one
could take that as a hint that sub-addressing is in fact not mandated
by VESA.
The other two adaptors affected used the PS8409(A) and the LT8611,
according to the data returned from their ID buffers.
[1] https://www.ti.com/lit/ds/symlink/sn75dp149.pdf
Cc: stable@vger.kernel.org
Signed-off-by: Simon Rettberg <simon.rettberg@rz.uni-freiburg.de>
Reviewed-by: Rafael Gieschke <rafael.gieschke@rz.uni-freiburg.de>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221006113314.41101987@computer
Acked-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/display/drm_dp_dual_mode_helper.c | 51 ++++++++++++----------
1 file changed, 29 insertions(+), 22 deletions(-)
--- a/drivers/gpu/drm/display/drm_dp_dual_mode_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_dual_mode_helper.c
@@ -63,23 +63,45 @@
ssize_t drm_dp_dual_mode_read(struct i2c_adapter *adapter,
u8 offset, void *buffer, size_t size)
{
+ u8 zero = 0;
+ char *tmpbuf = NULL;
+ /*
+ * As sub-addressing is not supported by all adaptors,
+ * always explicitly read from the start and discard
+ * any bytes that come before the requested offset.
+ * This way, no matter whether the adaptor supports it
+ * or not, we'll end up reading the proper data.
+ */
struct i2c_msg msgs[] = {
{
.addr = DP_DUAL_MODE_SLAVE_ADDRESS,
.flags = 0,
.len = 1,
- .buf = &offset,
+ .buf = &zero,
},
{
.addr = DP_DUAL_MODE_SLAVE_ADDRESS,
.flags = I2C_M_RD,
- .len = size,
+ .len = size + offset,
.buf = buffer,
},
};
int ret;
+ if (offset) {
+ tmpbuf = kmalloc(size + offset, GFP_KERNEL);
+ if (!tmpbuf)
+ return -ENOMEM;
+
+ msgs[1].buf = tmpbuf;
+ }
+
ret = i2c_transfer(adapter, msgs, ARRAY_SIZE(msgs));
+ if (tmpbuf)
+ memcpy(buffer, tmpbuf + offset, size);
+
+ kfree(tmpbuf);
+
if (ret < 0)
return ret;
if (ret != ARRAY_SIZE(msgs))
@@ -208,18 +230,6 @@ enum drm_dp_dual_mode_type drm_dp_dual_m
if (ret)
return DRM_DP_DUAL_MODE_UNKNOWN;
- /*
- * Sigh. Some (maybe all?) type 1 adaptors are broken and ack
- * the offset but ignore it, and instead they just always return
- * data from the start of the HDMI ID buffer. So for a broken
- * type 1 HDMI adaptor a single byte read will always give us
- * 0x44, and for a type 1 DVI adaptor it should give 0x00
- * (assuming it implements any registers). Fortunately neither
- * of those values will match the type 2 signature of the
- * DP_DUAL_MODE_ADAPTOR_ID register so we can proceed with
- * the type 2 adaptor detection safely even in the presence
- * of broken type 1 adaptors.
- */
ret = drm_dp_dual_mode_read(adapter, DP_DUAL_MODE_ADAPTOR_ID,
&adaptor_id, sizeof(adaptor_id));
drm_dbg_kms(dev, "DP dual mode adaptor ID: %02x (err %zd)\n", adaptor_id, ret);
@@ -233,11 +243,10 @@ enum drm_dp_dual_mode_type drm_dp_dual_m
return DRM_DP_DUAL_MODE_TYPE2_DVI;
}
/*
- * If neither a proper type 1 ID nor a broken type 1 adaptor
- * as described above, assume type 1, but let the user know
- * that we may have misdetected the type.
+ * If not a proper type 1 ID, still assume type 1, but let
+ * the user know that we may have misdetected the type.
*/
- if (!is_type1_adaptor(adaptor_id) && adaptor_id != hdmi_id[0])
+ if (!is_type1_adaptor(adaptor_id))
drm_err(dev, "Unexpected DP dual mode adaptor ID %02x\n", adaptor_id);
}
@@ -343,10 +352,8 @@ EXPORT_SYMBOL(drm_dp_dual_mode_get_tmds_
* @enable: enable (as opposed to disable) the TMDS output buffers
*
* Set the state of the TMDS output buffers in the adaptor. For
- * type2 this is set via the DP_DUAL_MODE_TMDS_OEN register. As
- * some type 1 adaptors have problems with registers (see comments
- * in drm_dp_dual_mode_detect()) we avoid touching the register,
- * making this function a no-op on type 1 adaptors.
+ * type2 this is set via the DP_DUAL_MODE_TMDS_OEN register.
+ * Type1 adaptors do not support any register writes.
*
* Returns:
* 0 on success, negative error code on failure
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 214/314] drm/amd/display: Fix invalid DPIA AUX reply causing system hang
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 213/314] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
@ 2022-11-23 8:50 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 215/314] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
` (107 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roman Li, Tom Chung, Stylon Wang,
Daniel Wheeler, Alex Deucher
From: Stylon Wang <stylon.wang@amd.com>
commit 8d8494c3467d366eb0f7c8198dab80be8bdc47d2 upstream.
[Why]
Some DPIA AUX replies have incorrect data length from original request.
This could lead to overwriting of destination buffer if reply length is
larger, which could cause invalid access to stack since many destination
buffers are declared as local variables.
[How]
Check for invalid length from DPIA AUX replies and trigger a retry if
reply length is not the same as original request. A DRM_WARN() dmesg log
is also produced.
Reviewed-by: Roman Li <Roman.Li@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Stylon Wang <stylon.wang@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 ++++++++++++++++++++
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 6 ------
2 files changed, 20 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -146,6 +146,14 @@ MODULE_FIRMWARE(FIRMWARE_NAVI12_DMCU);
/* Number of bytes in PSP footer for firmware. */
#define PSP_FOOTER_BYTES 0x100
+/*
+ * DMUB Async to Sync Mechanism Status
+ */
+#define DMUB_ASYNC_TO_SYNC_ACCESS_FAIL 1
+#define DMUB_ASYNC_TO_SYNC_ACCESS_TIMEOUT 2
+#define DMUB_ASYNC_TO_SYNC_ACCESS_SUCCESS 3
+#define DMUB_ASYNC_TO_SYNC_ACCESS_INVALID 4
+
/**
* DOC: overview
*
@@ -10149,6 +10157,8 @@ static int amdgpu_dm_set_dmub_async_sync
*operation_result = AUX_RET_ERROR_TIMEOUT;
} else if (status_type == DMUB_ASYNC_TO_SYNC_ACCESS_FAIL) {
*operation_result = AUX_RET_ERROR_ENGINE_ACQUIRE;
+ } else if (status_type == DMUB_ASYNC_TO_SYNC_ACCESS_INVALID) {
+ *operation_result = AUX_RET_ERROR_INVALID_REPLY;
} else {
*operation_result = AUX_RET_ERROR_UNKNOWN;
}
@@ -10196,6 +10206,16 @@ int amdgpu_dm_process_dmub_aux_transfer_
payload->reply[0] = adev->dm.dmub_notify->aux_reply.command;
if (!payload->write && adev->dm.dmub_notify->aux_reply.length &&
payload->reply[0] == AUX_TRANSACTION_REPLY_AUX_ACK) {
+
+ if (payload->length != adev->dm.dmub_notify->aux_reply.length) {
+ DRM_WARN("invalid read from DPIA AUX %x(%d) got length %d!\n",
+ payload->address, payload->length,
+ adev->dm.dmub_notify->aux_reply.length);
+ return amdgpu_dm_set_dmub_async_sync_status(is_cmd_aux, ctx,
+ DMUB_ASYNC_TO_SYNC_ACCESS_INVALID,
+ (uint32_t *)operation_result);
+ }
+
memcpy(payload->data, adev->dm.dmub_notify->aux_reply.data,
adev->dm.dmub_notify->aux_reply.length);
}
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h
@@ -51,12 +51,6 @@
#define AMDGPU_DMUB_NOTIFICATION_MAX 5
/*
- * DMUB Async to Sync Mechanism Status
- */
-#define DMUB_ASYNC_TO_SYNC_ACCESS_FAIL 1
-#define DMUB_ASYNC_TO_SYNC_ACCESS_TIMEOUT 2
-#define DMUB_ASYNC_TO_SYNC_ACCESS_SUCCESS 3
-/*
#include "include/amdgpu_dal_power_if.h"
#include "amdgpu_dm_irq.h"
*/
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 215/314] drm/amd/display: Add HUBP surface flip interrupt handler
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-11-23 8:50 ` [PATCH 6.0 214/314] drm/amd/display: Fix invalid DPIA AUX reply causing system hang Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 216/314] drm/amd/display: Fix access timeout to DPIA AUX at boot time Greg Kroah-Hartman
` (106 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicholas Kazlauskas, Tom Chung,
Rodrigo Siqueira, Daniel Wheeler, Alex Deucher
From: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
commit 7af87fc1ba136143314c870059b8f60180247cbd upstream.
On IGT, there is a test named amd_hotplug, and when the subtest basic is
executed on DCN31, we get the following error:
[drm] *ERROR* [CRTC:71:crtc-0] flip_done timed out
[drm] *ERROR* flip_done timed out
[drm] *ERROR* [CRTC:71:crtc-0] commit wait timed out
[drm] *ERROR* flip_done timed out
[drm] *ERROR* [CONNECTOR:88:DP-1] commit wait timed out
[drm] *ERROR* flip_done timed out
[drm] *ERROR* [PLANE:59:plane-3] commit wait timed out
After enable the page flip log with the below command:
echo -n 'format "[PFLIP]" +p' > /sys/kernel/debug/dynamic_debug/control
It is possible to see that the flip was submitted, but DC never replied
back, which generates time-out issues. This is an indication that the
HUBP surface flip is missing. This commit fixes this issue by adding
hubp1_set_flip_int to DCN31.
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c
@@ -87,6 +87,7 @@ static struct hubp_funcs dcn31_hubp_func
.hubp_init = hubp3_init,
.set_unbounded_requesting = hubp31_set_unbounded_requesting,
.hubp_soft_reset = hubp31_soft_reset,
+ .hubp_set_flip_int = hubp1_set_flip_int,
.hubp_in_blank = hubp1_in_blank,
.program_extended_blank = hubp31_program_extended_blank,
};
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 216/314] drm/amd/display: Fix access timeout to DPIA AUX at boot time
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 215/314] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 217/314] drm/amd/display: Support parsing VRAM info v3.0 from VBIOS Greg Kroah-Hartman
` (105 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wayne Lin, Tom Chung, Stylon Wang,
Daniel Wheeler, Alex Deucher
From: Stylon Wang <stylon.wang@amd.com>
commit 0d502ef8898b3983eef9e40f50dfe100a0de5d93 upstream.
[Why]
Since introduction of patch "Query DPIA HPD status.", link detection at
boot could be accessing DPIA AUX, which will not succeed until
DMUB outbox messaging is enabled and results in below dmesg logs:
[ 160.840227] [drm:amdgpu_dm_process_dmub_aux_transfer_sync [amdgpu]] *ERROR* wait_for_completion_timeout timeout!
[How]
Enable DMUB outbox messaging before link detection at boot time.
Reviewed-by: Wayne Lin <Wayne.Lin@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Stylon Wang <stylon.wang@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -1645,12 +1645,6 @@ static int amdgpu_dm_init(struct amdgpu_
}
}
- if (amdgpu_dm_initialize_drm_device(adev)) {
- DRM_ERROR(
- "amdgpu: failed to initialize sw for display support.\n");
- goto error;
- }
-
/* Enable outbox notification only after IRQ handlers are registered and DMUB is alive.
* It is expected that DMUB will resend any pending notifications at this point, for
* example HPD from DPIA.
@@ -1658,6 +1652,12 @@ static int amdgpu_dm_init(struct amdgpu_
if (dc_is_dmub_outbox_supported(adev->dm.dc))
dc_enable_dmub_outbox(adev->dm.dc);
+ if (amdgpu_dm_initialize_drm_device(adev)) {
+ DRM_ERROR(
+ "amdgpu: failed to initialize sw for display support.\n");
+ goto error;
+ }
+
/* create fake encoders for MST */
dm_dp_create_fake_mst_encoders(adev);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 217/314] drm/amd/display: Support parsing VRAM info v3.0 from VBIOS
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 216/314] drm/amd/display: Fix access timeout to DPIA AUX at boot time Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 218/314] drm/amd/display: Fix optc2_configure warning on dcn314 Greg Kroah-Hartman
` (104 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Tom Chung, George Shen,
Daniel Wheeler, Alex Deucher
From: George Shen <george.shen@amd.com>
commit 7e952a18eb978a3e51fc1704b752378be66226b2 upstream.
[Why]
For DCN3.2 and DCN3.21, VBIOS has switch to using v3.0 of the VRAM
info struct. We should read and override the VRAM info in driver with
values provided by VBIOS to support memory downbin cases.
Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 30 +++++++++++++++++++++
1 file changed, 30 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
+++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
@@ -2392,6 +2392,26 @@ static enum bp_result get_vram_info_v25(
return result;
}
+static enum bp_result get_vram_info_v30(
+ struct bios_parser *bp,
+ struct dc_vram_info *info)
+{
+ struct atom_vram_info_header_v3_0 *info_v30;
+ enum bp_result result = BP_RESULT_OK;
+
+ info_v30 = GET_IMAGE(struct atom_vram_info_header_v3_0,
+ DATA_TABLES(vram_info));
+
+ if (info_v30 == NULL)
+ return BP_RESULT_BADBIOSTABLE;
+
+ info->num_chans = info_v30->channel_num;
+ info->dram_channel_width_bytes = (1 << info_v30->channel_width) / 8;
+
+ return result;
+}
+
+
/*
* get_integrated_info_v11
*
@@ -3022,6 +3042,16 @@ static enum bp_result bios_parser_get_vr
break;
default:
break;
+ }
+ break;
+
+ case 3:
+ switch (revision.minor) {
+ case 0:
+ result = get_vram_info_v30(bp, info);
+ break;
+ default:
+ break;
}
break;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 218/314] drm/amd/display: Fix optc2_configure warning on dcn314
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 217/314] drm/amd/display: Support parsing VRAM info v3.0 from VBIOS Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 219/314] drm/amd/display: dont enable DRM CRTC degamma property for DCE Greg Kroah-Hartman
` (103 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nicholas Kazlauskas, Tom Chung,
Roman Li, Daniel Wheeler, Alex Deucher
From: Roman Li <roman.li@amd.com>
commit e7e4f77c991c9abf90924929a9d55f90b0bb78de upstream.
[Why]
dcn314 uses optc2_configure_crc() that wraps
optc1_configure_crc() + set additional registers
not applicable to dcn314.
It's not critical but when used leads to warning like:
WARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c
Call Trace:
<TASK>
generic_reg_set_ex+0x6d/0xe0 [amdgpu]
optc2_configure_crc+0x60/0x80 [amdgpu]
dc_stream_configure_crc+0x129/0x150 [amdgpu]
amdgpu_dm_crtc_configure_crc_source+0x5d/0xe0 [amdgpu]
[How]
Use optc1_configure_crc() directly
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Roman Li <roman.li@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dcn314/dcn314_optc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_optc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn314/dcn314_optc.c
@@ -237,7 +237,7 @@ static struct timing_generator_funcs dcn
.clear_optc_underflow = optc1_clear_optc_underflow,
.setup_global_swap_lock = NULL,
.get_crc = optc1_get_crc,
- .configure_crc = optc2_configure_crc,
+ .configure_crc = optc1_configure_crc,
.set_dsc_config = optc3_set_dsc_config,
.get_dsc_status = optc2_get_dsc_status,
.set_dwb_source = NULL,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 219/314] drm/amd/display: dont enable DRM CRTC degamma property for DCE
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 218/314] drm/amd/display: Fix optc2_configure warning on dcn314 Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 220/314] drm/amd/display: Fix prefetch calculations for dcn32 Greg Kroah-Hartman
` (102 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rodrigo Siqueira, Melissa Wen, Alex Deucher
From: Melissa Wen <mwen@igalia.com>
commit 0e444a4de6b38c4593a07e4cfb5bf54c40cc79b6 upstream.
DM maps DRM CRTC degamma to DPP (pre-blending) degamma block, but DCE doesn't
support programmable degamma curve anywhere. Currently, a custom degamma is
accepted by DM but just ignored by DCE driver and degamma correction isn't
actually applied. There is no way to map custom degamma in DCE, therefore, DRM
CRTC degamma property shouldn't be enabled for DCE drivers.
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Melissa Wen <mwen@igalia.com>
Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
@@ -412,7 +412,7 @@ int amdgpu_dm_crtc_init(struct amdgpu_di
{
struct amdgpu_crtc *acrtc = NULL;
struct drm_plane *cursor_plane;
-
+ bool is_dcn;
int res = -ENOMEM;
cursor_plane = kzalloc(sizeof(*cursor_plane), GFP_KERNEL);
@@ -450,8 +450,14 @@ int amdgpu_dm_crtc_init(struct amdgpu_di
acrtc->otg_inst = -1;
dm->adev->mode_info.crtcs[crtc_index] = acrtc;
- drm_crtc_enable_color_mgmt(&acrtc->base, MAX_COLOR_LUT_ENTRIES,
+
+ /* Don't enable DRM CRTC degamma property for DCE since it doesn't
+ * support programmable degamma anywhere.
+ */
+ is_dcn = dm->adev->dm.dc->caps.color.dpp.dcn_arch;
+ drm_crtc_enable_color_mgmt(&acrtc->base, is_dcn ? MAX_COLOR_LUT_ENTRIES : 0,
true, MAX_COLOR_LUT_ENTRIES);
+
drm_mode_crtc_set_gamma_size(&acrtc->base, MAX_COLOR_LEGACY_LUT_ENTRIES);
return 0;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 220/314] drm/amd/display: Fix prefetch calculations for dcn32
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 219/314] drm/amd/display: dont enable DRM CRTC degamma property for DCE Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 221/314] ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Greg Kroah-Hartman
` (101 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jun Lei, Tom Chung, Dillon Varone,
Daniel Wheeler, Alex Deucher
From: Dillon Varone <Dillon.Varone@amd.com>
commit 246e667079e8d0fc85f842bceca8c5a3c5da5905 upstream.
[Description]
Prefetch calculation loop was not exiting until utilizing all of vstartup if it
failed once. Locals need to be reset on each iteration of the loop.
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Dillon Varone <Dillon.Varone@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.0.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c
@@ -718,6 +718,8 @@ static void DISPCLKDPPCLKDCFCLKDeepSleep
do {
MaxTotalRDBandwidth = 0;
+ DestinationLineTimesForPrefetchLessThan2 = false;
+ VRatioPrefetchMoreThanMax = false;
#ifdef __DML_VBA_DEBUG__
dml_print("DML::%s: Start loop: VStartup = %d\n", __func__, mode_lib->vba.VStartupLines);
#endif
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 221/314] ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 220/314] drm/amd/display: Fix prefetch calculations for dcn32 Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 222/314] ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro Greg Kroah-Hartman
` (100 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+9abda841d636d86c41da, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit ad72c3c3f6eb81d2cb189ec71e888316adada5df upstream.
snd_usbmidi_output_open() has a check of the NULL port with
snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened,
but in reality, the NULL port may be seen when the device gives an
invalid endpoint setup at the descriptor, hence the driver skips the
allocation. That is, the check itself is valid and snd_BUG_ON()
should be dropped from there. Otherwise it's confusing as if it were
a real bug, as recently syzbot stumbled on it.
Reported-by: syzbot+9abda841d636d86c41da@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/syzbot+9abda841d636d86c41da@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20221112141223.6144-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/midi.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/sound/usb/midi.c
+++ b/sound/usb/midi.c
@@ -1133,10 +1133,8 @@ static int snd_usbmidi_output_open(struc
port = &umidi->endpoints[i].out->ports[j];
break;
}
- if (!port) {
- snd_BUG();
+ if (!port)
return -ENXIO;
- }
substream->runtime->private_data = port;
port->state = STATE_UNKNOWN;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 222/314] ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 221/314] ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 223/314] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Greg Kroah-Hartman
` (99 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Emil Flink, Takashi Iwai
From: Emil Flink <emil.flink@gmail.com>
commit b18a456330e1c1ca207b57b45872f10336741388 upstream.
The Samsung Galaxy Book Pro seems to have the same issue as a few
other Samsung laptops, detailed in kernel bug report 207423. Sound from
headphone jack works, but not the built-in speakers.
alsa-info: http://alsa-project.org/db/?f=b40ba609dc6ae28dc84ad404a0d8a4bbcd8bea6d
Signed-off-by: Emil Flink <emil.flink@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221115144500.7782-1-emil.flink@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9446,6 +9446,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x144d, 0xc176, "Samsung Notebook 9 Pro (NP930MBE-K04US)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc189, "Samsung Galaxy Flex Book (NT950QCG-X716)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc18a, "Samsung Galaxy Book Ion (NP930XCJ-K01US)", ALC298_FIXUP_SAMSUNG_AMP),
+ SND_PCI_QUIRK(0x144d, 0xc1a3, "Samsung Galaxy Book Pro (NP935XDB-KC1SE)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8),
SND_PCI_QUIRK(0x144d, 0xc812, "Samsung Notebook Pen S (NT950SBE-X58)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc830, "Samsung Galaxy Book Ion (NT950XCJ-X716A)", ALC298_FIXUP_SAMSUNG_AMP),
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 223/314] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 222/314] ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 224/314] Revert "usb: dwc3: disable USB core PHY management" Greg Kroah-Hartman
` (98 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai
From: Takashi Iwai <tiwai@suse.de>
commit 1abfd71ee8f3ed99c5d0df5d9843a360541d6808 upstream.
Samsung Galaxy Book Pro 360 (13" 2021 NP930QBD-ke1US) with codec SSID
144d:c1a6 requires the same workaround for enabling the speaker amp
like other Samsung models with ALC298 codec.
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1205100
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221115170235.18875-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9447,6 +9447,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x144d, 0xc189, "Samsung Galaxy Flex Book (NT950QCG-X716)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc18a, "Samsung Galaxy Book Ion (NP930XCJ-K01US)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc1a3, "Samsung Galaxy Book Pro (NP935XDB-KC1SE)", ALC298_FIXUP_SAMSUNG_AMP),
+ SND_PCI_QUIRK(0x144d, 0xc1a6, "Samsung Galaxy Book Pro 360 (NP930QBD)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8),
SND_PCI_QUIRK(0x144d, 0xc812, "Samsung Notebook Pen S (NT950SBE-X58)", ALC298_FIXUP_SAMSUNG_AMP),
SND_PCI_QUIRK(0x144d, 0xc830, "Samsung Galaxy Book Ion (NT950XCJ-X716A)", ALC298_FIXUP_SAMSUNG_AMP),
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 224/314] Revert "usb: dwc3: disable USB core PHY management"
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 223/314] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 225/314] usb: dwc3: Do not get extcon device when usb-role-switch is used Greg Kroah-Hartman
` (97 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Agner, Johan Hovold,
Marek Szyprowski, Thinh Nguyen
From: Johan Hovold <johan+linaro@kernel.org>
commit 5c294de36e7fb3e0cba0c4e1ef9a5f57bc080d0f upstream.
This reverts commit 6000b8d900cd5f52fbcd0776d0cc396e88c8c2ea.
The offending commit disabled the USB core PHY management as the dwc3
already manages the PHYs in question.
Unfortunately some platforms have started relying on having USB core
also controlling the PHY and this is specifically currently needed on
some Exynos platforms for PHY calibration or connected device may fail
to enumerate.
The PHY calibration was previously handled in the dwc3 driver, but to
work around some issues related to how the dwc3 driver interacts with
xhci (e.g. using multiple drivers) this was moved to USB core by commits
34c7ed72f4f0 ("usb: core: phy: add support for PHY calibration") and
a0a465569b45 ("usb: dwc3: remove generic PHY calibrate() calls").
The same PHY obviously should not be controlled from two different
places, which for example do no agree on the PHY mode or power state
during suspend, but as the offending patch was backported to stable,
let's revert it for now.
Reported-by: Stefan Agner <stefan@agner.ch>
Link: https://lore.kernel.org/lkml/808bdba846bb60456adf10a3016911ee@agner.ch/
Fixes: 6000b8d900cd ("usb: dwc3: disable USB core PHY management")
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20221103144648.14197-1-johan+linaro@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/host.c | 10 ----------
1 file changed, 10 deletions(-)
--- a/drivers/usb/dwc3/host.c
+++ b/drivers/usb/dwc3/host.c
@@ -11,13 +11,8 @@
#include <linux/of.h>
#include <linux/platform_device.h>
-#include "../host/xhci-plat.h"
#include "core.h"
-static const struct xhci_plat_priv dwc3_xhci_plat_priv = {
- .quirks = XHCI_SKIP_PHY_INIT,
-};
-
static void dwc3_host_fill_xhci_irq_res(struct dwc3 *dwc,
int irq, char *name)
{
@@ -97,11 +92,6 @@ int dwc3_host_init(struct dwc3 *dwc)
goto err;
}
- ret = platform_device_add_data(xhci, &dwc3_xhci_plat_priv,
- sizeof(dwc3_xhci_plat_priv));
- if (ret)
- goto err;
-
memset(props, 0, sizeof(struct property_entry) * ARRAY_SIZE(props));
if (dwc->usb3_lpm_capable)
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 225/314] usb: dwc3: Do not get extcon device when usb-role-switch is used
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 224/314] Revert "usb: dwc3: disable USB core PHY management" Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 226/314] io_uring: update res mask in io_poll_check_events Greg Kroah-Hartman
` (96 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Janne Grunau, Thinh Nguyen,
Sven Peter
From: Janne Grunau <j@jannau.net>
commit d68cc25b7c7fb3034c5a5b5f350a0b858c6d5a45 upstream.
The change breaks device tree based platforms with PHY device and use
usb-role-switch instead of an extcon switch. extcon_find_edev_by_node()
will return EPROBE_DEFER if it can not find a device so probing without
an extcon device will be deferred indefinitely. Fix this by
explicitly checking for usb-role-switch.
At least the out-of-tree USB3 support on Apple silicon based platforms
using dwc3 with tipd USB Type-C and PD controller is affected by this
issue.
Fixes: d182c2e1bc92 ("usb: dwc3: Don't switch OTG -> peripheral if extcon is present")
Cc: stable@kernel.org
Signed-off-by: Janne Grunau <j@jannau.net>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Reviewed-by: Sven Peter <sven@svenpeter.dev>
Link: https://lore.kernel.org/r/20221106214804.2814-1-j@jannau.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1711,6 +1711,16 @@ static struct extcon_dev *dwc3_get_extco
return extcon_get_extcon_dev(name);
/*
+ * Check explicitly if "usb-role-switch" is used since
+ * extcon_find_edev_by_node() can not be used to check the absence of
+ * an extcon device. In the absence of an device it will always return
+ * EPROBE_DEFER.
+ */
+ if (IS_ENABLED(CONFIG_USB_ROLE_SWITCH) &&
+ device_property_read_bool(dev, "usb-role-switch"))
+ return NULL;
+
+ /*
* Try to get an extcon device from the USB PHY controller's "port"
* node. Check if it has the "port" node first, to avoid printing the
* error message from underlying code, as it's a valid case: extcon
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 226/314] io_uring: update res mask in io_poll_check_events
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 225/314] usb: dwc3: Do not get extcon device when usb-role-switch is used Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 227/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
` (95 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit b98186aee22fa593bc8c6b2c5d839c2ee518bc8c upstream.
When io_poll_check_events() collides with someone attempting to queue a
task work, it'll spin for one more time. However, it'll continue to use
the mask from the first iteration instead of updating it. For example,
if the first wake up was a EPOLLIN and the second EPOLLOUT, the
userspace will not get EPOLLOUT in time.
Clear the mask for all subsequent iterations to force vfs_poll().
Cc: stable@vger.kernel.org
Fixes: aa43477b04025 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/2dac97e8f691231049cb259c4ae57e79e40b537c.1668710222.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/poll.c | 3 +++
1 file changed, 3 insertions(+)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -256,6 +256,9 @@ static int io_poll_check_events(struct i
return ret;
}
+ /* force the next iteration to vfs_poll() */
+ req->cqe.res = 0;
+
/*
* Release all references, retry if someone tried to restart
* task_work while we were executing it.
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 227/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 226/314] io_uring: update res mask in io_poll_check_events Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 228/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 Greg Kroah-Hartman
` (94 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bean Huo, Christoph Hellwig
From: Bean Huo <beanhuo@micron.com>
commit d5ceb4d1c50786d21de3d4b06c3f43109ec56dd8 upstream.
Added a quirk to fix Micron Nitro NVMe reporting duplicate NGUIDs.
Cc: <stable@vger.kernel.org>
Signed-off-by: Bean Huo <beanhuo@micron.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3488,6 +3488,8 @@ static const struct pci_device_id nvme_i
NVME_QUIRK_IGNORE_DEV_SUBNQN, },
{ PCI_DEVICE(0x1344, 0x5407), /* Micron Technology Inc NVMe SSD */
.driver_data = NVME_QUIRK_IGNORE_DEV_SUBNQN },
+ { PCI_DEVICE(0x1344, 0x6001), /* Micron Nitro NVMe */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1c5c, 0x1504), /* SK Hynix PC400 */
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x1c5c, 0x174a), /* SK Hynix P31 SSD */
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 228/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 227/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 229/314] slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m Greg Kroah-Hartman
` (93 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tiago Dias Ferreira,
Chaitanya Kulkarni, Christoph Hellwig
From: Tiago Dias Ferreira <tiagodfer@gmail.com>
commit 8d6e38f636ac063e8062a21e7616f7d9bf0df5d8 upstream.
Added a quirk to fix the Netac NV7000 SSD reporting duplicate NGUIDs.
Cc: <stable@vger.kernel.org>
Signed-off-by: Tiago Dias Ferreira <tiagodfer@gmail.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/pci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3520,6 +3520,8 @@ static const struct pci_device_id nvme_i
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x2646, 0x501E), /* KINGSTON OM3PGP4xxxxQ OS21011 NVMe SSD */
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x1f40, 0x5236), /* Netac Technologies Co. NV7000 NVMe SSD */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1001), /* MAXIO MAP1001 */
.driver_data = NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x1e4B, 0x1002), /* MAXIO MAP1002 */
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 229/314] slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 228/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 230/314] slimbus: stream: correct presence rate frequencies Greg Kroah-Hartman
` (92 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Zheng Bin, Krzysztof Kozlowski
From: Zheng Bin <zhengbin13@huawei.com>
commit e54fad8044db18cc400df8d01bfb86cada08b7cb upstream.
If CONFIG_SLIM_QCOM_NGD_CTRL=y, CONFIG_QCOM_RPROC_COMMON=m, COMPILE_TEST=y,
bulding fails:
drivers/slimbus/qcom-ngd-ctrl.o: In function `qcom_slim_ngd_ctrl_probe':
qcom-ngd-ctrl.c:(.text+0x330): undefined reference to `qcom_register_ssr_notifier'
qcom-ngd-ctrl.c:(.text+0x5fc): undefined reference to `qcom_unregister_ssr_notifier'
drivers/slimbus/qcom-ngd-ctrl.o: In function `qcom_slim_ngd_remove':
qcom-ngd-ctrl.c:(.text+0x90c): undefined reference to `qcom_unregister_ssr_notifier'
Make SLIM_QCOM_NGD_CTRL depends on QCOM_RPROC_COMMON || (COMPILE_TEST && !QCOM_RPROC_COMMON) to fix this.
Fixes: e291691c6977 ("slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON")
Cc: stable <stable@kernel.org>
Signed-off-by: Zheng Bin <zhengbin13@huawei.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20221027095904.3388959-1-zhengbin13@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/slimbus/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/slimbus/Kconfig
+++ b/drivers/slimbus/Kconfig
@@ -23,7 +23,7 @@ config SLIM_QCOM_CTRL
config SLIM_QCOM_NGD_CTRL
tristate "Qualcomm SLIMbus Satellite Non-Generic Device Component"
depends on HAS_IOMEM && DMA_ENGINE && NET && QCOM_RPROC_COMMON
- depends on ARCH_QCOM || COMPILE_TEST
+ depends on ARCH_QCOM || (COMPILE_TEST && !QCOM_RPROC_COMMON)
select QCOM_QMI_HELPERS
select QCOM_PDR_HELPERS
help
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 230/314] slimbus: stream: correct presence rate frequencies
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 229/314] slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 231/314] speakup: fix a segfault caused by switching consoles Greg Kroah-Hartman
` (91 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit b9c1939627f8185dec8ba6d741e9573a4c7a5834 upstream.
Correct few frequencies in presence rate table - multiplied by 10
(110250 instead of 11025 Hz).
Fixes: abb9c9b8b51b ("slimbus: stream: add stream support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220929165202.410937-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/slimbus/stream.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/slimbus/stream.c
+++ b/drivers/slimbus/stream.c
@@ -67,10 +67,10 @@ static const int slim_presence_rate_tabl
384000,
768000,
0, /* Reserved */
- 110250,
- 220500,
- 441000,
- 882000,
+ 11025,
+ 22050,
+ 44100,
+ 88200,
176400,
352800,
705600,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 231/314] speakup: fix a segfault caused by switching consoles
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 230/314] slimbus: stream: correct presence rate frequencies Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 232/314] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
` (90 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Mushahid Hussain, Samuel Thibault
From: Mushahid Hussain <mushi.shar@gmail.com>
commit 0fc801f8018000c8e64a275a20cb1da7c54e46df upstream.
This patch fixes a segfault by adding a null check on synth in
speakup_con_update(). The segfault can be reproduced as follows:
- Login into a text console
- Load speakup and speakup_soft modules
- Remove speakup_soft
- Switch to a graphics console
This is caused by lack of a null check on `synth` in
speakup_con_update().
Here's the sequence that causes the segfault:
- When we remove the speakup_soft, synth_release() sets the synth
to null.
- After that, when we change the virtual console to graphics
console, vt_notifier_call() is fired, which then calls
speakup_con_update().
- Inside speakup_con_update() there's no null check on synth,
so it calls synth_printf().
- Inside synth_printf(), synth_buffer_add() and synth_start(),
both access synth, when it is null and causing a segfault.
Therefore adding a null check on synth solves the issue.
