* [PATCH 5.4 000/389] 5.4.211-rc1 review
@ 2022-08-23 8:21 Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 001/389] Makefile: link with -z noexecstack --no-warn-rwx-segments Greg Kroah-Hartman
` (393 more replies)
0 siblings, 394 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade
This is the start of the stable review cycle for the 5.4.211 release.
There are 389 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 25 Aug 2022 08:00:15 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.211-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.4.211-rc1
Qu Wenruo <wqu@suse.com>
btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
Qu Wenruo <wqu@suse.com>
btrfs: only write the sectors in the vertical stripe which has data stripes
Fedor Pchelkin <pchelkin@ispras.ru>
can: j1939: j1939_session_destroy(): fix memory leak of skbs
Fedor Pchelkin <pchelkin@ispras.ru>
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing/probes: Have kprobes and uprobes use $COMM too
Nathan Chancellor <nathan@kernel.org>
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
Zheyu Ma <zheyuma97@gmail.com>
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
Zhouyi Zhou <zhouzhouyi@gmail.com>
powerpc/64: Init jump labels before parse_early_param()
Steve French <stfrench@microsoft.com>
smb3: check xattr value length earlier
Chao Yu <chao.yu@oppo.com>
f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
Takashi Iwai <tiwai@suse.de>
ALSA: timer: Use deferred fasync helper
Takashi Iwai <tiwai@suse.de>
ALSA: core: Add async signal helpers
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/32: Don't always pass -mcpu=powerpc to the compiler
Laurent Dufour <ldufour@linux.ibm.com>
watchdog: export lockup_detector_reconfigure
Xianting Tian <xianting.tian@linux.alibaba.com>
RISC-V: Add fast call path of crash_kexec()
Celeste Liu <coelacanthus@outlook.com>
riscv: mmap with PROT_WRITE but no PROT_READ is invalid
Conor Dooley <conor.dooley@microchip.com>
riscv: dts: sifive: Add fu540 topology information
Liang He <windhl@126.com>
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
Schspa Shi <schspa@gmail.com>
vfio: Clear the caps->buf to NULL after free
Liang He <windhl@126.com>
tty: serial: Fix refcount leak bug in ucc_uart.c
Guenter Roeck <linux@roeck-us.net>
lib/list_debug.c: Detect uninitialized lists
Kiselev, Oleg <okiselev@amazon.com>
ext4: avoid resizing to a partial cluster size
Ye Bin <yebin10@huawei.com>
ext4: avoid remove directory when directory is corrupted
Wentao_Liang <Wentao_Liang_g@163.com>
drivers:md:fix a potential use-after-free bug
Sagi Grimberg <sagi@grimberg.me>
nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
Steven Rostedt (Google) <rostedt@goodmis.org>
selftests/kprobe: Do not test for GRP/ without event failures
Jason A. Donenfeld <Jason@zx2c4.com>
um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
Huacai Chen <chenhuacai@loongson.cn>
PCI/ACPI: Guard ARM64-specific mcfg_quirks
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
cxl: Fix a memory leak in an error handling path
Jozef Martiniak <jomajm@gmail.com>
gadgetfs: ep_io - wait until IRQ finishes
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
Robert Marko <robimarko@gmail.com>
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
Pascal Terjan <pterjan@google.com>
vboxguest: Do not use devm for irq
Liang He <windhl@126.com>
usb: renesas: Fix refcount leak bug
Liang He <windhl@126.com>
usb: host: ohci-ppc-of: Fix refcount leak bug
Sai Prakash Ranjan <quic_saipraka@quicinc.com>
drm/meson: Fix overflow implicit truncation warnings
Sai Prakash Ranjan <quic_saipraka@quicinc.com>
irqchip/tegra: Fix overflow implicit truncation warnings
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
Frank Li <Frank.Li@nxp.com>
usb: cdns3 fix use-after-free at workaround 2
Pavan Chebbi <pavan.chebbi@broadcom.com>
PCI: Add ACS quirk for Broadcom BCM5750x NICs
Liang He <windhl@126.com>
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
Hector Martin <marcan@marcan.st>
locking/atomic: Make test_and_*_bit() ordered on failure
Andrew Donnellan <ajd@linux.ibm.com>
gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
Lin Ma <linma@zju.edu.cn>
igb: Add lock to avoid data race
Csókás Bence <csokas.bence@prolan.hu>
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
Alan Brady <alan.brady@intel.com>
i40e: Fix to stop tx_timeout recovery if GLOBR fails
Grzegorz Siwik <grzegorz.siwik@intel.com>
ice: Ignore EEXIST when setting promisc mode
Arun Ramadoss <arun.ramadoss@microchip.com>
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
Sergei Antonov <saproj@gmail.com>
net: moxa: pass pdev instead of ndev to DMA functions
Sergei Antonov <saproj@gmail.com>
net: dsa: mv88e6060: prevent crash on an unused port
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pci: Fix get_phb_number() locking
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: really skip inactive sets when allocating name
Alex Bee <knaerzche@gmail.com>
clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
iavf: Fix adminq error handling
Al Viro <viro@zeniv.linux.org.uk>
nios2: add force_successful_syscall_return()
Al Viro <viro@zeniv.linux.org.uk>
nios2: restarts apply only to the first sigframe we build...
Al Viro <viro@zeniv.linux.org.uk>
nios2: fix syscall restart checks
Al Viro <viro@zeniv.linux.org.uk>
nios2: traced syscall does need to check the syscall number
Al Viro <viro@zeniv.linux.org.uk>
nios2: don't leave NULLs in sys_call_table[]
Al Viro <viro@zeniv.linux.org.uk>
nios2: page fault et.al. are *not* restartable syscalls...
Jens Wiklander <jens.wiklander@linaro.org>
tee: add overflow check in register_shm_helper()
Chen Lin <chen45464546@163.com>
dpaa2-eth: trace the allocated address instead of page struct
Duoming Zhou <duoming@zju.edu.cn>
atm: idt77252: fix use-after-free bugs caused by tst_timer
Dan Carpenter <dan.carpenter@oracle.com>
xen/xenbus: fix return type in xenbus_file_read()
Yu Xiao <yu.xiao@corigine.com>
nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
Dan Carpenter <dan.carpenter@oracle.com>
NTB: ntb_tool: uninitialized heap data in tool_fn_write()
Roberto Sassu <roberto.sassu@huawei.com>
tools build: Switch to new openssl API for test-libcrypto
Yuanzheng Song <songyuanzheng@huawei.com>
tools/vm/slabinfo: use alphabetic order when two values are equal
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
Peilin Ye <peilin.ye@bytedance.com>
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
Peilin Ye <peilin.ye@bytedance.com>
vsock: Fix memory leak in vsock_connect()
Florian Westphal <fw@strlen.de>
plip: avoid rcu debug splat
Matthias May <matthias.may@westermo.com>
geneve: do not use RT_TOS for IPv6 flowlabel
Sakari Ailus <sakari.ailus@linux.intel.com>
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
Samuel Holland <samuel@sholland.org>
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
Nikita Travkin <nikita@trvn.ru>
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
Miaoqian Lin <linmq006@gmail.com>
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
Sandor Bodo-Merle <sbodomerle@gmail.com>
net: bgmac: Fix a BUG triggered by wrong bytes_compl
Ido Schimmel <idosch@nvidia.com>
devlink: Fix use-after-free after a failed reload
Trond Myklebust <trond.myklebust@hammerspace.com>
SUNRPC: Reinitialise the backchannel request buffers before reuse
Dan Aloni <dan.aloni@vastdata.com>
sunrpc: fix expiry of auth creds
Sebastian Würl <sebastian.wuerl@ororatech.com>
can: mcp251x: Fix race condition on receive interrupt
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4/pnfs: Fix a use-after-free bug in open
Zhang Xianwei <zhang.xianwei8@zte.com.cn>
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Fix races in the legacy idmapper upcall
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4.1: Don't decrease the value of seq_nr_highest_sent
Qifu Zhang <zhangqifu@bytedance.com>
Documentation: ACPI: EINJ: Fix obsolete example
Xiu Jianfeng <xiujianfeng@huawei.com>
apparmor: Fix memleak in aa_simple_write_to_buffer()
Xin Xiong <xiongx18@fudan.edu.cn>
apparmor: fix reference count leak in aa_pivotroot()
John Johansen <john.johansen@canonical.com>
apparmor: fix overlapping attachment computation
Tom Rix <trix@redhat.com>
apparmor: fix aa_label_asxprint return check
John Johansen <john.johansen@canonical.com>
apparmor: Fix failed mount permission check error message
John Johansen <john.johansen@canonical.com>
apparmor: fix absroot causing audited secids to begin with =
John Johansen <john.johansen@canonical.com>
apparmor: fix quiet_denied for file rules
Marc Kleine-Budde <mkl@pengutronix.de>
can: ems_usb: fix clang's -Wunaligned-access warning
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Have filter accept "common_cpu" to be consistent
Filipe Manana <fdmanana@suse.com>
btrfs: fix lost error handling when looking up extended ref on log replay
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mmc: pxamci: Fix an error handling path in pxamci_probe()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mmc: pxamci: Fix another error handling path in pxamci_probe()
Damien Le Moal <damien.lemoal@opensource.wdc.com>
ata: libata-eh: Add missing command name
Mikulas Patocka <mpatocka@redhat.com>
rds: add missing barrier to release_refill
Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
ALSA: info: Fix llseek return value when using callback
Jamal Hadi Salim <jhs@mojatatu.com>
net_sched: cls_route: disallow handle of 0
Tyler Hicks <tyhicks@linux.microsoft.com>
net/9p: Initialize the iounit field during fid creation
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
Jose Alonso <joalonsof@gmail.com>
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
Tony Battersby <tonyb@cybernetics.com>
scsi: sg: Allow waiting for commands to complete on removed device
Eric Dumazet <edumazet@google.com>
tcp: fix over estimation in sk_forced_mem_schedule()
Vitaly Kuznetsov <vkuznets@redhat.com>
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
Vitaly Kuznetsov <vkuznets@redhat.com>
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
Sean Christopherson <sean.j.christopherson@intel.com>
KVM: Add infrastructure and macro to mark VM as bugged
Qu Wenruo <wqu@suse.com>
btrfs: reject log replay if there is unsupported RO compat flag
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
net_sched: cls_route: remove from list when handle is 0
Alexander Lobakin <alexandr.lobakin@intel.com>
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
Sudeep Holla <sudeep.holla@arm.com>
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
Jason A. Donenfeld <Jason@zx2c4.com>
timekeeping: contribute wall clock to rng on time change
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
ACPI: CPPC: Do not prevent CPPC from working in the future
Mikulas Patocka <mpatocka@redhat.com>
dm writecache: set a default MAX_WRITEBACK_JOBS
Luo Meng <luomeng12@huawei.com>
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
Mikulas Patocka <mpatocka@redhat.com>
dm raid: fix address sanitizer warning in raid_status
Mikulas Patocka <mpatocka@redhat.com>
dm raid: fix address sanitizer warning in raid_resume
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: pci: Add Meteor Lake-P support
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: pci: Add Raptor Lake-S PCH support
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: pci: Add Raptor Lake-S CPU support
Baokun Li <libaokun1@huawei.com>
ext4: correct the misjudgment in ext4_iget_extra_inode
Baokun Li <libaokun1@huawei.com>
ext4: correct max_inline_xattr_value_size computing
Eric Whitney <enwlinux@gmail.com>
ext4: fix extent status tree race in writeback error recovery path
Theodore Ts'o <tytso@mit.edu>
ext4: update s_overhead_clusters in the superblock during an on-line resize
Baokun Li <libaokun1@huawei.com>
ext4: fix use-after-free in ext4_xattr_set_entry
Lukas Czerner <lczerner@redhat.com>
ext4: make sure ext4_append() always allocates new block
Baokun Li <libaokun1@huawei.com>
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
Josef Bacik <josef@toxicpanda.com>
btrfs: reset block group chunk force if we have to wait
Huacai Chen <chenhuacai@loongson.cn>
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
Michal Suchanek <msuchanek@suse.de>
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
David Collins <quic_collinsd@quicinc.com>
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
Alexander Lobakin <alexandr.lobakin@intel.com>
x86/olpc: fix 'logical not is only applied to the left hand side'
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Turn off multi-queue for 8G adapters
Arun Easi <aeasi@marvell.com>
scsi: qla2xxx: Fix discovery issues in FC-AL topology
Steffen Maier <maier@linux.ibm.com>
scsi: zfcp: Fix missing auto port scan and thus missing target ports
Zheyu Ma <zheyuma97@gmail.com>
video: fbdev: s3fb: Check the size of screen before memset_io()
Zheyu Ma <zheyuma97@gmail.com>
video: fbdev: arkfb: Check the size of screen before memset_io()
Zheyu Ma <zheyuma97@gmail.com>
video: fbdev: vt8623fb: Check the size of screen before memset_io()
Florian Fainelli <f.fainelli@gmail.com>
tools/thermal: Fix possible path truncations
Zheyu Ma <zheyuma97@gmail.com>
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
Siddh Raman Pant <code@siddh.me>
x86/numa: Use cpumask_available instead of hardcoded NULL check
Josh Poimboeuf <jpoimboe@kernel.org>
scripts/faddr2line: Fix vmlinux detection on arm64
Arnaldo Carvalho de Melo <acme@redhat.com>
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
Michael Ellerman <mpe@ellerman.id.au>
powerpc/pci: Fix PHB numbering when using opal-phbid
Chen Zhongjin <chenzhongjin@huawei.com>
kprobes: Forbid probing on trampoline and BPF code areas
Ian Rogers <irogers@google.com>
perf symbol: Fail to read phdr workaround
Miaoqian Lin <linmq006@gmail.com>
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
Miaoqian Lin <linmq006@gmail.com>
powerpc/xive: Fix refcount leak in xive_get_max_prio
Miaoqian Lin <linmq006@gmail.com>
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
Pali Rohár <pali@kernel.org>
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
Rustam Subkhankulov <subkhankulov@ispras.ru>
video: fbdev: sis: fix typos in SiS_GetModeID()
Liang He <windhl@126.com>
video: fbdev: amba-clcd: Fix refcount leak bugs
William Dean <williamsukatube@gmail.com>
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
Liang He <windhl@126.com>
ASoC: audio-graph-card: Add of_node_put() in fail path
Xie Yongji <xieyongji@bytedance.com>
fuse: Remove the control interface for virtio-fs
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
Alexander Gordeev <agordeev@linux.ibm.com>
s390/zcore: fix race when reading from hardware system area
Liang He <windhl@126.com>
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
Miaoqian Lin <linmq006@gmail.com>
mfd: max77620: Fix refcount leak in max77620_initialise_fps
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
mfd: t7l66xb: Drop platform disable callback
Dan Carpenter <dan.carpenter@oracle.com>
kfifo: fix kfifo_to_user() return type
Miaoqian Lin <linmq006@gmail.com>
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
Sam Protsenko <semen.protsenko@linaro.org>
iommu/exynos: Handle failed IOMMU device registration properly
Daniel Starke <daniel.starke@siemens.com>
tty: n_gsm: fix missing corner cases in gsmld_poll()
Daniel Starke <daniel.starke@siemens.com>
tty: n_gsm: fix DM command
Daniel Starke <daniel.starke@siemens.com>
tty: n_gsm: fix wrong T1 retry count handling
Eric Farman <farman@linux.ibm.com>
vfio/ccw: Do not change FSM state in subchannel event
Sireesh Kodali <sireeshkodali1@gmail.com>
remoteproc: qcom: wcnss: Fix handling of IRQs
Daniel Starke <daniel.starke@siemens.com>
tty: n_gsm: fix race condition in gsmld_write()
Daniel Starke <daniel.starke@siemens.com>
tty: n_gsm: fix packet re-transmission without open control channel
Daniel Starke <daniel.starke@siemens.com>
tty: n_gsm: fix non flow control frames during mux flow off
Chen Zhongjin <chenzhongjin@huawei.com>
profiling: fix shift too large makes kernel panic
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
Jiasheng Jiang <jiasheng@iscas.ac.cn>
ASoC: codecs: da7210: add check for i2c_add_driver
Miaoqian Lin <linmq006@gmail.com>
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
Miaoqian Lin <linmq006@gmail.com>
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
Tang Bin <tangbin@cmss.chinamobile.com>
opp: Fix error check in dev_pm_opp_attach_genpd()
Zhihao Cheng <chengzhihao1@huawei.com>
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
Li Lingfeng <lilingfeng3@huawei.com>
ext4: recover csum seed of tmp_inode after migrating to extents
Zhang Yi <yi.zhang@huawei.com>
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
Dan Carpenter <dan.carpenter@oracle.com>
null_blk: fix ida error handling in null_add_dev()
Zhu Yanjun <yanjun.zhu@linux.dev>
RDMA/rxe: Fix error unwind in rxe_create_qp()
Miaohe Lin <linmiaohe@huawei.com>
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
Dan Carpenter <dan.carpenter@oracle.com>
platform/olpc: Fix uninitialized data in debugfs write
Johan Hovold <johan@kernel.org>
USB: serial: fix tty-port initialized comments
Vidya Sagar <vidyas@nvidia.com>
PCI: tegra194: Fix link up retry sequence
Vidya Sagar <vidyas@nvidia.com>
PCI: tegra194: Fix Root Port interrupt handling
Artem Borisov <dedsa2002@gmail.com>
HID: alps: Declare U1_UNICORN_LEGACY support
Liang He <windhl@126.com>
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
Liang He <windhl@126.com>
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
Liang He <windhl@126.com>
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
Jianglei Nie <niejianglei2021@163.com>
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
Cheng Xu <chengyou@linux.alibaba.com>
RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
Haoyue Xu <xuhaoyue1@hisilicon.com>
RDMA/hns: Fix incorrect clearing of interrupt status register
Randy Dunlap <rdunlap@infradead.org>
usb: gadget: udc: amd5536 depends on HAS_DMA
Mahesh Rajashekhara <Mahesh.Rajashekhara@microchip.com>
scsi: smartpqi: Fix DMA direction for RAID requests
Stefan Roese <sr@denx.de>
PCI/portdrv: Don't disable AER reporting in get_port_device_capability()
Eugen Hristev <eugen.hristev@microchip.com>
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
memstick/ms_block: Fix a memory leak
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
memstick/ms_block: Fix some incorrect memory allocation
Miaoqian Lin <linmq006@gmail.com>
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
Duoming Zhou <duoming@zju.edu.cn>
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
Alexander Shishkin <alexander.shishkin@linux.intel.com>
intel_th: msu: Fix vmalloced buffers
Jiasheng Jiang <jiasheng@iscas.ac.cn>
intel_th: msu-sink: Potential dereference of null pointer
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
intel_th: Fix a resource leak in an error handling path
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
soundwire: bus_type: fix remove and shutdown support
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
Robert Marko <robimarko@gmail.com>
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
Robert Marko <robimarko@gmail.com>
clk: qcom: ipq8074: fix NSS port frequency tables
Sergey Shtylyov <s.shtylyov@omp.ru>
usb: host: xhci: use snprintf() in xhci_decode_trb()
Ansuel Smith <ansuelsmth@gmail.com>
clk: qcom: clk-krait: unlock spin after mux completion
Zhang Wensheng <zhangwensheng5@huawei.com>
driver core: fix potential deadlock in __driver_attach
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
Rex-BC Chen <rex-bc.chen@mediatek.com>
clk: mediatek: reset: Fix written reset bit offset
Tang Bin <tangbin@cmss.chinamobile.com>
usb: xhci: tegra: Fix error check
Miaoqian Lin <linmq006@gmail.com>
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
Miaoqian Lin <linmq006@gmail.com>
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
Marco Pagani <marpagan@redhat.com>
fpga: altera-pr-ip: fix unsigned comparison with less than zero
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
Miaoqian Lin <linmq006@gmail.com>
mtd: partitions: Fix refcount leak in parse_redboot_of
Duoming Zhou <duoming@zju.edu.cn>
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mtd: rawnand: meson: Fix a potential double free issue
Miaoqian Lin <linmq006@gmail.com>
mtd: maps: Fix refcount leak in ap_flash_init
Miaoqian Lin <linmq006@gmail.com>
mtd: maps: Fix refcount leak in of_flash_probe_versatile
Ralph Siemsen <ralph.siemsen@linaro.org>
clk: renesas: r9a06g032: Fix UART clkgrp bitsel
Hangyu Hua <hbh25y@gmail.com>
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
Eric Dumazet <edumazet@google.com>
net: rose: fix netdev reference changes
Jakub Kicinski <kuba@kernel.org>
netdevsim: Avoid allocation warnings triggered from user space
Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
iavf: Fix max_rate limiting
Pali Rohár <pali@kernel.org>
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
Maxim Mikityanskiy <maximmi@nvidia.com>
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
Hangyu Hua <hbh25y@gmail.com>
wifi: libertas: Fix possible refcount leak in if_usb_probe()
Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
Ammar Faizi <ammarfaizi2@gnuweeb.org>
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
Liang He <windhl@126.com>
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
Lars-Peter Clausen <lars@metafoo.de>
i2c: cadence: Support PEC for SMBus block read
Jiasheng Jiang <jiasheng@iscas.ac.cn>
Bluetooth: hci_intel: Add check for platform_driver_register
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: pch_can: pch_can_error(): initialize errc before using it
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: error: specify the values of data[5..7] of CAN error frames
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: usb_8dev: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: sun4i_can: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: hi311x: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: sja1000: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: rcar_can: do not report txerr and rxerr during bus-off
Vincent Mailhol <mailhol.vincent@wanadoo.fr>
can: pch_can: do not report txerr and rxerr during bus-off
Dan Carpenter <dan.carpenter@oracle.com>
selftests/bpf: fix a test for snprintf() overflow
Rustam Subkhankulov <subkhankulov@ispras.ru>
wifi: p54: add missing parentheses in p54_flush()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: p54: Fix an error handling path in p54spi_probe()
Dan Carpenter <dan.carpenter@oracle.com>
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
Jason A. Donenfeld <Jason@zx2c4.com>
fs: check FMODE_LSEEK to control internal pipe splicing
Wolfram Sang <wsa+renesas@sang-engineering.com>
selftests: timers: clocksource-switch: fix passing errors from child
Wolfram Sang <wsa+renesas@sang-engineering.com>
selftests: timers: valid-adjtimex: build fix for newer toolchains
Anquan Wu <leiqi96@hotmail.com>
libbpf: Fix the name of a reused map
Yonglong Li <liyonglong@chinatelecom.cn>
tcp: make retransmitted SKB fit into the send window
Jian Zhang <zhangjian210@huawei.com>
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
Liang He <windhl@126.com>
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
Zhengchao Shao <shaozhengchao@huawei.com>
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
Rob Clark <robdclark@chromium.org>
drm/msm/mdp5: Fix global state lock backoff
Hangyu Hua <hbh25y@gmail.com>
drm: bridge: sii8620: fix possible off-by-one
Guillaume Ranquet <granquet@baylibre.com>
drm/mediatek: dpi: Only enable dpi after the bridge is enabled
Bo-Chen Chen <rex-bc.chen@mediatek.com>
drm/mediatek: dpi: Remove output format of YUV
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
drm/rockchip: Fix an error handling path rockchip_dp_probe()
Brian Norris <briannorris@chromium.org>
drm/rockchip: vop: Don't crash for invalid duplicate_state()
Qian Cai <quic_qiancai@quicinc.com>
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: dsi: Correct DSI divider calculations
Dave Stevenson <dave.stevenson@raspberrypi.com>
drm/vc4: plane: Fix margin calculations for the right/bottom edges
Dom Cobley <popcornmix@gmail.com>
drm/vc4: plane: Remove subpixel positioning check
Niels Dossche <dossche.niels@gmail.com>
media: hdpvr: fix error value returns in hdpvr_read
Miaoqian Lin <linmq006@gmail.com>
drm/mcde: Fix refcount leak in mcde_dsi_bind
Jiasheng Jiang <jiasheng@iscas.ac.cn>
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
Alexey Kodanev <aleksei.kodanev@bell-sw.com>
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
Pavel Skripkin <paskripkin@gmail.com>
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
Zheyu Ma <zheyuma97@gmail.com>
media: tw686x: Register the irq at the end of probe
Xu Wang <vulab@iscas.ac.cn>
i2c: Fix a potential use after free
Antonio Borneo <antonio.borneo@foss.st.com>
drm: adv7511: override i2c address of cec before accessing it
Xinlei Lee <xinlei.lee@mediatek.com>
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
Alexey Kodanev <aleksei.kodanev@bell-sw.com>
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
Yunhao Tian <t123yh.xyz@gmail.com>
drm/mipi-dbi: align max_chunk to 2 in spi_transfer
Dan Carpenter <dan.carpenter@oracle.com>
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ath10k: do not enforce interrupt trigger type
Mike Snitzer <snitzer@kernel.org>
dm: return early from dm_pr_call() if DM device is suspended
Markus Mayer <mmayer@broadcom.com>
thermal/tools/tmon: Include pthread and time headers in tmon.h
Nicolas Saenz Julienne <nsaenzju@redhat.com>
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
Liang He <windhl@126.com>
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
Ming Lei <ming.lei@redhat.com>
blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
Gao Xiang <hsiangkao@linux.alibaba.com>
erofs: avoid consecutive detection for Highmem memory
Nick Hainke <vincent@systemli.org>
arm64: dts: mt7622: fix BPI-R64 WPS button
Yang Yingliang <yangyingliang@huawei.com>
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
Miaoqian Lin <linmq006@gmail.com>
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
Miaoqian Lin <linmq006@gmail.com>
cpufreq: zynq: Fix refcount leak in zynq_get_revision
Miaoqian Lin <linmq006@gmail.com>
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
Miaoqian Lin <linmq006@gmail.com>
ARM: OMAP2+: Fix refcount leak in omapdss_init_of
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
Michael Walle <michael@walle.cc>
soc: fsl: guts: machine variable might be unset
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: ast2600-evb: fix board compatible
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ARM: dts: ast2500-evb: fix board compatible
Johan Hovold <johan@kernel.org>
x86/pmem: Fix platform-device leak in error path
Miaoqian Lin <linmq006@gmail.com>
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
Miaoqian Lin <linmq006@gmail.com>
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
ARM: findbit: fix overflowing offset
Biju Das <biju.das.jz@bp.renesas.com>
spi: spi-rspi: Fix PIO fallback on RZ platforms
Xiu Jianfeng <xiujianfeng@huawei.com>
selinux: Add boundary check in put_entry()
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
PM: hibernate: defer device probing when resuming from hibernation
Liang He <windhl@126.com>
ARM: shmobile: rcar-gen2: Increase refcount for new reference
Samuel Holland <samuel@sholland.org>
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
Robert Marko <robimarko@gmail.com>
arm64: dts: qcom: ipq8074: fix NAND node name
huhai <huhai@kylinos.cn>
ACPI: LPSS: Fix missing check in register_device_clock()
Manyi Li <limanyi@uniontech.com>
ACPI: PM: save NVS memory for Lenovo G40-45
Hans de Goede <hdegoede@redhat.com>
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
Liang He <windhl@126.com>
ARM: OMAP2+: display: Fix refcount leak bug
Guo Mengqi <guomengqi3@huawei.com>
spi: synquacer: Add missing clk_disable_unprepare()
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6ul: fix qspi node compatible
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6ul: fix lcdif node compatible
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6ul: fix csi node compatible
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6ul: change operating-points to uint32-matrix
Alexander Stein <alexander.stein@ew.tq-group.com>
ARM: dts: imx6ul: add missing properties for sram
Juri Lelli <juri.lelli@redhat.com>
wait: Fix __wait_event_hrtimeout for RT/DL tasks
Antonio Borneo <antonio.borneo@foss.st.com>
genirq: Don't return error on missing optional irq_request_resources()
Jan Kara <jack@suse.cz>
ext2: Add more validity checks for inode counts
haibinzhang (张海斌) <haibinzhang@tencent.com>
arm64: fix oops in concurrently setting insn_emulation sysctls
Francis Laniel <flaniel@linux.microsoft.com>
arm64: Do not forget syscall when starting a new thread.
Wyes Karny <wyes.karny@amd.com>
x86: Handle idle=nomwait cmdline properly for x86_idle
Benjamin Segall <bsegall@google.com>
epoll: autoremove wakers even more aggressively
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: fix null deref due to zeroed list head
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
netfilter: nf_tables: do not allow SET_ID to refer to another table
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
Weitao Wang <WeitaoWang-oc@zhaoxin.com>
USB: HCD: Fix URB giveback issue in tasklet function
Suzuki K Poulose <suzuki.poulose@arm.com>
coresight: Clear the connection field properly
Huacai Chen <chenhuacai@loongson.cn>
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
Michael Ellerman <mpe@ellerman.id.au>
powerpc/powernv: Avoid crashing if rng is NULL
Christophe Leroy <christophe.leroy@csgroup.eu>
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
Pali Rohár <pali@kernel.org>
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
Pali Rohár <pali@kernel.org>
PCI: Add defines for normal and subtractive PCI bridges
Alexander Lobakin <alexandr.lobakin@intel.com>
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
Mikulas Patocka <mpatocka@redhat.com>
md-raid10: fix KASAN warning
Narendra Hadke <nhadke@marvell.com>
serial: mvebu-uart: uart2 error bits clearing
Miklos Szeredi <mszeredi@redhat.com>
fuse: limit nsec
Zheyu Ma <zheyuma97@gmail.com>
iio: light: isl29028: Fix the warning in isl29028_remove()
Leo Li <sunpeng.li@amd.com>
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
Timur Tabi <ttabi@nvidia.com>
drm/nouveau: fix another off-by-one in nvbios_addr
Dmitry Osipenko <dmitry.osipenko@collabora.com>
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
Helge Deller <deller@gmx.de>
parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
Helge Deller <deller@gmx.de>
parisc: Fix device names in /proc/iomem
Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
Lukas Wunner <lukas@wunner.de>
usbnet: Fix linkwatch use-after-free on disconnect
Helge Deller <deller@gmx.de>
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
thermal: sysfs: Fix cooling_device_stats_setup() error code path
Yang Xu <xuyang2018.jy@fujitsu.com>
fs: Add missing umask strip in vfs_tmpfile
David Howells <dhowells@redhat.com>
vfs: Check the truncate maximum size in inode_newsize_ok()
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
tty: vt: initialize unicode screen buffer
Meng Tang <tangmeng@uniontech.com>
ALSA: hda/realtek: Add quirk for another Asus K42JZ model
Allen Ballway <ballway@chromium.org>
ALSA: hda/cirrus - support for iMac 12,1 model
Meng Tang <tangmeng@uniontech.com>
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
mm/mremap: hold the rmap lock in write mode when moving page table entries.
Sean Christopherson <seanjc@google.com>
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
Sean Christopherson <seanjc@google.com>
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
Sean Christopherson <seanjc@google.com>
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
Ping Cheng <pinglinux@gmail.com>
HID: wacom: Don't register pad_input for touch switch
Ping Cheng <pinglinux@gmail.com>
HID: wacom: Only report rotation for art pen
Mikulas Patocka <mpatocka@redhat.com>
add barriers to buffer_uptodate and set_buffer_uptodate
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211_hwsim: use 32-bit skb cookie
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211_hwsim: add back erroneously removed cast
Jeongik Cha <jeongik@google.com>
wifi: mac80211_hwsim: fix race condition in pending packet
Sasha Neftin <sasha.neftin@intel.com>
igc: Remove _I_PHY_ID checking
Zheyu Ma <zheyuma97@gmail.com>
ALSA: bcd2000: Fix a UAF bug on the error path of probing
Nilesh Javali <njavali@marvell.com>
scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
Nick Desaulniers <ndesaulniers@google.com>
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
Nick Desaulniers <ndesaulniers@google.com>
Makefile: link with -z noexecstack --no-warn-rwx-segments
-------------
Diffstat:
Documentation/admin-guide/pm/cpuidle.rst | 15 ++--
Documentation/atomic_bitops.txt | 2 +-
Documentation/devicetree/bindings/arm/qcom.yaml | 2 +-
Documentation/firmware-guide/acpi/apei/einj.rst | 2 +-
Makefile | 7 +-
arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +-
arch/arm/boot/dts/aspeed-ast2600-evb.dts | 2 +-
arch/arm/boot/dts/imx6ul.dtsi | 31 +++----
arch/arm/boot/dts/qcom-mdm9615.dtsi | 1 +
arch/arm/boot/dts/qcom-pm8841.dtsi | 1 +
arch/arm/boot/dts/uniphier-pxs2.dtsi | 8 +-
arch/arm/lib/findbit.S | 16 ++--
arch/arm/mach-bcm/bcm_kona_smc.c | 1 +
arch/arm/mach-omap2/display.c | 3 +
arch/arm/mach-omap2/prm3xxx.c | 1 +
arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c | 5 +-
arch/arm/mach-zynq/common.c | 1 +
.../boot/dts/allwinner/sun50i-a64-orangepi-win.dts | 2 +-
.../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 2 +-
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi | 8 +-
arch/arm64/crypto/Kconfig | 1 +
arch/arm64/include/asm/processor.h | 3 +-
arch/arm64/kernel/armv8_deprecated.c | 9 ++-
arch/ia64/include/asm/processor.h | 2 +-
arch/mips/cavium-octeon/octeon-platform.c | 3 +-
arch/mips/kernel/proc.c | 2 +-
arch/mips/mm/tlbex.c | 4 +-
arch/nios2/include/asm/entry.h | 3 +-
arch/nios2/include/asm/ptrace.h | 2 +
arch/nios2/kernel/entry.S | 22 +++--
arch/nios2/kernel/signal.c | 3 +-
arch/nios2/kernel/syscall_table.c | 1 +
arch/parisc/kernel/drivers.c | 9 +--
arch/parisc/kernel/syscalls/syscall.tbl | 2 +-
arch/powerpc/Makefile | 26 +-----
arch/powerpc/kernel/pci-common.c | 45 +++++++----
arch/powerpc/kernel/prom.c | 7 ++
arch/powerpc/mm/ptdump/shared.c | 6 +-
arch/powerpc/platforms/Kconfig.cputype | 25 ++++--
arch/powerpc/platforms/cell/axon_msi.c | 1 +
arch/powerpc/platforms/cell/spufs/inode.c | 1 +
arch/powerpc/platforms/powernv/rng.c | 2 +
arch/powerpc/sysdev/fsl_pci.c | 8 ++
arch/powerpc/sysdev/fsl_pci.h | 1 +
arch/powerpc/sysdev/xive/spapr.c | 1 +
arch/riscv/boot/dts/sifive/fu540-c000.dtsi | 24 ++++++
arch/riscv/kernel/sys_riscv.c | 5 +-
arch/riscv/kernel/traps.c | 4 +
arch/s390/kernel/machine_kexec_file.c | 18 +++--
arch/um/os-Linux/skas/process.c | 17 +++-
arch/x86/boot/Makefile | 2 +-
arch/x86/boot/compressed/Makefile | 4 +
arch/x86/entry/vdso/Makefile | 2 +-
arch/x86/kernel/pmem.c | 7 +-
arch/x86/kernel/process.c | 9 ++-
arch/x86/kvm/emulate.c | 23 +++---
arch/x86/kvm/hyperv.c | 3 +
arch/x86/kvm/lapic.c | 4 +
arch/x86/kvm/svm.c | 2 -
arch/x86/kvm/vmx/nested.c | 76 +++++++++--------
arch/x86/mm/numa.c | 4 +-
arch/x86/platform/olpc/olpc-xo1-sci.c | 2 +-
block/blk-mq-debugfs.c | 3 +
drivers/acpi/acpi_lpss.c | 3 +
drivers/acpi/cppc_acpi.c | 54 ++++++-------
drivers/acpi/ec.c | 7 --
drivers/acpi/pci_mcfg.c | 3 +
drivers/acpi/property.c | 8 +-
drivers/acpi/sleep.c | 8 ++
drivers/ata/libata-eh.c | 1 +
drivers/atm/idt77252.c | 1 +
drivers/base/dd.c | 5 +-
drivers/block/null_blk_main.c | 14 +++-
drivers/bluetooth/hci_intel.c | 6 +-
drivers/bus/hisi_lpc.c | 10 ++-
drivers/clk/mediatek/reset.c | 4 +-
drivers/clk/qcom/camcc-sdm845.c | 4 +
drivers/clk/qcom/clk-krait.c | 7 +-
drivers/clk/qcom/gcc-ipq8074.c | 19 +++++
drivers/clk/renesas/r9a06g032-clocks.c | 8 +-
drivers/clk/rockchip/clk-rk3188.c | 1 +
drivers/crypto/hisilicon/sec/sec_algs.c | 14 ++--
drivers/crypto/hisilicon/sec/sec_drv.h | 2 +-
drivers/crypto/inside-secure/safexcel.c | 2 +
drivers/dma/sprd-dma.c | 5 +-
drivers/firmware/arm_scpi.c | 61 ++++++++------
drivers/fpga/altera-pr-ip-core.c | 2 +-
drivers/gpio/gpiolib-of.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 +
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 24 ++++--
drivers/gpu/drm/bridge/sil-sii8620.c | 4 +-
drivers/gpu/drm/drm_gem.c | 4 +-
drivers/gpu/drm/drm_mipi_dbi.c | 7 ++
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 17 +++-
drivers/gpu/drm/mcde/mcde_dsi.c | 1 +
drivers/gpu/drm/mediatek/mtk_dpi.c | 33 ++------
drivers/gpu/drm/mediatek/mtk_dsi.c | 2 +
drivers/gpu/drm/meson/meson_drv.c | 5 +-
drivers/gpu/drm/meson/meson_viu.c | 22 ++---
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 3 +-
drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +-
drivers/gpu/drm/radeon/ni_dpm.c | 6 +-
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 10 ++-
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 3 +
drivers/gpu/drm/vc4/vc4_dsi.c | 6 +-
drivers/gpu/drm/vc4/vc4_plane.c | 30 +++----
drivers/hid/hid-alps.c | 2 +
drivers/hid/hid-cp2112.c | 5 ++
drivers/hid/wacom_sys.c | 2 +-
drivers/hid/wacom_wac.c | 72 +++++++++++------
drivers/hwtracing/coresight/coresight.c | 1 +
drivers/hwtracing/intel_th/msu-sink.c | 3 +
drivers/hwtracing/intel_th/msu.c | 14 +++-
drivers/hwtracing/intel_th/pci.c | 25 +++++-
drivers/i2c/busses/i2c-cadence.c | 10 ++-
drivers/i2c/i2c-core-base.c | 3 +-
drivers/i2c/muxes/i2c-mux-gpmux.c | 1 +
drivers/iio/light/isl29028.c | 2 +-
drivers/infiniband/hw/hfi1/file_ops.c | 4 +-
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 4 +-
drivers/infiniband/sw/rxe/rxe_qp.c | 12 ++-
drivers/infiniband/sw/siw/siw_cm.c | 7 +-
drivers/iommu/dmar.c | 2 +-
drivers/iommu/exynos-iommu.c | 6 +-
drivers/iommu/qcom_iommu.c | 7 +-
drivers/irqchip/irq-tegra.c | 10 +--
drivers/md/dm-raid.c | 4 +-
drivers/md/dm-thin-metadata.c | 7 +-
drivers/md/dm-thin.c | 4 +-
drivers/md/dm-writecache.c | 2 +-
drivers/md/dm.c | 5 ++
drivers/md/raid10.c | 5 +-
drivers/md/raid5.c | 2 +-
drivers/media/pci/tw686x/tw686x-core.c | 18 ++---
drivers/media/platform/mtk-mdp/mtk_mdp_ipi.h | 2 +
drivers/media/usb/hdpvr/hdpvr-video.c | 2 +-
drivers/memstick/core/ms_block.c | 11 +--
drivers/mfd/max77620.c | 2 +
drivers/mfd/t7l66xb.c | 6 +-
drivers/misc/cardreader/rtsx_pcr.c | 6 +-
drivers/misc/cxl/irq.c | 1 +
drivers/mmc/host/cavium-octeon.c | 1 +
drivers/mmc/host/cavium-thunderx.c | 4 +-
drivers/mmc/host/pxamci.c | 4 +-
drivers/mmc/host/sdhci-of-at91.c | 9 ++-
drivers/mmc/host/sdhci-of-esdhc.c | 1 +
drivers/mtd/devices/st_spi_fsm.c | 8 +-
drivers/mtd/maps/physmap-versatile.c | 2 +
drivers/mtd/nand/raw/meson_nand.c | 1 -
drivers/mtd/parsers/redboot.c | 1 +
drivers/mtd/sm_ftl.c | 2 +-
drivers/net/can/pch_can.c | 8 +-
drivers/net/can/rcar/rcar_can.c | 8 +-
drivers/net/can/sja1000/sja1000.c | 7 +-
drivers/net/can/spi/hi311x.c | 5 +-
drivers/net/can/spi/mcp251x.c | 18 ++++-
drivers/net/can/sun4i_can.c | 9 +--
drivers/net/can/usb/ems_usb.c | 2 +-
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 12 ++-
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 6 +-
drivers/net/can/usb/usb_8dev.c | 7 +-
drivers/net/dsa/microchip/ksz9477.c | 3 +
drivers/net/dsa/mv88e6060.c | 3 +
drivers/net/ethernet/broadcom/bgmac.c | 2 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 4 +-
drivers/net/ethernet/freescale/fec_ptp.c | 6 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 4 +-
drivers/net/ethernet/intel/iavf/iavf.h | 1 +
drivers/net/ethernet/intel/iavf/iavf_adminq.c | 15 +++-
drivers/net/ethernet/intel/iavf/iavf_main.c | 25 +++++-
drivers/net/ethernet/intel/ice/ice_switch.c | 2 +-
drivers/net/ethernet/intel/igb/igb.h | 2 +
drivers/net/ethernet/intel/igb/igb_main.c | 12 ++-
drivers/net/ethernet/intel/igc/igc_base.c | 10 +--
drivers/net/ethernet/intel/igc/igc_main.c | 3 +-
drivers/net/ethernet/intel/igc/igc_phy.c | 6 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +-
drivers/net/ethernet/moxa/moxart_ether.c | 20 ++---
.../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +
drivers/net/geneve.c | 3 +-
drivers/net/netdevsim/bpf.c | 8 +-
drivers/net/plip/plip.c | 2 +-
drivers/net/usb/ax88179_178a.c | 16 ++--
drivers/net/usb/usbnet.c | 8 +-
drivers/net/wireless/ath/ath10k/snoc.c | 5 +-
drivers/net/wireless/ath/ath9k/htc.h | 10 +--
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 3 +-
drivers/net/wireless/ath/wil6210/debugfs.c | 18 ++---
drivers/net/wireless/intel/iwlegacy/4965-rs.c | 5 +-
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 1 +
drivers/net/wireless/intersil/p54/main.c | 2 +-
drivers/net/wireless/intersil/p54/p54spi.c | 3 +-
drivers/net/wireless/mac80211_hwsim.c | 14 ++--
drivers/net/wireless/marvell/libertas/if_usb.c | 1 +
drivers/net/wireless/mediatek/mt76/mac80211.c | 1 +
drivers/net/wireless/realtek/rtlwifi/debug.c | 8 +-
drivers/ntb/test/ntb_tool.c | 8 +-
drivers/nvme/target/tcp.c | 3 +-
drivers/opp/core.c | 4 +-
drivers/pci/controller/dwc/pcie-tegra194.c | 48 ++++++-----
drivers/pci/pcie/portdrv_core.c | 9 +--
drivers/pci/quirks.c | 3 +
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +-
drivers/pinctrl/qcom/pinctrl-msm8916.c | 4 +-
drivers/pinctrl/sunxi/pinctrl-sun50i-h6-r.c | 1 +
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 7 +-
drivers/platform/olpc/olpc-ec.c | 2 +-
drivers/regulator/of_regulator.c | 6 +-
drivers/remoteproc/qcom_wcnss.c | 10 ++-
drivers/rpmsg/qcom_smd.c | 1 +
drivers/s390/char/zcore.c | 11 ++-
drivers/s390/cio/vfio_ccw_drv.c | 14 +---
drivers/s390/scsi/zfcp_fc.c | 29 ++++---
drivers/s390/scsi/zfcp_fc.h | 6 +-
drivers/s390/scsi/zfcp_fsf.c | 4 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 20 ++---
drivers/scsi/qla2xxx/qla_def.h | 4 +-
drivers/scsi/qla2xxx/qla_gbl.h | 3 +-
drivers/scsi/qla2xxx/qla_init.c | 34 +++++++-
drivers/scsi/qla2xxx/qla_isr.c | 16 ++--
drivers/scsi/qla2xxx/qla_mbx.c | 17 ++--
drivers/scsi/qla2xxx/qla_nvme.c | 5 --
drivers/scsi/sg.c | 57 +++++++------
drivers/scsi/smartpqi/smartpqi_init.c | 4 +-
drivers/soc/amlogic/meson-mx-socinfo.c | 1 +
drivers/soc/fsl/guts.c | 2 +-
drivers/soc/qcom/qcom_aoss.c | 4 +-
drivers/soundwire/bus_type.c | 8 +-
drivers/spi/spi-rspi.c | 4 +
drivers/spi/spi-synquacer.c | 1 +
drivers/staging/rtl8192u/r8192U.h | 2 +-
drivers/staging/rtl8192u/r8192U_dm.c | 38 +++++----
drivers/staging/rtl8192u/r8192U_dm.h | 2 +-
drivers/tee/tee_core.c | 3 +
drivers/thermal/thermal_sysfs.c | 10 ++-
drivers/tty/n_gsm.c | 90 ++++++++++++++++++---
drivers/tty/serial/8250/8250_dw.c | 3 +
drivers/tty/serial/mvebu-uart.c | 11 +++
drivers/tty/serial/ucc_uart.c | 2 +
drivers/tty/vt/vt.c | 2 +-
drivers/usb/cdns3/gadget.c | 2 +-
drivers/usb/core/hcd.c | 26 +++---
drivers/usb/gadget/function/uvc_video.c | 2 +-
drivers/usb/gadget/legacy/inode.c | 1 +
drivers/usb/gadget/udc/Kconfig | 2 +-
drivers/usb/host/ehci-ppc-of.c | 1 +
drivers/usb/host/ohci-nxp.c | 1 +
drivers/usb/host/ohci-ppc-of.c | 1 +
drivers/usb/host/xhci-tegra.c | 8 +-
drivers/usb/host/xhci.h | 2 +-
drivers/usb/renesas_usbhs/rza.c | 4 +
drivers/usb/serial/sierra.c | 3 +-
drivers/usb/serial/usb-serial.c | 2 +-
drivers/usb/serial/usb_wwan.c | 3 +-
drivers/vfio/vfio.c | 1 +
drivers/video/fbdev/amba-clcd.c | 24 ++++--
drivers/video/fbdev/arkfb.c | 9 ++-
drivers/video/fbdev/core/fbcon.c | 8 +-
drivers/video/fbdev/i740fb.c | 9 ++-
drivers/video/fbdev/s3fb.c | 2 +
drivers/video/fbdev/sis/init.c | 4 +-
drivers/video/fbdev/vt8623fb.c | 2 +
drivers/virt/vboxguest/vboxguest_linux.c | 9 ++-
drivers/watchdog/armada_37xx_wdt.c | 2 +
drivers/xen/xenbus/xenbus_dev_frontend.c | 4 +-
fs/attr.c | 2 +
fs/btrfs/block-group.c | 1 +
fs/btrfs/disk-io.c | 14 ++++
fs/btrfs/raid56.c | 74 +++++++++++++----
fs/btrfs/tree-log.c | 4 +-
fs/cifs/smb2ops.c | 5 +-
fs/erofs/decompressor.c | 16 ++--
fs/eventpoll.c | 22 +++++
fs/ext2/super.c | 12 ++-
fs/ext4/inline.c | 3 +
fs/ext4/inode.c | 10 ++-
fs/ext4/migrate.c | 4 +-
fs/ext4/namei.c | 23 ++++--
fs/ext4/resize.c | 11 +++
fs/ext4/xattr.c | 6 +-
fs/ext4/xattr.h | 13 +++
fs/f2fs/node.c | 6 +-
fs/fuse/control.c | 4 +-
fs/fuse/inode.c | 6 ++
fs/jbd2/commit.c | 2 +-
fs/jbd2/transaction.c | 14 +++-
fs/namei.c | 2 +
fs/nfs/nfs4idmap.c | 46 ++++++-----
fs/nfs/nfs4proc.c | 20 ++---
fs/overlayfs/export.c | 2 +-
fs/splice.c | 10 +--
include/acpi/cppc_acpi.h | 2 +-
include/asm-generic/bitops/atomic.h | 6 --
include/linux/buffer_head.h | 25 +++++-
include/linux/kfifo.h | 2 +-
include/linux/kvm_host.h | 28 ++++++-
include/linux/mfd/t7l66xb.h | 1 -
include/linux/nmi.h | 2 +
include/linux/pci_ids.h | 2 +
include/linux/tpm_eventlog.h | 2 +-
include/linux/usb/hcd.h | 1 +
include/linux/wait.h | 9 ++-
include/sound/core.h | 8 ++
include/trace/events/spmi.h | 12 +--
include/uapi/linux/can/error.h | 5 +-
kernel/irq/chip.c | 3 +-
kernel/kprobes.c | 3 +-
kernel/power/user.c | 13 ++-
kernel/profile.c | 7 ++
kernel/sched/rt.c | 15 ++--
kernel/time/timekeeping.c | 7 +-
kernel/trace/trace_events.c | 1 +
kernel/trace/trace_probe.c | 5 +-
kernel/watchdog.c | 21 +++--
lib/list_debug.c | 12 ++-
mm/mmap.c | 1 -
mm/mremap.c | 6 +-
net/9p/client.c | 5 +-
net/bluetooth/l2cap_core.c | 13 ++-
net/can/j1939/socket.c | 5 +-
net/can/j1939/transport.c | 8 +-
net/core/devlink.c | 4 +-
net/dccp/proto.c | 10 +--
net/ipv4/tcp_output.c | 30 ++++---
net/netfilter/nf_tables_api.c | 14 +++-
net/rds/ib_recv.c | 1 +
net/rose/af_rose.c | 11 ++-
net/rose/rose_route.c | 2 +
net/sched/cls_route.c | 12 ++-
net/sunrpc/auth.c | 2 +-
net/sunrpc/backchannel_rqst.c | 14 ++++
net/vmw_vsock/af_vsock.c | 10 ++-
scripts/Makefile.gcc-plugins | 2 +-
scripts/faddr2line | 4 +-
security/apparmor/apparmorfs.c | 2 +-
security/apparmor/audit.c | 2 +-
security/apparmor/domain.c | 2 +-
security/apparmor/include/lib.h | 5 ++
security/apparmor/include/policy.h | 2 +-
security/apparmor/label.c | 13 +--
security/apparmor/mount.c | 8 +-
security/selinux/ss/policydb.h | 2 +
sound/core/info.c | 6 +-
sound/core/misc.c | 94 ++++++++++++++++++++++
sound/core/timer.c | 11 +--
sound/pci/hda/patch_cirrus.c | 1 +
sound/pci/hda/patch_conexant.c | 11 ++-
sound/pci/hda/patch_realtek.c | 11 +++
sound/soc/codecs/da7210.c | 2 +
sound/soc/codecs/msm8916-wcd-digital.c | 46 +++++------
sound/soc/codecs/wcd9335.c | 81 +++++++++----------
sound/soc/generic/audio-graph-card.c | 4 +-
sound/soc/mediatek/mt6797/mt6797-mt6351.c | 6 +-
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | 10 ++-
sound/soc/mediatek/mt8173/mt8173-rt5650.c | 9 ++-
sound/soc/qcom/qdsp6/q6adm.c | 2 +-
sound/usb/bcd2000/bcd2000.c | 3 +-
tools/build/feature/test-libcrypto.c | 15 +++-
tools/lib/bpf/libbpf.c | 9 ++-
tools/perf/util/genelf.c | 6 +-
tools/perf/util/symbol-elf.c | 27 +++++--
tools/testing/selftests/bpf/test_btf.c | 2 +-
.../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 1 -
.../testing/selftests/timers/clocksource-switch.c | 6 +-
tools/testing/selftests/timers/valid-adjtimex.c | 2 +-
tools/thermal/tmon/sysfs.c | 24 +++---
tools/thermal/tmon/tmon.h | 3 +
tools/vm/slabinfo.c | 32 +++++---
virt/kvm/kvm_main.c | 10 +--
370 files changed, 2237 insertions(+), 1122 deletions(-)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 001/389] Makefile: link with -z noexecstack --no-warn-rwx-segments
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 002/389] x86: link vdso and boot " Greg Kroah-Hartman
` (392 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fangrui Song, Nick Desaulniers,
Linus Torvalds, Jens Axboe
From: Nick Desaulniers <ndesaulniers@google.com>
commit 0d362be5b14200b77ecc2127936a5ff82fbffe41 upstream.
Users of GNU ld (BFD) from binutils 2.39+ will observe multiple
instances of a new warning when linking kernels in the form:
ld: warning: vmlinux: missing .note.GNU-stack section implies executable stack
ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld: warning: vmlinux has a LOAD segment with RWX permissions
Generally, we would like to avoid the stack being executable. Because
there could be a need for the stack to be executable, assembler sources
have to opt-in to this security feature via explicit creation of the
.note.GNU-stack feature (which compilers create by default) or command
line flag --noexecstack. Or we can simply tell the linker the
production of such sections is irrelevant and to link the stack as
--noexecstack.
LLVM's LLD linker defaults to -z noexecstack, so this flag isn't
strictly necessary when linking with LLD, only BFD, but it doesn't hurt
to be explicit here for all linkers IMO. --no-warn-rwx-segments is
currently BFD specific and only available in the current latest release,
so it's wrapped in an ld-option check.
While the kernel makes extensive usage of ELF sections, it doesn't use
permissions from ELF segments.
Link: https://lore.kernel.org/linux-block/3af4127a-f453-4cf7-f133-a181cce06f73@kernel.dk/
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
Link: https://github.com/llvm/llvm-project/issues/57009
Reported-and-tested-by: Jens Axboe <axboe@kernel.dk>
Suggested-by: Fangrui Song <maskray@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Makefile | 3 +++
1 file changed, 3 insertions(+)
--- a/Makefile
+++ b/Makefile
@@ -932,6 +932,9 @@ KBUILD_CFLAGS += $(KCFLAGS)
KBUILD_LDFLAGS_MODULE += --build-id
LDFLAGS_vmlinux += --build-id
+KBUILD_LDFLAGS += -z noexecstack
+KBUILD_LDFLAGS += $(call ld-option,--no-warn-rwx-segments)
+
ifeq ($(CONFIG_STRIP_ASM_SYMS),y)
LDFLAGS_vmlinux += $(call ld-option, -X,)
endif
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 002/389] x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 001/389] Makefile: link with -z noexecstack --no-warn-rwx-segments Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 003/389] scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" Greg Kroah-Hartman
` (391 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fangrui Song, Nick Desaulniers,
Linus Torvalds, Jens Axboe
From: Nick Desaulniers <ndesaulniers@google.com>
commit ffcf9c5700e49c0aee42dcba9a12ba21338e8136 upstream.
Users of GNU ld (BFD) from binutils 2.39+ will observe multiple
instances of a new warning when linking kernels in the form:
ld: warning: arch/x86/boot/pmjump.o: missing .note.GNU-stack section implies executable stack
ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld: warning: arch/x86/boot/compressed/vmlinux has a LOAD segment with RWX permissions
Generally, we would like to avoid the stack being executable. Because
there could be a need for the stack to be executable, assembler sources
have to opt-in to this security feature via explicit creation of the
.note.GNU-stack feature (which compilers create by default) or command
line flag --noexecstack. Or we can simply tell the linker the
production of such sections is irrelevant and to link the stack as
--noexecstack.
LLVM's LLD linker defaults to -z noexecstack, so this flag isn't
strictly necessary when linking with LLD, only BFD, but it doesn't hurt
to be explicit here for all linkers IMO. --no-warn-rwx-segments is
currently BFD specific and only available in the current latest release,
so it's wrapped in an ld-option check.
While the kernel makes extensive usage of ELF sections, it doesn't use
permissions from ELF segments.
Link: https://lore.kernel.org/linux-block/3af4127a-f453-4cf7-f133-a181cce06f73@kernel.dk/
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
Link: https://github.com/llvm/llvm-project/issues/57009
Reported-and-tested-by: Jens Axboe <axboe@kernel.dk>
Suggested-by: Fangrui Song <maskray@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/Makefile | 2 +-
arch/x86/boot/compressed/Makefile | 4 ++++
arch/x86/entry/vdso/Makefile | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -100,7 +100,7 @@ $(obj)/zoffset.h: $(obj)/compressed/vmli
AFLAGS_header.o += -I$(objtree)/$(obj)
$(obj)/header.o: $(obj)/zoffset.h
-LDFLAGS_setup.elf := -m elf_i386 -T
+LDFLAGS_setup.elf := -m elf_i386 -z noexecstack -T
$(obj)/setup.elf: $(src)/setup.ld $(SETUP_OBJS) FORCE
$(call if_changed,ld)
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -57,6 +57,10 @@ else
KBUILD_LDFLAGS += $(shell $(LD) --help 2>&1 | grep -q "\-z noreloc-overflow" \
&& echo "-z noreloc-overflow -pie --no-dynamic-linker")
endif
+
+KBUILD_LDFLAGS += -z noexecstack
+KBUILD_LDFLAGS += $(call ld-option,--no-warn-rwx-segments)
+
LDFLAGS_vmlinux := -T
hostprogs-y := mkpiggy
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
@@ -178,7 +178,7 @@ quiet_cmd_vdso = VDSO $@
sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
VDSO_LDFLAGS = -shared --hash-style=both --build-id \
- $(call ld-option, --eh-frame-hdr) -Bsymbolic
+ $(call ld-option, --eh-frame-hdr) -Bsymbolic -z noexecstack
GCOV_PROFILE := n
quiet_cmd_vdso_and_check = VDSO $@
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 003/389] scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 001/389] Makefile: link with -z noexecstack --no-warn-rwx-segments Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 002/389] x86: link vdso and boot " Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 004/389] ALSA: bcd2000: Fix a UAF bug on the error path of probing Greg Kroah-Hartman
` (390 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Himanshu Madhani, Nilesh Javali,
Martin K. Petersen
From: Nilesh Javali <njavali@marvell.com>
commit 5bc7b01c513a4a9b4cfe306e8d1720cfcfd3b8a3 upstream.
This fixes the regression of NVMe discovery failure during driver load
time.
This reverts commit 6a45c8e137d4e2c72eecf1ac7cf64f2fdfcead99.
Link: https://lore.kernel.org/r/20220713052045.10683-2-njavali@marvell.com
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 5 ++---
drivers/scsi/qla2xxx/qla_nvme.c | 5 -----
2 files changed, 2 insertions(+), 8 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -5388,8 +5388,6 @@ qla2x00_reg_remote_port(scsi_qla_host_t
if (atomic_read(&fcport->state) == FCS_ONLINE)
return;
- qla2x00_set_fcport_state(fcport, FCS_ONLINE);
-
rport_ids.node_name = wwn_to_u64(fcport->node_name);
rport_ids.port_name = wwn_to_u64(fcport->port_name);
rport_ids.port_id = fcport->d_id.b.domain << 16 |
@@ -5485,7 +5483,6 @@ qla2x00_update_fcport(scsi_qla_host_t *v
qla2x00_reg_remote_port(vha, fcport);
break;
case MODE_TARGET:
- qla2x00_set_fcport_state(fcport, FCS_ONLINE);
if (!vha->vha_tgt.qla_tgt->tgt_stop &&
!vha->vha_tgt.qla_tgt->tgt_stopped)
qlt_fc_port_added(vha, fcport);
@@ -5500,6 +5497,8 @@ qla2x00_update_fcport(scsi_qla_host_t *v
break;
}
+ qla2x00_set_fcport_state(fcport, FCS_ONLINE);
+
if (IS_IIDMA_CAPABLE(vha->hw) && vha->hw->flags.gpsc_supported) {
if (fcport->id_changed) {
fcport->id_changed = 0;
--- a/drivers/scsi/qla2xxx/qla_nvme.c
+++ b/drivers/scsi/qla2xxx/qla_nvme.c
@@ -36,11 +36,6 @@ int qla_nvme_register_remote(struct scsi
(fcport->nvme_flag & NVME_FLAG_REGISTERED))
return 0;
- if (atomic_read(&fcport->state) == FCS_ONLINE)
- return 0;
-
- qla2x00_set_fcport_state(fcport, FCS_ONLINE);
-
fcport->nvme_flag &= ~NVME_FLAG_RESETTING;
memset(&req, 0, sizeof(struct nvme_fc_port_info));
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 004/389] ALSA: bcd2000: Fix a UAF bug on the error path of probing
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 003/389] scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 005/389] igc: Remove _I_PHY_ID checking Greg Kroah-Hartman
` (389 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Takashi Iwai
From: Zheyu Ma <zheyuma97@gmail.com>
commit ffb2759df7efbc00187bfd9d1072434a13a54139 upstream.
When the driver fails in snd_card_register() at probe time, it will free
the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug.
The following log can reveal it:
[ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]
[ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0
[ 50.729530] Call Trace:
[ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]
Fix this by adding usb_kill_urb() before usb_free_urb().
Fixes: b47a22290d58 ("ALSA: MIDI driver for Behringer BCD2000 USB device")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220715010515.2087925-1-zheyuma97@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/bcd2000/bcd2000.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/sound/usb/bcd2000/bcd2000.c
+++ b/sound/usb/bcd2000/bcd2000.c
@@ -348,7 +348,8 @@ static int bcd2000_init_midi(struct bcd2
static void bcd2000_free_usb_related_resources(struct bcd2000 *bcd2k,
struct usb_interface *interface)
{
- /* usb_kill_urb not necessary, urb is aborted automatically */
+ usb_kill_urb(bcd2k->midi_out_urb);
+ usb_kill_urb(bcd2k->midi_in_urb);
usb_free_urb(bcd2k->midi_out_urb);
usb_free_urb(bcd2k->midi_in_urb);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 005/389] igc: Remove _I_PHY_ID checking
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 004/389] ALSA: bcd2000: Fix a UAF bug on the error path of probing Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 006/389] wifi: mac80211_hwsim: fix race condition in pending packet Greg Kroah-Hartman
` (388 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sasha Neftin, Dvora Fuxbrumer,
Tony Nguyen, Linjun Bao
From: Sasha Neftin <sasha.neftin@intel.com>
commit 7c496de538eebd8212dc2a3c9a468386b264d0d4 upstream.
i225 devices have only one PHY vendor. There is no point checking
_I_PHY_ID during the link establishment and auto-negotiation process.
This patch comes to clean up these pointless checkings.
Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
Tested-by: Dvora Fuxbrumer <dvorax.fuxbrumer@linux.intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: Linjun Bao <meljbao@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/igc/igc_base.c | 10 +---------
drivers/net/ethernet/intel/igc/igc_main.c | 3 +--
drivers/net/ethernet/intel/igc/igc_phy.c | 6 ++----
3 files changed, 4 insertions(+), 15 deletions(-)
--- a/drivers/net/ethernet/intel/igc/igc_base.c
+++ b/drivers/net/ethernet/intel/igc/igc_base.c
@@ -187,15 +187,7 @@ static s32 igc_init_phy_params_base(stru
igc_check_for_copper_link(hw);
- /* Verify phy id and set remaining function pointers */
- switch (phy->id) {
- case I225_I_PHY_ID:
- phy->type = igc_phy_i225;
- break;
- default:
- ret_val = -IGC_ERR_PHY;
- goto out;
- }
+ phy->type = igc_phy_i225;
out:
return ret_val;
--- a/drivers/net/ethernet/intel/igc/igc_main.c
+++ b/drivers/net/ethernet/intel/igc/igc_main.c
@@ -2884,8 +2884,7 @@ bool igc_has_link(struct igc_adapter *ad
break;
}
- if (hw->mac.type == igc_i225 &&
- hw->phy.id == I225_I_PHY_ID) {
+ if (hw->mac.type == igc_i225) {
if (!netif_carrier_ok(adapter->netdev)) {
adapter->flags &= ~IGC_FLAG_NEED_LINK_UPDATE;
} else if (!(adapter->flags & IGC_FLAG_NEED_LINK_UPDATE)) {
--- a/drivers/net/ethernet/intel/igc/igc_phy.c
+++ b/drivers/net/ethernet/intel/igc/igc_phy.c
@@ -235,8 +235,7 @@ static s32 igc_phy_setup_autoneg(struct
return ret_val;
}
- if ((phy->autoneg_mask & ADVERTISE_2500_FULL) &&
- hw->phy.id == I225_I_PHY_ID) {
+ if (phy->autoneg_mask & ADVERTISE_2500_FULL) {
/* Read the MULTI GBT AN Control Register - reg 7.32 */
ret_val = phy->ops.read_reg(hw, (STANDARD_AN_REG_MASK <<
MMD_DEVADDR_SHIFT) |
@@ -376,8 +375,7 @@ static s32 igc_phy_setup_autoneg(struct
ret_val = phy->ops.write_reg(hw, PHY_1000T_CTRL,
mii_1000t_ctrl_reg);
- if ((phy->autoneg_mask & ADVERTISE_2500_FULL) &&
- hw->phy.id == I225_I_PHY_ID)
+ if (phy->autoneg_mask & ADVERTISE_2500_FULL)
ret_val = phy->ops.write_reg(hw,
(STANDARD_AN_REG_MASK <<
MMD_DEVADDR_SHIFT) |
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 006/389] wifi: mac80211_hwsim: fix race condition in pending packet
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 005/389] igc: Remove _I_PHY_ID checking Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 007/389] wifi: mac80211_hwsim: add back erroneously removed cast Greg Kroah-Hartman
` (387 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jeongik Cha, Johannes Berg
From: Jeongik Cha <jeongik@google.com>
commit 4ee186fa7e40ae06ebbfbad77e249e3746e14114 upstream.
A pending packet uses a cookie as an unique key, but it can be duplicated
because it didn't use atomic operators.
And also, a pending packet can be null in hwsim_tx_info_frame_received_nl
due to race condition with mac80211_hwsim_stop.
For this,
* Use an atomic type and operator for a cookie
* Add a lock around the loop for pending packets
Signed-off-by: Jeongik Cha <jeongik@google.com>
Link: https://lore.kernel.org/r/20220704084354.3556326-1-jeongik@google.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mac80211_hwsim.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -527,7 +527,7 @@ struct mac80211_hwsim_data {
bool ps_poll_pending;
struct dentry *debugfs;
- uintptr_t pending_cookie;
+ atomic64_t pending_cookie;
struct sk_buff_head pending; /* packets pending */
/*
* Only radios in the same group can communicate together (the
@@ -1044,7 +1044,7 @@ static void mac80211_hwsim_tx_frame_nl(s
int i;
struct hwsim_tx_rate tx_attempts[IEEE80211_TX_MAX_RATES];
struct hwsim_tx_rate_flag tx_attempts_flags[IEEE80211_TX_MAX_RATES];
- uintptr_t cookie;
+ u64 cookie;
if (data->ps != PS_DISABLED)
hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
@@ -1113,8 +1113,7 @@ static void mac80211_hwsim_tx_frame_nl(s
goto nla_put_failure;
/* We create a cookie to identify this skb */
- data->pending_cookie++;
- cookie = data->pending_cookie;
+ cookie = (u64)atomic64_inc_return(&data->pending_cookie);
info->rate_driver_data[0] = (void *)cookie;
if (nla_put_u64_64bit(skb, HWSIM_ATTR_COOKIE, cookie, HWSIM_ATTR_PAD))
goto nla_put_failure;
@@ -3260,6 +3259,7 @@ static int hwsim_tx_info_frame_received_
const u8 *src;
unsigned int hwsim_flags;
int i;
+ unsigned long flags;
bool found = false;
if (!info->attrs[HWSIM_ATTR_ADDR_TRANSMITTER] ||
@@ -3284,18 +3284,20 @@ static int hwsim_tx_info_frame_received_
goto out;
/* look for the skb matching the cookie passed back from user */
+ spin_lock_irqsave(&data2->pending.lock, flags);
skb_queue_walk_safe(&data2->pending, skb, tmp) {
u64 skb_cookie;
txi = IEEE80211_SKB_CB(skb);
- skb_cookie = (u64)(uintptr_t)txi->rate_driver_data[0];
+ skb_cookie = (u64)txi->rate_driver_data[0];
if (skb_cookie == ret_skb_cookie) {
- skb_unlink(skb, &data2->pending);
+ __skb_unlink(skb, &data2->pending);
found = true;
break;
}
}
+ spin_unlock_irqrestore(&data2->pending.lock, flags);
/* not found */
if (!found)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 007/389] wifi: mac80211_hwsim: add back erroneously removed cast
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 006/389] wifi: mac80211_hwsim: fix race condition in pending packet Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 008/389] wifi: mac80211_hwsim: use 32-bit skb cookie Greg Kroah-Hartman
` (386 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Johannes Berg,
Jeongik Cha
From: Johannes Berg <johannes.berg@intel.com>
commit 58b6259d820d63c2adf1c7541b54cce5a2ae6073 upstream.
The robots report that we're now casting to a differently
sized integer, which is correct, and the previous patch
had erroneously removed it.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 4ee186fa7e40 ("wifi: mac80211_hwsim: fix race condition in pending packet")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Cc: Jeongik Cha <jeongik@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mac80211_hwsim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3289,7 +3289,7 @@ static int hwsim_tx_info_frame_received_
u64 skb_cookie;
txi = IEEE80211_SKB_CB(skb);
- skb_cookie = (u64)txi->rate_driver_data[0];
+ skb_cookie = (u64)(uintptr_t)txi->rate_driver_data[0];
if (skb_cookie == ret_skb_cookie) {
__skb_unlink(skb, &data2->pending);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 008/389] wifi: mac80211_hwsim: use 32-bit skb cookie
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 007/389] wifi: mac80211_hwsim: add back erroneously removed cast Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 009/389] add barriers to buffer_uptodate and set_buffer_uptodate Greg Kroah-Hartman
` (385 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johannes Berg, Jeongik Cha
From: Johannes Berg <johannes.berg@intel.com>
commit cc5250cdb43d444061412df7fae72d2b4acbdf97 upstream.
We won't really have enough skbs to need a 64-bit cookie,
and on 32-bit platforms storing the 64-bit cookie into the
void *rate_driver_data doesn't work anyway. Switch back to
using just a 32-bit cookie and uintptr_t for the type to
avoid compiler warnings about all this.
Fixes: 4ee186fa7e40 ("wifi: mac80211_hwsim: fix race condition in pending packet")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Cc: Jeongik Cha <jeongik@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/mac80211_hwsim.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -527,7 +527,7 @@ struct mac80211_hwsim_data {
bool ps_poll_pending;
struct dentry *debugfs;
- atomic64_t pending_cookie;
+ atomic_t pending_cookie;
struct sk_buff_head pending; /* packets pending */
/*
* Only radios in the same group can communicate together (the
@@ -1044,7 +1044,7 @@ static void mac80211_hwsim_tx_frame_nl(s
int i;
struct hwsim_tx_rate tx_attempts[IEEE80211_TX_MAX_RATES];
struct hwsim_tx_rate_flag tx_attempts_flags[IEEE80211_TX_MAX_RATES];
- u64 cookie;
+ uintptr_t cookie;
if (data->ps != PS_DISABLED)
hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
@@ -1113,7 +1113,7 @@ static void mac80211_hwsim_tx_frame_nl(s
goto nla_put_failure;
/* We create a cookie to identify this skb */
- cookie = (u64)atomic64_inc_return(&data->pending_cookie);
+ cookie = atomic_inc_return(&data->pending_cookie);
info->rate_driver_data[0] = (void *)cookie;
if (nla_put_u64_64bit(skb, HWSIM_ATTR_COOKIE, cookie, HWSIM_ATTR_PAD))
goto nla_put_failure;
@@ -3286,10 +3286,10 @@ static int hwsim_tx_info_frame_received_
/* look for the skb matching the cookie passed back from user */
spin_lock_irqsave(&data2->pending.lock, flags);
skb_queue_walk_safe(&data2->pending, skb, tmp) {
- u64 skb_cookie;
+ uintptr_t skb_cookie;
txi = IEEE80211_SKB_CB(skb);
- skb_cookie = (u64)(uintptr_t)txi->rate_driver_data[0];
+ skb_cookie = (uintptr_t)txi->rate_driver_data[0];
if (skb_cookie == ret_skb_cookie) {
__skb_unlink(skb, &data2->pending);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 009/389] add barriers to buffer_uptodate and set_buffer_uptodate
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 008/389] wifi: mac80211_hwsim: use 32-bit skb cookie Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 010/389] HID: wacom: Only report rotation for art pen Greg Kroah-Hartman
` (384 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka,
Matthew Wilcox (Oracle),
Linus Torvalds
From: Mikulas Patocka <mpatocka@redhat.com>
commit d4252071b97d2027d246f6a82cbee4d52f618b47 upstream.
Let's have a look at this piece of code in __bread_slow:
get_bh(bh);
bh->b_end_io = end_buffer_read_sync;
submit_bh(REQ_OP_READ, 0, bh);
wait_on_buffer(bh);
if (buffer_uptodate(bh))
return bh;
Neither wait_on_buffer nor buffer_uptodate contain any memory barrier.
Consequently, if someone calls sb_bread and then reads the buffer data,
the read of buffer data may be executed before wait_on_buffer(bh) on
architectures with weak memory ordering and it may return invalid data.
Fix this bug by adding a memory barrier to set_buffer_uptodate and an
acquire barrier to buffer_uptodate (in a similar way as
folio_test_uptodate and folio_mark_uptodate).
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/buffer_head.h | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
--- a/include/linux/buffer_head.h
+++ b/include/linux/buffer_head.h
@@ -117,7 +117,6 @@ static __always_inline int test_clear_bu
* of the form "mark_buffer_foo()". These are higher-level functions which
* do something in addition to setting a b_state bit.
*/
-BUFFER_FNS(Uptodate, uptodate)
BUFFER_FNS(Dirty, dirty)
TAS_BUFFER_FNS(Dirty, dirty)
BUFFER_FNS(Lock, locked)
@@ -135,6 +134,30 @@ BUFFER_FNS(Meta, meta)
BUFFER_FNS(Prio, prio)
BUFFER_FNS(Defer_Completion, defer_completion)
+static __always_inline void set_buffer_uptodate(struct buffer_head *bh)
+{
+ /*
+ * make it consistent with folio_mark_uptodate
+ * pairs with smp_load_acquire in buffer_uptodate
+ */
+ smp_mb__before_atomic();
+ set_bit(BH_Uptodate, &bh->b_state);
+}
+
+static __always_inline void clear_buffer_uptodate(struct buffer_head *bh)
+{
+ clear_bit(BH_Uptodate, &bh->b_state);
+}
+
+static __always_inline int buffer_uptodate(const struct buffer_head *bh)
+{
+ /*
+ * make it consistent with folio_test_uptodate
+ * pairs with smp_mb__before_atomic in set_buffer_uptodate
+ */
+ return (smp_load_acquire(&bh->b_state) & (1UL << BH_Uptodate)) != 0;
+}
+
#define bh_offset(bh) ((unsigned long)(bh)->b_data & ~PAGE_MASK)
/* If we *know* page->private refers to buffer_heads */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 010/389] HID: wacom: Only report rotation for art pen
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 009/389] add barriers to buffer_uptodate and set_buffer_uptodate Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 011/389] HID: wacom: Dont register pad_input for touch switch Greg Kroah-Hartman
` (383 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping Cheng, Jason Gerecke, Jiri Kosina
From: Ping Cheng <pinglinux@gmail.com>
commit 7ccced33a0ba39b0103ae1dfbf7f1dffdc0a1bc2 upstream.
The generic routine, wacom_wac_pen_event, turns rotation value 90
degree anti-clockwise before posting the events. This non-zero
event trggers a non-zero ABS_Z event for non art pen tools. However,
HID_DG_TWIST is only supported by art pen.
[jkosina@suse.cz: fix build: add missing brace]
Cc: stable@vger.kernel.org
Signed-off-by: Ping Cheng <ping.cheng@wacom.com>
Reviewed-by: Jason Gerecke <jason.gerecke@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -638,9 +638,26 @@ static int wacom_intuos_id_mangle(int to
return (tool_id & ~0xFFF) << 4 | (tool_id & 0xFFF);
}
+static bool wacom_is_art_pen(int tool_id)
+{
+ bool is_art_pen = false;
+
+ switch (tool_id) {
+ case 0x885: /* Intuos3 Marker Pen */
+ case 0x804: /* Intuos4/5 13HD/24HD Marker Pen */
+ case 0x10804: /* Intuos4/5 13HD/24HD Art Pen */
+ is_art_pen = true;
+ break;
+ }
+ return is_art_pen;
+}
+
static int wacom_intuos_get_tool_type(int tool_id)
{
- int tool_type;
+ int tool_type = BTN_TOOL_PEN;
+
+ if (wacom_is_art_pen(tool_id))
+ return tool_type;
switch (tool_id) {
case 0x812: /* Inking pen */
@@ -655,12 +672,9 @@ static int wacom_intuos_get_tool_type(in
case 0x852:
case 0x823: /* Intuos3 Grip Pen */
case 0x813: /* Intuos3 Classic Pen */
- case 0x885: /* Intuos3 Marker Pen */
case 0x802: /* Intuos4/5 13HD/24HD General Pen */
- case 0x804: /* Intuos4/5 13HD/24HD Marker Pen */
case 0x8e2: /* IntuosHT2 pen */
case 0x022:
- case 0x10804: /* Intuos4/5 13HD/24HD Art Pen */
case 0x10842: /* MobileStudio Pro Pro Pen slim */
case 0x14802: /* Intuos4/5 13HD/24HD Classic Pen */
case 0x16802: /* Cintiq 13HD Pro Pen */
@@ -718,10 +732,6 @@ static int wacom_intuos_get_tool_type(in
case 0x10902: /* Intuos4/5 13HD/24HD Airbrush */
tool_type = BTN_TOOL_AIRBRUSH;
break;
-
- default: /* Unknown tool */
- tool_type = BTN_TOOL_PEN;
- break;
}
return tool_type;
}
@@ -2312,6 +2322,9 @@ static void wacom_wac_pen_event(struct h
}
return;
case HID_DG_TWIST:
+ /* don't modify the value if the pen doesn't support the feature */
+ if (!wacom_is_art_pen(wacom_wac->id[0])) return;
+
/*
* Userspace expects pen twist to have its zero point when
* the buttons/finger is on the tablet's left. HID values
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 011/389] HID: wacom: Dont register pad_input for touch switch
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 010/389] HID: wacom: Only report rotation for art pen Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 012/389] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case Greg Kroah-Hartman
` (382 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ping Cheng, Jason Gerecke, Jiri Kosina
From: Ping Cheng <pinglinux@gmail.com>
commit d6b675687a4ab4dba684716d97c8c6f81bf10905 upstream.
Touch switch state is received through WACOM_PAD_FIELD. However, it
is reported by touch_input. Don't register pad_input if no other pad
events require the interface.
Cc: stable@vger.kernel.org
Signed-off-by: Ping Cheng <ping.cheng@wacom.com>
Reviewed-by: Jason Gerecke <jason.gerecke@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_sys.c | 2 +-
drivers/hid/wacom_wac.c | 43 +++++++++++++++++++++++++------------------
2 files changed, 26 insertions(+), 19 deletions(-)
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2124,7 +2124,7 @@ static int wacom_register_inputs(struct
error = wacom_setup_pad_input_capabilities(pad_input_dev, wacom_wac);
if (error) {
- /* no pad in use on this interface */
+ /* no pad events using this interface */
input_free_device(pad_input_dev);
wacom_wac->pad_input = NULL;
pad_input_dev = NULL;
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2016,7 +2016,6 @@ static void wacom_wac_pad_usage_mapping(
wacom_wac->has_mute_touch_switch = true;
usage->type = EV_SW;
usage->code = SW_MUTE_DEVICE;
- features->device_type |= WACOM_DEVICETYPE_PAD;
break;
case WACOM_HID_WD_TOUCHSTRIP:
wacom_map_usage(input, usage, field, EV_ABS, ABS_RX, 0);
@@ -2096,6 +2095,30 @@ static void wacom_wac_pad_event(struct h
wacom_wac->hid_data.inrange_state |= value;
}
+ /* Process touch switch state first since it is reported through touch interface,
+ * which is indepentent of pad interface. In the case when there are no other pad
+ * events, the pad interface will not even be created.
+ */
+ if ((equivalent_usage == WACOM_HID_WD_MUTE_DEVICE) ||
+ (equivalent_usage == WACOM_HID_WD_TOUCHONOFF)) {
+ if (wacom_wac->shared->touch_input) {
+ bool *is_touch_on = &wacom_wac->shared->is_touch_on;
+
+ if (equivalent_usage == WACOM_HID_WD_MUTE_DEVICE && value)
+ *is_touch_on = !(*is_touch_on);
+ else if (equivalent_usage == WACOM_HID_WD_TOUCHONOFF)
+ *is_touch_on = value;
+
+ input_report_switch(wacom_wac->shared->touch_input,
+ SW_MUTE_DEVICE, !(*is_touch_on));
+ input_sync(wacom_wac->shared->touch_input);
+ }
+ return;
+ }
+
+ if (!input)
+ return;
+
switch (equivalent_usage) {
case WACOM_HID_WD_TOUCHRING:
/*
@@ -2131,22 +2154,6 @@ static void wacom_wac_pad_event(struct h
input_event(input, usage->type, usage->code, 0);
break;
- case WACOM_HID_WD_MUTE_DEVICE:
- case WACOM_HID_WD_TOUCHONOFF:
- if (wacom_wac->shared->touch_input) {
- bool *is_touch_on = &wacom_wac->shared->is_touch_on;
-
- if (equivalent_usage == WACOM_HID_WD_MUTE_DEVICE && value)
- *is_touch_on = !(*is_touch_on);
- else if (equivalent_usage == WACOM_HID_WD_TOUCHONOFF)
- *is_touch_on = value;
-
- input_report_switch(wacom_wac->shared->touch_input,
- SW_MUTE_DEVICE, !(*is_touch_on));
- input_sync(wacom_wac->shared->touch_input);
- }
- break;
-
case WACOM_HID_WD_MODE_CHANGE:
if (wacom_wac->is_direct_mode != value) {
wacom_wac->is_direct_mode = value;
@@ -2776,7 +2783,7 @@ void wacom_wac_event(struct hid_device *
/* usage tests must precede field tests */
if (WACOM_BATTERY_USAGE(usage))
wacom_wac_battery_event(hdev, field, usage, value);
- else if (WACOM_PAD_FIELD(field) && wacom->wacom_wac.pad_input)
+ else if (WACOM_PAD_FIELD(field))
wacom_wac_pad_event(hdev, field, usage, value);
else if (WACOM_PEN_FIELD(field) && wacom->wacom_wac.pen_input)
wacom_wac_pen_event(hdev, field, usage, value);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 012/389] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 011/389] HID: wacom: Dont register pad_input for touch switch Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 013/389] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL " Greg Kroah-Hartman
` (381 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lei Wang, Sean Christopherson, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit fa578398a0ba2c079fa1170da21fa5baae0cedb2 upstream.