Fixes: 2610df41489f ("staging: speakup: Add pause command used on switching to graphical mode")
Cc: stable <stable@kernel.org>
Signed-off-by: Mushahid Hussain <mushi.shar@gmail.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Link: https://lore.kernel.org/r/20221010165720.397042-1-mushi.shar@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/accessibility/speakup/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/accessibility/speakup/main.c
+++ b/drivers/accessibility/speakup/main.c
@@ -1778,7 +1778,7 @@ static void speakup_con_update(struct vc
{
unsigned long flags;
- if (!speakup_console[vc->vc_num] || spk_parked)
+ if (!speakup_console[vc->vc_num] || spk_parked || !synth)
return;
if (!spin_trylock_irqsave(&speakup_info.spinlock, flags))
/* Speakup output, discard */
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 232/314] speakup: replace utils u_char with unsigned char
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 231/314] speakup: fix a segfault caused by switching consoles Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 233/314] USB: bcma: Make GPIO explicitly optional Greg Kroah-Hartman
` (89 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches,
Đoàn Trần Công Danh, Samuel Thibault,
stable
From: Đoàn Trần Công Danh <congdanhqx@gmail.com>
commit 92ca969ff8815f3feef2645199bd39bf594e5eeb upstream.
drivers/accessibility/speakup/utils.h will be used to compile host tool
to generate metadata.
"u_char" is a non-standard type, which is defined to "unsigned char"
on glibc but not defined by some libc, e.g. musl.
Let's replace "u_char" with "unsigned char"
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/b75743026aaee2d81efe3d7f2e8fa47f7d0b8ea7.1665736571.git.congdanhqx@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/accessibility/speakup/utils.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/accessibility/speakup/utils.h
+++ b/drivers/accessibility/speakup/utils.h
@@ -54,7 +54,7 @@ static inline int oops(const char *msg,
static inline struct st_key *hash_name(char *name)
{
- u_char *pn = (u_char *)name;
+ unsigned char *pn = (unsigned char *)name;
int hash = 0;
while (*pn) {
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 233/314] USB: bcma: Make GPIO explicitly optional
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 232/314] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 234/314] USB: serial: option: add Sierra Wireless EM9191 Greg Kroah-Hartman
` (88 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Chuhong Yuan, Linus Walleij, stable
From: Linus Walleij <linus.walleij@linaro.org>
commit cd136706b4f925aa5d316642543babac90d45910 upstream.
What the code does is to not check the return value from
devm_gpiod_get() and then avoid using an erroneous GPIO descriptor
with IS_ERR_OR_NULL().
This will miss real errors from the GPIO core that should not be
ignored, such as probe deferral.
Instead request the GPIO as explicitly optional, which means that
if it doesn't exist, the descriptor returned will be NULL.
Then we can add error handling and also avoid just doing this on
the device tree path, and simplify the site where the optional
GPIO descriptor is used.
There were some problems with cleaning up this GPIO descriptor
use in the past, but this is the proper way to deal with it.
Cc: Rafał Miłecki <rafal@milecki.pl>
Cc: Chuhong Yuan <hslester96@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20221107090753.1404679-1-linus.walleij@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/bcma-hcd.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/usb/host/bcma-hcd.c
+++ b/drivers/usb/host/bcma-hcd.c
@@ -285,7 +285,7 @@ static void bcma_hci_platform_power_gpio
{
struct bcma_hcd_device *usb_dev = bcma_get_drvdata(dev);
- if (IS_ERR_OR_NULL(usb_dev->gpio_desc))
+ if (!usb_dev->gpio_desc)
return;
gpiod_set_value(usb_dev->gpio_desc, val);
@@ -406,9 +406,11 @@ static int bcma_hcd_probe(struct bcma_de
return -ENOMEM;
usb_dev->core = core;
- if (core->dev.of_node)
- usb_dev->gpio_desc = devm_gpiod_get(&core->dev, "vcc",
- GPIOD_OUT_HIGH);
+ usb_dev->gpio_desc = devm_gpiod_get_optional(&core->dev, "vcc",
+ GPIOD_OUT_HIGH);
+ if (IS_ERR(usb_dev->gpio_desc))
+ return dev_err_probe(&core->dev, PTR_ERR(usb_dev->gpio_desc),
+ "error obtaining VCC GPIO");
switch (core->id.id) {
case BCMA_CORE_USB20_HOST:
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 234/314] USB: serial: option: add Sierra Wireless EM9191
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 233/314] USB: bcma: Make GPIO explicitly optional Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 235/314] USB: serial: option: remove old LARA-R6 PID Greg Kroah-Hartman
` (87 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Benoît Monin, Johan Hovold
From: Benoît Monin <benoit.monin@gmx.fr>
commit df3414b0a245f43476061fddd78cee7d6cff797f upstream.
Add support for the AT and diag ports, similar to other qualcomm SDX55
modems. In QDL mode, the modem uses a different device ID and support
is provided by qcserial in commit 11c52d250b34 ("USB: serial: qcserial:
add EM9191 QDL support").
T: Bus=08 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 3 Spd=5000 MxCh= 0
D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1
P: Vendor=1199 ProdID=90d3 Rev=00.06
S: Manufacturer=Sierra Wireless, Incorporated
S: Product=Sierra Wireless EM9191
S: SerialNumber=xxxxxxxxxxxxxxxx
C: #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=896mA
I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
I: If#=0x4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none)
Signed-off-by: Benoît Monin <benoit.monin@gmx.fr>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -581,6 +581,9 @@ static void option_instat_callback(struc
#define OPPO_VENDOR_ID 0x22d9
#define OPPO_PRODUCT_R11 0x276c
+/* Sierra Wireless products */
+#define SIERRA_VENDOR_ID 0x1199
+#define SIERRA_PRODUCT_EM9191 0x90d3
/* Device flags */
@@ -2176,6 +2179,8 @@ static const struct usb_device_id option
{ USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1405, 0xff) }, /* GosunCn GM500 MBIM */
{ USB_DEVICE_INTERFACE_CLASS(0x305a, 0x1406, 0xff) }, /* GosunCn GM500 ECM/NCM */
{ USB_DEVICE_AND_INTERFACE_INFO(OPPO_VENDOR_ID, OPPO_PRODUCT_R11, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(SIERRA_VENDOR_ID, SIERRA_PRODUCT_EM9191, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(SIERRA_VENDOR_ID, SIERRA_PRODUCT_EM9191, 0xff, 0, 0) },
{ } /* Terminating entry */
};
MODULE_DEVICE_TABLE(usb, option_ids);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 235/314] USB: serial: option: remove old LARA-R6 PID
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 234/314] USB: serial: option: add Sierra Wireless EM9191 Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 236/314] USB: serial: option: add u-blox LARA-R6 00B modem Greg Kroah-Hartman
` (86 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Davide Tronchin, Johan Hovold
From: Davide Tronchin <davide.tronchin.94@gmail.com>
commit 2ec106b96afc19698ff934323b633c0729d4c7f8 upstream.
Remove the UBLOX_PRODUCT_R6XX 0x90fa association since LARA-R6 00B final
product uses a new USB composition with different PID. 0x90fa PID used
only by LARA-R6 internal prototypes.
Move 0x90fa PID directly in the option_ids array since used by other
Qualcomm based modem vendors as pointed out in:
https://lore.kernel.org/all/6572c4e6-d8bc-b8d3-4396-d879e4e76338@gmail.com
Signed-off-by: Davide Tronchin <davide.tronchin.94@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -240,7 +240,6 @@ static void option_instat_callback(struc
#define QUECTEL_PRODUCT_UC15 0x9090
/* These u-blox products use Qualcomm's vendor ID */
#define UBLOX_PRODUCT_R410M 0x90b2
-#define UBLOX_PRODUCT_R6XX 0x90fa
/* These Yuga products use Qualcomm's vendor ID */
#define YUGA_PRODUCT_CLM920_NC5 0x9625
@@ -1127,7 +1126,7 @@ static const struct usb_device_id option
/* u-blox products using Qualcomm vendor ID */
{ USB_DEVICE(QUALCOMM_VENDOR_ID, UBLOX_PRODUCT_R410M),
.driver_info = RSVD(1) | RSVD(3) },
- { USB_DEVICE(QUALCOMM_VENDOR_ID, UBLOX_PRODUCT_R6XX),
+ { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x90fa),
.driver_info = RSVD(3) },
/* Quectel products using Quectel vendor ID */
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC21, 0xff, 0xff, 0xff),
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 236/314] USB: serial: option: add u-blox LARA-R6 00B modem
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 235/314] USB: serial: option: remove old LARA-R6 PID Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 237/314] USB: serial: option: add u-blox LARA-L6 modem Greg Kroah-Hartman
` (85 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Davide Tronchin, Johan Hovold
From: Davide Tronchin <davide.tronchin.94@gmail.com>
commit d9e37a5c4d80ea25a7171ab8557a449115554e76 upstream.
The official LARA-R6 (00B) modem uses 0x908b PID. LARA-R6 00B does not
implement a QMI interface on port 4, the reservation (RSVD(4)) has been
added to meet other companies that implement QMI on that interface.
LARA-R6 00B USB composition exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parser/alternative functions
Signed-off-by: Davide Tronchin <davide.tronchin.94@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1126,6 +1126,8 @@ static const struct usb_device_id option
/* u-blox products using Qualcomm vendor ID */
{ USB_DEVICE(QUALCOMM_VENDOR_ID, UBLOX_PRODUCT_R410M),
.driver_info = RSVD(1) | RSVD(3) },
+ { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x908b), /* u-blox LARA-R6 00B */
+ .driver_info = RSVD(4) },
{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x90fa),
.driver_info = RSVD(3) },
/* Quectel products using Quectel vendor ID */
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 237/314] USB: serial: option: add u-blox LARA-L6 modem
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 236/314] USB: serial: option: add u-blox LARA-R6 00B modem Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 238/314] USB: serial: option: add Fibocom FM160 0x0111 composition Greg Kroah-Hartman
` (84 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Davide Tronchin, Johan Hovold
From: Davide Tronchin <davide.tronchin.94@gmail.com>
commit c1547f12df8b8e9ca2686accee43213ecd117efe upstream.
Add LARA-L6 PIDs for three different USB compositions.
LARA-L6 module can be configured (by AT interface) in three different
USB modes:
* Default mode (Vendor ID: 0x1546 Product ID: 0x1341) with 4 serial
interfaces
* RmNet mode (Vendor ID: 0x1546 Product ID: 0x1342) with 4 serial
interfaces and 1 RmNet virtual network interface
* CDC-ECM mode (Vendor ID: 0x1546 Product ID: 0x1343) with 4 serial
interface and 1 CDC-ECM virtual network interface
In default mode LARA-L6 exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parser/alternative functions
In RmNet mode LARA-L6 exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parset/alternative functions
If 4: RMNET interface
In CDC-ECM mode LARA-L6 exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parset/alternative functions
If 4: CDC-ECM interface
Signed-off-by: Davide Tronchin <davide.tronchin.94@gmail.com>
[ johan: drop PID defines in favour of comments ]
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -162,6 +162,8 @@ static void option_instat_callback(struc
#define NOVATELWIRELESS_PRODUCT_G2 0xA010
#define NOVATELWIRELESS_PRODUCT_MC551 0xB001
+#define UBLOX_VENDOR_ID 0x1546
+
/* AMOI PRODUCTS */
#define AMOI_VENDOR_ID 0x1614
#define AMOI_PRODUCT_H01 0x0800
@@ -1130,6 +1132,12 @@ static const struct usb_device_id option
.driver_info = RSVD(4) },
{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x90fa),
.driver_info = RSVD(3) },
+ /* u-blox products */
+ { USB_DEVICE(UBLOX_VENDOR_ID, 0x1341) }, /* u-blox LARA-L6 */
+ { USB_DEVICE(UBLOX_VENDOR_ID, 0x1342), /* u-blox LARA-L6 (RMNET) */
+ .driver_info = RSVD(4) },
+ { USB_DEVICE(UBLOX_VENDOR_ID, 0x1343), /* u-blox LARA-L6 (ECM) */
+ .driver_info = RSVD(4) },
/* Quectel products using Quectel vendor ID */
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC21, 0xff, 0xff, 0xff),
.driver_info = NUMEP2 },
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 238/314] USB: serial: option: add Fibocom FM160 0x0111 composition
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 237/314] USB: serial: option: add u-blox LARA-L6 modem Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 239/314] usb: add NO_LPM quirk for Realforce 87U Keyboard Greg Kroah-Hartman
` (83 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Reinhard Speyerer, Johan Hovold
From: Reinhard Speyerer <rspmn@arcor.de>
commit 148f4b32b4504d8a32cf82049b7b9499a4b299ab upstream.
Add support for the following Fibocom FM160 composition:
0x0111: MBIM + MODEM + DIAG + AT
T: Bus=01 Lev=02 Prnt=125 Port=01 Cnt=02 Dev#= 93 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2cb7 ProdID=0111 Rev= 5.04
S: Manufacturer=Fibocom
S: Product=Fibocom FM160 Modem_SN:12345678
S: SerialNumber=12345678
C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
A: FirstIf#= 0 IfCount= 2 Cls=02(comm.) Sub=0e Prot=00
I:* If#= 0 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=0e Prot=00 Driver=cdc_mbim
E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I:* If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -2179,6 +2179,7 @@ static const struct usb_device_id option
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x010a, 0xff) }, /* Fibocom MA510 (ECM mode) */
{ USB_DEVICE_AND_INTERFACE_INFO(0x2cb7, 0x010b, 0xff, 0xff, 0x30) }, /* Fibocom FG150 Diag */
{ USB_DEVICE_AND_INTERFACE_INFO(0x2cb7, 0x010b, 0xff, 0, 0) }, /* Fibocom FG150 AT */
+ { USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x0111, 0xff) }, /* Fibocom FM160 (MBIM mode) */
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a0, 0xff) }, /* Fibocom NL668-AM/NL652-EU (laptop MBIM) */
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a2, 0xff) }, /* Fibocom FM101-GL (laptop MBIM) */
{ USB_DEVICE_INTERFACE_CLASS(0x2cb7, 0x01a4, 0xff), /* Fibocom FM101-GL (laptop MBIM) */
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 239/314] usb: add NO_LPM quirk for Realforce 87U Keyboard
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 238/314] USB: serial: option: add Fibocom FM160 0x0111 composition Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 240/314] usb: chipidea: fix deadlock in ci_otg_del_timer Greg Kroah-Hartman
` (82 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nicolas Dumazet
From: Nicolas Dumazet <ndumazet@google.com>
commit 181135bb20dcb184edd89817831b888eb8132741 upstream.
Before adding this quirk, this (mechanical keyboard) device would not be
recognized, logging:
new full-speed USB device number 56 using xhci_hcd
unable to read config index 0 descriptor/start: -32
chopping to 0 config(s)
It would take dozens of plugging/unpuggling cycles for the keyboard to
be recognized. Keyboard seems to simply work after applying this quirk.
This issue had been reported by users in two places already ([1], [2])
but nobody tried upstreaming a patch yet. After testing I believe their
suggested fix (DELAY_INIT + NO_LPM + DEVICE_QUALIFIER) was probably a
little overkill. I assume this particular combination was tested because
it had been previously suggested in [3], but only NO_LPM seems
sufficient for this device.
[1]: https://qiita.com/float168/items/fed43d540c8e2201b543
[2]: https://blog.kostic.dev/posts/making-the-realforce-87ub-work-with-usb30-on-Ubuntu/
[3]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1678477
Cc: stable@vger.kernel.org
Signed-off-by: Nicolas Dumazet <ndumazet@google.com>
Link: https://lore.kernel.org/r/20221109122946.706036-1-ndumazet@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -362,6 +362,9 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x0781, 0x5583), .driver_info = USB_QUIRK_NO_LPM },
{ USB_DEVICE(0x0781, 0x5591), .driver_info = USB_QUIRK_NO_LPM },
+ /* Realforce 87U Keyboard */
+ { USB_DEVICE(0x0853, 0x011b), .driver_info = USB_QUIRK_NO_LPM },
+
/* M-Systems Flash Disk Pioneers */
{ USB_DEVICE(0x08ec, 0x1000), .driver_info = USB_QUIRK_RESET_RESUME },
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 240/314] usb: chipidea: fix deadlock in ci_otg_del_timer
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 239/314] usb: add NO_LPM quirk for Realforce 87U Keyboard Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 241/314] usb: cdns3: host: fix endless superspeed hub port reset Greg Kroah-Hartman
` (81 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Duoming Zhou
From: Duoming Zhou <duoming@zju.edu.cn>
commit 7a58b8d6021426b796eebfae80983374d9a80a75 upstream.
There is a deadlock in ci_otg_del_timer(), the process is
shown below:
(thread 1) | (thread 2)
ci_otg_del_timer() | ci_otg_hrtimer_func()
... |
spin_lock_irqsave() //(1) | ...
... |
hrtimer_cancel() | spin_lock_irqsave() //(2)
(block forever)
We hold ci->lock in position (1) and use hrtimer_cancel() to
wait ci_otg_hrtimer_func() to stop, but ci_otg_hrtimer_func()
also need ci->lock in position (2). As a result, the
hrtimer_cancel() in ci_otg_del_timer() will be blocked forever.
This patch extracts hrtimer_cancel() from the protection of
spin_lock_irqsave() in order that the ci_otg_hrtimer_func()
could obtain the ci->lock.
What`s more, there will be no race happen. Because the
"next_timer" is always under the protection of
spin_lock_irqsave() and we only check whether "next_timer"
equals to NUM_OTG_FSM_TIMERS in the following code.
Fixes: 3a316ec4c91c ("usb: chipidea: use hrtimer for otg fsm timers")
Cc: stable <stable@kernel.org>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220918033312.94348-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/chipidea/otg_fsm.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/chipidea/otg_fsm.c
+++ b/drivers/usb/chipidea/otg_fsm.c
@@ -256,8 +256,10 @@ static void ci_otg_del_timer(struct ci_h
ci->enabled_otg_timer_bits &= ~(1 << t);
if (ci->next_otg_timer == t) {
if (ci->enabled_otg_timer_bits == 0) {
+ spin_unlock_irqrestore(&ci->lock, flags);
/* No enabled timers after delete it */
hrtimer_cancel(&ci->otg_fsm_hrtimer);
+ spin_lock_irqsave(&ci->lock, flags);
ci->next_otg_timer = NUM_OTG_FSM_TIMERS;
} else {
/* Find the next timer */
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 241/314] usb: cdns3: host: fix endless superspeed hub port reset
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 240/314] usb: chipidea: fix deadlock in ci_otg_del_timer Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 242/314] usb: typec: mux: Enter safe mode only when pins need to be reconfigured Greg Kroah-Hartman
` (80 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Li Jun, Frank Li, Peter Chen,
Alexander Stein
From: Li Jun <jun.li@nxp.com>
commit 9d5333c931347005352d5b8beaa43528c94cfc9c upstream.
When usb 3.0 hub connect with one USB 2.0 device and NO USB 3.0 device,
some usb hub reports endless port reset message.
[ 190.324169] usb 2-1: new SuperSpeed USB device number 88 using xhci-hcd
[ 190.352834] hub 2-1:1.0: USB hub found
[ 190.356995] hub 2-1:1.0: 4 ports detected
[ 190.700056] usb 2-1: USB disconnect, device number 88
[ 192.472139] usb 2-1: new SuperSpeed USB device number 89 using xhci-hcd
[ 192.500820] hub 2-1:1.0: USB hub found
[ 192.504977] hub 2-1:1.0: 4 ports detected
[ 192.852066] usb 2-1: USB disconnect, device number 89
The reason is the runtime pm state of USB2.0 port is active and
USB 3.0 port is suspend, so parent device is active state.
cat /sys/bus/platform/devices/5b110000.usb/5b130000.usb/xhci-hcd.1.auto/usb2/power/runtime_status
suspended
cat /sys/bus/platform/devices/5b110000.usb/5b130000.usb/xhci-hcd.1.auto/usb1/power/runtime_status
active
cat /sys/bus/platform/devices/5b110000.usb/5b130000.usb/xhci-hcd.1.auto/power/runtime_status
active
cat /sys/bus/platform/devices/5b110000.usb/5b130000.usb/power/runtime_status
active
So xhci_cdns3_suspend_quirk() have not called. U3 configure is not applied.
move U3 configure into host start. Reinit again in resume function in case
controller power lost during suspend.
Cc: stable@vger.kernel.org 5.10
Signed-off-by: Li Jun <jun.li@nxp.com>
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Reviewed-by: Peter Chen <peter.chen@kernel.org>
Acked-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Link: https://lore.kernel.org/r/20221026190749.2280367-1-Frank.Li@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/cdns3/host.c | 56 +++++++++++++++++++++++------------------------
1 file changed, 28 insertions(+), 28 deletions(-)
--- a/drivers/usb/cdns3/host.c
+++ b/drivers/usb/cdns3/host.c
@@ -24,11 +24,37 @@
#define CFG_RXDET_P3_EN BIT(15)
#define LPM_2_STB_SWITCH_EN BIT(25)
-static int xhci_cdns3_suspend_quirk(struct usb_hcd *hcd);
+static void xhci_cdns3_plat_start(struct usb_hcd *hcd)
+{
+ struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+ u32 value;
+
+ /* set usbcmd.EU3S */
+ value = readl(&xhci->op_regs->command);
+ value |= CMD_PM_INDEX;
+ writel(value, &xhci->op_regs->command);
+
+ if (hcd->regs) {
+ value = readl(hcd->regs + XECP_AUX_CTRL_REG1);
+ value |= CFG_RXDET_P3_EN;
+ writel(value, hcd->regs + XECP_AUX_CTRL_REG1);
+
+ value = readl(hcd->regs + XECP_PORT_CAP_REG);
+ value |= LPM_2_STB_SWITCH_EN;
+ writel(value, hcd->regs + XECP_PORT_CAP_REG);
+ }
+}
+
+static int xhci_cdns3_resume_quirk(struct usb_hcd *hcd)
+{
+ xhci_cdns3_plat_start(hcd);
+ return 0;
+}
static const struct xhci_plat_priv xhci_plat_cdns3_xhci = {
.quirks = XHCI_SKIP_PHY_INIT | XHCI_AVOID_BEI,
- .suspend_quirk = xhci_cdns3_suspend_quirk,
+ .plat_start = xhci_cdns3_plat_start,
+ .resume_quirk = xhci_cdns3_resume_quirk,
};
static int __cdns_host_init(struct cdns *cdns)
@@ -90,32 +116,6 @@ err1:
return ret;
}
-static int xhci_cdns3_suspend_quirk(struct usb_hcd *hcd)
-{
- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
- u32 value;
-
- if (pm_runtime_status_suspended(hcd->self.controller))
- return 0;
-
- /* set usbcmd.EU3S */
- value = readl(&xhci->op_regs->command);
- value |= CMD_PM_INDEX;
- writel(value, &xhci->op_regs->command);
-
- if (hcd->regs) {
- value = readl(hcd->regs + XECP_AUX_CTRL_REG1);
- value |= CFG_RXDET_P3_EN;
- writel(value, hcd->regs + XECP_AUX_CTRL_REG1);
-
- value = readl(hcd->regs + XECP_PORT_CAP_REG);
- value |= LPM_2_STB_SWITCH_EN;
- writel(value, hcd->regs + XECP_PORT_CAP_REG);
- }
-
- return 0;
-}
-
static void cdns_host_exit(struct cdns *cdns)
{
kfree(cdns->xhci_plat_data);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 242/314] usb: typec: mux: Enter safe mode only when pins need to be reconfigured
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 241/314] usb: cdns3: host: fix endless superspeed hub port reset Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 243/314] usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler Greg Kroah-Hartman
` (79 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Rajat Khandelwal,
Lee Shawn C, Heikki Krogerus
From: Rajat Khandelwal <rajat.khandelwal@linux.intel.com>
commit 40bf8f162d0f95e0716e479d7db41443d931765c upstream.
There is no point to enter safe mode during DP/TBT configuration
if the DP/TBT was already configured in mux. This is because safe
mode is only applicable when there is a need to reconfigure the
pins in order to avoid damage within/to port partner.
In some chrome systems, IOM/mux is already configured before OS
comes up. Thus, when driver is probed, it blindly enters safe
mode due to PD negotiations but only after gfx driver lowers
dp_phy_ownership, will the IOM complete safe mode and send an
ack to PMC.
Since, that never happens, we see IPC timeout.
Hence, allow safe mode only when pin reconfiguration is not
required, which makes sense.
Fixes: 43d596e32276 ("usb: typec: intel_pmc_mux: Check the port status before connect")
Cc: stable <stable@kernel.org>
Signed-off-by: Rajat Khandelwal <rajat.khandelwal@linux.intel.com>
Signed-off-by: Lee Shawn C <shawn.c.lee@intel.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20221024171611.181468-1-rajat.khandelwal@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/mux/intel_pmc_mux.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--- a/drivers/usb/typec/mux/intel_pmc_mux.c
+++ b/drivers/usb/typec/mux/intel_pmc_mux.c
@@ -369,13 +369,24 @@ pmc_usb_mux_usb4(struct pmc_usb_port *po
return pmc_usb_command(port, (void *)&req, sizeof(req));
}
-static int pmc_usb_mux_safe_state(struct pmc_usb_port *port)
+static int pmc_usb_mux_safe_state(struct pmc_usb_port *port,
+ struct typec_mux_state *state)
{
u8 msg;
if (IOM_PORT_ACTIVITY_IS(port->iom_status, SAFE_MODE))
return 0;
+ if ((IOM_PORT_ACTIVITY_IS(port->iom_status, DP) ||
+ IOM_PORT_ACTIVITY_IS(port->iom_status, DP_MFD)) &&
+ state->alt && state->alt->svid == USB_TYPEC_DP_SID)
+ return 0;
+
+ if ((IOM_PORT_ACTIVITY_IS(port->iom_status, TBT) ||
+ IOM_PORT_ACTIVITY_IS(port->iom_status, ALT_MODE_TBT_USB)) &&
+ state->alt && state->alt->svid == USB_TYPEC_TBT_SID)
+ return 0;
+
msg = PMC_USB_SAFE_MODE;
msg |= port->usb3_port << PMC_USB_MSG_USB3_PORT_SHIFT;
@@ -443,7 +454,7 @@ pmc_usb_mux_set(struct typec_mux_dev *mu
return 0;
if (state->mode == TYPEC_STATE_SAFE)
- return pmc_usb_mux_safe_state(port);
+ return pmc_usb_mux_safe_state(port, state);
if (state->mode == TYPEC_STATE_USB)
return pmc_usb_connect(port, port->role);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 243/314] usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 242/314] usb: typec: mux: Enter safe mode only when pins need to be reconfigured Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 244/314] iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID Greg Kroah-Hartman
` (78 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Sven Peter, Eric Curtin,
Heikki Krogerus, Guido Günther
From: Sven Peter <sven@svenpeter.dev>
commit 6d8fc203b28ff8f6115fbe5eaf584de8b824f4fa upstream.
If reading TPS_REG_INT_EVENT1/2 fails in the interrupt handler event1
and event2 may be uninitialized when they are used to determine
IRQ_HANDLED vs. IRQ_NONE in the error path.
Fixes: c7260e29dd20 ("usb: typec: tipd: Add short-circuit for no irqs")
Fixes: 45188f27b3d0 ("usb: typec: tipd: Add support for Apple CD321X")
Cc: stable <stable@kernel.org>
Signed-off-by: Sven Peter <sven@svenpeter.dev>
Reviewed-by: Eric Curtin <ecurtin@redhat.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guido Günther <agx@sigxcpu.org>
Link: https://lore.kernel.org/r/20221102161542.30669-1-sven@svenpeter.dev
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tipd/core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/usb/typec/tipd/core.c
+++ b/drivers/usb/typec/tipd/core.c
@@ -474,7 +474,7 @@ static void tps6598x_handle_plug_event(s
static irqreturn_t cd321x_interrupt(int irq, void *data)
{
struct tps6598x *tps = data;
- u64 event;
+ u64 event = 0;
u32 status;
int ret;
@@ -519,8 +519,8 @@ err_unlock:
static irqreturn_t tps6598x_interrupt(int irq, void *data)
{
struct tps6598x *tps = data;
- u64 event1;
- u64 event2;
+ u64 event1 = 0;
+ u64 event2 = 0;
u32 status;
int ret;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 244/314] iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID.
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 243/314] usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 245/314] iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Greg Kroah-Hartman
` (77 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathan Cameron, Dan Robertson, Stable
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
commit 57572cacd36e6d4be7722d7770d23f4430219827 upstream.
The regulator enables were after the check on the chip variant, which was
very unlikely to return a correct value when not powered.
Presumably all the device anyone is testing on have a regulator that
is already powered up when this code runs for reasons beyond the scope
of this driver. Move the read call down a few lines.
Fixes: 3cf7ded15e40 ("iio: accel: bma400: basic regulator support")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Dan Robertson <dan@dlrobertson.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221002144133.3771029-1-jic23@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/accel/bma400_core.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
--- a/drivers/iio/accel/bma400_core.c
+++ b/drivers/iio/accel/bma400_core.c
@@ -737,18 +737,6 @@ static int bma400_init(struct bma400_dat
unsigned int val;
int ret;
- /* Try to read chip_id register. It must return 0x90. */
- ret = regmap_read(data->regmap, BMA400_CHIP_ID_REG, &val);
- if (ret) {
- dev_err(data->dev, "Failed to read chip id register\n");
- return ret;
- }
-
- if (val != BMA400_ID_REG_VAL) {
- dev_err(data->dev, "Chip ID mismatch\n");
- return -ENODEV;
- }
-
data->regulators[BMA400_VDD_REGULATOR].supply = "vdd";
data->regulators[BMA400_VDDIO_REGULATOR].supply = "vddio";
ret = devm_regulator_bulk_get(data->dev,
@@ -774,6 +762,18 @@ static int bma400_init(struct bma400_dat
if (ret)
return ret;
+ /* Try to read chip_id register. It must return 0x90. */
+ ret = regmap_read(data->regmap, BMA400_CHIP_ID_REG, &val);
+ if (ret) {
+ dev_err(data->dev, "Failed to read chip id register\n");
+ return ret;
+ }
+
+ if (val != BMA400_ID_REG_VAL) {
+ dev_err(data->dev, "Chip ID mismatch\n");
+ return -ENODEV;
+ }
+
ret = bma400_get_power_mode(data);
if (ret) {
dev_err(data->dev, "Failed to get the initial power-mode\n");
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 245/314] iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 244/314] iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 246/314] iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Greg Kroah-Hartman
` (76 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Stable, Jonathan Cameron
From: Yang Yingliang <yangyingliang@huawei.com>
commit 65f20301607d07ee279b0804d11a05a62a6c1a1c upstream.
If iio_trigger_register() returns error, it should call iio_trigger_free()
to give up the reference that hold in iio_trigger_alloc(), so that it can
call iio_trig_release() to free memory when the refcount hit to 0.
Fixes: 0e589d5fb317 ("ARM: AT91: IIO: Add AT91 ADC driver.")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221024084511.815096-1-yangyingliang@huawei.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/at91_adc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/iio/adc/at91_adc.c
+++ b/drivers/iio/adc/at91_adc.c
@@ -634,8 +634,10 @@ static struct iio_trigger *at91_adc_allo
trig->ops = &at91_adc_trigger_ops;
ret = iio_trigger_register(trig);
- if (ret)
+ if (ret) {
+ iio_trigger_free(trig);
return NULL;
+ }
return trig;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 246/314] iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 245/314] iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 247/314] iio: adc: mp2629: fix wrong comparison of channel Greg Kroah-Hartman
` (75 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Stable, Jonathan Cameron
From: Yang Yingliang <yangyingliang@huawei.com>
commit efa17e90e1711bdb084e3954fa44afb6647331c0 upstream.
dev_set_name() allocates memory for name, it need be freed
when device_add() fails, call put_device() to give up the
reference that hold in device_initialize(), so that it can
be freed in kobject_cleanup() when the refcount hit to 0.
Fault injection test can trigger this:
unreferenced object 0xffff8e8340a7b4c0 (size 32):
comm "modprobe", pid 243, jiffies 4294678145 (age 48.845s)
hex dump (first 32 bytes):
69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge
72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............
backtrace:
[<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360
[<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0
[<000000003636c520>] kstrdup+0x2d/0x60
[<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90
[<0000000092efe493>] dev_set_name+0x4e/0x70
Fixes: 1f785681a870 ("staging:iio:trigger sysfs userspace trigger rework.")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221022074212.1386424-1-yangyingliang@huawei.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/trigger/iio-trig-sysfs.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/iio/trigger/iio-trig-sysfs.c
+++ b/drivers/iio/trigger/iio-trig-sysfs.c
@@ -203,9 +203,13 @@ static int iio_sysfs_trigger_remove(int
static int __init iio_sysfs_trig_init(void)
{
+ int ret;
device_initialize(&iio_sysfs_trig_dev);
dev_set_name(&iio_sysfs_trig_dev, "iio_sysfs_trigger");
- return device_add(&iio_sysfs_trig_dev);
+ ret = device_add(&iio_sysfs_trig_dev);
+ if (ret)
+ put_device(&iio_sysfs_trig_dev);
+ return ret;
}
module_init(iio_sysfs_trig_init);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 247/314] iio: adc: mp2629: fix wrong comparison of channel
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 246/314] iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 248/314] iio: adc: mp2629: fix potential array out of bound access Greg Kroah-Hartman
` (74 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saravanan Sekar, Andy Shevchenko,
Stable, Jonathan Cameron
From: Saravanan Sekar <sravanhome@gmail.com>
commit 1eb20332a082fa801fb89c347c5e62de916a4001 upstream.
Input voltage channel enum is compared against iio address instead
of the channel.
Fixes: 7abd9fb64682 ("iio: adc: mp2629: Add support for mp2629 ADC driver")
Signed-off-by: Saravanan Sekar <sravanhome@gmail.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20221029093000.45451-2-sravanhome@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/mp2629_adc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/adc/mp2629_adc.c
+++ b/drivers/iio/adc/mp2629_adc.c
@@ -74,7 +74,7 @@ static int mp2629_read_raw(struct iio_de
if (ret)
return ret;
- if (chan->address == MP2629_INPUT_VOLT)
+ if (chan->channel == MP2629_INPUT_VOLT)
rval &= GENMASK(6, 0);
*val = rval;
return IIO_VAL_INT;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 248/314] iio: adc: mp2629: fix potential array out of bound access
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 247/314] iio: adc: mp2629: fix wrong comparison of channel Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 249/314] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
` (73 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saravanan Sekar, Stable, Jonathan Cameron
From: Saravanan Sekar <sravanhome@gmail.com>
commit ca1547ab15f48dc81624183ae17a2fd1bad06dfc upstream.
Add sentinel at end of maps to avoid potential array out of
bound access in iio core.