If a nested run isn't pending, snapshot vmcs01.GUEST_BNDCFGS irrespective
of whether or not VM_ENTRY_LOAD_BNDCFGS is set in vmcs12. When restoring
nested state, e.g. after migration, without a nested run pending,
prepare_vmcs02() will propagate nested.vmcs01_guest_bndcfgs to vmcs02,
i.e. will load garbage/zeros into vmcs02.GUEST_BNDCFGS.
If userspace restores nested state before MSRs, then loading garbage is a
non-issue as loading BNDCFGS will also update vmcs02. But if usersepace
restores MSRs first, then KVM is responsible for propagating L2's value,
which is actually thrown into vmcs01, into vmcs02.
Restoring L2 MSRs into vmcs01, i.e. loading all MSRs before nested state
is all kinds of bizarre and ideally would not be supported. Sadly, some
VMMs do exactly that and rely on KVM to make things work.
Note, there's still a lurking SMM bug, as propagating vmcs01.GUEST_BNDFGS
to vmcs02 across RSM may corrupt L2's BNDCFGS. But KVM's entire VMX+SMM
emulation is flawed as SMI+RSM should not toouch _any_ VMCS when use the
"default treatment of SMIs", i.e. when not using an SMI Transfer Monitor.
Link: https://lore.kernel.org/all/Yobt1XwOfb5M6Dfa@google.com
Fixes: 62cf9bd8118c ("KVM: nVMX: Fix emulation of VM_ENTRY_LOAD_BNDCFGS")
Cc: stable@vger.kernel.org
Cc: Lei Wang <lei4.wang@intel.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220614215831.3762138-2-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3068,7 +3068,8 @@ enum nvmx_vmentry_status nested_vmx_ente
if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
vmx->nested.vmcs01_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
if (kvm_mpx_supported() &&
- !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS))
+ (!vmx->nested.nested_run_pending ||
+ !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_BNDCFGS)))
vmx->nested.vmcs01_guest_bndcfgs = vmcs_read64(GUEST_BNDCFGS);
/*
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 013/389] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 012/389] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 014/389] KVM: SVM: Dont BUG if userspace injects an interrupt with GIF=0 Greg Kroah-Hartman
` (380 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit 764643a6be07445308e492a528197044c801b3ba upstream.
If a nested run isn't pending, snapshot vmcs01.GUEST_IA32_DEBUGCTL
irrespective of whether or not VM_ENTRY_LOAD_DEBUG_CONTROLS is set in
vmcs12. When restoring nested state, e.g. after migration, without a
nested run pending, prepare_vmcs02() will propagate
nested.vmcs01_debugctl to vmcs02, i.e. will load garbage/zeros into
vmcs02.GUEST_IA32_DEBUGCTL.
If userspace restores nested state before MSRs, then loading garbage is a
non-issue as loading DEBUGCTL will also update vmcs02. But if usersepace
restores MSRs first, then KVM is responsible for propagating L2's value,
which is actually thrown into vmcs01, into vmcs02.
Restoring L2 MSRs into vmcs01, i.e. loading all MSRs before nested state
is all kinds of bizarre and ideally would not be supported. Sadly, some
VMMs do exactly that and rely on KVM to make things work.
Note, there's still a lurking SMM bug, as propagating vmcs01's DEBUGCTL
to vmcs02 across RSM may corrupt L2's DEBUGCTL. But KVM's entire VMX+SMM
emulation is flawed as SMI+RSM should not toouch _any_ VMCS when use the
"default treatment of SMIs", i.e. when not using an SMI Transfer Monitor.
Link: https://lore.kernel.org/all/Yobt1XwOfb5M6Dfa@google.com
Fixes: 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220614215831.3762138-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -3065,7 +3065,8 @@ enum nvmx_vmentry_status nested_vmx_ente
if (likely(!evaluate_pending_interrupts) && kvm_vcpu_apicv_active(vcpu))
evaluate_pending_interrupts |= vmx_has_apicv_interrupt(vcpu);
- if (!(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
+ if (!vmx->nested.nested_run_pending ||
+ !(vmcs12->vm_entry_controls & VM_ENTRY_LOAD_DEBUG_CONTROLS))
vmx->nested.vmcs01_debugctl = vmcs_read64(GUEST_IA32_DEBUGCTL);
if (kvm_mpx_supported() &&
(!vmx->nested.nested_run_pending ||
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 014/389] KVM: SVM: Dont BUG if userspace injects an interrupt with GIF=0
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 013/389] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL " Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 015/389] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value Greg Kroah-Hartman
` (379 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson,
Maciej S. Szmigiero, Paolo Bonzini
From: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
commit f17c31c48e5cde9895a491d91c424eeeada3e134 upstream.
Don't BUG/WARN on interrupt injection due to GIF being cleared,
since it's trivial for userspace to force the situation via
KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct
for KVM internally generated injections).
kernel BUG at arch/x86/kvm/svm/svm.c:3386!
invalid opcode: 0000 [#1] SMP
CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd]
Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53
RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006
RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0
RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000
FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0
Call Trace:
<TASK>
inject_pending_event+0x2f7/0x4c0 [kvm]
kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm]
kvm_vcpu_ioctl+0x26d/0x650 [kvm]
__x64_sys_ioctl+0x82/0xb0
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
</TASK>
Fixes: 219b65dcf6c0 ("KVM: SVM: Improve nested interrupt injection")
Cc: stable@vger.kernel.org
Co-developed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
Message-Id: <35426af6e123cbe91ec7ce5132ce72521f02b1b5.1651440202.git.maciej.szmigiero@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm.c | 2 --
1 file changed, 2 deletions(-)
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5137,8 +5137,6 @@ static void svm_set_irq(struct kvm_vcpu
{
struct vcpu_svm *svm = to_svm(vcpu);
- BUG_ON(!(gif_set(svm)));
-
trace_kvm_inj_virq(vcpu->arch.interrupt.nr);
++vcpu->stat.irq_injections;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 015/389] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 014/389] KVM: SVM: Dont BUG if userspace injects an interrupt with GIF=0 Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 016/389] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks Greg Kroah-Hartman
` (378 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Matlack, Sean Christopherson,
Paolo Bonzini
From: Sean Christopherson <seanjc@google.com>
commit f8ae08f9789ad59d318ea75b570caa454aceda81 upstream.
Restrict the nVMX MSRs based on KVM's config, not based on the guest's
current config. Using the guest's config to audit the new config
prevents userspace from restoring the original config (KVM's config) if
at any point in the past the guest's config was restricted in any way.
Fixes: 62cc6b9dc61e ("KVM: nVMX: support restore of VMX capability MSRs")
Cc: stable@vger.kernel.org
Cc: David Matlack <dmatlack@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20220607213604.3346000-6-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/nested.c | 70 ++++++++++++++++++++++++----------------------
1 file changed, 37 insertions(+), 33 deletions(-)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -1060,7 +1060,7 @@ static int vmx_restore_vmx_basic(struct
BIT_ULL(49) | BIT_ULL(54) | BIT_ULL(55) |
/* reserved */
BIT_ULL(31) | GENMASK_ULL(47, 45) | GENMASK_ULL(63, 56);
- u64 vmx_basic = vmx->nested.msrs.basic;
+ u64 vmx_basic = vmcs_config.nested.basic;
if (!is_bitwise_subset(vmx_basic, data, feature_and_reserved))
return -EINVAL;
@@ -1083,36 +1083,42 @@ static int vmx_restore_vmx_basic(struct
return 0;
}
-static int
-vmx_restore_control_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data)
+static void vmx_get_control_msr(struct nested_vmx_msrs *msrs, u32 msr_index,
+ u32 **low, u32 **high)
{
- u64 supported;
- u32 *lowp, *highp;
-
switch (msr_index) {
case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
- lowp = &vmx->nested.msrs.pinbased_ctls_low;
- highp = &vmx->nested.msrs.pinbased_ctls_high;
+ *low = &msrs->pinbased_ctls_low;
+ *high = &msrs->pinbased_ctls_high;
break;
case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
- lowp = &vmx->nested.msrs.procbased_ctls_low;
- highp = &vmx->nested.msrs.procbased_ctls_high;
+ *low = &msrs->procbased_ctls_low;
+ *high = &msrs->procbased_ctls_high;
break;
case MSR_IA32_VMX_TRUE_EXIT_CTLS:
- lowp = &vmx->nested.msrs.exit_ctls_low;
- highp = &vmx->nested.msrs.exit_ctls_high;
+ *low = &msrs->exit_ctls_low;
+ *high = &msrs->exit_ctls_high;
break;
case MSR_IA32_VMX_TRUE_ENTRY_CTLS:
- lowp = &vmx->nested.msrs.entry_ctls_low;
- highp = &vmx->nested.msrs.entry_ctls_high;
+ *low = &msrs->entry_ctls_low;
+ *high = &msrs->entry_ctls_high;
break;
case MSR_IA32_VMX_PROCBASED_CTLS2:
- lowp = &vmx->nested.msrs.secondary_ctls_low;
- highp = &vmx->nested.msrs.secondary_ctls_high;
+ *low = &msrs->secondary_ctls_low;
+ *high = &msrs->secondary_ctls_high;
break;
default:
BUG();
}
+}
+
+static int
+vmx_restore_control_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data)
+{
+ u32 *lowp, *highp;
+ u64 supported;
+
+ vmx_get_control_msr(&vmcs_config.nested, msr_index, &lowp, &highp);
supported = vmx_control_msr(*lowp, *highp);
@@ -1124,6 +1130,7 @@ vmx_restore_control_msr(struct vcpu_vmx
if (!is_bitwise_subset(supported, data, GENMASK_ULL(63, 32)))
return -EINVAL;
+ vmx_get_control_msr(&vmx->nested.msrs, msr_index, &lowp, &highp);
*lowp = data;
*highp = data >> 32;
return 0;
@@ -1137,10 +1144,8 @@ static int vmx_restore_vmx_misc(struct v
BIT_ULL(28) | BIT_ULL(29) | BIT_ULL(30) |
/* reserved */
GENMASK_ULL(13, 9) | BIT_ULL(31);
- u64 vmx_misc;
-
- vmx_misc = vmx_control_msr(vmx->nested.msrs.misc_low,
- vmx->nested.msrs.misc_high);
+ u64 vmx_misc = vmx_control_msr(vmcs_config.nested.misc_low,
+ vmcs_config.nested.misc_high);
if (!is_bitwise_subset(vmx_misc, data, feature_and_reserved_bits))
return -EINVAL;
@@ -1168,10 +1173,8 @@ static int vmx_restore_vmx_misc(struct v
static int vmx_restore_vmx_ept_vpid_cap(struct vcpu_vmx *vmx, u64 data)
{
- u64 vmx_ept_vpid_cap;
-
- vmx_ept_vpid_cap = vmx_control_msr(vmx->nested.msrs.ept_caps,
- vmx->nested.msrs.vpid_caps);
+ u64 vmx_ept_vpid_cap = vmx_control_msr(vmcs_config.nested.ept_caps,
+ vmcs_config.nested.vpid_caps);
/* Every bit is either reserved or a feature bit. */
if (!is_bitwise_subset(vmx_ept_vpid_cap, data, -1ULL))
@@ -1182,20 +1185,21 @@ static int vmx_restore_vmx_ept_vpid_cap(
return 0;
}
-static int vmx_restore_fixed0_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data)
+static u64 *vmx_get_fixed0_msr(struct nested_vmx_msrs *msrs, u32 msr_index)
{
- u64 *msr;
-
switch (msr_index) {
case MSR_IA32_VMX_CR0_FIXED0:
- msr = &vmx->nested.msrs.cr0_fixed0;
- break;
+ return &msrs->cr0_fixed0;
case MSR_IA32_VMX_CR4_FIXED0:
- msr = &vmx->nested.msrs.cr4_fixed0;
- break;
+ return &msrs->cr4_fixed0;
default:
BUG();
}
+}
+
+static int vmx_restore_fixed0_msr(struct vcpu_vmx *vmx, u32 msr_index, u64 data)
+{
+ const u64 *msr = vmx_get_fixed0_msr(&vmcs_config.nested, msr_index);
/*
* 1 bits (which indicates bits which "must-be-1" during VMX operation)
@@ -1204,7 +1208,7 @@ static int vmx_restore_fixed0_msr(struct
if (!is_bitwise_subset(data, *msr, -1ULL))
return -EINVAL;
- *msr = data;
+ *vmx_get_fixed0_msr(&vmx->nested.msrs, msr_index) = data;
return 0;
}
@@ -1265,7 +1269,7 @@ int vmx_set_vmx_msr(struct kvm_vcpu *vcp
vmx->nested.msrs.vmcs_enum = data;
return 0;
case MSR_IA32_VMX_VMFUNC:
- if (data & ~vmx->nested.msrs.vmfunc_controls)
+ if (data & ~vmcs_config.nested.vmfunc_controls)
return -EINVAL;
vmx->nested.msrs.vmfunc_controls = data;
return 0;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 016/389] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 015/389] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 017/389] KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP Greg Kroah-Hartman
` (377 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+760a73552f47a8cd0fd9,
Tetsuo Handa, Hou Wenlong, Sean Christopherson, Maxim Levitsky
From: Sean Christopherson <seanjc@google.com>
commit ec6e4d863258d4bfb36d48d5e3ef68140234d688 upstream.
Wait to mark the TSS as busy during LTR emulation until after all fault
checks for the LTR have passed. Specifically, don't mark the TSS busy if
the new TSS base is non-canonical.
Opportunistically drop the one-off !seg_desc.PRESENT check for TR as the
only reason for the early check was to avoid marking a !PRESENT TSS as
busy, i.e. the common !PRESENT is now done before setting the busy bit.
Fixes: e37a75a13cda ("KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR")
Reported-by: syzbot+760a73552f47a8cd0fd9@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Hou Wenlong <houwenlong.hwl@antgroup.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220711232750.1092012-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1753,16 +1753,6 @@ static int __load_segment_descriptor(str
case VCPU_SREG_TR:
if (seg_desc.s || (seg_desc.type != 1 && seg_desc.type != 9))
goto exception;
- if (!seg_desc.p) {
- err_vec = NP_VECTOR;
- goto exception;
- }
- old_desc = seg_desc;
- seg_desc.type |= 2; /* busy */
- ret = ctxt->ops->cmpxchg_emulated(ctxt, desc_addr, &old_desc, &seg_desc,
- sizeof(seg_desc), &ctxt->exception);
- if (ret != X86EMUL_CONTINUE)
- return ret;
break;
case VCPU_SREG_LDTR:
if (seg_desc.s || seg_desc.type != 2)
@@ -1803,6 +1793,15 @@ static int __load_segment_descriptor(str
((u64)base3 << 32), ctxt))
return emulate_gp(ctxt, 0);
}
+
+ if (seg == VCPU_SREG_TR) {
+ old_desc = seg_desc;
+ seg_desc.type |= 2; /* busy */
+ ret = ctxt->ops->cmpxchg_emulated(ctxt, desc_addr, &old_desc, &seg_desc,
+ sizeof(seg_desc), &ctxt->exception);
+ if (ret != X86EMUL_CONTINUE)
+ return ret;
+ }
load:
ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg);
if (desc)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 017/389] KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 016/389] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 018/389] mm/mremap: hold the rmap lock in write mode when moving page table entries Greg Kroah-Hartman
` (376 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Christopherson, Maxim Levitsky
From: Sean Christopherson <seanjc@google.com>
commit 2626206963ace9e8bf92b6eea5ff78dd674c555c upstream.
When injecting a #GP on LLDT/LTR due to a non-canonical LDT/TSS base, set
the error code to the selector. Intel SDM's says nothing about the #GP,
but AMD's APM explicitly states that both LLDT and LTR set the error code
to the selector, not zero.
Note, a non-canonical memory operand on LLDT/LTR does generate a #GP(0),
but the KVM code in question is specific to the base from the descriptor.
Fixes: e37a75a13cda ("KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Link: https://lore.kernel.org/r/20220711232750.1092012-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/emulate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -1790,8 +1790,8 @@ static int __load_segment_descriptor(str
if (ret != X86EMUL_CONTINUE)
return ret;
if (emul_is_noncanonical_address(get_desc_base(&seg_desc) |
- ((u64)base3 << 32), ctxt))
- return emulate_gp(ctxt, 0);
+ ((u64)base3 << 32), ctxt))
+ return emulate_gp(ctxt, err_code);
}
if (seg == VCPU_SREG_TR) {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 018/389] mm/mremap: hold the rmap lock in write mode when moving page table entries.
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 017/389] KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 019/389] ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model Greg Kroah-Hartman
` (375 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aneesh Kumar K.V, Hugh Dickins,
Kirill A. Shutemov, Christophe Leroy, Joel Fernandes,
Kalesh Singh, Kirill A. Shutemov, Michael Ellerman,
Nicholas Piggin, Stephen Rothwell, Andrew Morton, Linus Torvalds,
Jann Horn
From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
commit 97113eb39fa7972722ff490b947d8af023e1f6a2 upstream.
To avoid a race between rmap walk and mremap, mremap does
take_rmap_locks(). The lock was taken to ensure that rmap walk don't miss
a page table entry due to PTE moves via move_pagetables(). The kernel
does further optimization of this lock such that if we are going to find
the newly added vma after the old vma, the rmap lock is not taken. This
is because rmap walk would find the vmas in the same order and if we don't
find the page table attached to older vma we would find it with the new
vma which we would iterate later.
As explained in commit eb66ae030829 ("mremap: properly flush TLB before
releasing the page") mremap is special in that it doesn't take ownership
of the page. The optimized version for PUD/PMD aligned mremap also
doesn't hold the ptl lock. This can result in stale TLB entries as show
below.
This patch updates the rmap locking requirement in mremap to handle the race condition
explained below with optimized mremap::
Optmized PMD move
CPU 1 CPU 2 CPU 3
mremap(old_addr, new_addr) page_shrinker/try_to_unmap_one
mmap_write_lock_killable()
addr = old_addr
lock(pte_ptl)
lock(pmd_ptl)
pmd = *old_pmd
pmd_clear(old_pmd)
flush_tlb_range(old_addr)
*new_pmd = pmd
*new_addr = 10; and fills
TLB with new addr
and old pfn
unlock(pmd_ptl)
ptep_clear_flush()
old pfn is free.
Stale TLB entry
Optimized PUD move also suffers from a similar race. Both the above race
condition can be fixed if we force mremap path to take rmap lock.
Link: https://lkml.kernel.org/r/20210616045239.370802-7-aneesh.kumar@linux.ibm.com
Fixes: 2c91bd4a4e2e ("mm: speed up mremap by 20x on large regions")
Fixes: c49dd3401802 ("mm: speedup mremap on 1GB or larger regions")
Link: https://lore.kernel.org/linux-mm/CAHk-=wgXVR04eBNtxQfevontWnP6FDm+oj5vauQXP3S-huwbPw@mail.gmail.com
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Joel Fernandes <joel@joelfernandes.org>
Cc: Kalesh Singh <kaleshsingh@google.com>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[patch rewritten for backport since the code was refactored since]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mremap.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -293,12 +293,10 @@ unsigned long move_page_tables(struct vm
*/
bool moved;
- if (need_rmap_locks)
- take_rmap_locks(vma);
+ take_rmap_locks(vma);
moved = move_normal_pmd(vma, old_addr, new_addr,
old_end, old_pmd, new_pmd);
- if (need_rmap_locks)
- drop_rmap_locks(vma);
+ drop_rmap_locks(vma);
if (moved)
continue;
#endif
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 019/389] ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 018/389] mm/mremap: hold the rmap lock in write mode when moving page table entries Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 020/389] ALSA: hda/cirrus - support for iMac 12,1 model Greg Kroah-Hartman
` (374 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Meng Tang, Takashi Iwai
From: Meng Tang <tangmeng@uniontech.com>
commit f83bb2592482fe94c6eea07a8121763c80f36ce5 upstream.
There is another LENOVO 20149 (Type1Sku0) Notebook model with
CX20590, the device PCI SSID is 17aa:3977, which headphones are
not responding, that requires the quirk CXT_PINCFG_LENOVO_NOTEBOOK.
Add the corresponding entry to the quirk table.
Signed-off-by: Meng Tang <tangmeng@uniontech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220808073406.19460-1-tangmeng@uniontech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_conexant.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -197,6 +197,7 @@ enum {
CXT_PINCFG_LEMOTE_A1205,
CXT_PINCFG_COMPAQ_CQ60,
CXT_FIXUP_STEREO_DMIC,
+ CXT_PINCFG_LENOVO_NOTEBOOK,
CXT_FIXUP_INC_MIC_BOOST,
CXT_FIXUP_HEADPHONE_MIC_PIN,
CXT_FIXUP_HEADPHONE_MIC,
@@ -737,6 +738,14 @@ static const struct hda_fixup cxt_fixups
.type = HDA_FIXUP_FUNC,
.v.func = cxt_fixup_stereo_dmic,
},
+ [CXT_PINCFG_LENOVO_NOTEBOOK] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x1a, 0x05d71030 },
+ { }
+ },
+ .chain_id = CXT_FIXUP_STEREO_DMIC,
+ },
[CXT_FIXUP_INC_MIC_BOOST] = {
.type = HDA_FIXUP_FUNC,
.v.func = cxt5066_increase_mic_boost,
@@ -930,7 +939,7 @@ static const struct snd_pci_quirk cxt506
SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC),
- SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC),
+ SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_PINCFG_LENOVO_NOTEBOOK),
SND_PCI_QUIRK(0x17aa, 0x3978, "Lenovo G50-70", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK(0x17aa, 0x397b, "Lenovo S205", CXT_FIXUP_STEREO_DMIC),
SND_PCI_QUIRK_VENDOR(0x17aa, "Thinkpad", CXT_FIXUP_THINKPAD_ACPI),
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 020/389] ALSA: hda/cirrus - support for iMac 12,1 model
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 019/389] ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 021/389] ALSA: hda/realtek: Add quirk for another Asus K42JZ model Greg Kroah-Hartman
` (373 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Allen Ballway, Takashi Iwai
From: Allen Ballway <ballway@chromium.org>
commit 74bba640d69914cf832b87f6bbb700e5ba430672 upstream.
The 12,1 model requires the same configuration as the 12,2 model
to enable headphones but has a different codec SSID. Adds
12,1 SSID for matching quirk.
[ re-sorted in SSID order by tiwai ]
Signed-off-by: Allen Ballway <ballway@chromium.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220810152701.1.I902c2e591bbf8de9acb649d1322fa1f291849266@changeid
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_cirrus.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_cirrus.c
+++ b/sound/pci/hda/patch_cirrus.c
@@ -396,6 +396,7 @@ static const struct snd_pci_quirk cs420x
/* codec SSID */
SND_PCI_QUIRK(0x106b, 0x0600, "iMac 14,1", CS420X_IMAC27_122),
+ SND_PCI_QUIRK(0x106b, 0x0900, "iMac 12,1", CS420X_IMAC27_122),
SND_PCI_QUIRK(0x106b, 0x1c00, "MacBookPro 8,1", CS420X_MBP81),
SND_PCI_QUIRK(0x106b, 0x2000, "iMac 12,2", CS420X_IMAC27_122),
SND_PCI_QUIRK(0x106b, 0x2800, "MacBookPro 10,1", CS420X_MBP101),
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 021/389] ALSA: hda/realtek: Add quirk for another Asus K42JZ model
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 020/389] ALSA: hda/cirrus - support for iMac 12,1 model Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 022/389] tty: vt: initialize unicode screen buffer Greg Kroah-Hartman
` (372 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Meng Tang, Takashi Iwai
From: Meng Tang <tangmeng@uniontech.com>
commit f882c4bef9cb914d9f7be171afb10ed26536bfa7 upstream.
There is another Asus K42JZ model with the PCI SSID 1043:1313
that requires the quirk ALC269VB_FIXUP_ASUS_MIC_NO_PRESENCE.
Add the corresponding entry to the quirk table.
Signed-off-by: Meng Tang <tangmeng@uniontech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220805074534.20003-1-tangmeng@uniontech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -6370,6 +6370,7 @@ enum {
ALC269_FIXUP_LIMIT_INT_MIC_BOOST,
ALC269VB_FIXUP_ASUS_ZENBOOK,
ALC269VB_FIXUP_ASUS_ZENBOOK_UX31A,
+ ALC269VB_FIXUP_ASUS_MIC_NO_PRESENCE,
ALC269_FIXUP_LIMIT_INT_MIC_BOOST_MUTE_LED,
ALC269VB_FIXUP_ORDISSIMO_EVE2,
ALC283_FIXUP_CHROME_BOOK,
@@ -6901,6 +6902,15 @@ static const struct hda_fixup alc269_fix
.chained = true,
.chain_id = ALC269VB_FIXUP_ASUS_ZENBOOK,
},
+ [ALC269VB_FIXUP_ASUS_MIC_NO_PRESENCE] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x18, 0x01a110f0 }, /* use as headset mic */
+ { }
+ },
+ .chained = true,
+ .chain_id = ALC269_FIXUP_HEADSET_MIC
+ },
[ALC269_FIXUP_LIMIT_INT_MIC_BOOST_MUTE_LED] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc269_fixup_limit_int_mic_boost,
@@ -8215,6 +8225,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1043, 0x12a0, "ASUS X441UV", ALC233_FIXUP_EAPD_COEF_AND_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1043, 0x12e0, "ASUS X541SA", ALC256_FIXUP_ASUS_MIC),
SND_PCI_QUIRK(0x1043, 0x12f0, "ASUS X541UV", ALC256_FIXUP_ASUS_MIC),
+ SND_PCI_QUIRK(0x1043, 0x1313, "Asus K42JZ", ALC269VB_FIXUP_ASUS_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1043, 0x13b0, "ASUS Z550SA", ALC256_FIXUP_ASUS_MIC),
SND_PCI_QUIRK(0x1043, 0x1427, "Asus Zenbook UX31E", ALC269VB_FIXUP_ASUS_ZENBOOK),
SND_PCI_QUIRK(0x1043, 0x1517, "Asus Zenbook UX31A", ALC269VB_FIXUP_ASUS_ZENBOOK_UX31A),
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 022/389] tty: vt: initialize unicode screen buffer
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 021/389] ALSA: hda/realtek: Add quirk for another Asus K42JZ model Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 023/389] vfs: Check the truncate maximum size in inode_newsize_ok() Greg Kroah-Hartman
` (371 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, syzbot, Jiri Slaby, Tetsuo Handa
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
commit af77c56aa35325daa2bc2bed5c2ebf169be61b86 upstream.
syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read
immediately after resize operation. Initialize buffer using kzalloc().
----------
#include <fcntl.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <linux/fb.h>
int main(int argc, char *argv[])
{
struct fb_var_screeninfo var = { };
const int fb_fd = open("/dev/fb0", 3);
ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);
var.yres = 0x21;
ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);
return read(open("/dev/vcsu", O_RDONLY), &var, sizeof(var)) == -1;
}
----------
Link: https://syzkaller.appspot.com/bug?extid=31a641689d43387f05d3 [1]
Cc: stable <stable@vger.kernel.org>
Reported-by: syzbot <syzbot+31a641689d43387f05d3@syzkaller.appspotmail.com>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/4ef053cf-e796-fb5e-58b7-3ae58242a4ad@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/vt/vt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -351,7 +351,7 @@ static struct uni_screen *vc_uniscr_allo
/* allocate everything in one go */
memsize = cols * rows * sizeof(char32_t);
memsize += rows * sizeof(char32_t *);
- p = vmalloc(memsize);
+ p = vzalloc(memsize);
if (!p)
return NULL;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 023/389] vfs: Check the truncate maximum size in inode_newsize_ok()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 022/389] tty: vt: initialize unicode screen buffer Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 024/389] fs: Add missing umask strip in vfs_tmpfile Greg Kroah-Hartman
` (370 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Jeff Layton,
Namjae Jeon, stable, Alexander Viro, Steve French, Hyunchul Lee,
Chuck Lever, Dave Wysochanski, Linus Torvalds
From: David Howells <dhowells@redhat.com>
commit e2ebff9c57fe4eb104ce4768f6ebcccf76bef849 upstream.
If something manages to set the maximum file size to MAX_OFFSET+1, this
can cause the xfs and ext4 filesystems at least to become corrupt.
Ordinarily, the kernel protects against userspace trying this by
checking the value early in the truncate() and ftruncate() system calls
calls - but there are at least two places that this check is bypassed:
(1) Cachefiles will round up the EOF of the backing file to DIO block
size so as to allow DIO on the final block - but this might push
the offset negative. It then calls notify_change(), but this
inadvertently bypasses the checking. This can be triggered if
someone puts an 8EiB-1 file on a server for someone else to try and
access by, say, nfs.
(2) ksmbd doesn't check the value it is given in set_end_of_file_info()
and then calls vfs_truncate() directly - which also bypasses the
check.
In both cases, it is potentially possible for a network filesystem to
cause a disk filesystem to be corrupted: cachefiles in the client's
cache filesystem; ksmbd in the server's filesystem.
nfsd is okay as it checks the value, but we can then remove this check
too.
Fix this by adding a check to inode_newsize_ok(), as called from
setattr_prepare(), thereby catching the issue as filesystems set up to
perform the truncate with minimal opportunity for bypassing the new
check.
Fixes: 1f08c925e7a3 ("cachefiles: Implement backing file wrangling")
Fixes: f44158485826 ("cifsd: add file operations")
Signed-off-by: David Howells <dhowells@redhat.com>
Reported-by: Jeff Layton <jlayton@kernel.org>
Tested-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Cc: stable@kernel.org
Acked-by: Alexander Viro <viro@zeniv.linux.org.uk>
cc: Steve French <sfrench@samba.org>
cc: Hyunchul Lee <hyc.lee@gmail.com>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/attr.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -134,6 +134,8 @@ EXPORT_SYMBOL(setattr_prepare);
*/
int inode_newsize_ok(const struct inode *inode, loff_t offset)
{
+ if (offset < 0)
+ return -EINVAL;
if (inode->i_size < offset) {
unsigned long limit;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 024/389] fs: Add missing umask strip in vfs_tmpfile
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 023/389] vfs: Check the truncate maximum size in inode_newsize_ok() Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 025/389] thermal: sysfs: Fix cooling_device_stats_setup() error code path Greg Kroah-Hartman
` (369 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Brauner (Microsoft),
Darrick J. Wong, Yang Xu, Jeff Layton
From: Yang Xu <xuyang2018.jy@fujitsu.com>
commit ac6800e279a22b28f4fc21439843025a0d5bf03e upstream.
All creation paths except for O_TMPFILE handle umask in the vfs directly
if the filesystem doesn't support or enable POSIX ACLs. If the filesystem
does then umask handling is deferred until posix_acl_create().
Because, O_TMPFILE misses umask handling in the vfs it will not honor
umask settings. Fix this by adding the missing umask handling.
Link: https://lore.kernel.org/r/1657779088-2242-2-git-send-email-xuyang2018.jy@fujitsu.com
Fixes: 60545d0d4610 ("[O_TMPFILE] it's still short a few helpers, but infrastructure should be OK now...")
Cc: <stable@vger.kernel.org> # 4.19+
Reported-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-and-Tested-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namei.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3443,6 +3443,8 @@ struct dentry *vfs_tmpfile(struct dentry
child = d_alloc(dentry, &slash_name);
if (unlikely(!child))
goto out_err;
+ if (!IS_POSIXACL(dir))
+ mode &= ~current_umask();
error = dir->i_op->tmpfile(dir, child, mode);
if (error)
goto out_err;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 025/389] thermal: sysfs: Fix cooling_device_stats_setup() error code path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 024/389] fs: Add missing umask strip in vfs_tmpfile Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 026/389] fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters Greg Kroah-Hartman
` (368 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Di Shen, Rafael J. Wysocki
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit d5a8aa5d7d80d21ab6b266f1bed4194b61746199 upstream.
If cooling_device_stats_setup() fails to create the stats object, it
must clear the last slot in cooling_device_attr_groups that was
initially empty (so as to make it possible to add stats attributes to
the cooling device attribute groups).
Failing to do so may cause the stats attributes to be created by
mistake for a device that doesn't have a stats object, because the
slot in question might be populated previously during the registration
of another cooling device.
Fixes: 8ea229511e06 ("thermal: Add cooling device's statistics in sysfs")
Reported-by: Di Shen <di.shen@unisoc.com>
Tested-by: Di Shen <di.shen@unisoc.com>
Cc: 4.17+ <stable@vger.kernel.org> # 4.17+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/thermal_sysfs.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/drivers/thermal/thermal_sysfs.c
+++ b/drivers/thermal/thermal_sysfs.c
@@ -909,12 +909,13 @@ static const struct attribute_group cool
static void cooling_device_stats_setup(struct thermal_cooling_device *cdev)
{
+ const struct attribute_group *stats_attr_group = NULL;
struct cooling_dev_stats *stats;
unsigned long states;
int var;
if (cdev->ops->get_max_state(cdev, &states))
- return;
+ goto out;
states++; /* Total number of states is highest state + 1 */
@@ -924,7 +925,7 @@ static void cooling_device_stats_setup(s
stats = kzalloc(var, GFP_KERNEL);
if (!stats)
- return;
+ goto out;
stats->time_in_state = (ktime_t *)(stats + 1);
stats->trans_table = (unsigned int *)(stats->time_in_state + states);
@@ -934,9 +935,12 @@ static void cooling_device_stats_setup(s
spin_lock_init(&stats->lock);
+ stats_attr_group = &cooling_device_stats_attr_group;
+
+out:
/* Fill the empty slot left in cooling_device_attr_groups */
var = ARRAY_SIZE(cooling_device_attr_groups) - 2;
- cooling_device_attr_groups[var] = &cooling_device_stats_attr_group;
+ cooling_device_attr_groups[var] = stats_attr_group;
}
static void cooling_device_stats_destroy(struct thermal_cooling_device *cdev)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 026/389] fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 025/389] thermal: sysfs: Fix cooling_device_stats_setup() error code path Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 027/389] usbnet: Fix linkwatch use-after-free on disconnect Greg Kroah-Hartman
` (367 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Vetter, Helge Deller
From: Helge Deller <deller@gmx.de>
commit cad564ca557f8d3bb3b1fa965d9a2b3f6490ec69 upstream.
The user may use the fbcon=vc:<n1>-<n2> option to tell fbcon to take
over the given range (n1...n2) of consoles. The value for n1 and n2
needs to be a positive number and up to (MAX_NR_CONSOLES - 1).
The given values were not fully checked against those boundaries yet.
To fix the issue, convert first_fb_vc and last_fb_vc to unsigned
integers and check them against the upper boundary, and make sure that
first_fb_vc is smaller than last_fb_vc.
Cc: stable@vger.kernel.org # v4.19+
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Helge Deller <deller@gmx.de>
Link: https://patchwork.freedesktop.org/patch/msgid/YpkYRMojilrtZIgM@p100
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/core/fbcon.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -123,8 +123,8 @@ static int logo_lines;
enums. */
static int logo_shown = FBCON_LOGO_CANSHOW;
/* console mappings */
-static int first_fb_vc;
-static int last_fb_vc = MAX_NR_CONSOLES - 1;
+static unsigned int first_fb_vc;
+static unsigned int last_fb_vc = MAX_NR_CONSOLES - 1;
static int fbcon_is_default = 1;
static int primary_device = -1;
static int fbcon_has_console_bind;
@@ -474,10 +474,12 @@ static int __init fb_console_setup(char
options += 3;
if (*options)
first_fb_vc = simple_strtoul(options, &options, 10) - 1;
- if (first_fb_vc < 0)
+ if (first_fb_vc >= MAX_NR_CONSOLES)
first_fb_vc = 0;
if (*options++ == '-')
last_fb_vc = simple_strtoul(options, &options, 10) - 1;
+ if (last_fb_vc < first_fb_vc || last_fb_vc >= MAX_NR_CONSOLES)
+ last_fb_vc = MAX_NR_CONSOLES - 1;
fbcon_is_default = 0;
continue;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 027/389] usbnet: Fix linkwatch use-after-free on disconnect
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 026/389] fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 028/389] ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() Greg Kroah-Hartman
` (366 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jann Horn, Oleksij Rempel,
Lukas Wunner, Oliver Neukum, Jakub Kicinski
From: Lukas Wunner <lukas@wunner.de>
commit a69e617e533edddf3fa3123149900f36e0a6dc74 upstream.
usbnet uses the work usbnet_deferred_kevent() to perform tasks which may
sleep. On disconnect, completion of the work was originally awaited in
->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic
commit "[PATCH] USB: usbnet, prevent exotic rtnl deadlock":
https://git.kernel.org/tglx/history/c/0f138bbfd83c
The change was made because back then, the kernel's workqueue
implementation did not allow waiting for a single work. One had to wait
for completion of *all* work by calling flush_scheduled_work(), and that
could deadlock when waiting for usbnet_deferred_kevent() with rtnl_mutex
held in ->ndo_stop().
The commit solved one problem but created another: It causes a
use-after-free in USB Ethernet drivers aqc111.c, asix_devices.c,
ax88179_178a.c, ch9200.c and smsc75xx.c:
* If the drivers receive a link change interrupt immediately before
disconnect, they raise EVENT_LINK_RESET in their (non-sleepable)
->status() callback and schedule usbnet_deferred_kevent().
* usbnet_deferred_kevent() invokes the driver's ->link_reset() callback,
which calls netif_carrier_{on,off}().
* That in turn schedules the work linkwatch_event().
Because usbnet_deferred_kevent() is awaited after unregister_netdev(),
netif_carrier_{on,off}() may operate on an unregistered netdev and
linkwatch_event() may run after free_netdev(), causing a use-after-free.
In 2010, usbnet was changed to only wait for a single instance of
usbnet_deferred_kevent() instead of *all* work by commit 23f333a2bfaf
("drivers/net: don't use flush_scheduled_work()").
Unfortunately the commit neglected to move the wait back to
->ndo_stop(). Rectify that omission at long last.
Reported-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/netdev/CAG48ez0MHBbENX5gCdHAUXZ7h7s20LnepBF-pa5M=7Bi-jZrEA@mail.gmail.com/
Reported-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/netdev/20220315113841.GA22337@pengutronix.de/
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org
Acked-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/d1c87ebe9fc502bffcd1576e238d685ad08321e4.1655987888.git.lukas@wunner.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/usbnet.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -833,13 +833,11 @@ int usbnet_stop (struct net_device *net)
mpn = !test_and_clear_bit(EVENT_NO_RUNTIME_PM, &dev->flags);
- /* deferred work (task, timer, softirq) must also stop.
- * can't flush_scheduled_work() until we drop rtnl (later),
- * else workers could deadlock; so make workers a NOP.
- */
+ /* deferred work (timer, softirq, task) must also stop */
dev->flags = 0;
del_timer_sync (&dev->delay);
tasklet_kill (&dev->bh);
+ cancel_work_sync(&dev->kevent);
if (!pm)
usb_autopm_put_interface(dev->intf);
@@ -1603,8 +1601,6 @@ void usbnet_disconnect (struct usb_inter
net = dev->net;
unregister_netdev (net);
- cancel_work_sync(&dev->kevent);
-
usb_scuttle_anchored_urbs(&dev->deferred);
if (dev->driver_info->unbind)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 028/389] ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 027/389] usbnet: Fix linkwatch use-after-free on disconnect Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 029/389] parisc: Fix device names in /proc/iomem Greg Kroah-Hartman
` (365 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hongbo Yin, Jiachen Zhang,
Tianci Zhang, Miklos Szeredi
From: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
commit dd524b7f317de8d31d638cbfdc7be4cf9b770e42 upstream.
Some code paths cannot guarantee the inode have any dentry alias. So
WARN_ON() all !dentry may flood the kernel logs.
For example, when an overlayfs inode is watched by inotifywait (1), and
someone is trying to read the /proc/$(pidof inotifywait)/fdinfo/INOTIFY_FD,
at that time if the dentry has been reclaimed by kernel (such as
echo 2 > /proc/sys/vm/drop_caches), there will be a WARN_ON(). The
printed call stack would be like:
? show_mark_fhandle+0xf0/0xf0
show_mark_fhandle+0x4a/0xf0
? show_mark_fhandle+0xf0/0xf0
? seq_vprintf+0x30/0x50
? seq_printf+0x53/0x70
? show_mark_fhandle+0xf0/0xf0
inotify_fdinfo+0x70/0x90
show_fdinfo.isra.4+0x53/0x70
seq_show+0x130/0x170
seq_read+0x153/0x440
vfs_read+0x94/0x150
ksys_read+0x5f/0xe0
do_syscall_64+0x59/0x1e0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
So let's drop WARN_ON() to avoid kernel log flooding.
Reported-by: Hongbo Yin <yinhongbo@bytedance.com>
Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
Signed-off-by: Tianci Zhang <zhangtianci.1997@bytedance.com>
Fixes: 8ed5eec9d6c4 ("ovl: encode pure upper file handles")
Cc: <stable@vger.kernel.org> # v4.16
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/overlayfs/export.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/overlayfs/export.c
+++ b/fs/overlayfs/export.c
@@ -274,7 +274,7 @@ static int ovl_encode_fh(struct inode *i
return FILEID_INVALID;
dentry = d_find_any_alias(inode);
- if (WARN_ON(!dentry))
+ if (!dentry)
return FILEID_INVALID;
type = ovl_dentry_to_fh(dentry, fid, max_len);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 029/389] parisc: Fix device names in /proc/iomem
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 028/389] ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 030/389] parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode Greg Kroah-Hartman
` (364 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit cab56b51ec0e69128909cef4650e1907248d821b upstream.
Fix the output of /proc/iomem to show the real hardware device name
including the pa_pathname, e.g. "Merlin 160 Core Centronics [8:16:0]".
Up to now only the pa_pathname ("[8:16.0]") was shown.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/drivers.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
--- a/arch/parisc/kernel/drivers.c
+++ b/arch/parisc/kernel/drivers.c
@@ -520,7 +520,6 @@ alloc_pa_dev(unsigned long hpa, struct h
dev->id.hversion_rev = iodc_data[1] & 0x0f;
dev->id.sversion = ((iodc_data[4] & 0x0f) << 16) |
(iodc_data[5] << 8) | iodc_data[6];
- dev->hpa.name = parisc_pathname(dev);
dev->hpa.start = hpa;
/* This is awkward. The STI spec says that gfx devices may occupy
* 32MB or 64MB. Unfortunately, we don't know how to tell whether
@@ -534,10 +533,10 @@ alloc_pa_dev(unsigned long hpa, struct h
dev->hpa.end = hpa + 0xfff;
}
dev->hpa.flags = IORESOURCE_MEM;
- name = parisc_hardware_description(&dev->id);
- if (name) {
- strlcpy(dev->name, name, sizeof(dev->name));
- }
+ dev->hpa.name = dev->name;
+ name = parisc_hardware_description(&dev->id) ? : "unknown";
+ snprintf(dev->name, sizeof(dev->name), "%s [%s]",
+ name, parisc_pathname(dev));
/* Silently fail things like mouse ports which are subsumed within
* the keyboard controller
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 030/389] parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 029/389] parisc: Fix device names in /proc/iomem Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 031/389] drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error Greg Kroah-Hartman
` (363 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
From: Helge Deller <deller@gmx.de>
commit 6431e92fc827bdd2d28f79150d90415ba9ce0d21 upstream.
For all syscalls in 32-bit compat mode on 64-bit kernels the upper
32-bits of the 64-bit registers are zeroed out, so a negative 32-bit
signed value will show up as positive 64-bit signed value.
This behaviour breaks the io_pgetevents_time64() syscall which expects
signed 64-bit values for the "min_nr" and "nr" parameters.
Fix this by switching to the compat_sys_io_pgetevents_time64() syscall,
which uses "compat_long_t" types for those parameters.
Cc: <stable@vger.kernel.org> # v5.1+
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/syscalls/syscall.tbl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/parisc/kernel/syscalls/syscall.tbl
+++ b/arch/parisc/kernel/syscalls/syscall.tbl
@@ -413,7 +413,7 @@
412 32 utimensat_time64 sys_utimensat sys_utimensat
413 32 pselect6_time64 sys_pselect6 compat_sys_pselect6_time64
414 32 ppoll_time64 sys_ppoll compat_sys_ppoll_time64
-416 32 io_pgetevents_time64 sys_io_pgetevents sys_io_pgetevents
+416 32 io_pgetevents_time64 sys_io_pgetevents compat_sys_io_pgetevents_time64
417 32 recvmmsg_time64 sys_recvmmsg compat_sys_recvmmsg_time64
418 32 mq_timedsend_time64 sys_mq_timedsend sys_mq_timedsend
419 32 mq_timedreceive_time64 sys_mq_timedreceive sys_mq_timedreceive
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 031/389] drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 030/389] parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 032/389] drm/nouveau: fix another off-by-one in nvbios_addr Greg Kroah-Hartman
` (362 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Hellström,
Christian König, Dmitry Osipenko, Daniel Vetter
From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
commit 2939deac1fa220bc82b89235f146df1d9b52e876 upstream.
Use ww_acquire_fini() in the error code paths. Otherwise lockdep
thinks that lock is held when lock's memory is freed after the
drm_gem_lock_reservations() error. The ww_acquire_context needs to be
annotated as "released", which fixes the noisy "WARNING: held lock freed!"
splat of VirtIO-GPU driver with CONFIG_DEBUG_MUTEXES=y and enabled lockdep.
Cc: stable@vger.kernel.org
Fixes: 7edc3e3b975b5 ("drm: Add helpers for locking an array of BO reservations.")
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20220630200405.1883897-2-dmitry.osipenko@collabora.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_gem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/drm_gem.c
+++ b/drivers/gpu/drm/drm_gem.c
@@ -1292,7 +1292,7 @@ retry:
ret = dma_resv_lock_slow_interruptible(obj->resv,
acquire_ctx);
if (ret) {
- ww_acquire_done(acquire_ctx);
+ ww_acquire_fini(acquire_ctx);
return ret;
}
}
@@ -1317,7 +1317,7 @@ retry:
goto retry;
}
- ww_acquire_done(acquire_ctx);
+ ww_acquire_fini(acquire_ctx);
return ret;
}
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 032/389] drm/nouveau: fix another off-by-one in nvbios_addr
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 031/389] drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 033/389] drm/amdgpu: Check BOs requested pinning domains against its preferred_domains Greg Kroah-Hartman
` (361 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Timur Tabi, Karol Herbst, Lyude Paul
From: Timur Tabi <ttabi@nvidia.com>
commit c441d28945fb113220d48d6c86ebc0b090a2b677 upstream.
This check determines whether a given address is part of
image 0 or image 1. Image 1 starts at offset image0_size,
so that address should be included.
Fixes: 4d4e9907ff572 ("drm/nouveau/bios: guard against out-of-bounds accesses to image")
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Timur Tabi <ttabi@nvidia.com>
Reviewed-by: Karol Herbst <kherbst@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220511163716.3520591-1-ttabi@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c
@@ -33,7 +33,7 @@ nvbios_addr(struct nvkm_bios *bios, u32
{
u32 p = *addr;
- if (*addr > bios->image0_size && bios->imaged_addr) {
+ if (*addr >= bios->image0_size && bios->imaged_addr) {
*addr -= bios->image0_size;
*addr += bios->imaged_addr;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 033/389] drm/amdgpu: Check BOs requested pinning domains against its preferred_domains
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 032/389] drm/nouveau: fix another off-by-one in nvbios_addr Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 034/389] iio: light: isl29028: Fix the warning in isl29028_remove() Greg Kroah-Hartman
` (360 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leo Li, Alex Deucher, Christian König
From: Leo Li <sunpeng.li@amd.com>
commit f5ba14043621f4afdf3ad5f92ee2d8dbebbe4340 upstream.
When pinning a buffer, we should check to see if there are any
additional restrictions imposed by bo->preferred_domains. This will
prevent the BO from being moved to an invalid domain when pinning.
For example, this can happen if the user requests to create a BO in GTT
domain for display scanout. amdgpu_dm will allow pinning to either VRAM
or GTT domains, since DCN can scanout from either or. However, in
amdgpu_bo_pin_restricted(), pinning to VRAM is preferred if there is
adequate carveout. This can lead to pinning to VRAM despite the user
requesting GTT placement for the BO.
v2: Allow the kernel to override the domain, which can happen when
exporting a BO to a V4L camera (for example).
Signed-off-by: Leo Li <sunpeng.li@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
@@ -892,6 +892,10 @@ int amdgpu_bo_pin_restricted(struct amdg
if (WARN_ON_ONCE(min_offset > max_offset))
return -EINVAL;
+ /* Check domain to be pinned to against preferred domains */
+ if (bo->preferred_domains & domain)
+ domain = bo->preferred_domains & domain;
+
/* A shared bo cannot be migrated to VRAM */
if (bo->prime_shared_count) {
if (domain & AMDGPU_GEM_DOMAIN_GTT)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 034/389] iio: light: isl29028: Fix the warning in isl29028_remove()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 033/389] drm/amdgpu: Check BOs requested pinning domains against its preferred_domains Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 035/389] fuse: limit nsec Greg Kroah-Hartman
` (359 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Stable, Jonathan Cameron
From: Zheyu Ma <zheyuma97@gmail.com>
commit 06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad upstream.
The driver use the non-managed form of the register function in
isl29028_remove(). To keep the release order as mirroring the ordering
in probe, the driver should use non-managed form in probe, too.
The following log reveals it:
[ 32.374955] isl29028 0-0010: remove
[ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI
[ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0
[ 32.385461] Call Trace:
[ 32.385807] sysfs_unmerge_group+0x59/0x110
[ 32.386110] dpm_sysfs_remove+0x58/0xc0
[ 32.386391] device_del+0x296/0xe50
[ 32.386959] cdev_device_del+0x1d/0xd0
[ 32.387231] devm_iio_device_unreg+0x27/0xb0
[ 32.387542] devres_release_group+0x319/0x3d0
[ 32.388162] i2c_device_remove+0x93/0x1f0
Fixes: 2db5054ac28d ("staging: iio: isl29028: add runtime power management support")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Link: https://lore.kernel.org/r/20220717004241.2281028-1-zheyuma97@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/light/isl29028.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/light/isl29028.c
+++ b/drivers/iio/light/isl29028.c
@@ -628,7 +628,7 @@ static int isl29028_probe(struct i2c_cli
ISL29028_POWER_OFF_DELAY_MS);
pm_runtime_use_autosuspend(&client->dev);
- ret = devm_iio_device_register(indio_dev->dev.parent, indio_dev);
+ ret = iio_device_register(indio_dev);
if (ret < 0) {
dev_err(&client->dev,
"%s(): iio registration failed with error %d\n",
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 035/389] fuse: limit nsec
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 034/389] iio: light: isl29028: Fix the warning in isl29028_remove() Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 036/389] serial: mvebu-uart: uart2 error bits clearing Greg Kroah-Hartman
` (358 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miklos Szeredi
From: Miklos Szeredi <mszeredi@redhat.com>
commit 47912eaa061a6a81e4aa790591a1874c650733c0 upstream.
Limit nanoseconds to 0..999999999.
Fixes: d8a5ba45457e ("[PATCH] FUSE - core")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -162,6 +162,12 @@ void fuse_change_attributes_common(struc
inode->i_uid = make_kuid(fc->user_ns, attr->uid);
inode->i_gid = make_kgid(fc->user_ns, attr->gid);
inode->i_blocks = attr->blocks;
+
+ /* Sanitize nsecs */
+ attr->atimensec = min_t(u32, attr->atimensec, NSEC_PER_SEC - 1);
+ attr->mtimensec = min_t(u32, attr->mtimensec, NSEC_PER_SEC - 1);
+ attr->ctimensec = min_t(u32, attr->ctimensec, NSEC_PER_SEC - 1);
+
inode->i_atime.tv_sec = attr->atime;
inode->i_atime.tv_nsec = attr->atimensec;
/* mtime from server may be stale due to local buffered write */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 036/389] serial: mvebu-uart: uart2 error bits clearing
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 035/389] fuse: limit nsec Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 037/389] md-raid10: fix KASAN warning Greg Kroah-Hartman
` (357 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Guo, Nadav Haklai, Narendra Hadke,
Pali Rohár
From: Narendra Hadke <nhadke@marvell.com>
commit a7209541239e5dd44d981289e5f9059222d40fd1 upstream.
For mvebu uart2, error bits are not cleared on buffer read.
This causes interrupt loop and system hang.
Cc: stable@vger.kernel.org
Reviewed-by: Yi Guo <yi.guo@cavium.com>
Reviewed-by: Nadav Haklai <nadavh@marvell.com>
Signed-off-by: Narendra Hadke <nhadke@marvell.com>
Signed-off-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20220726091221.12358-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/mvebu-uart.c | 11 +++++++++++
1 file changed, 11 insertions(+)
--- a/drivers/tty/serial/mvebu-uart.c
+++ b/drivers/tty/serial/mvebu-uart.c
@@ -238,6 +238,7 @@ static void mvebu_uart_rx_chars(struct u
struct tty_port *tport = &port->state->port;
unsigned char ch = 0;
char flag = 0;
+ int ret;
do {
if (status & STAT_RX_RDY(port)) {
@@ -250,6 +251,16 @@ static void mvebu_uart_rx_chars(struct u
port->icount.parity++;
}
+ /*
+ * For UART2, error bits are not cleared on buffer read.
+ * This causes interrupt loop and system hang.
+ */
+ if (IS_EXTENDED(port) && (status & STAT_BRK_ERR)) {
+ ret = readl(port->membase + UART_STAT);
+ ret |= STAT_BRK_ERR;
+ writel(ret, port->membase + UART_STAT);
+ }
+
if (status & STAT_BRK_DET) {
port->icount.brk++;
status &= ~(STAT_FRM_ERR | STAT_PAR_ERR);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 037/389] md-raid10: fix KASAN warning
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 036/389] serial: mvebu-uart: uart2 error bits clearing Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 038/389] ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() Greg Kroah-Hartman
` (356 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Song Liu, Jens Axboe
From: Mikulas Patocka <mpatocka@redhat.com>
commit d17f744e883b2f8d13cca252d71cfe8ace346f7d upstream.
There's a KASAN warning in raid10_remove_disk when running the lvm
test lvconvert-raid-reshape.sh. We fix this warning by verifying that the
value "number" is valid.
BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10]
Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682
CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_report.cold+0x45/0x57a
? __lock_text_start+0x18/0x18
? raid10_remove_disk+0x61/0x2a0 [raid10]
kasan_report+0xa8/0xe0
? raid10_remove_disk+0x61/0x2a0 [raid10]
raid10_remove_disk+0x61/0x2a0 [raid10]
Buffer I/O error on dev dm-76, logical block 15344, async page read
? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0
remove_and_add_spares+0x367/0x8a0 [md_mod]
? super_written+0x1c0/0x1c0 [md_mod]
? mutex_trylock+0xac/0x120
? _raw_spin_lock+0x72/0xc0
? _raw_spin_lock_bh+0xc0/0xc0
md_check_recovery+0x848/0x960 [md_mod]
raid10d+0xcf/0x3360 [raid10]
? sched_clock_cpu+0x185/0x1a0
? rb_erase+0x4d4/0x620
? var_wake_function+0xe0/0xe0
? psi_group_change+0x411/0x500
? preempt_count_sub+0xf/0xc0
? _raw_spin_lock_irqsave+0x78/0xc0
? __lock_text_start+0x18/0x18
? raid10_sync_request+0x36c0/0x36c0 [raid10]
? preempt_count_sub+0xf/0xc0
? _raw_spin_unlock_irqrestore+0x19/0x40
? del_timer_sync+0xa9/0x100
? try_to_del_timer_sync+0xc0/0xc0
? _raw_spin_lock_irqsave+0x78/0xc0
? __lock_text_start+0x18/0x18
? _raw_spin_unlock_irq+0x11/0x24
? __list_del_entry_valid+0x68/0xa0
? finish_wait+0xa3/0x100
md_thread+0x161/0x260 [md_mod]
? unregister_md_personality+0xa0/0xa0 [md_mod]
? _raw_spin_lock_irqsave+0x78/0xc0
? prepare_to_wait_event+0x2c0/0x2c0
? unregister_md_personality+0xa0/0xa0 [md_mod]
kthread+0x148/0x180
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
Allocated by task 124495:
kasan_save_stack+0x1e/0x40
__kasan_kmalloc+0x80/0xa0
setup_conf+0x140/0x5c0 [raid10]
raid10_run+0x4cd/0x740 [raid10]
md_run+0x6f9/0x1300 [md_mod]
raid_ctr+0x2531/0x4ac0 [dm_raid]
dm_table_add_target+0x2b0/0x620 [dm_mod]
table_load+0x1c8/0x400 [dm_mod]
ctl_ioctl+0x29e/0x560 [dm_mod]
dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]
__do_compat_sys_ioctl+0xfa/0x160
do_syscall_64+0x90/0xc0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Last potentially related work creation:
kasan_save_stack+0x1e/0x40
__kasan_record_aux_stack+0x9e/0xc0
kvfree_call_rcu+0x84/0x480
timerfd_release+0x82/0x140
L __fput+0xfa/0x400
task_work_run+0x80/0xc0
exit_to_user_mode_prepare+0x155/0x160
syscall_exit_to_user_mode+0x12/0x40
do_syscall_64+0x42/0xc0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Second to last potentially related work creation:
kasan_save_stack+0x1e/0x40
__kasan_record_aux_stack+0x9e/0xc0
kvfree_call_rcu+0x84/0x480
timerfd_release+0x82/0x140
__fput+0xfa/0x400
task_work_run+0x80/0xc0
exit_to_user_mode_prepare+0x155/0x160
syscall_exit_to_user_mode+0x12/0x40
do_syscall_64+0x42/0xc0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
The buggy address belongs to the object at ffff889108f3d200
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 0 bytes to the right of
256-byte region [ffff889108f3d200, ffff889108f3d300)
The buggy address belongs to the physical page:
page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c
head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0
flags: 0x4000000000010200(slab|head|zone=2)
raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40
raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff889108f3d280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff889108f3d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff889108f3d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff889108f3d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid10.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1826,9 +1826,12 @@ static int raid10_remove_disk(struct mdd
int err = 0;
int number = rdev->raid_disk;
struct md_rdev **rdevp;
- struct raid10_info *p = conf->mirrors + number;
+ struct raid10_info *p;
print_conf(conf);
+ if (unlikely(number >= mddev->raid_disks))
+ return 0;
+ p = conf->mirrors + number;
if (rdev == p->rdev)
rdevp = &p->rdev;
else if (rdev == p->replacement)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 038/389] ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 037/389] md-raid10: fix KASAN warning Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 039/389] PCI: Add defines for normal and subtractive PCI bridges Greg Kroah-Hartman
` (355 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Alexander Lobakin,
Andy Shevchenko, Yury Norov
From: Alexander Lobakin <alexandr.lobakin@intel.com>
commit e5a16a5c4602c119262f350274021f90465f479d upstream.
test_bit(), as any other bitmap op, takes `unsigned long *` as a
second argument (pointer to the actual bitmap), as any bitmap
itself is an array of unsigned longs. However, the ia64_get_irr()
code passes a ref to `u64` as a second argument.
This works with the ia64 bitops implementation due to that they
have `void *` as the second argument and then cast it later on.
This works with the bitmap API itself due to that `unsigned long`
has the same size on ia64 as `u64` (`unsigned long long`), but
from the compiler PoV those two are different.
Define @irr as `unsigned long` to fix that. That implies no
functional changes. Has been hidden for 16 years!
Fixes: a58786917ce2 ("[IA64] avoid broken SAL_CACHE_FLUSH implementations")
Cc: stable@vger.kernel.org # 2.6.16+
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/ia64/include/asm/processor.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/ia64/include/asm/processor.h
+++ b/arch/ia64/include/asm/processor.h
@@ -552,7 +552,7 @@ ia64_get_irr(unsigned int vector)
{
unsigned int reg = vector / 64;
unsigned int bit = vector % 64;
- u64 irr;
+ unsigned long irr;
switch (reg) {
case 0: irr = ia64_getreg(_IA64_REG_CR_IRR0); break;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 039/389] PCI: Add defines for normal and subtractive PCI bridges
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 038/389] ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 040/389] powerpc/fsl-pci: Fix Class Code of PCIe Root Port Greg Kroah-Hartman
` (354 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Bjorn Helgaas,
Naresh Kamboju, Guenter Roeck
From: Pali Rohár <pali@kernel.org>
commit 904b10fb189cc15376e9bfce1ef0282e68b0b004 upstream.
Add these PCI class codes to pci_ids.h:
PCI_CLASS_BRIDGE_PCI_NORMAL
PCI_CLASS_BRIDGE_PCI_SUBTRACTIVE
Use these defines in all kernel code for describing PCI class codes for
normal and subtractive PCI bridges.
[bhelgaas: similar change in pci-mvebu.c]
Link: https://lore.kernel.org/r/20220214114109.26809-1-pali@kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Guenter Roeck <linux@roeck-us.net>a
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>
[ gregkh - take only the pci_ids.h portion for stable backports ]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/pci_ids.h | 2 ++
1 file changed, 2 insertions(+)
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -59,6 +59,8 @@
#define PCI_CLASS_BRIDGE_EISA 0x0602
#define PCI_CLASS_BRIDGE_MC 0x0603
#define PCI_CLASS_BRIDGE_PCI 0x0604
+#define PCI_CLASS_BRIDGE_PCI_NORMAL 0x060400
+#define PCI_CLASS_BRIDGE_PCI_SUBTRACTIVE 0x060401
#define PCI_CLASS_BRIDGE_PCMCIA 0x0605
#define PCI_CLASS_BRIDGE_NUBUS 0x0606
#define PCI_CLASS_BRIDGE_CARDBUS 0x0607
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 040/389] powerpc/fsl-pci: Fix Class Code of PCIe Root Port
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 039/389] PCI: Add defines for normal and subtractive PCI bridges Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 041/389] powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E Greg Kroah-Hartman
` (353 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman
From: Pali Rohár <pali@kernel.org>
commit 0c551abfa004ce154d487d91777bf221c808a64f upstream.
By default old pre-3.0 Freescale PCIe controllers reports invalid PCI Class
Code 0x0b20 for PCIe Root Port. It can be seen by lspci -b output on P2020
board which has this pre-3.0 controller:
$ lspci -bvnn
00:00.0 Power PC [0b20]: Freescale Semiconductor Inc P2020E [1957:0070] (rev 21)
!!! Invalid class 0b20 for header type 01
Capabilities: [4c] Express Root Port (Slot-), MSI 00
Fix this issue by programming correct PCI Class Code 0x0604 for PCIe Root
Port to the Freescale specific PCIe register 0x474.
With this change lspci -b output is:
$ lspci -bvnn
00:00.0 PCI bridge [0604]: Freescale Semiconductor Inc P2020E [1957:0070] (rev 21) (prog-if 00 [Normal decode])
Capabilities: [4c] Express Root Port (Slot-), MSI 00
Without any "Invalid class" error. So class code was properly reflected
into standard (read-only) PCI register 0x08.
Same fix is already implemented in U-Boot pcie_fsl.c driver in commit:
http://source.denx.de/u-boot/u-boot/-/commit/d18d06ac35229345a0af80977a408cfbe1d1015b
Fix activated by U-Boot stay active also after booting Linux kernel.
But boards which use older U-Boot version without that fix are affected and
still require this fix.
So implement this class code fix also in kernel fsl_pci.c driver.
Cc: stable@vger.kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220706101043.4867-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/sysdev/fsl_pci.c | 8 ++++++++
arch/powerpc/sysdev/fsl_pci.h | 1 +
2 files changed, 9 insertions(+)
--- a/arch/powerpc/sysdev/fsl_pci.c
+++ b/arch/powerpc/sysdev/fsl_pci.c
@@ -520,6 +520,7 @@ int fsl_add_bridge(struct platform_devic
struct resource rsrc;
const int *bus_range;
u8 hdr_type, progif;
+ u32 class_code;
struct device_node *dev;
struct ccsr_pci __iomem *pci;
u16 temp;
@@ -593,6 +594,13 @@ int fsl_add_bridge(struct platform_devic
PPC_INDIRECT_TYPE_SURPRESS_PRIMARY_BUS;
if (fsl_pcie_check_link(hose))
hose->indirect_type |= PPC_INDIRECT_TYPE_NO_PCIE_LINK;
+ /* Fix Class Code to PCI_CLASS_BRIDGE_PCI_NORMAL for pre-3.0 controller */
+ if (in_be32(&pci->block_rev1) < PCIE_IP_REV_3_0) {
+ early_read_config_dword(hose, 0, 0, PCIE_FSL_CSR_CLASSCODE, &class_code);
+ class_code &= 0xff;
+ class_code |= PCI_CLASS_BRIDGE_PCI_NORMAL << 8;
+ early_write_config_dword(hose, 0, 0, PCIE_FSL_CSR_CLASSCODE, class_code);
+ }
} else {
/*
* Set PBFR(PCI Bus Function Register)[10] = 1 to
--- a/arch/powerpc/sysdev/fsl_pci.h
+++ b/arch/powerpc/sysdev/fsl_pci.h
@@ -18,6 +18,7 @@ struct platform_device;
#define PCIE_LTSSM 0x0404 /* PCIE Link Training and Status */
#define PCIE_LTSSM_L0 0x16 /* L0 state */
+#define PCIE_FSL_CSR_CLASSCODE 0x474 /* FSL GPEX CSR */
#define PCIE_IP_REV_2_2 0x02080202 /* PCIE IP block version Rev2.2 */
#define PCIE_IP_REV_3_0 0x02080300 /* PCIE IP block version Rev3.0 */
#define PIWAR_EN 0x80000000 /* Enable */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 041/389] powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 040/389] powerpc/fsl-pci: Fix Class Code of PCIe Root Port Greg Kroah-Hartman
@ 2022-08-23 8:21 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 042/389] powerpc/powernv: Avoid crashing if rng is NULL Greg Kroah-Hartman
` (352 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:21 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman
From: Christophe Leroy <christophe.leroy@csgroup.eu>
commit dd8de84b57b02ba9c1fe530a6d916c0853f136bd upstream.
On FSL_BOOK3E, _PAGE_RW is defined with two bits, one for user and one
for supervisor. As soon as one of the two bits is set, the page has
to be display as RW. But the way it is implemented today requires both
bits to be set in order to display it as RW.
Instead of display RW when _PAGE_RW bits are set and R otherwise,
reverse the logic and display R when _PAGE_RW bits are all 0 and
RW otherwise.
This change has no impact on other platforms as _PAGE_RW is a single
bit on all of them.
Fixes: 8eb07b187000 ("powerpc/mm: Dump linux pagetables")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/0c33b96317811edf691e81698aaee8fa45ec3449.1656427391.git.christophe.leroy@csgroup.eu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/mm/ptdump/shared.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/powerpc/mm/ptdump/shared.c
+++ b/arch/powerpc/mm/ptdump/shared.c
@@ -17,9 +17,9 @@ static const struct flag_info flag_array
.clear = " ",
}, {
.mask = _PAGE_RW,
- .val = _PAGE_RW,
- .set = "rw",
- .clear = "r ",
+ .val = 0,
+ .set = "r ",
+ .clear = "rw",
}, {
.mask = _PAGE_EXEC,
.val = _PAGE_EXEC,
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 042/389] powerpc/powernv: Avoid crashing if rng is NULL
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-08-23 8:21 ` [PATCH 5.4 041/389] powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 043/389] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
` (351 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 90b5d4fe0b3ba7f589c6723c6bfb559d9e83956a upstream.
On a bare-metal Power8 system that doesn't have an "ibm,power-rng", a
malicious QEMU and guest that ignore the absence of the
KVM_CAP_PPC_HWRNG flag, and calls H_RANDOM anyway, will dereference a
NULL pointer.
In practice all Power8 machines have an "ibm,power-rng", but let's not
rely on that, add a NULL check and early return in
powernv_get_random_real_mode().
Fixes: e928e9cb3601 ("KVM: PPC: Book3S HV: Add fast real-mode H_RANDOM implementation.")
Cc: stable@vger.kernel.org # v4.1+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220727143219.2684192-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/powernv/rng.c | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/powerpc/platforms/powernv/rng.c
+++ b/arch/powerpc/platforms/powernv/rng.c
@@ -63,6 +63,8 @@ int powernv_get_random_real_mode(unsigne
struct powernv_rng *rng;
rng = raw_cpu_read(powernv_rng);
+ if (!rng)
+ return 0;
*v = rng_whiten(rng, __raw_rm_readq(rng->regs_real));
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 043/389] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 042/389] powerpc/powernv: Avoid crashing if rng is NULL Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 044/389] coresight: Clear the connection field properly Greg Kroah-Hartman
` (350 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Huacai Chen, Thomas Bogendoerfer
From: Huacai Chen <chenhuacai@loongson.cn>
commit e1a534f5d074db45ae5cbac41d8912b98e96a006 upstream.
When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,
cpu_max_bits_warn() generates a runtime warning similar as below while
we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)
instead of NR_CPUS to iterate CPUs.
[ 3.052463] ------------[ cut here ]------------
[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0
[ 3.070072] Modules linked in: efivarfs autofs4
[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052
[ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27
[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000
[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430
[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff
[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890
[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa
[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000
[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000
[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000
[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286
[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c
[ 3.195868] ...
[ 3.199917] Call Trace:
[ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c
[ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88
[ 3.217625] [<980000000023d268>] __warn+0xd0/0x100
[ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc
[ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0
[ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4
[ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4
[ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0
[ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100
[ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94
[ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160
[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---
Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/kernel/proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/kernel/proc.c
+++ b/arch/mips/kernel/proc.c
@@ -168,7 +168,7 @@ static void *c_start(struct seq_file *m,
{
unsigned long i = *pos;
- return i < NR_CPUS ? (void *) (i + 1) : NULL;
+ return i < nr_cpu_ids ? (void *) (i + 1) : NULL;
}
static void *c_next(struct seq_file *m, void *v, loff_t *pos)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 044/389] coresight: Clear the connection field properly
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 043/389] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 045/389] USB: HCD: Fix URB giveback issue in tasklet function Greg Kroah-Hartman
` (349 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mathieu Poirier, Mike Leach, Leo Yan,
Suzuki K Poulose
From: Suzuki K Poulose <suzuki.poulose@arm.com>
commit 2af89ebacf299b7fba5f3087d35e8a286ec33706 upstream.
coresight devices track their connections (output connections) and
hold a reference to the fwnode. When a device goes away, we walk through
the devices on the coresight bus and make sure that the references
are dropped. This happens both ways:
a) For all output connections from the device, drop the reference to
the target device via coresight_release_platform_data()
b) Iterate over all the devices on the coresight bus and drop the
reference to fwnode if *this* device is the target of the output
connection, via coresight_remove_conns()->coresight_remove_match().
However, the coresight_remove_match() doesn't clear the fwnode field,
after dropping the reference, this causes use-after-free and
additional refcount drops on the fwnode.
e.g., if we have two devices, A and B, with a connection, A -> B.
If we remove B first, B would clear the reference on B, from A
via coresight_remove_match(). But when A is removed, it still has
a connection with fwnode still pointing to B. Thus it tries to drops
the reference in coresight_release_platform_data(), raising the bells
like :
[ 91.990153] ------------[ cut here ]------------
[ 91.990163] refcount_t: addition on 0; use-after-free.
[ 91.990212] WARNING: CPU: 0 PID: 461 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x144
[ 91.990260] Modules linked in: coresight_funnel coresight_replicator coresight_etm4x(-)
crct10dif_ce coresight ip_tables x_tables ipv6 [last unloaded: coresight_cpu_debug]
[ 91.990398] CPU: 0 PID: 461 Comm: rmmod Tainted: G W T 5.19.0-rc2+ #53
[ 91.990418] Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Feb 1 2019
[ 91.990434] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 91.990454] pc : refcount_warn_saturate+0xa0/0x144
[ 91.990476] lr : refcount_warn_saturate+0xa0/0x144
[ 91.990496] sp : ffff80000c843640
[ 91.990509] x29: ffff80000c843640 x28: ffff800009957c28 x27: ffff80000c8439a8
[ 91.990560] x26: ffff00097eff1990 x25: ffff8000092b6ad8 x24: ffff00097eff19a8
[ 91.990610] x23: ffff80000c8439a8 x22: 0000000000000000 x21: ffff80000c8439c2
[ 91.990659] x20: 0000000000000000 x19: ffff00097eff1a10 x18: ffff80000ab99c40
[ 91.990708] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80000abf6fa0
[ 91.990756] x14: 000000000000001d x13: 0a2e656572662d72 x12: 657466612d657375
[ 91.990805] x11: 203b30206e6f206e x10: 6f69746964646120 x9 : ffff8000081aba28
[ 91.990854] x8 : 206e6f206e6f6974 x7 : 69646461203a745f x6 : 746e756f63666572
[ 91.990903] x5 : ffff00097648ec58 x4 : 0000000000000000 x3 : 0000000000000027
[ 91.990952] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00080260ba00
[ 91.991000] Call trace:
[ 91.991012] refcount_warn_saturate+0xa0/0x144
[ 91.991034] kobject_get+0xac/0xb0
[ 91.991055] of_node_get+0x2c/0x40
[ 91.991076] of_fwnode_get+0x40/0x60
[ 91.991094] fwnode_handle_get+0x3c/0x60
[ 91.991116] fwnode_get_nth_parent+0xf4/0x110
[ 91.991137] fwnode_full_name_string+0x48/0xc0
[ 91.991158] device_node_string+0x41c/0x530
[ 91.991178] pointer+0x320/0x3ec
[ 91.991198] vsnprintf+0x23c/0x750
[ 91.991217] vprintk_store+0x104/0x4b0
[ 91.991238] vprintk_emit+0x8c/0x360
[ 91.991257] vprintk_default+0x44/0x50
[ 91.991276] vprintk+0xcc/0xf0
[ 91.991295] _printk+0x68/0x90
[ 91.991315] of_node_release+0x13c/0x14c
[ 91.991334] kobject_put+0x98/0x114
[ 91.991354] of_node_put+0x24/0x34
[ 91.991372] of_fwnode_put+0x40/0x5c
[ 91.991390] fwnode_handle_put+0x38/0x50
[ 91.991411] coresight_release_platform_data+0x74/0xb0 [coresight]
[ 91.991472] coresight_unregister+0x64/0xcc [coresight]
[ 91.991525] etm4_remove_dev+0x64/0x78 [coresight_etm4x]
[ 91.991563] etm4_remove_amba+0x1c/0x2c [coresight_etm4x]
[ 91.991598] amba_remove+0x3c/0x19c
Reproducible by: (Build all coresight components as modules):
#!/bin/sh
while true
do
for m in tmc stm cpu_debug etm4x replicator funnel
do
modprobe coresight_${m}
done
for m in tmc stm cpu_debug etm4x replicator funnel
do
rmmode coresight_${m}
done
done
Cc: stable@vger.kernel.org
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Cc: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Fixes: 37ea1ffddffa ("coresight: Use fwnode handle instead of device names")
Link: https://lore.kernel.org/r/20220614214024.3005275-1-suzuki.poulose@arm.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/coresight/coresight.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hwtracing/coresight/coresight.c
+++ b/drivers/hwtracing/coresight/coresight.c
@@ -1073,6 +1073,7 @@ static int coresight_remove_match(struct
* platform data.
*/
fwnode_handle_put(conn->child_fwnode);
+ conn->child_fwnode = NULL;
/* No need to continue */
break;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 045/389] USB: HCD: Fix URB giveback issue in tasklet function
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 044/389] coresight: Clear the connection field properly Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 046/389] ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC Greg Kroah-Hartman
` (348 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, stable, Alan Stern, Weitao Wang
From: Weitao Wang <WeitaoWang-oc@zhaoxin.com>
commit 26c6c2f8a907c9e3a2f24990552a4d77235791e6 upstream.
Usb core introduce the mechanism of giveback of URB in tasklet context to
reduce hardware interrupt handling time. On some test situation(such as
FIO with 4KB block size), when tasklet callback function called to
giveback URB, interrupt handler add URB node to the bh->head list also.
If check bh->head list again after finish all URB giveback of local_list,
then it may introduce a "dynamic balance" between giveback URB and add URB
to bh->head list. This tasklet callback function may not exit for a long
time, which will cause other tasklet function calls to be delayed. Some
real-time applications(such as KB and Mouse) will see noticeable lag.
In order to prevent the tasklet function from occupying the cpu for a long
time at a time, new URBS will not be added to the local_list even though
the bh->head list is not empty. But also need to ensure the left URB
giveback to be processed in time, so add a member high_prio for structure
giveback_urb_bh to prioritize tasklet and schelule this tasklet again if
bh->head list is not empty.
At the same time, we are able to prioritize tasklet through structure
member high_prio. So, replace the local high_prio_bh variable with this
structure member in usb_hcd_giveback_urb.
Fixes: 94dfd7edfd5c ("USB: HCD: support giveback of URB in tasklet context")
Cc: stable <stable@kernel.org>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Weitao Wang <WeitaoWang-oc@zhaoxin.com>
Link: https://lore.kernel.org/r/20220726074918.5114-1-WeitaoWang-oc@zhaoxin.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hcd.c | 26 +++++++++++++++-----------
include/linux/usb/hcd.h | 1 +
2 files changed, 16 insertions(+), 11 deletions(-)
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1688,7 +1688,6 @@ static void usb_giveback_urb_bh(unsigned
spin_lock_irq(&bh->lock);
bh->running = true;
- restart:
list_replace_init(&bh->head, &local_list);
spin_unlock_irq(&bh->lock);
@@ -1702,10 +1701,17 @@ static void usb_giveback_urb_bh(unsigned
bh->completing_ep = NULL;
}
- /* check if there are new URBs to giveback */
+ /*
+ * giveback new URBs next time to prevent this function
+ * from not exiting for a long time.
+ */
spin_lock_irq(&bh->lock);
- if (!list_empty(&bh->head))
- goto restart;
+ if (!list_empty(&bh->head)) {
+ if (bh->high_prio)
+ tasklet_hi_schedule(&bh->bh);
+ else
+ tasklet_schedule(&bh->bh);
+ }
bh->running = false;
spin_unlock_irq(&bh->lock);
}
@@ -1730,7 +1736,7 @@ static void usb_giveback_urb_bh(unsigned
void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status)
{
struct giveback_urb_bh *bh;
- bool running, high_prio_bh;
+ bool running;
/* pass status to tasklet via unlinked */
if (likely(!urb->unlinked))
@@ -1741,13 +1747,10 @@ void usb_hcd_giveback_urb(struct usb_hcd
return;
}
- if (usb_pipeisoc(urb->pipe) || usb_pipeint(urb->pipe)) {
+ if (usb_pipeisoc(urb->pipe) || usb_pipeint(urb->pipe))
bh = &hcd->high_prio_bh;
- high_prio_bh = true;
- } else {
+ else
bh = &hcd->low_prio_bh;
- high_prio_bh = false;
- }
spin_lock(&bh->lock);
list_add_tail(&urb->urb_list, &bh->head);
@@ -1756,7 +1759,7 @@ void usb_hcd_giveback_urb(struct usb_hcd
if (running)
;
- else if (high_prio_bh)
+ else if (bh->high_prio)
tasklet_hi_schedule(&bh->bh);
else
tasklet_schedule(&bh->bh);
@@ -2796,6 +2799,7 @@ int usb_add_hcd(struct usb_hcd *hcd,
/* initialize tasklets */
init_giveback_urb_bh(&hcd->high_prio_bh);
+ hcd->high_prio_bh.high_prio = true;
init_giveback_urb_bh(&hcd->low_prio_bh);
/* enable irqs just before we start the controller,
--- a/include/linux/usb/hcd.h
+++ b/include/linux/usb/hcd.h
@@ -66,6 +66,7 @@
struct giveback_urb_bh {
bool running;
+ bool high_prio;
spinlock_t lock;
struct list_head head;
struct tasklet_struct bh;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 046/389] ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 045/389] USB: HCD: Fix URB giveback issue in tasklet function Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 047/389] arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC Greg Kroah-Hartman
` (347 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ryuta NAKANISHI, Kunihiko Hayashi,
Arnd Bergmann
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
commit 9b0dc7abb5cc43a2dbf90690c3c6011dcadc574d upstream.
An interrupt for USB device are shared with USB host. Set interrupt-names
property to common "dwc_usb3" instead of "host" and "peripheral".
Cc: stable@vger.kernel.org
Fixes: 45be1573ad19 ("ARM: dts: uniphier: Add USB3 controller nodes")
Reported-by: Ryuta NAKANISHI <nakanishi.ryuta@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/boot/dts/uniphier-pxs2.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm/boot/dts/uniphier-pxs2.dtsi
+++ b/arch/arm/boot/dts/uniphier-pxs2.dtsi
@@ -585,8 +585,8 @@
compatible = "socionext,uniphier-dwc3", "snps,dwc3";
status = "disabled";
reg = <0x65a00000 0xcd00>;
- interrupt-names = "host", "peripheral";
- interrupts = <0 134 4>, <0 135 4>;
+ interrupt-names = "dwc_usb3";
+ interrupts = <0 134 4>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_usb0>, <&pinctrl_usb2>;
clock-names = "ref", "bus_early", "suspend";
@@ -681,8 +681,8 @@
compatible = "socionext,uniphier-dwc3", "snps,dwc3";
status = "disabled";
reg = <0x65c00000 0xcd00>;
- interrupt-names = "host", "peripheral";
- interrupts = <0 137 4>, <0 138 4>;
+ interrupt-names = "dwc_usb3";
+ interrupts = <0 137 4>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_usb1>, <&pinctrl_usb3>;
clock-names = "ref", "bus_early", "suspend";
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 047/389] arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 046/389] ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 048/389] netfilter: nf_tables: do not allow SET_ID to refer to another table Greg Kroah-Hartman
` (346 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ryuta NAKANISHI, Kunihiko Hayashi,
Arnd Bergmann
From: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
commit fe17b91a7777df140d0f1433991da67ba658796c upstream.