Fixes: 7abd9fb64682 ("iio: adc: mp2629: Add support for mp2629 ADC driver")
Signed-off-by: Saravanan Sekar <sravanhome@gmail.com>
Link: https://lore.kernel.org/r/20221029093000.45451-4-sravanhome@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/mp2629_adc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/iio/adc/mp2629_adc.c
+++ b/drivers/iio/adc/mp2629_adc.c
@@ -57,7 +57,8 @@ static struct iio_map mp2629_adc_maps[]
MP2629_MAP(SYSTEM_VOLT, "system-volt"),
MP2629_MAP(INPUT_VOLT, "input-volt"),
MP2629_MAP(BATT_CURRENT, "batt-current"),
- MP2629_MAP(INPUT_CURRENT, "input-current")
+ MP2629_MAP(INPUT_CURRENT, "input-current"),
+ { }
};
static int mp2629_read_raw(struct iio_dev *indio_dev,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 249/314] iio: pressure: ms5611: fixed value compensation bug
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 248/314] iio: adc: mp2629: fix potential array out of bound access Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 250/314] iio: pressure: ms5611: changed hardcoded SPI speed to value limited Greg Kroah-Hartman
` (72 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mitja Spes, Stable, Jonathan Cameron
From: Mitja Spes <mitja@lxnav.com>
commit 17f442e7e47579d3881fc4d47354eaef09302e6f upstream.
When using multiple instances of this driver the compensation PROM was
overwritten by the last initialized sensor. Now each sensor has own PROM
storage.
Signed-off-by: Mitja Spes <mitja@lxnav.com>
Fixes: 9690d81a02dc ("iio: pressure: ms5611: add support for MS5607 temperature and pressure sensor")
Link: https://lore.kernel.org/r/20221021135827.1444793-2-mitja@lxnav.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/ms5611.h | 12 ++------
drivers/iio/pressure/ms5611_core.c | 51 +++++++++++++++++++------------------
2 files changed, 31 insertions(+), 32 deletions(-)
--- a/drivers/iio/pressure/ms5611.h
+++ b/drivers/iio/pressure/ms5611.h
@@ -25,13 +25,6 @@ enum {
MS5607,
};
-struct ms5611_chip_info {
- u16 prom[MS5611_PROM_WORDS_NB];
-
- int (*temp_and_pressure_compensate)(struct ms5611_chip_info *chip_info,
- s32 *temp, s32 *pressure);
-};
-
/*
* OverSampling Rate descriptor.
* Warning: cmd MUST be kept aligned on a word boundary (see
@@ -50,12 +43,15 @@ struct ms5611_state {
const struct ms5611_osr *pressure_osr;
const struct ms5611_osr *temp_osr;
+ u16 prom[MS5611_PROM_WORDS_NB];
+
int (*reset)(struct ms5611_state *st);
int (*read_prom_word)(struct ms5611_state *st, int index, u16 *word);
int (*read_adc_temp_and_pressure)(struct ms5611_state *st,
s32 *temp, s32 *pressure);
- struct ms5611_chip_info *chip_info;
+ int (*compensate_temp_and_pressure)(struct ms5611_state *st, s32 *temp,
+ s32 *pressure);
struct regulator *vdd;
};
--- a/drivers/iio/pressure/ms5611_core.c
+++ b/drivers/iio/pressure/ms5611_core.c
@@ -85,7 +85,7 @@ static int ms5611_read_prom(struct iio_d
struct ms5611_state *st = iio_priv(indio_dev);
for (i = 0; i < MS5611_PROM_WORDS_NB; i++) {
- ret = st->read_prom_word(st, i, &st->chip_info->prom[i]);
+ ret = st->read_prom_word(st, i, &st->prom[i]);
if (ret < 0) {
dev_err(&indio_dev->dev,
"failed to read prom at %d\n", i);
@@ -93,7 +93,7 @@ static int ms5611_read_prom(struct iio_d
}
}
- if (!ms5611_prom_is_valid(st->chip_info->prom, MS5611_PROM_WORDS_NB)) {
+ if (!ms5611_prom_is_valid(st->prom, MS5611_PROM_WORDS_NB)) {
dev_err(&indio_dev->dev, "PROM integrity check failed\n");
return -ENODEV;
}
@@ -114,21 +114,20 @@ static int ms5611_read_temp_and_pressure
return ret;
}
- return st->chip_info->temp_and_pressure_compensate(st->chip_info,
- temp, pressure);
+ return st->compensate_temp_and_pressure(st, temp, pressure);
}
-static int ms5611_temp_and_pressure_compensate(struct ms5611_chip_info *chip_info,
+static int ms5611_temp_and_pressure_compensate(struct ms5611_state *st,
s32 *temp, s32 *pressure)
{
s32 t = *temp, p = *pressure;
s64 off, sens, dt;
- dt = t - (chip_info->prom[5] << 8);
- off = ((s64)chip_info->prom[2] << 16) + ((chip_info->prom[4] * dt) >> 7);
- sens = ((s64)chip_info->prom[1] << 15) + ((chip_info->prom[3] * dt) >> 8);
+ dt = t - (st->prom[5] << 8);
+ off = ((s64)st->prom[2] << 16) + ((st->prom[4] * dt) >> 7);
+ sens = ((s64)st->prom[1] << 15) + ((st->prom[3] * dt) >> 8);
- t = 2000 + ((chip_info->prom[6] * dt) >> 23);
+ t = 2000 + ((st->prom[6] * dt) >> 23);
if (t < 2000) {
s64 off2, sens2, t2;
@@ -154,17 +153,17 @@ static int ms5611_temp_and_pressure_comp
return 0;
}
-static int ms5607_temp_and_pressure_compensate(struct ms5611_chip_info *chip_info,
+static int ms5607_temp_and_pressure_compensate(struct ms5611_state *st,
s32 *temp, s32 *pressure)
{
s32 t = *temp, p = *pressure;
s64 off, sens, dt;
- dt = t - (chip_info->prom[5] << 8);
- off = ((s64)chip_info->prom[2] << 17) + ((chip_info->prom[4] * dt) >> 6);
- sens = ((s64)chip_info->prom[1] << 16) + ((chip_info->prom[3] * dt) >> 7);
+ dt = t - (st->prom[5] << 8);
+ off = ((s64)st->prom[2] << 17) + ((st->prom[4] * dt) >> 6);
+ sens = ((s64)st->prom[1] << 16) + ((st->prom[3] * dt) >> 7);
- t = 2000 + ((chip_info->prom[6] * dt) >> 23);
+ t = 2000 + ((st->prom[6] * dt) >> 23);
if (t < 2000) {
s64 off2, sens2, t2, tmp;
@@ -342,15 +341,6 @@ static int ms5611_write_raw(struct iio_d
static const unsigned long ms5611_scan_masks[] = {0x3, 0};
-static struct ms5611_chip_info chip_info_tbl[] = {
- [MS5611] = {
- .temp_and_pressure_compensate = ms5611_temp_and_pressure_compensate,
- },
- [MS5607] = {
- .temp_and_pressure_compensate = ms5607_temp_and_pressure_compensate,
- }
-};
-
static const struct iio_chan_spec ms5611_channels[] = {
{
.type = IIO_PRESSURE,
@@ -433,7 +423,20 @@ int ms5611_probe(struct iio_dev *indio_d
struct ms5611_state *st = iio_priv(indio_dev);
mutex_init(&st->lock);
- st->chip_info = &chip_info_tbl[type];
+
+ switch (type) {
+ case MS5611:
+ st->compensate_temp_and_pressure =
+ ms5611_temp_and_pressure_compensate;
+ break;
+ case MS5607:
+ st->compensate_temp_and_pressure =
+ ms5607_temp_and_pressure_compensate;
+ break;
+ default:
+ return -EINVAL;
+ }
+
st->temp_osr =
&ms5611_avail_temp_osr[ARRAY_SIZE(ms5611_avail_temp_osr) - 1];
st->pressure_osr =
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 250/314] iio: pressure: ms5611: changed hardcoded SPI speed to value limited
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 249/314] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 251/314] dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed Greg Kroah-Hartman
` (71 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mitja Spes, Stable, Jonathan Cameron
From: Mitja Spes <mitja@lxnav.com>
commit 741cec30cc52058d1c10d415f3b98319887e4f73 upstream.
Don't hardcode the ms5611 SPI speed, limit it instead.
Signed-off-by: Mitja Spes <mitja@lxnav.com>
Fixes: c0644160a8b5 ("iio: pressure: add support for MS5611 pressure and temperature sensor")
Link: https://lore.kernel.org/r/20221021135827.1444793-3-mitja@lxnav.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/pressure/ms5611_spi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/pressure/ms5611_spi.c
+++ b/drivers/iio/pressure/ms5611_spi.c
@@ -91,7 +91,7 @@ static int ms5611_spi_probe(struct spi_d
spi_set_drvdata(spi, indio_dev);
spi->mode = SPI_MODE_0;
- spi->max_speed_hz = 20000000;
+ spi->max_speed_hz = min(spi->max_speed_hz, 20000000U);
spi->bits_per_word = 8;
ret = spi_setup(spi);
if (ret < 0)
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 251/314] dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 250/314] iio: pressure: ms5611: changed hardcoded SPI speed to value limited Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 252/314] dm ioctl: fix misbehavior if list_versions races with module loading Greg Kroah-Hartman
` (70 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Mike Snitzer
From: Zhihao Cheng <chengzhihao1@huawei.com>
commit 0dfc1f4ceae86a0d09d880ab87625c86c61ed33c upstream.
The 'no_sleep_enabled' should be decreased in error handling path
in dm_bufio_client_create() when the DM_BUFIO_CLIENT_NO_SLEEP flag
is set, otherwise static_branch_unlikely() will always return true
even if no dm_bufio_client instances have DM_BUFIO_CLIENT_NO_SLEEP
flag set.
Cc: stable@vger.kernel.org
Fixes: 3c1c875d0586 ("dm bufio: conditionally enable branching for DM_BUFIO_CLIENT_NO_SLEEP")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-bufio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c
index 9c5ef818ca36..bb786c39545e 100644
--- a/drivers/md/dm-bufio.c
+++ b/drivers/md/dm-bufio.c
@@ -1858,6 +1858,8 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign
dm_io_client_destroy(c->dm_io);
bad_dm_io:
mutex_destroy(&c->lock);
+ if (c->no_sleep)
+ static_branch_dec(&no_sleep_enabled);
kfree(c);
bad_client:
return ERR_PTR(r);
--
2.38.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 252/314] dm ioctl: fix misbehavior if list_versions races with module loading
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 251/314] dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 253/314] serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Greg Kroah-Hartman
` (69 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer
From: Mikulas Patocka <mpatocka@redhat.com>
commit 4fe1ec995483737f3d2a14c3fe1d8fe634972979 upstream.
__list_versions will first estimate the required space using the
"dm_target_iterate(list_version_get_needed, &needed)" call and then will
fill the space using the "dm_target_iterate(list_version_get_info,
&iter_info)" call. Each of these calls locks the targets using the
"down_read(&_lock)" and "up_read(&_lock)" calls, however between the first
and second "dm_target_iterate" there is no lock held and the target
modules can be loaded at this point, so the second "dm_target_iterate"
call may need more space than what was the first "dm_target_iterate"
returned.
The code tries to handle this overflow (see the beginning of
list_version_get_info), however this handling is incorrect.
The code sets "param->data_size = param->data_start + needed" and
"iter_info.end = (char *)vers+len" - "needed" is the size returned by the
first dm_target_iterate call; "len" is the size of the buffer allocated by
userspace.
"len" may be greater than "needed"; in this case, the code will write up
to "len" bytes into the buffer, however param->data_size is set to
"needed", so it may write data past the param->data_size value. The ioctl
interface copies only up to param->data_size into userspace, thus part of
the result will be truncated.
Fix this bug by setting "iter_info.end = (char *)vers + needed;" - this
guarantees that the second "dm_target_iterate" call will write only up to
the "needed" buffer and it will exit with "DM_BUFFER_FULL_FLAG" if it
overflows the "needed" space - in this case, userspace will allocate a
larger buffer and retry.
Note that there is also a bug in list_version_get_needed - we need to add
"strlen(tt->name) + 1" to the needed size, not "strlen(tt->name)".
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-ioctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -655,7 +655,7 @@ static void list_version_get_needed(stru
size_t *needed = needed_param;
*needed += sizeof(struct dm_target_versions);
- *needed += strlen(tt->name);
+ *needed += strlen(tt->name) + 1;
*needed += ALIGN_MASK;
}
@@ -720,7 +720,7 @@ static int __list_versions(struct dm_ioc
iter_info.old_vers = NULL;
iter_info.vers = vers;
iter_info.flags = 0;
- iter_info.end = (char *)vers+len;
+ iter_info.end = (char *)vers + needed;
/*
* Now loop through filling out the names & versions.
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 253/314] serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 252/314] dm ioctl: fix misbehavior if list_versions races with module loading Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 254/314] serial: 8250: Flush DMA Rx on RLSI Greg Kroah-Hartman
` (68 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Srikanth Thokala, Aman Kumar,
Ilpo Järvinen, Andy Shevchenko
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
commit a931237cbea256aff13bb403da13a97b2d1605d9 upstream.
DW UART sometimes triggers IIR_RDI during DMA Rx when IIR_RX_TIMEOUT
should have been triggered instead. Since IIR_RDI has higher priority
than IIR_RX_TIMEOUT, this causes the Rx to hang into interrupt loop.
The problem seems to occur at least with some combinations of
small-sized transfers (I've reproduced the problem on Elkhart Lake PSE
UARTs).
If there's already an on-going Rx DMA and IIR_RDI triggers, fall
graciously back to non-DMA Rx. That is, behave as if IIR_RX_TIMEOUT had
occurred.
8250_omap already considers IIR_RDI similar to this change so its
nothing unheard of.
Fixes: 75df022b5f89 ("serial: 8250_dma: Fix RX handling")
Cc: <stable@vger.kernel.org>
Co-developed-by: Srikanth Thokala <srikanth.thokala@intel.com>
Signed-off-by: Srikanth Thokala <srikanth.thokala@intel.com>
Co-developed-by: Aman Kumar <aman.kumar@intel.com>
Signed-off-by: Aman Kumar <aman.kumar@intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20221108121952.5497-2-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_port.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1892,6 +1892,10 @@ EXPORT_SYMBOL_GPL(serial8250_modem_statu
static bool handle_rx_dma(struct uart_8250_port *up, unsigned int iir)
{
switch (iir & 0x3f) {
+ case UART_IIR_RDI:
+ if (!up->dma->rx_running)
+ break;
+ fallthrough;
case UART_IIR_RX_TIMEOUT:
serial8250_rx_dma_flush(up);
fallthrough;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 254/314] serial: 8250: Flush DMA Rx on RLSI
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 253/314] serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 255/314] serial: 8250_lpss: Configure DMA also w/o DMA filter Greg Kroah-Hartman
` (67 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen, Andy Shevchenko
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
commit 1980860e0c8299316cddaf0992dd9e1258ec9d88 upstream.
Returning true from handle_rx_dma() without flushing DMA first creates
a data ordering hazard. If DMA Rx has handled any character at the
point when RLSI occurs, the non-DMA path handles any pending characters
jumping them ahead of those characters that are pending under DMA.
Fixes: 75df022b5f89 ("serial: 8250_dma: Fix RX handling")
Cc: <stable@vger.kernel.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20221108121952.5497-5-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_port.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1896,10 +1896,9 @@ static bool handle_rx_dma(struct uart_82
if (!up->dma->rx_running)
break;
fallthrough;
+ case UART_IIR_RLSI:
case UART_IIR_RX_TIMEOUT:
serial8250_rx_dma_flush(up);
- fallthrough;
- case UART_IIR_RLSI:
return true;
}
return up->dma->rx_dma(up);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 255/314] serial: 8250_lpss: Configure DMA also w/o DMA filter
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 254/314] serial: 8250: Flush DMA Rx on RLSI Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 256/314] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake Greg Kroah-Hartman
` (66 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Ilpo Järvinen, Andy Shevchenko
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
commit 1bfcbe5805d0cfc83c3544dcd01e0a282c1f6790 upstream.
If the platform doesn't use DMA device filter (as is the case with
Elkhart Lake), whole lpss8250_dma_setup() setup is skipped. This
results in skipping also *_maxburst setup which is undesirable.
Refactor lpss8250_dma_setup() to configure DMA even if filter is not
setup.
Cc: stable <stable@kernel.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20221108121952.5497-3-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_lpss.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--- a/drivers/tty/serial/8250/8250_lpss.c
+++ b/drivers/tty/serial/8250/8250_lpss.c
@@ -277,8 +277,13 @@ static int lpss8250_dma_setup(struct lps
struct dw_dma_slave *rx_param, *tx_param;
struct device *dev = port->port.dev;
- if (!lpss->dma_param.dma_dev)
+ if (!lpss->dma_param.dma_dev) {
+ dma = port->dma;
+ if (dma)
+ goto out_configuration_only;
+
return 0;
+ }
rx_param = devm_kzalloc(dev, sizeof(*rx_param), GFP_KERNEL);
if (!rx_param)
@@ -289,16 +294,18 @@ static int lpss8250_dma_setup(struct lps
return -ENOMEM;
*rx_param = lpss->dma_param;
- dma->rxconf.src_maxburst = lpss->dma_maxburst;
-
*tx_param = lpss->dma_param;
- dma->txconf.dst_maxburst = lpss->dma_maxburst;
dma->fn = lpss8250_dma_filter;
dma->rx_param = rx_param;
dma->tx_param = tx_param;
port->dma = dma;
+
+out_configuration_only:
+ dma->rxconf.src_maxburst = lpss->dma_maxburst;
+ dma->txconf.dst_maxburst = lpss->dma_maxburst;
+
return 0;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 256/314] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 255/314] serial: 8250_lpss: Configure DMA also w/o DMA filter Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 257/314] io_uring: fix tw losing poll events Greg Kroah-Hartman
` (65 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wentong Wu, Ilpo Järvinen,
Andy Shevchenko
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
commit 7090abd6ad0610a144523ce4ffcb8560909bf2a8 upstream.
Configure DMA to use 16B burst size with Elkhart Lake. This makes the
bus use more efficient and works around an issue which occurs with the
previously used 1B.
The fix was initially developed by Srikanth Thokala and Aman Kumar.
This together with the previous config change is the cleaned up version
of the original fix.
Fixes: 0a9410b981e9 ("serial: 8250_lpss: Enable DMA on Intel Elkhart Lake")
Cc: <stable@vger.kernel.org> # serial: 8250_lpss: Configure DMA also w/o DMA filter
Reported-by: Wentong Wu <wentong.wu@intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20221108121952.5497-4-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_lpss.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/tty/serial/8250/8250_lpss.c
+++ b/drivers/tty/serial/8250/8250_lpss.c
@@ -174,6 +174,8 @@ static int ehl_serial_setup(struct lpss8
*/
up->dma = dma;
+ lpss->dma_maxburst = 16;
+
port->set_termios = dw8250_do_set_termios;
return 0;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 257/314] io_uring: fix tw losing poll events
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 256/314] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 258/314] io_uring: fix multishot accept request leaks Greg Kroah-Hartman
` (64 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 539bcb57da2f58886d7d5c17134236b0ec9cd15d upstream.
We may never try to process a poll wake and its mask if there was
multiple wake ups racing for queueing up a tw. Force
io_poll_check_events() to update the mask by vfs_poll().
Cc: stable@vger.kernel.org
Fixes: aa43477b04025 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/00344d60f8b18907171178d7cf598de71d127b0b.1668710222.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/poll.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -226,6 +226,13 @@ static int io_poll_check_events(struct i
return IOU_POLL_DONE;
if (v & IO_POLL_CANCEL_FLAG)
return -ECANCELED;
+ /*
+ * cqe.res contains only events of the first wake up
+ * and all others are be lost. Redo vfs_poll() to get
+ * up to date state.
+ */
+ if ((v & IO_POLL_REF_MASK) != 1)
+ req->cqe.res = 0;
/* the mask was stashed in __io_poll_execute */
if (!req->cqe.res) {
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 258/314] io_uring: fix multishot accept request leaks
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 257/314] io_uring: fix tw losing poll events Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 259/314] io_uring: fix multishot recv " Greg Kroah-Hartman
` (63 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 91482864768a874c4290ef93b84a78f4f1dac51b upstream.
Having REQ_F_POLLED set doesn't guarantee that the request is
executed as a multishot from the polling path. Fortunately for us, if
the code thinks it's multishot issue when it's not, it can only ask to
skip completion so leaking the request. Use issue_flags to mark
multipoll issues.
Cc: stable@vger.kernel.org
Fixes: 390ed29b5e425 ("io_uring: add IORING_ACCEPT_MULTISHOT for accept")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/7700ac57653f2823e30b34dc74da68678c0c5f13.1668710222.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/io_uring.h | 3 +++
io_uring/io_uring.c | 2 +-
io_uring/io_uring.h | 4 ++--
io_uring/net.c | 7 ++-----
4 files changed, 8 insertions(+), 8 deletions(-)
--- a/include/linux/io_uring.h
+++ b/include/linux/io_uring.h
@@ -15,6 +15,9 @@ enum io_uring_cmd_flags {
IO_URING_F_SQE128 = 4,
IO_URING_F_CQE32 = 8,
IO_URING_F_IOPOLL = 16,
+
+ /* the request is executed from poll, it should not be freed */
+ IO_URING_F_MULTISHOT = 32,
};
struct io_uring_cmd {
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -1618,7 +1618,7 @@ int io_poll_issue(struct io_kiocb *req,
io_tw_lock(req->ctx, locked);
if (unlikely(req->task->flags & PF_EXITING))
return -EFAULT;
- return io_issue_sqe(req, IO_URING_F_NONBLOCK);
+ return io_issue_sqe(req, IO_URING_F_NONBLOCK|IO_URING_F_MULTISHOT);
}
struct io_wq_work *io_wq_free_work(struct io_wq_work *work)
--- a/io_uring/io_uring.h
+++ b/io_uring/io_uring.h
@@ -17,8 +17,8 @@ enum {
IOU_ISSUE_SKIP_COMPLETE = -EIOCBQUEUED,
/*
- * Intended only when both REQ_F_POLLED and REQ_F_APOLL_MULTISHOT
- * are set to indicate to the poll runner that multishot should be
+ * Intended only when both IO_URING_F_MULTISHOT is passed
+ * to indicate to the poll runner that multishot should be
* removed and the result is set on req->cqe.res.
*/
IOU_STOP_MULTISHOT = -ECANCELED,
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1168,8 +1168,7 @@ retry:
* return EAGAIN to arm the poll infra since it
* has already been done
*/
- if ((req->flags & IO_APOLL_MULTI_POLLED) ==
- IO_APOLL_MULTI_POLLED)
+ if (issue_flags & IO_URING_F_MULTISHOT)
ret = IOU_ISSUE_SKIP_COMPLETE;
return ret;
}
@@ -1194,9 +1193,7 @@ retry:
goto retry;
io_req_set_res(req, ret, 0);
- if (req->flags & REQ_F_POLLED)
- return IOU_STOP_MULTISHOT;
- return IOU_OK;
+ return (issue_flags & IO_URING_F_MULTISHOT) ? IOU_STOP_MULTISHOT : IOU_OK;
}
int io_socket_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 259/314] io_uring: fix multishot recv request leaks
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 258/314] io_uring: fix multishot accept request leaks Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 260/314] io_uring: disallow self-propelled ring polling Greg Kroah-Hartman
` (62 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 100d6b17c06ee4c2b42fdddf0fe4ab77c86eb77e upstream.
Having REQ_F_POLLED set doesn't guarantee that the request is
executed as a multishot from the polling path. Fortunately for us, if
the code thinks it's multishot issue when it's not, it can only ask to
skip completion so leaking the request. Use issue_flags to mark
multipoll issues.
Cc: stable@vger.kernel.org
Fixes: 1300ebb20286b ("io_uring: multishot recv")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/37762040ba9c52b81b92a2f5ebfd4ee484088951.1668710222.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -66,8 +66,6 @@ struct io_sr_msg {
struct io_kiocb *notif;
};
-#define IO_APOLL_MULTI_POLLED (REQ_F_APOLL_MULTISHOT | REQ_F_POLLED)
-
int io_shutdown_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
{
struct io_shutdown *shutdown = io_kiocb_to_cmd(req, struct io_shutdown);
@@ -558,7 +556,8 @@ static inline void io_recv_prep_retry(st
* again (for multishot).
*/
static inline bool io_recv_finish(struct io_kiocb *req, int *ret,
- unsigned int cflags, bool mshot_finished)
+ unsigned int cflags, bool mshot_finished,
+ unsigned issue_flags)
{
if (!(req->flags & REQ_F_APOLL_MULTISHOT)) {
io_req_set_res(req, *ret, cflags);
@@ -581,7 +580,7 @@ static inline bool io_recv_finish(struct
io_req_set_res(req, *ret, cflags);
- if (req->flags & REQ_F_POLLED)
+ if (issue_flags & IO_URING_F_MULTISHOT)
*ret = IOU_STOP_MULTISHOT;
else
*ret = IOU_OK;
@@ -740,8 +739,7 @@ retry_multishot:
if (ret < min_ret) {
if (ret == -EAGAIN && force_nonblock) {
ret = io_setup_async_msg(req, kmsg, issue_flags);
- if (ret == -EAGAIN && (req->flags & IO_APOLL_MULTI_POLLED) ==
- IO_APOLL_MULTI_POLLED) {
+ if (ret == -EAGAIN && (issue_flags & IO_URING_F_MULTISHOT)) {
io_kbuf_recycle(req, issue_flags);
return IOU_ISSUE_SKIP_COMPLETE;
}
@@ -770,7 +768,7 @@ retry_multishot:
if (kmsg->msg.msg_inq)
cflags |= IORING_CQE_F_SOCK_NONEMPTY;
- if (!io_recv_finish(req, &ret, cflags, mshot_finished))
+ if (!io_recv_finish(req, &ret, cflags, mshot_finished, issue_flags))
goto retry_multishot;
if (mshot_finished) {
@@ -836,7 +834,7 @@ retry_multishot:
ret = sock_recvmsg(sock, &msg, flags);
if (ret < min_ret) {
if (ret == -EAGAIN && force_nonblock) {
- if ((req->flags & IO_APOLL_MULTI_POLLED) == IO_APOLL_MULTI_POLLED) {
+ if (issue_flags & IO_URING_F_MULTISHOT) {
io_kbuf_recycle(req, issue_flags);
return IOU_ISSUE_SKIP_COMPLETE;
}
@@ -869,7 +867,7 @@ out_free:
if (msg.msg_inq)
cflags |= IORING_CQE_F_SOCK_NONEMPTY;
- if (!io_recv_finish(req, &ret, cflags, ret <= 0))
+ if (!io_recv_finish(req, &ret, cflags, ret <= 0, issue_flags))
goto retry_multishot;
return ret;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 260/314] io_uring: disallow self-propelled ring polling
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 259/314] io_uring: fix multishot recv " Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 261/314] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
` (61 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe
From: Pavel Begunkov <asml.silence@gmail.com>
commit 7fdbc5f014c3f71bc44673a2d6c5bb2d12d45f25 upstream.
When we post a CQE we wake all ring pollers as it normally should be.
However, if a CQE was generated by a multishot poll request targeting
its own ring, it'll wake that request up, which will make it to post
a new CQE, which will wake the request and so on until it exhausts all
CQ entries.
Don't allow multishot polling io_uring files but downgrade them to
oneshots, which was always stated as a correct behaviour that the
userspace should check for.
Cc: stable@vger.kernel.org
Fixes: aa43477b04025 ("io_uring: poll rework")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/3124038c0e7474d427538c2d915335ec28c92d21.1668785722.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/poll.c | 2 ++
1 file changed, 2 insertions(+)
--- a/io_uring/poll.c
+++ b/io_uring/poll.c
@@ -244,6 +244,8 @@ static int io_poll_check_events(struct i
continue;
if (req->apoll_events & EPOLLONESHOT)
return IOU_POLL_DONE;
+ if (io_is_uring_fops(req->file))
+ return IOU_POLL_DONE;
/* multishot, just fill a CQE and proceed */
if (!(req->flags & REQ_F_APOLL_MULTISHOT)) {
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 261/314] ceph: avoid putting the realm twice when decoding snaps fails
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 260/314] io_uring: disallow self-propelled ring polling Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 262/314] Input: iforce - invert valid length check when fetching device IDs Greg Kroah-Hartman
` (60 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiubo Li, Ilya Dryomov
From: Xiubo Li <xiubli@redhat.com>
commit 51884d153f7ec85e18d607b2467820a90e0f4359 upstream.
When decoding the snaps fails it maybe leaving the 'first_realm'
and 'realm' pointing to the same snaprealm memory. And then it'll
put it twice and could cause random use-after-free, BUG_ON, etc
issues.
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/57686
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/snap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/ceph/snap.c
+++ b/fs/ceph/snap.c
@@ -763,7 +763,7 @@ int ceph_update_snap_trace(struct ceph_m
struct ceph_mds_snap_realm *ri; /* encoded */
__le64 *snaps; /* encoded */
__le64 *prior_parent_snaps; /* encoded */
- struct ceph_snap_realm *realm = NULL;
+ struct ceph_snap_realm *realm;
struct ceph_snap_realm *first_realm = NULL;
struct ceph_snap_realm *realm_to_rebuild = NULL;
int rebuild_snapcs;
@@ -774,6 +774,7 @@ int ceph_update_snap_trace(struct ceph_m
dout("%s deletion=%d\n", __func__, deletion);
more:
+ realm = NULL;
rebuild_snapcs = 0;
ceph_decode_need(&p, e, sizeof(*ri), bad);
ri = p;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 262/314] Input: iforce - invert valid length check when fetching device IDs
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 261/314] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 263/314] maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() Greg Kroah-Hartman
` (59 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, syzbot, Tetsuo Handa, Dmitry Torokhov
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit b8ebf250997c5fb253582f42bfe98673801ebebd upstream.
syzbot is reporting uninitialized value at iforce_init_device() [1], for
commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer
when fetching device IDs") is checking that valid length is shorter than
bytes to read. Since iforce_get_id_packet() stores valid length when
returning 0, the caller needs to check that valid length is longer than or
equals to bytes to read.
Reported-by: syzbot <syzbot+4dd880c1184280378821@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs")
Link: https://lore.kernel.org/r/531fb432-7396-ad37-ecba-3e42e7f56d5c@I-love.SAKURA.ne.jp
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/joystick/iforce/iforce-main.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/input/joystick/iforce/iforce-main.c
+++ b/drivers/input/joystick/iforce/iforce-main.c
@@ -273,22 +273,22 @@ int iforce_init_device(struct device *pa
* Get device info.
*/
- if (!iforce_get_id_packet(iforce, 'M', buf, &len) || len < 3)
+ if (!iforce_get_id_packet(iforce, 'M', buf, &len) && len >= 3)
input_dev->id.vendor = get_unaligned_le16(buf + 1);
else
dev_warn(&iforce->dev->dev, "Device does not respond to id packet M\n");
- if (!iforce_get_id_packet(iforce, 'P', buf, &len) || len < 3)
+ if (!iforce_get_id_packet(iforce, 'P', buf, &len) && len >= 3)
input_dev->id.product = get_unaligned_le16(buf + 1);
else
dev_warn(&iforce->dev->dev, "Device does not respond to id packet P\n");
- if (!iforce_get_id_packet(iforce, 'B', buf, &len) || len < 3)
+ if (!iforce_get_id_packet(iforce, 'B', buf, &len) && len >= 3)
iforce->device_memory.end = get_unaligned_le16(buf + 1);
else
dev_warn(&iforce->dev->dev, "Device does not respond to id packet B\n");
- if (!iforce_get_id_packet(iforce, 'N', buf, &len) || len < 2)
+ if (!iforce_get_id_packet(iforce, 'N', buf, &len) && len >= 2)
ff_effects = buf[1];
else
dev_warn(&iforce->dev->dev, "Device does not respond to id packet N\n");
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 263/314] maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 262/314] Input: iforce - invert valid length check when fetching device IDs Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 264/314] net: phy: marvell: add sleep time after enabling the loopback bit Greg Kroah-Hartman
` (58 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alban Crequy, Andrii Nakryiko,
Francis Laniel, Andrew Morton
From: Alban Crequy <albancrequy@linux.microsoft.com>
commit 8678ea06852cd1f819b870c773d43df888d15d46 upstream.
If a page fault occurs while copying the first byte, this function resets one
byte before dst.
As a consequence, an address could be modified and leaded to kernel crashes if
case the modified address was accessed later.
Fixes: b58294ead14c ("maccess: allow architectures to provide kernel probing directly")
Signed-off-by: Alban Crequy <albancrequy@linux.microsoft.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Francis Laniel <flaniel@linux.microsoft.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: <stable@vger.kernel.org> [5.8]
Link: https://lore.kernel.org/bpf/20221110085614.111213-2-albancrequy@linux.microsoft.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/maccess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/maccess.c
+++ b/mm/maccess.c
@@ -97,7 +97,7 @@ long strncpy_from_kernel_nofault(char *d
return src - unsafe_addr;
Efault:
pagefault_enable();
- dst[-1] = '\0';
+ dst[0] = '\0';
return -EFAULT;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 264/314] net: phy: marvell: add sleep time after enabling the loopback bit
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 263/314] maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 265/314] scsi: zfcp: Fix double free of FSF request when qdio send fails Greg Kroah-Hartman
` (57 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Husaini Zulkifli,
Aminuddin Jamaluddin, Paolo Abeni
From: Aminuddin Jamaluddin <aminuddin.jamaluddin@intel.com>
commit 18c532e44939caa17f1fa380f7ac50dbc0718dbb upstream.
Sleep time is added to ensure the phy to be ready after loopback
bit was set. This to prevent the phy loopback test from failing.
Fixes: 020a45aff119 ("net: phy: marvell: add Marvell specific PHY loopback")
Cc: <stable@vger.kernel.org> # 5.15.x
Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
Signed-off-by: Aminuddin Jamaluddin <aminuddin.jamaluddin@intel.com>
Link: https://lore.kernel.org/r/20221114065302.10625-1-aminuddin.jamaluddin@intel.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/marvell.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
--- a/drivers/net/phy/marvell.c
+++ b/drivers/net/phy/marvell.c
@@ -2015,14 +2015,16 @@ static int m88e1510_loopback(struct phy_
if (err < 0)
return err;
- /* FIXME: Based on trial and error test, it seem 1G need to have
- * delay between soft reset and loopback enablement.
- */
- if (phydev->speed == SPEED_1000)
- msleep(1000);
+ err = phy_modify(phydev, MII_BMCR, BMCR_LOOPBACK,
+ BMCR_LOOPBACK);
- return phy_modify(phydev, MII_BMCR, BMCR_LOOPBACK,
- BMCR_LOOPBACK);
+ if (!err) {
+ /* It takes some time for PHY device to switch
+ * into/out-of loopback mode.