An interrupt for USB device are shared with USB host. Set interrupt-names
property to common "dwc_usb3" instead of "host" and "peripheral".
Cc: stable@vger.kernel.org
Fixes: d7b9beb830d7 ("arm64: dts: uniphier: Add USB3 controller nodes")
Reported-by: Ryuta NAKANISHI <nakanishi.ryuta@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi
+++ b/arch/arm64/boot/dts/socionext/uniphier-pxs3.dtsi
@@ -544,8 +544,8 @@
compatible = "socionext,uniphier-dwc3", "snps,dwc3";
status = "disabled";
reg = <0x65a00000 0xcd00>;
- interrupt-names = "host", "peripheral";
- interrupts = <0 134 4>, <0 135 4>;
+ interrupt-names = "dwc_usb3";
+ interrupts = <0 134 4>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_usb0>, <&pinctrl_usb2>;
clock-names = "ref", "bus_early", "suspend";
@@ -646,8 +646,8 @@
compatible = "socionext,uniphier-dwc3", "snps,dwc3";
status = "disabled";
reg = <0x65c00000 0xcd00>;
- interrupt-names = "host", "peripheral";
- interrupts = <0 137 4>, <0 138 4>;
+ interrupt-names = "dwc_usb3";
+ interrupts = <0 137 4>;
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_usb1>, <&pinctrl_usb3>;
clock-names = "ref", "bus_early", "suspend";
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 048/389] netfilter: nf_tables: do not allow SET_ID to refer to another table
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 047/389] arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 049/389] netfilter: nf_tables: do not allow RULE_ID to refer to another chain Greg Kroah-Hartman
` (345 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thadeu Lima de Souza Cascardo,
Pablo Neira Ayuso
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
commit 470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2 upstream.
When doing lookups for sets on the same batch by using its ID, a set from a
different table can be used.
Then, when the table is removed, a reference to the set may be kept after
the set is freed, leading to a potential use-after-free.
When looking for sets by ID, use the table that was used for the lookup by
name, and only return sets belonging to that same table.
This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.
Reported-by: Team Orca of Sea Security (@seasecresponse)
Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3191,6 +3191,7 @@ static struct nft_set *nft_set_lookup_by
}
static struct nft_set *nft_set_lookup_byid(const struct net *net,
+ const struct nft_table *table,
const struct nlattr *nla, u8 genmask)
{
struct nft_trans *trans;
@@ -3201,6 +3202,7 @@ static struct nft_set *nft_set_lookup_by
struct nft_set *set = nft_trans_set(trans);
if (id == nft_trans_set_id(trans) &&
+ set->table == table &&
nft_active_genmask(set, genmask))
return set;
}
@@ -3221,7 +3223,7 @@ struct nft_set *nft_set_lookup_global(co
if (!nla_set_id)
return set;
- set = nft_set_lookup_byid(net, nla_set_id, genmask);
+ set = nft_set_lookup_byid(net, table, nla_set_id, genmask);
}
return set;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 049/389] netfilter: nf_tables: do not allow RULE_ID to refer to another chain
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 048/389] netfilter: nf_tables: do not allow SET_ID to refer to another table Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 050/389] netfilter: nf_tables: fix null deref due to zeroed list head Greg Kroah-Hartman
` (344 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thadeu Lima de Souza Cascardo,
Pablo Neira Ayuso
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
commit 36d5b2913219ac853908b0f1c664345e04313856 upstream.
When doing lookups for rules on the same batch by using its ID, a rule from
a different chain can be used. If a rule is added to a chain but tries to
be positioned next to a rule from a different chain, it will be linked to
chain2, but the use counter on chain1 would be the one to be incremented.
When looking for rules by ID, use the chain that was used for the lookup by
name. The chain used in the context copied to the transaction needs to
match that same chain. That way, struct nft_rule does not need to get
enlarged with another member.
Fixes: 1a94e38d254b ("netfilter: nf_tables: add NFTA_RULE_ID attribute")
Fixes: 75dd48e2e420 ("netfilter: nf_tables: Support RULE_ID reference in new rule")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2713,6 +2713,7 @@ static int nft_table_validate(struct net
}
static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
+ const struct nft_chain *chain,
const struct nlattr *nla);
#define NFT_RULE_MAXEXPRS 128
@@ -2786,7 +2787,7 @@ static int nf_tables_newrule(struct net
return PTR_ERR(old_rule);
}
} else if (nla[NFTA_RULE_POSITION_ID]) {
- old_rule = nft_rule_lookup_byid(net, nla[NFTA_RULE_POSITION_ID]);
+ old_rule = nft_rule_lookup_byid(net, chain, nla[NFTA_RULE_POSITION_ID]);
if (IS_ERR(old_rule)) {
NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_POSITION_ID]);
return PTR_ERR(old_rule);
@@ -2921,6 +2922,7 @@ err1:
}
static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
+ const struct nft_chain *chain,
const struct nlattr *nla)
{
u32 id = ntohl(nla_get_be32(nla));
@@ -2930,6 +2932,7 @@ static struct nft_rule *nft_rule_lookup_
struct nft_rule *rule = nft_trans_rule(trans);
if (trans->msg_type == NFT_MSG_NEWRULE &&
+ trans->ctx.chain == chain &&
id == nft_trans_rule_id(trans))
return rule;
}
@@ -2976,7 +2979,7 @@ static int nf_tables_delrule(struct net
err = nft_delrule(&ctx, rule);
} else if (nla[NFTA_RULE_ID]) {
- rule = nft_rule_lookup_byid(net, nla[NFTA_RULE_ID]);
+ rule = nft_rule_lookup_byid(net, chain, nla[NFTA_RULE_ID]);
if (IS_ERR(rule)) {
NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_ID]);
return PTR_ERR(rule);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 050/389] netfilter: nf_tables: fix null deref due to zeroed list head
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 049/389] netfilter: nf_tables: do not allow RULE_ID to refer to another chain Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively Greg Kroah-Hartman
` (343 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, mingi cho, Florian Westphal,
Pablo Neira Ayuso
From: Florian Westphal <fw@strlen.de>
commit 580077855a40741cf511766129702d97ff02f4d9 upstream.
In nf_tables_updtable, if nf_tables_table_enable returns an error,
nft_trans_destroy is called to free the transaction object.
nft_trans_destroy() calls list_del(), but the transaction was never
placed on a list -- the list head is all zeroes, this results in
a null dereference:
BUG: KASAN: null-ptr-deref in nft_trans_destroy+0x26/0x59
Call Trace:
nft_trans_destroy+0x26/0x59
nf_tables_newtable+0x4bc/0x9bc
[..]
Its sane to assume that nft_trans_destroy() can be called
on the transaction object returned by nft_trans_alloc(), so
make sure the list head is initialised.
Fixes: 55dd6f93076b ("netfilter: nf_tables: use new transaction infrastructure to handle table")
Reported-by: mingi cho <mgcho.minic@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -113,6 +113,7 @@ static struct nft_trans *nft_trans_alloc
if (trans == NULL)
return NULL;
+ INIT_LIST_HEAD(&trans->list);
trans->msg_type = msg_type;
trans->ctx = *ctx;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 050/389] netfilter: nf_tables: fix null deref due to zeroed list head Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-10-26 16:00 ` mdecandia
2022-08-23 8:22 ` [PATCH 5.4 052/389] x86: Handle idle=nomwait cmdline properly for x86_idle Greg Kroah-Hartman
` (342 subsequent siblings)
393 siblings, 1 reply; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Segall, Shakeel Butt,
Alexander Viro, Linus Torvalds, Eric Dumazet, Roman Penyaev,
Jason Baron, Khazhismel Kumykov, Heiher, stable, Andrew Morton
From: Benjamin Segall <bsegall@google.com>
commit a16ceb13961068f7209e34d7984f8e42d2c06159 upstream.
If a process is killed or otherwise exits while having active network
connections and many threads waiting on epoll_wait, the threads will all
be woken immediately, but not removed from ep->wq. Then when network
traffic scans ep->wq in wake_up, every wakeup attempt will fail, and will
not remove the entries from the list.
This means that the cost of the wakeup attempt is far higher than usual,
does not decrease, and this also competes with the dying threads trying to
actually make progress and remove themselves from the wq.
Handle this by removing visited epoll wq entries unconditionally, rather
than only when the wakeup succeeds - the structure of ep_poll means that
the only potential loss is the timed_out->eavail heuristic, which now can
race and result in a redundant ep_send_events attempt. (But only when
incoming data and a timeout actually race, not on every timeout)
Shakeel added:
: We are seeing this issue in production with real workloads and it has
: caused hard lockups. Particularly network heavy workloads with a lot
: of threads in epoll_wait() can easily trigger this issue if they get
: killed (oom-killed in our case).
Link: https://lkml.kernel.org/r/xm26fsjotqda.fsf@google.com
Signed-off-by: Ben Segall <bsegall@google.com>
Tested-by: Shakeel Butt <shakeelb@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Roman Penyaev <rpenyaev@suse.de>
Cc: Jason Baron <jbaron@akamai.com>
Cc: Khazhismel Kumykov <khazhy@google.com>
Cc: Heiher <r@hev.cc>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/eventpoll.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1803,6 +1803,21 @@ static inline struct timespec64 ep_set_m
return timespec64_add_safe(now, ts);
}
+/*
+ * autoremove_wake_function, but remove even on failure to wake up, because we
+ * know that default_wake_function/ttwu will only fail if the thread is already
+ * woken, and in that case the ep_poll loop will remove the entry anyways, not
+ * try to reuse it.
+ */
+static int ep_autoremove_wake_function(struct wait_queue_entry *wq_entry,
+ unsigned int mode, int sync, void *key)
+{
+ int ret = default_wake_function(wq_entry, mode, sync, key);
+
+ list_del_init(&wq_entry->entry);
+ return ret;
+}
+
/**
* ep_poll - Retrieves ready events, and delivers them to the caller supplied
* event buffer.
@@ -1880,8 +1895,15 @@ fetch_events:
* normal wakeup path no need to call __remove_wait_queue()
* explicitly, thus ep->lock is not taken, which halts the
* event delivery.
+ *
+ * In fact, we now use an even more aggressive function that
+ * unconditionally removes, because we don't reuse the wait
+ * entry between loop iterations. This lets us also avoid the
+ * performance issue if a process is killed, causing all of its
+ * threads to wake up without being removed normally.
*/
init_wait(&wait);
+ wait.func = ep_autoremove_wake_function;
write_lock_irq(&ep->lock);
__add_wait_queue_exclusive(&ep->wq, &wait);
write_unlock_irq(&ep->lock);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 052/389] x86: Handle idle=nomwait cmdline properly for x86_idle
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 053/389] arm64: Do not forget syscall when starting a new thread Greg Kroah-Hartman
` (341 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wyes Karny, Dave Hansen, Zhang Rui,
Sasha Levin
From: Wyes Karny <wyes.karny@amd.com>
[ Upstream commit 8bcedb4ce04750e1ccc9a6b6433387f6a9166a56 ]
When kernel is booted with idle=nomwait do not use MWAIT as the
default idle state.
If the user boots the kernel with idle=nomwait, it is a clear
direction to not use mwait as the default idle state.
However, the current code does not take this into consideration
while selecting the default idle state on x86.
Fix it by checking for the idle=nomwait boot option in
prefer_mwait_c1_over_halt().
Also update the documentation around idle=nomwait appropriately.
[ dhansen: tweak commit message ]
Signed-off-by: Wyes Karny <wyes.karny@amd.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Tested-by: Zhang Rui <rui.zhang@intel.com>
Link: https://lkml.kernel.org/r/fdc2dc2d0a1bc21c2f53d989ea2d2ee3ccbc0dbe.1654538381.git-series.wyes.karny@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/admin-guide/pm/cpuidle.rst | 15 +++++++++------
arch/x86/kernel/process.c | 9 ++++++---
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/Documentation/admin-guide/pm/cpuidle.rst b/Documentation/admin-guide/pm/cpuidle.rst
index e70b365dbc60..80cf2ef2a506 100644
--- a/Documentation/admin-guide/pm/cpuidle.rst
+++ b/Documentation/admin-guide/pm/cpuidle.rst
@@ -676,8 +676,8 @@ the ``menu`` governor to be used on the systems that use the ``ladder`` governor
by default this way, for example.
The other kernel command line parameters controlling CPU idle time management
-described below are only relevant for the *x86* architecture and some of
-them affect Intel processors only.
+described below are only relevant for the *x86* architecture and references
+to ``intel_idle`` affect Intel processors only.
The *x86* architecture support code recognizes three kernel command line
options related to CPU idle time management: ``idle=poll``, ``idle=halt``,
@@ -699,10 +699,13 @@ idle, so it very well may hurt single-thread computations performance as well as
energy-efficiency. Thus using it for performance reasons may not be a good idea
at all.]
-The ``idle=nomwait`` option disables the ``intel_idle`` driver and causes
-``acpi_idle`` to be used (as long as all of the information needed by it is
-there in the system's ACPI tables), but it is not allowed to use the
-``MWAIT`` instruction of the CPUs to ask the hardware to enter idle states.
+The ``idle=nomwait`` option prevents the use of ``MWAIT`` instruction of
+the CPU to enter idle states. When this option is used, the ``acpi_idle``
+driver will use the ``HLT`` instruction instead of ``MWAIT``. On systems
+running Intel processors, this option disables the ``intel_idle`` driver
+and forces the use of the ``acpi_idle`` driver instead. Note that in either
+case, ``acpi_idle`` driver will function only if all the information needed
+by it is in the system's ACPI tables.
In addition to the architecture-level kernel command line options affecting CPU
idle time management, there are parameters affecting individual ``CPUIdle``
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 571e38c9ee1d..068715a52ac1 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -659,6 +659,10 @@ static void amd_e400_idle(void)
*/
static int prefer_mwait_c1_over_halt(const struct cpuinfo_x86 *c)
{
+ /* User has disallowed the use of MWAIT. Fallback to HALT */
+ if (boot_option_idle_override == IDLE_NOMWAIT)
+ return 0;
+
if (c->x86_vendor != X86_VENDOR_INTEL)
return 0;
@@ -769,9 +773,8 @@ static int __init idle_setup(char *str)
} else if (!strcmp(str, "nomwait")) {
/*
* If the boot option of "idle=nomwait" is added,
- * it means that mwait will be disabled for CPU C2/C3
- * states. In such case it won't touch the variable
- * of boot_option_idle_override.
+ * it means that mwait will be disabled for CPU C1/C2/C3
+ * states.
*/
boot_option_idle_override = IDLE_NOMWAIT;
} else
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 053/389] arm64: Do not forget syscall when starting a new thread.
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 052/389] x86: Handle idle=nomwait cmdline properly for x86_idle Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 054/389] arm64: fix oops in concurrently setting insn_emulation sysctls Greg Kroah-Hartman
` (340 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Francis Laniel, Will Deacon, Sasha Levin
From: Francis Laniel <flaniel@linux.microsoft.com>
[ Upstream commit de6921856f99c11d3986c6702d851e1328d4f7f6 ]
Enable tracing of the execve*() system calls with the
syscalls:sys_exit_execve tracepoint by removing the call to
forget_syscall() when starting a new thread and preserving the value of
regs->syscallno across exec.
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Link: https://lore.kernel.org/r/20220608162447.666494-2-flaniel@linux.microsoft.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/include/asm/processor.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h
index 5623685c7d13..65834b84f0e1 100644
--- a/arch/arm64/include/asm/processor.h
+++ b/arch/arm64/include/asm/processor.h
@@ -184,8 +184,9 @@ void tls_preserve_current_state(void);
static inline void start_thread_common(struct pt_regs *regs, unsigned long pc)
{
+ s32 previous_syscall = regs->syscallno;
memset(regs, 0, sizeof(*regs));
- forget_syscall(regs);
+ regs->syscallno = previous_syscall;
regs->pc = pc;
if (system_uses_irq_prio_masking())
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 054/389] arm64: fix oops in concurrently setting insn_emulation sysctls
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 053/389] arm64: Do not forget syscall when starting a new thread Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 055/389] ext2: Add more validity checks for inode counts Greg Kroah-Hartman
` (339 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, hewenliang, Haibin Zhang,
Catalin Marinas, Will Deacon, Sasha Levin
From: haibinzhang (张海斌) <haibinzhang@tencent.com>
[ Upstream commit af483947d472eccb79e42059276c4deed76f99a6 ]
emulation_proc_handler() changes table->data for proc_dointvec_minmax
and can generate the following Oops if called concurrently with itself:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
| Internal error: Oops: 96000006 [#1] SMP
| Call trace:
| update_insn_emulation_mode+0xc0/0x148
| emulation_proc_handler+0x64/0xb8
| proc_sys_call_handler+0x9c/0xf8
| proc_sys_write+0x18/0x20
| __vfs_write+0x20/0x48
| vfs_write+0xe4/0x1d0
| ksys_write+0x70/0xf8
| __arm64_sys_write+0x20/0x28
| el0_svc_common.constprop.0+0x7c/0x1c0
| el0_svc_handler+0x2c/0xa0
| el0_svc+0x8/0x200
To fix this issue, keep the table->data as &insn->current_mode and
use container_of() to retrieve the insn pointer. Another mutex is
used to protect against the current_mode update but not for retrieving
insn_emulation as table->data is no longer changing.
Co-developed-by: hewenliang <hewenliang4@huawei.com>
Signed-off-by: hewenliang <hewenliang4@huawei.com>
Signed-off-by: Haibin Zhang <haibinzhang@tencent.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20220128090324.2727688-1-hewenliang4@huawei.com
Link: https://lore.kernel.org/r/9A004C03-250B-46C5-BF39-782D7551B00E@tencent.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/kernel/armv8_deprecated.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c
index bcb14d11232f..fbf66e0973aa 100644
--- a/arch/arm64/kernel/armv8_deprecated.c
+++ b/arch/arm64/kernel/armv8_deprecated.c
@@ -59,6 +59,7 @@ struct insn_emulation {
static LIST_HEAD(insn_emulation);
static int nr_insn_emulated __initdata;
static DEFINE_RAW_SPINLOCK(insn_emulation_lock);
+static DEFINE_MUTEX(insn_emulation_mutex);
static void register_emulation_hooks(struct insn_emulation_ops *ops)
{
@@ -207,10 +208,10 @@ static int emulation_proc_handler(struct ctl_table *table, int write,
loff_t *ppos)
{
int ret = 0;
- struct insn_emulation *insn = (struct insn_emulation *) table->data;
+ struct insn_emulation *insn = container_of(table->data, struct insn_emulation, current_mode);
enum insn_emulation_mode prev_mode = insn->current_mode;
- table->data = &insn->current_mode;
+ mutex_lock(&insn_emulation_mutex);
ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
if (ret || !write || prev_mode == insn->current_mode)
@@ -223,7 +224,7 @@ static int emulation_proc_handler(struct ctl_table *table, int write,
update_insn_emulation_mode(insn, INSN_UNDEF);
}
ret:
- table->data = insn;
+ mutex_unlock(&insn_emulation_mutex);
return ret;
}
@@ -247,7 +248,7 @@ static void __init register_insn_emulation_sysctl(void)
sysctl->maxlen = sizeof(int);
sysctl->procname = insn->ops->name;
- sysctl->data = insn;
+ sysctl->data = &insn->current_mode;
sysctl->extra1 = &insn->min;
sysctl->extra2 = &insn->max;
sysctl->proc_handler = emulation_proc_handler;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 055/389] ext2: Add more validity checks for inode counts
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 054/389] arm64: fix oops in concurrently setting insn_emulation sysctls Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 056/389] genirq: Dont return error on missing optional irq_request_resources() Greg Kroah-Hartman
` (338 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+d273f7d7f58afd93be48,
Jan Kara, Sasha Levin
From: Jan Kara <jack@suse.cz>
[ Upstream commit fa78f336937240d1bc598db817d638086060e7e9 ]
Add checks verifying number of inodes stored in the superblock matches
the number computed from number of inodes per group. Also verify we have
at least one block worth of inodes per group. This prevents crashes on
corrupted filesystems.
Reported-by: syzbot+d273f7d7f58afd93be48@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext2/super.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index db403c01d4d5..644c83c115bc 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -1077,9 +1077,10 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
sbi->s_frags_per_group);
goto failed_mount;
}
- if (sbi->s_inodes_per_group > sb->s_blocksize * 8) {
+ if (sbi->s_inodes_per_group < sbi->s_inodes_per_block ||
+ sbi->s_inodes_per_group > sb->s_blocksize * 8) {
ext2_msg(sb, KERN_ERR,
- "error: #inodes per group too big: %lu",
+ "error: invalid #inodes per group: %lu",
sbi->s_inodes_per_group);
goto failed_mount;
}
@@ -1089,6 +1090,13 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
sbi->s_groups_count = ((le32_to_cpu(es->s_blocks_count) -
le32_to_cpu(es->s_first_data_block) - 1)
/ EXT2_BLOCKS_PER_GROUP(sb)) + 1;
+ if ((u64)sbi->s_groups_count * sbi->s_inodes_per_group !=
+ le32_to_cpu(es->s_inodes_count)) {
+ ext2_msg(sb, KERN_ERR, "error: invalid #inodes: %u vs computed %llu",
+ le32_to_cpu(es->s_inodes_count),
+ (u64)sbi->s_groups_count * sbi->s_inodes_per_group);
+ goto failed_mount;
+ }
db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) /
EXT2_DESC_PER_BLOCK(sb);
sbi->s_group_desc = kmalloc_array (db_count,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 056/389] genirq: Dont return error on missing optional irq_request_resources()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 055/389] ext2: Add more validity checks for inode counts Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 057/389] wait: Fix __wait_event_hrtimeout for RT/DL tasks Greg Kroah-Hartman
` (337 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antonio Borneo, Marc Zyngier, Sasha Levin
From: Antonio Borneo <antonio.borneo@foss.st.com>
[ Upstream commit 95001b756467ecc9f5973eb5e74e97699d9bbdf1 ]
Function irq_chip::irq_request_resources() is reported as optional
in the declaration of struct irq_chip.
If the parent irq_chip does not implement it, we should ignore it
and return.
Don't return error if the functions is missing.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20220512160544.13561-1-antonio.borneo@foss.st.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/irq/chip.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
index 856f0297dc73..521121c2666c 100644
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -1484,7 +1484,8 @@ int irq_chip_request_resources_parent(struct irq_data *data)
if (data->chip->irq_request_resources)
return data->chip->irq_request_resources(data);
- return -ENOSYS;
+ /* no error on missing optional irq_chip::irq_request_resources */
+ return 0;
}
EXPORT_SYMBOL_GPL(irq_chip_request_resources_parent);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 057/389] wait: Fix __wait_event_hrtimeout for RT/DL tasks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 056/389] genirq: Dont return error on missing optional irq_request_resources() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 058/389] ARM: dts: imx6ul: add missing properties for sram Greg Kroah-Hartman
` (336 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bruno Goncalves, Juri Lelli,
Thomas Gleixner, Daniel Bristot de Oliveira, Valentin Schneider,
Sasha Levin
From: Juri Lelli <juri.lelli@redhat.com>
[ Upstream commit cceeeb6a6d02e7b9a74ddd27a3225013b34174aa ]
Changes to hrtimer mode (potentially made by __hrtimer_init_sleeper on
PREEMPT_RT) are not visible to hrtimer_start_range_ns, thus not
accounted for by hrtimer_start_expires call paths. In particular,
__wait_event_hrtimeout suffers from this problem as we have, for
example:
fs/aio.c::read_events
wait_event_interruptible_hrtimeout
__wait_event_hrtimeout
hrtimer_init_sleeper_on_stack <- this might "mode |= HRTIMER_MODE_HARD"
on RT if task runs at RT/DL priority
hrtimer_start_range_ns
WARN_ON_ONCE(!(mode & HRTIMER_MODE_HARD) ^ !timer->is_hard)
fires since the latter doesn't see the change of mode done by
init_sleeper
Fix it by making __wait_event_hrtimeout call hrtimer_sleeper_start_expires,
which is aware of the special RT/DL case, instead of hrtimer_start_range_ns.
Reported-by: Bruno Goncalves <bgoncalv@redhat.com>
Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Reviewed-by: Valentin Schneider <vschneid@redhat.com>
Link: https://lore.kernel.org/r/20220627095051.42470-1-juri.lelli@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/wait.h | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/linux/wait.h b/include/linux/wait.h
index 5903b1d17c92..7d04c1b588c7 100644
--- a/include/linux/wait.h
+++ b/include/linux/wait.h
@@ -529,10 +529,11 @@ do { \
\
hrtimer_init_sleeper_on_stack(&__t, CLOCK_MONOTONIC, \
HRTIMER_MODE_REL); \
- if ((timeout) != KTIME_MAX) \
- hrtimer_start_range_ns(&__t.timer, timeout, \
- current->timer_slack_ns, \
- HRTIMER_MODE_REL); \
+ if ((timeout) != KTIME_MAX) { \
+ hrtimer_set_expires_range_ns(&__t.timer, timeout, \
+ current->timer_slack_ns); \
+ hrtimer_sleeper_start_expires(&__t, HRTIMER_MODE_REL); \
+ } \
\
__ret = ___wait_event(wq_head, condition, state, 0, 0, \
if (!__t.task) { \
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 058/389] ARM: dts: imx6ul: add missing properties for sram
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 057/389] wait: Fix __wait_event_hrtimeout for RT/DL tasks Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 059/389] ARM: dts: imx6ul: change operating-points to uint32-matrix Greg Kroah-Hartman
` (335 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 5655699cf5cff9f4c4ee703792156bdd05d1addf ]
All 3 properties are required by sram.yaml. Fixes the dtbs_check
warning:
sram@900000: '#address-cells' is a required property
sram@900000: '#size-cells' is a required property
sram@900000: 'ranges' is a required property
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6ul.dtsi | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index f008036e9294..630643013bdc 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -157,6 +157,9 @@ soc {
ocram: sram@900000 {
compatible = "mmio-sram";
reg = <0x00900000 0x20000>;
+ ranges = <0 0x00900000 0x20000>;
+ #address-cells = <1>;
+ #size-cells = <1>;
};
intc: interrupt-controller@a01000 {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 059/389] ARM: dts: imx6ul: change operating-points to uint32-matrix
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 058/389] ARM: dts: imx6ul: add missing properties for sram Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 060/389] ARM: dts: imx6ul: fix csi node compatible Greg Kroah-Hartman
` (334 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit edb67843983bbdf61b4c8c3c50618003d38bb4ae ]
operating-points is a uint32-matrix as per opp-v1.yaml. Change it
accordingly. While at it, change fsl,soc-operating-points as well,
although there is no bindings file (yet). But they should have the same
format. Fixes the dt_binding_check warning:
cpu@0: operating-points:0: [696000, 1275000, 528000, 1175000, 396000,
1025000, 198000, 950000] is too long
cpu@0: operating-points:0: Additional items are not allowed (528000,
1175000, 396000, 1025000, 198000, 950000 were unexpected)
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6ul.dtsi | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index 630643013bdc..baf4a41a9aa9 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -62,20 +62,18 @@ cpu0: cpu@0 {
clock-frequency = <696000000>;
clock-latency = <61036>; /* two CLK32 periods */
#cooling-cells = <2>;
- operating-points = <
+ operating-points =
/* kHz uV */
- 696000 1275000
- 528000 1175000
- 396000 1025000
- 198000 950000
- >;
- fsl,soc-operating-points = <
+ <696000 1275000>,
+ <528000 1175000>,
+ <396000 1025000>,
+ <198000 950000>;
+ fsl,soc-operating-points =
/* KHz uV */
- 696000 1275000
- 528000 1175000
- 396000 1175000
- 198000 1175000
- >;
+ <696000 1275000>,
+ <528000 1175000>,
+ <396000 1175000>,
+ <198000 1175000>;
clocks = <&clks IMX6UL_CLK_ARM>,
<&clks IMX6UL_CLK_PLL2_BUS>,
<&clks IMX6UL_CLK_PLL2_PFD2>,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 060/389] ARM: dts: imx6ul: fix csi node compatible
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 059/389] ARM: dts: imx6ul: change operating-points to uint32-matrix Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 061/389] ARM: dts: imx6ul: fix lcdif " Greg Kroah-Hartman
` (333 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit e0aca931a2c7c29c88ebf37f9c3cd045e083483d ]
"fsl,imx6ul-csi" was never listed as compatible to "fsl,imx7-csi", neither
in yaml bindings, nor previous txt binding. Remove the imx7 part. Fixes
the dt schema check warning:
csi@21c4000: compatible: 'oneOf' conditional failed, one must be fixed:
['fsl,imx6ul-csi', 'fsl,imx7-csi'] is too long
Additional items are not allowed ('fsl,imx7-csi' was unexpected)
'fsl,imx8mm-csi' was expected
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6ul.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index baf4a41a9aa9..3fd02e10170a 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -967,7 +967,7 @@ cpu_speed_grade: speed-grade@10 {
};
csi: csi@21c4000 {
- compatible = "fsl,imx6ul-csi", "fsl,imx7-csi";
+ compatible = "fsl,imx6ul-csi";
reg = <0x021c4000 0x4000>;
interrupts = <GIC_SPI 7 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6UL_CLK_CSI>;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 061/389] ARM: dts: imx6ul: fix lcdif node compatible
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 060/389] ARM: dts: imx6ul: fix csi node compatible Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 062/389] ARM: dts: imx6ul: fix qspi " Greg Kroah-Hartman
` (332 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 1a884d17ca324531634cce82e9f64c0302bdf7de ]
In yaml binding "fsl,imx6ul-lcdif" is listed as compatible to imx6sx-lcdif,
but not imx28-lcdif. Change the list accordingly. Fixes the
dt_binding_check warning:
lcdif@21c8000: compatible: 'oneOf' conditional failed, one must be fixed:
['fsl,imx6ul-lcdif', 'fsl,imx28-lcdif'] is too long
Additional items are not allowed ('fsl,imx28-lcdif' was unexpected)
'fsl,imx6ul-lcdif' is not one of ['fsl,imx23-lcdif', 'fsl,imx28-lcdif',
'fsl,imx6sx-lcdif']
'fsl,imx6sx-lcdif' was expected
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6ul.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index 3fd02e10170a..58671c6e9f31 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -976,7 +976,7 @@ csi: csi@21c4000 {
};
lcdif: lcdif@21c8000 {
- compatible = "fsl,imx6ul-lcdif", "fsl,imx28-lcdif";
+ compatible = "fsl,imx6ul-lcdif", "fsl,imx6sx-lcdif";
reg = <0x021c8000 0x4000>;
interrupts = <GIC_SPI 5 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6UL_CLK_LCDIF_PIX>,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 062/389] ARM: dts: imx6ul: fix qspi node compatible
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 061/389] ARM: dts: imx6ul: fix lcdif " Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 063/389] spi: synquacer: Add missing clk_disable_unprepare() Greg Kroah-Hartman
` (331 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Stein, Shawn Guo, Sasha Levin
From: Alexander Stein <alexander.stein@ew.tq-group.com>
[ Upstream commit 0c6cf86e1ab433b2d421880fdd9c6e954f404948 ]
imx6ul is not compatible to imx6sx, both have different erratas.
Fixes the dt_binding_check warning:
spi@21e0000: compatible: 'oneOf' conditional failed, one must be fixed:
['fsl,imx6ul-qspi', 'fsl,imx6sx-qspi'] is too long
Additional items are not allowed ('fsl,imx6sx-qspi' was unexpected)
'fsl,imx6ul-qspi' is not one of ['fsl,ls1043a-qspi']
'fsl,imx6ul-qspi' is not one of ['fsl,imx8mq-qspi']
'fsl,ls1021a-qspi' was expected
'fsl,imx7d-qspi' was expected
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6ul.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index 58671c6e9f31..ae0722b93b9d 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -997,7 +997,7 @@ pxp: pxp@21cc000 {
qspi: spi@21e0000 {
#address-cells = <1>;
#size-cells = <0>;
- compatible = "fsl,imx6ul-qspi", "fsl,imx6sx-qspi";
+ compatible = "fsl,imx6ul-qspi";
reg = <0x021e0000 0x4000>, <0x60000000 0x10000000>;
reg-names = "QuadSPI", "QuadSPI-memory";
interrupts = <GIC_SPI 107 IRQ_TYPE_LEVEL_HIGH>;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 063/389] spi: synquacer: Add missing clk_disable_unprepare()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 062/389] ARM: dts: imx6ul: fix qspi " Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 064/389] ARM: OMAP2+: display: Fix refcount leak bug Greg Kroah-Hartman
` (330 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Guo Mengqi, Mark Brown,
Sasha Levin
From: Guo Mengqi <guomengqi3@huawei.com>
[ Upstream commit 917e43de2a56d9b82576f1cc94748261f1988458 ]
Add missing clk_disable_unprepare() in synquacer_spi_resume().
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Guo Mengqi <guomengqi3@huawei.com>
Link: https://lore.kernel.org/r/20220624005614.49434-1-guomengqi3@huawei.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-synquacer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/spi/spi-synquacer.c b/drivers/spi/spi-synquacer.c
index 785e7c445123..1e10af6e10a9 100644
--- a/drivers/spi/spi-synquacer.c
+++ b/drivers/spi/spi-synquacer.c
@@ -784,6 +784,7 @@ static int __maybe_unused synquacer_spi_resume(struct device *dev)
ret = synquacer_spi_enable(master);
if (ret) {
+ clk_disable_unprepare(sspi->clk);
dev_err(dev, "failed to enable spi (%d)\n", ret);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 064/389] ARM: OMAP2+: display: Fix refcount leak bug
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 063/389] spi: synquacer: Add missing clk_disable_unprepare() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 065/389] ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks Greg Kroah-Hartman
` (329 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Tony Lindgren, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 50b87a32a79bca6e275918a711fb8cc55e16d739 ]
In omapdss_init_fbdev(), of_find_node_by_name() will return a node
pointer with refcount incremented. We should use of_node_put() when
it is not used anymore.
Signed-off-by: Liang He <windhl@126.com>
Message-Id: <20220617145803.4050918-1-windhl@126.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-omap2/display.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-omap2/display.c b/arch/arm/mach-omap2/display.c
index 1bd64f6ba8cf..d3b531d5d920 100644
--- a/arch/arm/mach-omap2/display.c
+++ b/arch/arm/mach-omap2/display.c
@@ -211,6 +211,7 @@ static int __init omapdss_init_fbdev(void)
node = of_find_node_by_name(NULL, "omap4_padconf_global");
if (node)
omap4_dsi_mux_syscon = syscon_node_to_regmap(node);
+ of_node_put(node);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 065/389] ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 064/389] ARM: OMAP2+: display: Fix refcount leak bug Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 066/389] ACPI: PM: save NVS memory for Lenovo G40-45 Greg Kroah-Hartman
` (328 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 0dd6db359e5f206cbf1dd1fd40dd211588cd2725 ]
Somehow the "ThinkPad X1 Carbon 6th" entry ended up twice in the
struct dmi_system_id acpi_ec_no_wakeup[] array. Remove one of
the entries.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/ec.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
index e5b92958c299..defc5796b508 100644
--- a/drivers/acpi/ec.c
+++ b/drivers/acpi/ec.c
@@ -2118,13 +2118,6 @@ static const struct dmi_system_id acpi_ec_no_wakeup[] = {
DMI_MATCH(DMI_PRODUCT_FAMILY, "Thinkpad X1 Carbon 6th"),
},
},
- {
- .ident = "ThinkPad X1 Carbon 6th",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
- DMI_MATCH(DMI_PRODUCT_FAMILY, "ThinkPad X1 Carbon 6th"),
- },
- },
{
.ident = "ThinkPad X1 Yoga 3rd",
.matches = {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 066/389] ACPI: PM: save NVS memory for Lenovo G40-45
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 065/389] ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 067/389] ACPI: LPSS: Fix missing check in register_device_clock() Greg Kroah-Hartman
` (327 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manyi Li, Rafael J. Wysocki, Sasha Levin
From: Manyi Li <limanyi@uniontech.com>
[ Upstream commit 4b7ef7b05afcde44142225c184bf43a0cd9e2178 ]
[821d6f0359b0614792ab8e2fb93b503e25a65079] is to make machines
produced from 2012 to now not saving NVS region to accelerate S3.
But, Lenovo G40-45, a platform released in 2015, still needs NVS memory
saving during S3. A quirk is introduced for this platform.
Signed-off-by: Manyi Li <limanyi@uniontech.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/sleep.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 34966128293b..b9d203569ac1 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -361,6 +361,14 @@ static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
DMI_MATCH(DMI_PRODUCT_NAME, "80E3"),
},
},
+ {
+ .callback = init_nvs_save_s3,
+ .ident = "Lenovo G40-45",
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "80E1"),
+ },
+ },
/*
* ThinkPad X1 Tablet(2016) cannot do suspend-to-idle using
* the Low Power S0 Idle firmware interface (see
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 067/389] ACPI: LPSS: Fix missing check in register_device_clock()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 066/389] ACPI: PM: save NVS memory for Lenovo G40-45 Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 068/389] arm64: dts: qcom: ipq8074: fix NAND node name Greg Kroah-Hartman
` (326 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, huhai, Rafael J. Wysocki, Sasha Levin
From: huhai <huhai@kylinos.cn>
[ Upstream commit b4f1f61ed5928b1128e60e38d0dffa16966f06dc ]
register_device_clock() misses a check for platform_device_register_simple().
Add a check to fix it.
Signed-off-by: huhai <huhai@kylinos.cn>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/acpi_lpss.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c
index 751ed38f2a10..b939a6736d0b 100644
--- a/drivers/acpi/acpi_lpss.c
+++ b/drivers/acpi/acpi_lpss.c
@@ -401,6 +401,9 @@ static int register_device_clock(struct acpi_device *adev,
if (!lpss_clk_dev)
lpt_register_clock_device();
+ if (IS_ERR(lpss_clk_dev))
+ return PTR_ERR(lpss_clk_dev);
+
clk_data = platform_get_drvdata(lpss_clk_dev);
if (!clk_data)
return -ENODEV;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 068/389] arm64: dts: qcom: ipq8074: fix NAND node name
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 067/389] ACPI: LPSS: Fix missing check in register_device_clock() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 069/389] arm64: dts: allwinner: a64: orangepi-win: Fix LED " Greg Kroah-Hartman
` (325 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Marko, Krzysztof Kozlowski,
Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit b39961659ffc3c3a9e3d0d43b0476547b5f35d49 ]
Per schema it should be nand-controller@79b0000 instead of nand@79b0000.
Fix it to match nand-controller.yaml requirements.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220621120642.518575-1-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
index 7822592664ff..1e9fa049c550 100644
--- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi
+++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi
@@ -253,7 +253,7 @@ qpic_bam: dma@7984000 {
status = "disabled";
};
- qpic_nand: nand@79b0000 {
+ qpic_nand: nand-controller@79b0000 {
compatible = "qcom,ipq8074-nand";
reg = <0x79b0000 0x10000>;
#address-cells = <1>;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 069/389] arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 068/389] arm64: dts: qcom: ipq8074: fix NAND node name Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 070/389] ARM: shmobile: rcar-gen2: Increase refcount for new reference Greg Kroah-Hartman
` (324 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Holland, Jernej Skrabec, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit b8eb2df19fbf97aa1e950cf491232c2e3bef8357 ]
"status" does not match any pattern in the gpio-leds binding. Rename the
node to the preferred pattern. This fixes a `make dtbs_check` error.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Link: https://lore.kernel.org/r/20220702132816.46456-1-samuel@sholland.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/allwinner/sun50i-a64-orangepi-win.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-orangepi-win.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-orangepi-win.dts
index a0db02504b69..963a7c505e30 100644
--- a/arch/arm64/boot/dts/allwinner/sun50i-a64-orangepi-win.dts
+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-orangepi-win.dts
@@ -78,7 +78,7 @@ hdmi_con_in: endpoint {
leds {
compatible = "gpio-leds";
- status {
+ led-0 {
label = "orangepi:green:status";
gpios = <&pio 7 11 GPIO_ACTIVE_HIGH>; /* PH11 */
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 070/389] ARM: shmobile: rcar-gen2: Increase refcount for new reference
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 069/389] arm64: dts: allwinner: a64: orangepi-win: Fix LED " Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 071/389] PM: hibernate: defer device probing when resuming from hibernation Greg Kroah-Hartman
` (323 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Geert Uytterhoeven, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 75a185fb92e58ccd3670258d8d3b826bd2fa6d29 ]
In rcar_gen2_regulator_quirk(), for_each_matching_node_and_match() will
automatically increase and decrease the refcount. However, we should
call of_node_get() for the new reference created in 'quirk->np'.
Besides, we also should call of_node_put() before the 'quirk' being
freed.
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220701121804.234223-1-windhl@126.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c b/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
index 09ef73b99dd8..ba44cec5e59a 100644
--- a/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
+++ b/arch/arm/mach-shmobile/regulator-quirk-rcar-gen2.c
@@ -125,6 +125,7 @@ static int regulator_quirk_notify(struct notifier_block *nb,
list_for_each_entry_safe(pos, tmp, &quirk_list, list) {
list_del(&pos->list);
+ of_node_put(pos->np);
kfree(pos);
}
@@ -174,11 +175,12 @@ static int __init rcar_gen2_regulator_quirk(void)
memcpy(&quirk->i2c_msg, id->data, sizeof(quirk->i2c_msg));
quirk->id = id;
- quirk->np = np;
+ quirk->np = of_node_get(np);
quirk->i2c_msg.addr = addr;
ret = of_irq_parse_one(np, 0, argsa);
if (ret) { /* Skip invalid entry and continue */
+ of_node_put(np);
kfree(quirk);
continue;
}
@@ -225,6 +227,7 @@ static int __init rcar_gen2_regulator_quirk(void)
err_mem:
list_for_each_entry_safe(pos, tmp, &quirk_list, list) {
list_del(&pos->list);
+ of_node_put(pos->np);
kfree(pos);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 071/389] PM: hibernate: defer device probing when resuming from hibernation
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 070/389] ARM: shmobile: rcar-gen2: Increase refcount for new reference Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 072/389] selinux: Add boundary check in put_entry() Greg Kroah-Hartman
` (322 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Tetsuo Handa,
Rafael J. Wysocki, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 8386c414e27caba8501119948e9551e52b527f59 ]
syzbot is reporting hung task at misc_open() [1], for there is a race
window of AB-BA deadlock which involves probe_count variable. Currently
wait_for_device_probe() from snapshot_open() from misc_open() can sleep
forever with misc_mtx held if probe_count cannot become 0.
When a device is probed by hub_event() work function, probe_count is
incremented before the probe function starts, and probe_count is
decremented after the probe function completed.
There are three cases that can prevent probe_count from dropping to 0.
(a) A device being probed stopped responding (i.e. broken/malicious
hardware).
(b) A process emulating a USB device using /dev/raw-gadget interface
stopped responding for some reason.
(c) New device probe requests keeps coming in before existing device
probe requests complete.
The phenomenon syzbot is reporting is (b). A process which is holding
system_transition_mutex and misc_mtx is waiting for probe_count to become
0 inside wait_for_device_probe(), but the probe function which is called
from hub_event() work function is waiting for the processes which are
blocked at mutex_lock(&misc_mtx) to respond via /dev/raw-gadget interface.
This patch mitigates (b) by deferring wait_for_device_probe() from
snapshot_open() to snapshot_write() and snapshot_ioctl(). Please note that
the possibility of (b) remains as long as any thread which is emulating a
USB device via /dev/raw-gadget interface can be blocked by uninterruptible
blocking operations (e.g. mutex_lock()).
Please also note that (a) and (c) are not addressed. Regarding (c), we
should change the code to wait for only one device which contains the
image for resuming from hibernation. I don't know how to address (a), for
use of timeout for wait_for_device_probe() might result in loss of user
data in the image. Maybe we should require the userland to wait for the
image device before opening /dev/snapshot interface.
Link: https://syzkaller.appspot.com/bug?extid=358c9ab4c93da7b7238c [1]
Reported-by: syzbot <syzbot+358c9ab4c93da7b7238c@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+358c9ab4c93da7b7238c@syzkaller.appspotmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/power/user.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/kernel/power/user.c b/kernel/power/user.c
index 77438954cc2b..672d4e28fa8a 100644
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -26,6 +26,7 @@
#include "power.h"
+static bool need_wait;
#define SNAPSHOT_MINOR 231
@@ -79,7 +80,7 @@ static int snapshot_open(struct inode *inode, struct file *filp)
* Resuming. We may need to wait for the image device to
* appear.
*/
- wait_for_device_probe();
+ need_wait = true;
data->swap = -1;
data->mode = O_WRONLY;
@@ -171,6 +172,11 @@ static ssize_t snapshot_write(struct file *filp, const char __user *buf,
ssize_t res;
loff_t pg_offp = *offp & ~PAGE_MASK;
+ if (need_wait) {
+ wait_for_device_probe();
+ need_wait = false;
+ }
+
lock_system_sleep();
data = filp->private_data;
@@ -206,6 +212,11 @@ static long snapshot_ioctl(struct file *filp, unsigned int cmd,
loff_t size;
sector_t offset;
+ if (need_wait) {
+ wait_for_device_probe();
+ need_wait = false;
+ }
+
if (_IOC_TYPE(cmd) != SNAPSHOT_IOC_MAGIC)
return -ENOTTY;
if (_IOC_NR(cmd) > SNAPSHOT_IOC_MAXNR)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 072/389] selinux: Add boundary check in put_entry()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 071/389] PM: hibernate: defer device probing when resuming from hibernation Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 073/389] spi: spi-rspi: Fix PIO fallback on RZ platforms Greg Kroah-Hartman
` (321 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiu Jianfeng, Paul Moore, Sasha Levin
From: Xiu Jianfeng <xiujianfeng@huawei.com>
[ Upstream commit 15ec76fb29be31df2bccb30fc09875274cba2776 ]
Just like next_entry(), boundary check is necessary to prevent memory
out-of-bound access.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/selinux/ss/policydb.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 162d0e79b85b..b18bc405f820 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -356,6 +356,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
{
size_t len = bytes * num;
+ if (len > fp->len)
+ return -EINVAL;
memcpy(fp->data, buf, len);
fp->data += len;
fp->len -= len;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 073/389] spi: spi-rspi: Fix PIO fallback on RZ platforms
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 072/389] selinux: Add boundary check in put_entry() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 074/389] ARM: findbit: fix overflowing offset Greg Kroah-Hartman
` (320 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven,
Mark Brown, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit b620aa3a7be346f04ae7789b165937615c6ee8d3 ]
RSPI IP on RZ/{A, G2L} SoC's has the same signal for both interrupt
and DMA transfer request. Setting DMARS register for DMA transfer
makes the signal to work as a DMA transfer request signal and
subsequent interrupt requests to the interrupt controller
are masked.
PIO fallback does not work as interrupt signal is disabled.
This patch fixes this issue by re-enabling the interrupts by
calling dmaengine_synchronize().
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20220721143449.879257-1-biju.das.jz@bp.renesas.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-rspi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/spi/spi-rspi.c b/drivers/spi/spi-rspi.c
index 0524741d73b9..8ae2ac40b4b2 100644
--- a/drivers/spi/spi-rspi.c
+++ b/drivers/spi/spi-rspi.c
@@ -595,6 +595,10 @@ static int rspi_dma_transfer(struct rspi_data *rspi, struct sg_table *tx,
rspi->dma_callbacked, HZ);
if (ret > 0 && rspi->dma_callbacked) {
ret = 0;
+ if (tx)
+ dmaengine_synchronize(rspi->ctlr->dma_tx);
+ if (rx)
+ dmaengine_synchronize(rspi->ctlr->dma_rx);
} else {
if (!ret) {
dev_err(&rspi->ctlr->dev, "DMA timeout\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 074/389] ARM: findbit: fix overflowing offset
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 073/389] spi: spi-rspi: Fix PIO fallback on RZ platforms Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 075/389] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init Greg Kroah-Hartman
` (319 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Russell King (Oracle),
Sasha Levin
From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
[ Upstream commit ec85bd369fd2bfaed6f45dd678706429d4f75b48 ]
When offset is larger than the size of the bit array, we should not
attempt to access the array as we can perform an access beyond the
end of the array. Fix this by changing the pre-condition.
Using "cmp r2, r1; bhs ..." covers us for the size == 0 case, since
this will always take the branch when r1 is zero, irrespective of
the value of r2. This means we can fix this bug without adding any
additional code!
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/lib/findbit.S | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/arm/lib/findbit.S b/arch/arm/lib/findbit.S
index b5e8b9ae4c7d..7fd3600db8ef 100644
--- a/arch/arm/lib/findbit.S
+++ b/arch/arm/lib/findbit.S
@@ -40,8 +40,8 @@ ENDPROC(_find_first_zero_bit_le)
* Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)
*/
ENTRY(_find_next_zero_bit_le)
- teq r1, #0
- beq 3b
+ cmp r2, r1
+ bhs 3b
ands ip, r2, #7
beq 1b @ If new byte, goto old routine
ARM( ldrb r3, [r0, r2, lsr #3] )
@@ -81,8 +81,8 @@ ENDPROC(_find_first_bit_le)
* Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)
*/
ENTRY(_find_next_bit_le)
- teq r1, #0
- beq 3b
+ cmp r2, r1
+ bhs 3b
ands ip, r2, #7
beq 1b @ If new byte, goto old routine
ARM( ldrb r3, [r0, r2, lsr #3] )
@@ -115,8 +115,8 @@ ENTRY(_find_first_zero_bit_be)
ENDPROC(_find_first_zero_bit_be)
ENTRY(_find_next_zero_bit_be)
- teq r1, #0
- beq 3b
+ cmp r2, r1
+ bhs 3b
ands ip, r2, #7
beq 1b @ If new byte, goto old routine
eor r3, r2, #0x18 @ big endian byte ordering
@@ -149,8 +149,8 @@ ENTRY(_find_first_bit_be)
ENDPROC(_find_first_bit_be)
ENTRY(_find_next_bit_be)
- teq r1, #0
- beq 3b
+ cmp r2, r1
+ bhs 3b
ands ip, r2, #7
beq 1b @ If new byte, goto old routine
eor r3, r2, #0x18 @ big endian byte ordering
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 075/389] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 074/389] ARM: findbit: fix overflowing offset Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 076/389] ARM: bcm: Fix refcount leak in bcm_kona_smc_init Greg Kroah-Hartman
` (318 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Martin Blumenstingl,
Neil Armstrong, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit a2106f38077e78afcb4bf98fdda3e162118cfb3d ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 5e68c0fc8df8 ("soc: amlogic: Add Meson6/Meson8/Meson8b/Meson8m2 SoC Information driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20220524065729.33689-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/amlogic/meson-mx-socinfo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/amlogic/meson-mx-socinfo.c b/drivers/soc/amlogic/meson-mx-socinfo.c
index 78f0f1aeca57..92125dd65f33 100644
--- a/drivers/soc/amlogic/meson-mx-socinfo.c
+++ b/drivers/soc/amlogic/meson-mx-socinfo.c
@@ -126,6 +126,7 @@ static int __init meson_mx_socinfo_init(void)
np = of_find_matching_node(NULL, meson_mx_socinfo_analog_top_ids);
if (np) {
analog_top_regmap = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(analog_top_regmap))
return PTR_ERR(analog_top_regmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 076/389] ARM: bcm: Fix refcount leak in bcm_kona_smc_init
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 075/389] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 077/389] x86/pmem: Fix platform-device leak in error path Greg Kroah-Hartman
` (317 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Florian Fainelli, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit cb23389a2458c2e4bfd6c86a513cbbe1c4d35e76 ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: b8eb35fd594a ("ARM: bcm281xx: Add L2 cache enable code")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-bcm/bcm_kona_smc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-bcm/bcm_kona_smc.c b/arch/arm/mach-bcm/bcm_kona_smc.c
index 541e850a736c..9175c130967e 100644
--- a/arch/arm/mach-bcm/bcm_kona_smc.c
+++ b/arch/arm/mach-bcm/bcm_kona_smc.c
@@ -54,6 +54,7 @@ int __init bcm_kona_smc_init(void)
return -ENODEV;
prop_val = of_get_address(node, 0, &prop_size, NULL);
+ of_node_put(node);
if (!prop_val)
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 077/389] x86/pmem: Fix platform-device leak in error path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 076/389] ARM: bcm: Fix refcount leak in bcm_kona_smc_init Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 078/389] ARM: dts: ast2500-evb: fix board compatible Greg Kroah-Hartman
` (316 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Johan Hovold, Borislav Petkov, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit 229e73d46994f15314f58b2d39bf952111d89193 ]
Make sure to free the platform device in the unlikely event that
registration fails.
Fixes: 7a67832c7e44 ("libnvdimm, e820: make CONFIG_X86_PMEM_LEGACY a tristate option")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lore.kernel.org/r/20220620140723.9810-1-johan@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/pmem.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/pmem.c b/arch/x86/kernel/pmem.c
index 6b07faaa1579..23154d24b117 100644
--- a/arch/x86/kernel/pmem.c
+++ b/arch/x86/kernel/pmem.c
@@ -27,6 +27,11 @@ static __init int register_e820_pmem(void)
* simply here to trigger the module to load on demand.
*/
pdev = platform_device_alloc("e820_pmem", -1);
- return platform_device_add(pdev);
+
+ rc = platform_device_add(pdev);
+ if (rc)
+ platform_device_put(pdev);
+
+ return rc;
}
device_initcall(register_e820_pmem);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 078/389] ARM: dts: ast2500-evb: fix board compatible
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 077/389] x86/pmem: Fix platform-device leak in error path Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 079/389] ARM: dts: ast2600-evb: " Greg Kroah-Hartman
` (315 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 30b276fca5c0644f3cb17bceb1bd6a626c670184 ]
The AST2500 EVB board should have dedicated compatible.
Fixes: 02440622656d ("arm/dst: Add Aspeed ast2500 device tree")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220529104928.79636-4-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/aspeed-ast2500-evb.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/aspeed-ast2500-evb.dts b/arch/arm/boot/dts/aspeed-ast2500-evb.dts
index c9d88c90135e..9db4d42d0deb 100644
--- a/arch/arm/boot/dts/aspeed-ast2500-evb.dts
+++ b/arch/arm/boot/dts/aspeed-ast2500-evb.dts
@@ -5,7 +5,7 @@
/ {
model = "AST2500 EVB";
- compatible = "aspeed,ast2500";
+ compatible = "aspeed,ast2500-evb", "aspeed,ast2500";
aliases {
serial4 = &uart5;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 079/389] ARM: dts: ast2600-evb: fix board compatible
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 078/389] ARM: dts: ast2500-evb: fix board compatible Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 080/389] soc: fsl: guts: machine variable might be unset Greg Kroah-Hartman
` (314 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit aa5e06208500a0db41473caebdee5a2e81d5a277 ]
The AST2600 EVB board should have dedicated compatible.
Fixes: 2ca5646b5c2f ("ARM: dts: aspeed: Add AST2600 and EVB")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220529104928.79636-5-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/aspeed-ast2600-evb.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/aspeed-ast2600-evb.dts b/arch/arm/boot/dts/aspeed-ast2600-evb.dts
index 9870553919b7..f00b19ad4fa6 100644
--- a/arch/arm/boot/dts/aspeed-ast2600-evb.dts
+++ b/arch/arm/boot/dts/aspeed-ast2600-evb.dts
@@ -7,7 +7,7 @@
/ {
model = "AST2600 EVB";
- compatible = "aspeed,ast2600";
+ compatible = "aspeed,ast2600-evb-a1", "aspeed,ast2600";
aliases {
serial4 = &uart5;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 080/389] soc: fsl: guts: machine variable might be unset
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 079/389] ARM: dts: ast2600-evb: " Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 081/389] ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg Greg Kroah-Hartman
` (313 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Arnd Bergmann,
Shawn Guo, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit ab3f045774f704c4e7b6a878102f4e9d4ae7bc74 ]
If both the model and the compatible properties are missing, then
machine will not be set. Initialize it with NULL.
Fixes: 34c1c21e94ac ("soc: fsl: fix section mismatch build warnings")
Signed-off-by: Michael Walle <michael@walle.cc>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/fsl/guts.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/fsl/guts.c b/drivers/soc/fsl/guts.c
index 34810f9bb2ee..2b7fb7a8805c 100644
--- a/drivers/soc/fsl/guts.c
+++ b/drivers/soc/fsl/guts.c
@@ -142,7 +142,7 @@ static int fsl_guts_probe(struct platform_device *pdev)
struct device *dev = &pdev->dev;
struct resource *res;
const struct fsl_soc_die_attr *soc_die;
- const char *machine;
+ const char *machine = NULL;
u32 svr;
/* Initialize guts */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 081/389] ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 080/389] soc: fsl: guts: machine variable might be unset Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 082/389] ARM: OMAP2+: Fix refcount leak in omapdss_init_of Greg Kroah-Hartman
` (312 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit dc590cdc31f636ea15658f1206c3e380a53fb78e ]
'reg' property is required in SSBI children:
qcom-mdm9615-wp8548-mangoh-green.dtb: gpio@150: 'reg' is a required property
Fixes: 2c5e596524e7 ("ARM: dts: Add MDM9615 dtsi")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220507194913.261121-11-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-mdm9615.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/boot/dts/qcom-mdm9615.dtsi b/arch/arm/boot/dts/qcom-mdm9615.dtsi
index 356e9535f7a6..ffb4dcdb62d2 100644
--- a/arch/arm/boot/dts/qcom-mdm9615.dtsi
+++ b/arch/arm/boot/dts/qcom-mdm9615.dtsi
@@ -323,6 +323,7 @@ rtc@11d {
pmicgpio: gpio@150 {
compatible = "qcom,pm8018-gpio", "qcom,ssbi-gpio";
+ reg = <0x150>;
interrupt-controller;
#interrupt-cells = <2>;
gpio-controller;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 082/389] ARM: OMAP2+: Fix refcount leak in omapdss_init_of
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 081/389] ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 083/389] ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init Greg Kroah-Hartman
` (311 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Laurent Pinchart,
Tony Lindgren, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9705db1eff38d6b9114121f9e253746199b759c9 ]
omapdss_find_dss_of_node() calls of_find_compatible_node() to get device
node. of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() in later error path and normal path.
Fixes: e0c827aca0730 ("drm/omap: Populate DSS children in omapdss driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Message-Id: <20220601044858.3352-1-linmq006@gmail.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-omap2/display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/mach-omap2/display.c b/arch/arm/mach-omap2/display.c
index d3b531d5d920..1de25166414e 100644
--- a/arch/arm/mach-omap2/display.c
+++ b/arch/arm/mach-omap2/display.c
@@ -260,11 +260,13 @@ static int __init omapdss_init_of(void)
if (!pdev) {
pr_err("Unable to find DSS platform device\n");
+ of_node_put(node);
return -ENODEV;
}
r = of_platform_populate(node, NULL, NULL, &pdev->dev);
put_device(&pdev->dev);
+ of_node_put(node);
if (r) {
pr_err("Unable to populate DSS submodule devices\n");
return r;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 083/389] ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 082/389] ARM: OMAP2+: Fix refcount leak in omapdss_init_of Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 084/389] cpufreq: zynq: Fix refcount leak in zynq_get_revision Greg Kroah-Hartman
` (310 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Tony Lindgren, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 942228fbf5d4901112178b93d41225be7c0dd9de ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 1e037794f7f0 ("ARM: OMAP3+: PRM: register interrupt information from DT")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Message-Id: <20220526073724.21169-1-linmq006@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-omap2/prm3xxx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-omap2/prm3xxx.c b/arch/arm/mach-omap2/prm3xxx.c
index 1b442b128569..63e73e9b82bc 100644
--- a/arch/arm/mach-omap2/prm3xxx.c
+++ b/arch/arm/mach-omap2/prm3xxx.c
@@ -708,6 +708,7 @@ static int omap3xxx_prm_late_init(void)
}
irq_num = of_irq_get(np, 0);
+ of_node_put(np);
if (irq_num == -EPROBE_DEFER)
return irq_num;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 084/389] cpufreq: zynq: Fix refcount leak in zynq_get_revision
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 083/389] ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 085/389] soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register Greg Kroah-Hartman
` (309 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Michal Simek, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit d1ff2559cef0f6f8d97fba6337b28adb10689e16 ]
of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 00f7dc636366 ("ARM: zynq: Add support for SOC_BUS")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220605082807.21526-1-linmq006@gmail.com
Signed-off-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-zynq/common.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/mach-zynq/common.c b/arch/arm/mach-zynq/common.c
index 3a4248fd7962..25530ddae1fa 100644
--- a/arch/arm/mach-zynq/common.c
+++ b/arch/arm/mach-zynq/common.c
@@ -77,6 +77,7 @@ static int __init zynq_get_revision(void)
}
zynq_devcfg_base = of_iomap(np, 0);
+ of_node_put(np);
if (!zynq_devcfg_base) {
pr_err("%s: Unable to map I/O memory\n", __func__);
return -1;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 085/389] soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 084/389] cpufreq: zynq: Fix refcount leak in zynq_get_revision Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 086/389] ARM: dts: qcom: pm8841: add required thermal-sensor-cells Greg Kroah-Hartman
` (308 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit e6e0951414a314e7db3e9e24fd924b3e15515288 ]
Every iteration of for_each_available_child_of_node() decrements
the reference count of the previous node.
When breaking early from a for_each_available_child_of_node() loop,
we need to explicitly call of_node_put() on the child node.
Add missing of_node_put() to avoid refcount leak.
Fixes: 05589b30b21a ("soc: qcom: Extend AOSS QMP driver to support resources that are used to wake up the SoC.")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220606064252.42595-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/qcom/qcom_aoss.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/qcom_aoss.c b/drivers/soc/qcom/qcom_aoss.c
index f16d6ec78064..bca98df55bc6 100644
--- a/drivers/soc/qcom/qcom_aoss.c
+++ b/drivers/soc/qcom/qcom_aoss.c
@@ -489,8 +489,10 @@ static int qmp_cooling_devices_register(struct qmp *qmp)
continue;
ret = qmp_cooling_device_add(qmp, &qmp->cooling_devs[count++],
child);
- if (ret)
+ if (ret) {
+ of_node_put(child);
goto unroll;
+ }
}
if (!count)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 086/389] ARM: dts: qcom: pm8841: add required thermal-sensor-cells
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 085/389] soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 087/389] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() Greg Kroah-Hartman
` (307 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit e2759fa0676c9a32bbddb9aff955b54bb35066ad ]
The PM8841 temperature sensor has to define thermal-sensor-cells.
Fixes: dab8134ca072 ("ARM: dts: qcom: Add PM8841 functions device nodes")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220608112702.80873-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/qcom-pm8841.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/boot/dts/qcom-pm8841.dtsi b/arch/arm/boot/dts/qcom-pm8841.dtsi
index 2fd59c440903..c73e5b149ac5 100644
--- a/arch/arm/boot/dts/qcom-pm8841.dtsi
+++ b/arch/arm/boot/dts/qcom-pm8841.dtsi
@@ -25,6 +25,7 @@ temp-alarm@2400 {
compatible = "qcom,spmi-temp-alarm";
reg = <0x2400>;
interrupts = <4 0x24 0 IRQ_TYPE_EDGE_RISING>;
+ #thermal-sensor-cells = <0>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 087/389] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 086/389] ARM: dts: qcom: pm8841: add required thermal-sensor-cells Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 088/389] arm64: dts: mt7622: fix BPI-R64 WPS button Greg Kroah-Hartman
` (306 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Yang Yingliang,
John Garry, Rafael J. Wysocki, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 54872fea6a5ac967ec2272aea525d1438ac6735a ]
In error case in hisi_lpc_acpi_probe() after calling platform_device_add(),
hisi_lpc_acpi_remove() can't release the failed 'pdev', so it will be leak,
call platform_device_put() to fix this problem.
I'v constructed this error case and tested this patch on D05 board.
Fixes: 99c0228d6ff1 ("HISI LPC: Re-Add ACPI child enumeration support")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: John Garry <john.garry@huawei.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/hisi_lpc.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/bus/hisi_lpc.c b/drivers/bus/hisi_lpc.c
index 2e9252d37a18..0922cbe8900b 100644
--- a/drivers/bus/hisi_lpc.c
+++ b/drivers/bus/hisi_lpc.c
@@ -504,13 +504,13 @@ static int hisi_lpc_acpi_probe(struct device *hostdev)
{
struct acpi_device *adev = ACPI_COMPANION(hostdev);
struct acpi_device *child;
+ struct platform_device *pdev;
int ret;
/* Only consider the children of the host */
list_for_each_entry(child, &adev->children, node) {
const char *hid = acpi_device_hid(child);
const struct hisi_lpc_acpi_cell *cell;
- struct platform_device *pdev;
const struct resource *res;
bool found = false;
int num_res;
@@ -572,22 +572,24 @@ static int hisi_lpc_acpi_probe(struct device *hostdev)
ret = platform_device_add_resources(pdev, res, num_res);
if (ret)
- goto fail;
+ goto fail_put_device;
ret = platform_device_add_data(pdev, cell->pdata,
cell->pdata_size);
if (ret)
- goto fail;
+ goto fail_put_device;
ret = platform_device_add(pdev);
if (ret)
- goto fail;
+ goto fail_put_device;
acpi_device_set_enumerated(child);
}
return 0;
+fail_put_device:
+ platform_device_put(pdev);
fail:
hisi_lpc_acpi_remove(hostdev);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 088/389] arm64: dts: mt7622: fix BPI-R64 WPS button
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 087/389] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 089/389] erofs: avoid consecutive detection for Highmem memory Greg Kroah-Hartman
` (305 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, INAGAKI Hiroshi, Nick Hainke,
Matthias Brugger, Sasha Levin
From: Nick Hainke <vincent@systemli.org>
[ Upstream commit c98e6e683632386a3bd284acda4342e68aec4c41 ]
The bananapi R64 (BPI-R64) experiences wrong WPS button signals.
In OpenWrt pushing the WPS button while powering on the device will set
it to recovery mode. Currently, this also happens without any user
interaction. In particular, the wrong signals appear while booting the
device or restarting it, e.g. after doing a system upgrade. If the
device is in recovery mode the user needs to manually power cycle or
restart it.
The official BPI-R64 sources set the WPS button to GPIO_ACTIVE_LOW in
the device tree. This setting seems to suppress the unwanted WPS button
press signals. So this commit changes the button from GPIO_ACTIVE_HIGH to
GPIO_ACTIVE_LOW.
The official BPI-R64 sources can be found on
https://github.com/BPI-SINOVOIP/BPI-R64-openwrt
Fixes: 0b6286dd96c0 ("arm64: dts: mt7622: add bananapi BPI-R64 board")
Suggested-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Link: https://lore.kernel.org/r/20220630111746.4098-1-vincent@systemli.org
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts b/arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts
index 83e10591e0e5..81215cc3759a 100644
--- a/arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts
+++ b/arch/arm64/boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts
@@ -49,7 +49,7 @@ factory {
wps {
label = "wps";
linux,code = <KEY_WPS_BUTTON>;
- gpios = <&pio 102 GPIO_ACTIVE_HIGH>;
+ gpios = <&pio 102 GPIO_ACTIVE_LOW>;
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 089/389] erofs: avoid consecutive detection for Highmem memory
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 088/389] arm64: dts: mt7622: fix BPI-R64 WPS button Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 090/389] blk-mq: dont create hctx debugfs dir until q->debugfs_dir is created Greg Kroah-Hartman
` (304 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Jinbao, Gao Xiang, Sasha Levin
From: Gao Xiang <hsiangkao@linux.alibaba.com>
[ Upstream commit 448b5a1548d87c246c3d0c3df8480d3c6eb6c11a ]
Currently, vmap()s are avoided if physical addresses are
consecutive for decompressed buffers.
I observed that is very common for 4KiB pclusters since the
numbers of decompressed pages are almost 2 or 3.
However, such detection doesn't work for Highmem pages on
32-bit machines, let's fix it now.
Reported-by: Liu Jinbao <liujinbao1@xiaomi.com>
Fixes: 7fc45dbc938a ("staging: erofs: introduce generic decompression backend")
Link: https://lore.kernel.org/r/20220708101001.21242-1-hsiangkao@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/decompressor.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/fs/erofs/decompressor.c b/fs/erofs/decompressor.c
index 23b74b8e8f96..38eeec5e3032 100644
--- a/fs/erofs/decompressor.c
+++ b/fs/erofs/decompressor.c
@@ -56,14 +56,18 @@ static int z_erofs_lz4_prepare_destpages(struct z_erofs_decompress_req *rq,
if (page) {
__clear_bit(j, bounced);
- if (kaddr) {
- if (kaddr + PAGE_SIZE == page_address(page))
+ if (!PageHighMem(page)) {
+ if (!i) {
+ kaddr = page_address(page);
+ continue;
+ }
+ if (kaddr &&
+ kaddr + PAGE_SIZE == page_address(page)) {
kaddr += PAGE_SIZE;
- else
- kaddr = NULL;
- } else if (!i) {
- kaddr = page_address(page);
+ continue;
+ }
}
+ kaddr = NULL;
continue;
}
kaddr = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 090/389] blk-mq: dont create hctx debugfs dir until q->debugfs_dir is created
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 089/389] erofs: avoid consecutive detection for Highmem memory Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 091/389] regulator: of: Fix refcount leak bug in of_get_regulation_constraints() Greg Kroah-Hartman
` (303 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Zhang, Ming Lei,
Christoph Hellwig, Jens Axboe, Sasha Levin
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit f3ec5d11554778c24ac8915e847223ed71d104fc ]
blk_mq_debugfs_register_hctx() can be called by blk_mq_update_nr_hw_queues
when gendisk isn't added yet, such as nvme tcp.
Fixes the warning of 'debugfs: Directory 'hctx0' with parent '/' already present!'
which can be observed reliably when running blktests nvme/005.
Fixes: 6cfc0081b046 ("blk-mq: no need to check return value of debugfs_create functions")
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Tested-by: Yi Zhang <yi.zhang@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220711090808.259682-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq-debugfs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c
index 121f4c1e0697..772a6c6b1634 100644
--- a/block/blk-mq-debugfs.c
+++ b/block/blk-mq-debugfs.c
@@ -883,6 +883,9 @@ void blk_mq_debugfs_register_hctx(struct request_queue *q,
char name[20];
int i;
+ if (!q->debugfs_dir)
+ return;
+
snprintf(name, sizeof(name), "hctx%u", hctx->queue_num);
hctx->debugfs_dir = debugfs_create_dir(name, q->debugfs_dir);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 091/389] regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 090/389] blk-mq: dont create hctx debugfs dir until q->debugfs_dir is created Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 092/389] nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() Greg Kroah-Hartman
` (302 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Mark Brown, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 66efb665cd5ad69b27dca8571bf89fc6b9c628a4 ]
We should call the of_node_put() for the reference returned by
of_get_child_by_name() which has increased the refcount.
Fixes: 40e20d68bb3f ("regulator: of: Add support for parsing regulator_state for suspend state")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220715111027.391032-1-windhl@126.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/regulator/of_regulator.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/regulator/of_regulator.c b/drivers/regulator/of_regulator.c
index 87637eb6bcbc..7a0a235e4465 100644
--- a/drivers/regulator/of_regulator.c
+++ b/drivers/regulator/of_regulator.c
@@ -206,8 +206,12 @@ static int of_get_regulation_constraints(struct device *dev,
}
suspend_np = of_get_child_by_name(np, regulator_states[i]);
- if (!suspend_np || !suspend_state)
+ if (!suspend_np)
continue;
+ if (!suspend_state) {
+ of_node_put(suspend_np);
+ continue;
+ }
if (!of_property_read_u32(suspend_np, "regulator-mode",
&pval)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 092/389] nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 091/389] regulator: of: Fix refcount leak bug in of_get_regulation_constraints() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 093/389] thermal/tools/tmon: Include pthread and time headers in tmon.h Greg Kroah-Hartman
` (301 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Saenz Julienne,
Peter Zijlstra (Intel),
Valentin Schneider, Phil Auld, Sasha Levin
From: Nicolas Saenz Julienne <nsaenzju@redhat.com>
[ Upstream commit 5c66d1b9b30f737fcef85a0b75bfe0590e16b62a ]
dequeue_task_rt() only decrements 'rt_rq->rt_nr_running' after having
called sched_update_tick_dependency() preventing it from re-enabling the
tick on systems that no longer have pending SCHED_RT tasks but have
multiple runnable SCHED_OTHER tasks:
dequeue_task_rt()
dequeue_rt_entity()
dequeue_rt_stack()
dequeue_top_rt_rq()
sub_nr_running() // decrements rq->nr_running
sched_update_tick_dependency()
sched_can_stop_tick() // checks rq->rt.rt_nr_running,
...
__dequeue_rt_entity()
dec_rt_tasks() // decrements rq->rt.rt_nr_running
...
Every other scheduler class performs the operation in the opposite
order, and sched_update_tick_dependency() expects the values to be
updated as such. So avoid the misbehaviour by inverting the order in
which the above operations are performed in the RT scheduler.
Fixes: 76d92ac305f2 ("sched: Migrate sched to use new tick dependency mask model")
Signed-off-by: Nicolas Saenz Julienne <nsaenzju@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Valentin Schneider <vschneid@redhat.com>
Reviewed-by: Phil Auld <pauld@redhat.com>
Link: https://lore.kernel.org/r/20220628092259.330171-1-nsaenzju@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/rt.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
index 28c82dee13ea..c11d3d79d4c3 100644
--- a/kernel/sched/rt.c
+++ b/kernel/sched/rt.c
@@ -437,7 +437,7 @@ static inline void rt_queue_push_tasks(struct rq *rq)
#endif /* CONFIG_SMP */
static void enqueue_top_rt_rq(struct rt_rq *rt_rq);
-static void dequeue_top_rt_rq(struct rt_rq *rt_rq);
+static void dequeue_top_rt_rq(struct rt_rq *rt_rq, unsigned int count);
static inline int on_rt_rq(struct sched_rt_entity *rt_se)
{
@@ -519,7 +519,7 @@ static void sched_rt_rq_dequeue(struct rt_rq *rt_rq)
rt_se = rt_rq->tg->rt_se[cpu];
if (!rt_se) {
- dequeue_top_rt_rq(rt_rq);
+ dequeue_top_rt_rq(rt_rq, rt_rq->rt_nr_running);
/* Kick cpufreq (see the comment in kernel/sched/sched.h). */
cpufreq_update_util(rq_of_rt_rq(rt_rq), 0);
}
@@ -605,7 +605,7 @@ static inline void sched_rt_rq_enqueue(struct rt_rq *rt_rq)
static inline void sched_rt_rq_dequeue(struct rt_rq *rt_rq)
{
- dequeue_top_rt_rq(rt_rq);
+ dequeue_top_rt_rq(rt_rq, rt_rq->rt_nr_running);
}
static inline int rt_rq_throttled(struct rt_rq *rt_rq)
@@ -1004,7 +1004,7 @@ static void update_curr_rt(struct rq *rq)
}
static void
-dequeue_top_rt_rq(struct rt_rq *rt_rq)
+dequeue_top_rt_rq(struct rt_rq *rt_rq, unsigned int count)
{
struct rq *rq = rq_of_rt_rq(rt_rq);
@@ -1015,7 +1015,7 @@ dequeue_top_rt_rq(struct rt_rq *rt_rq)
BUG_ON(!rq->nr_running);
- sub_nr_running(rq, rt_rq->rt_nr_running);
+ sub_nr_running(rq, count);
rt_rq->rt_queued = 0;
}
@@ -1294,18 +1294,21 @@ static void __dequeue_rt_entity(struct sched_rt_entity *rt_se, unsigned int flag
static void dequeue_rt_stack(struct sched_rt_entity *rt_se, unsigned int flags)
{
struct sched_rt_entity *back = NULL;
+ unsigned int rt_nr_running;
for_each_sched_rt_entity(rt_se) {
rt_se->back = back;
back = rt_se;
}
- dequeue_top_rt_rq(rt_rq_of_se(back));
+ rt_nr_running = rt_rq_of_se(back)->rt_nr_running;
for (rt_se = back; rt_se; rt_se = rt_se->back) {
if (on_rt_rq(rt_se))
__dequeue_rt_entity(rt_se, flags);
}
+
+ dequeue_top_rt_rq(rt_rq_of_se(back), rt_nr_running);
}
static void enqueue_rt_entity(struct sched_rt_entity *rt_se, unsigned int flags)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 093/389] thermal/tools/tmon: Include pthread and time headers in tmon.h
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 092/389] nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 094/389] dm: return early from dm_pr_call() if DM device is suspended Greg Kroah-Hartman
` (300 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Markus Mayer, Florian Fainelli,
Sumeet Pawnikar, Alejandro González, Daniel Lezcano,
Sasha Levin
From: Markus Mayer <mmayer@broadcom.com>
[ Upstream commit 0cf51bfe999524377fbb71becb583b4ca6d07cfc ]
Include sys/time.h and pthread.h in tmon.h, so that types
"pthread_mutex_t" and "struct timeval tv" are known when tmon.h
references them.
Without these headers, compiling tmon against musl-libc will fail with
these errors:
In file included from sysfs.c:31:0:
tmon.h:47:8: error: unknown type name 'pthread_mutex_t'
extern pthread_mutex_t input_lock;
^~~~~~~~~~~~~~~
make[3]: *** [<builtin>: sysfs.o] Error 1
make[3]: *** Waiting for unfinished jobs....
In file included from tui.c:31:0:
tmon.h:54:17: error: field 'tv' has incomplete type
struct timeval tv;
^~
make[3]: *** [<builtin>: tui.o] Error 1
make[2]: *** [Makefile:83: tmon] Error 2
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Sumeet Pawnikar <sumeet.r.pawnikar@intel.com>
Acked-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Tested-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem")
Link: https://lore.kernel.org/r/20220718031040.44714-1-f.fainelli@gmail.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/thermal/tmon/tmon.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/thermal/tmon/tmon.h b/tools/thermal/tmon/tmon.h
index c9066ec104dd..44d16d778f04 100644
--- a/tools/thermal/tmon/tmon.h
+++ b/tools/thermal/tmon/tmon.h
@@ -27,6 +27,9 @@
#define NR_LINES_TZDATA 1
#define TMON_LOG_FILE "/var/tmp/tmon.log"
+#include <sys/time.h>
+#include <pthread.h>
+
extern unsigned long ticktime;
extern double time_elapsed;
extern unsigned long target_temp_user;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 094/389] dm: return early from dm_pr_call() if DM device is suspended
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 093/389] thermal/tools/tmon: Include pthread and time headers in tmon.h Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 095/389] ath10k: do not enforce interrupt trigger type Greg Kroah-Hartman
` (299 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mike Snitzer, Sasha Levin
From: Mike Snitzer <snitzer@kernel.org>
[ Upstream commit e120a5f1e78fab6223544e425015f393d90d6f0d ]
Otherwise PR ops may be issued while the broader DM device is being
reconfigured, etc.
Fixes: 9c72bad1f31a ("dm: call PR reserve/unreserve on each underlying device")
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
index 77e28f77c59f..d4cebb38709b 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -3080,6 +3080,11 @@ static int dm_call_pr(struct block_device *bdev, iterate_devices_callout_fn fn,
goto out;
ti = dm_table_get_target(table, 0);
+ if (dm_suspended_md(md)) {
+ ret = -EAGAIN;
+ goto out;
+ }
+
ret = -EINVAL;
if (!ti->type->iterate_devices)
goto out;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 095/389] ath10k: do not enforce interrupt trigger type
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 094/389] dm: return early from dm_pr_call() if DM device is suspended Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 096/389] wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() Greg Kroah-Hartman
` (298 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski,
Steev Klimaszewski, Kalle Valo, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 1ee6c5abebd3cacf2ac4378d0ed4f57fd4850421 ]
Interrupt line can be configured on different hardware in different way,
even inverted. Therefore driver should not enforce specific trigger
type - edge rising - but instead rely on Devicetree to configure it.
All Qualcomm DTSI with WCN3990 define the interrupt type as level high,
so the mismatch between DTSI and driver causes rebind issues:
$ echo 18800000.wifi > /sys/bus/platform/drivers/ath10k_snoc/unbind
$ echo 18800000.wifi > /sys/bus/platform/drivers/ath10k_snoc/bind
[ 44.763114] irq: type mismatch, failed to map hwirq-446 for interrupt-controller@17a00000!
[ 44.763130] ath10k_snoc 18800000.wifi: error -ENXIO: IRQ index 0 not found
[ 44.763140] ath10k_snoc 18800000.wifi: failed to initialize resource: -6
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.2.0.c8-00009-QCAHLSWSC8180XMTPLZ-1
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
Fixes: c963a683e701 ("ath10k: add resource init and deinit for WCN3990")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Tested-by: Steev Klimaszewski <steev@kali.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220513151516.357549-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath10k/snoc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c
index d4589b2ab3b6..b6762fe2efe2 100644
--- a/drivers/net/wireless/ath/ath10k/snoc.c
+++ b/drivers/net/wireless/ath/ath10k/snoc.c
@@ -1192,13 +1192,12 @@ static void ath10k_snoc_init_napi(struct ath10k *ar)
static int ath10k_snoc_request_irq(struct ath10k *ar)
{
struct ath10k_snoc *ar_snoc = ath10k_snoc_priv(ar);
- int irqflags = IRQF_TRIGGER_RISING;
int ret, id;
for (id = 0; id < CE_COUNT_MAX; id++) {
ret = request_irq(ar_snoc->ce_irqs[id].irq_line,
- ath10k_snoc_per_engine_handler,
- irqflags, ce_name[id], ar);
+ ath10k_snoc_per_engine_handler, 0,
+ ce_name[id], ar);
if (ret) {
ath10k_err(ar,
"failed to register IRQ handler for CE %d: %d",
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 096/389] wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 095/389] ath10k: do not enforce interrupt trigger type Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 097/389] drm/mipi-dbi: align max_chunk to 2 in spi_transfer Greg Kroah-Hartman
` (297 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit b88d28146c30a8e14f0f012d56ebf19b68a348f4 ]
If the copy_from_user() fails or the user gives invalid date then the
correct thing to do is to return a negative error code. (Currently it
returns success).
I made a copy additional related cleanups:
1) There is no need to check "buffer" for NULL. That's handled by
copy_from_user().
2) The "h2c_len" variable cannot be negative because it is unsigned
and because sscanf() does not return negative error codes.
Fixes: 610247f46feb ("rtlwifi: Improve debugging by using debugfs")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/YoOLnDkHgVltyXK7@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtlwifi/debug.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtlwifi/debug.c b/drivers/net/wireless/realtek/rtlwifi/debug.c
index 55db71c766fe..ec0da33da4f8 100644
--- a/drivers/net/wireless/realtek/rtlwifi/debug.c
+++ b/drivers/net/wireless/realtek/rtlwifi/debug.c
@@ -349,8 +349,8 @@ static ssize_t rtl_debugfs_set_write_h2c(struct file *filp,
tmp_len = (count > sizeof(tmp) - 1 ? sizeof(tmp) - 1 : count);
- if (!buffer || copy_from_user(tmp, buffer, tmp_len))
- return count;
+ if (copy_from_user(tmp, buffer, tmp_len))
+ return -EFAULT;
tmp[tmp_len] = '\0';
@@ -360,8 +360,8 @@ static ssize_t rtl_debugfs_set_write_h2c(struct file *filp,
&h2c_data[4], &h2c_data[5],
&h2c_data[6], &h2c_data[7]);
- if (h2c_len <= 0)
- return count;
+ if (h2c_len == 0)
+ return -EINVAL;
for (i = 0; i < h2c_len; i++)
h2c_data_packed[i] = (u8)h2c_data[i];
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 097/389] drm/mipi-dbi: align max_chunk to 2 in spi_transfer
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 096/389] wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 098/389] drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() Greg Kroah-Hartman
` (296 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yunhao Tian, Noralf Trønnes,
Sasha Levin
From: Yunhao Tian <t123yh.xyz@gmail.com>
[ Upstream commit 435c249008cba04ed6a7975e9411f3b934620204 ]
In __spi_validate, there's a validation that no partial transfers
are accepted (xfer->len % w_size must be zero). When
max_chunk is not a multiple of bpw (e.g. max_chunk = 65535,
bpw = 16), the transfer will be rejected.
This patch aligns max_chunk to 2 bytes (the maximum value of bpw is 16),
so that no partial transfer will occur.
Fixes: d23d4d4dac01 ("drm/tinydrm: Move tinydrm_spi_transfer()")
Signed-off-by: Yunhao Tian <t123yh.xyz@gmail.com>
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220510030219.2486687-1-t123yh.xyz@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_mipi_dbi.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/drm_mipi_dbi.c b/drivers/gpu/drm/drm_mipi_dbi.c
index 4042f5b39765..2a7ef1051b39 100644
--- a/drivers/gpu/drm/drm_mipi_dbi.c
+++ b/drivers/gpu/drm/drm_mipi_dbi.c
@@ -1156,6 +1156,13 @@ int mipi_dbi_spi_transfer(struct spi_device *spi, u32 speed_hz,
size_t chunk;
int ret;
+ /* In __spi_validate, there's a validation that no partial transfers
+ * are accepted (xfer->len % w_size must be zero).
+ * Here we align max_chunk to multiple of 2 (16bits),
+ * to prevent transfers from being rejected.
+ */
+ max_chunk = ALIGN_DOWN(max_chunk, 2);
+
spi_message_init_with_transfers(&m, &tr, 1);
while (len) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 098/389] drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 097/389] drm/mipi-dbi: align max_chunk to 2 in spi_transfer Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 099/389] drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function Greg Kroah-Hartman
` (295 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kodanev, Alex Deucher, Sasha Levin
From: Alexey Kodanev <aleksei.kodanev@bell-sw.com>
[ Upstream commit 136f614931a2bb73616b292cf542da3a18daefd5 ]
The last case label can write two buffers 'mc_reg_address[j]' and
'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE
since there are no checks for this value in both case labels after the
last 'j++'.
Instead of changing '>' to '>=' there, add the bounds check at the start
of the second 'case' (the first one already has it).
Also, remove redundant last checks for 'j' index bigger than array size.
The expression is always false. Moreover, before or after the patch
'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it
seems it can be a valid value.
Detected using the static analysis tool - Svace.
Fixes: 69e0b57a91ad ("drm/radeon/kms: add dpm support for cayman (v5)")
Signed-off-by: Alexey Kodanev <aleksei.kodanev@bell-sw.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/ni_dpm.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/radeon/ni_dpm.c b/drivers/gpu/drm/radeon/ni_dpm.c
index bd2e577c701f..288ec3039bc2 100644
--- a/drivers/gpu/drm/radeon/ni_dpm.c
+++ b/drivers/gpu/drm/radeon/ni_dpm.c
@@ -2740,10 +2740,10 @@ static int ni_set_mc_special_registers(struct radeon_device *rdev,
table->mc_reg_table_entry[k].mc_data[j] |= 0x100;
}
j++;
- if (j > SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE)
- return -EINVAL;
break;
case MC_SEQ_RESERVE_M >> 2:
+ if (j >= SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE)
+ return -EINVAL;
temp_reg = RREG32(MC_PMG_CMD_MRS1);
table->mc_reg_address[j].s1 = MC_PMG_CMD_MRS1 >> 2;
table->mc_reg_address[j].s0 = MC_SEQ_PMG_CMD_MRS1_LP >> 2;
@@ -2752,8 +2752,6 @@ static int ni_set_mc_special_registers(struct radeon_device *rdev,
(temp_reg & 0xffff0000) |
(table->mc_reg_table_entry[k].mc_data[i] & 0x0000ffff);
j++;
- if (j > SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE)
- return -EINVAL;
break;
default:
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 099/389] drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 098/389] drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 100/389] drm: adv7511: override i2c address of cec before accessing it Greg Kroah-Hartman
` (294 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jitao Shi, Xinlei Lee, Rex-BC Chen,
Chun-Kuang Hu, Sasha Levin
From: Xinlei Lee <xinlei.lee@mediatek.com>
[ Upstream commit fa5d0a0205c34734c5b8daa77e39ac2817f63a10 ]
In the dsi_enable function, mtk_dsi_rxtx_control is to
pull up the MIPI signal operation. Before dsi_disable,
MIPI should also be pulled down by writing a register
instead of disabling dsi.
If disable dsi without pulling the mipi signal low, the value of
the register will still maintain the setting of the mipi signal being
pulled high.
After resume, even if the mipi signal is not pulled high, it will still
be in the high state.
Fixes: 2e54c14e310f ("drm/mediatek: Add DSI sub driver")
Link: https://patchwork.kernel.org/project/linux-mediatek/patch/1653012007-11854-5-git-send-email-xinlei.lee@mediatek.com/
Signed-off-by: Jitao Shi <jitao.shi@mediatek.com>
Signed-off-by: Xinlei Lee <xinlei.lee@mediatek.com>
Reviewed-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mediatek/mtk_dsi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/mediatek/mtk_dsi.c b/drivers/gpu/drm/mediatek/mtk_dsi.c
index 224afb666881..e82705a33acf 100644
--- a/drivers/gpu/drm/mediatek/mtk_dsi.c
+++ b/drivers/gpu/drm/mediatek/mtk_dsi.c
@@ -645,6 +645,8 @@ static void mtk_dsi_poweroff(struct mtk_dsi *dsi)
mtk_dsi_reset_engine(dsi);
mtk_dsi_lane0_ulp_mode_enter(dsi);
mtk_dsi_clk_ulp_mode_enter(dsi);
+ /* set the lane number as 0 to pull down mipi */
+ writel(0, dsi->regs + DSI_TXRX_CTRL);
mtk_dsi_disable(dsi);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 100/389] drm: adv7511: override i2c address of cec before accessing it
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 099/389] drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 101/389] i2c: Fix a potential use after free Greg Kroah-Hartman
` (293 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Antonio Borneo, Kieran Bingham,
Robert Foss, Sasha Levin
From: Antonio Borneo <antonio.borneo@foss.st.com>
[ Upstream commit 9cc4853e4781bf0dd0f35355dc92d97c9da02f5d ]
Commit 680532c50bca ("drm: adv7511: Add support for
i2c_new_secondary_device") allows a device tree node to override
the default addresses of the secondary i2c devices. This is useful
for solving address conflicts on the i2c bus.
In adv7511_init_cec_regmap() the new i2c address of cec device is
read from device tree and immediately accessed, well before it is
written in the proper register to override the default address.
This can cause an i2c error during probe and a consequent probe
failure.
Once the new i2c address is read from the device tree, override
the default address before any attempt to access the cec.
Tested with adv7533 and stm32mp157f.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Fixes: 680532c50bca ("drm: adv7511: Add support for i2c_new_secondary_device")
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220607213144.427177-1-antonio.borneo@foss.st.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index e7bf32f234d7..e2f84e2d5d3c 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -985,6 +985,10 @@ static int adv7511_init_cec_regmap(struct adv7511 *adv)
ADV7511_CEC_I2C_ADDR_DEFAULT);
if (IS_ERR(adv->i2c_cec))
return PTR_ERR(adv->i2c_cec);
+
+ regmap_write(adv->regmap, ADV7511_REG_CEC_I2C_ADDR,
+ adv->i2c_cec->addr << 1);
+
i2c_set_clientdata(adv->i2c_cec, adv);
adv->regmap_cec = devm_regmap_init_i2c(adv->i2c_cec,
@@ -1189,9 +1193,6 @@ static int adv7511_probe(struct i2c_client *i2c, const struct i2c_device_id *id)
if (ret)
goto err_i2c_unregister_packet;
- regmap_write(adv7511->regmap, ADV7511_REG_CEC_I2C_ADDR,
- adv7511->i2c_cec->addr << 1);
-
INIT_WORK(&adv7511->hpd_work, adv7511_hpd_work);
if (i2c->irq) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 101/389] i2c: Fix a potential use after free
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 100/389] drm: adv7511: override i2c address of cec before accessing it Greg Kroah-Hartman
@ 2022-08-23 8:22 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 102/389] media: tw686x: Register the irq at the end of probe Greg Kroah-Hartman
` (292 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:22 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xu Wang, Wolfram Sang, Sasha Levin
From: Xu Wang <vulab@iscas.ac.cn>
[ Upstream commit e4c72c06c367758a14f227c847f9d623f1994ecf ]
Free the adap structure only after we are done using it.
This patch just moves the put_device() down a bit to avoid the
use after free.
Fixes: 611e12ea0f12 ("i2c: core: manage i2c bus device refcount in i2c_[get|put]_adapter")
Signed-off-by: Xu Wang <vulab@iscas.ac.cn>
[wsa: added comment to the code, added Fixes tag]
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/i2c-core-base.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c
index 1b93fae58ec7..964e8a29b27b 100644
--- a/drivers/i2c/i2c-core-base.c
+++ b/drivers/i2c/i2c-core-base.c
@@ -2358,8 +2358,9 @@ void i2c_put_adapter(struct i2c_adapter *adap)
if (!adap)
return;
- put_device(&adap->dev);
module_put(adap->owner);
+ /* Should be last, otherwise we risk use-after-free with 'adap' */
+ put_device(&adap->dev);
}
EXPORT_SYMBOL(i2c_put_adapter);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 102/389] media: tw686x: Register the irq at the end of probe
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-08-23 8:22 ` [PATCH 5.4 101/389] i2c: Fix a potential use after free Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 103/389] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
` (291 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit fb730334e0f759d00f72168fbc555e5a95e35210 ]
We got the following warning when booting the kernel:
[ 3.243674] INFO: trying to register non-static key.
[ 3.243922] The code is fine but needs lockdep annotation, or maybe
[ 3.244230] you didn't initialize this object before use?
[ 3.245642] Call Trace:
[ 3.247836] lock_acquire+0xff/0x2d0
[ 3.248727] tw686x_audio_irq+0x1a5/0xcc0 [tw686x]
[ 3.249211] tw686x_irq+0x1f9/0x480 [tw686x]
The lock 'vc->qlock' will be initialized in tw686x_video_init(), but the
driver registers the irq before calling the tw686x_video_init(), and we
got the warning.
Fix this by registering the irq at the end of probe
Fixes: 704a84ccdbf1 ("[media] media: Support Intersil/Techwell TW686x-based video capture cards")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/tw686x/tw686x-core.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/drivers/media/pci/tw686x/tw686x-core.c b/drivers/media/pci/tw686x/tw686x-core.c
index 74ae4f0dcee7..8a25a0dac4ae 100644
--- a/drivers/media/pci/tw686x/tw686x-core.c
+++ b/drivers/media/pci/tw686x/tw686x-core.c
@@ -315,13 +315,6 @@ static int tw686x_probe(struct pci_dev *pci_dev,
spin_lock_init(&dev->lock);
- err = request_irq(pci_dev->irq, tw686x_irq, IRQF_SHARED,
- dev->name, dev);
- if (err < 0) {
- dev_err(&pci_dev->dev, "unable to request interrupt\n");
- goto iounmap;
- }
-
timer_setup(&dev->dma_delay_timer, tw686x_dma_delay, 0);
/*
@@ -333,18 +326,23 @@ static int tw686x_probe(struct pci_dev *pci_dev,
err = tw686x_video_init(dev);
if (err) {
dev_err(&pci_dev->dev, "can't register video\n");
- goto free_irq;
+ goto iounmap;
}
err = tw686x_audio_init(dev);
if (err)
dev_warn(&pci_dev->dev, "can't register audio\n");
+ err = request_irq(pci_dev->irq, tw686x_irq, IRQF_SHARED,
+ dev->name, dev);
+ if (err < 0) {
+ dev_err(&pci_dev->dev, "unable to request interrupt\n");
+ goto iounmap;
+ }
+
pci_set_drvdata(pci_dev, dev);
return 0;
-free_irq:
- free_irq(pci_dev->irq, dev);
iounmap:
pci_iounmap(pci_dev, dev->mmio);
free_region:
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 103/389] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 102/389] media: tw686x: Register the irq at the end of probe Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 104/389] wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() Greg Kroah-Hartman
` (290 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavel Skripkin,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin,
syzbot+03110230a11411024147, syzbot+c6dde1f690b60e0b9fbe
From: Pavel Skripkin <paskripkin@gmail.com>
[ Upstream commit 0ac4827f78c7ffe8eef074bc010e7e34bc22f533 ]
Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The
problem was in incorrect htc_handle->drv_priv initialization.
Probable call trace which can trigger use-after-free:
ath9k_htc_probe_device()
/* htc_handle->drv_priv = priv; */
ath9k_htc_wait_for_target() <--- Failed
ieee80211_free_hw() <--- priv pointer is freed
<IRQ>
...
ath9k_hif_usb_rx_cb()
ath9k_hif_usb_rx_stream()
RX_STAT_INC() <--- htc_handle->drv_priv access
In order to not add fancy protection for drv_priv we can move
htc_handle->drv_priv initialization at the end of the
ath9k_htc_probe_device() and add helper macro to make
all *_STAT_* macros NULL safe, since syzbot has reported related NULL
deref in that macros [1]
Link: https://syzkaller.appspot.com/bug?id=6ead44e37afb6866ac0c7dd121b4ce07cb665f60 [0]
Link: https://syzkaller.appspot.com/bug?id=b8101ffcec107c0567a0cd8acbbacec91e9ee8de [1]
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Reported-and-tested-by: syzbot+03110230a11411024147@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+c6dde1f690b60e0b9fbe@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/d57bbedc857950659bfacac0ab48790c1eda00c8.1655145743.git.paskripkin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc.h | 10 +++++-----
drivers/net/wireless/ath/ath9k/htc_drv_init.c | 3 ++-
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc.h b/drivers/net/wireless/ath/ath9k/htc.h
index 9f64e32381f9..81107100e368 100644
--- a/drivers/net/wireless/ath/ath9k/htc.h
+++ b/drivers/net/wireless/ath/ath9k/htc.h
@@ -325,11 +325,11 @@ static inline struct ath9k_htc_tx_ctl *HTC_SKB_CB(struct sk_buff *skb)
}
#ifdef CONFIG_ATH9K_HTC_DEBUGFS
-
-#define TX_STAT_INC(c) (hif_dev->htc_handle->drv_priv->debug.tx_stats.c++)
-#define TX_STAT_ADD(c, a) (hif_dev->htc_handle->drv_priv->debug.tx_stats.c += a)
-#define RX_STAT_INC(c) (hif_dev->htc_handle->drv_priv->debug.skbrx_stats.c++)
-#define RX_STAT_ADD(c, a) (hif_dev->htc_handle->drv_priv->debug.skbrx_stats.c += a)
+#define __STAT_SAFE(expr) (hif_dev->htc_handle->drv_priv ? (expr) : 0)
+#define TX_STAT_INC(c) __STAT_SAFE(hif_dev->htc_handle->drv_priv->debug.tx_stats.c++)
+#define TX_STAT_ADD(c, a) __STAT_SAFE(hif_dev->htc_handle->drv_priv->debug.tx_stats.c += a)
+#define RX_STAT_INC(c) __STAT_SAFE(hif_dev->htc_handle->drv_priv->debug.skbrx_stats.c++)
+#define RX_STAT_ADD(c, a) __STAT_SAFE(hif_dev->htc_handle->drv_priv->debug.skbrx_stats.c += a)
#define CAB_STAT_INC priv->debug.tx_stats.cab_queued++
#define TX_QSTAT_INC(q) (priv->debug.tx_stats.queue_stats[q]++)
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_init.c b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
index 11054c17a9b5..eaaafa64a3ee 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c
@@ -944,7 +944,6 @@ int ath9k_htc_probe_device(struct htc_target *htc_handle, struct device *dev,
priv->hw = hw;
priv->htc = htc_handle;
priv->dev = dev;
- htc_handle->drv_priv = priv;
SET_IEEE80211_DEV(hw, priv->dev);
ret = ath9k_htc_wait_for_target(priv);
@@ -965,6 +964,8 @@ int ath9k_htc_probe_device(struct htc_target *htc_handle, struct device *dev,
if (ret)
goto err_init;
+ htc_handle->drv_priv = priv;
+
return 0;
err_init:
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 104/389] wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 103/389] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 105/389] drm: bridge: adv7511: Add check for mipi_dsi_driver_register Greg Kroah-Hartman
` (289 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexey Kodanev, Kalle Valo, Sasha Levin
From: Alexey Kodanev <aleksei.kodanev@bell-sw.com>
[ Upstream commit a8eb8e6f7159c7c20c0ddac428bde3d110890aa7 ]
As a result of the execution of the inner while loop, the value
of 'idx' can be equal to LINK_QUAL_MAX_RETRY_NUM. However, this
is not checked after the loop and 'idx' is used to write the
LINK_QUAL_MAX_RETRY_NUM size array 'lq_cmd->rs_table[idx]' below
in the outer loop.
The fix is to check the new value of 'idx' inside the nested loop,
and break both loops if index equals the size. Checking it at the
start is now pointless, so let's remove it.
Detected using the static analysis tool - Svace.
Fixes: be663ab67077 ("iwlwifi: split the drivers for agn and legacy devices 3945/4965")
Signed-off-by: Alexey Kodanev <aleksei.kodanev@bell-sw.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220608171614.28891-1-aleksei.kodanev@bell-sw.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlegacy/4965-rs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlegacy/4965-rs.c b/drivers/net/wireless/intel/iwlegacy/4965-rs.c
index 0a02d8aca320..ce891ac32388 100644
--- a/drivers/net/wireless/intel/iwlegacy/4965-rs.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-rs.c
@@ -2403,7 +2403,7 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta,
/* Repeat initial/next rate.
* For legacy IL_NUMBER_TRY == 1, this loop will not execute.
* For HT IL_HT_NUMBER_TRY == 3, this executes twice. */
- while (repeat_rate > 0 && idx < LINK_QUAL_MAX_RETRY_NUM) {
+ while (repeat_rate > 0) {
if (is_legacy(tbl_type.lq_type)) {
if (ant_toggle_cnt < NUM_TRY_BEFORE_ANT_TOGGLE)
ant_toggle_cnt++;
@@ -2422,6 +2422,8 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta,
cpu_to_le32(new_rate);
repeat_rate--;
idx++;
+ if (idx >= LINK_QUAL_MAX_RETRY_NUM)
+ goto out;
}
il4965_rs_get_tbl_info_from_mcs(new_rate, lq_sta->band,
@@ -2466,6 +2468,7 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta,
repeat_rate--;
}
+out:
lq_cmd->agg_params.agg_frame_cnt_limit = LINK_QUAL_AGG_FRAME_LIMIT_DEF;
lq_cmd->agg_params.agg_dis_start_th = LINK_QUAL_AGG_DISABLE_START_DEF;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 105/389] drm: bridge: adv7511: Add check for mipi_dsi_driver_register
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 104/389] wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 106/389] drm/mcde: Fix refcount leak in mcde_dsi_bind Greg Kroah-Hartman
` (288 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Laurent Pinchart,
Sam Ravnborg, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 831463667b5f4f1e5bce9c3b94e9e794d2bc8923 ]
As mipi_dsi_driver_register could return error if fails,
it should be better to check the return value and return error
if fails.
Moreover, if i2c_add_driver fails, mipi_dsi_driver_register
should be reverted.
Fixes: 1e4d58cd7f88 ("drm/bridge: adv7533: Create a MIPI DSI device")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220602103401.2980938-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
index e2f84e2d5d3c..62ef603627b7 100644
--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
+++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
@@ -1302,10 +1302,21 @@ static struct i2c_driver adv7511_driver = {
static int __init adv7511_init(void)
{
- if (IS_ENABLED(CONFIG_DRM_MIPI_DSI))
- mipi_dsi_driver_register(&adv7533_dsi_driver);
+ int ret;
+
+ if (IS_ENABLED(CONFIG_DRM_MIPI_DSI)) {
+ ret = mipi_dsi_driver_register(&adv7533_dsi_driver);
+ if (ret)
+ return ret;
+ }
- return i2c_add_driver(&adv7511_driver);
+ ret = i2c_add_driver(&adv7511_driver);
+ if (ret) {
+ if (IS_ENABLED(CONFIG_DRM_MIPI_DSI))
+ mipi_dsi_driver_unregister(&adv7533_dsi_driver);
+ }
+
+ return ret;
}
module_init(adv7511_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 106/389] drm/mcde: Fix refcount leak in mcde_dsi_bind
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 105/389] drm: bridge: adv7511: Add check for mipi_dsi_driver_register Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 107/389] media: hdpvr: fix error value returns in hdpvr_read Greg Kroah-Hartman
` (287 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 3a149169e4a2f9127022fec6ef5d71b4e804b3b9 ]
Every iteration of for_each_available_child_of_node() decrements
the reference counter of the previous node. There is no decrement
when break out from the loop and results in refcount leak.
Add missing of_node_put() to fix this.
Fixes: 5fc537bfd000 ("drm/mcde: Add new driver for ST-Ericsson MCDE")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220525115411.65455-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mcde/mcde_dsi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/mcde/mcde_dsi.c b/drivers/gpu/drm/mcde/mcde_dsi.c
index 8c8c92fc82e9..a580b9cadb0c 100644
--- a/drivers/gpu/drm/mcde/mcde_dsi.c
+++ b/drivers/gpu/drm/mcde/mcde_dsi.c
@@ -942,6 +942,7 @@ static int mcde_dsi_bind(struct device *dev, struct device *master,
bridge = of_drm_find_bridge(child);
if (!bridge) {
dev_err(dev, "failed to find bridge\n");
+ of_node_put(child);
return -EINVAL;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 107/389] media: hdpvr: fix error value returns in hdpvr_read
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 106/389] drm/mcde: Fix refcount leak in mcde_dsi_bind Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 108/389] drm/vc4: plane: Remove subpixel positioning check Greg Kroah-Hartman
` (286 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Niels Dossche, Hans Verkuil,
Mauro Carvalho Chehab, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit 359c27c6ddbde404f44a9c0d3ec88ccd1e2042f2 ]
Error return values are supposed to be negative in hdpvr_read. Most
error returns are currently handled via an unsigned integer "ret". When
setting a negative error value to "ret", the value actually becomes a
large positive value, because "ret" is unsigned. Later on, the "ret"
value is returned. But as ssize_t is a 64-bit signed number, the error
return value stays a large positive integer instead of a negative
integer. This can cause an error value to be interpreted as the read
size, which can cause a buffer overread for applications relying on the
returned size.
Fixes: 9aba42efe85b ("V4L/DVB (11096): V4L2 Driver for the Hauppauge HD PVR usb capture device")
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/hdpvr/hdpvr-video.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/hdpvr/hdpvr-video.c b/drivers/media/usb/hdpvr/hdpvr-video.c
index 7849f1fbbcc4..4f1505b94338 100644
--- a/drivers/media/usb/hdpvr/hdpvr-video.c
+++ b/drivers/media/usb/hdpvr/hdpvr-video.c
@@ -409,7 +409,7 @@ static ssize_t hdpvr_read(struct file *file, char __user *buffer, size_t count,
struct hdpvr_device *dev = video_drvdata(file);
struct hdpvr_buffer *buf = NULL;
struct urb *urb;
- unsigned int ret = 0;
+ int ret = 0;
int rem, cnt;
if (*pos)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 108/389] drm/vc4: plane: Remove subpixel positioning check
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 107/389] media: hdpvr: fix error value returns in hdpvr_read Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 109/389] drm/vc4: plane: Fix margin calculations for the right/bottom edges Greg Kroah-Hartman
` (285 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dom Cobley, Maxime Ripard, Sasha Levin
From: Dom Cobley <popcornmix@gmail.com>
[ Upstream commit 517db1ab1566dba3093dbdb8de4263ba4aa66416 ]
There is little harm in ignoring fractional coordinates
(they just get truncated).
Without this:
modetest -M vc4 -F tiles,gradient -s 32:1920x1080-60 -P89@74:1920x1080*.1.1@XR24
is rejected. We have the same issue in Kodi when trying to
use zoom options on video.
Note: even if all coordinates are fully integer. e.g.
src:[0,0,1920,1080] dest:[-10,-10,1940,1100]
it will still get rejected as drm_atomic_helper_check_plane_state
uses drm_rect_clip_scaled which transforms this to fractional src coords
Fixes: 21af94cf1a4c ("drm/vc4: Add support for scaling of display planes.")
Signed-off-by: Dom Cobley <popcornmix@gmail.com>
Link: https://lore.kernel.org/r/20220613144800.326124-5-maxime@cerno.tech
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_plane.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
index 363f456ea713..6e787f684e52 100644
--- a/drivers/gpu/drm/vc4/vc4_plane.c
+++ b/drivers/gpu/drm/vc4/vc4_plane.c
@@ -317,7 +317,6 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state)
struct vc4_plane_state *vc4_state = to_vc4_plane_state(state);
struct drm_framebuffer *fb = state->fb;
struct drm_gem_cma_object *bo = drm_fb_cma_get_gem_obj(fb, 0);
- u32 subpixel_src_mask = (1 << 16) - 1;
int num_planes = fb->format->num_planes;
struct drm_crtc_state *crtc_state;
u32 h_subsample = fb->format->hsub;
@@ -339,18 +338,15 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state)
for (i = 0; i < num_planes; i++)
vc4_state->offsets[i] = bo->paddr + fb->offsets[i];
- /* We don't support subpixel source positioning for scaling. */
- if ((state->src.x1 & subpixel_src_mask) ||
- (state->src.x2 & subpixel_src_mask) ||
- (state->src.y1 & subpixel_src_mask) ||
- (state->src.y2 & subpixel_src_mask)) {
- return -EINVAL;
- }
-
- vc4_state->src_x = state->src.x1 >> 16;
- vc4_state->src_y = state->src.y1 >> 16;
- vc4_state->src_w[0] = (state->src.x2 - state->src.x1) >> 16;
- vc4_state->src_h[0] = (state->src.y2 - state->src.y1) >> 16;
+ /*
+ * We don't support subpixel source positioning for scaling,
+ * but fractional coordinates can be generated by clipping
+ * so just round for now
+ */
+ vc4_state->src_x = DIV_ROUND_CLOSEST(state->src.x1, 1 << 16);
+ vc4_state->src_y = DIV_ROUND_CLOSEST(state->src.y1, 1 << 16);
+ vc4_state->src_w[0] = DIV_ROUND_CLOSEST(state->src.x2, 1 << 16) - vc4_state->src_x;
+ vc4_state->src_h[0] = DIV_ROUND_CLOSEST(state->src.y2, 1 << 16) - vc4_state->src_y;
vc4_state->crtc_x = state->dst.x1;
vc4_state->crtc_y = state->dst.y1;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 109/389] drm/vc4: plane: Fix margin calculations for the right/bottom edges
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 108/389] drm/vc4: plane: Remove subpixel positioning check Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 110/389] drm/vc4: dsi: Correct DSI divider calculations Greg Kroah-Hartman
` (284 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Stevenson, Maxime Ripard, Sasha Levin
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit b7c3d6821627861f4ea3e1f2b595d0ed9e80aac8 ]
The current plane margin calculation code clips the right and bottom
edges of the range based using the left and top margins.
This is obviously wrong, so let's fix it.
Fixes: 666e73587f90 ("drm/vc4: Take margin setup into account when updating planes")
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Link: https://lore.kernel.org/r/20220613144800.326124-6-maxime@cerno.tech
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_plane.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
index 6e787f684e52..cdcd19698b3c 100644
--- a/drivers/gpu/drm/vc4/vc4_plane.c
+++ b/drivers/gpu/drm/vc4/vc4_plane.c
@@ -288,16 +288,16 @@ static int vc4_plane_margins_adj(struct drm_plane_state *pstate)
adjhdisplay,
crtc_state->mode.hdisplay);
vc4_pstate->crtc_x += left;
- if (vc4_pstate->crtc_x > crtc_state->mode.hdisplay - left)
- vc4_pstate->crtc_x = crtc_state->mode.hdisplay - left;
+ if (vc4_pstate->crtc_x > crtc_state->mode.hdisplay - right)
+ vc4_pstate->crtc_x = crtc_state->mode.hdisplay - right;
adjvdisplay = crtc_state->mode.vdisplay - (top + bottom);
vc4_pstate->crtc_y = DIV_ROUND_CLOSEST(vc4_pstate->crtc_y *
adjvdisplay,
crtc_state->mode.vdisplay);
vc4_pstate->crtc_y += top;
- if (vc4_pstate->crtc_y > crtc_state->mode.vdisplay - top)
- vc4_pstate->crtc_y = crtc_state->mode.vdisplay - top;
+ if (vc4_pstate->crtc_y > crtc_state->mode.vdisplay - bottom)
+ vc4_pstate->crtc_y = crtc_state->mode.vdisplay - bottom;
vc4_pstate->crtc_w = DIV_ROUND_CLOSEST(vc4_pstate->crtc_w *
adjhdisplay,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 110/389] drm/vc4: dsi: Correct DSI divider calculations
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 109/389] drm/vc4: plane: Fix margin calculations for the right/bottom edges Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 111/389] crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE Greg Kroah-Hartman
` (283 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dave Stevenson, Maxime Ripard, Sasha Levin
From: Dave Stevenson <dave.stevenson@raspberrypi.com>
[ Upstream commit 3b45eee87da171caa28f61240ddb5c21170cda53 ]
The divider calculations tried to find the divider just faster than the
clock requested. However if it required a divider of 7 then the for loop
aborted without handling the "error" case, and could end up with a clock
lower than requested.
The integer divider from parent PLL to DSI clock is also capable of
going up to /255, not just /7 that the driver was trying. This allows
for slower link frequencies on the DSI bus where the resolution permits.
Correct the loop so that we always have a clock greater than requested,
and covering the whole range of dividers.
Fixes: 86c1b9eff3f2 ("drm/vc4: Adjust modes in DSI to work around the integer PLL divider.")
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Link: https://lore.kernel.org/r/20220613144800.326124-13-maxime@cerno.tech
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_dsi.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_dsi.c b/drivers/gpu/drm/vc4/vc4_dsi.c
index 0983949cc8c9..e249ab378700 100644
--- a/drivers/gpu/drm/vc4/vc4_dsi.c
+++ b/drivers/gpu/drm/vc4/vc4_dsi.c
@@ -791,11 +791,9 @@ static bool vc4_dsi_encoder_mode_fixup(struct drm_encoder *encoder,
/* Find what divider gets us a faster clock than the requested
* pixel clock.
*/
- for (divider = 1; divider < 8; divider++) {
- if (parent_rate / divider < pll_clock) {
- divider--;
+ for (divider = 1; divider < 255; divider++) {
+ if (parent_rate / (divider + 1) < pll_clock)
break;
- }
}
/* Now that we've picked a PLL divider, calculate back to its
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 111/389] crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 110/389] drm/vc4: dsi: Correct DSI divider calculations Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 112/389] drm/rockchip: vop: Dont crash for invalid duplicate_state() Greg Kroah-Hartman
` (282 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qian Cai, Herbert Xu, Sasha Levin
From: Qian Cai <quic_qiancai@quicinc.com>
[ Upstream commit fac76f2260893dde5aa05bb693b4c13e8ed0454b ]
Otherwise, we could fail to compile.
ld: arch/arm64/crypto/ghash-ce-glue.o: in function 'ghash_ce_mod_exit':
ghash-ce-glue.c:(.exit.text+0x24): undefined reference to 'crypto_unregister_aead'
ld: arch/arm64/crypto/ghash-ce-glue.o: in function 'ghash_ce_mod_init':
ghash-ce-glue.c:(.init.text+0x34): undefined reference to 'crypto_register_aead'
Fixes: 537c1445ab0b ("crypto: arm64/gcm - implement native driver using v8 Crypto Extensions")
Signed-off-by: Qian Cai <quic_qiancai@quicinc.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/crypto/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig
index 4922c4451e7c..99cddf1145c2 100644
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -59,6 +59,7 @@ config CRYPTO_GHASH_ARM64_CE
select CRYPTO_HASH
select CRYPTO_GF128MUL
select CRYPTO_LIB_AES
+ select CRYPTO_AEAD
config CRYPTO_CRCT10DIF_ARM64_CE
tristate "CRCT10DIF digest algorithm using PMULL instructions"
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 112/389] drm/rockchip: vop: Dont crash for invalid duplicate_state()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 111/389] crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 113/389] drm/rockchip: Fix an error handling path rockchip_dp_probe() Greg Kroah-Hartman
` (281 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Sean Paul,
Douglas Anderson, Heiko Stuebner, Sasha Levin
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 1449110b0dade8b638d2c17ab7c5b0ff696bfccb ]
It's possible for users to try to duplicate the CRTC state even when the
state doesn't exist. drm_atomic_helper_crtc_duplicate_state() (and other
users of __drm_atomic_helper_crtc_duplicate_state()) already guard this
with a WARN_ON() instead of crashing, so let's do that here too.
Fixes: 4e257d9eee23 ("drm/rockchip: get rid of rockchip_drm_crtc_mode_config")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Sean Paul <seanpaul@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220617172623.1.I62db228170b1559ada60b8d3e1637e1688424926@changeid
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
index 2e4e1933a43c..57e0396662c3 100644
--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
@@ -1288,6 +1288,9 @@ static struct drm_crtc_state *vop_crtc_duplicate_state(struct drm_crtc *crtc)
{
struct rockchip_crtc_state *rockchip_state;
+ if (WARN_ON(!crtc->state))
+ return NULL;
+
rockchip_state = kzalloc(sizeof(*rockchip_state), GFP_KERNEL);
if (!rockchip_state)
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 113/389] drm/rockchip: Fix an error handling path rockchip_dp_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 112/389] drm/rockchip: vop: Dont crash for invalid duplicate_state() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 114/389] drm/mediatek: dpi: Remove output format of YUV Greg Kroah-Hartman
` (280 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Heiko Stuebner,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 5074376822fe99fa4ce344b851c5016d00c0444f ]
Should component_add() fail, we should call analogix_dp_remove() in the
error handling path, as already done in the remove function.
Fixes: 152cce0006ab ("drm/bridge: analogix_dp: Split bind() into probe() and real bind()")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/b719d9061bb97eb85145fbd3c5e63f4549f2e13e.1655572071.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c b/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c
index ce98c08aa8b4..48281e29b5d4 100644
--- a/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c
+++ b/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c
@@ -401,7 +401,15 @@ static int rockchip_dp_probe(struct platform_device *pdev)
if (IS_ERR(dp->adp))
return PTR_ERR(dp->adp);
- return component_add(dev, &rockchip_dp_component_ops);
+ ret = component_add(dev, &rockchip_dp_component_ops);
+ if (ret)
+ goto err_dp_remove;
+
+ return 0;
+
+err_dp_remove:
+ analogix_dp_remove(dp->adp);
+ return ret;
}
static int rockchip_dp_remove(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 114/389] drm/mediatek: dpi: Remove output format of YUV
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 113/389] drm/rockchip: Fix an error handling path rockchip_dp_probe() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 115/389] drm/mediatek: dpi: Only enable dpi after the bridge is enabled Greg Kroah-Hartman
` (279 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bo-Chen Chen, Chun-Kuang Hu, Sasha Levin
From: Bo-Chen Chen <rex-bc.chen@mediatek.com>
[ Upstream commit c9ed0713b3c35fc45677707ba47f432cad95da56 ]
DPI is not support output format as YUV, but there is the setting of
configuring output YUV. Therefore, remove them in this patch.
Fixes: 9e629c17aa8d ("drm/mediatek: Add DPI sub driver")
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Link: https://patchwork.kernel.org/project/linux-mediatek/patch/20220701035845.16458-5-rex-bc.chen@mediatek.com/
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mediatek/mtk_dpi.c | 31 ++++++------------------------
1 file changed, 6 insertions(+), 25 deletions(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_dpi.c b/drivers/gpu/drm/mediatek/mtk_dpi.c
index 48de07e9059e..8f4a9f245a9a 100644
--- a/drivers/gpu/drm/mediatek/mtk_dpi.c
+++ b/drivers/gpu/drm/mediatek/mtk_dpi.c
@@ -50,13 +50,7 @@ enum mtk_dpi_out_channel_swap {
};
enum mtk_dpi_out_color_format {
- MTK_DPI_COLOR_FORMAT_RGB,
- MTK_DPI_COLOR_FORMAT_RGB_FULL,
- MTK_DPI_COLOR_FORMAT_YCBCR_444,
- MTK_DPI_COLOR_FORMAT_YCBCR_422,
- MTK_DPI_COLOR_FORMAT_XV_YCC,
- MTK_DPI_COLOR_FORMAT_YCBCR_444_FULL,
- MTK_DPI_COLOR_FORMAT_YCBCR_422_FULL
+ MTK_DPI_COLOR_FORMAT_RGB
};
struct mtk_dpi {
@@ -355,24 +349,11 @@ static void mtk_dpi_config_disable_edge(struct mtk_dpi *dpi)
static void mtk_dpi_config_color_format(struct mtk_dpi *dpi,
enum mtk_dpi_out_color_format format)
{
- if ((format == MTK_DPI_COLOR_FORMAT_YCBCR_444) ||
- (format == MTK_DPI_COLOR_FORMAT_YCBCR_444_FULL)) {
- mtk_dpi_config_yuv422_enable(dpi, false);
- mtk_dpi_config_csc_enable(dpi, true);
- mtk_dpi_config_swap_input(dpi, false);
- mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_BGR);
- } else if ((format == MTK_DPI_COLOR_FORMAT_YCBCR_422) ||
- (format == MTK_DPI_COLOR_FORMAT_YCBCR_422_FULL)) {
- mtk_dpi_config_yuv422_enable(dpi, true);
- mtk_dpi_config_csc_enable(dpi, true);
- mtk_dpi_config_swap_input(dpi, true);
- mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_RGB);
- } else {
- mtk_dpi_config_yuv422_enable(dpi, false);
- mtk_dpi_config_csc_enable(dpi, false);
- mtk_dpi_config_swap_input(dpi, false);
- mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_RGB);
- }
+ /* only support RGB888 */
+ mtk_dpi_config_yuv422_enable(dpi, false);
+ mtk_dpi_config_csc_enable(dpi, false);
+ mtk_dpi_config_swap_input(dpi, false);
+ mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_RGB);
}
static void mtk_dpi_power_off(struct mtk_dpi *dpi)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 115/389] drm/mediatek: dpi: Only enable dpi after the bridge is enabled
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 114/389] drm/mediatek: dpi: Remove output format of YUV Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 116/389] drm: bridge: sii8620: fix possible off-by-one Greg Kroah-Hartman
` (278 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guillaume Ranquet, Bo-Chen Chen,
AngeloGioacchino Del Regno, Chun-Kuang Hu, Sasha Levin
From: Guillaume Ranquet <granquet@baylibre.com>
[ Upstream commit aed61ef6beb911cc043af0f2f291167663995065 ]
Enabling the dpi too early causes glitches on screen.
Move the call to mtk_dpi_enable() at the end of the bridge_enable
callback to ensure everything is setup properly before enabling dpi.
Fixes: 9e629c17aa8d ("drm/mediatek: Add DPI sub driver")
Signed-off-by: Guillaume Ranquet <granquet@baylibre.com>
Signed-off-by: Bo-Chen Chen <rex-bc.chen@mediatek.com>
Tested-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://patchwork.kernel.org/project/linux-mediatek/patch/20220701035845.16458-16-rex-bc.chen@mediatek.com/
Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/mediatek/mtk_dpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_dpi.c b/drivers/gpu/drm/mediatek/mtk_dpi.c
index 8f4a9f245a9a..4a64d8aed9da 100644
--- a/drivers/gpu/drm/mediatek/mtk_dpi.c
+++ b/drivers/gpu/drm/mediatek/mtk_dpi.c
@@ -394,7 +394,6 @@ static int mtk_dpi_power_on(struct mtk_dpi *dpi)
if (dpi->pinctrl && dpi->pins_dpi)
pinctrl_select_state(dpi->pinctrl, dpi->pins_dpi);
- mtk_dpi_enable(dpi);
return 0;
err_pixel:
@@ -538,6 +537,7 @@ static void mtk_dpi_encoder_enable(struct drm_encoder *encoder)
mtk_dpi_power_on(dpi);
mtk_dpi_set_display_mode(dpi, &dpi->mode);
+ mtk_dpi_enable(dpi);
}
static int mtk_dpi_atomic_check(struct drm_encoder *encoder,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 116/389] drm: bridge: sii8620: fix possible off-by-one
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 115/389] drm/mediatek: dpi: Only enable dpi after the bridge is enabled Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 117/389] drm/msm/mdp5: Fix global state lock backoff Greg Kroah-Hartman
` (277 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Andrzej Hajda,
Robert Foss, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 21779cc21c732c5eff8ea1624be6590450baa30f ]
The next call to sii8620_burst_get_tx_buf will result in off-by-one
When ctx->burst.tx_count + size == ARRAY_SIZE(ctx->burst.tx_buf). The same
thing happens in sii8620_burst_get_rx_buf.
This patch also change tx_count and tx_buf to rx_count and rx_buf in
sii8620_burst_get_rx_buf. It is unreasonable to check tx_buf's size and
use rx_buf.
Fixes: e19e9c692f81 ("drm/bridge/sii8620: add support for burst eMSC transmissions")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220518065856.18936-1-hbh25y@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/sil-sii8620.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/sil-sii8620.c b/drivers/gpu/drm/bridge/sil-sii8620.c
index fb0b64c965b7..970bc00d2aaf 100644
--- a/drivers/gpu/drm/bridge/sil-sii8620.c
+++ b/drivers/gpu/drm/bridge/sil-sii8620.c
@@ -604,7 +604,7 @@ static void *sii8620_burst_get_tx_buf(struct sii8620 *ctx, int len)
u8 *buf = &ctx->burst.tx_buf[ctx->burst.tx_count];
int size = len + 2;
- if (ctx->burst.tx_count + size > ARRAY_SIZE(ctx->burst.tx_buf)) {
+ if (ctx->burst.tx_count + size >= ARRAY_SIZE(ctx->burst.tx_buf)) {
dev_err(ctx->dev, "TX-BLK buffer exhausted\n");
ctx->error = -EINVAL;
return NULL;
@@ -621,7 +621,7 @@ static u8 *sii8620_burst_get_rx_buf(struct sii8620 *ctx, int len)
u8 *buf = &ctx->burst.rx_buf[ctx->burst.rx_count];
int size = len + 1;
- if (ctx->burst.tx_count + size > ARRAY_SIZE(ctx->burst.tx_buf)) {
+ if (ctx->burst.rx_count + size >= ARRAY_SIZE(ctx->burst.rx_buf)) {
dev_err(ctx->dev, "RX-BLK buffer exhausted\n");
ctx->error = -EINVAL;
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 117/389] drm/msm/mdp5: Fix global state lock backoff
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 116/389] drm: bridge: sii8620: fix possible off-by-one Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 118/389] crypto: hisilicon - Kunpeng916 crypto driver dont sleep when in softirq Greg Kroah-Hartman
` (276 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rob Clark, Abhinav Kumar, Sasha Levin
From: Rob Clark <robdclark@chromium.org>
[ Upstream commit 92ef86ab513593c6329d04146e61f9a670e72fc5 ]
We need to grab the lock after the early return for !hwpipe case.
Otherwise, we could have hit contention yet still returned 0.
Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged
in CI:
WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154
Modules linked in:
CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1
Hardware name: Qualcomm Technologies, Inc. DB820c (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drm_modeset_lock+0xf8/0x154
lr : drm_atomic_get_private_obj_state+0x84/0x170
sp : ffff80000cfab6a0
x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00
x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58
x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001
x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038
x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0
x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47
x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610
x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000
x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029
x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58
Call trace:
drm_modeset_lock+0xf8/0x154
drm_atomic_get_private_obj_state+0x84/0x170
mdp5_get_global_state+0x54/0x6c
mdp5_pipe_release+0x2c/0xd4
mdp5_plane_atomic_check+0x2ec/0x414
drm_atomic_helper_check_planes+0xd8/0x210
drm_atomic_helper_check+0x54/0xb0
...
---[ end trace 0000000000000000 ]---
drm_modeset_lock attempting to lock a contended lock without backoff:
drm_modeset_lock+0x148/0x154
mdp5_get_global_state+0x30/0x6c
mdp5_pipe_release+0x2c/0xd4
mdp5_plane_atomic_check+0x290/0x414
drm_atomic_helper_check_planes+0xd8/0x210
drm_atomic_helper_check+0x54/0xb0
drm_atomic_check_only+0x4b0/0x8f4
drm_atomic_commit+0x68/0xe0
Fixes: d59be579fa93 ("drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/492701/
Link: https://lore.kernel.org/r/20220707162040.1594855-1-robdclark@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
index a4f5cb90f3e8..e4b8a789835a 100644
--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
+++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c
@@ -123,12 +123,13 @@ int mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe)
{
struct msm_drm_private *priv = s->dev->dev_private;
struct mdp5_kms *mdp5_kms = to_mdp5_kms(to_mdp_kms(priv->kms));
- struct mdp5_global_state *state = mdp5_get_global_state(s);
+ struct mdp5_global_state *state;
struct mdp5_hw_pipe_state *new_state;
if (!hwpipe)
return 0;
+ state = mdp5_get_global_state(s);
if (IS_ERR(state))
return PTR_ERR(state);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 118/389] crypto: hisilicon - Kunpeng916 crypto driver dont sleep when in softirq
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 117/389] drm/msm/mdp5: Fix global state lock backoff Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 119/389] media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment Greg Kroah-Hartman
` (275 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhengchao Shao, Herbert Xu, Sasha Levin
From: Zhengchao Shao <shaozhengchao@huawei.com>
[ Upstream commit 68740ab505431f268dc1ee26a54b871e75f0ddaa ]
When kunpeng916 encryption driver is used to deencrypt and decrypt
packets during the softirq, it is not allowed to use mutex lock.
Fixes: 915e4e8413da ("crypto: hisilicon - SEC security accelerator driver")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/hisilicon/sec/sec_algs.c | 14 +++++++-------
drivers/crypto/hisilicon/sec/sec_drv.h | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/hisilicon/sec/sec_algs.c b/drivers/crypto/hisilicon/sec/sec_algs.c
index 4ad4ffd90cee..2402941a7f2f 100644
--- a/drivers/crypto/hisilicon/sec/sec_algs.c
+++ b/drivers/crypto/hisilicon/sec/sec_algs.c
@@ -449,7 +449,7 @@ static void sec_skcipher_alg_callback(struct sec_bd_info *sec_resp,
*/
}
- mutex_lock(&ctx->queue->queuelock);
+ spin_lock_bh(&ctx->queue->queuelock);
/* Put the IV in place for chained cases */
switch (ctx->cipher_alg) {
case SEC_C_AES_CBC_128:
@@ -509,7 +509,7 @@ static void sec_skcipher_alg_callback(struct sec_bd_info *sec_resp,
list_del(&backlog_req->backlog_head);
}
}
- mutex_unlock(&ctx->queue->queuelock);
+ spin_unlock_bh(&ctx->queue->queuelock);
mutex_lock(&sec_req->lock);
list_del(&sec_req_el->head);
@@ -798,7 +798,7 @@ static int sec_alg_skcipher_crypto(struct skcipher_request *skreq,
*/
/* Grab a big lock for a long time to avoid concurrency issues */
- mutex_lock(&queue->queuelock);
+ spin_lock_bh(&queue->queuelock);
/*
* Can go on to queue if we have space in either:
@@ -814,15 +814,15 @@ static int sec_alg_skcipher_crypto(struct skcipher_request *skreq,
ret = -EBUSY;
if ((skreq->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) {
list_add_tail(&sec_req->backlog_head, &ctx->backlog);
- mutex_unlock(&queue->queuelock);
+ spin_unlock_bh(&queue->queuelock);
goto out;
}
- mutex_unlock(&queue->queuelock);
+ spin_unlock_bh(&queue->queuelock);
goto err_free_elements;
}
ret = sec_send_request(sec_req, queue);
- mutex_unlock(&queue->queuelock);
+ spin_unlock_bh(&queue->queuelock);
if (ret)
goto err_free_elements;
@@ -881,7 +881,7 @@ static int sec_alg_skcipher_init(struct crypto_skcipher *tfm)
if (IS_ERR(ctx->queue))
return PTR_ERR(ctx->queue);
- mutex_init(&ctx->queue->queuelock);
+ spin_lock_init(&ctx->queue->queuelock);
ctx->queue->havesoftqueue = false;
return 0;
diff --git a/drivers/crypto/hisilicon/sec/sec_drv.h b/drivers/crypto/hisilicon/sec/sec_drv.h
index 4d9063a8b10b..0bf4d7c3856c 100644
--- a/drivers/crypto/hisilicon/sec/sec_drv.h
+++ b/drivers/crypto/hisilicon/sec/sec_drv.h
@@ -347,7 +347,7 @@ struct sec_queue {
DECLARE_BITMAP(unprocessed, SEC_QUEUE_LEN);
DECLARE_KFIFO_PTR(softqueue, typeof(struct sec_request_el *));
bool havesoftqueue;
- struct mutex queuelock;
+ spinlock_t queuelock;
void *shadow[SEC_QUEUE_LEN];
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 119/389] media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 118/389] crypto: hisilicon - Kunpeng916 crypto driver dont sleep when in softirq Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 120/389] mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() Greg Kroah-Hartman
` (274 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Houlong Wei, Irui Wang, Hans Verkuil, Mauro Carvalho Chehab,
Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit ab14c99c035da7156a3b66fa171171295bc4b89a ]
The mdp_ipi_comm structure defines a command that is either
PROCESS (start processing) or DEINIT (destroy instance); we
are using this one to send PROCESS or DEINIT commands from Linux
to an MDP instance through a VPU write but, while the first wants
us to stay 4-bytes aligned, the VPU instead requires an 8-bytes
data alignment.
Keeping in mind that these commands are executed immediately
after sending them (hence not chained with others before the
VPU/MDP "actually" start executing), it is fine to simply add
a padding of 4 bytes to this structure: this keeps the same
performance as before, as we're still stack-allocating it,
while avoiding hackery inside of mtk-vpu to ensure alignment
bringing a definitely bigger performance impact.
Fixes: c8eb2d7e8202 ("[media] media: Add Mediatek MDP Driver")
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Houlong Wei <houlong.wei@mediatek.com>
Reviewed-by: Irui Wang <irui.wang@mediatek.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/mtk-mdp/mtk_mdp_ipi.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/mtk-mdp/mtk_mdp_ipi.h b/drivers/media/platform/mtk-mdp/mtk_mdp_ipi.h
index 2cb8cecb3077..b810c96695c8 100644
--- a/drivers/media/platform/mtk-mdp/mtk_mdp_ipi.h
+++ b/drivers/media/platform/mtk-mdp/mtk_mdp_ipi.h
@@ -40,12 +40,14 @@ struct mdp_ipi_init {
* @ipi_id : IPI_MDP
* @ap_inst : AP mtk_mdp_vpu address
* @vpu_inst_addr : VPU MDP instance address
+ * @padding : Alignment padding
*/
struct mdp_ipi_comm {
uint32_t msg_id;
uint32_t ipi_id;
uint64_t ap_inst;
uint32_t vpu_inst_addr;
+ uint32_t padding;
};
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 120/389] mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 119/389] media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 121/389] drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed Greg Kroah-Hartman
` (273 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Felix Fietkau, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 0a14c1d0113f121151edf34333cdf212dd209190 ]
We should use of_node_put() for the reference 'np' returned by
of_get_child_by_name() which will increase the refcount.
Fixes: 17f1de56df05 ("mt76: add common code shared between multiple chipsets")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mac80211.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wireless/mediatek/mt76/mac80211.c
index 8bd191347b9f..179337eb39ba 100644
--- a/drivers/net/wireless/mediatek/mt76/mac80211.c
+++ b/drivers/net/wireless/mediatek/mt76/mac80211.c
@@ -103,6 +103,7 @@ static int mt76_led_init(struct mt76_dev *dev)
if (!of_property_read_u32(np, "led-sources", &led_pin))
dev->led_pin = led_pin;
dev->led_al = of_property_read_bool(np, "led-active-low");
+ of_node_put(np);
}
return led_classdev_register(dev->dev, &dev->led_cdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 121/389] drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 120/389] mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 122/389] tcp: make retransmitted SKB fit into the send window Greg Kroah-Hartman
` (272 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Jian Zhang, Inki Dae,
Sasha Levin
From: Jian Zhang <zhangjian210@huawei.com>
[ Upstream commit 48b927770f8ad3f8cf4a024a552abf272af9f592 ]
In exynos7_decon_resume, When it fails, we must use clk_disable_unprepare()
to free resource that have been used.
Fixes: 6f83d20838c09 ("drm/exynos: use DRM_DEV_ERROR to print out error
message")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Jian Zhang <zhangjian210@huawei.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/exynos/exynos7_drm_decon.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c
index 6fd40410dfd2..afca5fc46020 100644
--- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c
+++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c
@@ -800,31 +800,40 @@ static int exynos7_decon_resume(struct device *dev)
if (ret < 0) {
DRM_DEV_ERROR(dev, "Failed to prepare_enable the pclk [%d]\n",
ret);
- return ret;
+ goto err_pclk_enable;
}
ret = clk_prepare_enable(ctx->aclk);
if (ret < 0) {
DRM_DEV_ERROR(dev, "Failed to prepare_enable the aclk [%d]\n",
ret);
- return ret;
+ goto err_aclk_enable;
}
ret = clk_prepare_enable(ctx->eclk);
if (ret < 0) {
DRM_DEV_ERROR(dev, "Failed to prepare_enable the eclk [%d]\n",
ret);
- return ret;
+ goto err_eclk_enable;
}
ret = clk_prepare_enable(ctx->vclk);
if (ret < 0) {
DRM_DEV_ERROR(dev, "Failed to prepare_enable the vclk [%d]\n",
ret);
- return ret;
+ goto err_vclk_enable;
}
return 0;
+
+err_vclk_enable:
+ clk_disable_unprepare(ctx->eclk);
+err_eclk_enable:
+ clk_disable_unprepare(ctx->aclk);
+err_aclk_enable:
+ clk_disable_unprepare(ctx->pclk);
+err_pclk_enable:
+ return ret;
}
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 122/389] tcp: make retransmitted SKB fit into the send window
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 121/389] drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 123/389] libbpf: Fix the name of a reused map Greg Kroah-Hartman
` (271 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yonglong Li, Eric Dumazet,
Jakub Kicinski, Sasha Levin
From: Yonglong Li <liyonglong@chinatelecom.cn>
[ Upstream commit 536a6c8e05f95e3d1118c40ae8b3022ee2d05d52 ]
current code of __tcp_retransmit_skb only check TCP_SKB_CB(skb)->seq
in send window, and TCP_SKB_CB(skb)->seq_end maybe out of send window.
If receiver has shrunk his window, and skb is out of new window, it
should retransmit a smaller portion of the payload.
test packetdrill script:
0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
+0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
+0 connect(3, ..., ...) = -1 EINPROGRESS (Operation now in progress)
+0 > S 0:0(0) win 65535 <mss 1460,sackOK,TS val 100 ecr 0,nop,wscale 8>
+.05 < S. 0:0(0) ack 1 win 6000 <mss 1000,nop,nop,sackOK>
+0 > . 1:1(0) ack 1
+0 write(3, ..., 10000) = 10000
+0 > . 1:2001(2000) ack 1 win 65535
+0 > . 2001:4001(2000) ack 1 win 65535
+0 > . 4001:6001(2000) ack 1 win 65535
+.05 < . 1:1(0) ack 4001 win 1001
and tcpdump show:
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 1:2001, ack 1, win 65535, length 2000
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 2001:4001, ack 1, win 65535, length 2000
192.168.226.67.55 > 192.0.2.1.8080: Flags [P.], seq 4001:5001, ack 1, win 65535, length 1000
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 5001:6001, ack 1, win 65535, length 1000
192.0.2.1.8080 > 192.168.226.67.55: Flags [.], ack 4001, win 1001, length 0
192.168.226.67.55 > 192.0.2.1.8080: Flags [.], seq 5001:6001, ack 1, win 65535, length 1000
192.168.226.67.55 > 192.0.2.1.8080: Flags [P.], seq 4001:5001, ack 1, win 65535, length 1000
when cient retract window to 1001, send window is [4001,5002],
but TLP send 5001-6001 packet which is out of send window.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yonglong Li <liyonglong@chinatelecom.cn>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/1657532838-20200-1-git-send-email-liyonglong@chinatelecom.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_output.c | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index ef749a47768a..fa7fb30e4b59 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2911,7 +2911,7 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
struct tcp_sock *tp = tcp_sk(sk);
unsigned int cur_mss;
int diff, len, err;
-
+ int avail_wnd;
/* Inconclusive MTU probe */
if (icsk->icsk_mtup.probe_size)
@@ -2941,17 +2941,25 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
return -EHOSTUNREACH; /* Routing failure or similar. */
cur_mss = tcp_current_mss(sk);
+ avail_wnd = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
/* If receiver has shrunk his window, and skb is out of
* new window, do not retransmit it. The exception is the
* case, when window is shrunk to zero. In this case
- * our retransmit serves as a zero window probe.
+ * our retransmit of one segment serves as a zero window probe.
*/
- if (!before(TCP_SKB_CB(skb)->seq, tcp_wnd_end(tp)) &&
- TCP_SKB_CB(skb)->seq != tp->snd_una)
- return -EAGAIN;
+ if (avail_wnd <= 0) {
+ if (TCP_SKB_CB(skb)->seq != tp->snd_una)
+ return -EAGAIN;
+ avail_wnd = cur_mss;
+ }
len = cur_mss * segs;
+ if (len > avail_wnd) {
+ len = rounddown(avail_wnd, cur_mss);
+ if (!len)
+ len = avail_wnd;
+ }
if (skb->len > len) {
if (tcp_fragment(sk, TCP_FRAG_IN_RTX_QUEUE, skb, len,
cur_mss, GFP_ATOMIC))
@@ -2965,8 +2973,9 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
diff -= tcp_skb_pcount(skb);
if (diff)
tcp_adjust_pcount(sk, skb, diff);
- if (skb->len < cur_mss)
- tcp_retrans_try_collapse(sk, skb, cur_mss);
+ avail_wnd = min_t(int, avail_wnd, cur_mss);
+ if (skb->len < avail_wnd)
+ tcp_retrans_try_collapse(sk, skb, avail_wnd);
}
/* RFC3168, section 6.1.1.1. ECN fallback */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 123/389] libbpf: Fix the name of a reused map
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 122/389] tcp: make retransmitted SKB fit into the send window Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 124/389] selftests: timers: valid-adjtimex: build fix for newer toolchains Greg Kroah-Hartman
` (270 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anquan Wu, Andrii Nakryiko, Sasha Levin
From: Anquan Wu <leiqi96@hotmail.com>
[ Upstream commit bf3f00378524adae16628cbadbd11ba7211863bb ]
BPF map name is limited to BPF_OBJ_NAME_LEN.
A map name is defined as being longer than BPF_OBJ_NAME_LEN,
it will be truncated to BPF_OBJ_NAME_LEN when a userspace program
calls libbpf to create the map. A pinned map also generates a path
in the /sys. If the previous program wanted to reuse the map,
it can not get bpf_map by name, because the name of the map is only
partially the same as the name which get from pinned path.
The syscall information below show that map name "process_pinned_map"
is truncated to "process_pinned_".
bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/process_pinned_map",
bpf_fd=0, file_flags=0}, 144) = -1 ENOENT (No such file or directory)
bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_HASH, key_size=4,
value_size=4,max_entries=1024, map_flags=0, inner_map_fd=0,
map_name="process_pinned_",map_ifindex=0, btf_fd=3, btf_key_type_id=6,
btf_value_type_id=10,btf_vmlinux_value_type_id=0}, 72) = 4
This patch check that if the name of pinned map are the same as the
actual name for the first (BPF_OBJ_NAME_LEN - 1),
bpf map still uses the name which is included in bpf object.
Fixes: 26736eb9a483 ("tools: libbpf: allow map reuse")
Signed-off-by: Anquan Wu <leiqi96@hotmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/OSZP286MB1725CEA1C95C5CB8E7CCC53FB8869@OSZP286MB1725.JPNP286.PROD.OUTLOOK.COM
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/bpf/libbpf.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 2a1dbf52fc9a..b8849812449c 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -1884,7 +1884,7 @@ static int bpf_map_find_btf_info(struct bpf_object *obj, struct bpf_map *map)
int bpf_map__reuse_fd(struct bpf_map *map, int fd)
{
struct bpf_map_info info = {};
- __u32 len = sizeof(info);
+ __u32 len = sizeof(info), name_len;
int new_fd, err;
char *new_name;
@@ -1892,7 +1892,12 @@ int bpf_map__reuse_fd(struct bpf_map *map, int fd)
if (err)
return err;
- new_name = strdup(info.name);
+ name_len = strlen(info.name);
+ if (name_len == BPF_OBJ_NAME_LEN - 1 && strncmp(map->name, info.name, name_len) == 0)
+ new_name = strdup(map->name);
+ else
+ new_name = strdup(info.name);
+
if (!new_name)
return -errno;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 124/389] selftests: timers: valid-adjtimex: build fix for newer toolchains
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 123/389] libbpf: Fix the name of a reused map Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 125/389] selftests: timers: clocksource-switch: fix passing errors from child Greg Kroah-Hartman
` (269 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, John Stultz,
Shuah Khan, Sasha Levin
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 9a162977d20436be5678a8e21a8e58eb4616d86a ]
Toolchains with an include file 'sys/timex.h' based on 3.18 will have a
'clock_adjtime' definition added, so it can't be static in the code:
valid-adjtimex.c:43:12: error: static declaration of ‘clock_adjtime’ follows non-static declaration
Fixes: e03a58c320e1 ("kselftests: timers: Add adjtimex SETOFFSET validity tests")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: John Stultz <jstultz@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/timers/valid-adjtimex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/timers/valid-adjtimex.c b/tools/testing/selftests/timers/valid-adjtimex.c
index 5397de708d3c..48b9a803235a 100644
--- a/tools/testing/selftests/timers/valid-adjtimex.c
+++ b/tools/testing/selftests/timers/valid-adjtimex.c
@@ -40,7 +40,7 @@
#define ADJ_SETOFFSET 0x0100
#include <sys/syscall.h>
-static int clock_adjtime(clockid_t id, struct timex *tx)
+int clock_adjtime(clockid_t id, struct timex *tx)
{
return syscall(__NR_clock_adjtime, id, tx);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 125/389] selftests: timers: clocksource-switch: fix passing errors from child
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 124/389] selftests: timers: valid-adjtimex: build fix for newer toolchains Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 126/389] fs: check FMODE_LSEEK to control internal pipe splicing Greg Kroah-Hartman
` (268 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wolfram Sang, John Stultz,
Shuah Khan, Sasha Levin
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 4d8f52ac5fa9eede7b7aa2f2d67c841d9eeb655f ]
The return value from system() is a waitpid-style integer. Do not return
it directly because with the implicit masking in exit() it will always
return 0. Access it with appropriate macros to really pass on errors.
Fixes: 7290ce1423c3 ("selftests/timers: Add clocksource-switch test from timetest suite")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: John Stultz <jstultz@google.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/timers/clocksource-switch.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/timers/clocksource-switch.c b/tools/testing/selftests/timers/clocksource-switch.c
index bfc974b4572d..c18313a5f357 100644
--- a/tools/testing/selftests/timers/clocksource-switch.c
+++ b/tools/testing/selftests/timers/clocksource-switch.c
@@ -110,10 +110,10 @@ int run_tests(int secs)
sprintf(buf, "./inconsistency-check -t %i", secs);
ret = system(buf);
- if (ret)
- return ret;
+ if (WIFEXITED(ret) && WEXITSTATUS(ret))
+ return WEXITSTATUS(ret);
ret = system("./nanosleep");
- return ret;
+ return WIFEXITED(ret) ? WEXITSTATUS(ret) : 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 126/389] fs: check FMODE_LSEEK to control internal pipe splicing
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 125/389] selftests: timers: clocksource-switch: fix passing errors from child Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 127/389] wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() Greg Kroah-Hartman
` (267 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jens Axboe, Jason A. Donenfeld,
Al Viro, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 97ef77c52b789ec1411d360ed99dca1efe4b2c81 ]
The original direct splicing mechanism from Jens required the input to
be a regular file because it was avoiding the special socket case. It
also recognized blkdevs as being close enough to a regular file. But it
forgot about chardevs, which behave the same way and work fine here.
This is an okayish heuristic, but it doesn't totally work. For example,
a few chardevs should be spliceable here. And a few regular files
shouldn't. This patch fixes this by instead checking whether FMODE_LSEEK
is set, which represents decently enough what we need rewinding for when
splicing to internal pipes.
Fixes: b92ce5589374 ("[PATCH] splice: add direct fd <-> fd splicing support")
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/splice.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/splice.c b/fs/splice.c
index e509239d7e06..ae5623244d5e 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -895,17 +895,15 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
{
struct pipe_inode_info *pipe;
long ret, bytes;
- umode_t i_mode;
size_t len;
int i, flags, more;
/*
- * We require the input being a regular file, as we don't want to
- * randomly drop data for eg socket -> socket splicing. Use the
- * piped splicing for that!
+ * We require the input to be seekable, as we don't want to randomly
+ * drop data for eg socket -> socket splicing. Use the piped splicing
+ * for that!
*/
- i_mode = file_inode(in)->i_mode;
- if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
+ if (unlikely(!(in->f_mode & FMODE_LSEEK)))
return -EINVAL;
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 127/389] wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 126/389] fs: check FMODE_LSEEK to control internal pipe splicing Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 128/389] wifi: p54: Fix an error handling path in p54spi_probe() Greg Kroah-Hartman
` (266 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 7a4836560a6198d245d5732e26f94898b12eb760 ]
The simple_write_to_buffer() function will succeed if even a single
byte is initialized. However, we need to initialize the whole buffer
to prevent information leaks. Just use memdup_user().
Fixes: ff974e408334 ("wil6210: debugfs interface to send raw WMI command")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/Ysg14NdKAZF/hcNG@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wil6210/debugfs.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c
index 304b4d4e506a..b82af3a49912 100644
--- a/drivers/net/wireless/ath/wil6210/debugfs.c
+++ b/drivers/net/wireless/ath/wil6210/debugfs.c
@@ -1023,18 +1023,12 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf,
u16 cmdid;
int rc, rc1;
- if (cmdlen < 0)
+ if (cmdlen < 0 || *ppos != 0)
return -EINVAL;
- wmi = kmalloc(len, GFP_KERNEL);
- if (!wmi)
- return -ENOMEM;
-
- rc = simple_write_to_buffer(wmi, len, ppos, buf, len);
- if (rc < 0) {
- kfree(wmi);
- return rc;
- }
+ wmi = memdup_user(buf, len);
+ if (IS_ERR(wmi))
+ return PTR_ERR(wmi);
cmd = (cmdlen > 0) ? &wmi[1] : NULL;
cmdid = le16_to_cpu(wmi->command_id);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 128/389] wifi: p54: Fix an error handling path in p54spi_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 127/389] wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 129/389] wifi: p54: add missing parentheses in p54_flush() Greg Kroah-Hartman
` (265 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Christian Lamparter, Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 83781f0162d080fec7dcb911afd1bc2f5ad04471 ]
If an error occurs after a successful call to p54spi_request_firmware(), it
must be undone by a corresponding release_firmware() as already done in
the error handling path of p54spi_request_firmware() and in the .remove()
function.
Add the missing call in the error handling path and remove it from
p54spi_request_firmware() now that it is the responsibility of the caller
to release the firmware
Fixes: cd8d3d321285 ("p54spi: p54spi driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/297d2547ff2ee627731662abceeab9dbdaf23231.1655068321.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intersil/p54/p54spi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intersil/p54/p54spi.c b/drivers/net/wireless/intersil/p54/p54spi.c
index ab0fe8565851..cdb57819684a 100644
--- a/drivers/net/wireless/intersil/p54/p54spi.c
+++ b/drivers/net/wireless/intersil/p54/p54spi.c
@@ -164,7 +164,7 @@ static int p54spi_request_firmware(struct ieee80211_hw *dev)
ret = p54_parse_firmware(dev, priv->firmware);
if (ret) {
- release_firmware(priv->firmware);
+ /* the firmware is released by the caller */
return ret;
}
@@ -659,6 +659,7 @@ static int p54spi_probe(struct spi_device *spi)
return 0;
err_free_common:
+ release_firmware(priv->firmware);
free_irq(gpio_to_irq(p54spi_gpio_irq), spi);
err_free_gpio_irq:
gpio_free(p54spi_gpio_irq);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 129/389] wifi: p54: add missing parentheses in p54_flush()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 128/389] wifi: p54: Fix an error handling path in p54spi_probe() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 130/389] selftests/bpf: fix a test for snprintf() overflow Greg Kroah-Hartman
` (264 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rustam Subkhankulov,
Christian Lamparter, Kalle Valo, Sasha Levin
From: Rustam Subkhankulov <subkhankulov@ispras.ru>
[ Upstream commit bcfd9d7f6840b06d5988c7141127795cf405805e ]
The assignment of the value to the variable total in the loop
condition must be enclosed in additional parentheses, since otherwise,
in accordance with the precedence of the operators, the conjunction
will be performed first, and only then the assignment.
Due to this error, a warning later in the function after the loop may
not occur in the situation when it should.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Rustam Subkhankulov <subkhankulov@ispras.ru>
Fixes: 0d4171e2153b ("p54: implement flush callback")
Acked-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220714134831.106004-1-subkhankulov@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intersil/p54/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intersil/p54/main.c b/drivers/net/wireless/intersil/p54/main.c
index a3ca6620dc0c..8fa3ec71603e 100644
--- a/drivers/net/wireless/intersil/p54/main.c
+++ b/drivers/net/wireless/intersil/p54/main.c
@@ -682,7 +682,7 @@ static void p54_flush(struct ieee80211_hw *dev, struct ieee80211_vif *vif,
* queues have already been stopped and no new frames can sneak
* up from behind.
*/
- while ((total = p54_flush_count(priv) && i--)) {
+ while ((total = p54_flush_count(priv)) && i--) {
/* waste time */
msleep(20);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 130/389] selftests/bpf: fix a test for snprintf() overflow
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 129/389] wifi: p54: add missing parentheses in p54_flush() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 131/389] can: pch_can: do not report txerr and rxerr during bus-off Greg Kroah-Hartman
` (263 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Martin KaFai Lau,
Alexei Starovoitov, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit c5d22f4cfe8dfb93f1db0a1e7e2e7ebc41395d98 ]
The snprintf() function returns the number of bytes which *would*
have been copied if there were space. In other words, it can be
> sizeof(pin_path).
Fixes: c0fa1b6c3efc ("bpf: btf: Add BTF tests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/r/YtZ+aD/tZMkgOUw+@kili
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_btf.c b/tools/testing/selftests/bpf/test_btf.c
index 3d617e806054..996eca57bc97 100644
--- a/tools/testing/selftests/bpf/test_btf.c
+++ b/tools/testing/selftests/bpf/test_btf.c
@@ -4808,7 +4808,7 @@ static int do_test_pprint(int test_num)
ret = snprintf(pin_path, sizeof(pin_path), "%s/%s",
"/sys/fs/bpf", test->map_name);
- if (CHECK(ret == sizeof(pin_path), "pin_path %s/%s is too long",
+ if (CHECK(ret >= sizeof(pin_path), "pin_path %s/%s is too long",
"/sys/fs/bpf", test->map_name)) {
err = -1;
goto done;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 131/389] can: pch_can: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 130/389] selftests/bpf: fix a test for snprintf() overflow Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 132/389] can: rcar_can: " Greg Kroah-Hartman
` (262 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 3a5c7e4611ddcf0ef37a3a17296b964d986161a6 ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: 0c78ab76a05c ("pch_can: Add setting TEC/REC statistics processing")
Link: https://lore.kernel.org/all/20220719143550.3681-2-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/pch_can.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/pch_can.c b/drivers/net/can/pch_can.c
index e90651f7b2ea..b148572e4a74 100644
--- a/drivers/net/can/pch_can.c
+++ b/drivers/net/can/pch_can.c
@@ -496,6 +496,9 @@ static void pch_can_error(struct net_device *ndev, u32 status)
cf->can_id |= CAN_ERR_BUSOFF;
priv->can.can_stats.bus_off++;
can_bus_off(ndev);
+ } else {
+ cf->data[6] = errc & PCH_TEC;
+ cf->data[7] = (errc & PCH_REC) >> 8;
}
errc = ioread32(&priv->regs->errc);
@@ -556,9 +559,6 @@ static void pch_can_error(struct net_device *ndev, u32 status)
break;
}
- cf->data[6] = errc & PCH_TEC;
- cf->data[7] = (errc & PCH_REC) >> 8;
-
priv->can.state = state;
netif_receive_skb(skb);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 132/389] can: rcar_can: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 131/389] can: pch_can: do not report txerr and rxerr during bus-off Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 133/389] can: sja1000: " Greg Kroah-Hartman
` (261 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit a37b7245e831a641df360ca41db6a71c023d3746 ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: fd1159318e55 ("can: add Renesas R-Car CAN driver")
Link: https://lore.kernel.org/all/20220719143550.3681-3-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/rcar/rcar_can.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/can/rcar/rcar_can.c b/drivers/net/can/rcar/rcar_can.c
index ac52288fa3bf..b99b1b235348 100644
--- a/drivers/net/can/rcar/rcar_can.c
+++ b/drivers/net/can/rcar/rcar_can.c
@@ -235,11 +235,8 @@ static void rcar_can_error(struct net_device *ndev)
if (eifr & (RCAR_CAN_EIFR_EWIF | RCAR_CAN_EIFR_EPIF)) {
txerr = readb(&priv->regs->tecr);
rxerr = readb(&priv->regs->recr);
- if (skb) {
+ if (skb)
cf->can_id |= CAN_ERR_CRTL;
- cf->data[6] = txerr;
- cf->data[7] = rxerr;
- }
}
if (eifr & RCAR_CAN_EIFR_BEIF) {
int rx_errors = 0, tx_errors = 0;
@@ -339,6 +336,9 @@ static void rcar_can_error(struct net_device *ndev)
can_bus_off(ndev);
if (skb)
cf->can_id |= CAN_ERR_BUSOFF;
+ } else if (skb) {
+ cf->data[6] = txerr;
+ cf->data[7] = rxerr;
}
if (eifr & RCAR_CAN_EIFR_ORIF) {
netdev_dbg(priv->ndev, "Receive overrun error interrupt\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 133/389] can: sja1000: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 132/389] can: rcar_can: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 134/389] can: hi311x: " Greg Kroah-Hartman
` (260 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 164d7cb2d5a30f1b3a5ab4fab1a27731fb1494a8 ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: 215db1856e83 ("can: sja1000: Consolidate and unify state change handling")
Link: https://lore.kernel.org/all/20220719143550.3681-4-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/sja1000/sja1000.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c
index 9f107798f904..e7327ceabb76 100644
--- a/drivers/net/can/sja1000/sja1000.c
+++ b/drivers/net/can/sja1000/sja1000.c
@@ -405,9 +405,6 @@ static int sja1000_err(struct net_device *dev, uint8_t isrc, uint8_t status)
txerr = priv->read_reg(priv, SJA1000_TXERR);
rxerr = priv->read_reg(priv, SJA1000_RXERR);
- cf->data[6] = txerr;
- cf->data[7] = rxerr;
-
if (isrc & IRQ_DOI) {
/* data overrun interrupt */
netdev_dbg(dev, "data overrun interrupt\n");
@@ -429,6 +426,10 @@ static int sja1000_err(struct net_device *dev, uint8_t isrc, uint8_t status)
else
state = CAN_STATE_ERROR_ACTIVE;
}
+ if (state != CAN_STATE_BUS_OFF) {
+ cf->data[6] = txerr;
+ cf->data[7] = rxerr;
+ }
if (isrc & IRQ_BEI) {
/* bus error interrupt */
priv->can.can_stats.bus_error++;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 134/389] can: hi311x: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 133/389] can: sja1000: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 135/389] can: sun4i_can: " Greg Kroah-Hartman
` (259 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit a22bd630cfff496b270211745536e50e98eb3a45 ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: 57e83fb9b746 ("can: hi311x: Add Holt HI-311x CAN driver")
Link: https://lore.kernel.org/all/20220719143550.3681-6-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/spi/hi311x.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/spi/hi311x.c b/drivers/net/can/spi/hi311x.c
index 7d2315c8cacb..28273e84171a 100644
--- a/drivers/net/can/spi/hi311x.c
+++ b/drivers/net/can/spi/hi311x.c
@@ -670,8 +670,6 @@ static irqreturn_t hi3110_can_ist(int irq, void *dev_id)
txerr = hi3110_read(spi, HI3110_READ_TEC);
rxerr = hi3110_read(spi, HI3110_READ_REC);
- cf->data[6] = txerr;
- cf->data[7] = rxerr;
tx_state = txerr >= rxerr ? new_state : 0;
rx_state = txerr <= rxerr ? new_state : 0;
can_change_state(net, cf, tx_state, rx_state);
@@ -684,6 +682,9 @@ static irqreturn_t hi3110_can_ist(int irq, void *dev_id)
hi3110_hw_sleep(spi);
break;
}
+ } else {
+ cf->data[6] = txerr;
+ cf->data[7] = rxerr;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 135/389] can: sun4i_can: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 134/389] can: hi311x: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 136/389] can: kvaser_usb_hydra: " Greg Kroah-Hartman
` (258 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Vincent Mailhol,
Marc Kleine-Budde, Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 0ac15a8f661b941519379831d09bfb12271b23ee ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: 0738eff14d81 ("can: Allwinner A10/A20 CAN Controller support - Kernel module")
Link: https://lore.kernel.org/all/20220719143550.3681-7-mailhol.vincent@wanadoo.fr
CC: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/sun4i_can.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/net/can/sun4i_can.c b/drivers/net/can/sun4i_can.c
index f4cd88196404..c519b6f63b33 100644
--- a/drivers/net/can/sun4i_can.c
+++ b/drivers/net/can/sun4i_can.c
@@ -525,11 +525,6 @@ static int sun4i_can_err(struct net_device *dev, u8 isrc, u8 status)
rxerr = (errc >> 16) & 0xFF;
txerr = errc & 0xFF;
- if (skb) {
- cf->data[6] = txerr;
- cf->data[7] = rxerr;
- }
-
if (isrc & SUN4I_INT_DATA_OR) {
/* data overrun interrupt */
netdev_dbg(dev, "data overrun interrupt\n");
@@ -560,6 +555,10 @@ static int sun4i_can_err(struct net_device *dev, u8 isrc, u8 status)
else
state = CAN_STATE_ERROR_ACTIVE;
}
+ if (skb && state != CAN_STATE_BUS_OFF) {
+ cf->data[6] = txerr;
+ cf->data[7] = rxerr;
+ }
if (isrc & SUN4I_INT_BUS_ERR) {
/* bus error interrupt */
netdev_dbg(dev, "bus error interrupt\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 136/389] can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 135/389] can: sun4i_can: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 137/389] can: kvaser_usb_leaf: " Greg Kroah-Hartman
` (257 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Vincent Mailhol,
Marc Kleine-Budde, Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 936e90595376e64b6247c72d3ea8b8b164b7ac96 ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: aec5fb2268b7 ("can: kvaser_usb: Add support for Kvaser USB hydra family")
Link: https://lore.kernel.org/all/20220719143550.3681-8-mailhol.vincent@wanadoo.fr
CC: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
index a7c408acb0c0..01d4a731b579 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
@@ -890,8 +890,10 @@ static void kvaser_usb_hydra_update_state(struct kvaser_usb_net_priv *priv,
new_state < CAN_STATE_BUS_OFF)
priv->can.can_stats.restarts++;
- cf->data[6] = bec->txerr;
- cf->data[7] = bec->rxerr;
+ if (new_state != CAN_STATE_BUS_OFF) {
+ cf->data[6] = bec->txerr;
+ cf->data[7] = bec->rxerr;
+ }
stats = &netdev->stats;
stats->rx_packets++;
@@ -1045,8 +1047,10 @@ kvaser_usb_hydra_error_frame(struct kvaser_usb_net_priv *priv,
shhwtstamps->hwtstamp = hwtstamp;
cf->can_id |= CAN_ERR_BUSERROR;
- cf->data[6] = bec.txerr;
- cf->data[7] = bec.rxerr;
+ if (new_state != CAN_STATE_BUS_OFF) {
+ cf->data[6] = bec.txerr;
+ cf->data[7] = bec.rxerr;
+ }
stats->rx_packets++;
stats->rx_bytes += cf->can_dlc;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 137/389] can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 136/389] can: kvaser_usb_hydra: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 138/389] can: usb_8dev: " Greg Kroah-Hartman
` (256 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jimmy Assarsson, Vincent Mailhol,
Marc Kleine-Budde, Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit a57732084e06791d37ea1ea447cca46220737abd ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: 7259124eac7d1 ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c")
Link: https://lore.kernel.org/all/20220719143550.3681-9-mailhol.vincent@wanadoo.fr
CC: Jimmy Assarsson <extja@kvaser.com>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
index 0e0403dd0550..5e281249ad5f 100644
--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
@@ -857,8 +857,10 @@ static void kvaser_usb_leaf_rx_error(const struct kvaser_usb *dev,
break;
}
- cf->data[6] = es->txerr;
- cf->data[7] = es->rxerr;
+ if (new_state != CAN_STATE_BUS_OFF) {
+ cf->data[6] = es->txerr;
+ cf->data[7] = es->rxerr;
+ }
stats->rx_packets++;
stats->rx_bytes += cf->can_dlc;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 138/389] can: usb_8dev: do not report txerr and rxerr during bus-off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 137/389] can: kvaser_usb_leaf: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 139/389] can: error: specify the values of data[5..7] of CAN error frames Greg Kroah-Hartman
` (255 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit aebe8a2433cd090ccdc222861f44bddb75eb01de ]
During bus off, the error count is greater than 255 and can not fit in
a u8.