+ */
+ msleep(1000);
+ }
+ return err;
} else {
err = phy_modify(phydev, MII_BMCR, BMCR_LOOPBACK, 0);
if (err < 0)
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 265/314] scsi: zfcp: Fix double free of FSF request when qdio send fails
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 264/314] net: phy: marvell: add sleep time after enabling the loopback bit Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 266/314] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries Greg Kroah-Hartman
` (56 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Block, Steffen Maier,
Martin K. Petersen
From: Benjamin Block <bblock@linux.ibm.com>
commit 0954256e970ecf371b03a6c9af2cf91b9c4085ff upstream.
We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache
the FSF request ID when sending a new FSF request. This is used in case the
sending fails and we need to remove the request from our internal hash
table again (so we don't keep an invalid reference and use it when we free
the request again).
In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32
bit wide), but the rest of the zfcp code (and the firmware specification)
handles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x
ELF ABI]). For one this has the obvious problem that when the ID grows
past 32 bit (this can happen reasonably fast) it is truncated to 32 bit
when storing it in the cache variable and so doesn't match the original ID
anymore. The second less obvious problem is that even when the original ID
has not yet grown past 32 bit, as soon as the 32nd bit is set in the
original ID (0x80000000 = 2'147'483'648) we will have a mismatch when we
cast it back to 'unsigned long'. As the cached variable is of a signed
type, the compiler will choose a sign-extending instruction to load the 32
bit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once
we pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the
request again all the leading zeros will be flipped to ones to extend the
sign and won't match the original ID anymore (this has been observed in
practice).
If we can't successfully remove the request from the hash table again after
'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify
the adapter about new work because the adapter is already gone during
e.g. a ChpID toggle) we will end up with a double free. We unconditionally
free the request in the calling function when 'zfcp_fsf_req_send()' fails,
but because the request is still in the hash table we end up with a stale
memory reference, and once the zfcp adapter is either reset during recovery
or shutdown we end up freeing the same memory twice.
The resulting stack traces vary depending on the kernel and have no direct
correlation to the place where the bug occurs. Here are three examples that
have been seen in practice:
list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:62!
monitor event: 0040 ilc:2 [#1] PREEMPT SMP
Modules linked in: ...
CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded
Hardware name: ...
Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6
0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8
00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800
00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70
Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336
00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8
#00000003cbeea1f4: af000000 mc 0,0
>00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78
00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48
00000003cbeea204: b9040043 lgr %r4,%r3
00000003cbeea208: b9040051 lgr %r5,%r1
00000003cbeea20c: b9040032 lgr %r3,%r2
Call Trace:
[<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140
([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140)
[<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp]
[<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp]
[<000003ff7ff4a22e>] zfcp_erp_strategy+0x21e/0xca0 [zfcp]
[<000003ff7ff4ad34>] zfcp_erp_thread+0x84/0x1a0 [zfcp]
[<00000003cb5eece8>] kthread+0x138/0x150
[<00000003cb557f3c>] __ret_from_fork+0x3c/0x60
[<00000003cc4172ea>] ret_from_fork+0xa/0x40
INFO: lockdep is turned off.
Last Breaking-Event-Address:
[<00000003cc3e9d04>] _printk+0x4c/0x58
Kernel panic - not syncing: Fatal exception: panic_on_oops
or:
Unable to handle kernel pointer dereference in virtual kernel address space
Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803
Fault in home space mode while using kernel ASCE.
AS:0000000063b10007 R3:0000000000000024
Oops: 0038 ilc:3 [#1] SMP
Modules linked in: ...
CPU: 10 PID: 0 Comm: swapper/10 Kdump: loaded
Hardware name: ...
Krnl PSW : 0404d00180000000 000003ff7febaf8e (zfcp_fsf_reqid_check+0x86/0x158 [zfcp])
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
Krnl GPRS: 5a6f1cfa89c49ac3 00000000aff2c4c8 6b6b6b6b6b6b6b6b 00000000000002a8
0000000000000000 0000000000000055 0000000000000000 00000000a8515800
0700000000000000 00000000a6e14500 00000000aff2c000 000000008003c44c
000000008093c700 0000000000000010 00000380009ebba8 00000380009ebb48
Krnl Code: 000003ff7febaf7e: a7f4003d brc 15,000003ff7febaff8
000003ff7febaf82: e32020000004 lg %r2,0(%r2)
#000003ff7febaf88: ec2100388064 cgrj %r2,%r1,8,000003ff7febaff8
>000003ff7febaf8e: e3b020100020 cg %r11,16(%r2)
000003ff7febaf94: a774fff7 brc 7,000003ff7febaf82
000003ff7febaf98: ec280030007c cgij %r2,0,8,000003ff7febaff8
000003ff7febaf9e: e31020080004 lg %r1,8(%r2)
000003ff7febafa4: e33020000004 lg %r3,0(%r2)
Call Trace:
[<000003ff7febaf8e>] zfcp_fsf_reqid_check+0x86/0x158 [zfcp]
[<000003ff7febbdbc>] zfcp_qdio_int_resp+0x6c/0x170 [zfcp]
[<000003ff7febbf90>] zfcp_qdio_irq_tasklet+0xd0/0x108 [zfcp]
[<0000000061d90a04>] tasklet_action_common.constprop.0+0xdc/0x128
[<000000006292f300>] __do_softirq+0x130/0x3c0
[<0000000061d906c6>] irq_exit_rcu+0xfe/0x118
[<000000006291e818>] do_io_irq+0xc8/0x168
[<000000006292d516>] io_int_handler+0xd6/0x110
[<000000006292d596>] psw_idle_exit+0x0/0xa
([<0000000061d3be50>] arch_cpu_idle+0x40/0xd0)
[<000000006292ceea>] default_idle_call+0x52/0xf8
[<0000000061de4fa4>] do_idle+0xd4/0x168
[<0000000061de51fe>] cpu_startup_entry+0x36/0x40
[<0000000061d4faac>] smp_start_secondary+0x12c/0x138
[<000000006292d88e>] restart_int_handler+0x6e/0x90
Last Breaking-Event-Address:
[<000003ff7febaf94>] zfcp_fsf_reqid_check+0x8c/0x158 [zfcp]
Kernel panic - not syncing: Fatal exception in interrupt
or:
Unable to handle kernel pointer dereference in virtual kernel address space
Failing address: 523b05d3ae76a000 TEID: 523b05d3ae76a803
Fault in home space mode while using kernel ASCE.
AS:0000000077c40007 R3:0000000000000024
Oops: 0038 ilc:3 [#1] SMP
Modules linked in: ...
CPU: 3 PID: 453 Comm: kworker/3:1H Kdump: loaded
Hardware name: ...
Workqueue: kblockd blk_mq_run_work_fn
Krnl PSW : 0404d00180000000 0000000076fc0312 (__kmalloc+0xd2/0x398)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
Krnl GPRS: ffffffffffffffff 523b05d3ae76abf6 0000000000000000 0000000000092a20
0000000000000002 00000007e49b5cc0 00000007eda8f000 0000000000092a20
00000007eda8f000 00000003b02856b9 00000000000000a8 523b05d3ae76abf6
00000007dd662000 00000007eda8f000 0000000076fc02b2 000003e0037637a0
Krnl Code: 0000000076fc0302: c004000000d4 brcl 0,76fc04aa
0000000076fc0308: b904001b lgr %r1,%r11
#0000000076fc030c: e3106020001a algf %r1,32(%r6)
>0000000076fc0312: e31010000082 xg %r1,0(%r1)
0000000076fc0318: b9040001 lgr %r0,%r1
0000000076fc031c: e30061700082 xg %r0,368(%r6)
0000000076fc0322: ec59000100d9 aghik %r5,%r9,1
0000000076fc0328: e34003b80004 lg %r4,952
Call Trace:
[<0000000076fc0312>] __kmalloc+0xd2/0x398
[<0000000076f318f2>] mempool_alloc+0x72/0x1f8
[<000003ff8027c5f8>] zfcp_fsf_req_create.isra.7+0x40/0x268 [zfcp]
[<000003ff8027f1bc>] zfcp_fsf_fcp_cmnd+0xac/0x3f0 [zfcp]
[<000003ff80280f1a>] zfcp_scsi_queuecommand+0x122/0x1d0 [zfcp]
[<000003ff800b4218>] scsi_queue_rq+0x778/0xa10 [scsi_mod]
[<00000000771782a0>] __blk_mq_try_issue_directly+0x130/0x208
[<000000007717a124>] blk_mq_request_issue_directly+0x4c/0xa8
[<000003ff801302e2>] dm_mq_queue_rq+0x2ea/0x468 [dm_mod]
[<0000000077178c12>] blk_mq_dispatch_rq_list+0x33a/0x818
[<000000007717f064>] __blk_mq_do_dispatch_sched+0x284/0x2f0
[<000000007717f44c>] __blk_mq_sched_dispatch_requests+0x1c4/0x218
[<000000007717fa7a>] blk_mq_sched_dispatch_requests+0x52/0x90
[<0000000077176d74>] __blk_mq_run_hw_queue+0x9c/0xc0
[<0000000076da6d74>] process_one_work+0x274/0x4d0
[<0000000076da7018>] worker_thread+0x48/0x560
[<0000000076daef18>] kthread+0x140/0x160
[<000000007751d144>] ret_from_fork+0x28/0x30
Last Breaking-Event-Address:
[<0000000076fc0474>] __kmalloc+0x234/0x398
Kernel panic - not syncing: Fatal exception: panic_on_oops
To fix this, simply change the type of the cache variable to 'unsigned
long', like the rest of zfcp and also the argument for
'zfcp_reqlist_find_rm()'. This prevents truncation and wrong sign extension
and so can successfully remove the request from the hash table.
Fixes: e60a6d69f1f8 ("[SCSI] zfcp: Remove function zfcp_reqlist_find_safe")
Cc: <stable@vger.kernel.org> #v2.6.34+
Signed-off-by: Benjamin Block <bblock@linux.ibm.com>
Link: https://lore.kernel.org/r/979f6e6019d15f91ba56182f1aaf68d61bf37fc6.1668595505.git.bblock@linux.ibm.com
Reviewed-by: Steffen Maier <maier@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/scsi/zfcp_fsf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -884,7 +884,7 @@ static int zfcp_fsf_req_send(struct zfcp
const bool is_srb = zfcp_fsf_req_is_status_read_buffer(req);
struct zfcp_adapter *adapter = req->adapter;
struct zfcp_qdio *qdio = adapter->qdio;
- int req_id = req->req_id;
+ unsigned long req_id = req->req_id;
zfcp_reqlist_add(adapter->req_list, req);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 266/314] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 265/314] scsi: zfcp: Fix double free of FSF request when qdio send fails Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 267/314] iommu/vt-d: Set SRE bit only when hardware has SRS cap Greg Kroah-Hartman
` (55 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tina Zhang, Lu Baolu, Joerg Roedel
From: Tina Zhang <tina.zhang@intel.com>
commit 242b0aaeabbe2efbef1b9d42a8e56627e800964c upstream.
The A/D bits are preseted for IOVA over first level(FL) usage for both
kernel DMA (i.e, domain typs is IOMMU_DOMAIN_DMA) and user space DMA
usage (i.e., domain type is IOMMU_DOMAIN_UNMANAGED).
Presetting A bit in FL requires to preset the bit in every related paging
entries, including the non-leaf ones. Otherwise, hardware may treat this
as an error. For example, in a case of ECAP_REG.SMPWC==0, DMA faults might
occur with below DMAR fault messages (wrapped for line length) dumped.
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read NO_PASID] Request device [aa:00.0] fault addr 0x10c3a6000
[fault reason 0x90]
SM: A/D bit update needed in first-level entry when set up in no snoop
Fixes: 289b3b005cb9 ("iommu/vt-d: Preset A/D bits for user space DMA usage")
Cc: stable@vger.kernel.org
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Link: https://lore.kernel.org/r/20221113010324.1094483-1-tina.zhang@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20221116051544.26540-2-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/intel/iommu.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -954,11 +954,9 @@ static struct dma_pte *pfn_to_dma_pte(st
domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE);
pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE;
- if (domain_use_first_level(domain)) {
- pteval |= DMA_FL_PTE_XD | DMA_FL_PTE_US;
- if (iommu_is_dma_domain(&domain->domain))
- pteval |= DMA_FL_PTE_ACCESS;
- }
+ if (domain_use_first_level(domain))
+ pteval |= DMA_FL_PTE_XD | DMA_FL_PTE_US | DMA_FL_PTE_ACCESS;
+
if (cmpxchg64(&pte->val, 0ULL, pteval))
/* Someone else set it while we were thinking; use theirs. */
free_pgtable_page(tmp_page);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 267/314] iommu/vt-d: Set SRE bit only when hardware has SRS cap
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 266/314] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 268/314] firmware: coreboot: Register bus in module init Greg Kroah-Hartman
` (54 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tina Zhang, Lu Baolu, Joerg Roedel
From: Tina Zhang <tina.zhang@intel.com>
commit 7fc961cf7ffcb130c4e93ee9a5628134f9de700a upstream.
SRS cap is the hardware cap telling if the hardware IOMMU can support
requests seeking supervisor privilege or not. SRE bit in scalable-mode
PASID table entry is treated as Reserved(0) for implementation not
supporting SRS cap.
Checking SRS cap before setting SRE bit can avoid the non-recoverable
fault of "Non-zero reserved field set in PASID Table Entry" caused by
setting SRE bit while there is no SRS cap support. The fault messages
look like below:
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read NO_PASID] Request device [00:0d.0] fault addr 0x1154e1000
[fault reason 0x5a]
SM: Non-zero reserved field set in PASID Table Entry
Fixes: 6f7db75e1c46 ("iommu/vt-d: Add second level page table interface")
Cc: stable@vger.kernel.org
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Link: https://lore.kernel.org/r/20221115070346.1112273-1-tina.zhang@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20221116051544.26540-3-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/intel/pasid.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/iommu/intel/pasid.c
+++ b/drivers/iommu/intel/pasid.c
@@ -652,7 +652,7 @@ int intel_pasid_setup_second_level(struc
* Since it is a second level only translation setup, we should
* set SRE bit as well (addresses are expected to be GPAs).
*/
- if (pasid != PASID_RID2PASID)
+ if (pasid != PASID_RID2PASID && ecap_srs(iommu->ecap))
pasid_set_sre(pte);
pasid_set_present(pte);
spin_unlock(&iommu->lock);
@@ -695,7 +695,8 @@ int intel_pasid_setup_pass_through(struc
* We should set SRE bit as well since the addresses are expected
* to be GPAs.
*/
- pasid_set_sre(pte);
+ if (ecap_srs(iommu->ecap))
+ pasid_set_sre(pte);
pasid_set_present(pte);
spin_unlock(&iommu->lock);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 268/314] firmware: coreboot: Register bus in module init
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 267/314] iommu/vt-d: Set SRE bit only when hardware has SRS cap Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 269/314] mmc: core: properly select voltage range without power cycle Greg Kroah-Hartman
` (53 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brian Norris, Guenter Roeck, Stephen Boyd
From: Brian Norris <briannorris@chromium.org>
commit 65946690ed8d972fdb91a74ee75ac0f0f0d68321 upstream.
The coreboot_table driver registers a coreboot bus while probing a
"coreboot_table" device representing the coreboot table memory region.
Probing this device (i.e., registering the bus) is a dependency for the
module_init() functions of any driver for this bus (e.g.,
memconsole-coreboot.c / memconsole_driver_init()).
With synchronous probe, this dependency works OK, as the link order in
the Makefile ensures coreboot_table_driver_init() (and thus,
coreboot_table_probe()) completes before a coreboot device driver tries
to add itself to the bus.
With asynchronous probe, however, coreboot_table_probe() may race with
memconsole_driver_init(), and so we're liable to hit one of these two:
1. coreboot_driver_register() eventually hits "[...] the bus was not
initialized.", and the memconsole driver fails to register; or
2. coreboot_driver_register() gets past #1, but still races with
bus_register() and hits some other undefined/crashing behavior (e.g.,
in driver_find() [1])
We can resolve this by registering the bus in our initcall, and only
deferring "device" work (scanning the coreboot memory region and
creating sub-devices) to probe().
[1] Example failure, using 'driver_async_probe=*' kernel command line:
[ 0.114217] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
...
[ 0.114307] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc1 #63
[ 0.114316] Hardware name: Google Scarlet (DT)
...
[ 0.114488] Call trace:
[ 0.114494] _raw_spin_lock+0x34/0x60
[ 0.114502] kset_find_obj+0x28/0x84
[ 0.114511] driver_find+0x30/0x50
[ 0.114520] driver_register+0x64/0x10c
[ 0.114528] coreboot_driver_register+0x30/0x3c
[ 0.114540] memconsole_driver_init+0x24/0x30
[ 0.114550] do_one_initcall+0x154/0x2e0
[ 0.114560] do_initcall_level+0x134/0x160
[ 0.114571] do_initcalls+0x60/0xa0
[ 0.114579] do_basic_setup+0x28/0x34
[ 0.114588] kernel_init_freeable+0xf8/0x150
[ 0.114596] kernel_init+0x2c/0x12c
[ 0.114607] ret_from_fork+0x10/0x20
[ 0.114624] Code: 5280002b 1100054a b900092a f9800011 (885ffc01)
[ 0.114631] ---[ end trace 0000000000000000 ]---
Fixes: b81e3140e412 ("firmware: coreboot: Make bus registration symmetric")
Cc: <stable@vger.kernel.org>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Link: https://lore.kernel.org/r/20221019180934.1.If29e167d8a4771b0bf4a39c89c6946ed764817b9@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/google/coreboot_table.c | 37 ++++++++++++++++++++++++-------
1 file changed, 29 insertions(+), 8 deletions(-)
--- a/drivers/firmware/google/coreboot_table.c
+++ b/drivers/firmware/google/coreboot_table.c
@@ -149,12 +149,8 @@ static int coreboot_table_probe(struct p
if (!ptr)
return -ENOMEM;
- ret = bus_register(&coreboot_bus_type);
- if (!ret) {
- ret = coreboot_table_populate(dev, ptr);
- if (ret)
- bus_unregister(&coreboot_bus_type);
- }
+ ret = coreboot_table_populate(dev, ptr);
+
memunmap(ptr);
return ret;
@@ -169,7 +165,6 @@ static int __cb_dev_unregister(struct de
static int coreboot_table_remove(struct platform_device *pdev)
{
bus_for_each_dev(&coreboot_bus_type, NULL, NULL, __cb_dev_unregister);
- bus_unregister(&coreboot_bus_type);
return 0;
}
@@ -199,6 +194,32 @@ static struct platform_driver coreboot_t
.of_match_table = of_match_ptr(coreboot_of_match),
},
};
-module_platform_driver(coreboot_table_driver);
+
+static int __init coreboot_table_driver_init(void)
+{
+ int ret;
+
+ ret = bus_register(&coreboot_bus_type);
+ if (ret)
+ return ret;
+
+ ret = platform_driver_register(&coreboot_table_driver);
+ if (ret) {
+ bus_unregister(&coreboot_bus_type);
+ return ret;
+ }
+
+ return 0;
+}
+
+static void __exit coreboot_table_driver_exit(void)
+{
+ platform_driver_unregister(&coreboot_table_driver);
+ bus_unregister(&coreboot_bus_type);
+}
+
+module_init(coreboot_table_driver_init);
+module_exit(coreboot_table_driver_exit);
+
MODULE_AUTHOR("Google, Inc.");
MODULE_LICENSE("GPL");
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 269/314] mmc: core: properly select voltage range without power cycle
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 268/314] firmware: coreboot: Register bus in module init Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 270/314] mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout Greg Kroah-Hartman
` (52 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yann Gautier, Ulf Hansson
From: Yann Gautier <yann.gautier@foss.st.com>
commit 39a72dbfe188291b156dd6523511e3d5761ce775 upstream.
In mmc_select_voltage(), if there is no full power cycle, the voltage
range selected at the end of the function will be on a single range
(e.g. 3.3V/3.4V). To keep a range around the selected voltage (3.2V/3.4V),
the mask shift should be reduced by 1.
This issue was triggered by using a specific SD-card (Verbatim Premium
16GB UHS-1) on an STM32MP157C-DK2 board. This board cannot do UHS modes
and there is no power cycle. And the card was failing to switch to
high-speed mode. When adding the range 3.2V/3.3V for this card with the
proposed shift change, the card can switch to high-speed mode.
Fixes: ce69d37b7d8f ("mmc: core: Prevent violation of specs while initializing cards")
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221028073740.7259-1-yann.gautier@foss.st.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/core.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/mmc/core/core.c
+++ b/drivers/mmc/core/core.c
@@ -1134,7 +1134,13 @@ u32 mmc_select_voltage(struct mmc_host *
mmc_power_cycle(host, ocr);
} else {
bit = fls(ocr) - 1;
- ocr &= 3 << bit;
+ /*
+ * The bit variable represents the highest voltage bit set in
+ * the OCR register.
+ * To keep a range of 2 values (e.g. 3.2V/3.3V and 3.3V/3.4V),
+ * we must shift the mask '3' with (bit - 1).
+ */
+ ocr &= 3 << (bit - 1);
if (bit != host->ios.vdd)
dev_warn(mmc_dev(host), "exceeding card's volts\n");
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 270/314] mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 269/314] mmc: core: properly select voltage range without power cycle Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 271/314] mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Greg Kroah-Hartman
` (51 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chevron Li, Ulf Hansson
From: Chevron Li <chevron.li@bayhubtech.com>
commit 096cc0cddf58232bded309336961784f1d1c85f8 upstream.
The SD card is recognized failed sometimes when resume from suspend.
Because CD# debounce time too long then card present report wrong.
Finally, card is recognized failed.
Signed-off-by: Chevron Li <chevron.li@bayhubtech.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221104095512.4068-1-chevron.li@bayhubtech.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pci-o2micro.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/mmc/host/sdhci-pci-o2micro.c
+++ b/drivers/mmc/host/sdhci-pci-o2micro.c
@@ -32,6 +32,7 @@
#define O2_SD_CAPS 0xE0
#define O2_SD_ADMA1 0xE2
#define O2_SD_ADMA2 0xE7
+#define O2_SD_MISC_CTRL2 0xF0
#define O2_SD_INF_MOD 0xF1
#define O2_SD_MISC_CTRL4 0xFC
#define O2_SD_MISC_CTRL 0x1C0
@@ -874,6 +875,12 @@ static int sdhci_pci_o2_probe(struct sdh
/* Set Tuning Windows to 5 */
pci_write_config_byte(chip->pdev,
O2_SD_TUNING_CTRL, 0x55);
+ //Adjust 1st and 2nd CD debounce time
+ pci_read_config_dword(chip->pdev, O2_SD_MISC_CTRL2, &scratch_32);
+ scratch_32 &= 0xFFE7FFFF;
+ scratch_32 |= 0x00180000;
+ pci_write_config_dword(chip->pdev, O2_SD_MISC_CTRL2, scratch_32);
+ pci_write_config_dword(chip->pdev, O2_SD_DETECT_SETTING, 1);
/* Lock WP */
ret = pci_read_config_byte(chip->pdev,
O2_SD_LOCK_WP, &scratch);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 271/314] mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 270/314] mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 272/314] docs: update mediator contact information in CoC doc Greg Kroah-Hartman
` (50 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xiongfeng Wang, Ulf Hansson
From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
commit 222cfa0118aa68687ace74aab8fdf77ce8fbd7e6 upstream.
pci_get_device() will increase the reference count for the returned
pci_dev. We need to use pci_dev_put() to decrease the reference count
before amd_probe() returns. There is no problem for the 'smbus_dev ==
NULL' branch because pci_dev_put() can also handle the NULL input
parameter case.
Fixes: 659c9bc114a8 ("mmc: sdhci-pci: Build o2micro support in the same module")
Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20221114083100.149200-1-wangxiongfeng2@huawei.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pci-core.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/mmc/host/sdhci-pci-core.c
+++ b/drivers/mmc/host/sdhci-pci-core.c
@@ -1728,6 +1728,8 @@ static int amd_probe(struct sdhci_pci_ch
}
}
+ pci_dev_put(smbus_dev);
+
if (gen == AMD_CHIPSET_BEFORE_ML || gen == AMD_CHIPSET_CZ)
chip->quirks2 |= SDHCI_QUIRK2_CLEAR_TRANSFERMODE_REG_BEFORE_CMD;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 272/314] docs: update mediator contact information in CoC doc
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 271/314] mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 273/314] docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c Greg Kroah-Hartman
` (49 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shuah Khan
From: Shuah Khan <skhan@linuxfoundation.org>
commit 5fddf8962b429b8303c4a654291ecb6e61a7d747 upstream.
Update mediator contact information in CoC interpretation document.
Cc: <stable@vger.kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Link: https://lore.kernel.org/r/20221011171417.34286-1-skhan@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/process/code-of-conduct-interpretation.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/process/code-of-conduct-interpretation.rst
+++ b/Documentation/process/code-of-conduct-interpretation.rst
@@ -51,7 +51,7 @@ the Technical Advisory Board (TAB) or ot
uncertain how to handle situations that come up. It will not be
considered a violation report unless you want it to be. If you are
uncertain about approaching the TAB or any other maintainers, please
-reach out to our conflict mediator, Joanna Lee <joanna.lee@gesmer.com>.
+reach out to our conflict mediator, Joanna Lee <jlee@linuxfoundation.org>.
In the end, "be kind to each other" is really what the end goal is for
everybody. We know everyone is human and we all fail at times, but the
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 273/314] docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 272/314] docs: update mediator contact information in CoC doc Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 274/314] s390/dcssblk: fix deadlock when adding a DCSS Greg Kroah-Hartman
` (48 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Akira Yokosawa, Jiri Slaby, Jiri Slaby
From: Akira Yokosawa <akiyks@gmail.com>
commit 3ec17cb325ac731c2211e13f7eaa4b812694e218 upstream.
Since merge of tty-6.0-rc1, "make htmldocs" with Sphinx >=3.1 emits
a bunch of warnings indicating duplicate kernel-doc comments from
drivers/tty/serial/serial_core.c.
This is due to the kernel-doc directive for serial_core.c in
serial/drivers.rst added in the merge. It conflicts with an existing
kernel-doc directive in miscellaneous.rst.
Remove the latter directive and resolve the duplicates.
Signed-off-by: Akira Yokosawa <akiyks@gmail.com>
Fixes: 607ca0f742b7 ("Merge tag 'tty-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty")
Cc: stable@vger.kernel.org # 6.0
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Link: https://lore.kernel.org/r/4e54c76a-138a-07e0-985a-dd83cb622208@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/driver-api/miscellaneous.rst | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/Documentation/driver-api/miscellaneous.rst b/Documentation/driver-api/miscellaneous.rst
index 304ffb146cf9..4a5104a368ac 100644
--- a/Documentation/driver-api/miscellaneous.rst
+++ b/Documentation/driver-api/miscellaneous.rst
@@ -16,12 +16,11 @@ Parallel Port Devices
16x50 UART Driver
=================
-.. kernel-doc:: drivers/tty/serial/serial_core.c
- :export:
-
.. kernel-doc:: drivers/tty/serial/8250/8250_core.c
:export:
+See serial/driver.rst for related APIs.
+
Pulse-Width Modulation (PWM)
============================
--
2.38.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 274/314] s390/dcssblk: fix deadlock when adding a DCSS
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 273/314] docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c Greg Kroah-Hartman
@ 2022-11-23 8:51 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 275/314] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Greg Kroah-Hartman
` (47 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gerald Schaefer, Heiko Carstens,
Alexander Gordeev
From: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
commit a41a11b4009580edb6e2b4c76e5e2ee303f87157 upstream.
After the rework from commit 1ebe2e5f9d68 ("block: remove
GENHD_FL_EXT_DEVT"), when calling device_add_disk(), dcssblk will end up
in disk_scan_partitions(), and not break out early w/o GENHD_FL_NO_PART.
This will trigger implicit open/release via blkdev_get/put_whole()
later. dcssblk_release() will then deadlock on dcssblk_devices_sem
semaphore, which is already held from dcssblk_add_store() when calling
device_add_disk().
dcssblk does not support partitions (DCSSBLK_MINORS_PER_DISK == 1), and
never scanned partitions before. Therefore restore the previous
behavior, and explicitly disallow partition scanning by setting the
GENHD_FL_NO_PART flag. This will also prevent this deadlock scenario.
Fixes: 1ebe2e5f9d68 ("block: remove GENHD_FL_EXT_DEVT")
Cc: <stable@vger.kernel.org> # 5.17+
Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/block/dcssblk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/s390/block/dcssblk.c b/drivers/s390/block/dcssblk.c
index 93b80da60277..b392b9f5482e 100644
--- a/drivers/s390/block/dcssblk.c
+++ b/drivers/s390/block/dcssblk.c
@@ -636,6 +636,7 @@ dcssblk_add_store(struct device *dev, struct device_attribute *attr, const char
dev_info->gd->minors = DCSSBLK_MINORS_PER_DISK;
dev_info->gd->fops = &dcssblk_devops;
dev_info->gd->private_data = dev_info;
+ dev_info->gd->flags |= GENHD_FL_NO_PART;
blk_queue_logical_block_size(dev_info->gd->queue, 4096);
blk_queue_flag_set(QUEUE_FLAG_DAX, dev_info->gd->queue);
--
2.38.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 275/314] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-11-23 8:51 ` [PATCH 6.0 274/314] s390/dcssblk: fix deadlock when adding a DCSS Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 276/314] blk-cgroup: properly pin the parent in blkcg_css_online Greg Kroah-Hartman
` (46 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+39be4da489ed2493ba25, stable,
Alexander Potapenko, Vishnu Dasa
From: Alexander Potapenko <glider@google.com>
commit e5b0d06d9b10f5f43101bd6598b076c347f9295f upstream.
`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,
which may carry uninitialized data to the userspace, as observed by
KMSAN:
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121
instrument_copy_to_user ./include/linux/instrumented.h:121
_copy_to_user+0x5f/0xb0 lib/usercopy.c:33
copy_to_user ./include/linux/uaccess.h:169
vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431
vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925
vfs_ioctl fs/ioctl.c:51
...
Uninit was stored to memory at:
kmemdup+0x74/0xb0 mm/util.c:131
dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271
vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339
qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479
qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662
qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750
vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940
vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488
vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927
...
Local variable ev created at:
qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456
qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662
qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750
Bytes 28-31 of 48 are uninitialized
Memory access of size 48 starts at ffff888035155e00
Data copied to user address 0000000020000100
Use memset() to prevent the infoleaks.
Also speculatively fix qp_notify_peer_local(), which may suffer from the
same problem.
Reported-by: syzbot+39be4da489ed2493ba25@syzkaller.appspotmail.com
Cc: stable <stable@kernel.org>
Fixes: 06164d2b72aa ("VMCI: queue pairs implementation.")
Signed-off-by: Alexander Potapenko <glider@google.com>
Reviewed-by: Vishnu Dasa <vdasa@vmware.com>
Link: https://lore.kernel.org/r/20221104175849.2782567-1-glider@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/vmw_vmci/vmci_queue_pair.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/misc/vmw_vmci/vmci_queue_pair.c
+++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c
@@ -854,6 +854,7 @@ static int qp_notify_peer_local(bool att
u32 context_id = vmci_get_context_id();
struct vmci_event_qp ev;
+ memset(&ev, 0, sizeof(ev));
ev.msg.hdr.dst = vmci_make_handle(context_id, VMCI_EVENT_HANDLER);
ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
VMCI_CONTEXT_RESOURCE_ID);
@@ -1467,6 +1468,7 @@ static int qp_notify_peer(bool attach,
* kernel.
*/
+ memset(&ev, 0, sizeof(ev));
ev.msg.hdr.dst = vmci_make_handle(peer_id, VMCI_EVENT_HANDLER);
ev.msg.hdr.src = vmci_make_handle(VMCI_HYPERVISOR_CONTEXT_ID,
VMCI_CONTEXT_RESOURCE_ID);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 276/314] blk-cgroup: properly pin the parent in blkcg_css_online
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 275/314] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 277/314] x86/sgx: Add overflow check in sgx_validate_offset_length() Greg Kroah-Hartman
` (45 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Mason, Johannes Weiner,
Jens Axboe, Rik van Riel
From: Chris Mason <clm@fb.com>
commit d7dbd43f4a828fa1d9a8614d5b0ac40aee6375fe upstream.
blkcg_css_online is supposed to pin the blkcg of the parent, but
397c9f46ee4d refactored things and along the way, changed it to pin the
css instead. This results in extra pins, and we end up leaking blkcgs
and cgroups.
Fixes: 397c9f46ee4d ("blk-cgroup: move blkcg_{pin,unpin}_online out of line")
Signed-off-by: Chris Mason <clm@fb.com>
Spotted-by: Rik van Riel <riel@surriel.com>
Cc: <stable@vger.kernel.org> # v5.19+
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Link: https://lore.kernel.org/r/20221114181930.2093706-1-clm@fb.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-cgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -1251,7 +1251,7 @@ static int blkcg_css_online(struct cgrou
* parent so that offline always happens towards the root.
*/
if (parent)
- blkcg_pin_online(css);
+ blkcg_pin_online(&parent->css);
return 0;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 277/314] x86/sgx: Add overflow check in sgx_validate_offset_length()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 276/314] blk-cgroup: properly pin the parent in blkcg_css_online Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 278/314] x86/fpu: Drop fpregs lock before inheriting FPU permissions Greg Kroah-Hartman
` (44 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Borys Popławski,
Borislav Petkov, Jarkko Sakkinen
From: Borys Popławski <borysp@invisiblethingslab.com>
commit f0861f49bd946ff94fce4f82509c45e167f63690 upstream.
sgx_validate_offset_length() function verifies "offset" and "length"
arguments provided by userspace, but was missing an overflow check on
their addition. Add it.
Fixes: c6d26d370767 ("x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES")
Signed-off-by: Borys Popławski <borysp@invisiblethingslab.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Cc: stable@vger.kernel.org # v5.11+
Link: https://lore.kernel.org/r/0d91ac79-6d84-abed-5821-4dbe59fa1a38@invisiblethingslab.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -356,6 +356,9 @@ static int sgx_validate_offset_length(st
if (!length || !IS_ALIGNED(length, PAGE_SIZE))
return -EINVAL;
+ if (offset + length < offset)
+ return -EINVAL;
+
if (offset + length - PAGE_SIZE >= encl->size)
return -EINVAL;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 278/314] x86/fpu: Drop fpregs lock before inheriting FPU permissions
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 277/314] x86/sgx: Add overflow check in sgx_validate_offset_length() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 279/314] perf/x86/amd/uncore: Fix memory leak for events array Greg Kroah-Hartman
` (43 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Galbraith, Mel Gorman,
Borislav Petkov, Thomas Gleixner
From: Mel Gorman <mgorman@techsingularity.net>
commit 36b038791e1e2baea892e9276588815fd14894b4 upstream.