Fixes: 0024d8ad1639 ("can: usb_8dev: Add support for USB2CAN interface from 8 devices")
Link: https://lore.kernel.org/all/20220719143550.3681-10-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/usb/usb_8dev.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/can/usb/usb_8dev.c b/drivers/net/can/usb/usb_8dev.c
index b514b2eaa318..89a94c16fc08 100644
--- a/drivers/net/can/usb/usb_8dev.c
+++ b/drivers/net/can/usb/usb_8dev.c
@@ -442,9 +442,10 @@ static void usb_8dev_rx_err_msg(struct usb_8dev_priv *priv,
if (rx_errors)
stats->rx_errors++;
-
- cf->data[6] = txerr;
- cf->data[7] = rxerr;
+ if (priv->can.state != CAN_STATE_BUS_OFF) {
+ cf->data[6] = txerr;
+ cf->data[7] = rxerr;
+ }
priv->bec.txerr = txerr;
priv->bec.rxerr = rxerr;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 139/389] can: error: specify the values of data[5..7] of CAN error frames
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 138/389] can: usb_8dev: " Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 140/389] can: pch_can: pch_can_error(): initialize errc before using it Greg Kroah-Hartman
` (254 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Mailhol, Marc Kleine-Budde,
Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit e70a3263a7eed768d5f947b8f2aff8d2a79c9d97 ]
Currently, data[5..7] of struct can_frame, when used as a CAN error
frame, are defined as being "controller specific". Device specific
behaviours are problematic because it prevents someone from writing
code which is portable between devices.
As a matter of fact, data[5] is never used, data[6] is always used to
report TX error counter and data[7] is always used to report RX error
counter. can-utils also relies on this.
This patch updates the comment in the uapi header to specify that
data[5] is reserved (and thus should not be used) and that data[6..7]
are used for error counters.
Fixes: 0d66548a10cb ("[CAN]: Add PF_CAN core module")
Link: https://lore.kernel.org/all/20220719143550.3681-11-mailhol.vincent@wanadoo.fr
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/can/error.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/can/error.h b/include/uapi/linux/can/error.h
index 34633283de64..a1000cb63063 100644
--- a/include/uapi/linux/can/error.h
+++ b/include/uapi/linux/can/error.h
@@ -120,6 +120,9 @@
#define CAN_ERR_TRX_CANL_SHORT_TO_GND 0x70 /* 0111 0000 */
#define CAN_ERR_TRX_CANL_SHORT_TO_CANH 0x80 /* 1000 0000 */
-/* controller specific additional information / data[5..7] */
+/* data[5] is reserved (do not use) */
+
+/* TX error counter / data[6] */
+/* RX error counter / data[7] */
#endif /* _UAPI_CAN_ERROR_H */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 140/389] can: pch_can: pch_can_error(): initialize errc before using it
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 139/389] can: error: specify the values of data[5..7] of CAN error frames Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 141/389] Bluetooth: hci_intel: Add check for platform_driver_register Greg Kroah-Hartman
` (253 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nathan Chancellor, Vincent Mailhol,
Marc Kleine-Budde, Sasha Levin
From: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
[ Upstream commit 9950f11211331180269867aef848c7cf56861742 ]
After commit 3a5c7e4611dd, the variable errc is accessed before being
initialized, c.f. below W=2 warning:
| In function 'pch_can_error',
| inlined from 'pch_can_poll' at drivers/net/can/pch_can.c:739:4:
| drivers/net/can/pch_can.c:501:29: warning: 'errc' may be used uninitialized [-Wmaybe-uninitialized]
| 501 | cf->data[6] = errc & PCH_TEC;
| | ^
| drivers/net/can/pch_can.c: In function 'pch_can_poll':
| drivers/net/can/pch_can.c:484:13: note: 'errc' was declared here
| 484 | u32 errc, lec;
| | ^~~~
Moving errc initialization up solves this issue.
Fixes: 3a5c7e4611dd ("can: pch_can: do not report txerr and rxerr during bus-off")
Reported-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/all/20220721160032.9348-1-mailhol.vincent@wanadoo.fr
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/can/pch_can.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/can/pch_can.c b/drivers/net/can/pch_can.c
index b148572e4a74..586bda050d28 100644
--- a/drivers/net/can/pch_can.c
+++ b/drivers/net/can/pch_can.c
@@ -489,6 +489,7 @@ static void pch_can_error(struct net_device *ndev, u32 status)
if (!skb)
return;
+ errc = ioread32(&priv->regs->errc);
if (status & PCH_BUS_OFF) {
pch_can_set_tx_all(priv, 0);
pch_can_set_rx_all(priv, 0);
@@ -501,7 +502,6 @@ static void pch_can_error(struct net_device *ndev, u32 status)
cf->data[7] = (errc & PCH_REC) >> 8;
}
- errc = ioread32(&priv->regs->errc);
/* Warning interrupt. */
if (status & PCH_EWARN) {
state = CAN_STATE_ERROR_WARNING;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 141/389] Bluetooth: hci_intel: Add check for platform_driver_register
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 140/389] can: pch_can: pch_can_error(): initialize errc before using it Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 142/389] i2c: cadence: Support PEC for SMBus block read Greg Kroah-Hartman
` (252 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Marcel Holtmann, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit ab2d2a982ff721f4b029282d9a40602ea46a745e ]
As platform_driver_register() could fail, it should be better
to deal with the return value in order to maintain the code
consisitency.
Fixes: 1ab1f239bf17 ("Bluetooth: hci_intel: Add support for platform driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/hci_intel.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c
index 31f25153087d..02c96c603768 100644
--- a/drivers/bluetooth/hci_intel.c
+++ b/drivers/bluetooth/hci_intel.c
@@ -1230,7 +1230,11 @@ static struct platform_driver intel_driver = {
int __init intel_init(void)
{
- platform_driver_register(&intel_driver);
+ int err;
+
+ err = platform_driver_register(&intel_driver);
+ if (err)
+ return err;
return hci_uart_register_proto(&intel_proto);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 142/389] i2c: cadence: Support PEC for SMBus block read
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 141/389] Bluetooth: hci_intel: Add check for platform_driver_register Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 143/389] i2c: mux-gpmux: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (251 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lars-Peter Clausen,
Shubhrajyoti Datta, Wolfram Sang, Sasha Levin
From: Lars-Peter Clausen <lars@metafoo.de>
[ Upstream commit 9fdf6d97f03035ad5298e2d1635036c74c2090ed ]
SMBus packet error checking (PEC) is implemented by appending one
additional byte of checksum data at the end of the message. This provides
additional protection and allows to detect data corruption on the I2C bus.
SMBus block reads support variable length reads. The first byte in the read
message is the number of available data bytes.
The combination of PEC and block read is currently not supported by the
Cadence I2C driver.
* When PEC is enabled the maximum transfer length for block reads
increases from 33 to 34 bytes.
* The I2C core smbus emulation layer relies on the driver updating the
`i2c_msg` `len` field with the number of received bytes. The updated
length is used when checking the PEC.
Add support to the Cadence I2C driver for handling SMBus block reads with
PEC. To determine the maximum transfer length uses the initial `len` value
of the `i2c_msg`. When PEC is enabled this will be 2, when it is disabled
it will be 1.
Once a read transfer is done also increment the `len` field by the amount
of received data bytes.
This change has been tested with a UCM90320 PMBus power monitor, which
requires block reads to access certain data fields, but also has PEC
enabled by default.
Fixes: df8eb5691c48 ("i2c: Add driver for Cadence I2C controller")
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Tested-by: Shubhrajyoti Datta <Shubhrajyoti.datta@amd.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-cadence.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c
index 8750e444f449..72699fdd5d11 100644
--- a/drivers/i2c/busses/i2c-cadence.c
+++ b/drivers/i2c/busses/i2c-cadence.c
@@ -348,8 +348,13 @@ static void cdns_i2c_mrecv(struct cdns_i2c *id)
ctrl_reg = cdns_i2c_readreg(CDNS_I2C_CR_OFFSET);
ctrl_reg |= CDNS_I2C_CR_RW | CDNS_I2C_CR_CLR_FIFO;
+ /*
+ * Receive up to I2C_SMBUS_BLOCK_MAX data bytes, plus one message length
+ * byte, plus one checksum byte if PEC is enabled. p_msg->len will be 2 if
+ * PEC is enabled, otherwise 1.
+ */
if (id->p_msg->flags & I2C_M_RECV_LEN)
- id->recv_count = I2C_SMBUS_BLOCK_MAX + 1;
+ id->recv_count = I2C_SMBUS_BLOCK_MAX + id->p_msg->len;
id->curr_recv_count = id->recv_count;
@@ -535,6 +540,9 @@ static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg,
if (id->err_status & CDNS_I2C_IXR_ARB_LOST)
return -EAGAIN;
+ if (msg->flags & I2C_M_RECV_LEN)
+ msg->len += min_t(unsigned int, msg->buf[0], I2C_SMBUS_BLOCK_MAX);
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 143/389] i2c: mux-gpmux: Add of_node_put() when breaking out of loop
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 142/389] i2c: cadence: Support PEC for SMBus block read Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 144/389] wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Greg Kroah-Hartman
` (250 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Peter Rosin, Wolfram Sang,
Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 6435319c34704994e19b0767f6a4e6f37439867b ]
In i2c_mux_probe(), we should call of_node_put() when breaking out
of for_each_child_of_node() which will automatically increase and
decrease the refcount.
Fixes: ac8498f0ce53 ("i2c: i2c-mux-gpmux: new driver")
Signed-off-by: Liang He <windhl@126.com>
Acked-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/muxes/i2c-mux-gpmux.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/i2c/muxes/i2c-mux-gpmux.c b/drivers/i2c/muxes/i2c-mux-gpmux.c
index f830535cff12..480ec74e6134 100644
--- a/drivers/i2c/muxes/i2c-mux-gpmux.c
+++ b/drivers/i2c/muxes/i2c-mux-gpmux.c
@@ -138,6 +138,7 @@ static int i2c_mux_probe(struct platform_device *pdev)
return 0;
err_children:
+ of_node_put(child);
i2c_mux_del_adapters(muxc);
err_parent:
i2c_put_adapter(parent);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 144/389] wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 143/389] i2c: mux-gpmux: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 145/389] wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue Greg Kroah-Hartman
` (249 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, kernel test robot,
Ammar Faizi, Kalle Valo, Sasha Levin
From: Ammar Faizi <ammarfaizi2@gnuweeb.org>
[ Upstream commit d578e0af3a003736f6c440188b156483d451b329 ]
Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user()
but it forgets to change the value to be returned that came from
simple_write_to_buffer() call. It results in the following warning:
warning: variable 'rc' is uninitialized when used here [-Wuninitialized]
return rc;
^~
Remove rc variable and just return the passed in length if the
memdup_user() succeeds.
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 7a4836560a6198d245d5732e26f94898b12eb760 ("wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()")
Fixes: ff974e4083341383d3dd4079e52ed30f57f376f0 ("wil6210: debugfs interface to send raw WMI command")
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20220724202452.61846-1-ammar.faizi@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/wil6210/debugfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c
index b82af3a49912..1e38fdf92d1d 100644
--- a/drivers/net/wireless/ath/wil6210/debugfs.c
+++ b/drivers/net/wireless/ath/wil6210/debugfs.c
@@ -1021,7 +1021,7 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf,
void *cmd;
int cmdlen = len - sizeof(struct wmi_cmd_hdr);
u16 cmdid;
- int rc, rc1;
+ int rc1;
if (cmdlen < 0 || *ppos != 0)
return -EINVAL;
@@ -1038,7 +1038,7 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf,
wil_info(wil, "0x%04x[%d] -> %d\n", cmdid, cmdlen, rc1);
- return rc;
+ return len;
}
static const struct file_operations fops_wmi = {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 145/389] wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 144/389] wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 146/389] wifi: libertas: Fix possible refcount leak in if_usb_probe() Greg Kroah-Hartman
` (248 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takayuki Nagata, Petr Stourac,
Jose Ignacio Tornos Martinez, Kalle Valo, Sasha Levin
From: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
[ Upstream commit 14a3aacf517a9de725dd3219dbbcf741e31763c4 ]
After successfull station association, if station queues are disabled for
some reason, the related lists are not emptied. So if some new element is
added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old
one and produce a BUG like this:
[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).
[ 46.535283] ------------[ cut here ]------------
[ 46.535284] kernel BUG at lib/list_debug.c:26!
[ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1
[ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012
[ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f
[ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1
[ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286
[ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000
[ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff
[ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666
[ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388
[ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0
[ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000
[ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0
[ 46.687422] Call Trace:
[ 46.689906] <TASK>
[ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]
[ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]
[ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]
[ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]
[ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]
...
In order to avoid this problem, we must also remove the related lists when
station queues are disabled.
Fixes: cfbc6c4c5b91c ("iwlwifi: mvm: support mac80211 TXQs model")
Reported-by: Takayuki Nagata <tnagata@redhat.com>
Reported-by: Petr Stourac <pstourac@redhat.com>
Tested-by: Petr Stourac <pstourac@redhat.com>
Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220719153542.81466-1-jtornosm@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index 5df4bbb6c6de..a3255100e3fe 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -1810,6 +1810,7 @@ static void iwl_mvm_disable_sta_queues(struct iwl_mvm *mvm,
iwl_mvm_txq_from_mac80211(sta->txq[i]);
mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE;
+ list_del_init(&mvmtxq->list);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 146/389] wifi: libertas: Fix possible refcount leak in if_usb_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 145/389] wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 147/389] net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS Greg Kroah-Hartman
` (247 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Kalle Valo, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 6fd57e1d120bf13d4dc6c200a7cf914e6347a316 ]
usb_get_dev will be called before lbs_get_firmware_async which means that
usb_put_dev need to be called when lbs_get_firmware_async fails.
Fixes: ce84bb69f50e ("libertas USB: convert to asynchronous firmware loading")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220620092350.39960-1-hbh25y@gmail.com
Link: https://lore.kernel.org/r/20220622113402.16969-1-colin.i.king@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/libertas/if_usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/marvell/libertas/if_usb.c b/drivers/net/wireless/marvell/libertas/if_usb.c
index 5d6dc1dd050d..32fdc4150b60 100644
--- a/drivers/net/wireless/marvell/libertas/if_usb.c
+++ b/drivers/net/wireless/marvell/libertas/if_usb.c
@@ -287,6 +287,7 @@ static int if_usb_probe(struct usb_interface *intf,
return 0;
err_get_fw:
+ usb_put_dev(udev);
lbs_remove_card(priv);
err_add_card:
if_usb_reset_device(cardp);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 147/389] net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 146/389] wifi: libertas: Fix possible refcount leak in if_usb_probe() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 148/389] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of Greg Kroah-Hartman
` (246 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Mikityanskiy, Tariq Toukan,
Saeed Mahameed, Sasha Levin
From: Maxim Mikityanskiy <maximmi@nvidia.com>
[ Upstream commit 562696c3c62c7c23dd896e9447252ce9268cb812 ]
MLX5E_MAX_RQ_NUM_MTTS should be the maximum value, so that
MLX5_MTT_OCTW(MLX5E_MAX_RQ_NUM_MTTS) fits into u16. The current value of
1 << 17 results in MLX5_MTT_OCTW(1 << 17) = 1 << 16, which doesn't fit
into u16. This commit replaces it with the maximum value that still
fits u16.
Fixes: 73281b78a37a ("net/mlx5e: Derive Striding RQ size from MTU")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en.h b/drivers/net/ethernet/mellanox/mlx5/core/en.h
index b5c8afe8cd10..3209decdcff0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h
@@ -101,7 +101,7 @@ struct page_pool;
#define MLX5E_LOG_ALIGNED_MPWQE_PPW (ilog2(MLX5E_REQUIRED_WQE_MTTS))
#define MLX5E_REQUIRED_MTTS(wqes) (wqes * MLX5E_REQUIRED_WQE_MTTS)
#define MLX5E_MAX_RQ_NUM_MTTS \
- ((1 << 16) * 2) /* So that MLX5_MTT_OCTW(num_mtts) fits into u16 */
+ (ALIGN_DOWN(U16_MAX, 4) * 2) /* So that MLX5_MTT_OCTW(num_mtts) fits into u16 */
#define MLX5E_ORDER2_MAX_PACKET_MTU (order_base_2(10 * 1024))
#define MLX5E_PARAMS_MAXIMUM_LOG_RQ_SIZE_MPW \
(ilog2(MLX5E_MAX_RQ_NUM_MTTS / MLX5E_REQUIRED_WQE_MTTS))
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 148/389] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 147/389] net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 149/389] iavf: Fix max_rate limiting Greg Kroah-Hartman
` (245 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Marek Behún,
Herbert Xu, Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit fa4d57b85786ec0e16565c75a51c208834b0c24d ]
Without MODULE_DEVICE_TABLE, crypto_safexcel.ko module is not automatically
loaded on platforms where inside-secure crypto HW is specified in device
tree (e.g. Armada 3720). So add missing MODULE_DEVICE_TABLE for of.
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/inside-secure/safexcel.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/inside-secure/safexcel.c b/drivers/crypto/inside-secure/safexcel.c
index 4d9d97c59ee3..9534f52210af 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -1658,6 +1658,8 @@ static const struct of_device_id safexcel_of_match_table[] = {
{},
};
+MODULE_DEVICE_TABLE(of, safexcel_of_match_table);
+
static struct platform_driver crypto_safexcel = {
.probe = safexcel_probe,
.remove = safexcel_remove,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 149/389] iavf: Fix max_rate limiting
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 148/389] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 150/389] netdevsim: Avoid allocation warnings triggered from user space Greg Kroah-Hartman
` (244 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Przemyslaw Patynowski, Jun Zhang,
Bharathi Sreenivas, Tony Nguyen, Sasha Levin
From: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
[ Upstream commit ec60d54cb9a3d43a02c5612a03093c18233e6601 ]
Fix max_rate option in TC, check for proper quanta boundaries.
Check for minimum value provided and if it fits expected 50Mbps
quanta.
Without this patch, iavf could send settings for max_rate limiting
that would be accepted from by PF even the max_rate option is less
than expected 50Mbps quanta. It results in no rate limiting
on traffic as rate limiting will be floored to 0.
Example:
tc qdisc add dev $vf root mqprio num_tc 3 map 0 2 1 queues \
2@0 2@2 2@4 hw 1 mode channel shaper bw_rlimit \
max_rate 50Mbps 500Mbps 500Mbps
Should limit TC0 to circa 50 Mbps
tc qdisc add dev $vf root mqprio num_tc 3 map 0 2 1 queues \
2@0 2@2 2@4 hw 1 mode channel shaper bw_rlimit \
max_rate 0Mbps 100Kbit 500Mbps
Should return error
Fixes: d5b33d024496 ("i40evf: add ndo_setup_tc callback to i40evf")
Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
Signed-off-by: Jun Zhang <xuejun.zhang@intel.com>
Tested-by: Bharathi Sreenivas <bharathi.sreenivas@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/iavf/iavf.h | 1 +
drivers/net/ethernet/intel/iavf/iavf_main.c | 25 +++++++++++++++++++--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/intel/iavf/iavf.h b/drivers/net/ethernet/intel/iavf/iavf.h
index 81ca6472937d..85275b6ede4d 100644
--- a/drivers/net/ethernet/intel/iavf/iavf.h
+++ b/drivers/net/ethernet/intel/iavf/iavf.h
@@ -86,6 +86,7 @@ struct iavf_vsi {
#define IAVF_HKEY_ARRAY_SIZE ((IAVF_VFQF_HKEY_MAX_INDEX + 1) * 4)
#define IAVF_HLUT_ARRAY_SIZE ((IAVF_VFQF_HLUT_MAX_INDEX + 1) * 4)
#define IAVF_MBPS_DIVISOR 125000 /* divisor to convert to Mbps */
+#define IAVF_MBPS_QUANTA 50
#define IAVF_VIRTCHNL_VF_RESOURCE_SIZE (sizeof(struct virtchnl_vf_resource) + \
(IAVF_MAX_VF_VSI * \
diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c b/drivers/net/ethernet/intel/iavf/iavf_main.c
index e8850ba5604c..4c41bb47fc1a 100644
--- a/drivers/net/ethernet/intel/iavf/iavf_main.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
@@ -2581,6 +2581,7 @@ static int iavf_validate_ch_config(struct iavf_adapter *adapter,
struct tc_mqprio_qopt_offload *mqprio_qopt)
{
u64 total_max_rate = 0;
+ u32 tx_rate_rem = 0;
int i, num_qps = 0;
u64 tx_rate = 0;
int ret = 0;
@@ -2595,12 +2596,32 @@ static int iavf_validate_ch_config(struct iavf_adapter *adapter,
return -EINVAL;
if (mqprio_qopt->min_rate[i]) {
dev_err(&adapter->pdev->dev,
- "Invalid min tx rate (greater than 0) specified\n");
+ "Invalid min tx rate (greater than 0) specified for TC%d\n",
+ i);
return -EINVAL;
}
- /*convert to Mbps */
+
+ /* convert to Mbps */
tx_rate = div_u64(mqprio_qopt->max_rate[i],
IAVF_MBPS_DIVISOR);
+
+ if (mqprio_qopt->max_rate[i] &&
+ tx_rate < IAVF_MBPS_QUANTA) {
+ dev_err(&adapter->pdev->dev,
+ "Invalid max tx rate for TC%d, minimum %dMbps\n",
+ i, IAVF_MBPS_QUANTA);
+ return -EINVAL;
+ }
+
+ (void)div_u64_rem(tx_rate, IAVF_MBPS_QUANTA, &tx_rate_rem);
+
+ if (tx_rate_rem != 0) {
+ dev_err(&adapter->pdev->dev,
+ "Invalid max tx rate for TC%d, not divisible by %d\n",
+ i, IAVF_MBPS_QUANTA);
+ return -EINVAL;
+ }
+
total_max_rate += tx_rate;
num_qps += mqprio_qopt->qopt.count[i];
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 150/389] netdevsim: Avoid allocation warnings triggered from user space
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 149/389] iavf: Fix max_rate limiting Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 151/389] net: rose: fix netdev reference changes Greg Kroah-Hartman
` (243 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+ad24705d3fd6463b18c6,
Jakub Kicinski, Andrii Nakryiko, Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit d0b80a9edb1a029ff913e81b47540e57ad034329 ]
We need to suppress warnings from sily map sizes. Also switch
from GFP_USER to GFP_KERNEL_ACCOUNT, I'm pretty sure I misunderstood
the flags when writing this code.
Fixes: 395cacb5f1a0 ("netdevsim: bpf: support fake map offload")
Reported-by: syzbot+ad24705d3fd6463b18c6@syzkaller.appspotmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220726213605.154204-1-kuba@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/netdevsim/bpf.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/net/netdevsim/bpf.c b/drivers/net/netdevsim/bpf.c
index e0a4acc6144b..8e47755cc159 100644
--- a/drivers/net/netdevsim/bpf.c
+++ b/drivers/net/netdevsim/bpf.c
@@ -347,10 +347,12 @@ nsim_map_alloc_elem(struct bpf_offloaded_map *offmap, unsigned int idx)
{
struct nsim_bpf_bound_map *nmap = offmap->dev_priv;
- nmap->entry[idx].key = kmalloc(offmap->map.key_size, GFP_USER);
+ nmap->entry[idx].key = kmalloc(offmap->map.key_size,
+ GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
if (!nmap->entry[idx].key)
return -ENOMEM;
- nmap->entry[idx].value = kmalloc(offmap->map.value_size, GFP_USER);
+ nmap->entry[idx].value = kmalloc(offmap->map.value_size,
+ GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
if (!nmap->entry[idx].value) {
kfree(nmap->entry[idx].key);
nmap->entry[idx].key = NULL;
@@ -492,7 +494,7 @@ nsim_bpf_map_alloc(struct netdevsim *ns, struct bpf_offloaded_map *offmap)
if (offmap->map.map_flags)
return -EINVAL;
- nmap = kzalloc(sizeof(*nmap), GFP_USER);
+ nmap = kzalloc(sizeof(*nmap), GFP_KERNEL_ACCOUNT);
if (!nmap)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 151/389] net: rose: fix netdev reference changes
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 150/389] netdevsim: Avoid allocation warnings triggered from user space Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 152/389] dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock Greg Kroah-Hartman
` (242 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bernard Pidoux, Eric Dumazet,
Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 931027820e4dafabc78aff82af59f8c1c4bd3128 ]
Bernard reported that trying to unload rose module would lead
to infamous messages:
unregistered_netdevice: waiting for rose0 to become free. Usage count = xx
This patch solves the issue, by making sure each socket referring to
a netdevice holds a reference count on it, and properly releases it
in rose_release().
rose_dev_first() is also fixed to take a device reference
before leaving the rcu_read_locked section.
Following patch will add ref_tracker annotations to ease
future bug hunting.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: Bernard Pidoux <f6bvp@free.fr>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Bernard Pidoux <f6bvp@free.fr>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/rose/af_rose.c | 11 +++++++++--
net/rose/rose_route.c | 2 ++
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 6a0df7c8a939..95dda29058a0 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -169,6 +169,7 @@ static void rose_kill_by_device(struct net_device *dev)
rose_disconnect(s, ENETUNREACH, ROSE_OUT_OF_ORDER, 0);
if (rose->neighbour)
rose->neighbour->use--;
+ dev_put(rose->device);
rose->device = NULL;
}
}
@@ -569,6 +570,8 @@ static struct sock *rose_make_new(struct sock *osk)
rose->idle = orose->idle;
rose->defer = orose->defer;
rose->device = orose->device;
+ if (rose->device)
+ dev_hold(rose->device);
rose->qbitincl = orose->qbitincl;
return sk;
@@ -622,6 +625,7 @@ static int rose_release(struct socket *sock)
break;
}
+ dev_put(rose->device);
sock->sk = NULL;
release_sock(sk);
sock_put(sk);
@@ -698,7 +702,6 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
struct rose_sock *rose = rose_sk(sk);
struct sockaddr_rose *addr = (struct sockaddr_rose *)uaddr;
unsigned char cause, diagnostic;
- struct net_device *dev;
ax25_uid_assoc *user;
int n, err = 0;
@@ -755,9 +758,12 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
}
if (sock_flag(sk, SOCK_ZAPPED)) { /* Must bind first - autobinding in this may or may not work */
+ struct net_device *dev;
+
sock_reset_flag(sk, SOCK_ZAPPED);
- if ((dev = rose_dev_first()) == NULL) {
+ dev = rose_dev_first();
+ if (!dev) {
err = -ENETUNREACH;
goto out_release;
}
@@ -765,6 +771,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
user = ax25_findbyuid(current_euid());
if (!user) {
err = -EINVAL;
+ dev_put(dev);
goto out_release;
}
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 5f32113c9bbd..64d441d3b653 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -613,6 +613,8 @@ struct net_device *rose_dev_first(void)
if (first == NULL || strncmp(dev->name, first->name, 3) < 0)
first = dev;
}
+ if (first)
+ dev_hold(first);
rcu_read_unlock();
return first;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 152/389] dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 151/389] net: rose: fix netdev reference changes Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 153/389] clk: renesas: r9a06g032: Fix UART clkgrp bitsel Greg Kroah-Hartman
` (241 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Jakub Kicinski, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit a41b17ff9dacd22f5f118ee53d82da0f3e52d5e3 ]
In the case of sk->dccps_qpolicy == DCCPQ_POLICY_PRIO, dccp_qpolicy_full
will drop a skb when qpolicy is full. And the lock in dccp_sendmsg is
released before sock_alloc_send_skb and then relocked after
sock_alloc_send_skb. The following conditions may lead dccp_qpolicy_push
to add skb to an already full sk_write_queue:
thread1--->lock
thread1--->dccp_qpolicy_full: queue is full. drop a skb
thread1--->unlock
thread2--->lock
thread2--->dccp_qpolicy_full: queue is not full. no need to drop.
thread2--->unlock
thread1--->lock
thread1--->dccp_qpolicy_push: add a skb. queue is full.
thread1--->unlock
thread2--->lock
thread2--->dccp_qpolicy_push: add a skb!
thread2--->unlock
Fix this by moving dccp_qpolicy_full.
Fixes: b1308dc015eb ("[DCCP]: Set TX Queue Length Bounds via Sysctl")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220729110027.40569-1-hbh25y@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/dccp/proto.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index cb61a9d281f6..951cbdf05ffe 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -765,11 +765,6 @@ int dccp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
lock_sock(sk);
- if (dccp_qpolicy_full(sk)) {
- rc = -EAGAIN;
- goto out_release;
- }
-
timeo = sock_sndtimeo(sk, noblock);
/*
@@ -788,6 +783,11 @@ int dccp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
if (skb == NULL)
goto out_release;
+ if (dccp_qpolicy_full(sk)) {
+ rc = -EAGAIN;
+ goto out_discard;
+ }
+
if (sk->sk_state == DCCP_CLOSED) {
rc = -ENOTCONN;
goto out_discard;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 153/389] clk: renesas: r9a06g032: Fix UART clkgrp bitsel
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 152/389] dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 154/389] mtd: maps: Fix refcount leak in of_flash_probe_versatile Greg Kroah-Hartman
` (240 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ralph Siemsen, Phil Edworthy,
Geert Uytterhoeven, Sasha Levin
From: Ralph Siemsen <ralph.siemsen@linaro.org>
[ Upstream commit 2dee50ab9e72a3cae75b65e5934c8dd3e9bf01bc ]
There are two UART clock groups, each having a mux to select its
upstream clock source. The register/bit definitions for accessing these
two muxes appear to have been reversed since introduction. Correct them
so as to match the hardware manual.
Fixes: 4c3d88526eba ("clk: renesas: Renesas R9A06G032 clock driver")
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Phil Edworthy <phil.edworthy@renesas.com>
Link: https://lore.kernel.org/r/20220518182527.1693156-1-ralph.siemsen@linaro.org
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/renesas/r9a06g032-clocks.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/clk/renesas/r9a06g032-clocks.c b/drivers/clk/renesas/r9a06g032-clocks.c
index f2dc625b745d..80df4eb041cc 100644
--- a/drivers/clk/renesas/r9a06g032-clocks.c
+++ b/drivers/clk/renesas/r9a06g032-clocks.c
@@ -286,8 +286,8 @@ static const struct r9a06g032_clkdesc r9a06g032_clocks[] = {
.name = "uart_group_012",
.type = K_BITSEL,
.source = 1 + R9A06G032_DIV_UART,
- /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG1_PR2 */
- .dual.sel = ((0xec / 4) << 5) | 24,
+ /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG0_0 */
+ .dual.sel = ((0x34 / 4) << 5) | 30,
.dual.group = 0,
},
{
@@ -295,8 +295,8 @@ static const struct r9a06g032_clkdesc r9a06g032_clocks[] = {
.name = "uart_group_34567",
.type = K_BITSEL,
.source = 1 + R9A06G032_DIV_P2_PG,
- /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG0_0 */
- .dual.sel = ((0x34 / 4) << 5) | 30,
+ /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG1_PR2 */
+ .dual.sel = ((0xec / 4) << 5) | 24,
.dual.group = 1,
},
D_UGATE(CLK_UART0, "clk_uart0", UART_GROUP_012, 0, 0, 0x1b2, 0x1b3, 0x1b4, 0x1b5),
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 154/389] mtd: maps: Fix refcount leak in of_flash_probe_versatile
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 153/389] clk: renesas: r9a06g032: Fix UART clkgrp bitsel Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 155/389] mtd: maps: Fix refcount leak in ap_flash_init Greg Kroah-Hartman
` (239 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij,
Miquel Raynal, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 33ec82a6d2b119938f26e5c8040ed5d92378eb54 ]
of_find_matching_node_and_match() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: b0afd44bc192 ("mtd: physmap_of: add a hook for Versatile write protection")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220523140205.48625-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/maps/physmap-versatile.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mtd/maps/physmap-versatile.c b/drivers/mtd/maps/physmap-versatile.c
index ad7cd9cfaee0..297a50957356 100644
--- a/drivers/mtd/maps/physmap-versatile.c
+++ b/drivers/mtd/maps/physmap-versatile.c
@@ -207,6 +207,7 @@ int of_flash_probe_versatile(struct platform_device *pdev,
versatile_flashprot = (enum versatile_flashprot)devid->data;
rmap = syscon_node_to_regmap(sysnp);
+ of_node_put(sysnp);
if (IS_ERR(rmap))
return PTR_ERR(rmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 155/389] mtd: maps: Fix refcount leak in ap_flash_init
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 154/389] mtd: maps: Fix refcount leak in of_flash_probe_versatile Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 156/389] mtd: rawnand: meson: Fix a potential double free issue Greg Kroah-Hartman
` (238 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij,
Miquel Raynal, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 77087a04c8fd554134bddcb8a9ff87b21f357926 ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: b0afd44bc192 ("mtd: physmap_of: add a hook for Versatile write protection")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220523143255.4376-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/maps/physmap-versatile.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mtd/maps/physmap-versatile.c b/drivers/mtd/maps/physmap-versatile.c
index 297a50957356..a1b8b7b25f88 100644
--- a/drivers/mtd/maps/physmap-versatile.c
+++ b/drivers/mtd/maps/physmap-versatile.c
@@ -93,6 +93,7 @@ static int ap_flash_init(struct platform_device *pdev)
return -ENODEV;
}
ebi_base = of_iomap(ebi, 0);
+ of_node_put(ebi);
if (!ebi_base)
return -ENODEV;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 156/389] mtd: rawnand: meson: Fix a potential double free issue
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 155/389] mtd: maps: Fix refcount leak in ap_flash_init Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 157/389] HID: cp2112: prevent a buffer overflow in cp2112_xfer() Greg Kroah-Hartman
` (237 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Liang Yang,
Miquel Raynal, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit ec0da06337751b18f6dee06b6526e0f0d6e80369 ]
When meson_nfc_nand_chip_cleanup() is called, it will call:
meson_nfc_free_buffer(&meson_chip->nand);
nand_cleanup(&meson_chip->nand);
nand_cleanup() in turn will call nand_detach() which calls the
.detach_chip() which is here meson_nand_detach_chip().
meson_nand_detach_chip() already calls meson_nfc_free_buffer(), so we
could double free some memory.
Fix it by removing the unneeded explicit call to meson_nfc_free_buffer().
Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: Liang Yang <liang.yang@amlogic.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/ec15c358b8063f7c50ff4cd628cf0d2e14e43f49.1653064877.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/meson_nand.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index ab7ab6a279aa..28dc26e1a20a 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -1304,7 +1304,6 @@ static int meson_nfc_nand_chip_cleanup(struct meson_nfc *nfc)
if (ret)
return ret;
- meson_nfc_free_buffer(&meson_chip->nand);
nand_cleanup(&meson_chip->nand);
list_del(&meson_chip->node);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 157/389] HID: cp2112: prevent a buffer overflow in cp2112_xfer()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 156/389] mtd: rawnand: meson: Fix a potential double free issue Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 158/389] mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release Greg Kroah-Hartman
` (236 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Harshit Mogalapalli, Jiri Kosina,
Sasha Levin
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit 381583845d19cb4bd21c8193449385f3fefa9caf ]
Smatch warnings:
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy()
'data->block[1]' too small (33 vs 255)
drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too
small (64 vs 255)
The 'read_length' variable is provided by 'data->block[0]' which comes
from user and it(read_length) can take a value between 0-255. Add an
upper bound to 'read_length' variable to prevent a buffer overflow in
memcpy().
Fixes: 542134c0375b ("HID: cp2112: Fix I2C_BLOCK_DATA transactions")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-cp2112.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/hid/hid-cp2112.c b/drivers/hid/hid-cp2112.c
index db1b55df0d13..340408f8c8ab 100644
--- a/drivers/hid/hid-cp2112.c
+++ b/drivers/hid/hid-cp2112.c
@@ -787,6 +787,11 @@ static int cp2112_xfer(struct i2c_adapter *adap, u16 addr,
data->word = le16_to_cpup((__le16 *)buf);
break;
case I2C_SMBUS_I2C_BLOCK_DATA:
+ if (read_length > I2C_SMBUS_BLOCK_MAX) {
+ ret = -EINVAL;
+ goto power_normal;
+ }
+
memcpy(data->block + 1, buf, read_length);
break;
case I2C_SMBUS_BLOCK_DATA:
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 158/389] mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 157/389] HID: cp2112: prevent a buffer overflow in cp2112_xfer() Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 159/389] mtd: partitions: Fix refcount leak in parse_redboot_of Greg Kroah-Hartman
` (235 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Miquel Raynal, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit a61528d997619a518ee8c51cf0ef0513021afaff ]
There is a deadlock between sm_release and sm_cache_flush_work
which is a work item. The cancel_work_sync in sm_release will
not return until sm_cache_flush_work is finished. If we hold
mutex_lock and use cancel_work_sync to wait the work item to
finish, the work item also requires mutex_lock. As a result,
the sm_release will be blocked forever. The race condition is
shown below:
(Thread 1) | (Thread 2)
sm_release |
mutex_lock(&ftl->mutex) | sm_cache_flush_work
| mutex_lock(&ftl->mutex)
cancel_work_sync | ...
This patch moves del_timer_sync and cancel_work_sync out of
mutex_lock in order to mitigate deadlock.
Fixes: 7d17c02a01a1 ("mtd: Add new SmartMedia/xD FTL")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220524044841.10517-1-duoming@zju.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/sm_ftl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c
index 4744bf94ad9a..d4e72fd5e5b3 100644
--- a/drivers/mtd/sm_ftl.c
+++ b/drivers/mtd/sm_ftl.c
@@ -1097,9 +1097,9 @@ static void sm_release(struct mtd_blktrans_dev *dev)
{
struct sm_ftl *ftl = dev->priv;
- mutex_lock(&ftl->mutex);
del_timer_sync(&ftl->timer);
cancel_work_sync(&ftl->flush_work);
+ mutex_lock(&ftl->mutex);
sm_cache_flush(ftl);
mutex_unlock(&ftl->mutex);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 159/389] mtd: partitions: Fix refcount leak in parse_redboot_of
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 158/389] mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 160/389] mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()s error path Greg Kroah-Hartman
` (234 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij,
Miquel Raynal, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9f7e62815cf3cbbcb1b8cb21649fb4dfdb3aa016 ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 237960880960 ("mtd: partitions: redboot: seek fis-index-block in the right node")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220526110652.64849-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/parsers/redboot.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mtd/parsers/redboot.c b/drivers/mtd/parsers/redboot.c
index 3ccd6363ee8c..4f3bcc59a638 100644
--- a/drivers/mtd/parsers/redboot.c
+++ b/drivers/mtd/parsers/redboot.c
@@ -58,6 +58,7 @@ static void parse_redboot_of(struct mtd_info *master)
return;
ret = of_property_read_u32(npart, "fis-index-block", &dirblock);
+ of_node_put(npart);
if (ret)
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 160/389] mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()s error path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 159/389] mtd: partitions: Fix refcount leak in parse_redboot_of Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 161/389] fpga: altera-pr-ip: fix unsigned comparison with less than zero Greg Kroah-Hartman
` (233 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König, Miquel Raynal,
Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 28607b426c3d050714f250d0faeb99d2e9106e90 ]
For all but one error path clk_disable_unprepare() is already there. Add
it to the one location where it's missing.
Fixes: 481815a6193b ("mtd: st_spi_fsm: Handle clk_prepare_enable/clk_disable_unprepare.")
Fixes: 69d5af8d016c ("mtd: st_spi_fsm: Obtain and use EMI clock")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220607152458.232847-2-u.kleine-koenig@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/devices/st_spi_fsm.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/devices/st_spi_fsm.c b/drivers/mtd/devices/st_spi_fsm.c
index f4d1667daaf9..41b5a236276b 100644
--- a/drivers/mtd/devices/st_spi_fsm.c
+++ b/drivers/mtd/devices/st_spi_fsm.c
@@ -2116,10 +2116,12 @@ static int stfsm_probe(struct platform_device *pdev)
(long long)fsm->mtd.size, (long long)(fsm->mtd.size >> 20),
fsm->mtd.erasesize, (fsm->mtd.erasesize >> 10));
- return mtd_device_register(&fsm->mtd, NULL, 0);
-
+ ret = mtd_device_register(&fsm->mtd, NULL, 0);
+ if (ret) {
err_clk_unprepare:
- clk_disable_unprepare(fsm->clk);
+ clk_disable_unprepare(fsm->clk);
+ }
+
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 161/389] fpga: altera-pr-ip: fix unsigned comparison with less than zero
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 160/389] mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()s error path Greg Kroah-Hartman
@ 2022-08-23 8:23 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 162/389] usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe Greg Kroah-Hartman
` (232 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:23 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Rix, Xu Yilun, Marco Pagani, Sasha Levin
From: Marco Pagani <marpagan@redhat.com>
[ Upstream commit 2df84a757d87fd62869fc401119d429735377ec5 ]
Fix the "comparison with less than zero" warning reported by
cppcheck for the unsigned (size_t) parameter count of the
alt_pr_fpga_write() function.
Fixes: d201cc17a8a3 ("fpga pr ip: Core driver support for Altera Partial Reconfiguration IP")
Reviewed-by: Tom Rix <trix@redhat.com>
Acked-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Marco Pagani <marpagan@redhat.com>
Link: https://lore.kernel.org/r/20220609140520.42662-1-marpagan@redhat.com
Signed-off-by: Xu Yilun <yilun.xu@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/fpga/altera-pr-ip-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/fpga/altera-pr-ip-core.c b/drivers/fpga/altera-pr-ip-core.c
index 2cf25fd5e897..75b4b3ec933a 100644
--- a/drivers/fpga/altera-pr-ip-core.c
+++ b/drivers/fpga/altera-pr-ip-core.c
@@ -108,7 +108,7 @@ static int alt_pr_fpga_write(struct fpga_manager *mgr, const char *buf,
u32 *buffer_32 = (u32 *)buf;
size_t i = 0;
- if (count <= 0)
+ if (!count)
return -EINVAL;
/* Write out the complete 32-bit chunks */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 162/389] usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-08-23 8:23 ` [PATCH 5.4 161/389] fpga: altera-pr-ip: fix unsigned comparison with less than zero Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 163/389] usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe Greg Kroah-Hartman
` (231 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b5c5b13cb45e2c88181308186b0001992cb41954 ]
of_find_compatible_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 796bcae7361c ("USB: powerpc: Workaround for the PPC440EPX USBH_23 errata [take 3]")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220602110849.58549-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/ehci-ppc-of.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/host/ehci-ppc-of.c b/drivers/usb/host/ehci-ppc-of.c
index 6bbaee74f7e7..28a19693c19f 100644
--- a/drivers/usb/host/ehci-ppc-of.c
+++ b/drivers/usb/host/ehci-ppc-of.c
@@ -148,6 +148,7 @@ static int ehci_hcd_ppc_of_probe(struct platform_device *op)
} else {
ehci->has_amcc_usb23 = 1;
}
+ of_node_put(np);
}
if (of_get_property(dn, "big-endian", NULL)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 163/389] usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 162/389] usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 164/389] usb: xhci: tegra: Fix error check Greg Kroah-Hartman
` (230 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 302970b4cad3ebfda2c05ce06c322ccdc447d17e ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 73108aa90cbf ("USB: ohci-nxp: Use isp1301 driver")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220603141231.979-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/ohci-nxp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/host/ohci-nxp.c b/drivers/usb/host/ohci-nxp.c
index c561881d0e79..07cee8c7c25e 100644
--- a/drivers/usb/host/ohci-nxp.c
+++ b/drivers/usb/host/ohci-nxp.c
@@ -164,6 +164,7 @@ static int ohci_hcd_nxp_probe(struct platform_device *pdev)
}
isp1301_i2c_client = isp1301_get_client(isp1301_node);
+ of_node_put(isp1301_node);
if (!isp1301_i2c_client)
return -EPROBE_DEFER;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 164/389] usb: xhci: tegra: Fix error check
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 163/389] usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 165/389] clk: mediatek: reset: Fix written reset bit offset Greg Kroah-Hartman
` (229 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tang Bin, Sasha Levin
From: Tang Bin <tangbin@cmss.chinamobile.com>
[ Upstream commit 18fc7c435be3f17ea26a21b2e2312fcb9088e01f ]
In the function tegra_xusb_powerdomain_init(),
dev_pm_domain_attach_by_name() may return NULL in some cases,
so IS_ERR() doesn't meet the requirements. Thus fix it.
Fixes: 6494a9ad86de ("usb: xhci: tegra: Add genpd support")
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
Link: https://lore.kernel.org/r/20220524121404.18376-1-tangbin@cmss.chinamobile.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci-tegra.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c
index 6087b1fa530f..d53bdb7d297f 100644
--- a/drivers/usb/host/xhci-tegra.c
+++ b/drivers/usb/host/xhci-tegra.c
@@ -933,15 +933,15 @@ static int tegra_xusb_powerdomain_init(struct device *dev,
int err;
tegra->genpd_dev_host = dev_pm_domain_attach_by_name(dev, "xusb_host");
- if (IS_ERR(tegra->genpd_dev_host)) {
- err = PTR_ERR(tegra->genpd_dev_host);
+ if (IS_ERR_OR_NULL(tegra->genpd_dev_host)) {
+ err = PTR_ERR(tegra->genpd_dev_host) ? : -ENODATA;
dev_err(dev, "failed to get host pm-domain: %d\n", err);
return err;
}
tegra->genpd_dev_ss = dev_pm_domain_attach_by_name(dev, "xusb_ss");
- if (IS_ERR(tegra->genpd_dev_ss)) {
- err = PTR_ERR(tegra->genpd_dev_ss);
+ if (IS_ERR_OR_NULL(tegra->genpd_dev_ss)) {
+ err = PTR_ERR(tegra->genpd_dev_ss) ? : -ENODATA;
dev_err(dev, "failed to get superspeed pm-domain: %d\n", err);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 165/389] clk: mediatek: reset: Fix written reset bit offset
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 164/389] usb: xhci: tegra: Fix error check Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 166/389] misc: rtsx: Fix an error handling path in rtsx_pci_probe() Greg Kroah-Hartman
` (228 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rex-BC Chen, Chen-Yu Tsai,
AngeloGioacchino Del Regno, Nícolas F . R . A . Prado,
Stephen Boyd, Sasha Levin
From: Rex-BC Chen <rex-bc.chen@mediatek.com>
[ Upstream commit edabcf71d100fd433a0fc2d0c97057c446c33b2a ]
Original assert/deassert bit is BIT(0), but it's more resonable to modify
them to BIT(id % 32) which is based on id.
This patch will not influence any previous driver because the reset is
only used for thermal. The id (MT8183_INFRACFG_AO_THERM_SW_RST) is 0.
Fixes: 64ebb57a3df6 ("clk: reset: Modify reset-controller driver")
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Reviewed-by: Chen-Yu Tsai <wenst@chromium.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Link: https://lore.kernel.org/r/20220523093346.28493-3-rex-bc.chen@mediatek.com
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/mediatek/reset.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/clk/mediatek/reset.c b/drivers/clk/mediatek/reset.c
index cb939c071b0c..89916acf0bc3 100644
--- a/drivers/clk/mediatek/reset.c
+++ b/drivers/clk/mediatek/reset.c
@@ -25,7 +25,7 @@ static int mtk_reset_assert_set_clr(struct reset_controller_dev *rcdev,
struct mtk_reset *data = container_of(rcdev, struct mtk_reset, rcdev);
unsigned int reg = data->regofs + ((id / 32) << 4);
- return regmap_write(data->regmap, reg, 1);
+ return regmap_write(data->regmap, reg, BIT(id % 32));
}
static int mtk_reset_deassert_set_clr(struct reset_controller_dev *rcdev,
@@ -34,7 +34,7 @@ static int mtk_reset_deassert_set_clr(struct reset_controller_dev *rcdev,
struct mtk_reset *data = container_of(rcdev, struct mtk_reset, rcdev);
unsigned int reg = data->regofs + ((id / 32) << 4) + 0x4;
- return regmap_write(data->regmap, reg, 1);
+ return regmap_write(data->regmap, reg, BIT(id % 32));
}
static int mtk_reset_assert(struct reset_controller_dev *rcdev,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 166/389] misc: rtsx: Fix an error handling path in rtsx_pci_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 165/389] clk: mediatek: reset: Fix written reset bit offset Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 167/389] driver core: fix potential deadlock in __driver_attach Greg Kroah-Hartman
` (227 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 44fd1917314e9d4f53dd95dd65df1c152f503d3a ]
If an error occurs after a successful idr_alloc() call, the corresponding
resource must be released with idr_remove() as already done in the .remove
function.
Update the error handling path to add the missing idr_remove() call.
Fixes: ada8a8a13b13 ("mfd: Add realtek pcie card reader driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/e8dc41716cbf52fb37a12e70d8972848e69df6d6.1655271216.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cardreader/rtsx_pcr.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/cardreader/rtsx_pcr.c b/drivers/misc/cardreader/rtsx_pcr.c
index 4c707d8dc3eb..5807aefd4c88 100644
--- a/drivers/misc/cardreader/rtsx_pcr.c
+++ b/drivers/misc/cardreader/rtsx_pcr.c
@@ -1485,7 +1485,7 @@ static int rtsx_pci_probe(struct pci_dev *pcidev,
pcr->remap_addr = ioremap_nocache(base, len);
if (!pcr->remap_addr) {
ret = -ENOMEM;
- goto free_handle;
+ goto free_idr;
}
pcr->rtsx_resv_buf = dma_alloc_coherent(&(pcidev->dev),
@@ -1547,6 +1547,10 @@ static int rtsx_pci_probe(struct pci_dev *pcidev,
pcr->rtsx_resv_buf, pcr->rtsx_resv_buf_addr);
unmap:
iounmap(pcr->remap_addr);
+free_idr:
+ spin_lock(&rtsx_pci_lock);
+ idr_remove(&rtsx_pci_idr, pcr->id);
+ spin_unlock(&rtsx_pci_lock);
free_handle:
kfree(handle);
free_pcr:
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 167/389] driver core: fix potential deadlock in __driver_attach
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 166/389] misc: rtsx: Fix an error handling path in rtsx_pci_probe() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 168/389] clk: qcom: clk-krait: unlock spin after mux completion Greg Kroah-Hartman
` (226 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhang Wensheng, Sasha Levin
From: Zhang Wensheng <zhangwensheng5@huawei.com>
[ Upstream commit 70fe758352cafdee72a7b13bf9db065f9613ced8 ]
In __driver_attach function, There are also AA deadlock problem,
like the commit b232b02bf3c2 ("driver core: fix deadlock in
__device_attach").
stack like commit b232b02bf3c2 ("driver core: fix deadlock in
__device_attach").
list below:
In __driver_attach function, The lock holding logic is as follows:
...
__driver_attach
if (driver_allows_async_probing(drv))
device_lock(dev) // get lock dev
async_schedule_dev(__driver_attach_async_helper, dev); // func
async_schedule_node
async_schedule_node_domain(func)
entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);
/* when fail or work limit, sync to execute func, but
__driver_attach_async_helper will get lock dev as
will, which will lead to A-A deadlock. */
if (!entry || atomic_read(&entry_count) > MAX_WORK) {
func;
else
queue_work_node(node, system_unbound_wq, &entry->work)
device_unlock(dev)
As above show, when it is allowed to do async probes, because of
out of memory or work limit, async work is not be allowed, to do
sync execute instead. it will lead to A-A deadlock because of
__driver_attach_async_helper getting lock dev.
Reproduce:
and it can be reproduce by make the condition
(if (!entry || atomic_read(&entry_count) > MAX_WORK)) untenable, like
below:
[ 370.785650] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
this message.
[ 370.787154] task:swapper/0 state:D stack: 0 pid: 1 ppid:
0 flags:0x00004000
[ 370.788865] Call Trace:
[ 370.789374] <TASK>
[ 370.789841] __schedule+0x482/0x1050
[ 370.790613] schedule+0x92/0x1a0
[ 370.791290] schedule_preempt_disabled+0x2c/0x50
[ 370.792256] __mutex_lock.isra.0+0x757/0xec0
[ 370.793158] __mutex_lock_slowpath+0x1f/0x30
[ 370.794079] mutex_lock+0x50/0x60
[ 370.794795] __device_driver_lock+0x2f/0x70
[ 370.795677] ? driver_probe_device+0xd0/0xd0
[ 370.796576] __driver_attach_async_helper+0x1d/0xd0
[ 370.797318] ? driver_probe_device+0xd0/0xd0
[ 370.797957] async_schedule_node_domain+0xa5/0xc0
[ 370.798652] async_schedule_node+0x19/0x30
[ 370.799243] __driver_attach+0x246/0x290
[ 370.799828] ? driver_allows_async_probing+0xa0/0xa0
[ 370.800548] bus_for_each_dev+0x9d/0x130
[ 370.801132] driver_attach+0x22/0x30
[ 370.801666] bus_add_driver+0x290/0x340
[ 370.802246] driver_register+0x88/0x140
[ 370.802817] ? virtio_scsi_init+0x116/0x116
[ 370.803425] scsi_register_driver+0x1a/0x30
[ 370.804057] init_sd+0x184/0x226
[ 370.804533] do_one_initcall+0x71/0x3a0
[ 370.805107] kernel_init_freeable+0x39a/0x43a
[ 370.805759] ? rest_init+0x150/0x150
[ 370.806283] kernel_init+0x26/0x230
[ 370.806799] ret_from_fork+0x1f/0x30
To fix the deadlock, move the async_schedule_dev outside device_lock,
as we can see, in async_schedule_node_domain, the parameter of
queue_work_node is system_unbound_wq, so it can accept concurrent
operations. which will also not change the code logic, and will
not lead to deadlock.
Fixes: ef0ff68351be ("driver core: Probe devices asynchronously instead of the driver")
Signed-off-by: Zhang Wensheng <zhangwensheng5@huawei.com>
Link: https://lore.kernel.org/r/20220622074327.497102-1-zhangwensheng5@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/dd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 6f85280fef8d..4e45c87ed177 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -1037,6 +1037,7 @@ static void __driver_attach_async_helper(void *_dev, async_cookie_t cookie)
static int __driver_attach(struct device *dev, void *data)
{
struct device_driver *drv = data;
+ bool async = false;
int ret;
/*
@@ -1074,9 +1075,11 @@ static int __driver_attach(struct device *dev, void *data)
if (!dev->driver) {
get_device(dev);
dev->p->async_driver = drv;
- async_schedule_dev(__driver_attach_async_helper, dev);
+ async = true;
}
device_unlock(dev);
+ if (async)
+ async_schedule_dev(__driver_attach_async_helper, dev);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 168/389] clk: qcom: clk-krait: unlock spin after mux completion
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 167/389] driver core: fix potential deadlock in __driver_attach Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 169/389] usb: host: xhci: use snprintf() in xhci_decode_trb() Greg Kroah-Hartman
` (225 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ansuel Smith, Dmitry Baryshkov,
Bjorn Andersson, Sasha Levin
From: Ansuel Smith <ansuelsmth@gmail.com>
[ Upstream commit df83d2c9e72910416f650ade1e07cc314ff02731 ]
Unlock spinlock after the mux switch is completed to prevent any corner
case of mux request while the switch still needs to be done.
Fixes: 4d7dc77babfe ("clk: qcom: Add support for Krait clocks")
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220430054458.31321-3-ansuelsmth@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/clk-krait.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/clk/qcom/clk-krait.c b/drivers/clk/qcom/clk-krait.c
index 59f1af415b58..90046428693c 100644
--- a/drivers/clk/qcom/clk-krait.c
+++ b/drivers/clk/qcom/clk-krait.c
@@ -32,11 +32,16 @@ static void __krait_mux_set_sel(struct krait_mux_clk *mux, int sel)
regval |= (sel & mux->mask) << (mux->shift + LPL_SHIFT);
}
krait_set_l2_indirect_reg(mux->offset, regval);
- spin_unlock_irqrestore(&krait_clock_reg_lock, flags);
/* Wait for switch to complete. */
mb();
udelay(1);
+
+ /*
+ * Unlock now to make sure the mux register is not
+ * modified while switching to the new parent.
+ */
+ spin_unlock_irqrestore(&krait_clock_reg_lock, flags);
}
static int krait_mux_set_parent(struct clk_hw *hw, u8 index)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 169/389] usb: host: xhci: use snprintf() in xhci_decode_trb()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 168/389] clk: qcom: clk-krait: unlock spin after mux completion Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 170/389] clk: qcom: ipq8074: fix NSS port frequency tables Greg Kroah-Hartman
` (224 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Mathias Nyman, Sasha Levin
From: Sergey Shtylyov <s.shtylyov@omp.ru>
[ Upstream commit 1ce69c35b86038dd11d3a6115a04501c5b89a940 ]
Commit cbf286e8ef83 ("xhci: fix unsafe memory usage in xhci tracing")
apparently missed one sprintf() call in xhci_decode_trb() -- replace
it with the snprintf() call as well...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Fixes: cbf286e8ef83 ("xhci: fix unsafe memory usage in xhci tracing")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20220630124645.1805902-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index a9031f494984..5a6ad776858e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -2376,7 +2376,7 @@ static inline const char *xhci_decode_trb(char *str, size_t size,
field3 & TRB_CYCLE ? 'C' : 'c');
break;
case TRB_STOP_RING:
- sprintf(str,
+ snprintf(str, size,
"%s: slot %d sp %d ep %d flags %c",
xhci_trb_type_string(type),
TRB_TO_SLOT_ID(field3),
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 170/389] clk: qcom: ipq8074: fix NSS port frequency tables
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 169/389] usb: host: xhci: use snprintf() in xhci_decode_trb() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 171/389] clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks Greg Kroah-Hartman
` (223 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Marko, Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit 0e9e61a2815b5cd34f1b495b2d72e8127ce9b794 ]
NSS port 5 and 6 frequency tables are currently broken and are causing a
wide ranges of issue like 1G not working at all on port 6 or port 5 being
clocked with 312 instead of 125 MHz as UNIPHY1 gets selected.
So, update the frequency tables with the ones from the downstream QCA 5.4
based kernel which has already fixed this.
Fixes: 7117a51ed303 ("clk: qcom: ipq8074: add NSS ethernet port clocks")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220515210048.483898-3-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq8074.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c
index de48ba7eba3a..735a1cb59ffa 100644
--- a/drivers/clk/qcom/gcc-ipq8074.c
+++ b/drivers/clk/qcom/gcc-ipq8074.c
@@ -1788,8 +1788,10 @@ static struct clk_regmap_div nss_port4_tx_div_clk_src = {
static const struct freq_tbl ftbl_nss_port5_rx_clk_src[] = {
F(19200000, P_XO, 1, 0, 0),
F(25000000, P_UNIPHY1_RX, 12.5, 0, 0),
+ F(25000000, P_UNIPHY0_RX, 5, 0, 0),
F(78125000, P_UNIPHY1_RX, 4, 0, 0),
F(125000000, P_UNIPHY1_RX, 2.5, 0, 0),
+ F(125000000, P_UNIPHY0_RX, 1, 0, 0),
F(156250000, P_UNIPHY1_RX, 2, 0, 0),
F(312500000, P_UNIPHY1_RX, 1, 0, 0),
{ }
@@ -1828,8 +1830,10 @@ static struct clk_regmap_div nss_port5_rx_div_clk_src = {
static const struct freq_tbl ftbl_nss_port5_tx_clk_src[] = {
F(19200000, P_XO, 1, 0, 0),
F(25000000, P_UNIPHY1_TX, 12.5, 0, 0),
+ F(25000000, P_UNIPHY0_TX, 5, 0, 0),
F(78125000, P_UNIPHY1_TX, 4, 0, 0),
F(125000000, P_UNIPHY1_TX, 2.5, 0, 0),
+ F(125000000, P_UNIPHY0_TX, 1, 0, 0),
F(156250000, P_UNIPHY1_TX, 2, 0, 0),
F(312500000, P_UNIPHY1_TX, 1, 0, 0),
{ }
@@ -1867,8 +1871,10 @@ static struct clk_regmap_div nss_port5_tx_div_clk_src = {
static const struct freq_tbl ftbl_nss_port6_rx_clk_src[] = {
F(19200000, P_XO, 1, 0, 0),
+ F(25000000, P_UNIPHY2_RX, 5, 0, 0),
F(25000000, P_UNIPHY2_RX, 12.5, 0, 0),
F(78125000, P_UNIPHY2_RX, 4, 0, 0),
+ F(125000000, P_UNIPHY2_RX, 1, 0, 0),
F(125000000, P_UNIPHY2_RX, 2.5, 0, 0),
F(156250000, P_UNIPHY2_RX, 2, 0, 0),
F(312500000, P_UNIPHY2_RX, 1, 0, 0),
@@ -1907,8 +1913,10 @@ static struct clk_regmap_div nss_port6_rx_div_clk_src = {
static const struct freq_tbl ftbl_nss_port6_tx_clk_src[] = {
F(19200000, P_XO, 1, 0, 0),
+ F(25000000, P_UNIPHY2_TX, 5, 0, 0),
F(25000000, P_UNIPHY2_TX, 12.5, 0, 0),
F(78125000, P_UNIPHY2_TX, 4, 0, 0),
+ F(125000000, P_UNIPHY2_TX, 1, 0, 0),
F(125000000, P_UNIPHY2_TX, 2.5, 0, 0),
F(156250000, P_UNIPHY2_TX, 2, 0, 0),
F(312500000, P_UNIPHY2_TX, 1, 0, 0),
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 171/389] clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 170/389] clk: qcom: ipq8074: fix NSS port frequency tables Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 172/389] clk: qcom: camcc-sdm845: Fix topology around titan_top power domain Greg Kroah-Hartman
` (222 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Marko, Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit 2bd357e698207e2e65db03007e4be65bf9d6a7b3 ]
Currently, attempting to enable the UBI clocks will cause the stuck at
off warning to be printed and clk_enable will fail.
[ 14.936694] gcc_ubi1_ahb_clk status stuck at 'off'
Downstream 5.4 QCA kernel has fixed this by seting the BRANCH_HALT_DELAY
flag on UBI clocks, so lets do the same.
Fixes: 5736294aef83 ("clk: qcom: ipq8074: add NSS clocks")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220515210048.483898-6-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq8074.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c
index 735a1cb59ffa..68fe80a0a92f 100644
--- a/drivers/clk/qcom/gcc-ipq8074.c
+++ b/drivers/clk/qcom/gcc-ipq8074.c
@@ -3354,6 +3354,7 @@ static struct clk_branch gcc_nssnoc_ubi1_ahb_clk = {
static struct clk_branch gcc_ubi0_ahb_clk = {
.halt_reg = 0x6820c,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x6820c,
.enable_mask = BIT(0),
@@ -3371,6 +3372,7 @@ static struct clk_branch gcc_ubi0_ahb_clk = {
static struct clk_branch gcc_ubi0_axi_clk = {
.halt_reg = 0x68200,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68200,
.enable_mask = BIT(0),
@@ -3388,6 +3390,7 @@ static struct clk_branch gcc_ubi0_axi_clk = {
static struct clk_branch gcc_ubi0_nc_axi_clk = {
.halt_reg = 0x68204,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68204,
.enable_mask = BIT(0),
@@ -3405,6 +3408,7 @@ static struct clk_branch gcc_ubi0_nc_axi_clk = {
static struct clk_branch gcc_ubi0_core_clk = {
.halt_reg = 0x68210,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68210,
.enable_mask = BIT(0),
@@ -3422,6 +3426,7 @@ static struct clk_branch gcc_ubi0_core_clk = {
static struct clk_branch gcc_ubi0_mpt_clk = {
.halt_reg = 0x68208,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68208,
.enable_mask = BIT(0),
@@ -3439,6 +3444,7 @@ static struct clk_branch gcc_ubi0_mpt_clk = {
static struct clk_branch gcc_ubi1_ahb_clk = {
.halt_reg = 0x6822c,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x6822c,
.enable_mask = BIT(0),
@@ -3456,6 +3462,7 @@ static struct clk_branch gcc_ubi1_ahb_clk = {
static struct clk_branch gcc_ubi1_axi_clk = {
.halt_reg = 0x68220,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68220,
.enable_mask = BIT(0),
@@ -3473,6 +3480,7 @@ static struct clk_branch gcc_ubi1_axi_clk = {
static struct clk_branch gcc_ubi1_nc_axi_clk = {
.halt_reg = 0x68224,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68224,
.enable_mask = BIT(0),
@@ -3490,6 +3498,7 @@ static struct clk_branch gcc_ubi1_nc_axi_clk = {
static struct clk_branch gcc_ubi1_core_clk = {
.halt_reg = 0x68230,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68230,
.enable_mask = BIT(0),
@@ -3507,6 +3516,7 @@ static struct clk_branch gcc_ubi1_core_clk = {
static struct clk_branch gcc_ubi1_mpt_clk = {
.halt_reg = 0x68228,
+ .halt_check = BRANCH_HALT_DELAY,
.clkr = {
.enable_reg = 0x68228,
.enable_mask = BIT(0),
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 172/389] clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 171/389] clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 173/389] soundwire: bus_type: fix remove and shutdown support Greg Kroah-Hartman
` (221 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vladimir Zapolskiy, Robert Foss,
Bjorn Andersson, Sasha Levin
From: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
[ Upstream commit 103dd2338bbff567bce7acd00fc5a09c806b38ec ]
On SDM845 two found VFE GDSC power domains shall not be operated, if
titan top is turned off, thus the former power domains will be set as
subdomains by a GDSC registration routine.
Fixes: 78412c262004 ("clk: qcom: Add camera clock controller driver for SDM845")
Signed-off-by: Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220519214133.1728979-2-vladimir.zapolskiy@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/camcc-sdm845.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/clk/qcom/camcc-sdm845.c b/drivers/clk/qcom/camcc-sdm845.c
index 1b2cefef7431..a8a2cfa83290 100644
--- a/drivers/clk/qcom/camcc-sdm845.c
+++ b/drivers/clk/qcom/camcc-sdm845.c
@@ -1521,6 +1521,8 @@ static struct clk_branch cam_cc_sys_tmr_clk = {
},
};
+static struct gdsc titan_top_gdsc;
+
static struct gdsc bps_gdsc = {
.gdscr = 0x6004,
.pd = {
@@ -1554,6 +1556,7 @@ static struct gdsc ife_0_gdsc = {
.name = "ife_0_gdsc",
},
.flags = POLL_CFG_GDSCR,
+ .parent = &titan_top_gdsc.pd,
.pwrsts = PWRSTS_OFF_ON,
};
@@ -1563,6 +1566,7 @@ static struct gdsc ife_1_gdsc = {
.name = "ife_1_gdsc",
},
.flags = POLL_CFG_GDSCR,
+ .parent = &titan_top_gdsc.pd,
.pwrsts = PWRSTS_OFF_ON,
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 173/389] soundwire: bus_type: fix remove and shutdown support
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 172/389] clk: qcom: camcc-sdm845: Fix topology around titan_top power domain Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 174/389] intel_th: Fix a resource leak in an error handling path Greg Kroah-Hartman
` (220 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart, Rander Wang,
Bard Liao, Vinod Koul, Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit df6407782964dc7e35ad84230abb38f46314b245 ]
The bus sdw_drv_remove() and sdw_drv_shutdown() helpers are used
conditionally, if the driver provides these routines.
These helpers already test if the driver provides a .remove or
.shutdown callback, so there's no harm in invoking the
sdw_drv_remove() and sdw_drv_shutdown() unconditionally.
In addition, the current code is imbalanced with
dev_pm_domain_attach() called from sdw_drv_probe(), but
dev_pm_domain_detach() called from sdw_drv_remove() only if the driver
provides a .remove callback.
Fixes: 9251345dca24b ("soundwire: Add SoundWire bus type")
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Rander Wang <rander.wang@intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20220610015105.25987-1-yung-chuan.liao@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/bus_type.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/soundwire/bus_type.c b/drivers/soundwire/bus_type.c
index 4a465f55039f..2fe5a51918c8 100644
--- a/drivers/soundwire/bus_type.c
+++ b/drivers/soundwire/bus_type.c
@@ -155,12 +155,8 @@ int __sdw_register_driver(struct sdw_driver *drv, struct module *owner)
drv->driver.owner = owner;
drv->driver.probe = sdw_drv_probe;
-
- if (drv->remove)
- drv->driver.remove = sdw_drv_remove;
-
- if (drv->shutdown)
- drv->driver.shutdown = sdw_drv_shutdown;
+ drv->driver.remove = sdw_drv_remove;
+ drv->driver.shutdown = sdw_drv_shutdown;
return driver_register(&drv->driver);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 174/389] intel_th: Fix a resource leak in an error handling path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 173/389] soundwire: bus_type: fix remove and shutdown support Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 175/389] intel_th: msu-sink: Potential dereference of null pointer Greg Kroah-Hartman
` (219 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Christophe JAILLET,
Alexander Shishkin, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 086c28ab7c5699256aced0049aae9c42f1410313 ]
If an error occurs after calling 'pci_alloc_irq_vectors()',
'pci_free_irq_vectors()' must be called as already done in the remove
function.
Fixes: 7b7036d47c35 ("intel_th: pci: Use MSI interrupt signalling")
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/r/20220705082637.59979-2-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/intel_th/pci.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/hwtracing/intel_th/pci.c b/drivers/hwtracing/intel_th/pci.c
index a723c8c33087..3910fafc4fc2 100644
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -100,8 +100,10 @@ static int intel_th_pci_probe(struct pci_dev *pdev,
}
th = intel_th_alloc(&pdev->dev, drvdata, resource, r);
- if (IS_ERR(th))
- return PTR_ERR(th);
+ if (IS_ERR(th)) {
+ err = PTR_ERR(th);
+ goto err_free_irq;
+ }
th->activate = intel_th_pci_activate;
th->deactivate = intel_th_pci_deactivate;
@@ -109,6 +111,10 @@ static int intel_th_pci_probe(struct pci_dev *pdev,
pci_set_master(pdev);
return 0;
+
+err_free_irq:
+ pci_free_irq_vectors(pdev);
+ return err;
}
static void intel_th_pci_remove(struct pci_dev *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 175/389] intel_th: msu-sink: Potential dereference of null pointer
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 174/389] intel_th: Fix a resource leak in an error handling path Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 176/389] intel_th: msu: Fix vmalloced buffers Greg Kroah-Hartman
` (218 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Jiasheng Jiang,
Alexander Shishkin, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 82f76a4a720791d889de775b5f7541d601efc8bd ]
The return value of dma_alloc_coherent() needs to be checked.
To avoid use of null pointer in sg_set_buf() in case of the failure of
alloc.
Fixes: f220df66f676 ("intel_th: msu-sink: An example msu buffer "sink"")
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/r/20220705082637.59979-3-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/intel_th/msu-sink.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/hwtracing/intel_th/msu-sink.c b/drivers/hwtracing/intel_th/msu-sink.c
index 2c7f5116be12..891b28ea25fe 100644
--- a/drivers/hwtracing/intel_th/msu-sink.c
+++ b/drivers/hwtracing/intel_th/msu-sink.c
@@ -71,6 +71,9 @@ static int msu_sink_alloc_window(void *data, struct sg_table **sgt, size_t size)
block = dma_alloc_coherent(priv->dev->parent->parent,
PAGE_SIZE, &sg_dma_address(sg_ptr),
GFP_KERNEL);
+ if (!block)
+ return -ENOMEM;
+
sg_set_buf(sg_ptr, block, PAGE_SIZE);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 176/389] intel_th: msu: Fix vmalloced buffers
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 175/389] intel_th: msu-sink: Potential dereference of null pointer Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 177/389] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback Greg Kroah-Hartman
` (217 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Alexander Shishkin,
Sasha Levin
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
[ Upstream commit ac12ad3ccf6d386e64a9d6a890595a2509d24edd ]
After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP") there's
a chance of DMA buffer getting allocated via vmalloc(), which messes up
the mmapping code:
> RIP: msc_mmap_fault [intel_th_msu]
> Call Trace:
> <TASK>
> __do_fault
> do_fault
...
Fix this by accounting for vmalloc possibility.
Fixes: ba39bd830605 ("intel_th: msu: Switch over to scatterlist")
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/r/20220705082637.59979-4-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/intel_th/msu.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/hwtracing/intel_th/msu.c b/drivers/hwtracing/intel_th/msu.c
index 3cd2489d398c..640b0aae7eb4 100644
--- a/drivers/hwtracing/intel_th/msu.c
+++ b/drivers/hwtracing/intel_th/msu.c
@@ -1050,6 +1050,16 @@ msc_buffer_set_uc(struct msc_window *win, unsigned int nr_segs) {}
static inline void msc_buffer_set_wb(struct msc_window *win) {}
#endif /* CONFIG_X86 */
+static struct page *msc_sg_page(struct scatterlist *sg)
+{
+ void *addr = sg_virt(sg);
+
+ if (is_vmalloc_addr(addr))
+ return vmalloc_to_page(addr);
+
+ return sg_page(sg);
+}
+
/**
* msc_buffer_win_alloc() - alloc a window for a multiblock mode
* @msc: MSC device
@@ -1122,7 +1132,7 @@ static void __msc_buffer_win_free(struct msc *msc, struct msc_window *win)
int i;
for_each_sg(win->sgt->sgl, sg, win->nr_segs, i) {
- struct page *page = sg_page(sg);
+ struct page *page = msc_sg_page(sg);
page->mapping = NULL;
dma_free_coherent(msc_dev(win->msc)->parent->parent, PAGE_SIZE,
@@ -1384,7 +1394,7 @@ static struct page *msc_buffer_get_page(struct msc *msc, unsigned long pgoff)
pgoff -= win->pgoff;
for_each_sg(win->sgt->sgl, sg, win->nr_segs, blk) {
- struct page *page = sg_page(sg);
+ struct page *page = msc_sg_page(sg);
size_t pgsz = PFN_DOWN(sg->length);
if (pgoff < pgsz)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 177/389] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 176/389] intel_th: msu: Fix vmalloced buffers Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 178/389] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch Greg Kroah-Hartman
` (216 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 6a0c054930d554ad8f8044ef1fc856d9da391c81 ]
There are sleep in atomic context bugs when dm_fsync_timer_callback is
executing. The root cause is that the memory allocation functions with
GFP_KERNEL or GFP_NOIO parameters are called in dm_fsync_timer_callback
which is a timer handler. The call paths that could trigger bugs are
shown below:
(interrupt context)
dm_fsync_timer_callback
write_nic_byte
kzalloc(sizeof(data), GFP_KERNEL); //may sleep
usb_control_msg
kmalloc(.., GFP_NOIO); //may sleep
write_nic_dword
kzalloc(sizeof(data), GFP_KERNEL); //may sleep
usb_control_msg
kmalloc(.., GFP_NOIO); //may sleep
This patch uses delayed work to replace timer and moves the operations
that may sleep into the delayed work in order to mitigate bugs.
Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220710103002.63283-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192u/r8192U.h | 2 +-
drivers/staging/rtl8192u/r8192U_dm.c | 38 +++++++++++++---------------
drivers/staging/rtl8192u/r8192U_dm.h | 2 +-
3 files changed, 20 insertions(+), 22 deletions(-)
diff --git a/drivers/staging/rtl8192u/r8192U.h b/drivers/staging/rtl8192u/r8192U.h
index ec33fb9122e9..57badc1e91e3 100644
--- a/drivers/staging/rtl8192u/r8192U.h
+++ b/drivers/staging/rtl8192u/r8192U.h
@@ -1013,7 +1013,7 @@ typedef struct r8192_priv {
bool bis_any_nonbepkts;
bool bcurrent_turbo_EDCA;
bool bis_cur_rdlstate;
- struct timer_list fsync_timer;
+ struct delayed_work fsync_work;
bool bfsync_processing; /* 500ms Fsync timer is active or not */
u32 rate_record;
u32 rateCountDiffRecord;
diff --git a/drivers/staging/rtl8192u/r8192U_dm.c b/drivers/staging/rtl8192u/r8192U_dm.c
index c23e43b095d9..30b272da36f5 100644
--- a/drivers/staging/rtl8192u/r8192U_dm.c
+++ b/drivers/staging/rtl8192u/r8192U_dm.c
@@ -2585,19 +2585,20 @@ static void dm_init_fsync(struct net_device *dev)
priv->ieee80211->fsync_seconddiff_ratethreshold = 200;
priv->ieee80211->fsync_state = Default_Fsync;
priv->framesyncMonitor = 1; /* current default 0xc38 monitor on */
- timer_setup(&priv->fsync_timer, dm_fsync_timer_callback, 0);
+ INIT_DELAYED_WORK(&priv->fsync_work, dm_fsync_work_callback);
}
static void dm_deInit_fsync(struct net_device *dev)
{
struct r8192_priv *priv = ieee80211_priv(dev);
- del_timer_sync(&priv->fsync_timer);
+ cancel_delayed_work_sync(&priv->fsync_work);
}
-void dm_fsync_timer_callback(struct timer_list *t)
+void dm_fsync_work_callback(struct work_struct *work)
{
- struct r8192_priv *priv = from_timer(priv, t, fsync_timer);
+ struct r8192_priv *priv =
+ container_of(work, struct r8192_priv, fsync_work.work);
struct net_device *dev = priv->ieee80211->dev;
u32 rate_index, rate_count = 0, rate_count_diff = 0;
bool bSwitchFromCountDiff = false;
@@ -2664,17 +2665,16 @@ void dm_fsync_timer_callback(struct timer_list *t)
}
}
if (bDoubleTimeInterval) {
- if (timer_pending(&priv->fsync_timer))
- del_timer_sync(&priv->fsync_timer);
- priv->fsync_timer.expires = jiffies +
- msecs_to_jiffies(priv->ieee80211->fsync_time_interval*priv->ieee80211->fsync_multiple_timeinterval);
- add_timer(&priv->fsync_timer);
+ cancel_delayed_work_sync(&priv->fsync_work);
+ schedule_delayed_work(&priv->fsync_work,
+ msecs_to_jiffies(priv
+ ->ieee80211->fsync_time_interval *
+ priv->ieee80211->fsync_multiple_timeinterval));
} else {
- if (timer_pending(&priv->fsync_timer))
- del_timer_sync(&priv->fsync_timer);
- priv->fsync_timer.expires = jiffies +
- msecs_to_jiffies(priv->ieee80211->fsync_time_interval);
- add_timer(&priv->fsync_timer);
+ cancel_delayed_work_sync(&priv->fsync_work);
+ schedule_delayed_work(&priv->fsync_work,
+ msecs_to_jiffies(priv
+ ->ieee80211->fsync_time_interval));
}
} else {
/* Let Register return to default value; */
@@ -2702,7 +2702,7 @@ static void dm_EndSWFsync(struct net_device *dev)
struct r8192_priv *priv = ieee80211_priv(dev);
RT_TRACE(COMP_HALDM, "%s\n", __func__);
- del_timer_sync(&(priv->fsync_timer));
+ cancel_delayed_work_sync(&priv->fsync_work);
/* Let Register return to default value; */
if (priv->bswitch_fsync) {
@@ -2744,11 +2744,9 @@ static void dm_StartSWFsync(struct net_device *dev)
if (priv->ieee80211->fsync_rate_bitmap & rateBitmap)
priv->rate_record += priv->stats.received_rate_histogram[1][rateIndex];
}
- if (timer_pending(&priv->fsync_timer))
- del_timer_sync(&priv->fsync_timer);
- priv->fsync_timer.expires = jiffies +
- msecs_to_jiffies(priv->ieee80211->fsync_time_interval);
- add_timer(&priv->fsync_timer);
+ cancel_delayed_work_sync(&priv->fsync_work);
+ schedule_delayed_work(&priv->fsync_work,
+ msecs_to_jiffies(priv->ieee80211->fsync_time_interval));
write_nic_dword(dev, rOFDM0_RxDetector2, 0x465c12cd);
diff --git a/drivers/staging/rtl8192u/r8192U_dm.h b/drivers/staging/rtl8192u/r8192U_dm.h
index 0b2a1c688597..2159018b4e38 100644
--- a/drivers/staging/rtl8192u/r8192U_dm.h
+++ b/drivers/staging/rtl8192u/r8192U_dm.h
@@ -166,7 +166,7 @@ void dm_force_tx_fw_info(struct net_device *dev,
void dm_init_edca_turbo(struct net_device *dev);
void dm_rf_operation_test_callback(unsigned long data);
void dm_rf_pathcheck_workitemcallback(struct work_struct *work);
-void dm_fsync_timer_callback(struct timer_list *t);
+void dm_fsync_work_callback(struct work_struct *work);
void dm_cck_txpower_adjust(struct net_device *dev, bool binch14);
void dm_shadow_init(struct net_device *dev);
void dm_initialize_txpower_tracking(struct net_device *dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 178/389] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 177/389] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 179/389] memstick/ms_block: Fix some incorrect memory allocation Greg Kroah-Hartman
` (215 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Ulf Hansson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b5899a3e2f783a27b268e38d37f9b24c71bddf45 ]
of_find_matching_node() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
of_node_put() checks null pointer.
Fixes: ea35645a3c66 ("mmc: sdhci-of-esdhc: add support for signal voltage switch")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220523144255.10310-1-linmq006@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-of-esdhc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
index 0ff339004d8a..69c133e7ced0 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -844,6 +844,7 @@ static int esdhc_signal_voltage_switch(struct mmc_host *mmc,
scfg_node = of_find_matching_node(NULL, scfg_device_ids);
if (scfg_node)
scfg_base = of_iomap(scfg_node, 0);
+ of_node_put(scfg_node);
if (scfg_base) {
sdhciovselcr = SDHCIOVSELCR_TGLEN |
SDHCIOVSELCR_VSELVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 179/389] memstick/ms_block: Fix some incorrect memory allocation
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 178/389] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 180/389] memstick/ms_block: Fix a memory leak Greg Kroah-Hartman
` (214 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Ulf Hansson, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 2e531bc3e0d86362fcd8a577b3278d9ef3cc2ba0 ]
Some functions of the bitmap API take advantage of the fact that a bitmap
is an array of long.