Mike Galbraith reported the following against an old fork of preempt-rt
but the same issue also applies to the current preempt-rt tree.
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
Preemption disabled at:
fpu_clone
CPU: 6 PID: 1 Comm: systemd Tainted: G E (unreleased)
Call Trace:
<TASK>
dump_stack_lvl
? fpu_clone
__might_resched
rt_spin_lock
fpu_clone
? copy_thread
? copy_process
? shmem_alloc_inode
? kmem_cache_alloc
? kernel_clone
? __do_sys_clone
? do_syscall_64
? __x64_sys_rt_sigprocmask
? syscall_exit_to_user_mode
? do_syscall_64
? syscall_exit_to_user_mode
? do_syscall_64
? syscall_exit_to_user_mode
? do_syscall_64
? exc_page_fault
? entry_SYSCALL_64_after_hwframe
</TASK>
Mike says:
The splat comes from fpu_inherit_perms() being called under fpregs_lock(),
and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic()
returning true despite static key __fpu_state_size_dynamic having never
been enabled.
Mike's assessment looks correct. fpregs_lock on a PREEMPT_RT kernel disables
preemption so calling spin_lock_irq() in fpu_inherit_perms() is unsafe. This
problem exists since commit
9e798e9aa14c ("x86/fpu: Prepare fpu_clone() for dynamically enabled features").
Even though the original bug report should not have enabled the paths at
all, the bug still exists.
fpregs_lock is necessary when editing the FPU registers or a task's FP
state but it is not necessary for fpu_inherit_perms(). The only write
of any FP state in fpu_inherit_perms() is for the new child which is
not running yet and cannot context switch or be borrowed by a kernel
thread yet. Hence, fpregs_lock is not protecting anything in the new
child until clone() completes and can be dropped earlier. The siglock
still needs to be acquired by fpu_inherit_perms() as the read of the
parent's permissions has to be serialised.
[ bp: Cleanup splat. ]
Fixes: 9e798e9aa14c ("x86/fpu: Prepare fpu_clone() for dynamically enabled features")
Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20221110124400.zgymc2lnwqjukgfh@techsingularity.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/fpu/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 3b28c5b25e12..d00db56a8868 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -605,9 +605,9 @@ int fpu_clone(struct task_struct *dst, unsigned long clone_flags, bool minimal)
if (test_thread_flag(TIF_NEED_FPU_LOAD))
fpregs_restore_userregs();
save_fpregs_to_fpstate(dst_fpu);
+ fpregs_unlock();
if (!(clone_flags & CLONE_THREAD))
fpu_inherit_perms(dst_fpu);
- fpregs_unlock();
/*
* Children never inherit PASID state.
--
2.38.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 279/314] perf/x86/amd/uncore: Fix memory leak for events array
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 278/314] x86/fpu: Drop fpregs lock before inheriting FPU permissions Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 280/314] perf/x86/intel/pt: Fix sampling using single range output Greg Kroah-Hartman
` (42 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ravi Bangoria, Sandipan Das,
Borislav Petkov
From: Sandipan Das <sandipan.das@amd.com>
commit bdfe34597139cfcecd47a2eb97fea44d77157491 upstream.
When a CPU comes online, the per-CPU NB and LLC uncore contexts are
freed but not the events array within the context structure. This
causes a memory leak as identified by the kmemleak detector.
[...]
unreferenced object 0xffff8c5944b8e320 (size 32):
comm "swapper/0", pid 1, jiffies 4294670387 (age 151.072s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000759fb79>] amd_uncore_cpu_up_prepare+0xaf/0x230
[<00000000ddc9e126>] cpuhp_invoke_callback+0x2cf/0x470
[<0000000093e727d4>] cpuhp_issue_call+0x14d/0x170
[<0000000045464d54>] __cpuhp_setup_state_cpuslocked+0x11e/0x330
[<0000000069f67cbd>] __cpuhp_setup_state+0x6b/0x110
[<0000000015365e0f>] amd_uncore_init+0x260/0x321
[<00000000089152d2>] do_one_initcall+0x3f/0x1f0
[<000000002d0bd18d>] kernel_init_freeable+0x1ca/0x212
[<0000000030be8dde>] kernel_init+0x11/0x120
[<0000000059709e59>] ret_from_fork+0x22/0x30
unreferenced object 0xffff8c5944b8dd40 (size 64):
comm "swapper/0", pid 1, jiffies 4294670387 (age 151.072s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000306efe8b>] amd_uncore_cpu_up_prepare+0x183/0x230
[<00000000ddc9e126>] cpuhp_invoke_callback+0x2cf/0x470
[<0000000093e727d4>] cpuhp_issue_call+0x14d/0x170
[<0000000045464d54>] __cpuhp_setup_state_cpuslocked+0x11e/0x330
[<0000000069f67cbd>] __cpuhp_setup_state+0x6b/0x110
[<0000000015365e0f>] amd_uncore_init+0x260/0x321
[<00000000089152d2>] do_one_initcall+0x3f/0x1f0
[<000000002d0bd18d>] kernel_init_freeable+0x1ca/0x212
[<0000000030be8dde>] kernel_init+0x11/0x120
[<0000000059709e59>] ret_from_fork+0x22/0x30
[...]
Fix the problem by freeing the events array before freeing the uncore
context.
Fixes: 39621c5808f5 ("perf/x86/amd/uncore: Use dynamic events array")
Reported-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Sandipan Das <sandipan.das@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/4fa9e5ac6d6e41fa889101e7af7e6ba372cfea52.1662613255.git.sandipan.das@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/amd/uncore.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/events/amd/uncore.c b/arch/x86/events/amd/uncore.c
index d568afc705d2..83f15fe411b3 100644
--- a/arch/x86/events/amd/uncore.c
+++ b/arch/x86/events/amd/uncore.c
@@ -553,6 +553,7 @@ static void uncore_clean_online(void)
hlist_for_each_entry_safe(uncore, n, &uncore_unused_list, node) {
hlist_del(&uncore->node);
+ kfree(uncore->events);
kfree(uncore);
}
}
--
2.38.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 280/314] perf/x86/intel/pt: Fix sampling using single range output
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 279/314] perf/x86/amd/uncore: Fix memory leak for events array Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 281/314] nvme: restrict management ioctls to admin Greg Kroah-Hartman
` (41 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Peter Zijlstra (Intel)
From: Adrian Hunter <adrian.hunter@intel.com>
commit ce0d998be9274dd3a3d971cbeaa6fe28fd2c3062 upstream.
Deal with errata TGL052, ADL037 and RPL017 "Trace May Contain Incorrect
Data When Configured With Single Range Output Larger Than 4KB" by
disabling single range output whenever larger than 4KB.
Fixes: 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20221112151508.13768-1-adrian.hunter@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/events/intel/pt.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/arch/x86/events/intel/pt.c
+++ b/arch/x86/events/intel/pt.c
@@ -1263,6 +1263,15 @@ static int pt_buffer_try_single(struct p
if (1 << order != nr_pages)
goto out;
+ /*
+ * Some processors cannot always support single range for more than
+ * 4KB - refer errata TGL052, ADL037 and RPL017. Future processors might
+ * also be affected, so for now rather than trying to keep track of
+ * which ones, just disable it for all.
+ */
+ if (nr_pages > 1)
+ goto out;
+
buf->single = true;
buf->nr_pages = nr_pages;
ret = 0;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 281/314] nvme: restrict management ioctls to admin
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 280/314] perf/x86/intel/pt: Fix sampling using single range output Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 282/314] nvme: ensure subsystem reset is single threaded Greg Kroah-Hartman
` (40 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Christoph Hellwig,
Ovidiu Panait
From: Keith Busch <kbusch@kernel.org>
commit 23e085b2dead13b51fe86d27069895b740f749c0 upstream.
The passthrough commands already have this restriction, but the other
operations do not. Require the same capabilities for all users as all of
these operations, which include resets and rescans, can be disruptive.
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/ioctl.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -764,11 +764,17 @@ long nvme_dev_ioctl(struct file *file, u
case NVME_IOCTL_IO_CMD:
return nvme_dev_user_cmd(ctrl, argp);
case NVME_IOCTL_RESET:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
dev_warn(ctrl->device, "resetting controller\n");
return nvme_reset_ctrl_sync(ctrl);
case NVME_IOCTL_SUBSYS_RESET:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
return nvme_reset_subsystem(ctrl);
case NVME_IOCTL_RESCAN:
+ if (!capable(CAP_SYS_ADMIN))
+ return -EACCES;
nvme_queue_scan(ctrl);
return 0;
default:
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 282/314] nvme: ensure subsystem reset is single threaded
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 281/314] nvme: restrict management ioctls to admin Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 283/314] ASoC: SOF: topology: No need to assign core ID if token parsing failed Greg Kroah-Hartman
` (39 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Keith Busch, Christoph Hellwig,
Ovidiu Panait
From: Keith Busch <kbusch@kernel.org>
commit 1e866afd4bcdd01a70a5eddb4371158d3035ce03 upstream.
The subsystem reset writes to a register, so we have to ensure the
device state is capable of handling that otherwise the driver may access
unmapped registers. Use the state machine to ensure the subsystem reset
doesn't try to write registers on a device already undergoing this type
of reset.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=214771
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nvme/host/nvme.h | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--- a/drivers/nvme/host/nvme.h
+++ b/drivers/nvme/host/nvme.h
@@ -602,11 +602,23 @@ static inline void nvme_fault_inject_fin
static inline void nvme_should_fail(struct request *req) {}
#endif
+bool nvme_wait_reset(struct nvme_ctrl *ctrl);
+int nvme_try_sched_reset(struct nvme_ctrl *ctrl);
+
static inline int nvme_reset_subsystem(struct nvme_ctrl *ctrl)
{
+ int ret;
+
if (!ctrl->subsystem)
return -ENOTTY;
- return ctrl->ops->reg_write32(ctrl, NVME_REG_NSSR, 0x4E564D65);
+ if (!nvme_wait_reset(ctrl))
+ return -EBUSY;
+
+ ret = ctrl->ops->reg_write32(ctrl, NVME_REG_NSSR, 0x4E564D65);
+ if (ret)
+ return ret;
+
+ return nvme_try_sched_reset(ctrl);
}
/*
@@ -712,7 +724,6 @@ void nvme_cancel_tagset(struct nvme_ctrl
void nvme_cancel_admin_tagset(struct nvme_ctrl *ctrl);
bool nvme_change_ctrl_state(struct nvme_ctrl *ctrl,
enum nvme_ctrl_state new_state);
-bool nvme_wait_reset(struct nvme_ctrl *ctrl);
int nvme_disable_ctrl(struct nvme_ctrl *ctrl);
int nvme_enable_ctrl(struct nvme_ctrl *ctrl);
int nvme_shutdown_ctrl(struct nvme_ctrl *ctrl);
@@ -802,7 +813,6 @@ int nvme_set_queue_count(struct nvme_ctr
void nvme_stop_keep_alive(struct nvme_ctrl *ctrl);
int nvme_reset_ctrl(struct nvme_ctrl *ctrl);
int nvme_reset_ctrl_sync(struct nvme_ctrl *ctrl);
-int nvme_try_sched_reset(struct nvme_ctrl *ctrl);
int nvme_delete_ctrl(struct nvme_ctrl *ctrl);
void nvme_queue_scan(struct nvme_ctrl *ctrl);
int nvme_get_log(struct nvme_ctrl *ctrl, u32 nsid, u8 log_page, u8 lsp, u8 csi,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 283/314] ASoC: SOF: topology: No need to assign core ID if token parsing failed
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 282/314] nvme: ensure subsystem reset is single threaded Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 284/314] perf: Improve missing SIGTRAP checking Greg Kroah-Hartman
` (38 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Ujfalusi,
Pierre-Louis Bossart, Ranjani Sridharan, Mark Brown, Sasha Levin
From: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
[ Upstream commit 3d59eaef49ca2db581156a7b77c9afc0546eefc0 ]
Move the return value check before attempting to assign the core ID to the
swidget since we are going to fail the sof_widget_ready() and free up
swidget anyways.
Fixes: 909dadf21aae ("ASoC: SOF: topology: Make DAI widget parsing IPC agnostic")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Link: https://lore.kernel.org/r/20221107090433.5146-1-peter.ujfalusi@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/topology.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/sound/soc/sof/topology.c b/sound/soc/sof/topology.c
index 9273a70fec25..e1b7f07de7fc 100644
--- a/sound/soc/sof/topology.c
+++ b/sound/soc/sof/topology.c
@@ -1346,16 +1346,6 @@ static int sof_widget_ready(struct snd_soc_component *scomp, int index,
break;
}
- if (sof_debug_check_flag(SOF_DBG_DISABLE_MULTICORE)) {
- swidget->core = SOF_DSP_PRIMARY_CORE;
- } else {
- int core = sof_get_token_value(SOF_TKN_COMP_CORE_ID, swidget->tuples,
- swidget->num_tuples);
-
- if (core >= 0)
- swidget->core = core;
- }
-
/* check token parsing reply */
if (ret < 0) {
dev_err(scomp->dev,
@@ -1367,6 +1357,16 @@ static int sof_widget_ready(struct snd_soc_component *scomp, int index,
return ret;
}
+ if (sof_debug_check_flag(SOF_DBG_DISABLE_MULTICORE)) {
+ swidget->core = SOF_DSP_PRIMARY_CORE;
+ } else {
+ int core = sof_get_token_value(SOF_TKN_COMP_CORE_ID, swidget->tuples,
+ swidget->num_tuples);
+
+ if (core >= 0)
+ swidget->core = core;
+ }
+
/* bind widget to external event */
if (tw->event_type) {
if (widget_ops[w->id].bind_event) {
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 284/314] perf: Improve missing SIGTRAP checking
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 283/314] ASoC: SOF: topology: No need to assign core ID if token parsing failed Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 285/314] vfio: Rename vfio_ioctl_check_extension() Greg Kroah-Hartman
` (37 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+b8ded3e2e2c6adde4990,
Marco Elver, Peter Zijlstra (Intel),
Sasha Levin
From: Marco Elver <elver@google.com>
[ Upstream commit bb88f9695460bec25aa30ba9072595025cf6c8af ]
To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(),
which fires if pending_sigtrap was already set: returning to user space
without consuming pending_sigtrap, and then having the event fire again
would re-enter the kernel and trigger the WARN.
This, however, seemed to miss the case where some events not associated
with progress in the user space task can fire and the interrupt handler
runs before the IRQ work meant to consume pending_sigtrap (and generate
the SIGTRAP).
syzbot gifted us this stack trace:
| WARNING: CPU: 0 PID: 3607 at kernel/events/core.c:9313 __perf_event_overflow
| Modules linked in:
| CPU: 0 PID: 3607 Comm: syz-executor100 Not tainted 6.1.0-rc2-syzkaller-00073-g88619e77b33d #0
| Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
| RIP: 0010:__perf_event_overflow+0x498/0x540 kernel/events/core.c:9313
| <...>
| Call Trace:
| <TASK>
| perf_swevent_hrtimer+0x34f/0x3c0 kernel/events/core.c:10729
| __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
| __hrtimer_run_queues+0x1c6/0xfb0 kernel/time/hrtimer.c:1749
| hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
| local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1096 [inline]
| __sysvec_apic_timer_interrupt+0x17c/0x640 arch/x86/kernel/apic/apic.c:1113
| sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1107
| asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
| <...>
| </TASK>
In this case, syzbot produced a program with event type
PERF_TYPE_SOFTWARE and config PERF_COUNT_SW_CPU_CLOCK. The hrtimer
manages to fire again before the IRQ work got a chance to run, all while
never having returned to user space.
Improve the WARN to check for real progress in user space: approximate
this by storing a 32-bit hash of the current IP into pending_sigtrap,
and if an event fires while pending_sigtrap still matches the previous
IP, we assume no progress (false negatives are possible given we could
return to user space and trigger again on the same IP).
Fixes: ca6c21327c6a ("perf: Fix missing SIGTRAPs")
Reported-by: syzbot+b8ded3e2e2c6adde4990@syzkaller.appspotmail.com
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20221031093513.3032814-1-elver@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/events/core.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 072ab26269c0..bec18d81b116 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9282,14 +9282,27 @@ static int __perf_event_overflow(struct perf_event *event,
}
if (event->attr.sigtrap) {
- /*
- * Should not be able to return to user space without processing
- * pending_sigtrap (kernel events can overflow multiple times).
- */
- WARN_ON_ONCE(event->pending_sigtrap && event->attr.exclude_kernel);
+ unsigned int pending_id = 1;
+
+ if (regs)
+ pending_id = hash32_ptr((void *)instruction_pointer(regs)) ?: 1;
if (!event->pending_sigtrap) {
- event->pending_sigtrap = 1;
+ event->pending_sigtrap = pending_id;
local_inc(&event->ctx->nr_pending);
+ } else if (event->attr.exclude_kernel) {
+ /*
+ * Should not be able to return to user space without
+ * consuming pending_sigtrap; with exceptions:
+ *
+ * 1. Where !exclude_kernel, events can overflow again
+ * in the kernel without returning to user space.
+ *
+ * 2. Events that can overflow again before the IRQ-
+ * work without user space progress (e.g. hrtimer).
+ * To approximate progress (with false negatives),
+ * check 32-bit hash of the current IP.
+ */
+ WARN_ON_ONCE(event->pending_sigtrap != pending_id);
}
event->pending_addr = data->addr;
irq_work_queue(&event->pending_irq);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 285/314] vfio: Rename vfio_ioctl_check_extension()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 284/314] perf: Improve missing SIGTRAP checking Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 286/314] vfio: Split the register_device ops call into functions Greg Kroah-Hartman
` (36 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Tian, Jason Gunthorpe,
Alex Williamson, Sasha Levin
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 1408640d578887d7860737221043d91fc6d5a723 ]
To vfio_container_ioctl_check_extension().
A following patch will turn this into a non-static function, make it clear
it is related to the container.
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/6-v3-297af71838d2+b9-vfio_container_split_jgg@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Stable-dep-of: 7fdba0011157 ("vfio: Fix container device registration life cycle")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/vfio_main.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
index 7cb56c382c97..c555d497e9e8 100644
--- a/drivers/vfio/vfio_main.c
+++ b/drivers/vfio/vfio_main.c
@@ -710,8 +710,9 @@ EXPORT_SYMBOL_GPL(vfio_unregister_group_dev);
/*
* VFIO base fd, /dev/vfio/vfio
*/
-static long vfio_ioctl_check_extension(struct vfio_container *container,
- unsigned long arg)
+static long
+vfio_container_ioctl_check_extension(struct vfio_container *container,
+ unsigned long arg)
{
struct vfio_iommu_driver *driver;
long ret = 0;
@@ -868,7 +869,7 @@ static long vfio_fops_unl_ioctl(struct file *filep,
ret = VFIO_API_VERSION;
break;
case VFIO_CHECK_EXTENSION:
- ret = vfio_ioctl_check_extension(container, arg);
+ ret = vfio_container_ioctl_check_extension(container, arg);
break;
case VFIO_SET_IOMMU:
ret = vfio_ioctl_set_iommu(container, arg);
@@ -1763,8 +1764,8 @@ bool vfio_file_enforced_coherent(struct file *file)
down_read(&group->group_rwsem);
if (group->container) {
- ret = vfio_ioctl_check_extension(group->container,
- VFIO_DMA_CC_IOMMU);
+ ret = vfio_container_ioctl_check_extension(group->container,
+ VFIO_DMA_CC_IOMMU);
} else {
/*
* Since the coherency state is determined only once a container
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 286/314] vfio: Split the register_device ops call into functions
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 285/314] vfio: Rename vfio_ioctl_check_extension() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 287/314] perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling Greg Kroah-Hartman
` (35 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Tian, Jason Gunthorpe,
Alex Williamson, Sasha Levin
From: Jason Gunthorpe <jgg@nvidia.com>
[ Upstream commit 9446162e740aefff95c324ac0887f0b68c739695 ]
This is a container item.
A following patch will move the vfio_container functions to their own .c
file.
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/7-v3-297af71838d2+b9-vfio_container_split_jgg@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Stable-dep-of: 7fdba0011157 ("vfio: Fix container device registration life cycle")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/vfio_main.c | 39 +++++++++++++++++++++++----------------
1 file changed, 23 insertions(+), 16 deletions(-)
diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
index c555d497e9e8..48ceca04d9b8 100644
--- a/drivers/vfio/vfio_main.c
+++ b/drivers/vfio/vfio_main.c
@@ -1086,9 +1086,28 @@ static void vfio_device_unassign_container(struct vfio_device *device)
up_write(&device->group->group_rwsem);
}
+static void vfio_device_container_register(struct vfio_device *device)
+{
+ struct vfio_iommu_driver *iommu_driver =
+ device->group->container->iommu_driver;
+
+ if (iommu_driver && iommu_driver->ops->register_device)
+ iommu_driver->ops->register_device(
+ device->group->container->iommu_data, device);
+}
+
+static void vfio_device_container_unregister(struct vfio_device *device)
+{
+ struct vfio_iommu_driver *iommu_driver =
+ device->group->container->iommu_driver;
+
+ if (iommu_driver && iommu_driver->ops->unregister_device)
+ iommu_driver->ops->unregister_device(
+ device->group->container->iommu_data, device);
+}
+
static struct file *vfio_device_open(struct vfio_device *device)
{
- struct vfio_iommu_driver *iommu_driver;
struct file *filep;
int ret;
@@ -1119,12 +1138,7 @@ static struct file *vfio_device_open(struct vfio_device *device)
if (ret)
goto err_undo_count;
}
-
- iommu_driver = device->group->container->iommu_driver;
- if (iommu_driver && iommu_driver->ops->register_device)
- iommu_driver->ops->register_device(
- device->group->container->iommu_data, device);
-
+ vfio_device_container_register(device);
up_read(&device->group->group_rwsem);
}
mutex_unlock(&device->dev_set->lock);
@@ -1162,10 +1176,7 @@ static struct file *vfio_device_open(struct vfio_device *device)
if (device->open_count == 1 && device->ops->close_device) {
device->ops->close_device(device);
- iommu_driver = device->group->container->iommu_driver;
- if (iommu_driver && iommu_driver->ops->unregister_device)
- iommu_driver->ops->unregister_device(
- device->group->container->iommu_data, device);
+ vfio_device_container_unregister(device);
}
err_undo_count:
up_read(&device->group->group_rwsem);
@@ -1361,7 +1372,6 @@ static const struct file_operations vfio_group_fops = {
static int vfio_device_fops_release(struct inode *inode, struct file *filep)
{
struct vfio_device *device = filep->private_data;
- struct vfio_iommu_driver *iommu_driver;
mutex_lock(&device->dev_set->lock);
vfio_assert_device_open(device);
@@ -1369,10 +1379,7 @@ static int vfio_device_fops_release(struct inode *inode, struct file *filep)
if (device->open_count == 1 && device->ops->close_device)
device->ops->close_device(device);
- iommu_driver = device->group->container->iommu_driver;
- if (iommu_driver && iommu_driver->ops->unregister_device)
- iommu_driver->ops->unregister_device(
- device->group->container->iommu_data, device);
+ vfio_device_container_unregister(device);
up_read(&device->group->group_rwsem);
device->open_count--;
if (device->open_count == 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 287/314] perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 286/314] vfio: Split the register_device ops call into functions Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 288/314] ring-buffer: Include dropped pages in counting dirty patches Greg Kroah-Hartman
` (34 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linux Kernel Functional Testing,
Ravi Bangoria, Peter Zijlstra (Intel),
Sasha Levin
From: Ravi Bangoria <ravi.bangoria@amd.com>
[ Upstream commit baa014b9543c8e5e94f5d15b66abfe60750b8284 ]
amd_pmu_enable_all() does:
if (!test_bit(idx, cpuc->active_mask))
continue;
amd_pmu_enable_event(cpuc->events[idx]);
A perf NMI of another event can come between these two steps. Perf NMI
handler internally disables and enables _all_ events, including the one
which nmi-intercepted amd_pmu_enable_all() was in process of enabling.
If that unintentionally enabled event has very low sampling period and
causes immediate successive NMI, causing the event to be throttled,
cpuc->events[idx] and cpuc->active_mask gets cleared by x86_pmu_stop().
This will result in amd_pmu_enable_event() getting called with event=NULL
when amd_pmu_enable_all() resumes after handling the NMIs. This causes a
kernel crash:
BUG: kernel NULL pointer dereference, address: 0000000000000198
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
[...]
Call Trace:
<TASK>
amd_pmu_enable_all+0x68/0xb0
ctx_resched+0xd9/0x150
event_function+0xb8/0x130
? hrtimer_start_range_ns+0x141/0x4a0
? perf_duration_warn+0x30/0x30
remote_function+0x4d/0x60
__flush_smp_call_function_queue+0xc4/0x500
flush_smp_call_function_queue+0x11d/0x1b0
do_idle+0x18f/0x2d0
cpu_startup_entry+0x19/0x20
start_secondary+0x121/0x160
secondary_startup_64_no_verify+0xe5/0xeb
</TASK>
amd_pmu_disable_all()/amd_pmu_enable_all() calls inside perf NMI handler
were recently added as part of BRS enablement but I'm not sure whether
we really need them. We can just disable BRS in the beginning and enable
it back while returning from NMI. This will solve the issue by not
enabling those events whose active_masks are set but are not yet enabled
in hw pmu.
Fixes: ada543459cab ("perf/x86/amd: Add AMD Fam19h Branch Sampling support")
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20221114044029.373-1-ravi.bangoria@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/core.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c
index 9ac3718410ce..7e39c47d7759 100644
--- a/arch/x86/events/amd/core.c
+++ b/arch/x86/events/amd/core.c
@@ -896,8 +896,7 @@ static int amd_pmu_handle_irq(struct pt_regs *regs)
pmu_enabled = cpuc->enabled;
cpuc->enabled = 0;
- /* stop everything (includes BRS) */
- amd_pmu_disable_all();
+ amd_brs_disable_all();
/* Drain BRS is in use (could be inactive) */
if (cpuc->lbr_users)
@@ -908,7 +907,7 @@ static int amd_pmu_handle_irq(struct pt_regs *regs)
cpuc->enabled = pmu_enabled;
if (pmu_enabled)
- amd_pmu_enable_all(0);
+ amd_brs_enable_all();
return amd_pmu_adjust_nmi_window(handled);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 288/314] ring-buffer: Include dropped pages in counting dirty patches
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 287/314] perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 289/314] tracing: Fix warning on variable struct trace_array Greg Kroah-Hartman
` (33 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Steven Rostedt (Google), Sasha Levin
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 31029a8b2c7e656a0289194ef16415050ae4c4ac ]
The function ring_buffer_nr_dirty_pages() was created to find out how many
pages are filled in the ring buffer. There's two running counters. One is
incremented whenever a new page is touched (pages_touched) and the other
is whenever a page is read (pages_read). The dirty count is the number
touched minus the number read. This is used to determine if a blocked task
should be woken up if the percentage of the ring buffer it is waiting for
is hit.
The problem is that it does not take into account dropped pages (when the
new writes overwrite pages that were not read). And then the dirty pages
will always be greater than the percentage.
This makes the "buffer_percent" file inaccurate, as the number of dirty
pages end up always being larger than the percentage, event when it's not
and this causes user space to be woken up more than it wants to be.
Add a new counter to keep track of lost pages, and include that in the
accounting of dirty pages so that it is actually accurate.
Link: https://lkml.kernel.org/r/20221021123013.55fb6055@gandalf.local.home
Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index c7e17f9f4935..0b93dc17457d 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -519,6 +519,7 @@ struct ring_buffer_per_cpu {
local_t committing;
local_t commits;
local_t pages_touched;
+ local_t pages_lost;
local_t pages_read;
long last_pages_touch;
size_t shortest_full;
@@ -894,10 +895,18 @@ size_t ring_buffer_nr_pages(struct trace_buffer *buffer, int cpu)
size_t ring_buffer_nr_dirty_pages(struct trace_buffer *buffer, int cpu)
{
size_t read;
+ size_t lost;
size_t cnt;
read = local_read(&buffer->buffers[cpu]->pages_read);
+ lost = local_read(&buffer->buffers[cpu]->pages_lost);
cnt = local_read(&buffer->buffers[cpu]->pages_touched);
+
+ if (WARN_ON_ONCE(cnt < lost))
+ return 0;
+
+ cnt -= lost;
+
/* The reader can read an empty page, but not more than that */
if (cnt < read) {
WARN_ON_ONCE(read > cnt + 1);
@@ -2031,6 +2040,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
*/
local_add(page_entries, &cpu_buffer->overrun);
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
+ local_inc(&cpu_buffer->pages_lost);
}
/*
@@ -2515,6 +2525,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
*/
local_add(entries, &cpu_buffer->overrun);
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
+ local_inc(&cpu_buffer->pages_lost);
/*
* The entries will be zeroed out when we move the
@@ -5265,6 +5276,7 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
local_set(&cpu_buffer->committing, 0);
local_set(&cpu_buffer->commits, 0);
local_set(&cpu_buffer->pages_touched, 0);
+ local_set(&cpu_buffer->pages_lost, 0);
local_set(&cpu_buffer->pages_read, 0);
cpu_buffer->last_pages_touch = 0;
cpu_buffer->shortest_full = 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 289/314] tracing: Fix warning on variable struct trace_array
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 288/314] ring-buffer: Include dropped pages in counting dirty patches Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 290/314] net: usb: smsc95xx: fix external PHY reset Greg Kroah-Hartman
` (32 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin K. Petersen, Arun Easi,
Masami Hiramatsu (Google),
Guenter Roeck, Aashish Sharma, Steven Rostedt (Google),
Sasha Levin
From: Aashish Sharma <shraash@google.com>
[ Upstream commit bedf06833b1f63c2627bd5634602e05592129d7a ]
Move the declaration of 'struct trace_array' out of #ifdef
CONFIG_TRACING block, to fix the following warning when CONFIG_TRACING
is not set:
>> include/linux/trace.h:63:45: warning: 'struct trace_array' declared
inside parameter list will not be visible outside of this definition or
declaration
Link: https://lkml.kernel.org/r/20221107160556.2139463-1-shraash@google.com
Fixes: 1a77dd1c2bb5 ("scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled")
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Arun Easi <aeasi@marvell.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Aashish Sharma <shraash@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/trace.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/trace.h b/include/linux/trace.h
index b5e16e438448..80ffda871749 100644
--- a/include/linux/trace.h
+++ b/include/linux/trace.h
@@ -26,13 +26,13 @@ struct trace_export {
int flags;
};
+struct trace_array;
+
#ifdef CONFIG_TRACING
int register_ftrace_export(struct trace_export *export);
int unregister_ftrace_export(struct trace_export *export);
-struct trace_array;
-
void trace_printk_init_buffers(void);
__printf(3, 4)
int trace_array_printk(struct trace_array *tr, unsigned long ip,
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 290/314] net: usb: smsc95xx: fix external PHY reset
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 289/314] tracing: Fix warning on variable struct trace_array Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 291/314] net: use struct_group to copy ip/ipv6 header addresses Greg Kroah-Hartman
` (31 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexandru Tachici, Andrew Lunn,
Paolo Abeni, Sasha Levin
From: Alexandru Tachici <alexandru.tachici@analog.com>
[ Upstream commit 809ff97a677ff85dfb7ce2b63be261d1633dcf29 ]
An external PHY needs settling time after power up or reset.
In the bind() function an mdio bus is registered. If at this point
the external PHY is still initialising, no valid PHY ID will be
read and on phy_find_first() the bind() function will fail.
If an external PHY is present, wait the maximum time specified
in 802.3 45.2.7.1.1.
Fixes: 05b35e7eb9a1 ("smsc95xx: add phylib support")
Signed-off-by: Alexandru Tachici <alexandru.tachici@analog.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20221115114434.9991-2-alexandru.tachici@analog.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/usb/smsc95xx.c | 46 ++++++++++++++++++++++++++++++++++----
1 file changed, 42 insertions(+), 4 deletions(-)
diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c
index bfb58c91db04..32d2c60d334d 100644
--- a/drivers/net/usb/smsc95xx.c
+++ b/drivers/net/usb/smsc95xx.c
@@ -66,6 +66,7 @@ struct smsc95xx_priv {
spinlock_t mac_cr_lock;
u8 features;
u8 suspend_flags;
+ bool is_internal_phy;
struct irq_chip irqchip;
struct irq_domain *irqdomain;
struct fwnode_handle *irqfwnode;
@@ -252,6 +253,43 @@ static void smsc95xx_mdio_write(struct usbnet *dev, int phy_id, int idx,
mutex_unlock(&dev->phy_mutex);
}
+static int smsc95xx_mdiobus_reset(struct mii_bus *bus)
+{
+ struct smsc95xx_priv *pdata;
+ struct usbnet *dev;
+ u32 val;
+ int ret;
+
+ dev = bus->priv;
+ pdata = dev->driver_priv;
+
+ if (pdata->is_internal_phy)
+ return 0;
+
+ mutex_lock(&dev->phy_mutex);
+
+ ret = smsc95xx_read_reg(dev, PM_CTRL, &val);
+ if (ret < 0)
+ goto reset_out;
+
+ val |= PM_CTL_PHY_RST_;
+
+ ret = smsc95xx_write_reg(dev, PM_CTRL, val);
+ if (ret < 0)
+ goto reset_out;
+
+ /* Driver has no knowledge at this point about the external PHY.
+ * The 802.3 specifies that the reset process shall
+ * be completed within 0.5 s.
+ */
+ fsleep(500000);
+
+reset_out:
+ mutex_unlock(&dev->phy_mutex);
+
+ return 0;
+}
+
static int smsc95xx_mdiobus_read(struct mii_bus *bus, int phy_id, int idx)
{
struct usbnet *dev = bus->priv;
@@ -1052,7 +1090,6 @@ static void smsc95xx_handle_link_change(struct net_device *net)
static int smsc95xx_bind(struct usbnet *dev, struct usb_interface *intf)
{
struct smsc95xx_priv *pdata;
- bool is_internal_phy;
char usb_path[64];
int ret, phy_irq;
u32 val;
@@ -1133,13 +1170,14 @@ static int smsc95xx_bind(struct usbnet *dev, struct usb_interface *intf)
if (ret < 0)
goto free_mdio;
- is_internal_phy = !(val & HW_CFG_PSEL_);
- if (is_internal_phy)
+ pdata->is_internal_phy = !(val & HW_CFG_PSEL_);
+ if (pdata->is_internal_phy)
pdata->mdiobus->phy_mask = ~(1u << SMSC95XX_INTERNAL_PHY_ID);
pdata->mdiobus->priv = dev;
pdata->mdiobus->read = smsc95xx_mdiobus_read;
pdata->mdiobus->write = smsc95xx_mdiobus_write;
+ pdata->mdiobus->reset = smsc95xx_mdiobus_reset;
pdata->mdiobus->name = "smsc95xx-mdiobus";
pdata->mdiobus->parent = &dev->udev->dev;
@@ -1160,7 +1198,7 @@ static int smsc95xx_bind(struct usbnet *dev, struct usb_interface *intf)
}
pdata->phydev->irq = phy_irq;
- pdata->phydev->is_internal = is_internal_phy;
+ pdata->phydev->is_internal = pdata->is_internal_phy;
/* detect device revision as different features may be available */
ret = smsc95xx_read_reg(dev, ID_REV, &val);
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 291/314] net: use struct_group to copy ip/ipv6 header addresses
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 290/314] net: usb: smsc95xx: fix external PHY reset Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 292/314] scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() Greg Kroah-Hartman
` (30 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Hangbin Liu,
Paolo Abeni, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 58e0be1ef6118c5352b56a4d06e974c5599993a5 ]
kernel test robot reported warnings when build bonding module with
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/net/bonding/:
from ../drivers/net/bonding/bond_main.c:35:
In function ‘fortify_memcpy_chk’,
inlined from ‘iph_to_flow_copy_v4addrs’ at ../include/net/ip.h:566:2,
inlined from ‘bond_flow_ip’ at ../drivers/net/bonding/bond_main.c:3984:3:
../include/linux/fortify-string.h:413:25: warning: call to ‘__read_overflow2_field’ declared with attribute warning: detected read beyond size of f
ield (2nd parameter); maybe use struct_group()? [-Wattribute-warning]
413 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘fortify_memcpy_chk’,
inlined from ‘iph_to_flow_copy_v6addrs’ at ../include/net/ipv6.h:900:2,
inlined from ‘bond_flow_ip’ at ../drivers/net/bonding/bond_main.c:3994:3:
../include/linux/fortify-string.h:413:25: warning: call to ‘__read_overflow2_field’ declared with attribute warning: detected read beyond size of f
ield (2nd parameter); maybe use struct_group()? [-Wattribute-warning]
413 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is because we try to copy the whole ip/ip6 address to the flow_key,
while we only point the to ip/ip6 saddr. Note that since these are UAPI
headers, __struct_group() is used to avoid the compiler warnings.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: c3f8324188fa ("net: Add full IPv6 addresses to flow_keys")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://lore.kernel.org/r/20221115142400.1204786-1-liuhangbin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/ip.h | 2 +-
include/net/ipv6.h | 2 +-
include/uapi/linux/ip.h | 6 ++++--
include/uapi/linux/ipv6.h | 6 ++++--
4 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/net/ip.h b/include/net/ip.h
index 1c979fd1904c..1eca38ac6c67 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -563,7 +563,7 @@ static inline void iph_to_flow_copy_v4addrs(struct flow_keys *flow,
BUILD_BUG_ON(offsetof(typeof(flow->addrs), v4addrs.dst) !=
offsetof(typeof(flow->addrs), v4addrs.src) +
sizeof(flow->addrs.v4addrs.src));
- memcpy(&flow->addrs.v4addrs, &iph->saddr, sizeof(flow->addrs.v4addrs));
+ memcpy(&flow->addrs.v4addrs, &iph->addrs, sizeof(flow->addrs.v4addrs));
flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
}
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index de9dcc5652c4..59125562c1a4 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -897,7 +897,7 @@ static inline void iph_to_flow_copy_v6addrs(struct flow_keys *flow,
BUILD_BUG_ON(offsetof(typeof(flow->addrs), v6addrs.dst) !=
offsetof(typeof(flow->addrs), v6addrs.src) +
sizeof(flow->addrs.v6addrs.src));
- memcpy(&flow->addrs.v6addrs, &iph->saddr, sizeof(flow->addrs.v6addrs));
+ memcpy(&flow->addrs.v6addrs, &iph->addrs, sizeof(flow->addrs.v6addrs));
flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
}
diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h
index 961ec16a26b8..874a92349bf5 100644
--- a/include/uapi/linux/ip.h
+++ b/include/uapi/linux/ip.h
@@ -100,8 +100,10 @@ struct iphdr {
__u8 ttl;
__u8 protocol;
__sum16 check;
- __be32 saddr;
- __be32 daddr;
+ __struct_group(/* no tag */, addrs, /* no attrs */,
+ __be32 saddr;
+ __be32 daddr;
+ );
/*The options start here. */
};
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
index 03cdbe798fe3..81f4243bebb1 100644
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -130,8 +130,10 @@ struct ipv6hdr {
__u8 nexthdr;
__u8 hop_limit;
- struct in6_addr saddr;
- struct in6_addr daddr;
+ __struct_group(/* no tag */, addrs, /* no attrs */,
+ struct in6_addr saddr;
+ struct in6_addr daddr;
+ );
};
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 292/314] scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 291/314] net: use struct_group to copy ip/ipv6 header addresses Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 293/314] scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() Greg Kroah-Hartman
` (29 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Mike Christie,
Martin K. Petersen, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit bc68e428d4963af0201e92159629ab96948f0893 ]
If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated
by dev_set_name() need be freed. As comment of device_register() says, it
should use put_device() to give up the reference in the error path. So fix
this by calling put_device(), then the name can be freed in kobject_cleanup().
The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need
goto error label in this case.
Fixes: 3703b2c5d041 ("[SCSI] tcm_loop: Add multi-fabric Linux/SCSI LLD fabric module")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20221115015042.3652261-1-yangyingliang@huawei.com
Reviewed-by: Mike Christie <michael.chritie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/target/loopback/tcm_loop.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/target/loopback/tcm_loop.c b/drivers/target/loopback/tcm_loop.c
index 4407b56aa6d1..139031ccb700 100644
--- a/drivers/target/loopback/tcm_loop.c
+++ b/drivers/target/loopback/tcm_loop.c
@@ -397,6 +397,7 @@ static int tcm_loop_setup_hba_bus(struct tcm_loop_hba *tl_hba, int tcm_loop_host
ret = device_register(&tl_hba->dev);
if (ret) {
pr_err("device_register() failed for tl_hba->dev: %d\n", ret);
+ put_device(&tl_hba->dev);
return -ENODEV;
}
@@ -1073,7 +1074,7 @@ static struct se_wwn *tcm_loop_make_scsi_hba(
*/
ret = tcm_loop_setup_hba_bus(tl_hba, tcm_loop_hba_no_cnt);
if (ret)
- goto out;
+ return ERR_PTR(ret);
sh = tl_hba->sh;
tcm_loop_hba_no_cnt++;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 293/314] scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 292/314] scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 294/314] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case Greg Kroah-Hartman
` (28 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Douglas Gilbert,
Martin K. Petersen, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit e208a1d795a08d1ac0398c79ad9c58106531bcc5 ]
If device_register() fails in sdebug_add_host_helper(), it will goto clean
and sdbg_host will be freed, but sdbg_host->host_list will not be removed
from sdebug_host_list, then list traversal may cause UAF. Fix it.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Link: https://lore.kernel.org/r/20221117084421.58918-1-yuancan@huawei.com
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/scsi_debug.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index b8a76b89f85a..95f940f5c996 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -7316,8 +7316,12 @@ static int sdebug_add_host_helper(int per_host_idx)
dev_set_name(&sdbg_host->dev, "adapter%d", sdebug_num_hosts);
error = device_register(&sdbg_host->dev);
- if (error)
+ if (error) {
+ spin_lock(&sdebug_host_list_lock);
+ list_del(&sdbg_host->host_list);
+ spin_unlock(&sdebug_host_list_lock);
goto clean;
+ }
++sdebug_num_hosts;
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 294/314] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 293/314] scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 295/314] tracing: Fix potential null-pointer-access of entry in list tr->err_log Greg Kroah-Hartman
` (27 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhao Gongyi,
Masami Hiramatsu (Google),
Li Huafei, Sasha Levin
From: Li Huafei <lihuafei1@huawei.com>
[ Upstream commit 5dd7caf0bdc5d0bae7cf9776b4d739fb09bd5ebb ]
In __unregister_kprobe_top(), if the currently unregistered probe has
post_handler but other child probes of the aggrprobe do not have
post_handler, the post_handler of the aggrprobe is cleared. If this is
a ftrace-based probe, there is a problem. In later calls to
disarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is
NULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in
__disarm_kprobe_ftrace() and may even cause use-after-free:
Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2)
WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0
Modules linked in: testKprobe_007(-)
CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18
[...]
Call Trace:
<TASK>
__disable_kprobe+0xcd/0xe0
__unregister_kprobe_top+0x12/0x150
? mutex_lock+0xe/0x30
unregister_kprobes.part.23+0x31/0xa0
unregister_kprobe+0x32/0x40
__x64_sys_delete_module+0x15e/0x260
? do_user_addr_fault+0x2cd/0x6b0
do_syscall_64+0x3a/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
For the kprobe-on-ftrace case, we keep the post_handler setting to
identify this aggrprobe armed with kprobe_ipmodify_ops. This way we
can disarm it correctly.
Link: https://lore.kernel.org/all/20221112070000.35299-1-lihuafei1@huawei.com/
Fixes: 0bc11ed5ab60 ("kprobes: Allow kprobes coexist with livepatch")
Reported-by: Zhao Gongyi <zhaogongyi@huawei.com>
Suggested-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/kprobes.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 917b92ae2382..6d2a8623ec7b 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1762,7 +1762,13 @@ static int __unregister_kprobe_top(struct kprobe *p)
if ((list_p != p) && (list_p->post_handler))
goto noclean;
}
- ap->post_handler = NULL;
+ /*
+ * For the kprobe-on-ftrace case, we keep the
+ * post_handler setting to identify this aggrprobe
+ * armed with kprobe_ipmodify_ops.
+ */
+ if (!kprobe_ftrace(ap))
+ ap->post_handler = NULL;
}
noclean:
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 295/314] tracing: Fix potential null-pointer-access of entry in list tr->err_log
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 294/314] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 296/314] arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud Greg Kroah-Hartman
` (26 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Yejian,
Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit 067df9e0ad48a97382ab2179bbe773a13a846028 ]
Entries in list 'tr->err_log' will be reused after entry number
exceed TRACING_LOG_ERRS_MAX.
The cmd string of the to be reused entry will be freed first then
allocated a new one. If the allocation failed, then the entry will
still be in list 'tr->err_log' but its 'cmd' field is set to be NULL,
later access of 'cmd' is risky.
Currently above problem can cause the loss of 'cmd' information of first
entry in 'tr->err_log'. When execute `cat /sys/kernel/tracing/error_log`,
reproduce logs like:
[ 37.495100] trace_kprobe: error: Maxactive is not for kprobe(null) ^
[ 38.412517] trace_kprobe: error: Maxactive is not for kprobe
Command: p4:myprobe2 do_sys_openat2
^
Link: https://lore.kernel.org/linux-trace-kernel/20221114104632.3547266-1-zhengyejian1@huawei.com
Fixes: 1581a884b7ca ("tracing: Remove size restriction on tracing_log_err cmd strings")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 87d2f04152f9..7132e21e90d6 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -7803,6 +7803,7 @@ static struct tracing_log_err *get_tracing_log_err(struct trace_array *tr,
int len)
{
struct tracing_log_err *err;
+ char *cmd;
if (tr->n_err_log_entries < TRACING_LOG_ERRS_MAX) {
err = alloc_tracing_log_err(len);
@@ -7811,12 +7812,12 @@ static struct tracing_log_err *get_tracing_log_err(struct trace_array *tr,
return err;
}
-
+ cmd = kzalloc(len, GFP_KERNEL);
+ if (!cmd)
+ return ERR_PTR(-ENOMEM);
err = list_first_entry(&tr->err_log, struct tracing_log_err, list);
kfree(err->cmd);
- err->cmd = kzalloc(len, GFP_KERNEL);
- if (!err->cmd)
- return ERR_PTR(-ENOMEM);
+ err->cmd = cmd;
list_del(&err->list);
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 296/314] arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 295/314] tracing: Fix potential null-pointer-access of entry in list tr->err_log Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 297/314] Input: i8042 - fix leaking of platform device on module removal Greg Kroah-Hartman
` (25 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Denys Vlasenko, Liu Shixin,
David Hildenbrand, Pasha Tatashin, Kefeng Wang, Will Deacon,
Catalin Marinas, Sasha Levin
From: Liu Shixin <liushixin2@huawei.com>
[ Upstream commit 5b47348fc0b18a78c96f8474cc90b7525ad1bbfe ]
The page table check trigger BUG_ON() unexpectedly when collapse hugepage:
------------[ cut here ]------------
kernel BUG at mm/page_table_check.c:82!
Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : page_table_check_clear.isra.0+0x258/0x3f0
lr : page_table_check_clear.isra.0+0x240/0x3f0
[...]
Call trace:
page_table_check_clear.isra.0+0x258/0x3f0
__page_table_check_pmd_clear+0xbc/0x108
pmdp_collapse_flush+0xb0/0x160
collapse_huge_page+0xa08/0x1080
hpage_collapse_scan_pmd+0xf30/0x1590
khugepaged_scan_mm_slot.constprop.0+0x52c/0xac8
khugepaged+0x338/0x518
kthread+0x278/0x2f8
ret_from_fork+0x10/0x20
[...]
Since pmd_user_accessible_page() doesn't check if a pmd is leaf, it
decrease file_map_count for a non-leaf pmd comes from collapse_huge_page().
and so trigger BUG_ON() unexpectedly.
Fix this problem by using pmd_leaf() insteal of pmd_present() in
pmd_user_accessible_page(). Moreover, use pud_leaf() for
pud_user_accessible_page() too.
Fixes: 42b2547137f5 ("arm64/mm: enable ARCH_SUPPORTS_PAGE_TABLE_CHECK")
Reported-by: Denys Vlasenko <dvlasenk@redhat.com>
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20221117075602.2904324-2-liushixin2@huawei.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/pgtable.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index b5df82aa99e6..d78e69293d12 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -863,12 +863,12 @@ static inline bool pte_user_accessible_page(pte_t pte)
static inline bool pmd_user_accessible_page(pmd_t pmd)
{
- return pmd_present(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd));
+ return pmd_leaf(pmd) && (pmd_user(pmd) || pmd_user_exec(pmd));
}
static inline bool pud_user_accessible_page(pud_t pud)
{
- return pud_present(pud) && pud_user(pud);
+ return pud_leaf(pud) && pud_user(pud);
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 325+ messages in thread
* [PATCH 6.0 297/314] Input: i8042 - fix leaking of platform device on module removal
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 296/314] arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 298/314] macvlan: enforce a consistent minimal mtu Greg Kroah-Hartman
` (24 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chen Jun, Dmitry Torokhov, Sasha Levin
From: Chen Jun <chenjun102@huawei.com>
[ Upstream commit 81cd7e8489278d28794e7b272950c3e00c344e44 ]
Avoid resetting the module-wide i8042_platform_device pointer in
i8042_probe() or i8042_remove(), so that the device can be properly
destroyed by i8042_exit() on module unload.
Fixes: 9222ba68c3f4 ("Input: i8042 - add deferred probe support")
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Link: https://lore.kernel.org/r/20221109034148.23821-1-chenjun102@huawei.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/serio/i8042.c | 4 ----
1 file changed, 4 deletions(-)
--- a/drivers/input/serio/i8042.c
+++ b/drivers/input/serio/i8042.c
@@ -1543,8 +1543,6 @@ static int i8042_probe(struct platform_d
{
int error;
- i8042_platform_device = dev;
-
if (i8042_reset == I8042_RESET_ALWAYS) {
error = i8042_controller_selftest();
if (error)
@@ -1582,7 +1580,6 @@ static int i8042_probe(struct platform_d
i8042_free_aux_ports(); /* in case KBD failed but AUX not */
i8042_free_irqs();
i8042_controller_reset(false);
- i8042_platform_device = NULL;
return error;
}
@@ -1592,7 +1589,6 @@ static int i8042_remove(struct platform_
i8042_unregister_ports();
i8042_free_irqs();
i8042_controller_reset(false);
- i8042_platform_device = NULL;
return 0;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 298/314] macvlan: enforce a consistent minimal mtu
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 297/314] Input: i8042 - fix leaking of platform device on module removal Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 299/314] tcp: cdg: allow tcp_cdg_release() to be called multiple times Greg Kroah-Hartman
` (23 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit b64085b00044bdf3cd1c9825e9ef5b2e0feae91a upstream.
macvlan should enforce a minimal mtu of 68, even at link creation.
This patch avoids the current behavior (which could lead to crashes
in ipv6 stack if the link is brought up)
$ ip link add macvlan1 link eno1 mtu 8 type macvlan # This should fail !
$ ip link sh dev macvlan1
5: macvlan1@eno1: <BROADCAST,MULTICAST> mtu 8 qdisc noop
state DOWN mode DEFAULT group default qlen 1000
link/ether 02:47:6c:24:74:82 brd ff:ff:ff:ff:ff:ff
$ ip link set macvlan1 mtu 67
Error: mtu less than device minimum.
$ ip link set macvlan1 mtu 68
$ ip link set macvlan1 mtu 8
Error: mtu less than device minimum.
Fixes: 91572088e3fd ("net: use core MTU range checking in core net infra")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/macvlan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -1192,7 +1192,7 @@ void macvlan_common_setup(struct net_dev
{
ether_setup(dev);
- dev->min_mtu = 0;
+ /* ether_setup() has set dev->min_mtu to ETH_MIN_MTU. */
dev->max_mtu = ETH_MAX_MTU;
dev->priv_flags &= ~IFF_TX_SKB_SHARING;
netif_keep_dst(dev);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 299/314] tcp: cdg: allow tcp_cdg_release() to be called multiple times
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 298/314] macvlan: enforce a consistent minimal mtu Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 300/314] kcm: avoid potential race in kcm_tx_work Greg Kroah-Hartman
` (22 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit 72e560cb8c6f80fc2b4afc5d3634a32465e13a51 upstream.
Apparently, mptcp is able to call tcp_disconnect() on an already
disconnected flow. This is generally fine, unless current congestion
control is CDG, because it might trigger a double-free [1]
Instead of fixing MPTCP, and future bugs, we can make tcp_disconnect()
more resilient.
[1]
BUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline]
BUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567
CPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: events mptcp_worker
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462
____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356
kasan_slab_free include/linux/kasan.h:200 [inline]
slab_free_hook mm/slub.c:1759 [inline]
slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785
slab_free mm/slub.c:3539 [inline]
kfree+0xe2/0x580 mm/slub.c:4567
tcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145
__mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327
mptcp_do_fastclose net/mptcp/protocol.c:2592 [inline]
mptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Allocated by task 3671:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:437 [inline]
____kasan_kmalloc mm/kasan/common.c:516 [inline]
____kasan_kmalloc mm/kasan/common.c:475 [inline]
__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525
kmalloc_array include/linux/slab.h:640 [inline]
kcalloc include/linux/slab.h:671 [inline]
tcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380
tcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193
tcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline]
tcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391
do_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513
tcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801
mptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844
__sys_setsockopt+0x2d6/0x690 net/socket.c:2252
__do_sys_setsockopt net/socket.c:2263 [inline]
__se_sys_setsockopt net/socket.c:2260 [inline]
__x64_sys_setsockopt+0xba/0x150 net/socket.c:2260
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 16:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track+0x21/0x30 mm/kasan/common.c:45
kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
____kasan_slab_free mm/kasan/common.c:367 [inline]
____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329
kasan_slab_free include/linux/kasan.h:200 [inline]
slab_free_hook mm/slub.c:1759 [inline]
slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785
slab_free mm/slub.c:3539 [inline]
kfree+0xe2/0x580 mm/slub.c:4567
tcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226
tcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254
tcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969
inet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157
tcp_done+0x23b/0x340 net/ipv4/tcp.c:4649
tcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624
tcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525
tcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759
ip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439
ip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484
NF_HOOK include/linux/netfilter.h:302 [inline]
NF_HOOK include/linux/netfilter.h:296 [inline]
ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:493
dst_input include/net/dst.h:455 [inline]
ip6_rcv_finish+0x193/0x2c0 net/ipv6/ip6_input.c:79
ip_sabotage_in net/bridge/br_netfilter_hooks.c:874 [inline]
ip_sabotage_in+0x1fa/0x260 net/bridge/br_netfilter_hooks.c:865
nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
nf_hook_slow+0xc5/0x1f0 net/netfilter/core.c:614
nf_hook.constprop.0+0x3ac/0x650 include/linux/netfilter.h:257
NF_HOOK include/linux/netfilter.h:300 [inline]
ipv6_rcv+0x9e/0x380 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5485
__netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5599
netif_receive_skb_internal net/core/dev.c:5685 [inline]
netif_receive_skb+0x12f/0x8d0 net/core/dev.c:5744
NF_HOOK include/linux/netfilter.h:302 [inline]
NF_HOOK include/linux/netfilter.h:296 [inline]
br_pass_frame_up+0x303/0x410 net/bridge/br_input.c:68
br_handle_frame_finish+0x909/0x1aa0 net/bridge/br_input.c:199
br_nf_hook_thresh+0x2f8/0x3d0 net/bridge/br_netfilter_hooks.c:1041
br_nf_pre_routing_finish_ipv6+0x695/0xef0 net/bridge/br_netfilter_ipv6.c:207
NF_HOOK include/linux/netfilter.h:302 [inline]
br_nf_pre_routing_ipv6+0x417/0x7c0 net/bridge/br_netfilter_ipv6.c:237
br_nf_pre_routing+0x1496/0x1fe0 net/bridge/br_netfilter_hooks.c:507
nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:255 [inline]
br_handle_frame+0x9c9/0x12d0 net/bridge/br_input.c:399
__netif_receive_skb_core+0x9fe/0x38f0 net/core/dev.c:5379
__netif_receive_skb_one_core+0xae/0x180 net/core/dev.c:5483
__netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5599
process_backlog+0x3a0/0x7c0 net/core/dev.c:5927
__napi_poll+0xb3/0x6d0 net/core/dev.c:6494
napi_poll net/core/dev.c:6561 [inline]
net_rx_action+0x9c1/0xd90 net/core/dev.c:6672
__do_softirq+0x1d0/0x9c8 kernel/softirq.c:571
Fixes: 2b0a8c9eee81 ("tcp: add CDG congestion control")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_cdg.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/ipv4/tcp_cdg.c
+++ b/net/ipv4/tcp_cdg.c
@@ -375,6 +375,7 @@ static void tcp_cdg_init(struct sock *sk
struct cdg *ca = inet_csk_ca(sk);
struct tcp_sock *tp = tcp_sk(sk);
+ ca->gradients = NULL;
/* We silently fall back to window = 1 if allocation fails. */
if (window > 1)
ca->gradients = kcalloc(window, sizeof(ca->gradients[0]),
@@ -388,6 +389,7 @@ static void tcp_cdg_release(struct sock
struct cdg *ca = inet_csk_ca(sk);
kfree(ca->gradients);
+ ca->gradients = NULL;
}
static struct tcp_congestion_ops tcp_cdg __read_mostly = {
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 300/314] kcm: avoid potential race in kcm_tx_work
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 299/314] tcp: cdg: allow tcp_cdg_release() to be called multiple times Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 301/314] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() Greg Kroah-Hartman
` (21 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, Tom Herbert,
Jakub Kicinski
From: Eric Dumazet <edumazet@google.com>
commit ec7eede369fe5b0d085ac51fdbb95184f87bfc6c upstream.
syzbot found that kcm_tx_work() could crash [1] in:
/* Primarily for SOCK_SEQPACKET sockets */
if (likely(sk->sk_socket) &&
test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
<<*>> clear_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
sk->sk_write_space(sk);
}
I think the reason is that another thread might concurrently
run in kcm_release() and call sock_orphan(sk) while sk is not
locked. kcm_tx_work() find sk->sk_socket being NULL.
[1]
BUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:86 [inline]
BUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]
BUG: KASAN: null-ptr-deref in kcm_tx_work+0xff/0x160 net/kcm/kcmsock.c:742
Write of size 8 at addr 0000000000000008 by task kworker/u4:3/53
CPU: 0 PID: 53 Comm: kworker/u4:3 Not tainted 5.19.0-rc3-next-20220621-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kkcmd kcm_tx_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
kasan_report+0xbe/0x1f0 mm/kasan/report.c:495
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
instrument_atomic_write include/linux/instrumented.h:86 [inline]
clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]
kcm_tx_work+0xff/0x160 net/kcm/kcmsock.c:742
process_one_work+0x996/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
</TASK>
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Tom Herbert <tom@herbertland.com>
Link: https://lore.kernel.org/r/20221012133412.519394-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/kcm/kcmsock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1799,10 +1799,10 @@ static int kcm_release(struct socket *so
kcm = kcm_sk(sk);
mux = kcm->mux;
+ lock_sock(sk);
sock_orphan(sk);
kfree_skb(kcm->seq_skb);
- lock_sock(sk);
/* Purge queue under lock to avoid race condition with tx_work trying
* to act when queue is nonempty. If tx_work runs after this point
* it will just return.
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 301/314] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 300/314] kcm: avoid potential race in kcm_tx_work Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 302/314] 9p: trans_fd/p9_conn_cancel: drop client lock earlier Greg Kroah-Hartman
` (20 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6f0c896c5a9449a10ded,
Eiichi Tsukata, Paolo Bonzini
From: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
commit 7353633814f6e5b4899fb9ee1483709d6bb0e1cd upstream.
Should not call eventfd_ctx_put() in case of error.
Fixes: 2fd6df2f2b47 ("KVM: x86/xen: intercept EVTCHNOP_send from guests")
Reported-by: syzbot+6f0c896c5a9449a10ded@syzkaller.appspotmail.com
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Message-Id: <20221028092631.117438-1-eiichi.tsukata@nutanix.com>
[Introduce new goto target instead. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/xen.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -1667,18 +1667,18 @@ static int kvm_xen_eventfd_assign(struct
case EVTCHNSTAT_ipi:
/* IPI must map back to the same port# */
if (data->u.evtchn.deliver.port.port != data->u.evtchn.send_port)
- goto out; /* -EINVAL */
+ goto out_noeventfd; /* -EINVAL */
break;
case EVTCHNSTAT_interdomain:
if (data->u.evtchn.deliver.port.port) {
if (data->u.evtchn.deliver.port.port >= max_evtchn_port(kvm))
- goto out; /* -EINVAL */
+ goto out_noeventfd; /* -EINVAL */
} else {
eventfd = eventfd_ctx_fdget(data->u.evtchn.deliver.eventfd.fd);
if (IS_ERR(eventfd)) {
ret = PTR_ERR(eventfd);
- goto out;
+ goto out_noeventfd;
}
}
break;
@@ -1718,6 +1718,7 @@ static int kvm_xen_eventfd_assign(struct
out:
if (eventfd)
eventfd_ctx_put(eventfd);
+out_noeventfd:
kfree(evtchnfd);
return ret;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 302/314] 9p: trans_fd/p9_conn_cancel: drop client lock earlier
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 301/314] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 303/314] gfs2: Check sb_bsize_shift after reading superblock Greg Kroah-Hartman
` (19 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+50f7e8d06c3768dd97f3,
Dominique Martinet, Schspa Shi
From: Dominique Martinet <asmadeus@codewreck.org>
commit 52f1c45dde9136f964d63a77d19826c8a74e2c7f upstream.
syzbot reported a double-lock here and we no longer need this
lock after requests have been moved off to local list:
just drop the lock earlier.
Link: https://lkml.kernel.org/r/20220904064028.1305220-1-asmadeus@codewreck.org
Reported-by: syzbot+50f7e8d06c3768dd97f3@syzkaller.appspotmail.com
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Tested-by: Schspa Shi <schspa@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/9p/trans_fd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -205,6 +205,8 @@ static void p9_conn_cancel(struct p9_con
list_move(&req->req_list, &cancel_list);
}
+ spin_unlock(&m->client->lock);
+
list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
p9_debug(P9_DEBUG_ERROR, "call back req %p\n", req);
list_del(&req->req_list);
@@ -212,7 +214,6 @@ static void p9_conn_cancel(struct p9_con
req->t_err = err;
p9_client_cb(m->client, req, REQ_STATUS_ERROR);
}
- spin_unlock(&m->client->lock);
}
static __poll_t
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 303/314] gfs2: Check sb_bsize_shift after reading superblock
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 302/314] 9p: trans_fd/p9_conn_cancel: drop client lock earlier Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 304/314] gfs2: Switch from strlcpy to strscpy Greg Kroah-Hartman
` (18 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+dcf33a7aae997956fe06,
Andrew Price, Andreas Gruenbacher
From: Andrew Price <anprice@redhat.com>
commit 670f8ce56dd0632dc29a0322e188cc73ce3c6b92 upstream.
Fuzzers like to scribble over sb_bsize_shift but in reality it's very
unlikely that this field would be corrupted on its own. Nevertheless it
should be checked to avoid the possibility of messy mount errors due to
bad calculations. It's always a fixed value based on the block size so
we can just check that it's the expected value.
Tested with:
mkfs.gfs2 -O -p lock_nolock /dev/vdb
for i in 0 -1 64 65 32 33; do
gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb
mount /dev/vdb /mnt/test && umount /mnt/test
done
Before this patch we get a withdraw after
[ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block
[ 76.413681] bh = 19 (type: exp=5, found=4)
[ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492
and with UBSAN configured we also get complaints like
[ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19
[ 76.373815] shift exponent 4294967287 is too large for 64-bit type 'long unsigned int'
After the patch, these complaints don't appear, mount fails immediately
and we get an explanation in dmesg.
Reported-by: syzbot+dcf33a7aae997956fe06@syzkaller.appspotmail.com
Signed-off-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/ops_fstype.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -178,7 +178,10 @@ static int gfs2_check_sb(struct gfs2_sbd
pr_warn("Invalid block size\n");
return -EINVAL;
}
-
+ if (sb->sb_bsize_shift != ffs(sb->sb_bsize) - 1) {
+ pr_warn("Invalid block size shift\n");
+ return -EINVAL;
+ }
return 0;
}
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 304/314] gfs2: Switch from strlcpy to strscpy
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 303/314] gfs2: Check sb_bsize_shift after reading superblock Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 305/314] 9p/trans_fd: always use O_NONBLOCK read/write Greg Kroah-Hartman
` (17 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Wolfram Sang, Andreas Gruenbacher
From: Andreas Gruenbacher <agruenba@redhat.com>
commit 204c0300c4e99707e9fb6e57840aa1127060e63f upstream.
Switch from strlcpy to strscpy and make sure that @count is the size of
the smaller of the source and destination buffers. This prevents
reading beyond the end of the source buffer when the source string isn't
null terminated.
Found by a modified version of syzkaller.
Suggested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/ops_fstype.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -384,8 +384,10 @@ static int init_names(struct gfs2_sbd *s
if (!table[0])
table = sdp->sd_vfs->s_id;
- strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
- strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+ BUILD_BUG_ON(GFS2_LOCKNAME_LEN > GFS2_FSNAME_LEN);
+
+ strscpy(sdp->sd_proto_name, proto, GFS2_LOCKNAME_LEN);
+ strscpy(sdp->sd_table_name, table, GFS2_LOCKNAME_LEN);
table = sdp->sd_table_name;
while ((table = strchr(table, '/')))
@@ -1442,13 +1444,13 @@ static int gfs2_parse_param(struct fs_co
switch (o) {
case Opt_lockproto:
- strlcpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
+ strscpy(args->ar_lockproto, param->string, GFS2_LOCKNAME_LEN);
break;
case Opt_locktable:
- strlcpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
+ strscpy(args->ar_locktable, param->string, GFS2_LOCKNAME_LEN);
break;
case Opt_hostdata:
- strlcpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
+ strscpy(args->ar_hostdata, param->string, GFS2_LOCKNAME_LEN);
break;
case Opt_spectator:
args->ar_spectator = 1;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 305/314] 9p/trans_fd: always use O_NONBLOCK read/write
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 304/314] gfs2: Switch from strlcpy to strscpy Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 306/314] netlink: Bounds-check struct nlmsgerr creation Greg Kroah-Hartman
` (16 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Tetsuo Handa,
Christian Schoenebeck, Dominique Martinet
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit ef575281b21e9a34dfae544a187c6aac2ae424a9 upstream.
syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop()
from p9_conn_destroy() from p9_fd_close() is failing to interrupt already
started kernel_read() from p9_fd_read() from p9_read_work() and/or
kernel_write() from p9_fd_write() from p9_write_work() requests.
Since p9_socket_open() sets O_NONBLOCK flag, p9_mux_poll_stop() does not
need to interrupt kernel_read()/kernel_write(). However, since p9_fd_open()
does not set O_NONBLOCK flag, but pipe blocks unless signal is pending,
p9_mux_poll_stop() needs to interrupt kernel_read()/kernel_write() when
the file descriptor refers to a pipe. In other words, pipe file descriptor
needs to be handled as if socket file descriptor.
We somehow need to interrupt kernel_read()/kernel_write() on pipes.
A minimal change, which this patch is doing, is to set O_NONBLOCK flag
from p9_fd_open(), for O_NONBLOCK flag does not affect reading/writing
of regular files. But this approach changes O_NONBLOCK flag on userspace-
supplied file descriptors (which might break userspace programs), and
O_NONBLOCK flag could be changed by userspace. It would be possible to set
O_NONBLOCK flag every time p9_fd_read()/p9_fd_write() is invoked, but still
remains small race window for clearing O_NONBLOCK flag.
If we don't want to manipulate O_NONBLOCK flag, we might be able to
surround kernel_read()/kernel_write() with set_thread_flag(TIF_SIGPENDING)
and recalc_sigpending(). Since p9_read_work()/p9_write_work() works are
processed by kernel threads which process global system_wq workqueue,
signals could not be delivered from remote threads when p9_mux_poll_stop()
from p9_conn_destroy() from p9_fd_close() is called. Therefore, calling
set_thread_flag(TIF_SIGPENDING)/recalc_sigpending() every time would be
needed if we count on signals for making kernel_read()/kernel_write()
non-blocking.