So, to make sure this assertion is correct, allocate bitmaps with
bitmap_zalloc() instead of kzalloc()+hand-computed number of bytes.
While at it, also use bitmap_free() instead of kfree() to keep the
semantic.
Fixes: 0ab30494bc4f ("memstick: add support for legacy memorysticks")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/dbf633c48c24ae6d95f852557e8d8b3bbdef65fe.1656155715.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memstick/core/ms_block.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c
index 55907e4c36b1..399510585245 100644
--- a/drivers/memstick/core/ms_block.c
+++ b/drivers/memstick/core/ms_block.c
@@ -1335,17 +1335,17 @@ static int msb_ftl_initialize(struct msb_data *msb)
msb->zone_count = msb->block_count / MS_BLOCKS_IN_ZONE;
msb->logical_block_count = msb->zone_count * 496 - 2;
- msb->used_blocks_bitmap = kzalloc(msb->block_count / 8, GFP_KERNEL);
- msb->erased_blocks_bitmap = kzalloc(msb->block_count / 8, GFP_KERNEL);
+ msb->used_blocks_bitmap = bitmap_zalloc(msb->block_count, GFP_KERNEL);
+ msb->erased_blocks_bitmap = bitmap_zalloc(msb->block_count, GFP_KERNEL);
msb->lba_to_pba_table =
kmalloc_array(msb->logical_block_count, sizeof(u16),
GFP_KERNEL);
if (!msb->used_blocks_bitmap || !msb->lba_to_pba_table ||
!msb->erased_blocks_bitmap) {
- kfree(msb->used_blocks_bitmap);
+ bitmap_free(msb->used_blocks_bitmap);
+ bitmap_free(msb->erased_blocks_bitmap);
kfree(msb->lba_to_pba_table);
- kfree(msb->erased_blocks_bitmap);
return -ENOMEM;
}
@@ -1953,7 +1953,7 @@ static int msb_bd_open(struct block_device *bdev, fmode_t mode)
static void msb_data_clear(struct msb_data *msb)
{
kfree(msb->boot_page);
- kfree(msb->used_blocks_bitmap);
+ bitmap_free(msb->used_blocks_bitmap);
kfree(msb->lba_to_pba_table);
kfree(msb->cache);
msb->card = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 180/389] memstick/ms_block: Fix a memory leak
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 179/389] memstick/ms_block: Fix some incorrect memory allocation Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 181/389] mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R Greg Kroah-Hartman
` (213 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Ulf Hansson, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 54eb7a55be6779c4d0c25eaf5056498a28595049 ]
'erased_blocks_bitmap' is never freed. As it is allocated at the same time
as 'used_blocks_bitmap', it is likely that it should be freed also at the
same time.
Add the corresponding bitmap_free() in msb_data_clear().
Fixes: 0ab30494bc4f ("memstick: add support for legacy memorysticks")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/b3b78926569445962ea5c3b6e9102418a9effb88.1656155715.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memstick/core/ms_block.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c
index 399510585245..6014fcb49d7e 100644
--- a/drivers/memstick/core/ms_block.c
+++ b/drivers/memstick/core/ms_block.c
@@ -1954,6 +1954,7 @@ static void msb_data_clear(struct msb_data *msb)
{
kfree(msb->boot_page);
bitmap_free(msb->used_blocks_bitmap);
+ bitmap_free(msb->erased_blocks_bitmap);
kfree(msb->lba_to_pba_table);
kfree(msb->cache);
msb->card = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 181/389] mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 180/389] memstick/ms_block: Fix a memory leak Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability() Greg Kroah-Hartman
` (212 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eugen Hristev, Karl Olsen,
Adrian Hunter, Ulf Hansson, Sasha Levin
From: Eugen Hristev <eugen.hristev@microchip.com>
[ Upstream commit 5987e6ded29d52e42fc7b06aa575c60a25eee38e ]
In set_uhs_signaling, the DDR bit is being set by fully writing the MC1R
register.
This can lead to accidental erase of certain bits in this register.
Avoid this by doing a read-modify-write operation.
Fixes: d0918764c17b ("mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection")
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Tested-by: Karl Olsen <karl@micro-technic.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20220630090926.15061-1-eugen.hristev@microchip.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/sdhci-of-at91.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/mmc/host/sdhci-of-at91.c b/drivers/mmc/host/sdhci-of-at91.c
index 881f8138e7de..03698d78a402 100644
--- a/drivers/mmc/host/sdhci-of-at91.c
+++ b/drivers/mmc/host/sdhci-of-at91.c
@@ -109,8 +109,13 @@ static void sdhci_at91_set_power(struct sdhci_host *host, unsigned char mode,
static void sdhci_at91_set_uhs_signaling(struct sdhci_host *host,
unsigned int timing)
{
- if (timing == MMC_TIMING_MMC_DDR52)
- sdhci_writeb(host, SDMMC_MC1R_DDR, SDMMC_MC1R);
+ u8 mc1r;
+
+ if (timing == MMC_TIMING_MMC_DDR52) {
+ mc1r = sdhci_readb(host, SDMMC_MC1R);
+ mc1r |= SDMMC_MC1R_DDR;
+ sdhci_writeb(host, mc1r, SDMMC_MC1R);
+ }
sdhci_set_uhs_signaling(host, timing);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 181/389] mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
[not found] ` <CABhMZUVycsyy76j2Z=K+C6S1fwtzKE1Lx2povXKfB80o9g0MtQ@mail.gmail.com>
2022-08-23 8:24 ` [PATCH 5.4 183/389] scsi: smartpqi: Fix DMA direction for RAID requests Greg Kroah-Hartman
` (211 subsequent siblings)
393 siblings, 1 reply; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefan Roese, Bjorn Helgaas,
Pali Rohár, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin
From: Stefan Roese <sr@denx.de>
[ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
AER reporting is currently disabled in the DevCtl registers of all non Root
Port PCIe devices on systems using pcie_ports_native || host->native_aer,
disabling AER completely in such systems. This is because 2bd50dd800b5
("PCI: PCIe: Disable PCIe port services during port initialization"), added
a call to pci_disable_pcie_error_reporting() *after* the AER setup was
completed for the PCIe device tree.
Here a longer analysis about the current status of AER enabling /
disabling upon bootup provided by Bjorn:
pcie_portdrv_probe
pcie_port_device_register
get_port_device_capability
pci_disable_pcie_error_reporting
clear CERE NFERE FERE URRE # <-- disable for RP USP DSP
pcie_device_init
device_register # new AER service device
aer_probe
aer_enable_rootport # RP only
set_downstream_devices_error_reporting
set_device_error_reporting # self (RP)
if (RP || USP || DSP)
pci_enable_pcie_error_reporting
set CERE NFERE FERE URRE # <-- enable for RP
pci_walk_bus
set_device_error_reporting
if (RP || USP || DSP)
pci_enable_pcie_error_reporting
set CERE NFERE FERE URRE # <-- enable for USP DSP
In a typical Root Port -> Endpoint hierarchy, the above:
- Disables Error Reporting for the Root Port,
- Enables Error Reporting for the Root Port,
- Does NOT enable Error Reporting for the Endpoint because it is not a
Root Port or Switch Port.
In a deeper Root Port -> Upstream Switch Port -> Downstream Switch
Port -> Endpoint hierarchy:
- Disables Error Reporting for the Root Port,
- Enables Error Reporting for the Root Port,
- Enables Error Reporting for both Switch Ports,
- Does NOT enable Error Reporting for the Endpoint because it is not a
Root Port or Switch Port,
- Disables Error Reporting for the Switch Ports when pcie_portdrv_probe()
claims them. AER does not re-enable it because these are not Root
Ports.
Remove this call to pci_disable_pcie_error_reporting() from
get_port_device_capability(), leaving the already enabled AER configuration
intact. With this change, AER is enabled in the Root Port and the PCIe
switch upstream and downstream ports. Only the PCIe Endpoints don't have
AER enabled yet. A follow-up patch will take care of this Endpoint
enabling.
Fixes: 2bd50dd800b5 ("PCI: PCIe: Disable PCIe port services during port initialization")
Link: https://lore.kernel.org/r/20220125071820.2247260-3-sr@denx.de
Signed-off-by: Stefan Roese <sr@denx.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Pali Rohár <pali@kernel.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bharat Kumar Gogada <bharat.kumar.gogada@xilinx.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Yao Hongbo <yaohongbo@linux.alibaba.com>
Cc: Naveen Naidu <naveennaidu479@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/portdrv_core.c | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/drivers/pci/pcie/portdrv_core.c b/drivers/pci/pcie/portdrv_core.c
index 8637f6068f9c..066406d6d0ee 100644
--- a/drivers/pci/pcie/portdrv_core.c
+++ b/drivers/pci/pcie/portdrv_core.c
@@ -222,15 +222,8 @@ static int get_port_device_capability(struct pci_dev *dev)
#ifdef CONFIG_PCIEAER
if (dev->aer_cap && pci_aer_available() &&
- (pcie_ports_native || host->native_aer)) {
+ (pcie_ports_native || host->native_aer))
services |= PCIE_PORT_SERVICE_AER;
-
- /*
- * Disable AER on this port in case it's been enabled by the
- * BIOS (the AER service driver will enable it when necessary).
- */
- pci_disable_pcie_error_reporting(dev);
- }
#endif
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 183/389] scsi: smartpqi: Fix DMA direction for RAID requests
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 184/389] usb: gadget: udc: amd5536 depends on HAS_DMA Greg Kroah-Hartman
` (210 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Scott Benesh, Scott Teel,
Mike McGowen, Kevin Barnett, Mahesh Rajashekhara, Don Brace,
Martin K. Petersen, Sasha Levin
From: Mahesh Rajashekhara <Mahesh.Rajashekhara@microchip.com>
[ Upstream commit 69695aeaa6621bc49cdd7a8e5a8d1042461e496e ]
Correct a SOP READ and WRITE DMA flags for some requests.
This update corrects DMA direction issues with SCSI commands removed from
the controller's internal lookup table.
Currently, SCSI READ BLOCK LIMITS (0x5) was removed from the controller
lookup table and exposed a DMA direction flag issue.
SCSI READ BLOCK LIMITS was recently removed from our controller lookup
table so the controller uses the respective IU flag field to set the DMA
data direction. Since the DMA direction is incorrect the FW never completes
the request causing a hang.
Some SCSI commands which use SCSI READ BLOCK LIMITS
* sg_map
* mt -f /dev/stX status
After updating controller firmware, users may notice their tape units
failing. This patch resolves the issue.
Also, the AIO path DMA direction is correct.
The DMA direction flag is a day-one bug with no reported BZ.
Fixes: 6c223761eb54 ("smartpqi: initial commit of Microsemi smartpqi driver")
Link: https://lore.kernel.org/r/165730605618.177165.9054223644512926624.stgit@brunhilda
Reviewed-by: Scott Benesh <scott.benesh@microchip.com>
Reviewed-by: Scott Teel <scott.teel@microchip.com>
Reviewed-by: Mike McGowen <mike.mcgowen@microchip.com>
Reviewed-by: Kevin Barnett <kevin.barnett@microchip.com>
Signed-off-by: Mahesh Rajashekhara <Mahesh.Rajashekhara@microchip.com>
Signed-off-by: Don Brace <don.brace@microchip.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/smartpqi/smartpqi_init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 80ff00025c03..540d6eb2cc48 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -5018,10 +5018,10 @@ static int pqi_raid_submit_scsi_cmd_with_io_request(
}
switch (scmd->sc_data_direction) {
- case DMA_TO_DEVICE:
+ case DMA_FROM_DEVICE:
request->data_direction = SOP_READ_FLAG;
break;
- case DMA_FROM_DEVICE:
+ case DMA_TO_DEVICE:
request->data_direction = SOP_WRITE_FLAG;
break;
case DMA_NONE:
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 184/389] usb: gadget: udc: amd5536 depends on HAS_DMA
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 183/389] scsi: smartpqi: Fix DMA direction for RAID requests Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 185/389] RDMA/hns: Fix incorrect clearing of interrupt status register Greg Kroah-Hartman
` (209 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Raviteja Garimella, Felipe Balbi,
linux-usb, Randy Dunlap, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 8097cf2fb3b2205257f1c76f4808e3398d66b6d9 ]
USB_AMD5536UDC should depend on HAS_DMA since it selects USB_SNP_CORE,
which depends on HAS_DMA and since 'select' does not follow any
dependency chains.
Fixes this kconfig warning:
WARNING: unmet direct dependencies detected for USB_SNP_CORE
Depends on [n]: USB_SUPPORT [=y] && USB_GADGET [=y] && (USB_AMD5536UDC [=y] || USB_SNP_UDC_PLAT [=n]) && HAS_DMA [=n]
Selected by [y]:
- USB_AMD5536UDC [=y] && USB_SUPPORT [=y] && USB_GADGET [=y] && USB_PCI [=y]
Fixes: 97b3ffa233b9 ("usb: gadget: udc: amd5536: split core and PCI layer")
Cc: Raviteja Garimella <raviteja.garimella@broadcom.com>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: linux-usb@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20220709013601.7536-1-rdunlap@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/udc/Kconfig b/drivers/usb/gadget/udc/Kconfig
index f985bb4a42db..ccf2c736d495 100644
--- a/drivers/usb/gadget/udc/Kconfig
+++ b/drivers/usb/gadget/udc/Kconfig
@@ -311,7 +311,7 @@ source "drivers/usb/gadget/udc/bdc/Kconfig"
config USB_AMD5536UDC
tristate "AMD5536 UDC"
- depends on USB_PCI
+ depends on USB_PCI && HAS_DMA
select USB_SNP_CORE
help
The AMD5536 UDC is part of the AMD Geode CS5536, an x86 southbridge.
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 185/389] RDMA/hns: Fix incorrect clearing of interrupt status register
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 184/389] usb: gadget: udc: amd5536 depends on HAS_DMA Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 186/389] RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event Greg Kroah-Hartman
` (208 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haoyue Xu, Wenpeng Liang,
Leon Romanovsky, Sasha Levin
From: Haoyue Xu <xuhaoyue1@hisilicon.com>
[ Upstream commit ecb4db5c3590aa956b4b2c352081a5b632d1f9f9 ]
The driver will clear all the interrupts in the same area
when the driver handles the interrupt of type AEQ overflow.
It should only set the interrupt status bit of type AEQ overflow.
Fixes: a5073d6054f7 ("RDMA/hns: Add eq support of hip08")
Link: https://lore.kernel.org/r/20220714134353.16700-4-liangwenpeng@huawei.com
Signed-off-by: Haoyue Xu <xuhaoyue1@hisilicon.com>
Signed-off-by: Wenpeng Liang <liangwenpeng@huawei.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
index d01e3222c00c..28bbc4708fd4 100644
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -5216,8 +5216,8 @@ static irqreturn_t hns_roce_v2_msix_interrupt_abn(int irq, void *dev_id)
dev_err(dev, "AEQ overflow!\n");
- int_st |= 1 << HNS_ROCE_V2_VF_INT_ST_AEQ_OVERFLOW_S;
- roce_write(hr_dev, ROCEE_VF_ABN_INT_ST_REG, int_st);
+ roce_write(hr_dev, ROCEE_VF_ABN_INT_ST_REG,
+ 1 << HNS_ROCE_V2_VF_INT_ST_AEQ_OVERFLOW_S);
/* Set reset level for reset_event() */
if (ops->set_default_reset_request)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 186/389] RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 185/389] RDMA/hns: Fix incorrect clearing of interrupt status register Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 187/389] RDMA/hfi1: fix potential memory leak in setup_base_ctxt() Greg Kroah-Hartman
` (207 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cheng Xu, Leon Romanovsky, Sasha Levin
From: Cheng Xu <chengyou@linux.alibaba.com>
[ Upstream commit 3056fc6c32e613b760422b94c7617ac9a24a4721 ]
If siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't
been received completely, and should not report IW_CM_EVENT_CONNECT_REPLY
in this case. This may trigger a call trace in iw_cm. A simple way to
trigger this:
server: ib_send_lat
client: ib_send_lat -R <server_ip>
The call trace looks like this:
kernel BUG at drivers/infiniband/core/iwcm.c:894!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<...>
Workqueue: iw_cm_wq cm_work_handler [iw_cm]
Call Trace:
<TASK>
cm_work_handler+0x1dd/0x370 [iw_cm]
process_one_work+0x1e2/0x3b0
worker_thread+0x49/0x2e0
? rescuer_thread+0x370/0x370
kthread+0xe5/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
Fixes: 6c52fdc244b5 ("rdma/siw: connection management")
Link: https://lore.kernel.org/r/dae34b5fd5c2ea2bd9744812c1d2653a34a94c67.1657706960.git.chengyou@linux.alibaba.com
Signed-off-by: Cheng Xu <chengyou@linux.alibaba.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/siw/siw_cm.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c
index 3aed597103d3..69fcf21eaf52 100644
--- a/drivers/infiniband/sw/siw/siw_cm.c
+++ b/drivers/infiniband/sw/siw/siw_cm.c
@@ -725,11 +725,11 @@ static int siw_proc_mpareply(struct siw_cep *cep)
enum mpa_v2_ctrl mpa_p2p_mode = MPA_V2_RDMA_NO_RTR;
rv = siw_recv_mpa_rr(cep);
- if (rv != -EAGAIN)
- siw_cancel_mpatimer(cep);
if (rv)
goto out_err;
+ siw_cancel_mpatimer(cep);
+
rep = &cep->mpa.hdr;
if (__mpa_rr_revision(rep->params.bits) > MPA_REVISION_2) {
@@ -895,7 +895,8 @@ static int siw_proc_mpareply(struct siw_cep *cep)
}
out_err:
- siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY, -EINVAL);
+ if (rv != -EAGAIN)
+ siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY, -EINVAL);
return rv;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 187/389] RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 186/389] RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 188/389] gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() Greg Kroah-Hartman
` (206 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jianglei Nie, Dennis Dalessandro,
Leon Romanovsky, Sasha Levin
From: Jianglei Nie <niejianglei2021@163.com>
[ Upstream commit aa2a1df3a2c85f855af7d54466ac10bd48645d63 ]
setup_base_ctxt() allocates a memory chunk for uctxt->groups with
hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups
is not released, which will lead to a memory leak.
We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups()
when init_user_ctxt() fails.
Fixes: e87473bc1b6c ("IB/hfi1: Only set fd pointer when base context is completely initialized")
Link: https://lore.kernel.org/r/20220711070718.2318320-1-niejianglei2021@163.com
Signed-off-by: Jianglei Nie <niejianglei2021@163.com>
Acked-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/file_ops.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c
index 8c7ba7bad42b..efd977f70f9e 100644
--- a/drivers/infiniband/hw/hfi1/file_ops.c
+++ b/drivers/infiniband/hw/hfi1/file_ops.c
@@ -1224,8 +1224,10 @@ static int setup_base_ctxt(struct hfi1_filedata *fd,
goto done;
ret = init_user_ctxt(fd, uctxt);
- if (ret)
+ if (ret) {
+ hfi1_free_ctxt_rcv_groups(uctxt);
goto done;
+ }
user_init(uctxt);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 188/389] gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 187/389] RDMA/hfi1: fix potential memory leak in setup_base_ctxt() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 189/389] mmc: cavium-octeon: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (205 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Bartosz Golaszewski, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 5d07a692f9562f9c06e62cce369e9dd108173a0f ]
We should use of_node_get() when a new reference of device_node
is created. It is noted that the old reference stored in
'mm_gc->gc.of_node' should also be decreased.
This patch is based on the fact that there is a call site in function
'qe_add_gpiochips()' of src file 'drivers\soc\fsl\qe\gpio.c'. In this
function, of_mm_gpiochip_add_data() is contained in an iteration of
for_each_compatible_node() which will automatically increase and
decrease the refcount. So we need additional of_node_get() for the
reference escape in of_mm_gpiochip_add_data().
Fixes: a19e3da5bc5f ("of/gpio: Kill of_gpio_chip and add members directly to gpio_chip")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpiolib-of.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c
index b1dcd2dd52e6..73807c897391 100644
--- a/drivers/gpio/gpiolib-of.c
+++ b/drivers/gpio/gpiolib-of.c
@@ -734,7 +734,8 @@ int of_mm_gpiochip_add_data(struct device_node *np,
if (mm_gc->save_regs)
mm_gc->save_regs(mm_gc);
- mm_gc->gc.of_node = np;
+ of_node_put(mm_gc->gc.of_node);
+ mm_gc->gc.of_node = of_node_get(np);
ret = gpiochip_add_data(gc, data);
if (ret)
@@ -742,6 +743,7 @@ int of_mm_gpiochip_add_data(struct device_node *np,
return 0;
err2:
+ of_node_put(np);
iounmap(mm_gc->regs);
err1:
kfree(gc->label);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 189/389] mmc: cavium-octeon: Add of_node_put() when breaking out of loop
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 188/389] gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 190/389] mmc: cavium-thunderx: " Greg Kroah-Hartman
` (204 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Robert Richter,
Ulf Hansson, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 19bbb49acf8d7a03cb83e05624363741a4c3ec6f ]
In octeon_mmc_probe(), we should call of_node_put() when breaking
out of for_each_child_of_node() which has increased and decreased
the refcount during each iteration.
Fixes: 01d95843335c ("mmc: cavium: Add MMC support for Octeon SOCs.")
Signed-off-by: Liang He <windhl@126.com>
Acked-by: Robert Richter <rric@kernel.org>
Link: https://lore.kernel.org/r/20220719095216.1241601-1-windhl@126.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/cavium-octeon.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mmc/host/cavium-octeon.c b/drivers/mmc/host/cavium-octeon.c
index 22aded1065ae..2245452a44c8 100644
--- a/drivers/mmc/host/cavium-octeon.c
+++ b/drivers/mmc/host/cavium-octeon.c
@@ -288,6 +288,7 @@ static int octeon_mmc_probe(struct platform_device *pdev)
if (ret) {
dev_err(&pdev->dev, "Error populating slots\n");
octeon_mmc_set_shared_power(host, 0);
+ of_node_put(cn);
goto error;
}
i++;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 190/389] mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 189/389] mmc: cavium-octeon: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 191/389] HID: alps: Declare U1_UNICORN_LEGACY support Greg Kroah-Hartman
` (203 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Robert Richter,
Ulf Hansson, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 7ee480795e41db314f2c445c65ed854a5d6e8e32 ]
In thunder_mmc_probe(), we should call of_node_put() when breaking
out of for_each_child_of_node() which has increased and decreased
the refcount during each iteration.
Fixes: 166bac38c3c5 ("mmc: cavium: Add MMC PCI driver for ThunderX SOCs")
Signed-off-by: Liang He <windhl@126.com>
Acked-by: Robert Richter <rric@kernel.org>
Link: https://lore.kernel.org/r/20220719095216.1241601-2-windhl@126.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/cavium-thunderx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/host/cavium-thunderx.c b/drivers/mmc/host/cavium-thunderx.c
index eee08d81b242..f79806e31e7e 100644
--- a/drivers/mmc/host/cavium-thunderx.c
+++ b/drivers/mmc/host/cavium-thunderx.c
@@ -138,8 +138,10 @@ static int thunder_mmc_probe(struct pci_dev *pdev,
continue;
ret = cvm_mmc_of_slot_probe(&host->slot_pdev[i]->dev, host);
- if (ret)
+ if (ret) {
+ of_node_put(child_node);
goto error;
+ }
}
i++;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 191/389] HID: alps: Declare U1_UNICORN_LEGACY support
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 190/389] mmc: cavium-thunderx: " Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 192/389] PCI: tegra194: Fix Root Port interrupt handling Greg Kroah-Hartman
` (202 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Artem Borisov, Jiri Kosina, Sasha Levin
From: Artem Borisov <dedsa2002@gmail.com>
[ Upstream commit 1117d182c5d72abd7eb8b7d5e7b8c3373181c3ab ]
U1_UNICORN_LEGACY id was added to the driver, but was not declared
in the device id table, making it impossible to use.
Fixes: 640e403 ("HID: alps: Add AUI1657 device ID")
Signed-off-by: Artem Borisov <dedsa2002@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-alps.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/hid/hid-alps.c b/drivers/hid/hid-alps.c
index 2477b2a3f7c3..464a48906d01 100644
--- a/drivers/hid/hid-alps.c
+++ b/drivers/hid/hid-alps.c
@@ -831,6 +831,8 @@ static const struct hid_device_id alps_id[] = {
USB_VENDOR_ID_ALPS_JP, HID_DEVICE_ID_ALPS_U1_DUAL) },
{ HID_DEVICE(HID_BUS_ANY, HID_GROUP_ANY,
USB_VENDOR_ID_ALPS_JP, HID_DEVICE_ID_ALPS_U1) },
+ { HID_DEVICE(HID_BUS_ANY, HID_GROUP_ANY,
+ USB_VENDOR_ID_ALPS_JP, HID_DEVICE_ID_ALPS_U1_UNICORN_LEGACY) },
{ HID_DEVICE(HID_BUS_ANY, HID_GROUP_ANY,
USB_VENDOR_ID_ALPS_JP, HID_DEVICE_ID_ALPS_T4_BTNLESS) },
{ }
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 192/389] PCI: tegra194: Fix Root Port interrupt handling
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 191/389] HID: alps: Declare U1_UNICORN_LEGACY support Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 193/389] PCI: tegra194: Fix link up retry sequence Greg Kroah-Hartman
` (201 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vidya Sagar, Bjorn Helgaas, Sasha Levin
From: Vidya Sagar <vidyas@nvidia.com>
[ Upstream commit 6646e99bcec627e866bc84365af37942c72b4b76 ]
As part of Root Port interrupt handling, level-0 register is read first and
based on the bits set in that, corresponding level-1 registers are read for
further interrupt processing. Since both these values are currently read
into the same 'val' variable, checking level-0 bits the second time around
is happening on the 'val' variable value of level-1 register contents
instead of freshly reading the level-0 value again.
Fix by using different variables to store level-0 and level-1 registers
contents.
Link: https://lore.kernel.org/r/20220721142052.25971-11-vidyas@nvidia.com
Fixes: 56e15a238d92 ("PCI: tegra: Add Tegra194 PCIe support")
Signed-off-by: Vidya Sagar <vidyas@nvidia.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-tegra194.c | 46 +++++++++++-----------
1 file changed, 22 insertions(+), 24 deletions(-)
diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c
index c06b05ab9f78..c7ac61a6080b 100644
--- a/drivers/pci/controller/dwc/pcie-tegra194.c
+++ b/drivers/pci/controller/dwc/pcie-tegra194.c
@@ -345,15 +345,14 @@ static irqreturn_t tegra_pcie_rp_irq_handler(struct tegra_pcie_dw *pcie)
{
struct dw_pcie *pci = &pcie->pci;
struct pcie_port *pp = &pci->pp;
- u32 val, tmp;
+ u32 val, status_l0, status_l1;
u16 val_w;
- val = appl_readl(pcie, APPL_INTR_STATUS_L0);
- if (val & APPL_INTR_STATUS_L0_LINK_STATE_INT) {
- val = appl_readl(pcie, APPL_INTR_STATUS_L1_0_0);
- if (val & APPL_INTR_STATUS_L1_0_0_LINK_REQ_RST_NOT_CHGED) {
- appl_writel(pcie, val, APPL_INTR_STATUS_L1_0_0);
-
+ status_l0 = appl_readl(pcie, APPL_INTR_STATUS_L0);
+ if (status_l0 & APPL_INTR_STATUS_L0_LINK_STATE_INT) {
+ status_l1 = appl_readl(pcie, APPL_INTR_STATUS_L1_0_0);
+ appl_writel(pcie, status_l1, APPL_INTR_STATUS_L1_0_0);
+ if (status_l1 & APPL_INTR_STATUS_L1_0_0_LINK_REQ_RST_NOT_CHGED) {
/* SBR & Surprise Link Down WAR */
val = appl_readl(pcie, APPL_CAR_RESET_OVRD);
val &= ~APPL_CAR_RESET_OVRD_CYA_OVERRIDE_CORE_RST_N;
@@ -369,15 +368,15 @@ static irqreturn_t tegra_pcie_rp_irq_handler(struct tegra_pcie_dw *pcie)
}
}
- if (val & APPL_INTR_STATUS_L0_INT_INT) {
- val = appl_readl(pcie, APPL_INTR_STATUS_L1_8_0);
- if (val & APPL_INTR_STATUS_L1_8_0_AUTO_BW_INT_STS) {
+ if (status_l0 & APPL_INTR_STATUS_L0_INT_INT) {
+ status_l1 = appl_readl(pcie, APPL_INTR_STATUS_L1_8_0);
+ if (status_l1 & APPL_INTR_STATUS_L1_8_0_AUTO_BW_INT_STS) {
appl_writel(pcie,
APPL_INTR_STATUS_L1_8_0_AUTO_BW_INT_STS,
APPL_INTR_STATUS_L1_8_0);
apply_bad_link_workaround(pp);
}
- if (val & APPL_INTR_STATUS_L1_8_0_BW_MGT_INT_STS) {
+ if (status_l1 & APPL_INTR_STATUS_L1_8_0_BW_MGT_INT_STS) {
appl_writel(pcie,
APPL_INTR_STATUS_L1_8_0_BW_MGT_INT_STS,
APPL_INTR_STATUS_L1_8_0);
@@ -389,25 +388,24 @@ static irqreturn_t tegra_pcie_rp_irq_handler(struct tegra_pcie_dw *pcie)
}
}
- val = appl_readl(pcie, APPL_INTR_STATUS_L0);
- if (val & APPL_INTR_STATUS_L0_CDM_REG_CHK_INT) {
- val = appl_readl(pcie, APPL_INTR_STATUS_L1_18);
- tmp = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS);
- if (val & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMPLT) {
+ if (status_l0 & APPL_INTR_STATUS_L0_CDM_REG_CHK_INT) {
+ status_l1 = appl_readl(pcie, APPL_INTR_STATUS_L1_18);
+ val = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS);
+ if (status_l1 & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMPLT) {
dev_info(pci->dev, "CDM check complete\n");
- tmp |= PCIE_PL_CHK_REG_CHK_REG_COMPLETE;
+ val |= PCIE_PL_CHK_REG_CHK_REG_COMPLETE;
}
- if (val & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMP_ERR) {
+ if (status_l1 & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMP_ERR) {
dev_err(pci->dev, "CDM comparison mismatch\n");
- tmp |= PCIE_PL_CHK_REG_CHK_REG_COMPARISON_ERROR;
+ val |= PCIE_PL_CHK_REG_CHK_REG_COMPARISON_ERROR;
}
- if (val & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_LOGIC_ERR) {
+ if (status_l1 & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_LOGIC_ERR) {
dev_err(pci->dev, "CDM Logic error\n");
- tmp |= PCIE_PL_CHK_REG_CHK_REG_LOGIC_ERROR;
+ val |= PCIE_PL_CHK_REG_CHK_REG_LOGIC_ERROR;
}
- dw_pcie_writel_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS, tmp);
- tmp = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_ERR_ADDR);
- dev_err(pci->dev, "CDM Error Address Offset = 0x%08X\n", tmp);
+ dw_pcie_writel_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS, val);
+ val = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_ERR_ADDR);
+ dev_err(pci->dev, "CDM Error Address Offset = 0x%08X\n", val);
}
return IRQ_HANDLED;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 193/389] PCI: tegra194: Fix link up retry sequence
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 192/389] PCI: tegra194: Fix Root Port interrupt handling Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 194/389] USB: serial: fix tty-port initialized comments Greg Kroah-Hartman
` (200 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vidya Sagar, Bjorn Helgaas, Sasha Levin
From: Vidya Sagar <vidyas@nvidia.com>
[ Upstream commit e05fd6ae77c3e2cc0dba283005d24b6d56d2b1fa ]
Add the missing DLF capability offset while clearing DL_FEATURE_EXCHANGE_EN
bit during link up retry.
Link: https://lore.kernel.org/r/20220721142052.25971-15-vidyas@nvidia.com
Fixes: 56e15a238d92 ("PCI: tegra: Add Tegra194 PCIe support")
Signed-off-by: Vidya Sagar <vidyas@nvidia.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-tegra194.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c
index c7ac61a6080b..120d64c1a27f 100644
--- a/drivers/pci/controller/dwc/pcie-tegra194.c
+++ b/drivers/pci/controller/dwc/pcie-tegra194.c
@@ -854,7 +854,7 @@ static int tegra_pcie_dw_host_init(struct pcie_port *pp)
offset = dw_pcie_find_ext_capability(pci, PCI_EXT_CAP_ID_DLF);
val = dw_pcie_readl_dbi(pci, offset + PCI_DLF_CAP);
val &= ~PCI_DLF_EXCHANGE_ENABLE;
- dw_pcie_writel_dbi(pci, offset, val);
+ dw_pcie_writel_dbi(pci, offset + PCI_DLF_CAP, val);
tegra_pcie_prepare_host(pp);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 194/389] USB: serial: fix tty-port initialized comments
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 193/389] PCI: tegra194: Fix link up retry sequence Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 195/389] platform/olpc: Fix uninitialized data in debugfs write Greg Kroah-Hartman
` (199 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Johan Hovold, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit 688ee1d1785c1359f9040f615dd8e6054962bce2 ]
Fix up the tty-port initialized comments which got truncated and
obfuscated when replacing the old ASYNCB_INITIALIZED flag.
Fixes: d41861ca19c9 ("tty: Replace ASYNC_INITIALIZED bit and update atomically")
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/serial/sierra.c | 3 ++-
drivers/usb/serial/usb-serial.c | 2 +-
drivers/usb/serial/usb_wwan.c | 3 ++-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/serial/sierra.c b/drivers/usb/serial/sierra.c
index a43263a0edd8..891e52bc5002 100644
--- a/drivers/usb/serial/sierra.c
+++ b/drivers/usb/serial/sierra.c
@@ -757,7 +757,8 @@ static void sierra_close(struct usb_serial_port *port)
/*
* Need to take susp_lock to make sure port is not already being
- * resumed, but no need to hold it due to initialized
+ * resumed, but no need to hold it due to the tty-port initialized
+ * flag.
*/
spin_lock_irq(&intfdata->susp_lock);
if (--intfdata->open_ports == 0)
diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c
index dc7a65b9ec98..2a2469b76cc5 100644
--- a/drivers/usb/serial/usb-serial.c
+++ b/drivers/usb/serial/usb-serial.c
@@ -254,7 +254,7 @@ static int serial_open(struct tty_struct *tty, struct file *filp)
*
* Shut down a USB serial port. Serialized against activate by the
* tport mutex and kept to matching open/close pairs
- * of calls by the initialized flag.
+ * of calls by the tty-port initialized flag.
*
* Not called if tty is console.
*/
diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c
index b2285d5a869d..628a75d1232a 100644
--- a/drivers/usb/serial/usb_wwan.c
+++ b/drivers/usb/serial/usb_wwan.c
@@ -435,7 +435,8 @@ void usb_wwan_close(struct usb_serial_port *port)
/*
* Need to take susp_lock to make sure port is not already being
- * resumed, but no need to hold it due to initialized
+ * resumed, but no need to hold it due to the tty-port initialized
+ * flag.
*/
spin_lock_irq(&intfdata->susp_lock);
if (--intfdata->open_ports == 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 195/389] platform/olpc: Fix uninitialized data in debugfs write
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 194/389] USB: serial: fix tty-port initialized comments Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 196/389] mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region Greg Kroah-Hartman
` (198 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans de Goede, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 40ec787e1adf302c11668d4cc69838f4d584187d ]
The call to:
size = simple_write_to_buffer(cmdbuf, sizeof(cmdbuf), ppos, buf, size);
will succeed if at least one byte is written to the "cmdbuf" buffer.
The "*ppos" value controls which byte is written. Another problem is
that this code does not check for errors so it's possible for the entire
buffer to be uninitialized.
Inintialize the struct to zero to prevent reading uninitialized stack
data.
Debugfs is normally only writable by root so the impact of this bug is
very minimal.
Fixes: 6cca83d498bd ("Platform: OLPC: move debugfs support from x86 EC driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YthIKn+TfZSZMEcM@kili
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/olpc/olpc-ec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/platform/olpc/olpc-ec.c b/drivers/platform/olpc/olpc-ec.c
index 2db7113383fd..89d9fca02fe9 100644
--- a/drivers/platform/olpc/olpc-ec.c
+++ b/drivers/platform/olpc/olpc-ec.c
@@ -265,7 +265,7 @@ static ssize_t ec_dbgfs_cmd_write(struct file *file, const char __user *buf,
int i, m;
unsigned char ec_cmd[EC_MAX_CMD_ARGS];
unsigned int ec_cmd_int[EC_MAX_CMD_ARGS];
- char cmdbuf[64];
+ char cmdbuf[64] = "";
int ec_cmd_bytes;
mutex_lock(&ec_dbgfs_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 196/389] mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 195/389] platform/olpc: Fix uninitialized data in debugfs write Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 197/389] RDMA/rxe: Fix error unwind in rxe_create_qp() Greg Kroah-Hartman
` (197 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaohe Lin, Andrew Morton, Sasha Levin
From: Miaohe Lin <linmiaohe@huawei.com>
[ Upstream commit 7f82f922319ede486540e8746769865b9508d2c2 ]
Since the beginning, charged is set to 0 to avoid calling vm_unacct_memory
twice because vm_unacct_memory will be called by above unmap_region. But
since commit 4f74d2c8e827 ("vm: remove 'nr_accounted' calculations from
the unmap_vmas() interfaces"), unmap_region doesn't call vm_unacct_memory
anymore. So charged shouldn't be set to 0 now otherwise the calling to
paired vm_unacct_memory will be missed and leads to imbalanced account.
Link: https://lkml.kernel.org/r/20220618082027.43391-1-linmiaohe@huawei.com
Fixes: 4f74d2c8e827 ("vm: remove 'nr_accounted' calculations from the unmap_vmas() interfaces")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/mmap.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/mm/mmap.c b/mm/mmap.c
index 88e686367776..8873ef114d28 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1860,7 +1860,6 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
/* Undo any partial mapping done by a device driver. */
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
- charged = 0;
if (vm_flags & VM_SHARED)
mapping_unmap_writable(file->f_mapping);
allow_write_and_free_vma:
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 197/389] RDMA/rxe: Fix error unwind in rxe_create_qp()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 196/389] mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 198/389] null_blk: fix ida error handling in null_add_dev() Greg Kroah-Hartman
` (196 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+833061116fa28df97f3b,
Zhu Yanjun, Jason Gunthorpe, Sasha Levin
From: Zhu Yanjun <yanjun.zhu@linux.dev>
[ Upstream commit fd5382c5805c4bcb50fd25b7246247d3f7114733 ]
In the function rxe_create_qp(), rxe_qp_from_init() is called to
initialize qp, internally things like the spin locks are not setup until
rxe_qp_init_req().
If an error occures before this point then the unwind will call
rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()
which will oops when trying to access the uninitialized spinlock.
Move the spinlock initializations earlier before any failures.
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Link: https://lore.kernel.org/r/20220731063621.298405-1-yanjun.zhu@linux.dev
Reported-by: syzbot+833061116fa28df97f3b@syzkaller.appspotmail.com
Signed-off-by: Zhu Yanjun <yanjun.zhu@linux.dev>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/sw/rxe/rxe_qp.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_qp.c b/drivers/infiniband/sw/rxe/rxe_qp.c
index 53166b9ae67e..57f111fe5443 100644
--- a/drivers/infiniband/sw/rxe/rxe_qp.c
+++ b/drivers/infiniband/sw/rxe/rxe_qp.c
@@ -211,6 +211,14 @@ static void rxe_qp_init_misc(struct rxe_dev *rxe, struct rxe_qp *qp,
spin_lock_init(&qp->grp_lock);
spin_lock_init(&qp->state_lock);
+ spin_lock_init(&qp->req.task.state_lock);
+ spin_lock_init(&qp->resp.task.state_lock);
+ spin_lock_init(&qp->comp.task.state_lock);
+
+ spin_lock_init(&qp->sq.sq_lock);
+ spin_lock_init(&qp->rq.producer_lock);
+ spin_lock_init(&qp->rq.consumer_lock);
+
atomic_set(&qp->ssn, 0);
atomic_set(&qp->skb_out, 0);
}
@@ -268,7 +276,6 @@ static int rxe_qp_init_req(struct rxe_dev *rxe, struct rxe_qp *qp,
qp->req.opcode = -1;
qp->comp.opcode = -1;
- spin_lock_init(&qp->sq.sq_lock);
skb_queue_head_init(&qp->req_pkts);
rxe_init_task(rxe, &qp->req.task, qp,
@@ -318,9 +325,6 @@ static int rxe_qp_init_resp(struct rxe_dev *rxe, struct rxe_qp *qp,
}
}
- spin_lock_init(&qp->rq.producer_lock);
- spin_lock_init(&qp->rq.consumer_lock);
-
skb_queue_head_init(&qp->resp_pkts);
rxe_init_task(rxe, &qp->resp.task, qp,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 198/389] null_blk: fix ida error handling in null_add_dev()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 197/389] RDMA/rxe: Fix error unwind in rxe_create_qp() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 199/389] jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() Greg Kroah-Hartman
` (195 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Jens Axboe, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit ee452a8d984f94fa8e894f003a52e776e4572881 ]
There needs to be some error checking if ida_simple_get() fails.
Also call ida_free() if there are errors later.
Fixes: 94bc02e30fb8 ("nullb: use ida to manage index")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YtEhXsr6vJeoiYhd@kili
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/null_blk_main.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/block/null_blk_main.c b/drivers/block/null_blk_main.c
index 13eae973eaea..6cbdd8a691d2 100644
--- a/drivers/block/null_blk_main.c
+++ b/drivers/block/null_blk_main.c
@@ -1711,8 +1711,13 @@ static int null_add_dev(struct nullb_device *dev)
blk_queue_flag_clear(QUEUE_FLAG_ADD_RANDOM, nullb->q);
mutex_lock(&lock);
- nullb->index = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
- dev->index = nullb->index;
+ rv = ida_simple_get(&nullb_indexes, 0, 0, GFP_KERNEL);
+ if (rv < 0) {
+ mutex_unlock(&lock);
+ goto out_cleanup_zone;
+ }
+ nullb->index = rv;
+ dev->index = rv;
mutex_unlock(&lock);
blk_queue_logical_block_size(nullb->q, dev->blocksize);
@@ -1724,13 +1729,16 @@ static int null_add_dev(struct nullb_device *dev)
rv = null_gendisk_register(nullb);
if (rv)
- goto out_cleanup_zone;
+ goto out_ida_free;
mutex_lock(&lock);
list_add_tail(&nullb->list, &nullb_list);
mutex_unlock(&lock);
return 0;
+
+out_ida_free:
+ ida_free(&nullb_indexes, nullb->index);
out_cleanup_zone:
if (dev->zoned)
null_zone_exit(dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 199/389] jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 198/389] null_blk: fix ida error handling in null_add_dev() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 200/389] ext4: recover csum seed of tmp_inode after migrating to extents Greg Kroah-Hartman
` (194 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Yi, Jan Kara, Theodore Tso,
Sasha Levin
From: Zhang Yi <yi.zhang@huawei.com>
[ Upstream commit a89573ce4ad32f19f43ec669771726817e185be0 ]
We catch an assert problem in jbd2_journal_commit_transaction() when
doing fsstress and request falut injection tests. The problem is
happened in a race condition between jbd2_journal_commit_transaction()
and ext4_end_io_end(). Firstly, ext4_writepages() writeback dirty pages
and start reserved handle, and then the journal was aborted due to some
previous metadata IO error, jbd2_journal_abort() start to commit current
running transaction, the committing procedure could be raced by
ext4_end_io_end() and lead to subtract j_reserved_credits twice from
commit_transaction->t_outstanding_credits, finally the
t_outstanding_credits is mistakenly smaller than t_nr_buffers and
trigger assert.
kjournald2 kworker
jbd2_journal_commit_transaction()
write_unlock(&journal->j_state_lock);
atomic_sub(j_reserved_credits, t_outstanding_credits); //sub once
jbd2_journal_start_reserved()
start_this_handle() //detect aborted journal
jbd2_journal_free_reserved() //get running transaction
read_lock(&journal->j_state_lock)
__jbd2_journal_unreserve_handle()
atomic_sub(j_reserved_credits, t_outstanding_credits);
//sub again
read_unlock(&journal->j_state_lock);
journal->j_running_transaction = NULL;
J_ASSERT(t_nr_buffers <= t_outstanding_credits) //bomb!!!
Fix this issue by using journal->j_state_lock to protect the subtraction
in jbd2_journal_commit_transaction().
Fixes: 96f1e0974575 ("jbd2: avoid long hold times of j_state_lock while committing a transaction")
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220611130426.2013258-1-yi.zhang@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jbd2/commit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
index d45ceb2e2149..8d5aced7ed0c 100644
--- a/fs/jbd2/commit.c
+++ b/fs/jbd2/commit.c
@@ -514,13 +514,13 @@ void jbd2_journal_commit_transaction(journal_t *journal)
*/
jbd2_journal_switch_revoke_table(journal);
+ write_lock(&journal->j_state_lock);
/*
* Reserved credits cannot be claimed anymore, free them
*/
atomic_sub(atomic_read(&journal->j_reserved_credits),
&commit_transaction->t_outstanding_credits);
- write_lock(&journal->j_state_lock);
trace_jbd2_commit_flushing(journal, commit_transaction);
stats.run.rs_flushing = jiffies;
stats.run.rs_locked = jbd2_time_diff(stats.run.rs_locked,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 200/389] ext4: recover csum seed of tmp_inode after migrating to extents
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 199/389] jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 201/389] jbd2: fix assertion jh->b_frozen_data == NULL failure when journal aborted Greg Kroah-Hartman
` (193 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Lingfeng, Jan Kara, Theodore Tso,
Sasha Levin
From: Li Lingfeng <lilingfeng3@huawei.com>
[ Upstream commit 07ea7a617d6b278fb7acedb5cbe1a81ce2de7d0c ]
When migrating to extents, the checksum seed of temporary inode
need to be replaced by inode's, otherwise the inode checksums
will be incorrect when swapping the inodes data.
However, the temporary inode can not match it's checksum to
itself since it has lost it's own checksum seed.
mkfs.ext4 -F /dev/sdc
mount /dev/sdc /mnt/sdc
xfs_io -fc "pwrite 4k 4k" -c "fsync" /mnt/sdc/testfile
chattr -e /mnt/sdc/testfile
chattr +e /mnt/sdc/testfile
umount /dev/sdc
fsck -fn /dev/sdc
========
...
Pass 1: Checking inodes, blocks, and sizes
Inode 13 passes checks, but checksum does not match inode. Fix? no
...
========
The fix is simple, save the checksum seed of temporary inode, and
recover it after migrating to extents.
Fixes: e81c9302a6c3 ("ext4: set csum seed in tmp inode while migrating to extents")
Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220617062515.2113438-1-lilingfeng3@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/migrate.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c
index c5b2ea1a9372..1faa8e4ffb9d 100644
--- a/fs/ext4/migrate.c
+++ b/fs/ext4/migrate.c
@@ -435,7 +435,7 @@ int ext4_ext_migrate(struct inode *inode)
struct inode *tmp_inode = NULL;
struct migrate_struct lb;
unsigned long max_entries;
- __u32 goal;
+ __u32 goal, tmp_csum_seed;
uid_t owner[2];
/*
@@ -483,6 +483,7 @@ int ext4_ext_migrate(struct inode *inode)
* the migration.
*/
ei = EXT4_I(inode);
+ tmp_csum_seed = EXT4_I(tmp_inode)->i_csum_seed;
EXT4_I(tmp_inode)->i_csum_seed = ei->i_csum_seed;
i_size_write(tmp_inode, i_size_read(inode));
/*
@@ -593,6 +594,7 @@ int ext4_ext_migrate(struct inode *inode)
* the inode is not visible to user space.
*/
tmp_inode->i_blocks = 0;
+ EXT4_I(tmp_inode)->i_csum_seed = tmp_csum_seed;
/* Reset the extent details */
ext4_ext_tree_init(handle, tmp_inode);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 201/389] jbd2: fix assertion jh->b_frozen_data == NULL failure when journal aborted
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 200/389] ext4: recover csum seed of tmp_inode after migrating to extents Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 202/389] opp: Fix error check in dev_pm_opp_attach_genpd() Greg Kroah-Hartman
` (192 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Theodore Tso, Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit 4a734f0869f970b8a9b65062ea40b09a5da9dba8 ]
Following process will fail assertion 'jh->b_frozen_data == NULL' in
jbd2_journal_dirty_metadata():
jbd2_journal_commit_transaction
unlink(dir/a)
jh->b_transaction = trans1
jh->b_jlist = BJ_Metadata
journal->j_running_transaction = NULL
trans1->t_state = T_COMMIT
unlink(dir/b)
handle->h_trans = trans2
do_get_write_access
jh->b_modified = 0
jh->b_frozen_data = frozen_buffer
jh->b_next_transaction = trans2
jbd2_journal_dirty_metadata
is_handle_aborted
is_journal_aborted // return false
--> jbd2 abort <--
while (commit_transaction->t_buffers)
if (is_journal_aborted)
jbd2_journal_refile_buffer
__jbd2_journal_refile_buffer
WRITE_ONCE(jh->b_transaction,
jh->b_next_transaction)
WRITE_ONCE(jh->b_next_transaction, NULL)
__jbd2_journal_file_buffer(jh, BJ_Reserved)
J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !
The reproducer (See detail in [Link]) reports:
------------[ cut here ]------------
kernel BUG at fs/jbd2/transaction.c:1629!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 2 PID: 584 Comm: unlink Tainted: G W
5.19.0-rc6-00115-g4a57a8400075-dirty #697
RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470
RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202
Call Trace:
<TASK>
__ext4_handle_dirty_metadata+0xa0/0x290
ext4_handle_dirty_dirblock+0x10c/0x1d0
ext4_delete_entry+0x104/0x200
__ext4_unlink+0x22b/0x360
ext4_unlink+0x275/0x390
vfs_unlink+0x20b/0x4c0
do_unlinkat+0x42f/0x4c0
__x64_sys_unlink+0x37/0x50
do_syscall_64+0x35/0x80
After journal aborting, __jbd2_journal_refile_buffer() is executed with
holding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()'
into the area protected by @jh->b_state_lock.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216251
Fixes: 470decc613ab20 ("[PATCH] jbd2: initial copy of files from jbd")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Link: https://lore.kernel.org/r/20220715125152.4022726-1-chengzhihao1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jbd2/transaction.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
index be05fb96757c..e0bd73140415 100644
--- a/fs/jbd2/transaction.c
+++ b/fs/jbd2/transaction.c
@@ -1375,8 +1375,6 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
struct journal_head *jh;
int ret = 0;
- if (is_handle_aborted(handle))
- return -EROFS;
if (!buffer_jbd(bh))
return -EUCLEAN;
@@ -1423,6 +1421,18 @@ int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
journal = transaction->t_journal;
jbd_lock_bh_state(bh);
+ if (is_handle_aborted(handle)) {
+ /*
+ * Check journal aborting with @jh->b_state_lock locked,
+ * since 'jh->b_transaction' could be replaced with
+ * 'jh->b_next_transaction' during old transaction
+ * committing if journal aborted, which may fail
+ * assertion on 'jh->b_frozen_data == NULL'.
+ */
+ ret = -EROFS;
+ goto out_unlock_bh;
+ }
+
if (jh->b_modified == 0) {
/*
* This buffer's got modified and becoming part
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 202/389] opp: Fix error check in dev_pm_opp_attach_genpd()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 201/389] jbd2: fix assertion jh->b_frozen_data == NULL failure when journal aborted Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 203/389] ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe Greg Kroah-Hartman
` (191 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tang Bin, Viresh Kumar, Sasha Levin
From: Tang Bin <tangbin@cmss.chinamobile.com>
[ Upstream commit 4ea9496cbc959eb5c78f3e379199aca9ef4e386b ]
dev_pm_domain_attach_by_name() may return NULL in some cases,
so IS_ERR() doesn't meet the requirements. Thus fix it.
Fixes: 6319aee10e53 ("opp: Attach genpds to devices from within OPP core")
Signed-off-by: Tang Bin <tangbin@cmss.chinamobile.com>
[ Viresh: Replace ENODATA with ENODEV ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/opp/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 088c93dc0085..08f5d1c3d665 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -1881,8 +1881,8 @@ struct opp_table *dev_pm_opp_attach_genpd(struct device *dev,
}
virt_dev = dev_pm_domain_attach_by_name(dev, *name);
- if (IS_ERR(virt_dev)) {
- ret = PTR_ERR(virt_dev);
+ if (IS_ERR_OR_NULL(virt_dev)) {
+ ret = PTR_ERR(virt_dev) ? : -ENODEV;
dev_err(dev, "Couldn't attach to pm_domain: %d\n", ret);
goto err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 203/389] ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 202/389] opp: Fix error check in dev_pm_opp_attach_genpd() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 204/389] ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe Greg Kroah-Hartman
` (190 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit ae4f11c1ed2d67192fdf3d89db719ee439827c11 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Fix missing of_node_put() in error paths.
Fixes: 94319ba10eca ("ASoC: mediatek: Use platform_of_node for machine drivers")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220602034144.60159-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c
index 727ff0f7f20b..8e1e60a9b45c 100644
--- a/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c
+++ b/sound/soc/mediatek/mt8173/mt8173-rt5650-rt5676.c
@@ -256,14 +256,16 @@ static int mt8173_rt5650_rt5676_dev_probe(struct platform_device *pdev)
if (!mt8173_rt5650_rt5676_dais[DAI_LINK_CODEC_I2S].codecs[0].of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_node;
}
mt8173_rt5650_rt5676_dais[DAI_LINK_CODEC_I2S].codecs[1].of_node =
of_parse_phandle(pdev->dev.of_node, "mediatek,audio-codec", 1);
if (!mt8173_rt5650_rt5676_dais[DAI_LINK_CODEC_I2S].codecs[1].of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_node;
}
mt8173_rt5650_rt5676_codec_conf[0].of_node =
mt8173_rt5650_rt5676_dais[DAI_LINK_CODEC_I2S].codecs[1].of_node;
@@ -276,7 +278,8 @@ static int mt8173_rt5650_rt5676_dev_probe(struct platform_device *pdev)
if (!mt8173_rt5650_rt5676_dais[DAI_LINK_HDMI_I2S].codecs->of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_node;
}
card->dev = &pdev->dev;
@@ -286,6 +289,7 @@ static int mt8173_rt5650_rt5676_dev_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+put_node:
of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 204/389] ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 203/389] ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 205/389] ASoC: codecs: da7210: add check for i2c_add_driver Greg Kroah-Hartman
` (189 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 7472eb8d7dd12b6b9b1a4f4527719cc9c7f5965f ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: f0ab0bf250da ("ASoC: add mt6797-mt6351 driver and config option")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220603083417.9011-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt6797/mt6797-mt6351.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sound/soc/mediatek/mt6797/mt6797-mt6351.c b/sound/soc/mediatek/mt6797/mt6797-mt6351.c
index 496f32bcfb5e..d2f6213a6bfc 100644
--- a/sound/soc/mediatek/mt6797/mt6797-mt6351.c
+++ b/sound/soc/mediatek/mt6797/mt6797-mt6351.c
@@ -217,7 +217,8 @@ static int mt6797_mt6351_dev_probe(struct platform_device *pdev)
if (!codec_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
for_each_card_prelinks(card, i, dai_link) {
if (dai_link->codecs->name)
@@ -230,6 +231,9 @@ static int mt6797_mt6351_dev_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+ of_node_put(codec_node);
+put_platform_node:
+ of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 205/389] ASoC: codecs: da7210: add check for i2c_add_driver
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 204/389] ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 206/389] ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe Greg Kroah-Hartman
` (188 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Mark Brown, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 82fa8f581a954ddeec1602bed9f8b4a09d100e6e ]
As i2c_add_driver could return error if fails, it should be
better to check the return value.
However, if the CONFIG_I2C and CONFIG_SPI_MASTER are both true,
the return value of i2c_add_driver will be covered by
spi_register_driver.
Therefore, it is necessary to add check and return error if fails.
Fixes: aa0e25caafb7 ("ASoC: da7210: Add support for spi regmap")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220531094712.2376759-1-jiasheng@iscas.ac.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/da7210.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/codecs/da7210.c b/sound/soc/codecs/da7210.c
index e172913d04a4..efc5049c0796 100644
--- a/sound/soc/codecs/da7210.c
+++ b/sound/soc/codecs/da7210.c
@@ -1333,6 +1333,8 @@ static int __init da7210_modinit(void)
int ret = 0;
#if IS_ENABLED(CONFIG_I2C)
ret = i2c_add_driver(&da7210_i2c_driver);
+ if (ret)
+ return ret;
#endif
#if defined(CONFIG_SPI_MASTER)
ret = spi_register_driver(&da7210_spi_driver);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 206/389] ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 205/389] ASoC: codecs: da7210: add check for i2c_add_driver Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 207/389] serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() Greg Kroah-Hartman
` (187 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Mark Brown, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit efe2178d1a32492f99e7f1f2568eea5c88a85729 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Fix refcount leak in some error paths.
Fixes: 0f83f9296d5c ("ASoC: mediatek: Add machine driver for ALC5650 codec")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220603124243.31358-1-linmq006@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/mediatek/mt8173/mt8173-rt5650.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/sound/soc/mediatek/mt8173/mt8173-rt5650.c b/sound/soc/mediatek/mt8173/mt8173-rt5650.c
index 21e7d4d3ded5..cdfc697ad94e 100644
--- a/sound/soc/mediatek/mt8173/mt8173-rt5650.c
+++ b/sound/soc/mediatek/mt8173/mt8173-rt5650.c
@@ -266,7 +266,8 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev)
if (!mt8173_rt5650_dais[DAI_LINK_CODEC_I2S].codecs[0].of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
mt8173_rt5650_dais[DAI_LINK_CODEC_I2S].codecs[1].of_node =
mt8173_rt5650_dais[DAI_LINK_CODEC_I2S].codecs[0].of_node;
@@ -279,7 +280,7 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev)
dev_err(&pdev->dev,
"%s codec_capture_dai name fail %d\n",
__func__, ret);
- return ret;
+ goto put_platform_node;
}
mt8173_rt5650_dais[DAI_LINK_CODEC_I2S].codecs[1].dai_name =
codec_capture_dai;
@@ -301,7 +302,8 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev)
if (!mt8173_rt5650_dais[DAI_LINK_HDMI_I2S].codecs->of_node) {
dev_err(&pdev->dev,
"Property 'audio-codec' missing or invalid\n");
- return -EINVAL;
+ ret = -EINVAL;
+ goto put_platform_node;
}
card->dev = &pdev->dev;
@@ -310,6 +312,7 @@ static int mt8173_rt5650_dev_probe(struct platform_device *pdev)
dev_err(&pdev->dev, "%s snd_soc_register_card fail %d\n",
__func__, ret);
+put_platform_node:
of_node_put(platform_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 207/389] serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 206/389] ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 208/389] ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV Greg Kroah-Hartman
` (186 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit af14f3007e2dca0d112f10f6717ba43093f74e81 ]
Make sure LSR flags are preserved in dw8250_tx_wait_empty(). This
function is called from a low-level out function and therefore cannot
call serial_lsr_in() as it would lead to infinite recursion.
It is borderline if the flags need to be saved here at all since this
code relates to writing LCR register which usually implies no important
characters should be arriving.
Fixes: 914eaf935ec7 ("serial: 8250_dw: Allow TX FIFO to drain before writing to UART_LCR")
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220608095431.18376-7-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_dw.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c
index 381c5117aec1..2d5a039229ac 100644
--- a/drivers/tty/serial/8250/8250_dw.c
+++ b/drivers/tty/serial/8250/8250_dw.c
@@ -110,12 +110,15 @@ static void dw8250_check_lcr(struct uart_port *p, int value)
/* Returns once the transmitter is empty or we run out of retries */
static void dw8250_tx_wait_empty(struct uart_port *p)
{
+ struct uart_8250_port *up = up_to_u8250p(p);
unsigned int tries = 20000;
unsigned int delay_threshold = tries - 1000;
unsigned int lsr;
while (tries--) {
lsr = readb (p->membase + (UART_LSR << p->regshift));
+ up->lsr_saved_flags |= lsr & LSR_SAVE_FLAGS;
+
if (lsr & UART_LSR_TEMT)
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 208/389] ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 207/389] serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 209/389] ASoC: codecs: wcd9335: " Greg Kroah-Hartman
` (185 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla, Mark Brown, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit 5babb012c847beb6c8c7108fd78f650b7a2c6054 ]
move all the digital gains form using SX_TLV to S8_TLV, these gains are
actually 8 bit gains with 7th signed bit and ranges from -84dB to +40dB
rest of the Qualcomm wcd codecs uses these properly.
Fixes: ef8a4757a6db ("ASoC: msm8916-wcd-digital: Add sidetone support")
Fixes: 150db8c5afa1 ("ASoC: codecs: Add msm8916-wcd digital codec")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220609111901.318047-2-srinivas.kandagatla@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/msm8916-wcd-digital.c | 46 +++++++++++++-------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/sound/soc/codecs/msm8916-wcd-digital.c b/sound/soc/codecs/msm8916-wcd-digital.c
index e4cde214b7b2..6e5bce4f5eb2 100644
--- a/sound/soc/codecs/msm8916-wcd-digital.c
+++ b/sound/soc/codecs/msm8916-wcd-digital.c
@@ -328,8 +328,8 @@ static const struct snd_kcontrol_new rx1_mix2_inp1_mux = SOC_DAPM_ENUM(
static const struct snd_kcontrol_new rx2_mix2_inp1_mux = SOC_DAPM_ENUM(
"RX2 MIX2 INP1 Mux", rx2_mix2_inp1_chain_enum);
-/* Digital Gain control -38.4 dB to +38.4 dB in 0.3 dB steps */
-static const DECLARE_TLV_DB_SCALE(digital_gain, -3840, 30, 0);
+/* Digital Gain control -84 dB to +40 dB in 1 dB steps */
+static const DECLARE_TLV_DB_SCALE(digital_gain, -8400, 100, -8400);
/* Cutoff Freq for High Pass Filter at -3dB */
static const char * const hpf_cutoff_text[] = {
@@ -510,15 +510,15 @@ static int wcd_iir_filter_info(struct snd_kcontrol *kcontrol,
static const struct snd_kcontrol_new msm8916_wcd_digital_snd_controls[] = {
SOC_SINGLE_S8_TLV("RX1 Digital Volume", LPASS_CDC_RX1_VOL_CTL_B2_CTL,
- -128, 127, digital_gain),
+ -84, 40, digital_gain),
SOC_SINGLE_S8_TLV("RX2 Digital Volume", LPASS_CDC_RX2_VOL_CTL_B2_CTL,
- -128, 127, digital_gain),
+ -84, 40, digital_gain),
SOC_SINGLE_S8_TLV("RX3 Digital Volume", LPASS_CDC_RX3_VOL_CTL_B2_CTL,
- -128, 127, digital_gain),
+ -84, 40, digital_gain),
SOC_SINGLE_S8_TLV("TX1 Digital Volume", LPASS_CDC_TX1_VOL_CTL_GAIN,
- -128, 127, digital_gain),
+ -84, 40, digital_gain),
SOC_SINGLE_S8_TLV("TX2 Digital Volume", LPASS_CDC_TX2_VOL_CTL_GAIN,
- -128, 127, digital_gain),
+ -84, 40, digital_gain),
SOC_ENUM("TX1 HPF Cutoff", tx1_hpf_cutoff_enum),
SOC_ENUM("TX2 HPF Cutoff", tx2_hpf_cutoff_enum),
SOC_SINGLE("TX1 HPF Switch", LPASS_CDC_TX1_MUX_CTL, 3, 1, 0),
@@ -553,22 +553,22 @@ static const struct snd_kcontrol_new msm8916_wcd_digital_snd_controls[] = {
WCD_IIR_FILTER_CTL("IIR2 Band3", IIR2, BAND3),
WCD_IIR_FILTER_CTL("IIR2 Band4", IIR2, BAND4),
WCD_IIR_FILTER_CTL("IIR2 Band5", IIR2, BAND5),
- SOC_SINGLE_SX_TLV("IIR1 INP1 Volume", LPASS_CDC_IIR1_GAIN_B1_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR1 INP2 Volume", LPASS_CDC_IIR1_GAIN_B2_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR1 INP3 Volume", LPASS_CDC_IIR1_GAIN_B3_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR1 INP4 Volume", LPASS_CDC_IIR1_GAIN_B4_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR2 INP1 Volume", LPASS_CDC_IIR2_GAIN_B1_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR2 INP2 Volume", LPASS_CDC_IIR2_GAIN_B2_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR2 INP3 Volume", LPASS_CDC_IIR2_GAIN_B3_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("IIR2 INP4 Volume", LPASS_CDC_IIR2_GAIN_B4_CTL,
- 0, -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR1 INP1 Volume", LPASS_CDC_IIR1_GAIN_B1_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR1 INP2 Volume", LPASS_CDC_IIR1_GAIN_B2_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR1 INP3 Volume", LPASS_CDC_IIR1_GAIN_B3_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR1 INP4 Volume", LPASS_CDC_IIR1_GAIN_B4_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR2 INP1 Volume", LPASS_CDC_IIR2_GAIN_B1_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR2 INP2 Volume", LPASS_CDC_IIR2_GAIN_B2_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR2 INP3 Volume", LPASS_CDC_IIR2_GAIN_B3_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("IIR2 INP4 Volume", LPASS_CDC_IIR2_GAIN_B4_CTL,
+ -84, 40, digital_gain),
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 209/389] ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 208/389] ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 210/389] profiling: fix shift too large makes kernel panic Greg Kroah-Hartman
` (184 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla, Mark Brown, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit 2fbe0953732e06b471cdedbf6f615b84235580d8 ]
move all the digital gains form using SX_TLV to S8_TLV, these gains are
actually 8 bit gains with 7th signed bit and ranges from -84dB to +40dB
rest of the Qualcomm wcd codecs uses these properly.
Fixes: 8c4f021d806a ("ASoC: wcd9335: add basic controls")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220609111901.318047-3-srinivas.kandagatla@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/wcd9335.c | 81 +++++++++++++++++---------------------
1 file changed, 36 insertions(+), 45 deletions(-)
diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
index 016aff97e2fb..c01c69613f63 100644
--- a/sound/soc/codecs/wcd9335.c
+++ b/sound/soc/codecs/wcd9335.c
@@ -2252,51 +2252,42 @@ static int wcd9335_rx_hph_mode_put(struct snd_kcontrol *kc,
static const struct snd_kcontrol_new wcd9335_snd_controls[] = {
/* -84dB min - 40dB max */
- SOC_SINGLE_SX_TLV("RX0 Digital Volume", WCD9335_CDC_RX0_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX1 Digital Volume", WCD9335_CDC_RX1_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX2 Digital Volume", WCD9335_CDC_RX2_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX3 Digital Volume", WCD9335_CDC_RX3_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX4 Digital Volume", WCD9335_CDC_RX4_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX5 Digital Volume", WCD9335_CDC_RX5_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX6 Digital Volume", WCD9335_CDC_RX6_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX7 Digital Volume", WCD9335_CDC_RX7_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX8 Digital Volume", WCD9335_CDC_RX8_RX_VOL_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX0 Mix Digital Volume",
- WCD9335_CDC_RX0_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX1 Mix Digital Volume",
- WCD9335_CDC_RX1_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX2 Mix Digital Volume",
- WCD9335_CDC_RX2_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX3 Mix Digital Volume",
- WCD9335_CDC_RX3_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX4 Mix Digital Volume",
- WCD9335_CDC_RX4_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX5 Mix Digital Volume",
- WCD9335_CDC_RX5_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX6 Mix Digital Volume",
- WCD9335_CDC_RX6_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX7 Mix Digital Volume",
- WCD9335_CDC_RX7_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
- SOC_SINGLE_SX_TLV("RX8 Mix Digital Volume",
- WCD9335_CDC_RX8_RX_VOL_MIX_CTL,
- 0, -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX0 Digital Volume", WCD9335_CDC_RX0_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX1 Digital Volume", WCD9335_CDC_RX1_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX2 Digital Volume", WCD9335_CDC_RX2_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX3 Digital Volume", WCD9335_CDC_RX3_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX4 Digital Volume", WCD9335_CDC_RX4_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX5 Digital Volume", WCD9335_CDC_RX5_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX6 Digital Volume", WCD9335_CDC_RX6_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX7 Digital Volume", WCD9335_CDC_RX7_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX8 Digital Volume", WCD9335_CDC_RX8_RX_VOL_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX0 Mix Digital Volume", WCD9335_CDC_RX0_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX1 Mix Digital Volume", WCD9335_CDC_RX1_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX2 Mix Digital Volume", WCD9335_CDC_RX2_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX3 Mix Digital Volume", WCD9335_CDC_RX3_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX4 Mix Digital Volume", WCD9335_CDC_RX4_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX5 Mix Digital Volume", WCD9335_CDC_RX5_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX6 Mix Digital Volume", WCD9335_CDC_RX6_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX7 Mix Digital Volume", WCD9335_CDC_RX7_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
+ SOC_SINGLE_S8_TLV("RX8 Mix Digital Volume", WCD9335_CDC_RX8_RX_VOL_MIX_CTL,
+ -84, 40, digital_gain),
SOC_ENUM("RX INT0_1 HPF cut off", cf_int0_1_enum),
SOC_ENUM("RX INT0_2 HPF cut off", cf_int0_2_enum),
SOC_ENUM("RX INT1_1 HPF cut off", cf_int1_1_enum),
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 210/389] profiling: fix shift too large makes kernel panic
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 209/389] ASoC: codecs: wcd9335: " Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 211/389] tty: n_gsm: fix non flow control frames during mux flow off Greg Kroah-Hartman
` (183 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Zhongjin, Andrew Morton, Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 0fe6ee8f123a4dfb529a5aff07536bb481f34043 ]
2d186afd04d6 ("profiling: fix shift-out-of-bounds bugs") limits shift
value by [0, BITS_PER_LONG -1], which means [0, 63].
However, syzbot found that the max shift value should be the bit number of
(_etext - _stext). If shift is outside of this, the "buffer_bytes" will
be zero and will cause kzalloc(0). Then the kernel panics due to
dereferencing the returned pointer 16.
This can be easily reproduced by passing a large number like 60 to enable
profiling and then run readprofile.
LOGS:
BUG: kernel NULL pointer dereference, address: 0000000000000010
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 6148067 P4D 6148067 PUD 6142067 PMD 0
PREEMPT SMP
CPU: 4 PID: 184 Comm: readprofile Not tainted 5.18.0+ #162
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:read_profile+0x104/0x220
RSP: 0018:ffffc900006fbe80 EFLAGS: 00000202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888006150000 RSI: 0000000000000001 RDI: ffffffff82aba4a0
RBP: 000000000188bb60 R08: 0000000000000010 R09: ffff888006151000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82aba4a0
R13: 0000000000000000 R14: ffffc900006fbf08 R15: 0000000000020c30
FS: 000000000188a8c0(0000) GS:ffff88803ed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000006144000 CR4: 00000000000006e0
Call Trace:
<TASK>
proc_reg_read+0x56/0x70
vfs_read+0x9a/0x1b0
ksys_read+0xa1/0xe0
? fpregs_assert_state_consistent+0x1e/0x40
do_syscall_64+0x3a/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x4d4b4e
RSP: 002b:00007ffebb668d58 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000000000188a8a0 RCX: 00000000004d4b4e
RDX: 0000000000000400 RSI: 000000000188bb60 RDI: 0000000000000003
RBP: 0000000000000003 R08: 000000000000006e R09: 0000000000000000
R10: 0000000000000041 R11: 0000000000000246 R12: 000000000188bb60
R13: 0000000000000400 R14: 0000000000000000 R15: 000000000188bb60
</TASK>
Modules linked in:
CR2: 0000000000000010
Killed
---[ end trace 0000000000000000 ]---
Check prof_len in profile_init() to prevent it be zero.
Link: https://lkml.kernel.org/r/20220531012854.229439-1-chenzhongjin@huawei.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/profile.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/profile.c b/kernel/profile.c
index e97e42aaf202..b5ce18b6f1b9 100644
--- a/kernel/profile.c
+++ b/kernel/profile.c
@@ -109,6 +109,13 @@ int __ref profile_init(void)
/* only text is profiled */
prof_len = (_etext - _stext) >> prof_shift;
+
+ if (!prof_len) {
+ pr_warn("profiling shift: %u too large\n", prof_shift);
+ prof_on = 0;
+ return -EINVAL;
+ }
+
buffer_bytes = prof_len*sizeof(atomic_t);
if (!alloc_cpumask_var(&prof_cpu_mask, GFP_KERNEL))
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 211/389] tty: n_gsm: fix non flow control frames during mux flow off
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 210/389] profiling: fix shift too large makes kernel panic Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 212/389] tty: n_gsm: fix packet re-transmission without open control channel Greg Kroah-Hartman
` (182 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Starke, Sasha Levin
From: Daniel Starke <daniel.starke@siemens.com>
[ Upstream commit bec0224816d19abe4fe503586d16d51890540615 ]
n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010.
See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516
The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to
the newer 27.010 here. Chapter 5.4.6.3.6 states that FCoff stops the
transmission on all channels except the control channel. This is already
implemented in gsm_data_kick(). However, chapter 5.4.8.1 explains that this
shall result in the same behavior as software flow control on the ldisc in
advanced option mode. That means only flow control frames shall be sent
during flow off. The current implementation does not consider this case.
Change gsm_data_kick() to send only flow control frames if constipated to
abide the standard. gsm_read_ea_val() and gsm_is_flow_ctrl_msg() are
introduced as helper functions for this.
It is planned to use gsm_read_ea_val() in later code cleanups for other
functions, too.
Fixes: c01af4fec2c8 ("n_gsm : Flow control handling in Mux driver")
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220701061652.39604-5-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 54 ++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 53 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 907a4d0784ac..cab30df61196 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -410,6 +410,27 @@ static int gsm_read_ea(unsigned int *val, u8 c)
return c & EA;
}
+/**
+ * gsm_read_ea_val - read a value until EA
+ * @val: variable holding value
+ * @data: buffer of data
+ * @dlen: length of data
+ *
+ * Processes an EA value. Updates the passed variable and
+ * returns the processed data length.
+ */
+static unsigned int gsm_read_ea_val(unsigned int *val, const u8 *data, int dlen)
+{
+ unsigned int len = 0;
+
+ for (; dlen > 0; dlen--) {
+ len++;
+ if (gsm_read_ea(val, *data++))
+ break;
+ }
+ return len;
+}
+
/**
* gsm_encode_modem - encode modem data bits
* @dlci: DLCI to encode from
@@ -657,6 +678,37 @@ static struct gsm_msg *gsm_data_alloc(struct gsm_mux *gsm, u8 addr, int len,
return m;
}
+/**
+ * gsm_is_flow_ctrl_msg - checks if flow control message
+ * @msg: message to check
+ *
+ * Returns true if the given message is a flow control command of the
+ * control channel. False is returned in any other case.
+ */
+static bool gsm_is_flow_ctrl_msg(struct gsm_msg *msg)
+{
+ unsigned int cmd;
+
+ if (msg->addr > 0)
+ return false;
+
+ switch (msg->ctrl & ~PF) {
+ case UI:
+ case UIH:
+ cmd = 0;
+ if (gsm_read_ea_val(&cmd, msg->data + 2, msg->len - 2) < 1)
+ break;
+ switch (cmd & ~PF) {
+ case CMD_FCOFF:
+ case CMD_FCON:
+ return true;
+ }
+ break;
+ }
+
+ return false;
+}
+
/**
* gsm_data_kick - poke the queue
* @gsm: GSM Mux
@@ -675,7 +727,7 @@ static void gsm_data_kick(struct gsm_mux *gsm, struct gsm_dlci *dlci)
int len;
list_for_each_entry_safe(msg, nmsg, &gsm->tx_list, list) {
- if (gsm->constipated && msg->addr)
+ if (gsm->constipated && !gsm_is_flow_ctrl_msg(msg))
continue;
if (gsm->encoding != 0) {
gsm->txframe[0] = GSM1_SOF;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 212/389] tty: n_gsm: fix packet re-transmission without open control channel
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 211/389] tty: n_gsm: fix non flow control frames during mux flow off Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 213/389] tty: n_gsm: fix race condition in gsmld_write() Greg Kroah-Hartman
` (181 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Starke, Sasha Levin
From: Daniel Starke <daniel.starke@siemens.com>
[ Upstream commit 4fae831b3a71fc5a44cc5c7d0b8c1267ee7659f5 ]
In the current implementation control packets are re-transmitted even if
the control channel closed down during T2. This is wrong.
Check whether the control channel is open before re-transmitting any
packets. Note that control channel open/close is handled by T1 and not T2
and remains unaffected by this.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220701061652.39604-7-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index cab30df61196..893d6f502c2e 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1382,7 +1382,7 @@ static void gsm_control_retransmit(struct timer_list *t)
spin_lock_irqsave(&gsm->control_lock, flags);
ctrl = gsm->pending_cmd;
if (ctrl) {
- if (gsm->cretries == 0) {
+ if (gsm->cretries == 0 || !gsm->dlci[0] || gsm->dlci[0]->dead) {
gsm->pending_cmd = NULL;
ctrl->error = -ETIMEDOUT;
ctrl->done = 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 213/389] tty: n_gsm: fix race condition in gsmld_write()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 212/389] tty: n_gsm: fix packet re-transmission without open control channel Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 214/389] remoteproc: qcom: wcnss: Fix handling of IRQs Greg Kroah-Hartman
` (180 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Starke, Sasha Levin
From: Daniel Starke <daniel.starke@siemens.com>
[ Upstream commit 32dd59f96924f45e33bc79854f7a00679c0fa28e ]
The function may be used by the user directly and also by the n_gsm
internal functions. They can lead into a race condition which results in
interleaved frames if both are writing at the same time. The receiving side
is not able to decode those interleaved frames correctly.
Add a lock around the low side tty write to avoid race conditions and frame
interleaving between user originated writes and n_gsm writes.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220701061652.39604-9-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 893d6f502c2e..186f4633fd4a 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2651,11 +2651,24 @@ static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
const unsigned char *buf, size_t nr)
{
- int space = tty_write_room(tty);
+ struct gsm_mux *gsm = tty->disc_data;
+ unsigned long flags;
+ int space;
+ int ret;
+
+ if (!gsm)
+ return -ENODEV;
+
+ ret = -ENOBUFS;
+ spin_lock_irqsave(&gsm->tx_lock, flags);
+ space = tty_write_room(tty);
if (space >= nr)
- return tty->ops->write(tty, buf, nr);
- set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
- return -ENOBUFS;
+ ret = tty->ops->write(tty, buf, nr);
+ else
+ set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
+ spin_unlock_irqrestore(&gsm->tx_lock, flags);
+
+ return ret;
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 214/389] remoteproc: qcom: wcnss: Fix handling of IRQs
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 213/389] tty: n_gsm: fix race condition in gsmld_write() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 215/389] vfio/ccw: Do not change FSM state in subchannel event Greg Kroah-Hartman
` (179 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sireesh Kodali, Bjorn Andersson, Sasha Levin
From: Sireesh Kodali <sireeshkodali1@gmail.com>
[ Upstream commit bed0adac1ded4cb486ba19a3a7e730fbd9a1c9c6 ]
The wcnss_get_irq function is expected to return a value > 0 in the
event that an IRQ is succssfully obtained, but it instead returns 0.
This causes the stop and ready IRQs to never actually be used despite
being defined in the device-tree. This patch fixes that.
Fixes: aed361adca9f ("remoteproc: qcom: Introduce WCNSS peripheral image loader")
Signed-off-by: Sireesh Kodali <sireeshkodali1@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220526141740.15834-2-sireeshkodali1@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/qcom_wcnss.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/remoteproc/qcom_wcnss.c b/drivers/remoteproc/qcom_wcnss.c
index c72f1b3b6085..18431ac09822 100644
--- a/drivers/remoteproc/qcom_wcnss.c
+++ b/drivers/remoteproc/qcom_wcnss.c
@@ -407,6 +407,7 @@ static int wcnss_request_irq(struct qcom_wcnss *wcnss,
irq_handler_t thread_fn)
{
int ret;
+ int irq_number;
ret = platform_get_irq_byname(pdev, name);
if (ret < 0 && optional) {
@@ -417,14 +418,19 @@ static int wcnss_request_irq(struct qcom_wcnss *wcnss,
return ret;
}
+ irq_number = ret;
+
ret = devm_request_threaded_irq(&pdev->dev, ret,
NULL, thread_fn,
IRQF_TRIGGER_RISING | IRQF_ONESHOT,
"wcnss", wcnss);
- if (ret)
+ if (ret) {
dev_err(&pdev->dev, "request %s IRQ failed\n", name);
+ return ret;
+ }
- return ret;
+ /* Return the IRQ number if the IRQ was successfully acquired */
+ return irq_number;
}
static int wcnss_alloc_memory_region(struct qcom_wcnss *wcnss)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 215/389] vfio/ccw: Do not change FSM state in subchannel event
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 214/389] remoteproc: qcom: wcnss: Fix handling of IRQs Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 216/389] tty: n_gsm: fix wrong T1 retry count handling Greg Kroah-Hartman
` (178 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Farman, Matthew Rosato,
Alex Williamson, Sasha Levin
From: Eric Farman <farman@linux.ibm.com>
[ Upstream commit cffcc109fd682075dee79bade3d60a07152a8fd1 ]
The routine vfio_ccw_sch_event() is tasked with handling subchannel events,
specifically machine checks, on behalf of vfio-ccw. It correctly calls
cio_update_schib(), and if that fails (meaning the subchannel is gone)
it makes an FSM event call to mark the subchannel Not Operational.
If that worked, however, then it decides that if the FSM state was already
Not Operational (implying the subchannel just came back), then it should
simply change the FSM to partially- or fully-open.
Remove this trickery, since a subchannel returning will require more
probing than simply "oh all is well again" to ensure it works correctly.