Link: https://lkml.kernel.org/r/345de429-a88b-7097-d177-adecf9fed342@I-love.SAKURA.ne.jp
Link: https://syzkaller.appspot.com/bug?extid=8b41a1365f1106fd0f33 [1]
Reported-by: syzbot <syzbot+8b41a1365f1106fd0f33@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+8b41a1365f1106fd0f33@syzkaller.appspotmail.com>
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
[Dominique: add comment at Christian's suggestion]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/9p/trans_fd.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -822,11 +822,14 @@ static int p9_fd_open(struct p9_client *
goto out_free_ts;
if (!(ts->rd->f_mode & FMODE_READ))
goto out_put_rd;
+ /* prevent workers from hanging on IO when fd is a pipe */
+ ts->rd->f_flags |= O_NONBLOCK;
ts->wr = fget(wfd);
if (!ts->wr)
goto out_put_rd;
if (!(ts->wr->f_mode & FMODE_WRITE))
goto out_put_wr;
+ ts->wr->f_flags |= O_NONBLOCK;
client->trans = ts;
client->status = Connected;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 306/314] netlink: Bounds-check struct nlmsgerr creation
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 305/314] 9p/trans_fd: always use O_NONBLOCK read/write Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 307/314] wifi: wext: use flex array destination for memcpy() Greg Kroah-Hartman
` (15 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Pablo Neira Ayuso,
Jozsef Kadlecsik, Florian Westphal, David S. Miller,
Eric Dumazet, Paolo Abeni, syzbot, netfilter-devel, coreteam,
netdev, Kees Cook
From: Kees Cook <keescook@chromium.org>
commit 710d21fdff9a98d621cd4e64167f3ef8af4e2fd1 upstream.
In preparation for FORTIFY_SOURCE doing bounds-check on memcpy(),
switch from __nlmsg_put to nlmsg_put(), and explain the bounds check
for dealing with the memcpy() across a composite flexible array struct.
Avoids this future run-time warning:
memcpy: detected field-spanning write (size 32) of single field "&errmsg->msg" at net/netlink/af_netlink.c:2447 (size 16)
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jozsef Kadlecsik <kadlec@netfilter.org>
Cc: Florian Westphal <fw@strlen.de>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: syzbot <syzkaller@googlegroups.com>
Cc: netfilter-devel@vger.kernel.org
Cc: coreteam@netfilter.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220901071336.1418572-1-keescook@chromium.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_core.c | 8 +++++---
net/netlink/af_netlink.c | 8 +++++---
2 files changed, 10 insertions(+), 6 deletions(-)
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1719,11 +1719,13 @@ call_ad(struct net *net, struct sock *ct
skb2 = nlmsg_new(payload, GFP_KERNEL);
if (!skb2)
return -ENOMEM;
- rep = __nlmsg_put(skb2, NETLINK_CB(skb).portid,
- nlh->nlmsg_seq, NLMSG_ERROR, payload, 0);
+ rep = nlmsg_put(skb2, NETLINK_CB(skb).portid,
+ nlh->nlmsg_seq, NLMSG_ERROR, payload, 0);
errmsg = nlmsg_data(rep);
errmsg->error = ret;
- memcpy(&errmsg->msg, nlh, nlh->nlmsg_len);
+ unsafe_memcpy(&errmsg->msg, nlh, nlh->nlmsg_len,
+ /* Bounds checked by the skb layer. */);
+
cmdattr = (void *)&errmsg->msg + min_len;
ret = nla_parse(cda, IPSET_ATTR_CMD_MAX, cmdattr,
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2440,11 +2440,13 @@ void netlink_ack(struct sk_buff *in_skb,
return;
}
- rep = __nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
- NLMSG_ERROR, payload, flags);
+ rep = nlmsg_put(skb, NETLINK_CB(in_skb).portid, nlh->nlmsg_seq,
+ NLMSG_ERROR, payload, flags);
errmsg = nlmsg_data(rep);
errmsg->error = err;
- memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg) ? nlh->nlmsg_len : sizeof(*nlh));
+ unsafe_memcpy(&errmsg->msg, nlh, payload > sizeof(*errmsg)
+ ? nlh->nlmsg_len : sizeof(*nlh),
+ /* Bounds checked by the skb layer. */);
if (nlk_has_extack && extack) {
if (extack->_msg) {
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 307/314] wifi: wext: use flex array destination for memcpy()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 306/314] netlink: Bounds-check struct nlmsgerr creation Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 308/314] rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered Greg Kroah-Hartman
` (14 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kees Cook, Hawkins Jiawei,
Johannes Berg, syzbot+473754e5af963cf014cf
From: Hawkins Jiawei <yin31149@gmail.com>
commit e3e6e1d16a4cf7b63159ec71774e822194071954 upstream.
Syzkaller reports buffer overflow false positive as follows:
------------[ cut here ]------------
memcpy: detected field-spanning write (size 8) of single field
"&compat_event->pointer" at net/wireless/wext-core.c:623 (size 4)
WARNING: CPU: 0 PID: 3607 at net/wireless/wext-core.c:623
wireless_send_event+0xab5/0xca0 net/wireless/wext-core.c:623
Modules linked in:
CPU: 1 PID: 3607 Comm: syz-executor659 Not tainted
6.0.0-rc6-next-20220921-syzkaller #0
[...]
Call Trace:
<TASK>
ioctl_standard_call+0x155/0x1f0 net/wireless/wext-core.c:1022
wireless_process_ioctl+0xc8/0x4c0 net/wireless/wext-core.c:955
wext_ioctl_dispatch net/wireless/wext-core.c:988 [inline]
wext_ioctl_dispatch net/wireless/wext-core.c:976 [inline]
wext_handle_ioctl+0x26b/0x280 net/wireless/wext-core.c:1049
sock_ioctl+0x285/0x640 net/socket.c:1220
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
</TASK>
Wireless events will be sent on the appropriate channels in
wireless_send_event(). Different wireless events may have different
payload structure and size, so kernel uses **len** and **cmd** field
in struct __compat_iw_event as wireless event common LCP part, uses
**pointer** as a label to mark the position of remaining different part.
Yet the problem is that, **pointer** is a compat_caddr_t type, which may
be smaller than the relative structure at the same position. So during
wireless_send_event() tries to parse the wireless events payload, it may
trigger the memcpy() run-time destination buffer bounds checking when the
relative structure's data is copied to the position marked by **pointer**.
This patch solves it by introducing flexible-array field **ptr_bytes**,
to mark the position of the wireless events remaining part next to
LCP part. What's more, this patch also adds **ptr_len** variable in
wireless_send_event() to improve its maintainability.
Reported-and-tested-by: syzbot+473754e5af963cf014cf@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/00000000000070db2005e95a5984@google.com/
Suggested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/wireless.h | 10 +++++++++-
net/wireless/wext-core.c | 17 ++++++++++-------
2 files changed, 19 insertions(+), 8 deletions(-)
--- a/include/linux/wireless.h
+++ b/include/linux/wireless.h
@@ -26,7 +26,15 @@ struct compat_iw_point {
struct __compat_iw_event {
__u16 len; /* Real length of this stuff */
__u16 cmd; /* Wireless IOCTL */
- compat_caddr_t pointer;
+
+ union {
+ compat_caddr_t pointer;
+
+ /* we need ptr_bytes to make memcpy() run-time destination
+ * buffer bounds checking happy, nothing special
+ */
+ DECLARE_FLEX_ARRAY(__u8, ptr_bytes);
+ };
};
#define IW_EV_COMPAT_LCP_LEN offsetof(struct __compat_iw_event, pointer)
#define IW_EV_COMPAT_POINT_OFF offsetof(struct compat_iw_point, length)
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
@@ -468,6 +468,7 @@ void wireless_send_event(struct net_devi
struct __compat_iw_event *compat_event;
struct compat_iw_point compat_wrqu;
struct sk_buff *compskb;
+ int ptr_len;
#endif
/*
@@ -582,6 +583,9 @@ void wireless_send_event(struct net_devi
nlmsg_end(skb, nlh);
#ifdef CONFIG_COMPAT
hdr_len = compat_event_type_size[descr->header_type];
+
+ /* ptr_len is remaining size in event header apart from LCP */
+ ptr_len = hdr_len - IW_EV_COMPAT_LCP_LEN;
event_len = hdr_len + extra_len;
compskb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
@@ -612,16 +616,15 @@ void wireless_send_event(struct net_devi
if (descr->header_type == IW_HEADER_TYPE_POINT) {
compat_wrqu.length = wrqu->data.length;
compat_wrqu.flags = wrqu->data.flags;
- memcpy(&compat_event->pointer,
- ((char *) &compat_wrqu) + IW_EV_COMPAT_POINT_OFF,
- hdr_len - IW_EV_COMPAT_LCP_LEN);
+ memcpy(compat_event->ptr_bytes,
+ ((char *)&compat_wrqu) + IW_EV_COMPAT_POINT_OFF,
+ ptr_len);
if (extra_len)
- memcpy(((char *) compat_event) + hdr_len,
- extra, extra_len);
+ memcpy(&compat_event->ptr_bytes[ptr_len],
+ extra, extra_len);
} else {
/* extra_len must be zero, so no if (extra) needed */
- memcpy(&compat_event->pointer, wrqu,
- hdr_len - IW_EV_COMPAT_LCP_LEN);
+ memcpy(compat_event->ptr_bytes, wrqu, ptr_len);
}
nlmsg_end(compskb, nlh);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 308/314] rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 307/314] wifi: wext: use flex array destination for memcpy() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 309/314] mm: fs: initialize fsdata passed to write_begin/write_end interface Greg Kroah-Hartman
` (13 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Rutland, Mathieu Desnoyers,
Peter Zijlstra (Intel),
Paul E. McKenney
From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
commit 448dca8c88755b768552e19bd1618be34ef6d1ff upstream.
These commits use WARN_ON_ONCE() and kill the offending processes when
deprecated and unknown flags are encountered:
commit c17a6ff93213 ("rseq: Kill process when unknown flags are encountered in ABI structures")
commit 0190e4198e47 ("rseq: Deprecate RSEQ_CS_FLAG_NO_RESTART_ON_* flags")
The WARN_ON_ONCE() triggered by userspace input prevents use of
Syzkaller to fuzz the rseq system call.
Replace this WARN_ON_ONCE() by pr_warn_once() messages which contain
actually useful information.
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Paul E. McKenney <paulmck@kernel.org>
Link: https://lkml.kernel.org/r/20221102130635.7379-1-mathieu.desnoyers@efficios.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/rseq.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
--- a/kernel/rseq.c
+++ b/kernel/rseq.c
@@ -171,12 +171,27 @@ static int rseq_get_rseq_cs(struct task_
return 0;
}
+static bool rseq_warn_flags(const char *str, u32 flags)
+{
+ u32 test_flags;
+
+ if (!flags)
+ return false;
+ test_flags = flags & RSEQ_CS_NO_RESTART_FLAGS;
+ if (test_flags)
+ pr_warn_once("Deprecated flags (%u) in %s ABI structure", test_flags, str);
+ test_flags = flags & ~RSEQ_CS_NO_RESTART_FLAGS;
+ if (test_flags)
+ pr_warn_once("Unknown flags (%u) in %s ABI structure", test_flags, str);
+ return true;
+}
+
static int rseq_need_restart(struct task_struct *t, u32 cs_flags)
{
u32 flags, event_mask;
int ret;
- if (WARN_ON_ONCE(cs_flags & RSEQ_CS_NO_RESTART_FLAGS) || cs_flags)
+ if (rseq_warn_flags("rseq_cs", cs_flags))
return -EINVAL;
/* Get thread flags. */
@@ -184,7 +199,7 @@ static int rseq_need_restart(struct task
if (ret)
return ret;
- if (WARN_ON_ONCE(flags & RSEQ_CS_NO_RESTART_FLAGS) || flags)
+ if (rseq_warn_flags("rseq", flags))
return -EINVAL;
/*
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 309/314] mm: fs: initialize fsdata passed to write_begin/write_end interface
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 308/314] rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 310/314] net/9p: use a dedicated spinlock for trans_fd Greg Kroah-Hartman
` (12 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Potapenko, Alexander Viro,
Alexei Starovoitov, Andrey Konovalov, Andrey Konovalov,
Andy Lutomirski, Arnd Bergmann, Borislav Petkov,
Christoph Hellwig, Christoph Lameter, David Rientjes,
Dmitry Vyukov, Eric Biggers, Eric Biggers, Eric Dumazet,
Herbert Xu, Ilya Leoshkevich, Ingo Molnar, Jens Axboe,
Joonsoo Kim, Kees Cook, Marco Elver, Mark Rutland,
Matthew Wilcox, Michael S. Tsirkin, Pekka Enberg, Peter Zijlstra,
Petr Mladek, Stephen Rothwell, Steven Rostedt, Thomas Gleixner,
Vasily Gorbik, Vegard Nossum, Vlastimil Babka, Andrew Morton
From: Alexander Potapenko <glider@google.com>
commit 1468c6f4558b1bcd92aa0400f2920f9dc7588402 upstream.
Functions implementing the a_ops->write_end() interface accept the `void
*fsdata` parameter that is supposed to be initialized by the corresponding
a_ops->write_begin() (which accepts `void **fsdata`).
However not all a_ops->write_begin() implementations initialize `fsdata`
unconditionally, so it may get passed uninitialized to a_ops->write_end(),
resulting in undefined behavior.
Fix this by initializing fsdata with NULL before the call to
write_begin(), rather than doing so in all possible a_ops implementations.
This patch covers only the following cases found by running x86 KMSAN
under syzkaller:
- generic_perform_write()
- cont_expand_zero() and generic_cont_expand_simple()
- page_symlink()
Other cases of passing uninitialized fsdata may persist in the codebase.
Link: https://lkml.kernel.org/r/20220915150417.722975-43-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Marco Elver <elver@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/buffer.c | 4 ++--
fs/namei.c | 2 +-
mm/filemap.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2352,7 +2352,7 @@ int generic_cont_expand_simple(struct in
struct address_space *mapping = inode->i_mapping;
const struct address_space_operations *aops = mapping->a_ops;
struct page *page;
- void *fsdata;
+ void *fsdata = NULL;
int err;
err = inode_newsize_ok(inode, size);
@@ -2378,7 +2378,7 @@ static int cont_expand_zero(struct file
const struct address_space_operations *aops = mapping->a_ops;
unsigned int blocksize = i_blocksize(inode);
struct page *page;
- void *fsdata;
+ void *fsdata = NULL;
pgoff_t index, curidx;
loff_t curpos;
unsigned zerofrom, offset, len;
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -5088,7 +5088,7 @@ int page_symlink(struct inode *inode, co
const struct address_space_operations *aops = mapping->a_ops;
bool nofs = !mapping_gfp_constraint(mapping, __GFP_FS);
struct page *page;
- void *fsdata;
+ void *fsdata = NULL;
int err;
unsigned int flags;
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -3712,7 +3712,7 @@ ssize_t generic_perform_write(struct kio
unsigned long offset; /* Offset into pagecache page */
unsigned long bytes; /* Bytes to write to page */
size_t copied; /* Bytes copied from user */
- void *fsdata;
+ void *fsdata = NULL;
offset = (pos & (PAGE_SIZE - 1));
bytes = min_t(unsigned long, PAGE_SIZE - offset,
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 310/314] net/9p: use a dedicated spinlock for trans_fd
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 309/314] mm: fs: initialize fsdata passed to write_begin/write_end interface Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 311/314] bpf: Prevent bpf program recursion for raw tracepoint probes Greg Kroah-Hartman
` (11 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Tetsuo Handa,
Christian Schoenebeck, Dominique Martinet
From: Dominique Martinet <asmadeus@codewreck.org>
commit 296ab4a813841ba1d5f40b03190fd1bd8f25aab0 upstream.
Shamelessly copying the explanation from Tetsuo Handa's suggested
patch[1] (slightly reworded):
syzbot is reporting inconsistent lock state in p9_req_put()[2],
for p9_tag_remove() from p9_req_put() from IRQ context is using
spin_lock_irqsave() on "struct p9_client"->lock but trans_fd
(not from IRQ context) is using spin_lock().
Since the locks actually protect different things in client.c and in
trans_fd.c, just replace trans_fd.c's lock by a new one specific to the
transport (client.c's protect the idr for fid/tag allocations,
while trans_fd.c's protects its own req list and request status field
that acts as the transport's state machine)
Link: https://lore.kernel.org/r/20220904112928.1308799-1-asmadeus@codewreck.org
Link: https://lkml.kernel.org/r/2470e028-9b05-2013-7198-1fdad071d999@I-love.SAKURA.ne.jp [1]
Link: https://syzkaller.appspot.com/bug?extid=2f20b523930c32c160cc [2]
Reported-by: syzbot <syzbot+2f20b523930c32c160cc@syzkaller.appspotmail.com>
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/9p/trans_fd.c | 41 +++++++++++++++++++++++++----------------
1 file changed, 25 insertions(+), 16 deletions(-)
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -91,6 +91,7 @@ struct p9_poll_wait {
* @mux_list: list link for mux to manage multiple connections (?)
* @client: reference to client instance for this connection
* @err: error state
+ * @req_lock: lock protecting req_list and requests statuses
* @req_list: accounting for requests which have been sent
* @unsent_req_list: accounting for requests that haven't been sent
* @rreq: read request
@@ -114,6 +115,7 @@ struct p9_conn {
struct list_head mux_list;
struct p9_client *client;
int err;
+ spinlock_t req_lock;
struct list_head req_list;
struct list_head unsent_req_list;
struct p9_req_t *rreq;
@@ -189,10 +191,10 @@ static void p9_conn_cancel(struct p9_con
p9_debug(P9_DEBUG_ERROR, "mux %p err %d\n", m, err);
- spin_lock(&m->client->lock);
+ spin_lock(&m->req_lock);
if (m->err) {
- spin_unlock(&m->client->lock);
+ spin_unlock(&m->req_lock);
return;
}
@@ -205,7 +207,7 @@ static void p9_conn_cancel(struct p9_con
list_move(&req->req_list, &cancel_list);
}
- spin_unlock(&m->client->lock);
+ spin_unlock(&m->req_lock);
list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
p9_debug(P9_DEBUG_ERROR, "call back req %p\n", req);
@@ -360,7 +362,7 @@ static void p9_read_work(struct work_str
if ((m->rreq) && (m->rc.offset == m->rc.capacity)) {
p9_debug(P9_DEBUG_TRANS, "got new packet\n");
m->rreq->rc.size = m->rc.offset;
- spin_lock(&m->client->lock);
+ spin_lock(&m->req_lock);
if (m->rreq->status == REQ_STATUS_SENT) {
list_del(&m->rreq->req_list);
p9_client_cb(m->client, m->rreq, REQ_STATUS_RCVD);
@@ -369,14 +371,14 @@ static void p9_read_work(struct work_str
p9_debug(P9_DEBUG_TRANS,
"Ignore replies associated with a cancelled request\n");
} else {
- spin_unlock(&m->client->lock);
+ spin_unlock(&m->req_lock);
p9_debug(P9_DEBUG_ERROR,
"Request tag %d errored out while we were reading the reply\n",
m->rc.tag);
err = -EIO;
goto error;
}
- spin_unlock(&m->client->lock);
+ spin_unlock(&m->req_lock);
m->rc.sdata = NULL;
m->rc.offset = 0;
m->rc.capacity = 0;
@@ -454,10 +456,10 @@ static void p9_write_work(struct work_st
}
if (!m->wsize) {
- spin_lock(&m->client->lock);
+ spin_lock(&m->req_lock);
if (list_empty(&m->unsent_req_list)) {
clear_bit(Wworksched, &m->wsched);
- spin_unlock(&m->client->lock);
+ spin_unlock(&m->req_lock);
return;
}
@@ -472,7 +474,7 @@ static void p9_write_work(struct work_st
m->wpos = 0;
p9_req_get(req);
m->wreq = req;
- spin_unlock(&m->client->lock);
+ spin_unlock(&m->req_lock);
}
p9_debug(P9_DEBUG_TRANS, "mux %p pos %d size %d\n",
@@ -589,6 +591,7 @@ static void p9_conn_create(struct p9_cli
INIT_LIST_HEAD(&m->mux_list);
m->client = client;
+ spin_lock_init(&m->req_lock);
INIT_LIST_HEAD(&m->req_list);
INIT_LIST_HEAD(&m->unsent_req_list);
INIT_WORK(&m->rq, p9_read_work);
@@ -670,10 +673,10 @@ static int p9_fd_request(struct p9_clien
if (m->err < 0)
return m->err;
- spin_lock(&client->lock);
+ spin_lock(&m->req_lock);
req->status = REQ_STATUS_UNSENT;
list_add_tail(&req->req_list, &m->unsent_req_list);
- spin_unlock(&client->lock);
+ spin_unlock(&m->req_lock);
if (test_and_clear_bit(Wpending, &m->wsched))
n = EPOLLOUT;
@@ -688,11 +691,13 @@ static int p9_fd_request(struct p9_clien
static int p9_fd_cancel(struct p9_client *client, struct p9_req_t *req)
{
+ struct p9_trans_fd *ts = client->trans;
+ struct p9_conn *m = &ts->conn;
int ret = 1;
p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
- spin_lock(&client->lock);
+ spin_lock(&m->req_lock);
if (req->status == REQ_STATUS_UNSENT) {
list_del(&req->req_list);
@@ -700,21 +705,24 @@ static int p9_fd_cancel(struct p9_client
p9_req_put(client, req);
ret = 0;
}
- spin_unlock(&client->lock);
+ spin_unlock(&m->req_lock);
return ret;
}
static int p9_fd_cancelled(struct p9_client *client, struct p9_req_t *req)
{
+ struct p9_trans_fd *ts = client->trans;
+ struct p9_conn *m = &ts->conn;
+
p9_debug(P9_DEBUG_TRANS, "client %p req %p\n", client, req);
- spin_lock(&client->lock);
+ spin_lock(&m->req_lock);
/* Ignore cancelled request if message has been received
* before lock.
*/
if (req->status == REQ_STATUS_RCVD) {
- spin_unlock(&client->lock);
+ spin_unlock(&m->req_lock);
return 0;
}
@@ -723,7 +731,8 @@ static int p9_fd_cancelled(struct p9_cli
*/
list_del(&req->req_list);
req->status = REQ_STATUS_FLSHD;
- spin_unlock(&client->lock);
+ spin_unlock(&m->req_lock);
+
p9_req_put(client, req);
return 0;
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 311/314] bpf: Prevent bpf program recursion for raw tracepoint probes
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 310/314] net/9p: use a dedicated spinlock for trans_fd Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 312/314] ntfs: fix use-after-free in ntfs_attr_find() Greg Kroah-Hartman
` (10 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stanislav Fomichev,
syzbot+2251879aa068ad9c960d, Jiri Olsa, Alexei Starovoitov
From: Jiri Olsa <jolsa@kernel.org>
commit 05b24ff9b2cfabfcfd951daaa915a036ab53c9e1 upstream.
We got report from sysbot [1] about warnings that were caused by
bpf program attached to contention_begin raw tracepoint triggering
the same tracepoint by using bpf_trace_printk helper that takes
trace_printk_lock lock.
Call Trace:
<TASK>
? trace_event_raw_event_bpf_trace_printk+0x5f/0x90
bpf_trace_printk+0x2b/0xe0
bpf_prog_a9aec6167c091eef_prog+0x1f/0x24
bpf_trace_run2+0x26/0x90
native_queued_spin_lock_slowpath+0x1c6/0x2b0
_raw_spin_lock_irqsave+0x44/0x50
bpf_trace_printk+0x3f/0xe0
bpf_prog_a9aec6167c091eef_prog+0x1f/0x24
bpf_trace_run2+0x26/0x90
native_queued_spin_lock_slowpath+0x1c6/0x2b0
_raw_spin_lock_irqsave+0x44/0x50
bpf_trace_printk+0x3f/0xe0
bpf_prog_a9aec6167c091eef_prog+0x1f/0x24
bpf_trace_run2+0x26/0x90
native_queued_spin_lock_slowpath+0x1c6/0x2b0
_raw_spin_lock_irqsave+0x44/0x50
bpf_trace_printk+0x3f/0xe0
bpf_prog_a9aec6167c091eef_prog+0x1f/0x24
bpf_trace_run2+0x26/0x90
native_queued_spin_lock_slowpath+0x1c6/0x2b0
_raw_spin_lock_irqsave+0x44/0x50
__unfreeze_partials+0x5b/0x160
...
The can be reproduced by attaching bpf program as raw tracepoint on
contention_begin tracepoint. The bpf prog calls bpf_trace_printk
helper. Then by running perf bench the spin lock code is forced to
take slow path and call contention_begin tracepoint.
Fixing this by skipping execution of the bpf program if it's
already running, Using bpf prog 'active' field, which is being
currently used by trampoline programs for the same reason.
Moving bpf_prog_inc_misses_counter to syscall.c because
trampoline.c is compiled in just for CONFIG_BPF_JIT option.
Reviewed-by: Stanislav Fomichev <sdf@google.com>
Reported-by: syzbot+2251879aa068ad9c960d@syzkaller.appspotmail.com
[1] https://lore.kernel.org/bpf/YxhFe3EwqchC%2FfYf@krava/T/#t
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/r/20220916071914.7156-1-jolsa@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/bpf.h | 5 +++++
kernel/bpf/syscall.c | 11 +++++++++++
kernel/bpf/trampoline.c | 15 ++-------------
kernel/trace/bpf_trace.c | 6 ++++++
4 files changed, 24 insertions(+), 13 deletions(-)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1967,6 +1967,7 @@ static inline bool unprivileged_ebpf_ena
return !sysctl_unprivileged_bpf_disabled;
}
+void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog);
#else /* !CONFIG_BPF_SYSCALL */
static inline struct bpf_prog *bpf_prog_get(u32 ufd)
{
@@ -2305,6 +2306,10 @@ static inline int sock_map_bpf_prog_quer
{
return -EINVAL;
}
+
+static inline void bpf_prog_inc_misses_counter(struct bpf_prog *prog)
+{
+}
#endif /* CONFIG_BPF_SYSCALL */
#endif /* CONFIG_NET && CONFIG_BPF_SYSCALL */
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -2094,6 +2094,17 @@ struct bpf_prog_kstats {
u64 misses;
};
+void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog)
+{
+ struct bpf_prog_stats *stats;
+ unsigned int flags;
+
+ stats = this_cpu_ptr(prog->stats);
+ flags = u64_stats_update_begin_irqsave(&stats->syncp);
+ u64_stats_inc(&stats->misses);
+ u64_stats_update_end_irqrestore(&stats->syncp, flags);
+}
+
static void bpf_prog_get_stats(const struct bpf_prog *prog,
struct bpf_prog_kstats *stats)
{
--- a/kernel/bpf/trampoline.c
+++ b/kernel/bpf/trampoline.c
@@ -863,17 +863,6 @@ static __always_inline u64 notrace bpf_p
return start;
}
-static void notrace inc_misses_counter(struct bpf_prog *prog)
-{
- struct bpf_prog_stats *stats;
- unsigned int flags;
-
- stats = this_cpu_ptr(prog->stats);
- flags = u64_stats_update_begin_irqsave(&stats->syncp);
- u64_stats_inc(&stats->misses);
- u64_stats_update_end_irqrestore(&stats->syncp, flags);
-}
-
/* The logic is similar to bpf_prog_run(), but with an explicit
* rcu_read_lock() and migrate_disable() which are required
* for the trampoline. The macro is split into
@@ -896,7 +885,7 @@ u64 notrace __bpf_prog_enter(struct bpf_
run_ctx->saved_run_ctx = bpf_set_run_ctx(&run_ctx->run_ctx);
if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
- inc_misses_counter(prog);
+ bpf_prog_inc_misses_counter(prog);
return 0;
}
return bpf_prog_start_time();
@@ -967,7 +956,7 @@ u64 notrace __bpf_prog_enter_sleepable(s
might_fault();
if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
- inc_misses_counter(prog);
+ bpf_prog_inc_misses_counter(prog);
return 0;
}
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2058,9 +2058,15 @@ static __always_inline
void __bpf_trace_run(struct bpf_prog *prog, u64 *args)
{
cant_sleep();
+ if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
+ bpf_prog_inc_misses_counter(prog);
+ goto out;
+ }
rcu_read_lock();
(void) bpf_prog_run(prog, args);
rcu_read_unlock();
+out:
+ this_cpu_dec(*(prog->active));
}
#define UNPACK(...) __VA_ARGS__
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 312/314] ntfs: fix use-after-free in ntfs_attr_find()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 311/314] bpf: Prevent bpf program recursion for raw tracepoint probes Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 313/314] ntfs: fix out-of-bounds read " Greg Kroah-Hartman
` (9 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hawkins Jiawei, Anton Altaparmakov,
ChenXiaoSong, syzkaller-bugs, Dan Carpenter, Andrew Morton
From: Hawkins Jiawei <yin31149@gmail.com>
commit d85a1bec8e8d552ab13163ca1874dcd82f3d1550 upstream.
Patch series "ntfs: fix bugs about Attribute", v2.
This patchset fixes three bugs relative to Attribute in record:
Patch 1 adds a sanity check to ensure that, attrs_offset field in first
mft record loading from disk is within bounds.
Patch 2 moves the ATTR_RECORD's bounds checking earlier, to avoid
dereferencing ATTR_RECORD before checking this ATTR_RECORD is within
bounds.
Patch 3 adds an overflow checking to avoid possible forever loop in
ntfs_attr_find().
Without patch 1 and patch 2, the kernel triggersa KASAN use-after-free
detection as reported by Syzkaller.
Although one of patch 1 or patch 2 can fix this, we still need both of
them. Because patch 1 fixes the root cause, and patch 2 not only fixes
the direct cause, but also fixes the potential out-of-bounds bug.
This patch (of 3):
Syzkaller reported use-after-free read as follows:
==================================================================
BUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
Read of size 2 at addr ffff88807e352009 by task syz-executor153/3607
[...]
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
ntfs_attr_lookup+0x1056/0x2070 fs/ntfs/attrib.c:1193
ntfs_read_inode_mount+0x89a/0x2580 fs/ntfs/inode.c:1845
ntfs_fill_super+0x1799/0x9320 fs/ntfs/super.c:2854
mount_bdev+0x34d/0x410 fs/super.c:1400
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1530
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1326/0x1e20 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
</TASK>
The buggy address belongs to the physical page:
page:ffffea0001f8d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e350
head:ffffea0001f8d400 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011842140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88807e351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88807e351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88807e352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88807e352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88807e352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Kernel will loads $MFT/$DATA's first mft record in
ntfs_read_inode_mount().
Yet the problem is that after loading, kernel doesn't check whether
attrs_offset field is a valid value.
To be more specific, if attrs_offset field is larger than bytes_allocated
field, then it may trigger the out-of-bounds read bug(reported as
use-after-free bug) in ntfs_attr_find(), when kernel tries to access the
corresponding mft record's attribute.
This patch solves it by adding the sanity check between attrs_offset field
and bytes_allocated field, after loading the first mft record.
Link: https://lkml.kernel.org/r/20220831160935.3409-1-yin31149@gmail.com
Link: https://lkml.kernel.org/r/20220831160935.3409-2-yin31149@gmail.com
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: ChenXiaoSong <chenxiaosong2@huawei.com>
Cc: syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -1829,6 +1829,13 @@ int ntfs_read_inode_mount(struct inode *
goto err_out;
}
+ /* Sanity check offset to the first attribute */
+ if (le16_to_cpu(m->attrs_offset) >= le32_to_cpu(m->bytes_allocated)) {
+ ntfs_error(sb, "Incorrect mft offset to the first attribute %u in superblock.",
+ le16_to_cpu(m->attrs_offset));
+ goto err_out;
+ }
+
/* Need this to sanity check attribute list references to $MFT. */
vi->i_generation = ni->seq_no = le16_to_cpu(m->sequence_number);
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 313/314] ntfs: fix out-of-bounds read in ntfs_attr_find()
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 312/314] ntfs: fix use-after-free in ntfs_attr_find() Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 314/314] ntfs: check overflow when iterating ATTR_RECORDs Greg Kroah-Hartman
` (8 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, chenxiaosong (A),
Dan Carpenter, Hawkins Jiawei, syzbot+5f8dcabe4a3b2c51c607,
Anton Altaparmakov, syzkaller-bugs, Andrew Morton
From: Hawkins Jiawei <yin31149@gmail.com>
commit 36a4d82dddbbd421d2b8e79e1cab68c8126d5075 upstream.
Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). To
ensure access on these ATTR_RECORDs are within bounds, kernel will do some
checking during iteration.
The problem is that during checking whether ATTR_RECORD's name is within
bounds, kernel will dereferences the ATTR_RECORD name_offset field, before
checking this ATTR_RECORD strcture is within bounds. This problem may
result out-of-bounds read in ntfs_attr_find(), reported by Syzkaller:
==================================================================
BUG: KASAN: use-after-free in ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
Read of size 2 at addr ffff88807e352009 by task syz-executor153/3607
[...]
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
ntfs_attr_find+0xc02/0xce0 fs/ntfs/attrib.c:597
ntfs_attr_lookup+0x1056/0x2070 fs/ntfs/attrib.c:1193
ntfs_read_inode_mount+0x89a/0x2580 fs/ntfs/inode.c:1845
ntfs_fill_super+0x1799/0x9320 fs/ntfs/super.c:2854
mount_bdev+0x34d/0x410 fs/super.c:1400
legacy_get_tree+0x105/0x220 fs/fs_context.c:610
vfs_get_tree+0x89/0x2f0 fs/super.c:1530
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1326/0x1e20 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
</TASK>
The buggy address belongs to the physical page:
page:ffffea0001f8d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e350
head:ffffea0001f8d400 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011842140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88807e351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88807e351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88807e352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88807e352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88807e352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
This patch solves it by moving the ATTR_RECORD strcture's bounds checking
earlier, then checking whether ATTR_RECORD's name is within bounds.
What's more, this patch also add some comments to improve its
maintainability.
Link: https://lkml.kernel.org/r/20220831160935.3409-3-yin31149@gmail.com
Link: https://lore.kernel.org/all/1636796c-c85e-7f47-e96f-e074fee3c7d3@huawei.com/
Link: https://groups.google.com/g/syzkaller-bugs/c/t_XdeKPGTR4/m/LECAuIGcBgAJ
Signed-off-by: chenxiaosong (A) <chenxiaosong2@huawei.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Reported-by: syzbot+5f8dcabe4a3b2c51c607@syzkaller.appspotmail.com
Tested-by: syzbot+5f8dcabe4a3b2c51c607@syzkaller.appspotmail.com
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs/attrib.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -594,11 +594,23 @@ static int ntfs_attr_find(const ATTR_TYP
for (;; a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) {
u8 *mrec_end = (u8 *)ctx->mrec +
le32_to_cpu(ctx->mrec->bytes_allocated);
- u8 *name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
- a->name_length * sizeof(ntfschar);
- if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end ||
- name_end > mrec_end)
+ u8 *name_end;
+
+ /* check whether ATTR_RECORD wrap */
+ if ((u8 *)a < (u8 *)ctx->mrec)
break;
+
+ /* check whether Attribute Record Header is within bounds */
+ if ((u8 *)a > mrec_end ||
+ (u8 *)a + sizeof(ATTR_RECORD) > mrec_end)
+ break;
+
+ /* check whether ATTR_RECORD's name is within bounds */
+ name_end = (u8 *)a + le16_to_cpu(a->name_offset) +
+ a->name_length * sizeof(ntfschar);
+ if (name_end > mrec_end)
+ break;
+
ctx->attr = a;
if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) ||
a->type == AT_END))
^ permalink raw reply [flat|nested] 325+ messages in thread
* [PATCH 6.0 314/314] ntfs: check overflow when iterating ATTR_RECORDs
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 313/314] ntfs: fix out-of-bounds read " Greg Kroah-Hartman
@ 2022-11-23 8:52 ` Greg Kroah-Hartman
2022-11-23 17:03 ` [PATCH 6.0 000/314] 6.0.10-rc1 review Guenter Roeck
` (7 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-23 8:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hawkins Jiawei, Dan Carpenter,
Anton Altaparmakov, chenxiaosong (A),
syzkaller-bugs, Andrew Morton
From: Hawkins Jiawei <yin31149@gmail.com>
commit 63095f4f3af59322bea984a6ae44337439348fe0 upstream.
Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find().
Because the ATTR_RECORDs are next to each other, kernel can get the next
ATTR_RECORD from end address of current ATTR_RECORD, through current
ATTR_RECORD length field.
The problem is that during iteration, when kernel calculates the end
address of current ATTR_RECORD, kernel may trigger an integer overflow bug
in executing `a = (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))`. This
may wrap, leading to a forever iteration on 32bit systems.
This patch solves it by adding some checks on calculating end address
of current ATTR_RECORD during iteration.
Link: https://lkml.kernel.org/r/20220831160935.3409-4-yin31149@gmail.com
Link: https://lore.kernel.org/all/20220827105842.GM2030@kadam/
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: chenxiaosong (A) <chenxiaosong2@huawei.com>
Cc: syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ntfs/attrib.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/ntfs/attrib.c
+++ b/fs/ntfs/attrib.c
@@ -617,6 +617,14 @@ static int ntfs_attr_find(const ATTR_TYP
return -ENOENT;
if (unlikely(!a->length))
break;
+
+ /* check whether ATTR_RECORD's length wrap */
+ if ((u8 *)a + le32_to_cpu(a->length) < (u8 *)a)
+ break;
+ /* check whether ATTR_RECORD's length is within bounds */
+ if ((u8 *)a + le32_to_cpu(a->length) > mrec_end)
+ break;
+
if (a->type != type)
continue;
/*
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-11-23 8:52 ` [PATCH 6.0 314/314] ntfs: check overflow when iterating ATTR_RECORDs Greg Kroah-Hartman
@ 2022-11-23 17:03 ` Guenter Roeck
2022-11-25 7:35 ` Greg Kroah-Hartman
2022-11-23 22:31 ` Ron Economos
` (6 subsequent siblings)
321 siblings, 1 reply; 325+ messages in thread
From: Guenter Roeck @ 2022-11-23 17:03 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> Anything received after that time might be too late.
>
Build reference: v6.0.9-315-gdcf677c
Compiler version: arm-linux-gnueabi-gcc (GCC) 11.3.0
Assembler version: GNU assembler (GNU Binutils) 2.39
Building arm:allmodconfig ... failed
--------------
Error log:
drivers/rtc/rtc-cmos.c:1347:13: error: 'rtc_wake_setup' defined but not used [-Werror=unused-function]
1347 | static void rtc_wake_setup(struct device *dev)
Guenter
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-11-23 17:03 ` [PATCH 6.0 000/314] 6.0.10-rc1 review Guenter Roeck
@ 2022-11-23 22:31 ` Ron Economos
2022-11-24 2:04 ` Fenil Jain
` (5 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Ron Economos @ 2022-11-23 22:31 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On 11/23/22 12:47 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.10-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-11-23 22:31 ` Ron Economos
@ 2022-11-24 2:04 ` Fenil Jain
2022-11-24 2:39 ` Guenter Roeck
` (4 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Fenil Jain @ 2022-11-24 2:04 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable
Hey Greg,
Ran tests and boot tested on my system, no regressions found
Tested-by: Fenil Jain <fkjainco@gmail.com>
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-11-24 2:04 ` Fenil Jain
@ 2022-11-24 2:39 ` Guenter Roeck
2022-11-24 8:18 ` Naresh Kamboju
` (3 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Guenter Roeck @ 2022-11-24 2:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 152 pass: 147 fail: 5
Failed builds:
arm:allmodconfig
mips:allmodconfig
powerpc:allmodconfig
powerpc:ppc32_allmodconfig
sparc64:allmodconfig
Qemu test results:
total: 500 pass: 500 fail: 0
Error log:
drivers/rtc/rtc-cmos.c:1347:13: error: 'rtc_wake_setup' defined but not used [-Werror=unused-function]
1347 | static void rtc_wake_setup(struct device *dev)
Guenter
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-11-24 2:39 ` Guenter Roeck
@ 2022-11-24 8:18 ` Naresh Kamboju
2022-11-24 8:48 ` Bagas Sanjaya
` (2 subsequent siblings)
321 siblings, 0 replies; 325+ messages in thread
From: Naresh Kamboju @ 2022-11-24 8:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, Alexandre Belloni
On Wed, 23 Nov 2022 at 15:09, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.10-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
NOTE:
As others reported arm: allmodconfig build failed due to
rtc: cmos: fix build on non-ACPI platforms
[ Upstream commit db4e955ae333567dea02822624106c0b96a2f84f ]
Build error:
drivers/rtc/rtc-cmos.c:1347:13: error: 'rtc_wake_setup' defined but
not used [-Werror=unused-function]
1347 | static void rtc_wake_setup(struct device *dev)
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
## Build
* kernel: 6.0.10-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-6.0.y
* git commit: dcf677c9377c88653b9cbbfc7e59e70f7a2af096
* git describe: v6.0.9-315-gdcf677c9377c
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.0.y/build/v6.0.9-315-gdcf677c9377c
## Test Regressions (compared to v6.0.9)
## Metric Regressions (compared to v6.0.9)
## Test Fixes (compared to v6.0.9)
## Metric Fixes (compared to v6.0.9)
## Test result summary
total: 148325, pass: 129685, fail: 3631, skip: 14746, xfail: 263
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 147 total, 144 passed, 3 failed
* arm64: 45 total, 45 passed, 0 failed
* i386: 35 total, 34 passed, 1 failed
* mips: 27 total, 26 passed, 1 failed
* parisc: 6 total, 6 passed, 0 failed
* powerpc: 34 total, 30 passed, 4 failed
* riscv: 12 total, 12 passed, 0 failed
* s390: 12 total, 12 passed, 0 failed
* sh: 12 total, 12 passed, 0 failed
* sparc: 6 total, 6 passed, 0 failed
* x86_64: 38 total, 38 passed, 0 failed
## Test suites summary
* boot
* fwts
* igt-gpu-tools
* kselftest-android
* kselftest-arm64
* kselftest-arm64/arm64.btitest.bti_c_func
* kselftest-arm64/arm64.btitest.bti_j_func
* kselftest-arm64/arm64.btitest.bti_jc_func
* kselftest-arm64/arm64.btitest.bti_none_func
* kselftest-arm64/arm64.btitest.nohint_func
* kselftest-arm64/arm64.btitest.paciasp_func
* kselftest-arm64/arm64.nobtitest.bti_c_func
* kselftest-arm64/arm64.nobtitest.bti_j_func
* kselftest-arm64/arm64.nobtitest.bti_jc_func
* kselftest-arm64/arm64.nobtitest.bti_none_func
* kselftest-arm64/arm64.nobtitest.nohint_func
* kselftest-arm64/arm64.nobtitest.paciasp_func
* kselftest-breakpoints
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-kvm
* kselftest-lib
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-openat2
* kselftest-seccomp
* kselftest-timens
* kunit
* kvm-unit-tests
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-open-posix-tests
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* network-basic-tests
* perf
* perf/Zstd-perf.data-compression
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-11-24 8:18 ` Naresh Kamboju
@ 2022-11-24 8:48 ` Bagas Sanjaya
2022-11-24 11:16 ` Sudip Mukherjee
2022-11-25 0:29 ` Justin Forbes
321 siblings, 0 replies; 325+ messages in thread
From: Bagas Sanjaya @ 2022-11-24 8:48 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
[-- Attachment #1: Type: text/plain, Size: 539 bytes --]
On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm64 (bcm2711_defconfig, GCC 10.2.0) and
powerpc (ps3_defconfig, GCC 12.2.0).
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-11-24 8:48 ` Bagas Sanjaya
@ 2022-11-24 11:16 ` Sudip Mukherjee
2022-11-25 7:45 ` Greg Kroah-Hartman
2022-11-25 0:29 ` Justin Forbes
321 siblings, 1 reply; 325+ messages in thread
From: Sudip Mukherjee @ 2022-11-24 11:16 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli, srw, rwarsow
Hi Greg,
On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> Anything received after that time might be too late.
Build test (gcc version 12.2.1 20221016):
mips: 52 configs -> 1 failure
arm: 100 configs -> 2 failures
arm64: 3 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
csky allmodconfig -> no failure
powerpc allmodconfig -> 1 failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Note:
1. As reported by others arm mips and powerpc allmodconfig fails with:
drivers/rtc/rtc-cmos.c:1299:13: error: 'rtc_wake_setup' defined but not used [-Werror=unused-function]
1299 | static void rtc_wake_setup(struct device *dev)
| ^~~~~~~~~~~~~~
2. arm imxrt_defconfig fails with:
In file included from ./include/linux/bpf-cgroup.h:5,
from security/device_cgroup.c:8:
./include/linux/bpf.h:2310:20: error: static declaration of 'bpf_prog_inc_misses_counter' follows non-static declaration
2310 | static inline void bpf_prog_inc_misses_counter(struct bpf_prog *prog)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/bpf.h:1970:14: note: previous declaration of 'bpf_prog_inc_misses_counter' with type 'void(struct bpf_prog *)'
1970 | void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Caused by a1ba348f5325 ("bpf: Prevent bpf program recursion for raw tracepoint probes").
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
arm64: Booted on rpi4b (4GB model). No regression. [2]
mips: Booted on ci20 board. No regression. [3]
[1]. https://openqa.qa.codethink.co.uk/tests/2210
[2]. https://openqa.qa.codethink.co.uk/tests/2214
[3]. https://openqa.qa.codethink.co.uk/tests/2216
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-11-24 11:16 ` Sudip Mukherjee
@ 2022-11-25 0:29 ` Justin Forbes
321 siblings, 0 replies; 325+ messages in thread
From: Justin Forbes @ 2022-11-25 0:29 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow
On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.0.10 release.
> There are 314 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.0.10-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.0.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Tested rc1 against the Fedora build system (aarch64, armv7, ppc64le,
s390x, x86_64), and boot tested x86_64. No regressions noted.
Tested-by: Justin M. Forbes <jforbes@fedoraproject.org>
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-23 17:03 ` [PATCH 6.0 000/314] 6.0.10-rc1 review Guenter Roeck
@ 2022-11-25 7:35 ` Greg Kroah-Hartman
0 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-25 7:35 UTC (permalink / raw)
To: Guenter Roeck
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow
On Wed, Nov 23, 2022 at 09:03:22AM -0800, Guenter Roeck wrote:
> On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 6.0.10 release.
> > There are 314 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> > Anything received after that time might be too late.
> >
>
> Build reference: v6.0.9-315-gdcf677c
> Compiler version: arm-linux-gnueabi-gcc (GCC) 11.3.0
> Assembler version: GNU assembler (GNU Binutils) 2.39
>
> Building arm:allmodconfig ... failed
> --------------
> Error log:
> drivers/rtc/rtc-cmos.c:1347:13: error: 'rtc_wake_setup' defined but not used [-Werror=unused-function]
> 1347 | static void rtc_wake_setup(struct device *dev)
Now fixed, this commit should not have been added, as it wasn't obvious
that it was fixing an issue only in 6.1-rc, not the stable trees.
Dropped from everywhere.
greg k-h
^ permalink raw reply [flat|nested] 325+ messages in thread
* Re: [PATCH 6.0 000/314] 6.0.10-rc1 review
2022-11-24 11:16 ` Sudip Mukherjee
@ 2022-11-25 7:45 ` Greg Kroah-Hartman
0 siblings, 0 replies; 325+ messages in thread
From: Greg Kroah-Hartman @ 2022-11-25 7:45 UTC (permalink / raw)
To: Sudip Mukherjee
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli, srw, rwarsow
On Thu, Nov 24, 2022 at 11:16:40AM +0000, Sudip Mukherjee wrote:
> Hi Greg,
>
> On Wed, Nov 23, 2022 at 09:47:25AM +0100, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 6.0.10 release.
> > There are 314 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Fri, 25 Nov 2022 08:45:20 +0000.
> > Anything received after that time might be too late.
>
> Build test (gcc version 12.2.1 20221016):
> mips: 52 configs -> 1 failure
> arm: 100 configs -> 2 failures
> arm64: 3 configs -> no failure
> x86_64: 4 configs -> no failure
> alpha allmodconfig -> no failure
> csky allmodconfig -> no failure
> powerpc allmodconfig -> 1 failure
> riscv allmodconfig -> no failure
> s390 allmodconfig -> no failure
> xtensa allmodconfig -> no failure
>
> Note:
> 1. As reported by others arm mips and powerpc allmodconfig fails with:
> drivers/rtc/rtc-cmos.c:1299:13: error: 'rtc_wake_setup' defined but not used [-Werror=unused-function]
> 1299 | static void rtc_wake_setup(struct device *dev)
> | ^~~~~~~~~~~~~~
>
Should now be fixed, thanks.
>
> 2. arm imxrt_defconfig fails with:
>
> In file included from ./include/linux/bpf-cgroup.h:5,
> from security/device_cgroup.c:8:
> ./include/linux/bpf.h:2310:20: error: static declaration of 'bpf_prog_inc_misses_counter' follows non-static declaration
> 2310 | static inline void bpf_prog_inc_misses_counter(struct bpf_prog *prog)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> ./include/linux/bpf.h:1970:14: note: previous declaration of 'bpf_prog_inc_misses_counter' with type 'void(struct bpf_prog *)'
> 1970 | void notrace bpf_prog_inc_misses_counter(struct bpf_prog *prog);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Caused by a1ba348f5325 ("bpf: Prevent bpf program recursion for raw tracepoint probes").
Oh, nice catch! I messed up the backport of this commit, and put the
prototype in the wrong place in the .h file. Let me push out a -rc2
with this moved a bit to see if that solves the problem.
Interesting that your build tests were the only one that caught this.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 325+ messages in thread
end of thread, other threads:[~2022-11-25 7:45 UTC | newest]
Thread overview: 325+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-23 8:47 [PATCH 6.0 000/314] 6.0.10-rc1 review Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 001/314] mtd: rawnand: qcom: handle ret from parse with codeword_fixup Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 002/314] drm/msm/gpu: Fix crash during system suspend after unbind Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 003/314] spi: tegra210-quad: Fix combined sequence Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 004/314] ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 005/314] ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 006/314] ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 007/314] ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 008/314] ASoC: rt5682s: Fix the TDM Tx settings Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 009/314] ASoC: rt1019: Fix the TDM settings Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 010/314] ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 011/314] spi: intel: Fix the offset to get the 64K erase opcode Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 012/314] ASoC: codecs: jz4725b: add missed Line In power control bit Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 013/314] ASoC: codecs: jz4725b: fix reported volume for Master ctl Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 014/314] ASoC: codecs: jz4725b: use right control for Capture Volume Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 015/314] ASoC: codecs: jz4725b: fix capture selector naming Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 016/314] ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 017/314] selftests/futex: fix build for clang Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 018/314] selftests/intel_pstate: fix build for ARCH=x86_64 Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 019/314] selftests/kexec: " Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 020/314] ASoC: Intel: sof_rt5682: Add quirk for Rex board Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 021/314] rtc: cmos: fix build on non-ACPI platforms Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 022/314] ASoC: rt1308-sdw: add the default value of some registers Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 023/314] ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 024/314] ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 025/314] drm/amdgpu: Adjust MES polling timeout for sriov Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 026/314] platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 027/314] platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 028/314] drm/amd/display: Remove wrong pipe control lock Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 029/314] drm/amd/display: Dont return false if no stream Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 030/314] drm/scheduler: fix fence ref counting Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 031/314] ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 032/314] cxl/mbox: Add a check on input payload size Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 033/314] RDMA/efa: Add EFA 0xefa2 PCI ID Greg Kroah-Hartman
2022-11-23 8:47 ` [PATCH 6.0 034/314] btrfs: raid56: properly handle the error when unable to find the missing stripe Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 035/314] NFSv4: Retry LOCK on OLD_STATEID during delegation return Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 036/314] SUNRPC: Fix crasher in gss_unwrap_resp_integ() Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 037/314] ACPI: x86: Add another system to quirk list for forcing StorageD3Enable Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 038/314] drm/rockchip: vop2: fix null pointer in plane_atomic_disable Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 039/314] drm/rockchip: vop2: disable planes when disabling the crtc Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 040/314] ksefltests: pidfd: Fix wait_states: Test terminated by timeout Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 041/314] powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 042/314] block: blk_add_rq_to_plug(): clear stale last after flush Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 043/314] firmware: arm_scmi: Cleanup the core driver removal callback Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 044/314] firmware: arm_scmi: Make tx_prepare time out eventually Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 045/314] i2c: tegra: Allocate DMA memory for DMA engine Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 046/314] i2c: i801: add lis3lv02ds I2C address for Vostro 5568 Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 047/314] drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 048/314] btrfs: remove pointless and double ulist frees in error paths of qgroup tests Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 049/314] drm/amd/display: Ignore Cable ID Feature Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 050/314] drm/amd/display: Enable timing sync on DCN32 Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 051/314] drm/amdgpu: set fb_modifiers_not_supported in vkms Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 052/314] drm/amd: Fail the suspend if resources cant be evicted Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 053/314] drm/amd/display: Fix DCN32 DSC delay calculation Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 054/314] drm/amd/display: Use forced DSC bpp in DML Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 055/314] drm/amd/display: Round up DST_after_scaler to nearest int Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 056/314] drm/amd/display: Investigate tool reported FCLK P-state deviations Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 057/314] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 058/314] cxl/pmem: Use size_add() against integer overflow Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 059/314] x86/cpu: Add several Intel server CPU model numbers Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 060/314] tools/testing/cxl: Fix some error exits Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 061/314] cifs: always iterate smb sessions using primary channel Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 062/314] ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 063/314] arm64/mm: fold check for KFENCE into can_set_direct_map() Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 064/314] arm64: fix rodata=full again Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 065/314] hugetlb: rename remove_huge_page to hugetlb_delete_from_page_cache Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 066/314] hugetlbfs: dont delete error page from pagecache Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 067/314] KVM: SVM: remove dead field from struct svm_cpu_data Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 068/314] KVM: SVM: do not allocate struct svm_cpu_data dynamically Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 069/314] KVM: SVM: restore host save area from assembly Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 070/314] KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 071/314] arm64: dts: qcom: ipq8074: correct APCS register space size Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 072/314] arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 073/314] arm64: dts: qcom: sa8295p-adp: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 074/314] arm64: dts: qcom: sc8280xp-crd: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 075/314] arm64: dts: qcom: sm8150-xperia-kumano: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 076/314] arm64: dts: qcom: sm8250-xperia-edo: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 077/314] arm64: dts: qcom: sm8350-hdk: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 078/314] arm64: dts: qcom: sc8280xp: fix ufs_card_phy ref clock Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 079/314] arm64: dts: qcom: sc8280xp: correct ref clock for ufs_mem_phy Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 080/314] arm64: dts: qcom: sc8280xp: fix USB0 PHY PCS_MISC registers Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 081/314] arm64: dts: qcom: sc8280xp: fix USB1 PHY RX1 registers Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 082/314] arm64: dts: qcom: sc8280xp: fix USB PHY PCS registers Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 083/314] arm64: dts: qcom: sc8280xp: drop broken DP PHY nodes Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 084/314] arm64: dts: qcom: sc8280xp: fix UFS PHY serdes size Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 085/314] arm64: dts: qcom: sc7280: Add the reset reg for lpass audiocc on SC7280 Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 086/314] spi: stm32: Print summary callbacks suppressed message Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 087/314] ARM: dts: at91: sama7g5: fix signal name of pin PB2 Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 088/314] ASoC: core: Fix use-after-free in snd_soc_exit() Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 089/314] ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 090/314] arm64: dts: qcom: sm8250: Disable the not yet supported cluster idle state Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 091/314] ASoC: tas2770: Fix set_tdm_slot in case of single slot Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 092/314] ASoC: tas2764: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 093/314] ASoC: tas2780: " Greg Kroah-Hartman
2022-11-23 8:48 ` [PATCH 6.0 094/314] ARM: at91: pm: avoid soft resetting AC DLL Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 095/314] serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 096/314] serial: 8250_omap: remove wait loop from Errata i202 workaround Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 097/314] serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 098/314] serial: 8250: omap: Flush PM QOS work on remove Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 099/314] tty: serial: fsl_lpuart: dont break the on-going transfer when global reset Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 100/314] serial: imx: Add missing .thaw_noirq hook Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 101/314] tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 102/314] ASoC: rt5514: fix legacy dai naming Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 103/314] ASoC: rt5677: " Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 104/314] bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 105/314] bnxt_en: refactor bnxt_cancel_reservations() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 106/314] bnxt_en: fix the handling of PCIE-AER Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 107/314] ASoC: soc-utils: Remove __exit for snd_soc_util_exit() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 108/314] pinctrl: rockchip: list all pins in a possible mux route for PX30 Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 109/314] mtd: onenand: omap2: add dependency on GPMC Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 110/314] scsi: scsi_transport_sas: Fix error handling in sas_phy_add() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 111/314] sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 112/314] sctp: clear out_curr if all frag chunks of current msg are pruned Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 113/314] erofs: clean up .read_folio() and .readahead() in fscache mode Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 114/314] erofs: get correct count for unmapped range " Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 115/314] block: sed-opal: kmalloc the cmd/resp buffers Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 116/314] nfsd: put the export reference in nfsd4_verify_deleg_dentry Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 117/314] bpf: Fix memory leaks in __check_func_call Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 118/314] io_uring: calculate CQEs from the user visible value Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 119/314] pinctrl: mediatek: common-v2: Fix bias-disable for PULL_PU_PD_RSEL_TYPE Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 120/314] arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 121/314] nvmet: fix a memory leak Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 122/314] siox: fix possible memory leak in siox_device_add() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 123/314] parport_pc: Avoid FIFO port location truncation Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 124/314] selftests/bpf: Fix casting error when cross-compiling test_verifier for 32-bit platforms Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 125/314] selftests/bpf: Fix test_progs compilation failure in 32-bit arch Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 126/314] pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 127/314] drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 128/314] drm/panel: simple: set bpc field for logic technologies displays Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 129/314] drm/drv: Fix potential memory leak in drm_dev_init() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 130/314] drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 131/314] arm64: dts: imx8mm-tqma8mqml-mba8mx: Fix USB DR Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 132/314] ARM: dts: imx7: Fix NAND controller size-cells Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 133/314] arm64: dts: imx8mm: " Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 134/314] erofs: put metabuf in error path in fscache mode Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 135/314] arm64: dts: imx8mn: Fix NAND controller size-cells Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 136/314] arm64: dts: imx93-pinfunc: drop execution permission Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 137/314] ata: libata-transport: fix double ata_host_put() in ata_tport_add() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 138/314] ata: libata-transport: fix error handling " Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 139/314] ata: libata-transport: fix error handling in ata_tlink_add() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 140/314] ata: libata-transport: fix error handling in ata_tdev_add() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 141/314] nfp: change eeprom length to max length enumerators Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 142/314] MIPS: fix duplicate definitions for exported symbols Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 143/314] MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 144/314] io_uring/poll: fix double poll req->flags races Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 145/314] cifs: Fix connections leak when tlink setup failed Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 146/314] bpf: Initialize same number of free nodes for each pcpu_freelist Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 147/314] ata: libata-core: do not issue non-internal commands once EH is pending Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 148/314] net: bgmac: Drop free_netdev() from bgmac_enet_remove() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 149/314] mISDN: fix possible memory leak in mISDN_dsp_element_register() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 150/314] net: hinic: Fix error handling in hinic_module_init() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 151/314] net: phy: dp83867: Fix SGMII FIFO depth for non OF devices Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 152/314] net: stmmac: ensure tx function is not running in stmmac_xdp_release() Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 153/314] mctp i2c: dont count unused / invalid keys for flow release Greg Kroah-Hartman
2022-11-23 8:49 ` [PATCH 6.0 154/314] soc: imx8m: Enable OCOTP clock before reading the register Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 155/314] net: liquidio: release resources when liquidio driver open failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 156/314] mISDN: fix misuse of put_device() in mISDN_register_device() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 157/314] net: macvlan: Use built-in RCU list checking Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 158/314] net: caif: fix double disconnect client in chnl_net_open() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 159/314] bnxt_en: Remove debugfs when pci_register_driver failed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 160/314] octeon_ep: delete unnecessary napi rollback under set_queues_err in octep_open() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 161/314] octeon_ep: ensure octep_get_link_status() successfully before octep_link_up() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 162/314] octeon_ep: fix potential memory leak in octep_device_setup() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 163/314] octeon_ep: ensure get mac address successfully before eth_hw_addr_set() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 164/314] drm/lima: Fix opp clkname setting in case of missing regulator Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 165/314] net: mhi: Fix memory leak in mhi_net_dellink() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 166/314] net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 167/314] xen/pcpu: fix possible memory leak in register_pcpu() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 168/314] erofs: fix missing xas_retry() in fscache mode Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 169/314] mlxsw: Avoid warnings when not offloaded FDB entry with IPv6 is removed Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 170/314] net: ionic: Fix error handling in ionic_init_module() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 171/314] kcm: close race conditions on sk_receive_queue Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 172/314] net: ena: Fix error handling in ena_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 173/314] net: hns3: fix incorrect hw rss hash type of rx packet Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 174/314] net: hns3: fix return value check bug of rx copybreak Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 175/314] net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 176/314] bridge: switchdev: Fix memory leaks when changing VLAN protocol Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 177/314] drbd: use after free in drbd_create_device() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 178/314] platform/x86/intel: pmc: Dont unconditionally attach Intel PMC when virtualized Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 179/314] platform/surface: aggregator: Do not check for repeated unsequenced packets Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 180/314] netfs: Fix missing xas_retry() calls in xarray iteration Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 181/314] netfs: Fix dodgy maths Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 182/314] cifs: add check for returning value of SMB2_close_init Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 183/314] net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 184/314] net/x25: Fix skb leak in x25_lapb_receive_frame() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 185/314] net: dsa: dont leak tagger-owned storage on switch driver unbind Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 186/314] nvmet: fix a memory leak in nvmet_auth_set_key Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 187/314] cifs: Fix wrong return value checking when GETFLAGS Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 188/314] net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 189/314] net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 190/314] net: thunderbolt: Fix error handling in tbnet_init() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 191/314] s390: avoid using global register for current_stack_pointer Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 192/314] cifs: add check for returning value of SMB2_set_info_init Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 193/314] netdevsim: Fix memory leak of nsim_dev->fa_cookie Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 194/314] block: make dma_alignment a stacking queue_limit Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 195/314] dm-crypt: provide dma_alignment limit in io_hints Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 196/314] ftrace: Fix the possible incorrect kernel message Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 197/314] ftrace: Optimize the allocation for mcount entries Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 198/314] ftrace: Fix null pointer dereference in ftrace_add_mod() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 199/314] ring_buffer: Do not deactivate non-existant pages Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 200/314] tracing: Fix memory leak in tracing_read_pipe() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 201/314] tracing/ring-buffer: Have polling block on watermark Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 202/314] tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 203/314] tracing: Fix wild-memory-access in register_synth_event() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 204/314] tracing: Fix race where eprobes can be called before the event Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 205/314] tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 206/314] tracing: kprobe: Fix potential null-ptr-deref on trace_array " Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 207/314] rethook: fix a potential memleak in rethook_alloc() Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 208/314] platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 209/314] platform/x86/amd: pmc: Add new ACPI ID AMDI0009 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 210/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.7 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 211/314] drm/amd/pm: enable runpm support over BACO for SMU13.0.0 Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 212/314] drm/amd/pm: fix SMU13 runpm hang due to unintentional workaround Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 213/314] drm/display: Dont assume dual mode adaptors support i2c sub-addressing Greg Kroah-Hartman
2022-11-23 8:50 ` [PATCH 6.0 214/314] drm/amd/display: Fix invalid DPIA AUX reply causing system hang Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 215/314] drm/amd/display: Add HUBP surface flip interrupt handler Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 216/314] drm/amd/display: Fix access timeout to DPIA AUX at boot time Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 217/314] drm/amd/display: Support parsing VRAM info v3.0 from VBIOS Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 218/314] drm/amd/display: Fix optc2_configure warning on dcn314 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 219/314] drm/amd/display: dont enable DRM CRTC degamma property for DCE Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 220/314] drm/amd/display: Fix prefetch calculations for dcn32 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 221/314] ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 222/314] ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 223/314] ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 224/314] Revert "usb: dwc3: disable USB core PHY management" Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 225/314] usb: dwc3: Do not get extcon device when usb-role-switch is used Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 226/314] io_uring: update res mask in io_poll_check_events Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 227/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 228/314] nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 229/314] slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 230/314] slimbus: stream: correct presence rate frequencies Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 231/314] speakup: fix a segfault caused by switching consoles Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 232/314] speakup: replace utils u_char with unsigned char Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 233/314] USB: bcma: Make GPIO explicitly optional Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 234/314] USB: serial: option: add Sierra Wireless EM9191 Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 235/314] USB: serial: option: remove old LARA-R6 PID Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 236/314] USB: serial: option: add u-blox LARA-R6 00B modem Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 237/314] USB: serial: option: add u-blox LARA-L6 modem Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 238/314] USB: serial: option: add Fibocom FM160 0x0111 composition Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 239/314] usb: add NO_LPM quirk for Realforce 87U Keyboard Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 240/314] usb: chipidea: fix deadlock in ci_otg_del_timer Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 241/314] usb: cdns3: host: fix endless superspeed hub port reset Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 242/314] usb: typec: mux: Enter safe mode only when pins need to be reconfigured Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 243/314] usb: typec: tipd: Prevent uninitialized event{1,2} in IRQ handler Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 244/314] iio: accel: bma400: Ensure VDDIO is enable defore reading the chip ID Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 245/314] iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 246/314] iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 247/314] iio: adc: mp2629: fix wrong comparison of channel Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 248/314] iio: adc: mp2629: fix potential array out of bound access Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 249/314] iio: pressure: ms5611: fixed value compensation bug Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 250/314] iio: pressure: ms5611: changed hardcoded SPI speed to value limited Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 251/314] dm bufio: Fix missing decrement of no_sleep_enabled if dm_bufio_client_create failed Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 252/314] dm ioctl: fix misbehavior if list_versions races with module loading Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 253/314] serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 254/314] serial: 8250: Flush DMA Rx on RLSI Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 255/314] serial: 8250_lpss: Configure DMA also w/o DMA filter Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 256/314] serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 257/314] io_uring: fix tw losing poll events Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 258/314] io_uring: fix multishot accept request leaks Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 259/314] io_uring: fix multishot recv " Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 260/314] io_uring: disallow self-propelled ring polling Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 261/314] ceph: avoid putting the realm twice when decoding snaps fails Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 262/314] Input: iforce - invert valid length check when fetching device IDs Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 263/314] maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 264/314] net: phy: marvell: add sleep time after enabling the loopback bit Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 265/314] scsi: zfcp: Fix double free of FSF request when qdio send fails Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 266/314] iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 267/314] iommu/vt-d: Set SRE bit only when hardware has SRS cap Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 268/314] firmware: coreboot: Register bus in module init Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 269/314] mmc: core: properly select voltage range without power cycle Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 270/314] mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 271/314] mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 272/314] docs: update mediator contact information in CoC doc Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 273/314] docs/driver-api/miscellaneous: Remove kernel-doc of serial_core.c Greg Kroah-Hartman
2022-11-23 8:51 ` [PATCH 6.0 274/314] s390/dcssblk: fix deadlock when adding a DCSS Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 275/314] misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 276/314] blk-cgroup: properly pin the parent in blkcg_css_online Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 277/314] x86/sgx: Add overflow check in sgx_validate_offset_length() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 278/314] x86/fpu: Drop fpregs lock before inheriting FPU permissions Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 279/314] perf/x86/amd/uncore: Fix memory leak for events array Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 280/314] perf/x86/intel/pt: Fix sampling using single range output Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 281/314] nvme: restrict management ioctls to admin Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 282/314] nvme: ensure subsystem reset is single threaded Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 283/314] ASoC: SOF: topology: No need to assign core ID if token parsing failed Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 284/314] perf: Improve missing SIGTRAP checking Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 285/314] vfio: Rename vfio_ioctl_check_extension() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 286/314] vfio: Split the register_device ops call into functions Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 287/314] perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 288/314] ring-buffer: Include dropped pages in counting dirty patches Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 289/314] tracing: Fix warning on variable struct trace_array Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 290/314] net: usb: smsc95xx: fix external PHY reset Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 291/314] net: use struct_group to copy ip/ipv6 header addresses Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 292/314] scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 293/314] scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 294/314] kprobes: Skip clearing aggrprobes post_handler in kprobe-on-ftrace case Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 295/314] tracing: Fix potential null-pointer-access of entry in list tr->err_log Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 296/314] arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 297/314] Input: i8042 - fix leaking of platform device on module removal Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 298/314] macvlan: enforce a consistent minimal mtu Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 299/314] tcp: cdg: allow tcp_cdg_release() to be called multiple times Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 300/314] kcm: avoid potential race in kcm_tx_work Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 301/314] KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 302/314] 9p: trans_fd/p9_conn_cancel: drop client lock earlier Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 303/314] gfs2: Check sb_bsize_shift after reading superblock Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 304/314] gfs2: Switch from strlcpy to strscpy Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 305/314] 9p/trans_fd: always use O_NONBLOCK read/write Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 306/314] netlink: Bounds-check struct nlmsgerr creation Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 307/314] wifi: wext: use flex array destination for memcpy() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 308/314] rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 309/314] mm: fs: initialize fsdata passed to write_begin/write_end interface Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 310/314] net/9p: use a dedicated spinlock for trans_fd Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 311/314] bpf: Prevent bpf program recursion for raw tracepoint probes Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 312/314] ntfs: fix use-after-free in ntfs_attr_find() Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 313/314] ntfs: fix out-of-bounds read " Greg Kroah-Hartman
2022-11-23 8:52 ` [PATCH 6.0 314/314] ntfs: check overflow when iterating ATTR_RECORDs Greg Kroah-Hartman
2022-11-23 17:03 ` [PATCH 6.0 000/314] 6.0.10-rc1 review Guenter Roeck
2022-11-25 7:35 ` Greg Kroah-Hartman
2022-11-23 22:31 ` Ron Economos
2022-11-24 2:04 ` Fenil Jain
2022-11-24 2:39 ` Guenter Roeck
2022-11-24 8:18 ` Naresh Kamboju
2022-11-24 8:48 ` Bagas Sanjaya
2022-11-24 11:16 ` Sudip Mukherjee
2022-11-25 7:45 ` Greg Kroah-Hartman
2022-11-25 0:29 ` Justin Forbes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).