Fixes: bbe37e4cb8970 ("vfio: ccw: introduce a finite state machine")
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Link: https://lore.kernel.org/r/20220707135737.720765-4-farman@linux.ibm.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/cio/vfio_ccw_drv.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/drivers/s390/cio/vfio_ccw_drv.c b/drivers/s390/cio/vfio_ccw_drv.c
index fd590d1cffc1..d42e5a307437 100644
--- a/drivers/s390/cio/vfio_ccw_drv.c
+++ b/drivers/s390/cio/vfio_ccw_drv.c
@@ -247,19 +247,11 @@ static int vfio_ccw_sch_event(struct subchannel *sch, int process)
if (work_pending(&sch->todo_work))
goto out_unlock;
- if (cio_update_schib(sch)) {
- vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_NOT_OPER);
- rc = 0;
- goto out_unlock;
- }
-
- private = dev_get_drvdata(&sch->dev);
- if (private->state == VFIO_CCW_STATE_NOT_OPER) {
- private->state = private->mdev ? VFIO_CCW_STATE_IDLE :
- VFIO_CCW_STATE_STANDBY;
- }
rc = 0;
+ if (cio_update_schib(sch))
+ vfio_ccw_fsm_event(private, VFIO_CCW_EVENT_NOT_OPER);
+
out_unlock:
spin_unlock_irqrestore(sch->lock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 216/389] tty: n_gsm: fix wrong T1 retry count handling
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 215/389] vfio/ccw: Do not change FSM state in subchannel event Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 217/389] tty: n_gsm: fix DM command Greg Kroah-Hartman
` (177 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Starke, Sasha Levin
From: Daniel Starke <daniel.starke@siemens.com>
[ Upstream commit f30e10caa80aa1f35508bc17fc302dbbde9a833c ]
n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010.
See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516
The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to
the newer 27.010 here. Chapter 5.7.3 states that the valid range for the
maximum number of retransmissions (N2) is from 0 to 255 (both including).
gsm_dlci_t1() handles this number incorrectly by performing N2 - 1
retransmission attempts. Setting N2 to zero results in more than 255
retransmission attempts.
Fix gsm_dlci_t1() to comply with 3GPP 27.010.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220707113223.3685-1-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 186f4633fd4a..f4b5ac840222 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1534,8 +1534,8 @@ static void gsm_dlci_t1(struct timer_list *t)
switch (dlci->state) {
case DLCI_OPENING:
- dlci->retries--;
if (dlci->retries) {
+ dlci->retries--;
gsm_command(dlci->gsm, dlci->addr, SABM|PF);
mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
} else if (!dlci->addr && gsm->control == (DM | PF)) {
@@ -1550,8 +1550,8 @@ static void gsm_dlci_t1(struct timer_list *t)
break;
case DLCI_CLOSING:
- dlci->retries--;
if (dlci->retries) {
+ dlci->retries--;
gsm_command(dlci->gsm, dlci->addr, DISC|PF);
mod_timer(&dlci->t1, jiffies + gsm->t1 * HZ / 100);
} else
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 217/389] tty: n_gsm: fix DM command
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 216/389] tty: n_gsm: fix wrong T1 retry count handling Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 218/389] tty: n_gsm: fix missing corner cases in gsmld_poll() Greg Kroah-Hartman
` (176 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Starke, Sasha Levin
From: Daniel Starke <daniel.starke@siemens.com>
[ Upstream commit 18a948c7d90995d127785e308fa7b701df4c499f ]
n_gsm is based on the 3GPP 07.010 and its newer version is the 3GPP 27.010.
See https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=1516
The changes from 07.010 to 27.010 are non-functional. Therefore, I refer to
the newer 27.010 here. Chapter 5.3.3 defines the DM response. There exists
no DM command. However, the current implementation incorrectly sends DM as
command in case of unexpected UIH frames in gsm_queue().
Correct this behavior by always sending DM as response.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220707113223.3685-2-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index f4b5ac840222..39b6bcdc2c55 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -1894,7 +1894,7 @@ static void gsm_queue(struct gsm_mux *gsm)
goto invalid;
#endif
if (dlci == NULL || dlci->state != DLCI_OPEN) {
- gsm_command(gsm, address, DM|PF);
+ gsm_response(gsm, address, DM|PF);
return;
}
dlci->data(dlci, gsm->buf, gsm->len);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 218/389] tty: n_gsm: fix missing corner cases in gsmld_poll()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 217/389] tty: n_gsm: fix DM command Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 219/389] iommu/exynos: Handle failed IOMMU device registration properly Greg Kroah-Hartman
` (175 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Daniel Starke, Sasha Levin
From: Daniel Starke <daniel.starke@siemens.com>
[ Upstream commit 7e5b4322cde067e1d0f1bf8f490e93f664a7c843 ]
gsmld_poll() currently fails to handle the following corner cases correctly:
- remote party closed the associated tty
Add the missing checks and map those to EPOLLHUP.
Reorder the checks to group them by their reaction.
Fixes: e1eaea46bb40 ("tty: n_gsm line discipline")
Signed-off-by: Daniel Starke <daniel.starke@siemens.com>
Link: https://lore.kernel.org/r/20220707113223.3685-4-daniel.starke@siemens.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_gsm.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 39b6bcdc2c55..22da64453054 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2693,12 +2693,15 @@ static __poll_t gsmld_poll(struct tty_struct *tty, struct file *file,
poll_wait(file, &tty->read_wait, wait);
poll_wait(file, &tty->write_wait, wait);
+
+ if (gsm->dead)
+ mask |= EPOLLHUP;
if (tty_hung_up_p(file))
mask |= EPOLLHUP;
+ if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
+ mask |= EPOLLHUP;
if (!tty_is_writelocked(tty) && tty_write_room(tty) > 0)
mask |= EPOLLOUT | EPOLLWRNORM;
- if (gsm->dead)
- mask |= EPOLLHUP;
return mask;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 219/389] iommu/exynos: Handle failed IOMMU device registration properly
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 218/389] tty: n_gsm: fix missing corner cases in gsmld_poll() Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 220/389] rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge Greg Kroah-Hartman
` (174 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sam Protsenko, Krzysztof Kozlowski,
Marek Szyprowski, Joerg Roedel, Sasha Levin
From: Sam Protsenko <semen.protsenko@linaro.org>
[ Upstream commit fce398d2d02c0a9a2bedf7c7201b123e153e8963 ]
If iommu_device_register() fails in exynos_sysmmu_probe(), the previous
calls have to be cleaned up. In this case, the iommu_device_sysfs_add()
should be cleaned up, by calling its remove counterpart call.
Fixes: d2c302b6e8b1 ("iommu/exynos: Make use of iommu_device_register interface")
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20220714165550.8884-3-semen.protsenko@linaro.org
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/exynos-iommu.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c
index 55ed857f804f..31a9b9885653 100644
--- a/drivers/iommu/exynos-iommu.c
+++ b/drivers/iommu/exynos-iommu.c
@@ -635,7 +635,7 @@ static int exynos_sysmmu_probe(struct platform_device *pdev)
ret = iommu_device_register(&data->iommu);
if (ret)
- return ret;
+ goto err_iommu_register;
platform_set_drvdata(pdev, data);
@@ -662,6 +662,10 @@ static int exynos_sysmmu_probe(struct platform_device *pdev)
pm_runtime_enable(dev);
return 0;
+
+err_iommu_register:
+ iommu_device_sysfs_remove(&data->iommu);
+ return ret;
}
static int __maybe_unused exynos_sysmmu_suspend(struct device *dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 220/389] rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 219/389] iommu/exynos: Handle failed IOMMU device registration properly Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 221/389] kfifo: fix kfifo_to_user() return type Greg Kroah-Hartman
` (173 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Bjorn Andersson, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 65382585f067d4256ba087934f30f85c9b6984de ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220511120737.57374-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_smd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c
index a4db9f6100d2..0b1e853d8c91 100644
--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1364,6 +1364,7 @@ static int qcom_smd_parse_edge(struct device *dev,
}
edge->ipc_regmap = syscon_node_to_regmap(syscon_np);
+ of_node_put(syscon_np);
if (IS_ERR(edge->ipc_regmap)) {
ret = PTR_ERR(edge->ipc_regmap);
goto put_node;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 221/389] kfifo: fix kfifo_to_user() return type
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 220/389] rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge Greg Kroah-Hartman
@ 2022-08-23 8:24 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 222/389] mfd: t7l66xb: Drop platform disable callback Greg Kroah-Hartman
` (172 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:24 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Stefani Seibold,
Randy Dunlap, Andrew Morton, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 045ed31e23aea840648c290dbde04797064960db ]
The kfifo_to_user() macro is supposed to return zero for success or
negative error codes. Unfortunately, there is a signedness bug so it
returns unsigned int. This only affects callers which try to save the
result in ssize_t and as far as I can see the only place which does that
is line6_hwdep_read().
TL;DR: s/_uint/_int/.
Link: https://lkml.kernel.org/r/YrVL3OJVLlNhIMFs@kili
Fixes: 144ecf310eb5 ("kfifo: fix kfifo_alloc() to return a signed int value")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Stefani Seibold <stefani@seibold.net>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/kfifo.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/kfifo.h b/include/linux/kfifo.h
index fc4b0b10210f..d3e0f9dc2587 100644
--- a/include/linux/kfifo.h
+++ b/include/linux/kfifo.h
@@ -615,7 +615,7 @@ __kfifo_uint_must_check_helper( \
* writer, you don't need extra locking to use these macro.
*/
#define kfifo_to_user(fifo, to, len, copied) \
-__kfifo_uint_must_check_helper( \
+__kfifo_int_must_check_helper( \
({ \
typeof((fifo) + 1) __tmp = (fifo); \
void __user *__to = (to); \
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 222/389] mfd: t7l66xb: Drop platform disable callback
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-08-23 8:24 ` [PATCH 5.4 221/389] kfifo: fix kfifo_to_user() return type Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 223/389] mfd: max77620: Fix refcount leak in max77620_initialise_fps Greg Kroah-Hartman
` (171 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König, Lee Jones,
Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 128ac294e1b437cb8a7f2ff8ede1cde9082bddbe ]
None of the in-tree instantiations of struct t7l66xb_platform_data
provides a disable callback. So better don't dereference this function
pointer unconditionally. As there is no user, drop it completely instead
of calling it conditional.
This is a preparation for making platform remove callbacks return void.
Fixes: 1f192015ca5b ("mfd: driver for the T7L66XB TMIO SoC")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220530192430.2108217-3-u.kleine-koenig@pengutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/t7l66xb.c | 6 +-----
include/linux/mfd/t7l66xb.h | 1 -
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/mfd/t7l66xb.c b/drivers/mfd/t7l66xb.c
index 70da0c4ae457..58811c5ab564 100644
--- a/drivers/mfd/t7l66xb.c
+++ b/drivers/mfd/t7l66xb.c
@@ -405,11 +405,8 @@ static int t7l66xb_probe(struct platform_device *dev)
static int t7l66xb_remove(struct platform_device *dev)
{
- struct t7l66xb_platform_data *pdata = dev_get_platdata(&dev->dev);
struct t7l66xb *t7l66xb = platform_get_drvdata(dev);
- int ret;
- ret = pdata->disable(dev);
clk_disable_unprepare(t7l66xb->clk48m);
clk_put(t7l66xb->clk48m);
clk_disable_unprepare(t7l66xb->clk32k);
@@ -420,8 +417,7 @@ static int t7l66xb_remove(struct platform_device *dev)
mfd_remove_devices(&dev->dev);
kfree(t7l66xb);
- return ret;
-
+ return 0;
}
static struct platform_driver t7l66xb_platform_driver = {
diff --git a/include/linux/mfd/t7l66xb.h b/include/linux/mfd/t7l66xb.h
index 69632c1b07bd..ae3e7a5c5219 100644
--- a/include/linux/mfd/t7l66xb.h
+++ b/include/linux/mfd/t7l66xb.h
@@ -12,7 +12,6 @@
struct t7l66xb_platform_data {
int (*enable)(struct platform_device *dev);
- int (*disable)(struct platform_device *dev);
int (*suspend)(struct platform_device *dev);
int (*resume)(struct platform_device *dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 223/389] mfd: max77620: Fix refcount leak in max77620_initialise_fps
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 222/389] mfd: t7l66xb: Drop platform disable callback Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 224/389] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
` (170 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Krzysztof Kozlowski,
Lee Jones, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 1520669c8255bd637c6b248b2be910e2688d38dd ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 327156c59360 ("mfd: max77620: Add core driver for MAX77620/MAX20024")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20220601043222.64441-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/max77620.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mfd/max77620.c b/drivers/mfd/max77620.c
index a851ff473a44..2bf5bcbc8852 100644
--- a/drivers/mfd/max77620.c
+++ b/drivers/mfd/max77620.c
@@ -418,9 +418,11 @@ static int max77620_initialise_fps(struct max77620_chip *chip)
ret = max77620_config_fps(chip, fps_child);
if (ret < 0) {
of_node_put(fps_child);
+ of_node_put(fps_np);
return ret;
}
}
+ of_node_put(fps_np);
config = chip->enable_global_lpm ? MAX77620_ONOFFCNFG2_SLP_LPM_MSK : 0;
ret = regmap_update_bits(chip->rmap, MAX77620_REG_ONOFFCNFG2,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 224/389] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 223/389] mfd: max77620: Fix refcount leak in max77620_initialise_fps Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 225/389] s390/zcore: fix race when reading from hardware system area Greg Kroah-Hartman
` (169 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Will Deacon, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit a91eb6803c1c715738682fece095145cbd68fe0b ]
In qcom_iommu_has_secure_context(), we should call of_node_put()
for the reference 'child' when breaking out of for_each_child_of_node()
which will automatically increase and decrease the refcount.
Fixes: d051f28c8807 ("iommu/qcom: Initialize secure page table")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220719124955.1242171-1-windhl@126.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/qcom_iommu.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/iommu/qcom_iommu.c b/drivers/iommu/qcom_iommu.c
index 280de92b332e..b6e546b62a7c 100644
--- a/drivers/iommu/qcom_iommu.c
+++ b/drivers/iommu/qcom_iommu.c
@@ -785,9 +785,12 @@ static bool qcom_iommu_has_secure_context(struct qcom_iommu_dev *qcom_iommu)
{
struct device_node *child;
- for_each_child_of_node(qcom_iommu->dev->of_node, child)
- if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec"))
+ for_each_child_of_node(qcom_iommu->dev->of_node, child) {
+ if (of_device_is_compatible(child, "qcom,msm-iommu-v1-sec")) {
+ of_node_put(child);
return true;
+ }
+ }
return false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 225/389] s390/zcore: fix race when reading from hardware system area
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 224/389] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 226/389] ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() Greg Kroah-Hartman
` (168 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthew Wilcox, Heiko Carstens,
Alexander Egorenkov, Alexander Gordeev, Sasha Levin
From: Alexander Gordeev <agordeev@linux.ibm.com>
[ Upstream commit 9ffed254d938c9e99eb7761c7f739294c84e0367 ]
Memory buffer used for reading out data from hardware system
area is not protected against concurrent access.
Reported-by: Matthew Wilcox <willy@infradead.org>
Fixes: 411ed3225733 ("[S390] zfcpdump support.")
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Tested-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Link: https://lore.kernel.org/r/e68137f0f9a0d2558f37becc20af18e2939934f6.1658206891.git.agordeev@linux.ibm.com
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/char/zcore.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/s390/char/zcore.c b/drivers/s390/char/zcore.c
index 08f812475f5e..c9d172510509 100644
--- a/drivers/s390/char/zcore.c
+++ b/drivers/s390/char/zcore.c
@@ -53,6 +53,7 @@ static struct dentry *zcore_reipl_file;
static struct dentry *zcore_hsa_file;
static struct ipl_parameter_block *zcore_ipl_block;
+static DEFINE_MUTEX(hsa_buf_mutex);
static char hsa_buf[PAGE_SIZE] __aligned(PAGE_SIZE);
/*
@@ -69,19 +70,24 @@ int memcpy_hsa_user(void __user *dest, unsigned long src, size_t count)
if (!hsa_available)
return -ENODATA;
+ mutex_lock(&hsa_buf_mutex);
while (count) {
if (sclp_sdias_copy(hsa_buf, src / PAGE_SIZE + 2, 1)) {
TRACE("sclp_sdias_copy() failed\n");
+ mutex_unlock(&hsa_buf_mutex);
return -EIO;
}
offset = src % PAGE_SIZE;
bytes = min(PAGE_SIZE - offset, count);
- if (copy_to_user(dest, hsa_buf + offset, bytes))
+ if (copy_to_user(dest, hsa_buf + offset, bytes)) {
+ mutex_unlock(&hsa_buf_mutex);
return -EFAULT;
+ }
src += bytes;
dest += bytes;
count -= bytes;
}
+ mutex_unlock(&hsa_buf_mutex);
return 0;
}
@@ -99,9 +105,11 @@ int memcpy_hsa_kernel(void *dest, unsigned long src, size_t count)
if (!hsa_available)
return -ENODATA;
+ mutex_lock(&hsa_buf_mutex);
while (count) {
if (sclp_sdias_copy(hsa_buf, src / PAGE_SIZE + 2, 1)) {
TRACE("sclp_sdias_copy() failed\n");
+ mutex_unlock(&hsa_buf_mutex);
return -EIO;
}
offset = src % PAGE_SIZE;
@@ -111,6 +119,7 @@ int memcpy_hsa_kernel(void *dest, unsigned long src, size_t count)
dest += bytes;
count -= bytes;
}
+ mutex_unlock(&hsa_buf_mutex);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 226/389] ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 225/389] s390/zcore: fix race when reading from hardware system area Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 227/389] fuse: Remove the control interface for virtio-fs Greg Kroah-Hartman
` (167 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Mark Brown, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 673f58f62ca6fc98979d1cf3fe89c3ff33f29b2e ]
find_first_zero_bit() returns MAX_COPPS_PER_PORT at max here.
So 'idx' should be tested with ">=" or the test can't match.
Fixes: 7b20b2be51e1 ("ASoC: qdsp6: q6adm: Add q6adm driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/0fca3271649736053eb9649d87e1ca01b056be40.1658394124.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/qcom/qdsp6/q6adm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/qcom/qdsp6/q6adm.c b/sound/soc/qcom/qdsp6/q6adm.c
index da242515e146..8e3539941fad 100644
--- a/sound/soc/qcom/qdsp6/q6adm.c
+++ b/sound/soc/qcom/qdsp6/q6adm.c
@@ -217,7 +217,7 @@ static struct q6copp *q6adm_alloc_copp(struct q6adm *adm, int port_idx)
idx = find_first_zero_bit(&adm->copp_bitmap[port_idx],
MAX_COPPS_PER_PORT);
- if (idx > MAX_COPPS_PER_PORT)
+ if (idx >= MAX_COPPS_PER_PORT)
return ERR_PTR(-EBUSY);
c = kzalloc(sizeof(*c), GFP_ATOMIC);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 227/389] fuse: Remove the control interface for virtio-fs
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 226/389] ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 228/389] ASoC: audio-graph-card: Add of_node_put() in fail path Greg Kroah-Hartman
` (166 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xie Yongji, Miklos Szeredi, Sasha Levin
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit c64797809a64c73497082aa05e401a062ec1af34 ]
The commit 15c8e72e88e0 ("fuse: allow skipping control interface and forced
unmount") tries to remove the control interface for virtio-fs since it does
not support aborting requests which are being processed. But it doesn't
work now.
This patch fixes it by skipping creating the control interface if
fuse_conn->no_control is set.
Fixes: 15c8e72e88e0 ("fuse: allow skipping control interface and forced unmount")
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/control.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/control.c b/fs/fuse/control.c
index c23f6f243ad4..2742d74cedda 100644
--- a/fs/fuse/control.c
+++ b/fs/fuse/control.c
@@ -265,7 +265,7 @@ int fuse_ctl_add_conn(struct fuse_conn *fc)
struct dentry *parent;
char name[32];
- if (!fuse_control_sb)
+ if (!fuse_control_sb || fc->no_control)
return 0;
parent = fuse_control_sb->s_root;
@@ -303,7 +303,7 @@ void fuse_ctl_remove_conn(struct fuse_conn *fc)
{
int i;
- if (!fuse_control_sb)
+ if (!fuse_control_sb || fc->no_control)
return;
for (i = fc->ctl_ndents - 1; i >= 0; i--) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 228/389] ASoC: audio-graph-card: Add of_node_put() in fail path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 227/389] fuse: Remove the control interface for virtio-fs Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 229/389] watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() Greg Kroah-Hartman
` (165 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Mark Brown, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 65fb8e2ef3531a6e950060fca6e551c923fb0f0e ]
In asoc_simple_parse_dai(), we should call of_node_put() for the
reference returned by of_graph_get_port_parent() in fail path.
Fixes: ae30a694da4c ("ASoC: simple-card-utils: add asoc_simple_card_parse_dai()")
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220721144308.1301587-1-windhl@126.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/generic/audio-graph-card.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/soc/generic/audio-graph-card.c b/sound/soc/generic/audio-graph-card.c
index 1bc498124689..96aa2c015572 100644
--- a/sound/soc/generic/audio-graph-card.c
+++ b/sound/soc/generic/audio-graph-card.c
@@ -149,8 +149,10 @@ static int asoc_simple_parse_dai(struct device_node *ep,
* if he unbinded CPU or Codec.
*/
ret = snd_soc_get_dai_name(&args, &dlc->dai_name);
- if (ret < 0)
+ if (ret < 0) {
+ of_node_put(node);
return ret;
+ }
dlc->of_node = node;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 229/389] watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 228/389] ASoC: audio-graph-card: Add of_node_put() in fail path Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 230/389] video: fbdev: amba-clcd: Fix refcount leak bugs Greg Kroah-Hartman
` (164 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hacash Robot, William Dean,
Marek Beh=C3=BAn, Guenter Roeck, Wim Van Sebroeck, Sasha Levin
From: William Dean <williamsukatube@gmail.com>
[ Upstream commit 2d27e52841092e5831dd41f313028c668d816eb0 ]
The function devm_ioremap() in armada_37xx_wdt_probe() can fail, so
its return value should be checked.
Fixes: 54e3d9b518c8a ("watchdog: Add support for Armada 37xx CPU watchdog")
Reported-by: Hacash Robot <hacashRobot@santino.com>
Signed-off-by: William Dean <williamsukatube@gmail.com>
Reviewed-by: Marek Beh=C3=BAn <kabel@kernel.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220722030938.2925156-1-williamsukatube@163.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/armada_37xx_wdt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/watchdog/armada_37xx_wdt.c b/drivers/watchdog/armada_37xx_wdt.c
index e5dcb26d85f0..dcb3ffda3fad 100644
--- a/drivers/watchdog/armada_37xx_wdt.c
+++ b/drivers/watchdog/armada_37xx_wdt.c
@@ -274,6 +274,8 @@ static int armada_37xx_wdt_probe(struct platform_device *pdev)
if (!res)
return -ENODEV;
dev->reg = devm_ioremap(&pdev->dev, res->start, resource_size(res));
+ if (!dev->reg)
+ return -ENOMEM;
/* init clock */
dev->clk = devm_clk_get(&pdev->dev, NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 230/389] video: fbdev: amba-clcd: Fix refcount leak bugs
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 229/389] watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 231/389] video: fbdev: sis: fix typos in SiS_GetModeID() Greg Kroah-Hartman
` (163 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Helge Deller, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 26c2b7d9fac42eb8317f3ceefa4c1a9a9170ca69 ]
In clcdfb_of_init_display(), we should call of_node_put() for the
references returned by of_graph_get_next_endpoint() and
of_graph_get_remote_port_parent() which have increased the refcount.
Besides, we should call of_node_put() both in fail path or when
the references are not used anymore.
Fixes: d10715be03bd ("video: ARM CLCD: Add DT support")
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/amba-clcd.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/drivers/video/fbdev/amba-clcd.c b/drivers/video/fbdev/amba-clcd.c
index 3b7a7c74bf0a..09774ada36fb 100644
--- a/drivers/video/fbdev/amba-clcd.c
+++ b/drivers/video/fbdev/amba-clcd.c
@@ -714,16 +714,18 @@ static int clcdfb_of_init_display(struct clcd_fb *fb)
return -ENODEV;
panel = of_graph_get_remote_port_parent(endpoint);
- if (!panel)
- return -ENODEV;
+ if (!panel) {
+ err = -ENODEV;
+ goto out_endpoint_put;
+ }
err = clcdfb_of_get_backlight(panel, fb->panel);
if (err)
- return err;
+ goto out_panel_put;
err = clcdfb_of_get_mode(&fb->dev->dev, panel, fb->panel);
if (err)
- return err;
+ goto out_panel_put;
err = of_property_read_u32(fb->dev->dev.of_node, "max-memory-bandwidth",
&max_bandwidth);
@@ -752,11 +754,21 @@ static int clcdfb_of_init_display(struct clcd_fb *fb)
if (of_property_read_u32_array(endpoint,
"arm,pl11x,tft-r0g0b0-pads",
- tft_r0b0g0, ARRAY_SIZE(tft_r0b0g0)) != 0)
- return -ENOENT;
+ tft_r0b0g0, ARRAY_SIZE(tft_r0b0g0)) != 0) {
+ err = -ENOENT;
+ goto out_panel_put;
+ }
+
+ of_node_put(panel);
+ of_node_put(endpoint);
return clcdfb_of_init_tft_panel(fb, tft_r0b0g0[0],
tft_r0b0g0[1], tft_r0b0g0[2]);
+out_panel_put:
+ of_node_put(panel);
+out_endpoint_put:
+ of_node_put(endpoint);
+ return err;
}
static int clcdfb_of_vram_setup(struct clcd_fb *fb)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 231/389] video: fbdev: sis: fix typos in SiS_GetModeID()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 230/389] video: fbdev: amba-clcd: Fix refcount leak bugs Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 232/389] powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 Greg Kroah-Hartman
` (162 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Rustam Subkhankulov, Helge Deller,
Sasha Levin
From: Rustam Subkhankulov <subkhankulov@ispras.ru>
[ Upstream commit 3eb8fccc244bfb41a7961969e4db280d44911226 ]
The second operand of a '&&' operator has no impact on expression
result for cases 400 and 512 in SiS_GetModeID().
Judging by the logic and the names of the variables, in both cases a
typo was made.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Rustam Subkhankulov <subkhankulov@ispras.ru>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/sis/init.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/sis/init.c b/drivers/video/fbdev/sis/init.c
index fde27feae5d0..d6b2ce95a859 100644
--- a/drivers/video/fbdev/sis/init.c
+++ b/drivers/video/fbdev/sis/init.c
@@ -355,12 +355,12 @@ SiS_GetModeID(int VGAEngine, unsigned int VBFlags, int HDisplay, int VDisplay,
}
break;
case 400:
- if((!(VBFlags & CRT1_LCDA)) || ((LCDwidth >= 800) && (LCDwidth >= 600))) {
+ if((!(VBFlags & CRT1_LCDA)) || ((LCDwidth >= 800) && (LCDheight >= 600))) {
if(VDisplay == 300) ModeIndex = ModeIndex_400x300[Depth];
}
break;
case 512:
- if((!(VBFlags & CRT1_LCDA)) || ((LCDwidth >= 1024) && (LCDwidth >= 768))) {
+ if((!(VBFlags & CRT1_LCDA)) || ((LCDwidth >= 1024) && (LCDheight >= 768))) {
if(VDisplay == 384) ModeIndex = ModeIndex_512x384[Depth];
}
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 232/389] powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 231/389] video: fbdev: sis: fix typos in SiS_GetModeID() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 233/389] powerpc/pci: Prefer PCI domain assignment via DT linux,pci-domain and alias Greg Kroah-Hartman
` (161 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Michael Ellerman,
Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 9be013b2a9ecb29b5168e4b9db0e48ed53acf37c ]
Commit 0e00a8c9fd92 ("powerpc: Allow CPU selection also on PPC32")
enlarged the CPU selection logic to PPC32 by removing depend to
PPC64, and failed to restrict that depend to E5500_CPU and E6500_CPU.
Fortunately that got unnoticed because -mcpu=8540 will override the
-mcpu=e500mc64 or -mpcu=e6500 as they are ealier, but that's
fragile and may no be right in the future.
Add back the depend PPC64 on E5500_CPU and E6500_CPU.
Fixes: 0e00a8c9fd92 ("powerpc: Allow CPU selection also on PPC32")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/8abab4888da69ff78b73a56f64d9678a7bf684e9.1657549153.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/Kconfig.cputype | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index f0330ce498d1..a9b20aa1dfd4 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -151,11 +151,11 @@ config POWER9_CPU
config E5500_CPU
bool "Freescale e5500"
- depends on E500
+ depends on PPC64 && E500
config E6500_CPU
bool "Freescale e6500"
- depends on E500
+ depends on PPC64 && E500
config 860_CPU
bool "8xx family"
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 233/389] powerpc/pci: Prefer PCI domain assignment via DT linux,pci-domain and alias
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 232/389] powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 234/389] powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader Greg Kroah-Hartman
` (160 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman,
Sasha Levin
From: Pali Rohár <pali@kernel.org>
[ Upstream commit 0fe1e96fef0a5c53b4c0d1500d356f3906000f81 ]
Other Linux architectures use DT property 'linux,pci-domain' for
specifying fixed PCI domain of PCI controller specified in Device-Tree.
And lot of Freescale powerpc boards have defined numbered pci alias in
Device-Tree for every PCIe controller which number specify preferred PCI
domain.
So prefer usage of DT property 'linux,pci-domain' (via function
of_get_pci_domain_nr()) and DT pci alias (via function
of_alias_get_id()) on powerpc architecture for assigning PCI domain to
PCI controller.
Fixes: 63a72284b159 ("powerpc/pci: Assign fixed PHB number based on device-tree properties")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220706102148.5060-2-pali@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/pci-common.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
index a2c258a8d736..1e827e3769a8 100644
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -73,16 +73,30 @@ void set_pci_dma_ops(const struct dma_map_ops *dma_ops)
static int get_phb_number(struct device_node *dn)
{
int ret, phb_id = -1;
- u32 prop_32;
u64 prop;
/*
* Try fixed PHB numbering first, by checking archs and reading
- * the respective device-tree properties. Firstly, try powernv by
- * reading "ibm,opal-phbid", only present in OPAL environment.
+ * the respective device-tree properties. Firstly, try reading
+ * standard "linux,pci-domain", then try reading "ibm,opal-phbid"
+ * (only present in powernv OPAL environment), then try device-tree
+ * alias and as the last try to use lower bits of "reg" property.
*/
- ret = of_property_read_u64(dn, "ibm,opal-phbid", &prop);
+ ret = of_get_pci_domain_nr(dn);
+ if (ret >= 0) {
+ prop = ret;
+ ret = 0;
+ }
+ if (ret)
+ ret = of_property_read_u64(dn, "ibm,opal-phbid", &prop);
+ if (ret)
+ ret = of_alias_get_id(dn, "pci");
+ if (ret >= 0) {
+ prop = ret;
+ ret = 0;
+ }
if (ret) {
+ u32 prop_32;
ret = of_property_read_u32_index(dn, "reg", 1, &prop_32);
prop = prop_32;
}
@@ -94,10 +108,7 @@ static int get_phb_number(struct device_node *dn)
if ((phb_id >= 0) && !test_and_set_bit(phb_id, phb_bitmap))
return phb_id;
- /*
- * If not pseries nor powernv, or if fixed PHB numbering tried to add
- * the same PHB number twice, then fallback to dynamic PHB numbering.
- */
+ /* If everything fails then fallback to dynamic PHB numbering. */
phb_id = find_first_zero_bit(phb_bitmap, MAX_PHBS);
BUG_ON(phb_id >= MAX_PHBS);
set_bit(phb_id, phb_bitmap);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 234/389] powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 233/389] powerpc/pci: Prefer PCI domain assignment via DT linux,pci-domain and alias Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 235/389] powerpc/xive: Fix refcount leak in xive_get_max_prio Greg Kroah-Hartman
` (159 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Arnd Bergmann,
Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 6ac059dacffa8ab2f7798f20e4bd3333890c541c ]
of_find_node_by_path() returns remote device nodepointer with
refcount incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 0afacde3df4c ("[POWERPC] spufs: allow isolated mode apps by starting the SPE loader")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220603121543.22884-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/cell/spufs/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c
index 2dd452a047cd..99e688498a9c 100644
--- a/arch/powerpc/platforms/cell/spufs/inode.c
+++ b/arch/powerpc/platforms/cell/spufs/inode.c
@@ -671,6 +671,7 @@ spufs_init_isolated_loader(void)
return;
loader = of_get_property(dn, "loader", &size);
+ of_node_put(dn);
if (!loader)
return;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 235/389] powerpc/xive: Fix refcount leak in xive_get_max_prio
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 234/389] powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 236/389] powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address Greg Kroah-Hartman
` (158 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 255b650cbec6849443ce2e0cdd187fd5e61c218c ]
of_find_node_by_path() returns a node pointer with
refcount incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: eac1e731b59e ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220605053225.56125-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/sysdev/xive/spapr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/sysdev/xive/spapr.c b/arch/powerpc/sysdev/xive/spapr.c
index 3f15615712b5..b21d71badaec 100644
--- a/arch/powerpc/sysdev/xive/spapr.c
+++ b/arch/powerpc/sysdev/xive/spapr.c
@@ -683,6 +683,7 @@ static bool xive_get_max_prio(u8 *max_prio)
}
reg = of_get_property(rootdn, "ibm,plat-res-int-priorities", &len);
+ of_node_put(rootdn);
if (!reg) {
pr_err("Failed to read 'ibm,plat-res-int-priorities' property\n");
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 236/389] powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 235/389] powerpc/xive: Fix refcount leak in xive_get_max_prio Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 237/389] perf symbol: Fail to read phdr workaround Greg Kroah-Hartman
` (157 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Michael Ellerman, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit df5d4b616ee76abc97e5bd348e22659c2b095b1c ]
of_get_next_parent() returns a node pointer with refcount incremented,
we should use of_node_put() on it when not need anymore.
Add missing of_node_put() in the error path to avoid refcount leak.
Fixes: ce21b3c9648a ("[CELL] add support for MSI on Axon-based Cell systems")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220605065129.63906-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/cell/axon_msi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/platforms/cell/axon_msi.c b/arch/powerpc/platforms/cell/axon_msi.c
index 57c4e0e86c88..ba33140e671d 100644
--- a/arch/powerpc/platforms/cell/axon_msi.c
+++ b/arch/powerpc/platforms/cell/axon_msi.c
@@ -226,6 +226,7 @@ static int setup_msi_msg_address(struct pci_dev *dev, struct msi_msg *msg)
if (!prop) {
dev_dbg(&dev->dev,
"axon_msi: no msi-address-(32|64) properties found\n");
+ of_node_put(dn);
return -ENOENT;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 237/389] perf symbol: Fail to read phdr workaround
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 236/389] powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 238/389] kprobes: Forbid probing on trampoline and BPF code areas Greg Kroah-Hartman
` (156 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leo Yan, Ian Rogers,
Alexander Shishkin, Jiri Olsa, Mark Rutland, Namhyung Kim,
Peter Zijlstra, Stephane Eranian, Arnaldo Carvalho de Melo,
Sasha Levin
From: Ian Rogers <irogers@google.com>
[ Upstream commit 6d518ac7be6223811ab947897273b1bbef846180 ]
The perf jvmti agent doesn't create program headers, in this case
fallback on section headers as happened previously.
Committer notes:
To test this, from a public post by Ian:
1) download a Java workload dacapo-9.12-MR1-bach.jar from
https://sourceforge.net/projects/dacapobench/
2) build perf such as "make -C tools/perf O=/tmp/perf NO_LIBBFD=1" it
should detect Java and create /tmp/perf/libperf-jvmti.so
3) run perf with the jvmti agent:
perf record -k 1 java -agentpath:/tmp/perf/libperf-jvmti.so -jar dacapo-9.12-MR1-bach.jar -n 10 fop
4) run perf inject:
perf inject -i perf.data -o perf-injected.data -j
5) run perf report
perf report -i perf-injected.data | grep org.apache.fop
With this patch reverted I see lots of symbols like:
0.00% java jitted-388040-4656.so [.] org.apache.fop.fo.FObj.bind(org.apache.fop.fo.PropertyList)
With the patch (2d86612aacb7805f ("perf symbol: Correct address for bss
symbols")) I see lots of:
dso__load_sym_internal: failed to find program header for symbol:
Lorg/apache/fop/fo/FObj;bind(Lorg/apache/fop/fo/PropertyList;)V
st_value: 0x40
Fixes: 2d86612aacb7805f ("perf symbol: Correct address for bss symbols")
Reviewed-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Ian Rogers <irogers@google.com>
Tested-by: Leo Yan <leo.yan@linaro.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20220731164923.691193-1-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/symbol-elf.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c
index 0b185b1090ff..a04a7dfb8ec0 100644
--- a/tools/perf/util/symbol-elf.c
+++ b/tools/perf/util/symbol-elf.c
@@ -1159,16 +1159,29 @@ int dso__load_sym(struct dso *dso, struct map *map, struct symsrc *syms_ss,
if (elf_read_program_header(syms_ss->elf,
(u64)sym.st_value, &phdr)) {
- pr_warning("%s: failed to find program header for "
+ pr_debug4("%s: failed to find program header for "
"symbol: %s st_value: %#" PRIx64 "\n",
__func__, elf_name, (u64)sym.st_value);
- continue;
+ pr_debug4("%s: adjusting symbol: st_value: %#" PRIx64 " "
+ "sh_addr: %#" PRIx64 " sh_offset: %#" PRIx64 "\n",
+ __func__, (u64)sym.st_value, (u64)shdr.sh_addr,
+ (u64)shdr.sh_offset);
+ /*
+ * Fail to find program header, let's rollback
+ * to use shdr.sh_addr and shdr.sh_offset to
+ * calibrate symbol's file address, though this
+ * is not necessary for normal C ELF file, we
+ * still need to handle java JIT symbols in this
+ * case.
+ */
+ sym.st_value -= shdr.sh_addr - shdr.sh_offset;
+ } else {
+ pr_debug4("%s: adjusting symbol: st_value: %#" PRIx64 " "
+ "p_vaddr: %#" PRIx64 " p_offset: %#" PRIx64 "\n",
+ __func__, (u64)sym.st_value, (u64)phdr.p_vaddr,
+ (u64)phdr.p_offset);
+ sym.st_value -= phdr.p_vaddr - phdr.p_offset;
}
- pr_debug4("%s: adjusting symbol: st_value: %#" PRIx64 " "
- "p_vaddr: %#" PRIx64 " p_offset: %#" PRIx64 "\n",
- __func__, (u64)sym.st_value, (u64)phdr.p_vaddr,
- (u64)phdr.p_offset);
- sym.st_value -= phdr.p_vaddr - phdr.p_offset;
}
demangled = demangle_sym(dso, kmodule, elf_name);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 238/389] kprobes: Forbid probing on trampoline and BPF code areas
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 237/389] perf symbol: Fail to read phdr workaround Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 239/389] powerpc/pci: Fix PHB numbering when using opal-phbid Greg Kroah-Hartman
` (155 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Zhongjin, Ingo Molnar,
Masami Hiramatsu (Google),
Sasha Levin
From: Chen Zhongjin <chenzhongjin@huawei.com>
[ Upstream commit 28f6c37a2910f565b4f5960df52b2eccae28c891 ]
kernel_text_address() treats ftrace_trampoline, kprobe_insn_slot
and bpf_text_address as valid kprobe addresses - which is not ideal.
These text areas are removable and changeable without any notification
to kprobes, and probing on them can trigger unexpected behavior:
https://lkml.org/lkml/2022/7/26/1148
Considering that jump_label and static_call text are already
forbiden to probe, kernel_text_address() should be replaced with
core_kernel_text() and is_module_text_address() to check other text
areas which are unsafe to kprobe.
[ mingo: Rewrote the changelog. ]
Fixes: 5b485629ba0d ("kprobes, extable: Identify kprobes trampolines as kernel text area")
Fixes: 74451e66d516 ("bpf: make jited programs visible in traces")
Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20220801033719.228248-1-chenzhongjin@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/kprobes.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index c93340bae3ac..671b51782182 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1594,7 +1594,8 @@ static int check_kprobe_address_safe(struct kprobe *p,
preempt_disable();
/* Ensure it is not in reserved area nor out of text */
- if (!kernel_text_address((unsigned long) p->addr) ||
+ if (!(core_kernel_text((unsigned long) p->addr) ||
+ is_module_text_address((unsigned long) p->addr)) ||
within_kprobe_blacklist((unsigned long) p->addr) ||
jump_label_text_reserved(p->addr, p->addr) ||
find_bug((unsigned long)p->addr)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 239/389] powerpc/pci: Fix PHB numbering when using opal-phbid
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 238/389] kprobes: Forbid probing on trampoline and BPF code areas Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 240/389] genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO Greg Kroah-Hartman
` (154 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Michael Ellerman,
Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit f4b39e88b42d13366b831270306326b5c20971ca ]
The recent change to the PHB numbering logic has a logic error in the
handling of "ibm,opal-phbid".
When an "ibm,opal-phbid" property is present, &prop is written to and
ret is set to zero.
The following call to of_alias_get_id() is skipped because ret == 0.
But then the if (ret >= 0) is true, and the body of that if statement
sets prop = ret which throws away the value that was just read from
"ibm,opal-phbid".
Fix the logic by only doing the ret >= 0 check in the of_alias_get_id()
case.
Fixes: 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias")
Reviewed-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220802105723.1055178-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/pci-common.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
index 1e827e3769a8..622463a88f05 100644
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -89,11 +89,13 @@ static int get_phb_number(struct device_node *dn)
}
if (ret)
ret = of_property_read_u64(dn, "ibm,opal-phbid", &prop);
- if (ret)
+
+ if (ret) {
ret = of_alias_get_id(dn, "pci");
- if (ret >= 0) {
- prop = ret;
- ret = 0;
+ if (ret >= 0) {
+ prop = ret;
+ ret = 0;
+ }
}
if (ret) {
u32 prop_32;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 240/389] genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 239/389] powerpc/pci: Fix PHB numbering when using opal-phbid Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 241/389] scripts/faddr2line: Fix vmlinux detection on arm64 Greg Kroah-Hartman
` (153 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, 谭梓煊,
Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, Jiri Olsa,
John Fastabend, KP Singh, Martin KaFai Lau, Nick Terrell,
Song Liu, Stephane Eranian, Arnaldo Carvalho de Melo,
Sasha Levin
From: Arnaldo Carvalho de Melo <acme@redhat.com>
[ Upstream commit 91cea6be90e436c55cde8770a15e4dac9d3032d0 ]
When genelf was introduced it tested for HAVE_LIBCRYPTO not
HAVE_LIBCRYPTO_SUPPORT, which is the define the feature test for openssl
defines, fix it.
This also adds disables the deprecation warning, someone has to fix this
to build with openssl 3.0 before the warning becomes a hard error.
Fixes: 9b07e27f88b9cd78 ("perf inject: Add jitdump mmap injection support")
Reported-by: 谭梓煊 <tanzixuan.me@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andrii Nakryiko <andrii@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: KP Singh <kpsingh@kernel.org>
Cc: Martin KaFai Lau <kafai@fb.com>
Cc: Nick Terrell <terrelln@fb.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/YulpPqXSOG0Q4J1o@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/genelf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/genelf.c b/tools/perf/util/genelf.c
index f9f18b8b1df9..17b74aba8b9a 100644
--- a/tools/perf/util/genelf.c
+++ b/tools/perf/util/genelf.c
@@ -35,7 +35,11 @@
#define BUILD_ID_URANDOM /* different uuid for each run */
-#ifdef HAVE_LIBCRYPTO
+// FIXME, remove this and fix the deprecation warnings before its removed and
+// We'll break for good here...
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+
+#ifdef HAVE_LIBCRYPTO_SUPPORT
#define BUILD_ID_MD5
#undef BUILD_ID_SHA /* does not seem to work well when linked with Java */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 241/389] scripts/faddr2line: Fix vmlinux detection on arm64
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 240/389] genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 242/389] x86/numa: Use cpumask_available instead of hardcoded NULL check Greg Kroah-Hartman
` (152 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Garry, Josh Poimboeuf,
Ingo Molnar, Sasha Levin
From: Josh Poimboeuf <jpoimboe@kernel.org>
[ Upstream commit b6a5068854cfe372da7dee3224dcf023ed5b00cb ]
Since commit dcea997beed6 ("faddr2line: Fix overlapping text section
failures, the sequel"), faddr2line is completely broken on arm64.
For some reason, on arm64, the vmlinux ELF object file type is ET_DYN
rather than ET_EXEC. Check for both when determining whether the object
is vmlinux.
Modules and vmlinux.o have type ET_REL on all arches.
Fixes: dcea997beed6 ("faddr2line: Fix overlapping text section failures, the sequel")
Reported-by: John Garry <john.garry@huawei.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: John Garry <john.garry@huawei.com>
Link: https://lore.kernel.org/r/dad1999737471b06d6188ce4cdb11329aa41682c.1658426357.git.jpoimboe@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/faddr2line | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/faddr2line b/scripts/faddr2line
index 94ed98dd899f..57099687e5e1 100755
--- a/scripts/faddr2line
+++ b/scripts/faddr2line
@@ -112,7 +112,9 @@ __faddr2line() {
# section offsets.
local file_type=$(${READELF} --file-header $objfile |
${AWK} '$1 == "Type:" { print $2; exit }')
- [[ $file_type = "EXEC" ]] && is_vmlinux=1
+ if [[ $file_type = "EXEC" ]] || [[ $file_type == "DYN" ]]; then
+ is_vmlinux=1
+ fi
# Go through each of the object's symbols which match the func name.
# In rare cases there might be duplicates, in which case we print all
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 242/389] x86/numa: Use cpumask_available instead of hardcoded NULL check
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 241/389] scripts/faddr2line: Fix vmlinux detection on arm64 Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 243/389] video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Greg Kroah-Hartman
` (151 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Siddh Raman Pant, Ingo Molnar, Sasha Levin
From: Siddh Raman Pant <code@siddh.me>
[ Upstream commit 625395c4a0f4775e0fe00f616888d2e6c1ba49db ]
GCC-12 started triggering a new warning:
arch/x86/mm/numa.c: In function ‘cpumask_of_node’:
arch/x86/mm/numa.c:916:39: warning: the comparison will always evaluate as ‘false’ for the address of ‘node_to_cpumask_map’ will never be NULL [-Waddress]
916 | if (node_to_cpumask_map[node] == NULL) {
| ^~
node_to_cpumask_map is of type cpumask_var_t[].
When CONFIG_CPUMASK_OFFSTACK is set, cpumask_var_t is typedef'd to a
pointer for dynamic allocation, else to an array of one element. The
"wicked game" can be checked on line 700 of include/linux/cpumask.h.
The original code in debug_cpumask_set_cpu() and cpumask_of_node() were
probably written by the original authors with CONFIG_CPUMASK_OFFSTACK=y
(i.e. dynamic allocation) in mind, checking if the cpumask was available
via a direct NULL check.
When CONFIG_CPUMASK_OFFSTACK is not set, GCC gives the above warning
while compiling the kernel.
Fix that by using cpumask_available(), which does the NULL check when
CONFIG_CPUMASK_OFFSTACK is set, otherwise returns true. Use it wherever
such checks are made.
Conditional definitions of cpumask_available() can be found along with
the definition of cpumask_var_t. Check the cpumask.h reference mentioned
above.
Fixes: c032ef60d1aa ("cpumask: convert node_to_cpumask_map[] to cpumask_var_t")
Fixes: de2d9445f162 ("x86: Unify node_to_cpumask_map handling between 32 and 64bit")
Signed-off-by: Siddh Raman Pant <code@siddh.me>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20220731160913.632092-1-code@siddh.me
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/mm/numa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
index 4123100e0eaf..67c617c4a7f2 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
@@ -822,7 +822,7 @@ void debug_cpumask_set_cpu(int cpu, int node, bool enable)
return;
}
mask = node_to_cpumask_map[node];
- if (!mask) {
+ if (!cpumask_available(mask)) {
pr_err("node_to_cpumask_map[%i] NULL\n", node);
dump_stack();
return;
@@ -868,7 +868,7 @@ const struct cpumask *cpumask_of_node(int node)
dump_stack();
return cpu_none_mask;
}
- if (node_to_cpumask_map[node] == NULL) {
+ if (!cpumask_available(node_to_cpumask_map[node])) {
printk(KERN_WARNING
"cpumask_of_node(%d): no node_to_cpumask_map!\n",
node);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 243/389] video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 242/389] x86/numa: Use cpumask_available instead of hardcoded NULL check Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 244/389] tools/thermal: Fix possible path truncations Greg Kroah-Hartman
` (150 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 2f1c4523f7a3aaabe7e53d3ebd378292947e95c8 ]
Since the user can control the arguments of the ioctl() from the user
space, under special arguments that may result in a divide-by-zero bug
in:
drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);
with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.
and then in:
drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock);
we'll get a division-by-zero.
The following log can reveal it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI
RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline]
RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784
Call Trace:
fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034
do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110
fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
Fix this by checking the argument of ark_set_pixclock() first.
Fixes: 681e14730c73 ("arkfb: new framebuffer driver for ARK Logic cards")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/arkfb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/arkfb.c b/drivers/video/fbdev/arkfb.c
index f940e8b66b85..311f7ea57625 100644
--- a/drivers/video/fbdev/arkfb.c
+++ b/drivers/video/fbdev/arkfb.c
@@ -778,7 +778,12 @@ static int arkfb_set_par(struct fb_info *info)
return -EINVAL;
}
- ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);
+ value = (hdiv * info->var.pixclock) / hmul;
+ if (!value) {
+ fb_dbg(info, "invalid pixclock\n");
+ value = 1;
+ }
+ ark_set_pixclock(info, value);
svga_set_timings(par->state.vgabase, &ark_timing_regs, &(info->var), hmul, hdiv,
(info->var.vmode & FB_VMODE_DOUBLE) ? 2 : 1,
(info->var.vmode & FB_VMODE_INTERLACED) ? 2 : 1,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 244/389] tools/thermal: Fix possible path truncations
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 243/389] video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 245/389] video: fbdev: vt8623fb: Check the size of screen before memset_io() Greg Kroah-Hartman
` (149 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Florian Fainelli, Rafael J. Wysocki,
Sasha Levin
From: Florian Fainelli <f.fainelli@gmail.com>
[ Upstream commit 6c58cf40e3a1d2f47c09d3489857e9476316788a ]
A build with -D_FORTIFY_SOURCE=2 enabled will produce the following warnings:
sysfs.c:63:30: warning: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 255 [-Wformat-truncation=]
snprintf(filepath, 256, "%s/%s", path, filename);
^~
Bump up the buffer to PATH_MAX which is the limit and account for all of
the possible NUL and separators that could lead to exceeding the
allocated buffer sizes.
Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/thermal/tmon/sysfs.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/tools/thermal/tmon/sysfs.c b/tools/thermal/tmon/sysfs.c
index b00b1bfd9d8e..cb1108bc9249 100644
--- a/tools/thermal/tmon/sysfs.c
+++ b/tools/thermal/tmon/sysfs.c
@@ -13,6 +13,7 @@
#include <stdint.h>
#include <dirent.h>
#include <libintl.h>
+#include <limits.h>
#include <ctype.h>
#include <time.h>
#include <syslog.h>
@@ -33,9 +34,9 @@ int sysfs_set_ulong(char *path, char *filename, unsigned long val)
{
FILE *fd;
int ret = -1;
- char filepath[256];
+ char filepath[PATH_MAX + 2]; /* NUL and '/' */
- snprintf(filepath, 256, "%s/%s", path, filename);
+ snprintf(filepath, sizeof(filepath), "%s/%s", path, filename);
fd = fopen(filepath, "w");
if (!fd) {
@@ -57,9 +58,9 @@ static int sysfs_get_ulong(char *path, char *filename, unsigned long *p_ulong)
{
FILE *fd;
int ret = -1;
- char filepath[256];
+ char filepath[PATH_MAX + 2]; /* NUL and '/' */
- snprintf(filepath, 256, "%s/%s", path, filename);
+ snprintf(filepath, sizeof(filepath), "%s/%s", path, filename);
fd = fopen(filepath, "r");
if (!fd) {
@@ -76,9 +77,9 @@ static int sysfs_get_string(char *path, char *filename, char *str)
{
FILE *fd;
int ret = -1;
- char filepath[256];
+ char filepath[PATH_MAX + 2]; /* NUL and '/' */
- snprintf(filepath, 256, "%s/%s", path, filename);
+ snprintf(filepath, sizeof(filepath), "%s/%s", path, filename);
fd = fopen(filepath, "r");
if (!fd) {
@@ -199,8 +200,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name,
{
unsigned long trip_instance = 0;
char cdev_name_linked[256];
- char cdev_name[256];
- char cdev_trip_name[256];
+ char cdev_name[PATH_MAX];
+ char cdev_trip_name[PATH_MAX];
int cdev_id;
if (nl->d_type == DT_LNK) {
@@ -213,7 +214,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name,
return -EINVAL;
}
/* find the link to real cooling device record binding */
- snprintf(cdev_name, 256, "%s/%s", tz_name, nl->d_name);
+ snprintf(cdev_name, sizeof(cdev_name) - 2, "%s/%s",
+ tz_name, nl->d_name);
memset(cdev_name_linked, 0, sizeof(cdev_name_linked));
if (readlink(cdev_name, cdev_name_linked,
sizeof(cdev_name_linked) - 1) != -1) {
@@ -226,8 +228,8 @@ static int find_tzone_cdev(struct dirent *nl, char *tz_name,
/* find the trip point in which the cdev is binded to
* in this tzone
*/
- snprintf(cdev_trip_name, 256, "%s%s", nl->d_name,
- "_trip_point");
+ snprintf(cdev_trip_name, sizeof(cdev_trip_name) - 1,
+ "%s%s", nl->d_name, "_trip_point");
sysfs_get_ulong(tz_name, cdev_trip_name,
&trip_instance);
/* validate trip point range, e.g. trip could return -1
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 245/389] video: fbdev: vt8623fb: Check the size of screen before memset_io()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 244/389] tools/thermal: Fix possible path truncations Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 246/389] video: fbdev: arkfb: " Greg Kroah-Hartman
` (148 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit ec0754c60217248fa77cc9005d66b2b55200ac06 ]
In the function vt8623fb_set_par(), the value of 'screen_size' is
calculated by the user input. If the user provides the improper value,
the value of 'screen_size' may larger than 'info->screen_size', which
may cause the following bug:
[ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000
[ 583.339049] #PF: supervisor write access in kernel mode
[ 583.339052] #PF: error_code(0x0002) - not-present page
[ 583.339074] RIP: 0010:memset_orig+0x33/0xb0
[ 583.339110] Call Trace:
[ 583.339118] vt8623fb_set_par+0x11cd/0x21e0
[ 583.339146] fb_set_var+0x604/0xeb0
[ 583.339181] do_fb_ioctl+0x234/0x670
[ 583.339209] fb_ioctl+0xdd/0x130
Fix the this by checking the value of 'screen_size' before memset_io().
Fixes: 558b7bd86c32 ("vt8623fb: new framebuffer driver for VIA VT8623")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/vt8623fb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/vt8623fb.c b/drivers/video/fbdev/vt8623fb.c
index c339a8fbad81..61e2028924a6 100644
--- a/drivers/video/fbdev/vt8623fb.c
+++ b/drivers/video/fbdev/vt8623fb.c
@@ -504,6 +504,8 @@ static int vt8623fb_set_par(struct fb_info *info)
(info->var.vmode & FB_VMODE_DOUBLE) ? 2 : 1, 1,
1, info->node);
+ if (screen_size > info->screen_size)
+ screen_size = info->screen_size;
memset_io(info->screen_base, 0x00, screen_size);
/* Device and screen back on */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 246/389] video: fbdev: arkfb: Check the size of screen before memset_io()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 245/389] video: fbdev: vt8623fb: Check the size of screen before memset_io() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 247/389] video: fbdev: s3fb: " Greg Kroah-Hartman
` (147 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 96b550971c65d54d64728d8ba973487878a06454 ]
In the function arkfb_set_par(), the value of 'screen_size' is
calculated by the user input. If the user provides the improper value,
the value of 'screen_size' may larger than 'info->screen_size', which
may cause the following bug:
[ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000
[ 659.399077] #PF: supervisor write access in kernel mode
[ 659.399079] #PF: error_code(0x0002) - not-present page
[ 659.399094] RIP: 0010:memset_orig+0x33/0xb0
[ 659.399116] Call Trace:
[ 659.399122] arkfb_set_par+0x143f/0x24c0
[ 659.399130] fb_set_var+0x604/0xeb0
[ 659.399161] do_fb_ioctl+0x234/0x670
[ 659.399189] fb_ioctl+0xdd/0x130
Fix the this by checking the value of 'screen_size' before memset_io().
Fixes: 681e14730c73 ("arkfb: new framebuffer driver for ARK Logic cards")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/arkfb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/arkfb.c b/drivers/video/fbdev/arkfb.c
index 311f7ea57625..6b1ad19b8db4 100644
--- a/drivers/video/fbdev/arkfb.c
+++ b/drivers/video/fbdev/arkfb.c
@@ -794,6 +794,8 @@ static int arkfb_set_par(struct fb_info *info)
value = ((value * hmul / hdiv) / 8) - 5;
vga_wcrt(par->state.vgabase, 0x42, (value + 1) / 2);
+ if (screen_size > info->screen_size)
+ screen_size = info->screen_size;
memset_io(info->screen_base, 0x00, screen_size);
/* Device and screen back on */
svga_wcrt_mask(par->state.vgabase, 0x17, 0x80, 0x80);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 247/389] video: fbdev: s3fb: Check the size of screen before memset_io()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 246/389] video: fbdev: arkfb: " Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 248/389] scsi: zfcp: Fix missing auto port scan and thus missing target ports Greg Kroah-Hartman
` (146 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 6ba592fa014f21f35a8ee8da4ca7b95a018f13e8 ]
In the function s3fb_set_par(), the value of 'screen_size' is
calculated by the user input. If the user provides the improper value,
the value of 'screen_size' may larger than 'info->screen_size', which
may cause the following bug:
[ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000
[ 54.083742] #PF: supervisor write access in kernel mode
[ 54.083744] #PF: error_code(0x0002) - not-present page
[ 54.083760] RIP: 0010:memset_orig+0x33/0xb0
[ 54.083782] Call Trace:
[ 54.083788] s3fb_set_par+0x1ec6/0x4040
[ 54.083806] fb_set_var+0x604/0xeb0
[ 54.083836] do_fb_ioctl+0x234/0x670
Fix the this by checking the value of 'screen_size' before memset_io().
Fixes: a268422de8bf ("fbdev driver for S3 Trio/Virge")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/s3fb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/video/fbdev/s3fb.c b/drivers/video/fbdev/s3fb.c
index be16c349c10f..228e5ee7a547 100644
--- a/drivers/video/fbdev/s3fb.c
+++ b/drivers/video/fbdev/s3fb.c
@@ -902,6 +902,8 @@ static int s3fb_set_par(struct fb_info *info)
value = clamp((htotal + hsstart + 1) / 2 + 2, hsstart + 4, htotal + 1);
svga_wcrt_multi(par->state.vgabase, s3_dtpc_regs, value);
+ if (screen_size > info->screen_size)
+ screen_size = info->screen_size;
memset_io(info->screen_base, 0x00, screen_size);
/* Device and screen back on */
svga_wcrt_mask(par->state.vgabase, 0x17, 0x80, 0x80);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 248/389] scsi: zfcp: Fix missing auto port scan and thus missing target ports
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 247/389] video: fbdev: s3fb: " Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 249/389] scsi: qla2xxx: Fix discovery issues in FC-AL topology Greg Kroah-Hartman
` (145 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Benjamin Block, Steffen Maier,
Martin K. Petersen
From: Steffen Maier <maier@linux.ibm.com>
commit 4da8c5f76825269f28d6a89fa752934a4bcb6dfa upstream.
Case (1):
The only waiter on wka_port->completion_wq is zfcp_fc_wka_port_get()
trying to open a WKA port. As such it should only be woken up by WKA port
*open* responses, not by WKA port close responses.
Case (2):
A close WKA port response coming in just after having sent a new open WKA
port request and before blocking for the open response with wait_event()
in zfcp_fc_wka_port_get() erroneously renders the wait_event a NOP
because the close handler overwrites wka_port->status. Hence the
wait_event condition is erroneously true and it does not enter blocking
state.
With non-negligible probability, the following time space sequence happens
depending on timing without this fix:
user process ERP thread zfcp work queue tasklet system work queue
============ ========== =============== ======= =================
$ echo 1 > online
zfcp_ccw_set_online
zfcp_ccw_activate
zfcp_erp_adapter_reopen
msleep scan backoff zfcp_erp_strategy
| ...
| zfcp_erp_action_cleanup
| ...
| queue delayed scan_work
| queue ns_up_work
| ns_up_work:
| zfcp_fc_wka_port_get
| open wka request
| open response
| GSPN FC-GS
| RSPN FC-GS [NPIV-only]
| zfcp_fc_wka_port_put
| (--wka->refcount==0)
| sched delayed wka->work
|
~~~Case (1)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
zfcp_erp_wait
flush scan_work
| wka->work:
| wka->status=CLOSING
| close wka request
| scan_work:
| zfcp_fc_wka_port_get
| (wka->status==CLOSING)
| wka->status=OPENING
| open wka request
| wait_event
| | close response
| | wka->status=OFFLINE
| | wake_up /*WRONG*/
~~~Case (2)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| wka->work:
| wka->status=CLOSING
| close wka request
zfcp_erp_wait
flush scan_work
| scan_work:
| zfcp_fc_wka_port_get
| (wka->status==CLOSING)
| wka->status=OPENING
| open wka request
| close response
| wka->status=OFFLINE
| wake_up /*WRONG&NOP*/
| wait_event /*NOP*/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| (wka->status!=ONLINE)
| return -EIO
| return early
open response
wka->status=ONLINE
wake_up /*NOP*/
So we erroneously end up with no automatic port scan. This is a big problem
when it happens during boot. The timing is influenced by v3.19 commit
18f87a67e6d6 ("zfcp: auto port scan resiliency").
Fix it by fully mutually excluding zfcp_fc_wka_port_get() and
zfcp_fc_wka_port_offline(). For that to work, we make the latter block
until we got the response for a close WKA port. In order not to penalize
the system workqueue, we move wka_port->work to our own adapter workqueue.
Note that before v2.6.30 commit 828bc1212a68 ("[SCSI] zfcp: Set WKA-port to
offline on adapter deactivation"), zfcp did block in
zfcp_fc_wka_port_offline() as well, but with a different condition.
While at it, make non-functional cleanups to improve code reading in
zfcp_fc_wka_port_get(). If we cannot send the WKA port open request, don't
rely on the subsequent wait_event condition to immediately let this case
pass without blocking. Also don't want to rely on the additional condition
handling the refcount to be skipped just to finally return with -EIO.
Link: https://lore.kernel.org/r/20220729162529.1620730-1-maier@linux.ibm.com
Fixes: 5ab944f97e09 ("[SCSI] zfcp: attach and release SAN nameserver port on demand")
Cc: <stable@vger.kernel.org> #v2.6.28+
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/scsi/zfcp_fc.c | 29 ++++++++++++++++++++---------
drivers/s390/scsi/zfcp_fc.h | 6 ++++--
drivers/s390/scsi/zfcp_fsf.c | 4 ++--
3 files changed, 26 insertions(+), 13 deletions(-)
--- a/drivers/s390/scsi/zfcp_fc.c
+++ b/drivers/s390/scsi/zfcp_fc.c
@@ -145,27 +145,33 @@ void zfcp_fc_enqueue_event(struct zfcp_a
static int zfcp_fc_wka_port_get(struct zfcp_fc_wka_port *wka_port)
{
+ int ret = -EIO;
+
if (mutex_lock_interruptible(&wka_port->mutex))
return -ERESTARTSYS;
if (wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE ||
wka_port->status == ZFCP_FC_WKA_PORT_CLOSING) {
wka_port->status = ZFCP_FC_WKA_PORT_OPENING;
- if (zfcp_fsf_open_wka_port(wka_port))
+ if (zfcp_fsf_open_wka_port(wka_port)) {
+ /* could not even send request, nothing to wait for */
wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE;
+ goto out;
+ }
}
- mutex_unlock(&wka_port->mutex);
-
- wait_event(wka_port->completion_wq,
+ wait_event(wka_port->opened,
wka_port->status == ZFCP_FC_WKA_PORT_ONLINE ||
wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE);
if (wka_port->status == ZFCP_FC_WKA_PORT_ONLINE) {
atomic_inc(&wka_port->refcount);
- return 0;
+ ret = 0;
+ goto out;
}
- return -EIO;
+out:
+ mutex_unlock(&wka_port->mutex);
+ return ret;
}
static void zfcp_fc_wka_port_offline(struct work_struct *work)
@@ -181,9 +187,12 @@ static void zfcp_fc_wka_port_offline(str
wka_port->status = ZFCP_FC_WKA_PORT_CLOSING;
if (zfcp_fsf_close_wka_port(wka_port)) {
+ /* could not even send request, nothing to wait for */
wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE;
- wake_up(&wka_port->completion_wq);
+ goto out;
}
+ wait_event(wka_port->closed,
+ wka_port->status == ZFCP_FC_WKA_PORT_OFFLINE);
out:
mutex_unlock(&wka_port->mutex);
}
@@ -193,13 +202,15 @@ static void zfcp_fc_wka_port_put(struct
if (atomic_dec_return(&wka_port->refcount) != 0)
return;
/* wait 10 milliseconds, other reqs might pop in */
- schedule_delayed_work(&wka_port->work, HZ / 100);
+ queue_delayed_work(wka_port->adapter->work_queue, &wka_port->work,
+ msecs_to_jiffies(10));
}
static void zfcp_fc_wka_port_init(struct zfcp_fc_wka_port *wka_port, u32 d_id,
struct zfcp_adapter *adapter)
{
- init_waitqueue_head(&wka_port->completion_wq);
+ init_waitqueue_head(&wka_port->opened);
+ init_waitqueue_head(&wka_port->closed);
wka_port->adapter = adapter;
wka_port->d_id = d_id;
--- a/drivers/s390/scsi/zfcp_fc.h
+++ b/drivers/s390/scsi/zfcp_fc.h
@@ -185,7 +185,8 @@ enum zfcp_fc_wka_status {
/**
* struct zfcp_fc_wka_port - representation of well-known-address (WKA) FC port
* @adapter: Pointer to adapter structure this WKA port belongs to
- * @completion_wq: Wait for completion of open/close command
+ * @opened: Wait for completion of open command
+ * @closed: Wait for completion of close command
* @status: Current status of WKA port
* @refcount: Reference count to keep port open as long as it is in use
* @d_id: FC destination id or well-known-address
@@ -195,7 +196,8 @@ enum zfcp_fc_wka_status {
*/
struct zfcp_fc_wka_port {
struct zfcp_adapter *adapter;
- wait_queue_head_t completion_wq;
+ wait_queue_head_t opened;
+ wait_queue_head_t closed;
enum zfcp_fc_wka_status status;
atomic_t refcount;
u32 d_id;
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -1625,7 +1625,7 @@ static void zfcp_fsf_open_wka_port_handl
wka_port->status = ZFCP_FC_WKA_PORT_ONLINE;
}
out:
- wake_up(&wka_port->completion_wq);
+ wake_up(&wka_port->opened);
}
/**
@@ -1684,7 +1684,7 @@ static void zfcp_fsf_close_wka_port_hand
}
wka_port->status = ZFCP_FC_WKA_PORT_OFFLINE;
- wake_up(&wka_port->completion_wq);
+ wake_up(&wka_port->closed);
}
/**
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 249/389] scsi: qla2xxx: Fix discovery issues in FC-AL topology
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 248/389] scsi: zfcp: Fix missing auto port scan and thus missing target ports Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 250/389] scsi: qla2xxx: Turn off multi-queue for 8G adapters Greg Kroah-Hartman
` (144 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tony Battersby, Himanshu Madhani,
Arun Easi, Nilesh Javali, Martin K. Petersen
From: Arun Easi <aeasi@marvell.com>
commit 47ccb113cead905bdc236571bf8ac6fed90321b3 upstream.
A direct attach tape device, when gets swapped with another, was not
discovered. Fix this by looking at loop map and reinitialize link if there
are devices present.
Link: https://lore.kernel.org/linux-scsi/baef87c3-5dad-3b47-44c1-6914bfc90108@cybernetics.com/
Link: https://lore.kernel.org/r/20220713052045.10683-8-njavali@marvell.com
Cc: stable@vger.kernel.org
Reported-by: Tony Battersby <tonyb@cybernetics.com>
Tested-by: Tony Battersby <tonyb@cybernetics.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_gbl.h | 3 ++-
drivers/scsi/qla2xxx/qla_init.c | 29 +++++++++++++++++++++++++++++
drivers/scsi/qla2xxx/qla_mbx.c | 5 ++++-
3 files changed, 35 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -397,7 +397,8 @@ extern int
qla2x00_get_resource_cnts(scsi_qla_host_t *);
extern int
-qla2x00_get_fcal_position_map(scsi_qla_host_t *ha, char *pos_map);
+qla2x00_get_fcal_position_map(scsi_qla_host_t *ha, char *pos_map,
+ u8 *num_entries);
extern int
qla2x00_get_link_status(scsi_qla_host_t *, uint16_t, struct link_statistics *,
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -5068,6 +5068,22 @@ qla2x00_configure_loop(scsi_qla_host_t *
return (rval);
}
+static void
+qla_reinitialize_link(scsi_qla_host_t *vha)
+{
+ int rval;
+
+ atomic_set(&vha->loop_state, LOOP_DOWN);
+ atomic_set(&vha->loop_down_timer, LOOP_DOWN_TIME);
+ rval = qla2x00_full_login_lip(vha);
+ if (rval == QLA_SUCCESS) {
+ ql_dbg(ql_dbg_disc, vha, 0xd050, "Link reinitialized\n");
+ } else {
+ ql_dbg(ql_dbg_disc, vha, 0xd051,
+ "Link reinitialization failed (%d)\n", rval);
+ }
+}
+
/*
* qla2x00_configure_local_loop
* Updates Fibre Channel Device Database with local loop devices.
@@ -5132,6 +5148,19 @@ skip_login:
spin_unlock_irqrestore(&vha->work_lock, flags);
if (vha->scan.scan_retry < MAX_SCAN_RETRIES) {
+ u8 loop_map_entries = 0;
+ int rc;
+
+ rc = qla2x00_get_fcal_position_map(vha, NULL,
+ &loop_map_entries);
+ if (rc == QLA_SUCCESS && loop_map_entries > 1) {
+ /*
+ * There are devices that are still not logged
+ * in. Reinitialize to give them a chance.
+ */
+ qla_reinitialize_link(vha);
+ return QLA_FUNCTION_FAILED;
+ }
set_bit(LOCAL_LOOP_UPDATE, &vha->dpc_flags);
set_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags);
}
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -2928,7 +2928,8 @@ qla2x00_get_resource_cnts(scsi_qla_host_
* Kernel context.
*/
int
-qla2x00_get_fcal_position_map(scsi_qla_host_t *vha, char *pos_map)
+qla2x00_get_fcal_position_map(scsi_qla_host_t *vha, char *pos_map,
+ u8 *num_entries)
{
int rval;
mbx_cmd_t mc;
@@ -2968,6 +2969,8 @@ qla2x00_get_fcal_position_map(scsi_qla_h
if (pos_map)
memcpy(pos_map, pmap, FCAL_MAP_SIZE);
+ if (num_entries)
+ *num_entries = pmap[0];
}
dma_pool_free(ha->s_dma_pool, pmap, pmap_dma);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 250/389] scsi: qla2xxx: Turn off multi-queue for 8G adapters
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 249/389] scsi: qla2xxx: Fix discovery issues in FC-AL topology Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 251/389] scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection Greg Kroah-Hartman
` (143 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Quinn Tran, Nilesh Javali,
Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit 5304673bdb1635e27555bd636fd5d6956f1cd552 upstream.
For 8G adapters, multi-queue was enabled accidentally. Make sure
multi-queue is not enabled.
Link: https://lore.kernel.org/r/20220616053508.27186-5-njavali@marvell.com
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_def.h | 4 ++--
drivers/scsi/qla2xxx/qla_isr.c | 16 ++++++----------
2 files changed, 8 insertions(+), 12 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -3899,8 +3899,8 @@ struct qla_hw_data {
#define IS_OEM_001(ha) ((ha)->device_type & DT_OEM_001)
#define HAS_EXTENDED_IDS(ha) ((ha)->device_type & DT_EXTENDED_IDS)
#define IS_CT6_SUPPORTED(ha) ((ha)->device_type & DT_CT6_SUPPORTED)
-#define IS_MQUE_CAPABLE(ha) ((ha)->mqenable || IS_QLA83XX(ha) || \
- IS_QLA27XX(ha) || IS_QLA28XX(ha))
+#define IS_MQUE_CAPABLE(ha) (IS_QLA83XX(ha) || IS_QLA27XX(ha) || \
+ IS_QLA28XX(ha))
#define IS_BIDI_CAPABLE(ha) \
(IS_QLA25XX(ha) || IS_QLA2031(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha))
/* Bit 21 of fw_attributes decides the MCTP capabilities */
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -3568,16 +3568,12 @@ msix_register_fail:
}
/* Enable MSI-X vector for response queue update for queue 0 */
- if (IS_QLA83XX(ha) || IS_QLA27XX(ha) || IS_QLA28XX(ha)) {
- if (ha->msixbase && ha->mqiobase &&
- (ha->max_rsp_queues > 1 || ha->max_req_queues > 1 ||
- ql2xmqsupport))
- ha->mqenable = 1;
- } else
- if (ha->mqiobase &&
- (ha->max_rsp_queues > 1 || ha->max_req_queues > 1 ||
- ql2xmqsupport))
- ha->mqenable = 1;
+ if (IS_MQUE_CAPABLE(ha) &&
+ (ha->msixbase && ha->mqiobase && ha->max_qpairs))
+ ha->mqenable = 1;
+ else
+ ha->mqenable = 0;
+
ql_dbg(ql_dbg_multiq, vha, 0xc005,
"mqiobase=%p, max_rsp_queues=%d, max_req_queues=%d.\n",
ha->mqiobase, ha->max_rsp_queues, ha->max_req_queues);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 251/389] scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 250/389] scsi: qla2xxx: Turn off multi-queue for 8G adapters Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 252/389] x86/olpc: fix logical not is only applied to the left hand side Greg Kroah-Hartman
` (142 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Naresh Bannoth, Kyle Mahlkuch,
Quinn Tran, Nilesh Javali, Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit f260694e6463b63ae550aad25ddefe94cb1904da upstream.
Clear wait for mailbox interrupt flag to prevent stale mailbox:
Feb 22 05:22:56 ltcden4-lp7 kernel: qla2xxx [0135:90:00.1]-500a:4: LOOP UP detected (16 Gbps).
Feb 22 05:22:59 ltcden4-lp7 kernel: qla2xxx [0135:90:00.1]-d04c:4: MBX Command timeout for cmd 69, ...
To fix the issue, driver needs to clear the MBX_INTR_WAIT flag on purging
the mailbox. When the stale mailbox completion does arrive, it will be
dropped.
Link: https://lore.kernel.org/r/20220616053508.27186-11-njavali@marvell.com
Fixes: b6faaaf796d7 ("scsi: qla2xxx: Serialize mailbox request")
Cc: Naresh Bannoth <nbannoth@in.ibm.com>
Cc: Kyle Mahlkuch <Kyle.Mahlkuch@ibm.com>
Cc: stable@vger.kernel.org
Reported-by: Naresh Bannoth <nbannoth@in.ibm.com>
Tested-by: Naresh Bannoth <nbannoth@in.ibm.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_mbx.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -271,6 +271,12 @@ qla2x00_mailbox_command(scsi_qla_host_t
atomic_inc(&ha->num_pend_mbx_stage3);
if (!wait_for_completion_timeout(&ha->mbx_intr_comp,
mcp->tov * HZ)) {
+ ql_dbg(ql_dbg_mbx, vha, 0x117a,
+ "cmd=%x Timeout.\n", command);
+ spin_lock_irqsave(&ha->hardware_lock, flags);
+ clear_bit(MBX_INTR_WAIT, &ha->mbx_cmd_flags);
+ spin_unlock_irqrestore(&ha->hardware_lock, flags);
+
if (chip_reset != ha->chip_reset) {
spin_lock_irqsave(&ha->hardware_lock, flags);
ha->flags.mbox_busy = 0;
@@ -281,12 +287,6 @@ qla2x00_mailbox_command(scsi_qla_host_t
rval = QLA_ABORTED;
goto premature_exit;
}
- ql_dbg(ql_dbg_mbx, vha, 0x117a,
- "cmd=%x Timeout.\n", command);
- spin_lock_irqsave(&ha->hardware_lock, flags);
- clear_bit(MBX_INTR_WAIT, &ha->mbx_cmd_flags);
- spin_unlock_irqrestore(&ha->hardware_lock, flags);
-
} else if (ha->flags.purge_mbox ||
chip_reset != ha->chip_reset) {
spin_lock_irqsave(&ha->hardware_lock, flags);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 252/389] x86/olpc: fix logical not is only applied to the left hand side
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 251/389] scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 253/389] spmi: trace: fix stack-out-of-bound access in SPMI tracing functions Greg Kroah-Hartman
` (141 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, kernel test robot,
Alexander Lobakin, Yury Norov
From: Alexander Lobakin <alexandr.lobakin@intel.com>
commit 3a2ba42cbd0b669ce3837ba400905f93dd06c79f upstream.
The bitops compile-time optimization series revealed one more
problem in olpc-xo1-sci.c:send_ebook_state(), resulted in GCC
warnings:
arch/x86/platform/olpc/olpc-xo1-sci.c: In function 'send_ebook_state':
arch/x86/platform/olpc/olpc-xo1-sci.c:83:63: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses]
83 | if (!!test_bit(SW_TABLET_MODE, ebook_switch_idev->sw) == state)
| ^~
arch/x86/platform/olpc/olpc-xo1-sci.c:83:13: note: add parentheses around left hand side expression to silence this warning
Despite this code working as intended, this redundant double
negation of boolean value, together with comparing to `char`
with no explicit conversion to bool, makes compilers think
the author made some unintentional logical mistakes here.
Make it the other way around and negate the char instead
to silence the warnings.
Fixes: d2aa37411b8e ("x86/olpc/xo1/sci: Produce wakeup events for buttons and switches")
Cc: stable@vger.kernel.org # 3.5+
Reported-by: Guenter Roeck <linux@roeck-us.net>
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-and-tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/platform/olpc/olpc-xo1-sci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/platform/olpc/olpc-xo1-sci.c
+++ b/arch/x86/platform/olpc/olpc-xo1-sci.c
@@ -81,7 +81,7 @@ static void send_ebook_state(void)
return;
}
- if (!!test_bit(SW_TABLET_MODE, ebook_switch_idev->sw) == state)
+ if (test_bit(SW_TABLET_MODE, ebook_switch_idev->sw) == !!state)
return; /* Nothing new to report. */
input_report_switch(ebook_switch_idev, SW_TABLET_MODE, state);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 253/389] spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 252/389] x86/olpc: fix logical not is only applied to the left hand side Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 254/389] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification Greg Kroah-Hartman
` (140 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Boyd, Steven Rostedt (Google),
David Collins
From: David Collins <quic_collinsd@quicinc.com>
commit 2af28b241eea816e6f7668d1954f15894b45d7e3 upstream.
trace_spmi_write_begin() and trace_spmi_read_end() both call
memcpy() with a length of "len + 1". This leads to one extra
byte being read beyond the end of the specified buffer. Fix
this out-of-bound memory access by using a length of "len"
instead.
Here is a KASAN log showing the issue:
BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234
Read of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314
...
Call trace:
dump_backtrace+0x0/0x3e8
show_stack+0x2c/0x3c
dump_stack_lvl+0xdc/0x11c
print_address_description+0x74/0x384
kasan_report+0x188/0x268
kasan_check_range+0x270/0x2b0
memcpy+0x90/0xe8
trace_event_raw_event_spmi_read_end+0x1d0/0x234
spmi_read_cmd+0x294/0x3ac
spmi_ext_register_readl+0x84/0x9c
regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi]
_regmap_raw_read+0x40c/0x754
regmap_raw_read+0x3a0/0x514
regmap_bulk_read+0x418/0x494
adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3]
...
__arm64_sys_read+0x4c/0x60
invoke_syscall+0x80/0x218
el0_svc_common+0xec/0x1c8
...
addr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame:
adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3]
this frame has 1 object:
[32, 33) 'status'
Memory state around the buggy address:
ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00
^
ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00
==================================================================
Fixes: a9fce374815d ("spmi: add command tracepoints for SPMI")
Cc: stable@vger.kernel.org
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: David Collins <quic_collinsd@quicinc.com>
Link: https://lore.kernel.org/r/20220627235512.2272783-1-quic_collinsd@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/trace/events/spmi.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/include/trace/events/spmi.h
+++ b/include/trace/events/spmi.h
@@ -21,15 +21,15 @@ TRACE_EVENT(spmi_write_begin,
__field ( u8, sid )
__field ( u16, addr )
__field ( u8, len )
- __dynamic_array ( u8, buf, len + 1 )
+ __dynamic_array ( u8, buf, len )
),
TP_fast_assign(
__entry->opcode = opcode;
__entry->sid = sid;
__entry->addr = addr;
- __entry->len = len + 1;
- memcpy(__get_dynamic_array(buf), buf, len + 1);
+ __entry->len = len;
+ memcpy(__get_dynamic_array(buf), buf, len);
),
TP_printk("opc=%d sid=%02d addr=0x%04x len=%d buf=0x[%*phD]",
@@ -92,7 +92,7 @@ TRACE_EVENT(spmi_read_end,
__field ( u16, addr )
__field ( int, ret )
__field ( u8, len )
- __dynamic_array ( u8, buf, len + 1 )
+ __dynamic_array ( u8, buf, len )
),
TP_fast_assign(
@@ -100,8 +100,8 @@ TRACE_EVENT(spmi_read_end,
__entry->sid = sid;
__entry->addr = addr;
__entry->ret = ret;
- __entry->len = len + 1;
- memcpy(__get_dynamic_array(buf), buf, len + 1);
+ __entry->len = len;
+ memcpy(__get_dynamic_array(buf), buf, len);
),
TP_printk("opc=%d sid=%02d addr=0x%04x ret=%d len=%02d buf=0x[%*phD]",
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 254/389] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 253/389] spmi: trace: fix stack-out-of-bound access in SPMI tracing functions Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 255/389] tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH Greg Kroah-Hartman
` (139 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Rudo, kexec, keyrings,
linux-security-module, Michal Suchanek, Lee, Chun-Yi, Baoquan He,
Coiby Xu, Heiko Carstens, Mimi Zohar
From: Michal Suchanek <msuchanek@suse.de>
commit 0828c4a39be57768b8788e8cbd0d84683ea757e5 upstream.
commit e23a8020ce4e ("s390/kexec_file: Signature verification prototype")
adds support for KEXEC_SIG verification with keys from platform keyring
but the built-in keys and secondary keyring are not used.
Add support for the built-in keys and secondary keyring as x86 does.
Fixes: e23a8020ce4e ("s390/kexec_file: Signature verification prototype")
Cc: stable@vger.kernel.org
Cc: Philipp Rudo <prudo@linux.ibm.com>
Cc: kexec@lists.infradead.org
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/machine_kexec_file.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -29,6 +29,7 @@ int s390_verify_sig(const char *kernel,
const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;
struct module_signature *ms;
unsigned long sig_len;
+ int ret;
/* Skip signature verification when not secure IPLed. */
if (!ipl_secure_flag)
@@ -63,11 +64,18 @@ int s390_verify_sig(const char *kernel,
return -EBADMSG;
}
- return verify_pkcs7_signature(kernel, kernel_len,
- kernel + kernel_len, sig_len,
- VERIFY_USE_PLATFORM_KEYRING,
- VERIFYING_MODULE_SIGNATURE,
- NULL, NULL);
+ ret = verify_pkcs7_signature(kernel, kernel_len,
+ kernel + kernel_len, sig_len,
+ VERIFY_USE_SECONDARY_KEYRING,
+ VERIFYING_MODULE_SIGNATURE,
+ NULL, NULL);
+ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING))
+ ret = verify_pkcs7_signature(kernel, kernel_len,
+ kernel + kernel_len, sig_len,
+ VERIFY_USE_PLATFORM_KEYRING,
+ VERIFYING_MODULE_SIGNATURE,
+ NULL, NULL);
+ return ret;
}
#endif /* CONFIG_KEXEC_SIG */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 255/389] tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 254/389] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 256/389] btrfs: reset block group chunk force if we have to wait Greg Kroah-Hartman
` (138 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, WANG Xuerui, Huacai Chen, Jarkko Sakkinen
From: Huacai Chen <chenhuacai@loongson.cn>
commit bed4593645366ad7362a3aa7bc0d100d8d8236a8 upstream.
If DEBUG_SECTION_MISMATCH enabled, __calc_tpm2_event_size() will not be
inlined, this cause section mismatch like this:
WARNING: modpost: vmlinux.o(.text.unlikely+0xe30c): Section mismatch in reference from the variable L0 to the function .init.text:early_ioremap()
The function L0() references
the function __init early_memremap().
This is often because L0 lacks a __init
annotation or the annotation of early_ioremap is wrong.
Fix it by using __always_inline instead of inline for the called-once
function __calc_tpm2_event_size().
Fixes: 44038bc514a2 ("tpm: Abstract crypto agile event size calculations")
Cc: stable@vger.kernel.org # v5.3
Reported-by: WANG Xuerui <git@xen0n.name>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/tpm_eventlog.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/tpm_eventlog.h
+++ b/include/linux/tpm_eventlog.h
@@ -157,7 +157,7 @@ struct tcg_algorithm_info {
* Return: size of the event on success, 0 on failure
*/
-static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
+static __always_inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event,
struct tcg_pcr_event *event_header,
bool do_mapping)
{
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 256/389] btrfs: reset block group chunk force if we have to wait
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 255/389] tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 257/389] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h Greg Kroah-Hartman
` (137 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Filipe Manana, Josef Bacik, David Sterba
From: Josef Bacik <josef@toxicpanda.com>
commit 1314ca78b2c35d3e7d0f097268a2ee6dc0d369ef upstream.
If you try to force a chunk allocation, but you race with another chunk
allocation, you will end up waiting on the chunk allocation that just
occurred and then allocate another chunk. If you have many threads all
doing this at once you can way over-allocate chunks.
Fix this by resetting force to NO_FORCE, that way if we think we need to
allocate we can, otherwise we don't force another chunk allocation if
one is already happening.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
CC: stable@vger.kernel.org # 5.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -2938,6 +2938,7 @@ int btrfs_chunk_alloc(struct btrfs_trans
* attempt.
*/
wait_for_alloc = true;
+ force = CHUNK_ALLOC_NO_FORCE;
spin_unlock(&space_info->lock);
mutex_lock(&fs_info->chunk_mutex);
mutex_unlock(&fs_info->chunk_mutex);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 257/389] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 256/389] btrfs: reset block group chunk force if we have to wait Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 258/389] ext4: make sure ext4_append() always allocates new block Greg Kroah-Hartman
` (136 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baokun Li, Jan Kara,
Ritesh Harjani (IBM),
Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit 179b14152dcb6a24c3415200603aebca70ff13af upstream.
When adding an xattr to an inode, we must ensure that the inode_size is
not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,
the end position may be greater than the start position, resulting in UAF.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20220616021358.2504451-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/fs/ext4/xattr.h
+++ b/fs/ext4/xattr.h
@@ -95,6 +95,19 @@ struct ext4_xattr_entry {
#define EXT4_ZERO_XATTR_VALUE ((void *)-1)
+/*
+ * If we want to add an xattr to the inode, we should make sure that
+ * i_extra_isize is not 0 and that the inode size is not less than
+ * EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad.
+ * EXT4_GOOD_OLD_INODE_SIZE extra_isize header entry pad data
+ * |--------------------------|------------|------|---------|---|-------|
+ */
+#define EXT4_INODE_HAS_XATTR_SPACE(inode) \
+ ((EXT4_I(inode)->i_extra_isize != 0) && \
+ (EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize + \
+ sizeof(struct ext4_xattr_ibody_header) + EXT4_XATTR_PAD <= \
+ EXT4_INODE_SIZE((inode)->i_sb)))
+
struct ext4_xattr_info {
const char *name;
const void *value;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 258/389] ext4: make sure ext4_append() always allocates new block
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 257/389] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 259/389] ext4: fix use-after-free in ext4_xattr_set_entry Greg Kroah-Hartman
` (135 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Lukas Czerner,
Andreas Dilger, Theodore Tso
From: Lukas Czerner <lczerner@redhat.com>
commit b8a04fe77ef1360fbf73c80fddbdfeaa9407ed1b upstream.
ext4_append() must always allocate a new block, otherwise we run the
risk of overwriting existing directory block corrupting the directory
tree in the process resulting in all manner of problems later on.
Add a sanity check to see if the logical block is already allocated and
error out if it is.
Cc: stable@kernel.org
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20220704142721.157985-2-lczerner@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/namei.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -54,6 +54,7 @@ static struct buffer_head *ext4_append(h
struct inode *inode,
ext4_lblk_t *block)
{
+ struct ext4_map_blocks map;
struct buffer_head *bh;
int err;
@@ -63,6 +64,21 @@ static struct buffer_head *ext4_append(h
return ERR_PTR(-ENOSPC);
*block = inode->i_size >> inode->i_sb->s_blocksize_bits;
+ map.m_lblk = *block;
+ map.m_len = 1;
+
+ /*
+ * We're appending new directory block. Make sure the block is not
+ * allocated yet, otherwise we will end up corrupting the
+ * directory.
+ */
+ err = ext4_map_blocks(NULL, inode, &map, 0);
+ if (err < 0)
+ return ERR_PTR(err);
+ if (err) {
+ EXT4_ERROR_INODE(inode, "Logical block already allocated");
+ return ERR_PTR(-EFSCORRUPTED);
+ }
bh = ext4_bread(handle, inode, *block, EXT4_GET_BLOCKS_CREATE);
if (IS_ERR(bh))
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 259/389] ext4: fix use-after-free in ext4_xattr_set_entry
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 258/389] ext4: make sure ext4_append() always allocates new block Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 260/389] ext4: update s_overhead_clusters in the superblock during an on-line resize Greg Kroah-Hartman
` (134 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Hulk Robot, Baokun Li,
Ritesh Harjani (IBM),
Jan Kara, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 upstream.
Hulk Robot reported a issue:
==================================================================
BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x18ab/0x3500
Write of size 4105 at addr ffff8881675ef5f4 by task syz-executor.0/7092
CPU: 1 PID: 7092 Comm: syz-executor.0 Not tainted 4.19.90-dirty #17
Call Trace:
[...]
memcpy+0x34/0x50 mm/kasan/kasan.c:303
ext4_xattr_set_entry+0x18ab/0x3500 fs/ext4/xattr.c:1747
ext4_xattr_ibody_inline_set+0x86/0x2a0 fs/ext4/xattr.c:2205
ext4_xattr_set_handle+0x940/0x1300 fs/ext4/xattr.c:2386
ext4_xattr_set+0x1da/0x300 fs/ext4/xattr.c:2498
__vfs_setxattr+0x112/0x170 fs/xattr.c:149
__vfs_setxattr_noperm+0x11b/0x2a0 fs/xattr.c:180
__vfs_setxattr_locked+0x17b/0x250 fs/xattr.c:238
vfs_setxattr+0xed/0x270 fs/xattr.c:255
setxattr+0x235/0x330 fs/xattr.c:520
path_setxattr+0x176/0x190 fs/xattr.c:539
__do_sys_lsetxattr fs/xattr.c:561 [inline]
__se_sys_lsetxattr fs/xattr.c:557 [inline]
__x64_sys_lsetxattr+0xc2/0x160 fs/xattr.c:557
do_syscall_64+0xdf/0x530 arch/x86/entry/common.c:298
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x459fe9
RSP: 002b:00007fa5e54b4c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
RAX: ffffffffffffffda RBX: 000000000051bf60 RCX: 0000000000459fe9
RDX: 00000000200003c0 RSI: 0000000020000180 RDI: 0000000020000140
RBP: 000000000051bf60 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000001009 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc73c93fc0 R14: 000000000051bf60 R15: 00007fa5e54b4d80
[...]
==================================================================
Above issue may happen as follows:
-------------------------------------
ext4_xattr_set
ext4_xattr_set_handle
ext4_xattr_ibody_find
>> s->end < s->base
>> no EXT4_STATE_XATTR
>> xattr_check_inode is not executed
ext4_xattr_ibody_set
ext4_xattr_set_entry
>> size_t min_offs = s->end - s->base
>> UAF in memcpy
we can easily reproduce this problem with the following commands:
mkfs.ext4 -F /dev/sda
mount -o debug_want_extra_isize=128 /dev/sda /mnt
touch /mnt/file
setfattr -n user.cat -v `seq -s z 4096|tr -d '[:digit:]'` /mnt/file
In ext4_xattr_ibody_find, we have the following assignment logic:
header = IHDR(inode, raw_inode)
= raw_inode + EXT4_GOOD_OLD_INODE_SIZE + i_extra_isize
is->s.base = IFIRST(header)
= header + sizeof(struct ext4_xattr_ibody_header)
is->s.end = raw_inode + s_inode_size
In ext4_xattr_set_entry
min_offs = s->end - s->base
= s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize -
sizeof(struct ext4_xattr_ibody_header)
last = s->first
free = min_offs - ((void *)last - s->base) - sizeof(__u32)
= s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize -
sizeof(struct ext4_xattr_ibody_header) - sizeof(__u32)
In the calculation formula, all values except s_inode_size and
i_extra_size are fixed values. When i_extra_size is the maximum value
s_inode_size - EXT4_GOOD_OLD_INODE_SIZE, min_offs is -4 and free is -8.
The value overflows. As a result, the preceding issue is triggered when
memcpy is executed.
Therefore, when finding xattr or setting xattr, check whether
there is space for storing xattr in the inode to resolve this issue.
Cc: stable@kernel.org
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220616021358.2504451-3-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2184,8 +2184,9 @@ int ext4_xattr_ibody_find(struct inode *
struct ext4_inode *raw_inode;
int error;
- if (EXT4_I(inode)->i_extra_isize == 0)
+ if (!EXT4_INODE_HAS_XATTR_SPACE(inode))
return 0;
+
raw_inode = ext4_raw_inode(&is->iloc);
header = IHDR(inode, raw_inode);
is->s.base = is->s.first = IFIRST(header);
@@ -2213,8 +2214,9 @@ int ext4_xattr_ibody_inline_set(handle_t
struct ext4_xattr_search *s = &is->s;
int error;
- if (EXT4_I(inode)->i_extra_isize == 0)
+ if (!EXT4_INODE_HAS_XATTR_SPACE(inode))
return -ENOSPC;
+
error = ext4_xattr_set_entry(i, s, handle, inode, false /* is_block */);
if (error)
return error;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 260/389] ext4: update s_overhead_clusters in the superblock during an on-line resize
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 259/389] ext4: fix use-after-free in ext4_xattr_set_entry Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 261/389] ext4: fix extent status tree race in writeback error recovery path Greg Kroah-Hartman
` (133 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Theodore Tso, stable, Andreas Dilger
From: Theodore Ts'o <tytso@mit.edu>
commit de394a86658ffe4e89e5328fd4993abfe41b7435 upstream.
When doing an online resize, the on-disk superblock on-disk wasn't
updated. This means that when the file system is unmounted and
remounted, and the on-disk overhead value is non-zero, this would
result in the results of statfs(2) to be incorrect.
This was partially fixed by Commits 10b01ee92df5 ("ext4: fix overhead
calculation to account for the reserved gdt blocks"), 85d825dbf489
("ext4: force overhead calculation if the s_overhead_cluster makes no
sense"), and eb7054212eac ("ext4: update the cached overhead value in
the superblock").
However, since it was too expensive to forcibly recalculate the
overhead for bigalloc file systems at every mount, this didn't fix the
problem for bigalloc file systems. This commit should address the
problem when resizing file systems with the bigalloc feature enabled.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://lore.kernel.org/r/20220629040026.112371-1-tytso@mit.edu
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/resize.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1483,6 +1483,7 @@ static void ext4_update_super(struct sup
* Update the fs overhead information
*/
ext4_calculate_overhead(sb);
+ es->s_overhead_clusters = cpu_to_le32(sbi->s_overhead);
if (test_opt(sb, DEBUG))
printk(KERN_DEBUG "EXT4-fs: added group %u:"
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 261/389] ext4: fix extent status tree race in writeback error recovery path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 260/389] ext4: update s_overhead_clusters in the superblock during an on-line resize Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 262/389] ext4: correct max_inline_xattr_value_size computing Greg Kroah-Hartman
` (132 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Ye Bin, Eric Whitney, Theodore Tso
From: Eric Whitney <enwlinux@gmail.com>
commit 7f0d8e1d607c1a4fa9a27362a108921d82230874 upstream.
A race can occur in the unlikely event ext4 is unable to allocate a
physical cluster for a delayed allocation in a bigalloc file system
during writeback. Failure to allocate a cluster forces error recovery
that includes a call to mpage_release_unused_pages(). That function
removes any corresponding delayed allocated blocks from the extent
status tree. If a new delayed write is in progress on the same cluster
simultaneously, resulting in the addition of an new extent containing
one or more blocks in that cluster to the extent status tree, delayed
block accounting can be thrown off if that delayed write then encounters
a similar cluster allocation failure during future writeback.
Write lock the i_data_sem in mpage_release_unused_pages() to fix this
problem. Ext4's block/cluster accounting code for bigalloc relies on
i_data_sem for mutual exclusion, as is found in the delayed write path,
and the locking in mpage_release_unused_pages() is missing.
Cc: stable@kernel.org
Reported-by: Ye Bin <yebin10@huawei.com>
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20220615160530.1928801-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1717,7 +1717,14 @@ static void mpage_release_unused_pages(s
ext4_lblk_t start, last;
start = index << (PAGE_SHIFT - inode->i_blkbits);
last = end << (PAGE_SHIFT - inode->i_blkbits);
+
+ /*
+ * avoid racing with extent status tree scans made by
+ * ext4_insert_delayed_block()
+ */
+ down_write(&EXT4_I(inode)->i_data_sem);
ext4_es_remove_extent(inode, start, last - start + 1);
+ up_write(&EXT4_I(inode)->i_data_sem);
}
pagevec_init(&pvec);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 262/389] ext4: correct max_inline_xattr_value_size computing
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 261/389] ext4: fix extent status tree race in writeback error recovery path Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 263/389] ext4: correct the misjudgment in ext4_iget_extra_inode Greg Kroah-Hartman
` (131 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Baokun Li,
Ritesh Harjani (IBM),
Jan Kara, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit c9fd167d57133c5b748d16913c4eabc55e531c73 upstream.
If the ext4 inode does not have xattr space, 0 is returned in the
get_max_inline_xattr_value_size function. Otherwise, the function returns
a negative value when the inode does not contain EXT4_STATE_XATTR.
Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220616021358.2504451-4-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inline.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -34,6 +34,9 @@ static int get_max_inline_xattr_value_si
struct ext4_inode *raw_inode;
int free, min_offs;
+ if (!EXT4_INODE_HAS_XATTR_SPACE(inode))
+ return 0;
+
min_offs = EXT4_SB(inode->i_sb)->s_inode_size -
EXT4_GOOD_OLD_INODE_SIZE -
EXT4_I(inode)->i_extra_isize -
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 263/389] ext4: correct the misjudgment in ext4_iget_extra_inode
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 262/389] ext4: correct max_inline_xattr_value_size computing Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 264/389] intel_th: pci: Add Raptor Lake-S CPU support Greg Kroah-Hartman
` (130 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, stable, Baokun Li,
Ritesh Harjani (IBM),
Jan Kara, Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit fd7e672ea98b95b9d4c9dae316639f03c16a749d upstream.
Use the EXT4_INODE_HAS_XATTR_SPACE macro to more accurately
determine whether the inode have xattr space.
Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220616021358.2504451-5-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/inode.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4841,8 +4841,7 @@ static inline int ext4_iget_extra_inode(
__le32 *magic = (void *)raw_inode +
EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize;
- if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize + sizeof(__le32) <=
- EXT4_INODE_SIZE(inode->i_sb) &&
+ if (EXT4_INODE_HAS_XATTR_SPACE(inode) &&
*magic == cpu_to_le32(EXT4_XATTR_MAGIC)) {
ext4_set_inode_state(inode, EXT4_STATE_XATTR);
return ext4_find_inline_data_nolock(inode);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 264/389] intel_th: pci: Add Raptor Lake-S CPU support
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 263/389] ext4: correct the misjudgment in ext4_iget_extra_inode Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 265/389] intel_th: pci: Add Raptor Lake-S PCH support Greg Kroah-Hartman
` (129 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, stable, Alexander Shishkin
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
commit ff46a601afc5a66a81c3945b83d0a2caeb88e8bc upstream.
Add support for the Trace Hub in Raptor Lake-S CPU.
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/r/20220705082637.59979-7-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/intel_th/pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -280,6 +280,11 @@ static const struct pci_device_id intel_
.driver_data = (kernel_ulong_t)&intel_th_2x,
},
{
+ /* Raptor Lake-S CPU */
+ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0xa76f),
+ .driver_data = (kernel_ulong_t)&intel_th_2x,
+ },
+ {
/* Rocket Lake CPU */
PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x4c19),
.driver_data = (kernel_ulong_t)&intel_th_2x,
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 265/389] intel_th: pci: Add Raptor Lake-S PCH support
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 264/389] intel_th: pci: Add Raptor Lake-S CPU support Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 266/389] intel_th: pci: Add Meteor Lake-P support Greg Kroah-Hartman
` (128 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, stable, Alexander Shishkin
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
commit 23e2de5826e2fc4dd43e08bab3a2ea1a5338b063 upstream.
Add support for the Trace Hub in Raptor Lake-S PCH.
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/r/20220705082637.59979-6-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/intel_th/pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -285,6 +285,11 @@ static const struct pci_device_id intel_
.driver_data = (kernel_ulong_t)&intel_th_2x,
},
{
+ /* Raptor Lake-S */
+ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x7a26),
+ .driver_data = (kernel_ulong_t)&intel_th_2x,
+ },
+ {
/* Rocket Lake CPU */
PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x4c19),
.driver_data = (kernel_ulong_t)&intel_th_2x,
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 266/389] intel_th: pci: Add Meteor Lake-P support
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 265/389] intel_th: pci: Add Raptor Lake-S PCH support Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 267/389] dm raid: fix address sanitizer warning in raid_resume Greg Kroah-Hartman
` (127 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, stable, Alexander Shishkin
From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
commit 802a9a0b1d91274ef10d9fe429b4cc1e8c200aef upstream.
Add support for the Trace Hub in Meteor Lake-P.
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Link: https://lore.kernel.org/r/20220705082637.59979-5-alexander.shishkin@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwtracing/intel_th/pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -285,6 +285,11 @@ static const struct pci_device_id intel_
.driver_data = (kernel_ulong_t)&intel_th_2x,
},
{
+ /* Meteor Lake-P */
+ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x7e24),
+ .driver_data = (kernel_ulong_t)&intel_th_2x,
+ },
+ {
/* Raptor Lake-S */
PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x7a26),
.driver_data = (kernel_ulong_t)&intel_th_2x,
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 267/389] dm raid: fix address sanitizer warning in raid_resume
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 266/389] intel_th: pci: Add Meteor Lake-P support Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 268/389] dm raid: fix address sanitizer warning in raid_status Greg Kroah-Hartman
` (126 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Mike Snitzer
From: Mikulas Patocka <mpatocka@redhat.com>
commit 7dad24db59d2d2803576f2e3645728866a056dab upstream.
There is a KASAN warning in raid_resume when running the lvm test
lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks
is greater than rs->raid_disks, so the loop touches one entry beyond
the allocated length.
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-raid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -3808,7 +3808,7 @@ static void attempt_restore_of_faulty_de
memset(cleared_failed_devices, 0, sizeof(cleared_failed_devices));
- for (i = 0; i < mddev->raid_disks; i++) {
+ for (i = 0; i < rs->raid_disks; i++) {
r = &rs->dev[i].rdev;
/* HM FIXME: enhance journal device recovery processing */
if (test_bit(Journal, &r->flags))
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 268/389] dm raid: fix address sanitizer warning in raid_status
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 267/389] dm raid: fix address sanitizer warning in raid_resume Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 269/389] dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Greg Kroah-Hartman
` (125 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Mike Snitzer
From: Mikulas Patocka <mpatocka@redhat.com>
commit 1fbeea217d8f297fe0e0956a1516d14ba97d0396 upstream.
There is this warning when using a kernel with the address sanitizer
and running this testsuite:
https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid
==================================================================
BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]
Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319
CPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
Call Trace:
<TASK>
dump_stack_lvl+0x6a/0x9c
print_address_description.constprop.0+0x1f/0x1e0
print_report.cold+0x55/0x244
kasan_report+0xc9/0x100
raid_status+0x1747/0x2820 [dm_raid]
dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]
table_load+0x35c/0x630 [dm_mod]
ctl_ioctl+0x411/0x630 [dm_mod]
dm_ctl_ioctl+0xa/0x10 [dm_mod]
__x64_sys_ioctl+0x12a/0x1a0
do_syscall_64+0x5b/0x80
The warning is caused by reading conf->max_nr_stripes in raid_status. The
code in raid_status reads mddev->private, casts it to struct r5conf and
reads the entry max_nr_stripes.
However, if we have different raid type than 4/5/6, mddev->private
doesn't point to struct r5conf; it may point to struct r0conf, struct
r1conf, struct r10conf or struct mpconf. If we cast a pointer to one
of these structs to struct r5conf, we will be reading invalid memory
and KASAN warns about it.
Fix this bug by reading struct r5conf only if raid type is 4, 5 or 6.
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-raid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -3528,7 +3528,7 @@ static void raid_status(struct dm_target
{
struct raid_set *rs = ti->private;
struct mddev *mddev = &rs->md;
- struct r5conf *conf = mddev->private;
+ struct r5conf *conf = rs_is_raid456(rs) ? mddev->private : NULL;
int i, max_nr_stripes = conf ? conf->max_nr_stripes : 0;
unsigned long recovery;
unsigned int raid_param_cnt = 1; /* at least 1 for chunksize */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 269/389] dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 268/389] dm raid: fix address sanitizer warning in raid_status Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 270/389] dm writecache: set a default MAX_WRITEBACK_JOBS Greg Kroah-Hartman
` (124 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hulk Robot, Luo Meng, Mike Snitzer
From: Luo Meng <luomeng12@huawei.com>
commit 3534e5a5ed2997ca1b00f44a0378a075bd05e8a3 upstream.
Fault inject on pool metadata device reports:
BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80
Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950
CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_address_description.constprop.0.cold+0xeb/0x3f4
kasan_report.cold+0xe6/0x147
dm_pool_register_metadata_threshold+0x40/0x80
pool_ctr+0xa0a/0x1150
dm_table_add_target+0x2c8/0x640
table_load+0x1fd/0x430
ctl_ioctl+0x2c4/0x5a0
dm_ctl_ioctl+0xa/0x10
__x64_sys_ioctl+0xb3/0xd0
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
This can be easily reproduced using:
echo offline > /sys/block/sda/device/state
dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10
dmsetup load pool --table "0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0"
If a metadata commit fails, the transaction will be aborted and the
metadata space maps will be destroyed. If a DM table reload then
happens for this failed thin-pool, a use-after-free will occur in
dm_sm_register_threshold_callback (called from
dm_pool_register_metadata_threshold).
Fix this by in dm_pool_register_metadata_threshold() by returning the
-EINVAL error if the thin-pool is in fail mode. Also fail pool_ctr()
with a new error message: "Error registering metadata threshold".
Fixes: ac8c3f3df65e4 ("dm thin: generate event when metadata threshold passed")
Cc: stable@vger.kernel.org
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Luo Meng <luomeng12@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-thin-metadata.c | 7 +++++--
drivers/md/dm-thin.c | 4 +++-
2 files changed, 8 insertions(+), 3 deletions(-)
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -2060,10 +2060,13 @@ int dm_pool_register_metadata_threshold(
dm_sm_threshold_fn fn,
void *context)
{
- int r;
+ int r = -EINVAL;
pmd_write_lock_in_core(pmd);
- r = dm_sm_register_threshold_callback(pmd->metadata_sm, threshold, fn, context);
+ if (!pmd->fail_io) {
+ r = dm_sm_register_threshold_callback(pmd->metadata_sm,
+ threshold, fn, context);
+ }
pmd_write_unlock(pmd);
return r;
--- a/drivers/md/dm-thin.c
+++ b/drivers/md/dm-thin.c
@@ -3425,8 +3425,10 @@ static int pool_ctr(struct dm_target *ti
calc_metadata_threshold(pt),
metadata_low_callback,
pool);
- if (r)
+ if (r) {
+ ti->error = "Error registering metadata threshold";
goto out_flags_changed;
+ }
pt->callbacks.congested_fn = pool_is_congested;
dm_table_add_target_callbacks(ti->table, &pt->callbacks);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 270/389] dm writecache: set a default MAX_WRITEBACK_JOBS
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 269/389] dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 271/389] ACPI: CPPC: Do not prevent CPPC from working in the future Greg Kroah-Hartman
` (123 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, Mike Snitzer
From: Mikulas Patocka <mpatocka@redhat.com>
commit ca7dc242e358e46d963b32f9d9dd829785a9e957 upstream.
dm-writecache has the capability to limit the number of writeback jobs
in progress. However, this feature was off by default. As such there
were some out-of-memory crashes observed when lowering the low
watermark while the cache is full.
This commit enables writeback limit by default. It is set to 256MiB or
1/16 of total system memory, whichever is smaller.
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-writecache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/md/dm-writecache.c
+++ b/drivers/md/dm-writecache.c
@@ -20,7 +20,7 @@
#define HIGH_WATERMARK 50
#define LOW_WATERMARK 45
-#define MAX_WRITEBACK_JOBS 0
+#define MAX_WRITEBACK_JOBS min(0x10000000 / PAGE_SIZE, totalram_pages() / 16)
#define ENDIO_LATENCY 16
#define WRITEBACK_LATENCY 64
#define AUTOCOMMIT_BLOCKS_SSD 65536
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 271/389] ACPI: CPPC: Do not prevent CPPC from working in the future
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 270/389] dm writecache: set a default MAX_WRITEBACK_JOBS Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 272/389] timekeeping: contribute wall clock to rng on time change Greg Kroah-Hartman
` (122 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Rafael J. Wysocki
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
commit 4f4179fcf420873002035cf1941d844c9e0e7cb3 upstream.
There is a problem with the current revision checks in
is_cppc_supported() that they essentially prevent the CPPC support
from working if a new _CPC package format revision being a proper
superset of the v3 and only causing _CPC to return a package with more
entries (while retaining the types and meaning of the entries defined by
the v3) is introduced in the future and used by the platform firmware.
In that case, as long as the number of entries in the _CPC return
package is at least CPPC_V3_NUM_ENT, it should be perfectly fine to
use the v3 support code and disregard the additional package entries
added by the new package format revision.
For this reason, drop is_cppc_supported() altogether, put the revision
checks directly into acpi_cppc_processor_probe() so they are easier to
follow and rework them to take the case mentioned above into account.
Fixes: 4773e77cdc9b ("ACPI / CPPC: Add support for CPPC v3")
Cc: 4.18+ <stable@vger.kernel.org> # 4.18+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/cppc_acpi.c | 54 ++++++++++++++++++++---------------------------
include/acpi/cppc_acpi.h | 2 -
2 files changed, 25 insertions(+), 31 deletions(-)
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -626,33 +626,6 @@ int pcc_data_alloc(int pcc_ss_id)
return 0;
}
-/* Check if CPPC revision + num_ent combination is supported */
-static bool is_cppc_supported(int revision, int num_ent)
-{
- int expected_num_ent;
-
- switch (revision) {
- case CPPC_V2_REV:
- expected_num_ent = CPPC_V2_NUM_ENT;
- break;
- case CPPC_V3_REV:
- expected_num_ent = CPPC_V3_NUM_ENT;
- break;
- default:
- pr_debug("Firmware exports unsupported CPPC revision: %d\n",
- revision);
- return false;
- }
-
- if (expected_num_ent != num_ent) {
- pr_debug("Firmware exports %d entries. Expected: %d for CPPC rev:%d\n",
- num_ent, expected_num_ent, revision);
- return false;
- }
-
- return true;
-}
-
/*
* An example CPC table looks like the following.
*
@@ -748,7 +721,6 @@ int acpi_cppc_processor_probe(struct acp
cpc_obj->type);
goto out_free;
}
- cpc_ptr->num_entries = num_ent;
/* Second entry should be revision. */
cpc_obj = &out_obj->package.elements[1];
@@ -759,10 +731,32 @@ int acpi_cppc_processor_probe(struct acp
cpc_obj->type);
goto out_free;
}
- cpc_ptr->version = cpc_rev;
- if (!is_cppc_supported(cpc_rev, num_ent))
+ if (cpc_rev < CPPC_V2_REV) {
+ pr_debug("Unsupported _CPC Revision (%d) for CPU:%d\n", cpc_rev,
+ pr->id);
goto out_free;
+ }
+
+ /*
+ * Disregard _CPC if the number of entries in the return pachage is not
+ * as expected, but support future revisions being proper supersets of
+ * the v3 and only causing more entries to be returned by _CPC.
+ */
+ if ((cpc_rev == CPPC_V2_REV && num_ent != CPPC_V2_NUM_ENT) ||
+ (cpc_rev == CPPC_V3_REV && num_ent != CPPC_V3_NUM_ENT) ||
+ (cpc_rev > CPPC_V3_REV && num_ent <= CPPC_V3_NUM_ENT)) {
+ pr_debug("Unexpected number of _CPC return package entries (%d) for CPU:%d\n",
+ num_ent, pr->id);
+ goto out_free;
+ }
+ if (cpc_rev > CPPC_V3_REV) {
+ num_ent = CPPC_V3_NUM_ENT;
+ cpc_rev = CPPC_V3_REV;
+ }
+
+ cpc_ptr->num_entries = num_ent;
+ cpc_ptr->version = cpc_rev;
/* Iterate through remaining entries in _CPC */
for (i = 2; i < num_ent; i++) {
--- a/include/acpi/cppc_acpi.h
+++ b/include/acpi/cppc_acpi.h
@@ -16,7 +16,7 @@
#include <acpi/pcc.h>
#include <acpi/processor.h>
-/* Support CPPCv2 and CPPCv3 */
+/* CPPCv2 and CPPCv3 support */
#define CPPC_V2_REV 2
#define CPPC_V3_REV 3
#define CPPC_V2_NUM_ENT 21
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 272/389] timekeeping: contribute wall clock to rng on time change
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 271/389] ACPI: CPPC: Do not prevent CPPC from working in the future Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 273/389] firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails Greg Kroah-Hartman
` (121 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thomas Gleixner, Eric Biggers,
Jason A. Donenfeld
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit b8ac29b40183a6038919768b5d189c9bd91ce9b4 upstream.
The rng's random_init() function contributes the real time to the rng at
boot time, so that events can at least start in relation to something
particular in the real world. But this clock might not yet be set that
point in boot, so nothing is contributed. In addition, the relation
between minor clock changes from, say, NTP, and the cycle counter is
potentially useful entropic data.
This commit addresses this by mixing in a time stamp on calls to
settimeofday and adjtimex. No entropy is credited in doing so, so it
doesn't make initialization faster, but it is still useful input to
have.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/timekeeping.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -23,6 +23,7 @@
#include <linux/pvclock_gtod.h>
#include <linux/compiler.h>
#include <linux/audit.h>
+#include <linux/random.h>
#include "tick-internal.h"
#include "ntp_internal.h"
@@ -1256,8 +1257,10 @@ out:
/* signal hrtimers about time change */
clock_was_set();
- if (!ret)
+ if (!ret) {
audit_tk_injoffset(ts_delta);
+ add_device_randomness(ts, sizeof(*ts));
+ }
return ret;
}
@@ -2336,6 +2339,7 @@ int do_adjtimex(struct __kernel_timex *t
ret = timekeeping_validate_timex(txc);
if (ret)
return ret;
+ add_device_randomness(txc, sizeof(*txc));
if (txc->modes & ADJ_SETOFFSET) {
struct timespec64 delta;
@@ -2353,6 +2357,7 @@ int do_adjtimex(struct __kernel_timex *t
audit_ntp_init(&ad);
ktime_get_real_ts64(&ts);
+ add_device_randomness(&ts, sizeof(ts));
raw_spin_lock_irqsave(&timekeeper_lock, flags);
write_seqcount_begin(&tk_core.seq);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 273/389] firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 272/389] timekeeping: contribute wall clock to rng on time change Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 274/389] iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) Greg Kroah-Hartman
` (120 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, huhai, Jackie Liu, Sudeep Holla
From: Sudeep Holla <sudeep.holla@arm.com>
commit 689640efc0a2c4e07e6f88affe6d42cd40cc3f85 upstream.
When scpi probe fails, at any point, we need to ensure that the scpi_info
is not set and will remain NULL until the probe succeeds. If it is not
taken care, then it could result use-after-free as the value is exported
via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc()
but freed when the probe fails.
Link: https://lore.kernel.org/r/20220701160310.148344-1-sudeep.holla@arm.com
Cc: stable@vger.kernel.org # 4.19+
Reported-by: huhai <huhai@kylinos.cn>
Reviewed-by: Jackie Liu <liuyun01@kylinos.cn>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/arm_scpi.c | 61 +++++++++++++++++++++++++-------------------
1 file changed, 35 insertions(+), 26 deletions(-)
--- a/drivers/firmware/arm_scpi.c
+++ b/drivers/firmware/arm_scpi.c
@@ -815,7 +815,7 @@ static int scpi_init_versions(struct scp
info->firmware_version = le32_to_cpu(caps.platform_version);
}
/* Ignore error if not implemented */
- if (scpi_info->is_legacy && ret == -EOPNOTSUPP)
+ if (info->is_legacy && ret == -EOPNOTSUPP)
return 0;
return ret;
@@ -905,13 +905,14 @@ static int scpi_probe(struct platform_de
struct resource res;
struct device *dev = &pdev->dev;
struct device_node *np = dev->of_node;
+ struct scpi_drvinfo *scpi_drvinfo;
- scpi_info = devm_kzalloc(dev, sizeof(*scpi_info), GFP_KERNEL);
- if (!scpi_info)
+ scpi_drvinfo = devm_kzalloc(dev, sizeof(*scpi_drvinfo), GFP_KERNEL);
+ if (!scpi_drvinfo)
return -ENOMEM;
if (of_match_device(legacy_scpi_of_match, &pdev->dev))
- scpi_info->is_legacy = true;
+ scpi_drvinfo->is_legacy = true;
count = of_count_phandle_with_args(np, "mboxes", "#mbox-cells");
if (count < 0) {
@@ -919,19 +920,19 @@ static int scpi_probe(struct platform_de
return -ENODEV;
}
- scpi_info->channels = devm_kcalloc(dev, count, sizeof(struct scpi_chan),
- GFP_KERNEL);
- if (!scpi_info->channels)
+ scpi_drvinfo->channels =
+ devm_kcalloc(dev, count, sizeof(struct scpi_chan), GFP_KERNEL);
+ if (!scpi_drvinfo->channels)
return -ENOMEM;
- ret = devm_add_action(dev, scpi_free_channels, scpi_info);
+ ret = devm_add_action(dev, scpi_free_channels, scpi_drvinfo);
if (ret)
return ret;
- for (; scpi_info->num_chans < count; scpi_info->num_chans++) {
+ for (; scpi_drvinfo->num_chans < count; scpi_drvinfo->num_chans++) {
resource_size_t size;
- int idx = scpi_info->num_chans;
- struct scpi_chan *pchan = scpi_info->channels + idx;
+ int idx = scpi_drvinfo->num_chans;
+ struct scpi_chan *pchan = scpi_drvinfo->channels + idx;
struct mbox_client *cl = &pchan->cl;
struct device_node *shmem = of_parse_phandle(np, "shmem", idx);
@@ -975,45 +976,53 @@ static int scpi_probe(struct platform_de
return ret;
}
- scpi_info->commands = scpi_std_commands;
+ scpi_drvinfo->commands = scpi_std_commands;
- platform_set_drvdata(pdev, scpi_info);
+ platform_set_drvdata(pdev, scpi_drvinfo);
- if (scpi_info->is_legacy) {
+ if (scpi_drvinfo->is_legacy) {
/* Replace with legacy variants */
scpi_ops.clk_set_val = legacy_scpi_clk_set_val;
- scpi_info->commands = scpi_legacy_commands;
+ scpi_drvinfo->commands = scpi_legacy_commands;
/* Fill priority bitmap */
for (idx = 0; idx < ARRAY_SIZE(legacy_hpriority_cmds); idx++)
set_bit(legacy_hpriority_cmds[idx],
- scpi_info->cmd_priority);
+ scpi_drvinfo->cmd_priority);
}
- ret = scpi_init_versions(scpi_info);
+ scpi_info = scpi_drvinfo;
+
+ ret = scpi_init_versions(scpi_drvinfo);
if (ret) {
dev_err(dev, "incorrect or no SCP firmware found\n");
+ scpi_info = NULL;
return ret;
}
- if (scpi_info->is_legacy && !scpi_info->protocol_version &&
- !scpi_info->firmware_version)
+ if (scpi_drvinfo->is_legacy && !scpi_drvinfo->protocol_version &&
+ !scpi_drvinfo->firmware_version)
dev_info(dev, "SCP Protocol legacy pre-1.0 firmware\n");
else
dev_info(dev, "SCP Protocol %lu.%lu Firmware %lu.%lu.%lu version\n",
FIELD_GET(PROTO_REV_MAJOR_MASK,
- scpi_info->protocol_version),
+ scpi_drvinfo->protocol_version),
FIELD_GET(PROTO_REV_MINOR_MASK,
- scpi_info->protocol_version),
+ scpi_drvinfo->protocol_version),
FIELD_GET(FW_REV_MAJOR_MASK,
- scpi_info->firmware_version),
+ scpi_drvinfo->firmware_version),
FIELD_GET(FW_REV_MINOR_MASK,
- scpi_info->firmware_version),
+ scpi_drvinfo->firmware_version),
FIELD_GET(FW_REV_PATCH_MASK,
- scpi_info->firmware_version));
- scpi_info->scpi_ops = &scpi_ops;
+ scpi_drvinfo->firmware_version));
+
+ scpi_drvinfo->scpi_ops = &scpi_ops;
- return devm_of_platform_populate(dev);
+ ret = devm_of_platform_populate(dev);
+ if (ret)
+ scpi_info = NULL;
+
+ return ret;
}
static const struct of_device_id scpi_of_match[] = {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 274/389] iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 273/389] firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 275/389] net_sched: cls_route: remove from list when handle is 0 Greg Kroah-Hartman
` (119 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Alexander Lobakin,
Andy Shevchenko, Lu Baolu, Yury Norov
From: Alexander Lobakin <alexandr.lobakin@intel.com>
commit b0b0b77ea611e3088e9523e60860f4f41b62b235 upstream.
KASAN reports:
[ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)
[ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0
[ 4.683454][ T0]
[ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc3-00004-g0e862838f290 #1
[ 4.694331][ T0] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016
[ 4.703196][ T0] Call Trace:
[ 4.706334][ T0] <TASK>
[ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)
after converting the type of the first argument (@nr, bit number)
of arch_test_bit() from `long` to `unsigned long`[0].
Under certain conditions (for example, when ACPI NUMA is disabled
via command line), pxm_to_node() can return %NUMA_NO_NODE (-1).
It is valid 'magic' number of NUMA node, but not valid bit number
to use in bitops.
node_online() eventually descends to test_bit() without checking
for the input, assuming it's on caller side (which might be good
for perf-critical tasks). There, -1 becomes %ULONG_MAX which leads
to an insane array index when calculating bit position in memory.
For now, add an explicit check for @node being not %NUMA_NO_NODE
before calling test_bit(). The actual logics didn't change here
at all.
[0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d
Fixes: ee34b32d8c29 ("dmar: support for parsing Remapping Hardware Static Affinity structure")
Cc: stable@vger.kernel.org # 2.6.33+
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/dmar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iommu/dmar.c
+++ b/drivers/iommu/dmar.c
@@ -475,7 +475,7 @@ static int dmar_parse_one_rhsa(struct ac
if (drhd->reg_base_addr == rhsa->base_address) {
int node = acpi_map_pxm_to_node(rhsa->proximity_domain);
- if (!node_online(node))
+ if (node != NUMA_NO_NODE && !node_online(node))
node = NUMA_NO_NODE;
drhd->iommu->node = node;
return 0;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 275/389] net_sched: cls_route: remove from list when handle is 0
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 274/389] iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 276/389] btrfs: reject log replay if there is unsupported RO compat flag Greg Kroah-Hartman
` (118 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhenpeng Lin,
Thadeu Lima de Souza Cascardo, Kamal Mostafa, Jamal Hadi Salim,
Jakub Kicinski
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
commit 9ad36309e2719a884f946678e0296be10f0bb4c1 upstream.
When a route filter is replaced and the old filter has a 0 handle, the old
one won't be removed from the hashtable, while it will still be freed.
The test was there since before commit 1109c00547fc ("net: sched: RCU
cls_route"), when a new filter was not allocated when there was an old one.
The old filter was reused and the reinserting would only be necessary if an
old filter was replaced. That was still wrong for the same case where the
old handle was 0.
Remove the old filter from the list independently from its handle value.
This fixes CVE-2022-2588, also reported as ZDI-CAN-17440.
Reported-by: Zhenpeng Lin <zplin@u.northwestern.edu>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Reviewed-by: Kamal Mostafa <kamal@canonical.com>
Cc: <stable@vger.kernel.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20220809170518.164662-1-cascardo@canonical.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_route.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sched/cls_route.c
+++ b/net/sched/cls_route.c
@@ -526,7 +526,7 @@ static int route4_change(struct net *net
rcu_assign_pointer(f->next, f1);
rcu_assign_pointer(*fp, f);
- if (fold && fold->handle && f->handle != fold->handle) {
+ if (fold) {
th = to_hash(fold->handle);
h = from_hash(fold->handle >> 16);
b = rtnl_dereference(head->table[th]);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 276/389] btrfs: reject log replay if there is unsupported RO compat flag
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 275/389] net_sched: cls_route: remove from list when handle is 0 Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 277/389] KVM: Add infrastructure and macro to mark VM as bugged Greg Kroah-Hartman
` (117 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Qu Wenruo, David Sterba
From: Qu Wenruo <wqu@suse.com>
commit dc4d31684974d140250f3ee612c3f0cab13b3146 upstream.
[BUG]
If we have a btrfs image with dirty log, along with an unsupported RO
compatible flag:
log_root 30474240
...
compat_flags 0x0
compat_ro_flags 0x40000003
( FREE_SPACE_TREE |
FREE_SPACE_TREE_VALID |
unknown flag: 0x40000000 )
Then even if we can only mount it RO, we will still cause metadata
update for log replay:
BTRFS info (device dm-1): flagging fs with big metadata feature
BTRFS info (device dm-1): using free space tree
BTRFS info (device dm-1): has skinny extents
BTRFS info (device dm-1): start tree-log replay
This is definitely against RO compact flag requirement.
[CAUSE]
RO compact flag only forces us to do RO mount, but we will still do log
replay for plain RO mount.
Thus this will result us to do log replay and update metadata.
This can be very problematic for new RO compat flag, for example older
kernel can not understand v2 cache, and if we allow metadata update on
RO mount and invalidate/corrupt v2 cache.
[FIX]
Just reject the mount unless rescue=nologreplay is provided:
BTRFS error (device dm-1): cannot replay dirty log with unsupport optional features (0x40000000), try rescue=nologreplay instead
We don't want to set rescue=nologreply directly, as this would make the
end user to read the old data, and cause confusion.
Since the such case is really rare, we're mostly fine to just reject the
mount with an error message, which also includes the proper workaround.
CC: stable@vger.kernel.org #4.9+
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2970,6 +2970,20 @@ int open_ctree(struct super_block *sb,
err = -EINVAL;
goto fail_csum;
}
+ /*
+ * We have unsupported RO compat features, although RO mounted, we
+ * should not cause any metadata write, including log replay.
+ * Or we could screw up whatever the new feature requires.
+ */
+ if (unlikely(features && btrfs_super_log_root(disk_super) &&
+ !btrfs_test_opt(fs_info, NOLOGREPLAY))) {
+ btrfs_err(fs_info,
+"cannot replay dirty log with unsupported compat_ro features (0x%llx), try rescue=nologreplay",
+ features);
+ err = -EINVAL;
+ goto fail_alloc;
+ }
+
ret = btrfs_init_workqueues(fs_info, fs_devices);
if (ret) {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 277/389] KVM: Add infrastructure and macro to mark VM as bugged
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 276/389] btrfs: reject log replay if there is unsupported RO compat flag Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 278/389] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq Greg Kroah-Hartman
` (116 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Sean Christopherson, Isaku Yamahata,
Paolo Bonzini, Stefan Ghinea
From: Sean Christopherson <sean.j.christopherson@intel.com>
commit 0b8f11737cffc1a406d1134b58687abc29d76b52 upstream
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <3a0998645c328bf0895f1290e61821b70f048549.1625186503.git.isaku.yamahata@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[SG: Adjusted context for kernel version 5.4]
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/kvm_host.h | 28 +++++++++++++++++++++++++++-
virt/kvm/kvm_main.c | 10 +++++-----
2 files changed, 32 insertions(+), 6 deletions(-)
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -146,6 +146,7 @@ static inline bool is_error_page(struct
#define KVM_REQ_MMU_RELOAD (1 | KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP)
#define KVM_REQ_PENDING_TIMER 2
#define KVM_REQ_UNHALT 3
+#define KVM_REQ_VM_BUGGED (4 | KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP)
#define KVM_REQUEST_ARCH_BASE 8
#define KVM_ARCH_REQ_FLAGS(nr, flags) ({ \
@@ -502,6 +503,7 @@ struct kvm {
struct srcu_struct srcu;
struct srcu_struct irq_srcu;
pid_t userspace_pid;
+ bool vm_bugged;
};
#define kvm_err(fmt, ...) \
@@ -530,6 +532,31 @@ struct kvm {
#define vcpu_err(vcpu, fmt, ...) \
kvm_err("vcpu%i " fmt, (vcpu)->vcpu_id, ## __VA_ARGS__)
+bool kvm_make_all_cpus_request(struct kvm *kvm, unsigned int req);
+static inline void kvm_vm_bugged(struct kvm *kvm)
+{
+ kvm->vm_bugged = true;
+ kvm_make_all_cpus_request(kvm, KVM_REQ_VM_BUGGED);
+}
+
+#define KVM_BUG(cond, kvm, fmt...) \
+({ \
+ int __ret = (cond); \
+ \
+ if (WARN_ONCE(__ret && !(kvm)->vm_bugged, fmt)) \
+ kvm_vm_bugged(kvm); \
+ unlikely(__ret); \
+})
+
+#define KVM_BUG_ON(cond, kvm) \
+({ \
+ int __ret = (cond); \
+ \
+ if (WARN_ON_ONCE(__ret && !(kvm)->vm_bugged)) \
+ kvm_vm_bugged(kvm); \
+ unlikely(__ret); \
+})
+
static inline struct kvm_io_bus *kvm_get_bus(struct kvm *kvm, enum kvm_bus idx)
{
return srcu_dereference_check(kvm->buses[idx], &kvm->srcu,
@@ -790,7 +817,6 @@ void kvm_reload_remote_mmus(struct kvm *
bool kvm_make_vcpus_request_mask(struct kvm *kvm, unsigned int req,
unsigned long *vcpu_bitmap, cpumask_var_t tmp);
-bool kvm_make_all_cpus_request(struct kvm *kvm, unsigned int req);
long kvm_arch_dev_ioctl(struct file *filp,
unsigned int ioctl, unsigned long arg);
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2937,7 +2937,7 @@ static long kvm_vcpu_ioctl(struct file *
struct kvm_fpu *fpu = NULL;
struct kvm_sregs *kvm_sregs = NULL;
- if (vcpu->kvm->mm != current->mm)
+ if (vcpu->kvm->mm != current->mm || vcpu->kvm->vm_bugged)
return -EIO;
if (unlikely(_IOC_TYPE(ioctl) != KVMIO))
@@ -3144,7 +3144,7 @@ static long kvm_vcpu_compat_ioctl(struct
void __user *argp = compat_ptr(arg);
int r;
- if (vcpu->kvm->mm != current->mm)
+ if (vcpu->kvm->mm != current->mm || vcpu->kvm->vm_bugged)
return -EIO;
switch (ioctl) {
@@ -3209,7 +3209,7 @@ static long kvm_device_ioctl(struct file
{
struct kvm_device *dev = filp->private_data;
- if (dev->kvm->mm != current->mm)
+ if (dev->kvm->mm != current->mm || dev->kvm->vm_bugged)
return -EIO;
switch (ioctl) {
@@ -3413,7 +3413,7 @@ static long kvm_vm_ioctl(struct file *fi
void __user *argp = (void __user *)arg;
int r;
- if (kvm->mm != current->mm)
+ if (kvm->mm != current->mm || kvm->vm_bugged)
return -EIO;
switch (ioctl) {
case KVM_CREATE_VCPU:
@@ -3621,7 +3621,7 @@ static long kvm_vm_compat_ioctl(struct f
struct kvm *kvm = filp->private_data;
int r;
- if (kvm->mm != current->mm)
+ if (kvm->mm != current->mm || kvm->vm_bugged)
return -EIO;
switch (ioctl) {
#ifdef CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 278/389] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 277/389] KVM: Add infrastructure and macro to mark VM as bugged Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 279/389] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() Greg Kroah-Hartman
` (115 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Vitaly Kuznetsov, Paolo Bonzini, Stefan Ghinea
From: Vitaly Kuznetsov <vkuznets@redhat.com>
commit 7ec37d1cbe17d8189d9562178d8b29167fe1c31a upstream
When KVM_CAP_HYPERV_SYNIC{,2} is activated, KVM already checks for
irqchip_in_kernel() so normally SynIC irqs should never be set. It is,
however, possible for a misbehaving VMM to write to SYNIC/STIMER MSRs
causing erroneous behavior.
The immediate issue being fixed is that kvm_irq_delivery_to_apic()
(kvm_irq_delivery_to_apic_fast()) crashes when called with
'irq.shorthand = APIC_DEST_SELF' and 'src == NULL'.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220325132140.25650-2-vkuznets@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/hyperv.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -309,6 +309,9 @@ static int synic_set_irq(struct kvm_vcpu
struct kvm_lapic_irq irq;
int ret, vector;
+ if (KVM_BUG_ON(!lapic_in_kernel(vcpu), vcpu->kvm))
+ return -EINVAL;
+
if (sint >= ARRAY_SIZE(synic->sint))
return -EINVAL;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 279/389] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 278/389] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 280/389] tcp: fix over estimation in sk_forced_mem_schedule() Greg Kroah-Hartman
` (114 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Greg Kroah-Hartman, Vitaly Kuznetsov, Paolo Bonzini, Stefan Ghinea
From: Vitaly Kuznetsov <vkuznets@redhat.com>
commit 00b5f37189d24ac3ed46cb7f11742094778c46ce upstream
When kvm_irq_delivery_to_apic_fast() is called with APIC_DEST_SELF
shorthand, 'src' must not be NULL. Crash the VM with KVM_BUG_ON()
instead of crashing the host.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220325132140.25650-3-vkuznets@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/lapic.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -955,6 +955,10 @@ bool kvm_irq_delivery_to_apic_fast(struc
*r = -1;
if (irq->shorthand == APIC_DEST_SELF) {
+ if (KVM_BUG_ON(!src, kvm)) {
+ *r = 0;
+ return true;
+ }
*r = kvm_apic_set_irq(src->vcpu, irq, dest_map);
return true;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 280/389] tcp: fix over estimation in sk_forced_mem_schedule()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 279/389] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 281/389] scsi: sg: Allow waiting for commands to complete on removed device Greg Kroah-Hartman
` (113 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Soheil Hassas Yeganeh,
Shakeel Butt, Wei Wang, David S. Miller
From: Eric Dumazet <edumazet@google.com>
commit c4ee118561a0f74442439b7b5b486db1ac1ddfeb upstream.
sk_forced_mem_schedule() has a bug similar to ones fixed
in commit 7c80b038d23e ("net: fix sk_wmem_schedule() and
sk_rmem_schedule() errors")
While this bug has little chance to trigger in old kernels,
we need to fix it before the following patch.
Fixes: d83769a580f1 ("tcp: fix possible deadlock in tcp_send_fin()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Wei Wang <weiwan@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_output.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3143,11 +3143,12 @@ void tcp_xmit_retransmit_queue(struct so
*/
void sk_forced_mem_schedule(struct sock *sk, int size)
{
- int amt;
+ int delta, amt;
- if (size <= sk->sk_forward_alloc)
+ delta = size - sk->sk_forward_alloc;
+ if (delta <= 0)
return;
- amt = sk_mem_pages(size);
+ amt = sk_mem_pages(delta);
sk->sk_forward_alloc += amt * SK_MEM_QUANTUM;
sk_memory_allocated_add(sk, amt);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 281/389] scsi: sg: Allow waiting for commands to complete on removed device
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 280/389] tcp: fix over estimation in sk_forced_mem_schedule() Greg Kroah-Hartman
@ 2022-08-23 8:25 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 282/389] Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Greg Kroah-Hartman
` (112 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:25 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Douglas Gilbert, Tony Battersby,
Martin K. Petersen
From: Tony Battersby <tonyb@cybernetics.com>
commit 3455607fd7be10b449f5135c00dc306b85dc0d21 upstream.
When a SCSI device is removed while in active use, currently sg will
immediately return -ENODEV on any attempt to wait for active commands that
were sent before the removal. This is problematic for commands that use
SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel
when userspace frees or reuses it after getting ENODEV, leading to
corrupted userspace memory (in the case of READ-type commands) or corrupted
data being sent to the device (in the case of WRITE-type commands). This
has been seen in practice when logging out of a iscsi_tcp session, where
the iSCSI driver may still be processing commands after the device has been
marked for removal.
Change the policy to allow userspace to wait for active sg commands even
when the device is being removed. Return -ENODEV only when there are no
more responses to read.
Link: https://lore.kernel.org/r/5ebea46f-fe83-2d0b-233d-d0dcb362dd0a@cybernetics.com
Cc: <stable@vger.kernel.org>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sg.c | 57 ++++++++++++++++++++++++++++++++----------------------
1 file changed, 34 insertions(+), 23 deletions(-)
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -190,7 +190,7 @@ static void sg_link_reserve(Sg_fd * sfp,
static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp);
static Sg_fd *sg_add_sfp(Sg_device * sdp);
static void sg_remove_sfp(struct kref *);
-static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id);
+static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy);
static Sg_request *sg_add_request(Sg_fd * sfp);
static int sg_remove_request(Sg_fd * sfp, Sg_request * srp);
static Sg_device *sg_get_dev(int dev);
@@ -412,6 +412,7 @@ sg_read(struct file *filp, char __user *
Sg_fd *sfp;
Sg_request *srp;
int req_pack_id = -1;
+ bool busy;
sg_io_hdr_t *hp;
struct sg_header *old_hdr = NULL;
int retval = 0;
@@ -459,25 +460,19 @@ sg_read(struct file *filp, char __user *
} else
req_pack_id = old_hdr->pack_id;
}
- srp = sg_get_rq_mark(sfp, req_pack_id);
+ srp = sg_get_rq_mark(sfp, req_pack_id, &busy);
if (!srp) { /* now wait on packet to arrive */
- if (atomic_read(&sdp->detaching)) {
- retval = -ENODEV;
- goto free_old_hdr;
- }
if (filp->f_flags & O_NONBLOCK) {
retval = -EAGAIN;
goto free_old_hdr;
}
retval = wait_event_interruptible(sfp->read_wait,
- (atomic_read(&sdp->detaching) ||
- (srp = sg_get_rq_mark(sfp, req_pack_id))));
- if (atomic_read(&sdp->detaching)) {
- retval = -ENODEV;
- goto free_old_hdr;
- }
- if (retval) {
- /* -ERESTARTSYS as signal hit process */
+ ((srp = sg_get_rq_mark(sfp, req_pack_id, &busy)) ||
+ (!busy && atomic_read(&sdp->detaching))));
+ if (!srp) {
+ /* signal or detaching */
+ if (!retval)
+ retval = -ENODEV;
goto free_old_hdr;
}
}
@@ -928,9 +923,7 @@ sg_ioctl(struct file *filp, unsigned int
if (result < 0)
return result;
result = wait_event_interruptible(sfp->read_wait,
- (srp_done(sfp, srp) || atomic_read(&sdp->detaching)));
- if (atomic_read(&sdp->detaching))
- return -ENODEV;
+ srp_done(sfp, srp));
write_lock_irq(&sfp->rq_list_lock);
if (srp->done) {
srp->done = 2;
@@ -2074,19 +2067,28 @@ sg_unlink_reserve(Sg_fd * sfp, Sg_reques
}
static Sg_request *
-sg_get_rq_mark(Sg_fd * sfp, int pack_id)
+sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy)
{
Sg_request *resp;
unsigned long iflags;
+ *busy = false;
write_lock_irqsave(&sfp->rq_list_lock, iflags);
list_for_each_entry(resp, &sfp->rq_list, entry) {
- /* look for requests that are ready + not SG_IO owned */
- if ((1 == resp->done) && (!resp->sg_io_owned) &&
+ /* look for requests that are not SG_IO owned */
+ if ((!resp->sg_io_owned) &&
((-1 == pack_id) || (resp->header.pack_id == pack_id))) {
- resp->done = 2; /* guard against other readers */
- write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
- return resp;
+ switch (resp->done) {
+ case 0: /* request active */
+ *busy = true;
+ break;
+ case 1: /* request done; response ready to return */
+ resp->done = 2; /* guard against other readers */
+ write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
+ return resp;
+ case 2: /* response already being returned */
+ break;
+ }
}
}
write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
@@ -2140,6 +2142,15 @@ sg_remove_request(Sg_fd * sfp, Sg_reques
res = 1;
}
write_unlock_irqrestore(&sfp->rq_list_lock, iflags);
+
+ /*
+ * If the device is detaching, wakeup any readers in case we just
+ * removed the last response, which would leave nothing for them to
+ * return other than -ENODEV.
+ */
+ if (unlikely(atomic_read(&sfp->parentdp->detaching)))
+ wake_up_interruptible_all(&sfp->read_wait);
+
return res;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 282/389] Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-08-23 8:25 ` [PATCH 5.4 281/389] scsi: sg: Allow waiting for commands to complete on removed device Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 283/389] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Greg Kroah-Hartman
` (111 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronald Wahl, Jose Alonso, David S. Miller
From: Jose Alonso <joalonsof@gmail.com>
commit 6fd2c17fb6e02a8c0ab51df1cfec82ce96b8e83d upstream.
This reverts commit 36a15e1cb134c0395261ba1940762703f778438c.
The usage of FLAG_SEND_ZLP causes problems to other firmware/hardware
versions that have no issues.
The FLAG_SEND_ZLP is not safe to use in this context.
See:
https://patchwork.ozlabs.org/project/netdev/patch/1270599787.8900.8.camel@Linuxdev4-laptop/#118378
The original problem needs another way to solve.
Fixes: 36a15e1cb134 ("net: usb: ax88179_178a needs FLAG_SEND_ZLP")
Cc: stable@vger.kernel.org
Reported-by: Ronald Wahl <ronald.wahl@raritan.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216327
Link: https://bugs.archlinux.org/task/75491
Signed-off-by: Jose Alonso <joalonsof@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/ax88179_178a.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/drivers/net/usb/ax88179_178a.c
+++ b/drivers/net/usb/ax88179_178a.c
@@ -1690,7 +1690,7 @@ static const struct driver_info ax88179_
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1703,7 +1703,7 @@ static const struct driver_info ax88178a
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1716,7 +1716,7 @@ static const struct driver_info cypress_
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1729,7 +1729,7 @@ static const struct driver_info dlink_du
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1742,7 +1742,7 @@ static const struct driver_info sitecom_
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1755,7 +1755,7 @@ static const struct driver_info samsung_
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1768,7 +1768,7 @@ static const struct driver_info lenovo_i
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
@@ -1781,7 +1781,7 @@ static const struct driver_info belkin_i
.link_reset = ax88179_link_reset,
.reset = ax88179_reset,
.stop = ax88179_stop,
- .flags = FLAG_ETHER | FLAG_FRAMING_AX | FLAG_SEND_ZLP,
+ .flags = FLAG_ETHER | FLAG_FRAMING_AX,
.rx_fixup = ax88179_rx_fixup,
.tx_fixup = ax88179_tx_fixup,
};
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 283/389] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 282/389] Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 284/389] net/9p: Initialize the iounit field during fid creation Greg Kroah-Hartman
` (110 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Luiz Augusto von Dentz
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
commit 332f1795ca202489c665a75e62e18ff6284de077 upstream.
The patch d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused
by l2cap_chan_put" from Jul 21, 2022, leads to the following Smatch
static checker warning:
net/bluetooth/l2cap_core.c:1977 l2cap_global_chan_by_psm()
error: we previously assumed 'c' could be null (see line 1996)
Fixes: d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/l2cap_core.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1813,11 +1813,11 @@ static struct l2cap_chan *l2cap_global_c
bdaddr_t *dst,
u8 link_type)
{
- struct l2cap_chan *c, *c1 = NULL;
+ struct l2cap_chan *c, *tmp, *c1 = NULL;
read_lock(&chan_list_lock);
- list_for_each_entry(c, &chan_list, global_l) {
+ list_for_each_entry_safe(c, tmp, &chan_list, global_l) {
if (state && c->state != state)
continue;
@@ -1836,11 +1836,10 @@ static struct l2cap_chan *l2cap_global_c
dst_match = !bacmp(&c->dst, dst);
if (src_match && dst_match) {
c = l2cap_chan_hold_unless_zero(c);
- if (!c)
- continue;
-
- read_unlock(&chan_list_lock);
- return c;
+ if (c) {
+ read_unlock(&chan_list_lock);
+ return c;
+ }
}
/* Closest match */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 284/389] net/9p: Initialize the iounit field during fid creation
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 283/389] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 285/389] net_sched: cls_route: disallow handle of 0 Greg Kroah-Hartman
` (109 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tyler Hicks, Christian Schoenebeck,
Dominique Martinet
From: Tyler Hicks <tyhicks@linux.microsoft.com>
commit aa7aeee169480e98cf41d83c01290a37e569be6d upstream.
Ensure that the fid's iounit field is set to zero when a new fid is
created. Certain 9P operations, such as OPEN and CREATE, allow the
server to reply with an iounit size which the client code assigns to the
p9_fid struct shortly after the fid is created by p9_fid_create(). On
the other hand, an XATTRWALK operation doesn't allow for the server to
specify an iounit value. The iounit field of the newly allocated p9_fid
struct remained uninitialized in that case. Depending on allocation
patterns, the iounit value could have been something reasonable that was
carried over from previously freed fids or, in the worst case, could
have been arbitrary values from non-fid related usages of the memory
location.
The bug was detected in the Windows Subsystem for Linux 2 (WSL2) kernel
after the uninitialized iounit field resulted in the typical sequence of
two getxattr(2) syscalls, one to get the size of an xattr and another
after allocating a sufficiently sized buffer to fit the xattr value, to
hit an unexpected ERANGE error in the second call to getxattr(2). An
uninitialized iounit field would sometimes force rsize to be smaller
than the xattr value size in p9_client_read_once() and the 9P server in
WSL refused to chunk up the READ on the attr_fid and, instead, returned
ERANGE to the client. The virtfs server in QEMU seems happy to chunk up
the READ and this problem goes undetected there.
Link: https://lkml.kernel.org/r/20220710141402.803295-1-tyhicks@linux.microsoft.com
Fixes: ebf46264a004 ("fs/9p: Add support user. xattr")
Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
[tyhicks: Adjusted context due to:
- Lack of fid refcounting introduced in v5.11 commit 6636b6dcc3db ("9p:
add refcount to p9_fid struct")
- Difference in how buffer sizes are specified v5.16 commit
6e195b0f7c8e ("9p: fix a bunch of checkpatch warnings")]
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/9p/client.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -893,16 +893,13 @@ static struct p9_fid *p9_fid_create(stru
struct p9_fid *fid;
p9_debug(P9_DEBUG_FID, "clnt %p\n", clnt);
- fid = kmalloc(sizeof(struct p9_fid), GFP_KERNEL);
+ fid = kzalloc(sizeof(struct p9_fid), GFP_KERNEL);
if (!fid)
return NULL;
- memset(&fid->qid, 0, sizeof(struct p9_qid));
fid->mode = -1;
fid->uid = current_fsuid();
fid->clnt = clnt;
- fid->rdir = NULL;
- fid->fid = 0;
idr_preload(GFP_KERNEL);
spin_lock_irq(&clnt->lock);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 285/389] net_sched: cls_route: disallow handle of 0
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 284/389] net/9p: Initialize the iounit field during fid creation Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 286/389] ALSA: info: Fix llseek return value when using callback Greg Kroah-Hartman
` (108 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jamal Hadi Salim, Stephen Hemminger,
David S. Miller
From: Jamal Hadi Salim <jhs@mojatatu.com>
commit 02799571714dc5dd6948824b9d080b44a295f695 upstream.
Follows up on:
https://lore.kernel.org/all/20220809170518.164662-1-cascardo@canonical.com/
handle of 0 implies from/to of universe realm which is not very
sensible.
Lets see what this patch will do:
$sudo tc qdisc add dev $DEV root handle 1:0 prio
//lets manufacture a way to insert handle of 0
$sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 \
route to 0 from 0 classid 1:10 action ok
//gets rejected...
Error: handle of 0 is not valid.
We have an error talking to the kernel, -1
//lets create a legit entry..
sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 route from 10 \
classid 1:10 action ok
//what did the kernel insert?
$sudo tc filter ls dev $DEV parent 1:0
filter protocol ip pref 100 route chain 0
filter protocol ip pref 100 route chain 0 fh 0x000a8000 flowid 1:10 from 10
action order 1: gact action pass
random type none pass val 0
index 1 ref 1 bind 1
//Lets try to replace that legit entry with a handle of 0
$ sudo tc filter replace dev $DEV parent 1:0 protocol ip prio 100 \
handle 0x000a8000 route to 0 from 0 classid 1:10 action drop
Error: Replacing with handle of 0 is invalid.
We have an error talking to the kernel, -1
And last, lets run Cascardo's POC:
$ ./poc
0
0
-22
-22
-22
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_route.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/net/sched/cls_route.c
+++ b/net/sched/cls_route.c
@@ -424,6 +424,11 @@ static int route4_set_parms(struct net *
return -EINVAL;
}
+ if (!nhandle) {
+ NL_SET_ERR_MSG(extack, "Replacing with handle of 0 is invalid");
+ return -EINVAL;
+ }
+
h1 = to_hash(nhandle);
b = rtnl_dereference(head->table[h1]);
if (!b) {
@@ -477,6 +482,11 @@ static int route4_change(struct net *net
int err;
bool new = true;
+ if (!handle) {
+ NL_SET_ERR_MSG(extack, "Creating with handle of 0 is invalid");
+ return -EINVAL;
+ }
+
if (opt == NULL)
return handle ? -EINVAL : 0;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 286/389] ALSA: info: Fix llseek return value when using callback
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 285/389] net_sched: cls_route: disallow handle of 0 Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 287/389] rds: add missing barrier to release_refill Greg Kroah-Hartman
` (107 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Amadeusz Sławiński, Takashi Iwai
From: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
commit 9be080edcca330be4af06b19916c35227891e8bc upstream.
When using callback there was a flow of
ret = -EINVAL
if (callback) {
offset = callback();
goto out;
}
...
offset = some other value in case of no callback;
ret = offset;
out:
return ret;
which causes the snd_info_entry_llseek() to return -EINVAL when there is
callback handler. Fix this by setting "ret" directly to callback return
value before jumping to "out".
Fixes: 73029e0ff18d ("ALSA: info - Implement common llseek for binary mode")
Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220817124924.3974577-1-amadeuszx.slawinski@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/core/info.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/sound/core/info.c
+++ b/sound/core/info.c
@@ -112,9 +112,9 @@ static loff_t snd_info_entry_llseek(stru
entry = data->entry;
mutex_lock(&entry->access);
if (entry->c.ops->llseek) {
- offset = entry->c.ops->llseek(entry,
- data->file_private_data,
- file, offset, orig);
+ ret = entry->c.ops->llseek(entry,
+ data->file_private_data,
+ file, offset, orig);
goto out;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 287/389] rds: add missing barrier to release_refill
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 286/389] ALSA: info: Fix llseek return value when using callback Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 288/389] ata: libata-eh: Add missing command name Greg Kroah-Hartman
` (106 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mikulas Patocka, David S. Miller
From: Mikulas Patocka <mpatocka@redhat.com>
commit 9f414eb409daf4f778f011cf8266d36896bb930b upstream.
The functions clear_bit and set_bit do not imply a memory barrier, thus it
may be possible that the waitqueue_active function (which does not take
any locks) is moved before clear_bit and it could miss a wakeup event.
Fix this bug by adding a memory barrier after clear_bit.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/rds/ib_recv.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/rds/ib_recv.c
+++ b/net/rds/ib_recv.c
@@ -363,6 +363,7 @@ static int acquire_refill(struct rds_con
static void release_refill(struct rds_connection *conn)
{
clear_bit(RDS_RECV_REFILL, &conn->c_flags);
+ smp_mb__after_atomic();
/* We don't use wait_on_bit()/wake_up_bit() because our waking is in a
* hot path and finding waiters is very rare. We don't want to walk
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 288/389] ata: libata-eh: Add missing command name
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 287/389] rds: add missing barrier to release_refill Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 289/389] mmc: pxamci: Fix another error handling path in pxamci_probe() Greg Kroah-Hartman
` (105 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Damien Le Moal, Hannes Reinecke
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
commit d3122bf9aa4c974f5e2c0112f799757b3a2779da upstream.
Add the missing command name for ATA_CMD_NCQ_NON_DATA to
ata_get_cmd_name().
Fixes: 661ce1f0c4a6 ("libata/libsas: Define ATA_CMD_NCQ_NON_DATA")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-eh.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -2329,6 +2329,7 @@ const char *ata_get_cmd_descript(u8 comm
{ ATA_CMD_WRITE_QUEUED_FUA_EXT, "WRITE DMA QUEUED FUA EXT" },
{ ATA_CMD_FPDMA_READ, "READ FPDMA QUEUED" },
{ ATA_CMD_FPDMA_WRITE, "WRITE FPDMA QUEUED" },
+ { ATA_CMD_NCQ_NON_DATA, "NCQ NON-DATA" },
{ ATA_CMD_FPDMA_SEND, "SEND FPDMA QUEUED" },
{ ATA_CMD_FPDMA_RECV, "RECEIVE FPDMA QUEUED" },
{ ATA_CMD_PIO_READ, "READ SECTOR(S)" },
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 289/389] mmc: pxamci: Fix another error handling path in pxamci_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 288/389] ata: libata-eh: Add missing command name Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 290/389] mmc: pxamci: Fix an " Greg Kroah-Hartman
` (104 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Ulf Hansson
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit b886f54c300d31c109d2e4336b22922b64e7ba7d upstream.
The commit in Fixes: has introduced an new error handling without branching
to the existing error handling path.
Update it now and release some resources if pxamci_init_ocr() fails.
Fixes: 61951fd6cb49 ("mmc: pxamci: let mmc core handle regulators")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/07a2dcebf8ede69b484103de8f9df043f158cffd.1658862932.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/pxamci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/pxamci.c
+++ b/drivers/mmc/host/pxamci.c
@@ -672,7 +672,7 @@ static int pxamci_probe(struct platform_
ret = pxamci_init_ocr(host);
if (ret < 0)
- return ret;
+ goto out;
mmc->caps = 0;
host->cmdat = 0;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 290/389] mmc: pxamci: Fix an error handling path in pxamci_probe()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 289/389] mmc: pxamci: Fix another error handling path in pxamci_probe() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 291/389] btrfs: fix lost error handling when looking up extended ref on log replay Greg Kroah-Hartman
` (103 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Ulf Hansson
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit 98d7c5e5792b8ce3e1352196dac7f404bb1b46ec upstream.
The commit in Fixes: has moved some code around without updating gotos to
the error handling path.
Update it now and release some resources if pxamci_of_init() fails.
Fixes: fa3a5115469c ("mmc: pxamci: call mmc_of_parse()")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/6d75855ad4e2470e9ed99e0df21bc30f0c925a29.1658862932.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/pxamci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/host/pxamci.c
+++ b/drivers/mmc/host/pxamci.c
@@ -648,7 +648,7 @@ static int pxamci_probe(struct platform_
ret = pxamci_of_init(pdev, mmc);
if (ret)
- return ret;
+ goto out;
host = mmc_priv(mmc);
host->mmc = mmc;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 291/389] btrfs: fix lost error handling when looking up extended ref on log replay
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 290/389] mmc: pxamci: Fix an " Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 292/389] tracing: Have filter accept "common_cpu" to be consistent Greg Kroah-Hartman
` (102 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit 7a6b75b79902e47f46328b57733f2604774fa2d9 upstream.
During log replay, when processing inode references, if we get an error
when looking up for an extended reference at __add_inode_ref(), we ignore
it and proceed, returning success (0) if no other error happens after the
lookup. This is obviously wrong because in case an extended reference
exists and it encodes some name not in the log, we need to unlink it,
otherwise the filesystem state will not match the state it had after the
last fsync.
So just make __add_inode_ref() return an error it gets from the extended
reference lookup.
Fixes: f186373fef005c ("btrfs: extended inode refs")
CC: stable@vger.kernel.org # 4.9+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/tree-log.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1100,7 +1100,9 @@ again:
extref = btrfs_lookup_inode_extref(NULL, root, path, name, namelen,
inode_objectid, parent_objectid, 0,
0);
- if (!IS_ERR_OR_NULL(extref)) {
+ if (IS_ERR(extref)) {
+ return PTR_ERR(extref);
+ } else if (extref) {
u32 item_size;
u32 cur_offset = 0;
unsigned long base;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 292/389] tracing: Have filter accept "common_cpu" to be consistent
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 291/389] btrfs: fix lost error handling when looking up extended ref on log replay Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 293/389] can: ems_usb: fix clangs -Wunaligned-access warning Greg Kroah-Hartman
` (101 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Tzvetomir Stoyanov, Tom Zanussi, Masami Hiramatsu (Google),
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit b2380577d4fe1c0ef3fa50417f1e441c016e4cbe upstream.
Make filtering consistent with histograms. As "cpu" can be a field of an
event, allow for "common_cpu" to keep it from being confused with the
"cpu" field of the event.
Link: https://lkml.kernel.org/r/20220820134401.513062765@goodmis.org
Link: https://lore.kernel.org/all/20220820220920.e42fa32b70505b1904f0a0ad@kernel.org/
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes: 1e3bac71c5053 ("tracing/histogram: Rename "cpu" to "common_cpu"")
Suggested-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -166,6 +166,7 @@ static int trace_define_generic_fields(v
__generic_field(int, CPU, FILTER_CPU);
__generic_field(int, cpu, FILTER_CPU);
+ __generic_field(int, common_cpu, FILTER_CPU);
__generic_field(char *, COMM, FILTER_COMM);
__generic_field(char *, comm, FILTER_COMM);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 293/389] can: ems_usb: fix clangs -Wunaligned-access warning
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 292/389] tracing: Have filter accept "common_cpu" to be consistent Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 294/389] apparmor: fix quiet_denied for file rules Greg Kroah-Hartman
` (100 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gerhard Uttenthaler, Sebastian Haas,
Marc Kleine-Budde
From: Marc Kleine-Budde <mkl@pengutronix.de>
commit a4cb6e62ea4d36e53fb3c0f18ea4503d7b76674f upstream.
clang emits a -Wunaligned-access warning on struct __packed
ems_cpc_msg.
The reason is that the anonymous union msg (not declared as packed) is
being packed right after some non naturally aligned variables (3*8
bits + 2*32) inside a packed struct:
| struct __packed ems_cpc_msg {
| u8 type; /* type of message */
| u8 length; /* length of data within union 'msg' */
| u8 msgid; /* confirmation handle */
| __le32 ts_sec; /* timestamp in seconds */
| __le32 ts_nsec; /* timestamp in nano seconds */
| /* ^ not naturally aligned */
|
| union {
| /* ^ not declared as packed */
| u8 generic[64];
| struct cpc_can_msg can_msg;
| struct cpc_can_params can_params;
| struct cpc_confirm confirmation;
| struct cpc_overrun overrun;
| struct cpc_can_error error;
| struct cpc_can_err_counter err_counter;
| u8 can_state;
| } msg;
| };
Starting from LLVM 14, having an unpacked struct nested in a packed
struct triggers a warning. c.f. [1].
Fix the warning by marking the anonymous union as packed.
[1] https://github.com/llvm/llvm-project/issues/55520
Fixes: 702171adeed3 ("ems_usb: Added support for EMS CPC-USB/ARM7 CAN/USB interface")
Link: https://lore.kernel.org/all/20220802094021.959858-1-mkl@pengutronix.de
Cc: Gerhard Uttenthaler <uttenthaler@ems-wuensche.com>
Cc: Sebastian Haas <haas@ems-wuensche.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/ems_usb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/can/usb/ems_usb.c
+++ b/drivers/net/can/usb/ems_usb.c
@@ -194,7 +194,7 @@ struct __packed ems_cpc_msg {
__le32 ts_sec; /* timestamp in seconds */
__le32 ts_nsec; /* timestamp in nano seconds */
- union {
+ union __packed {
u8 generic[64];
struct cpc_can_msg can_msg;
struct cpc_can_params can_params;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 294/389] apparmor: fix quiet_denied for file rules
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 293/389] can: ems_usb: fix clangs -Wunaligned-access warning Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 295/389] apparmor: fix absroot causing audited secids to begin with = Greg Kroah-Hartman
` (99 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John Johansen
From: John Johansen <john.johansen@canonical.com>
commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream.
Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.
Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -139,7 +139,7 @@ int aa_audit(int type, struct aa_profile
}
if (AUDIT_MODE(profile) == AUDIT_QUIET ||
(type == AUDIT_APPARMOR_DENIED &&
- AUDIT_MODE(profile) == AUDIT_QUIET))
+ AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
return aad(sa)->error;
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 295/389] apparmor: fix absroot causing audited secids to begin with =
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 294/389] apparmor: fix quiet_denied for file rules Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 296/389] apparmor: Fix failed mount permission check error message Greg Kroah-Hartman
` (98 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Casey Schaufler, John Johansen
From: John Johansen <john.johansen@canonical.com>
commit 511f7b5b835726e844a5fc7444c18e4b8672edfd upstream.
AppArmor is prefixing secids that are converted to secctx with the =
to indicate the secctx should only be parsed from an absolute root
POV. This allows catching errors where secctx are reparsed back into
internal labels.
Unfortunately because audit is using secid to secctx conversion this
means that subject and object labels can result in a very unfortunate
== that can break audit parsing.
eg. the subj==unconfined term in the below audit message
type=USER_LOGIN msg=audit(1639443365.233:160): pid=1633 uid=0 auid=1000
ses=3 subj==unconfined msg='op=login id=1000 exe="/usr/sbin/sshd"
hostname=192.168.122.1 addr=192.168.122.1 terminal=/dev/pts/1 res=success'
Fix this by switch the prepending of = to a _. This still works as a
special character to flag this case without breaking audit. Also move
this check behind debug as it should not be needed during normal
operqation.
Fixes: 26b7899510ae ("apparmor: add support for absolute root view based labels")
Reported-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/include/lib.h | 5 +++++
security/apparmor/label.c | 7 ++++---
2 files changed, 9 insertions(+), 3 deletions(-)
--- a/security/apparmor/include/lib.h
+++ b/security/apparmor/include/lib.h
@@ -22,6 +22,11 @@
*/
#define DEBUG_ON (aa_g_debug)
+/*
+ * split individual debug cases out in preparation for finer grained
+ * debug controls in the future.
+ */
+#define AA_DEBUG_LABEL DEBUG_ON
#define dbg_printk(__fmt, __args...) pr_debug(__fmt, ##__args)
#define AA_DEBUG(fmt, args...) \
do { \
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1637,9 +1637,9 @@ int aa_label_snxprint(char *str, size_t
AA_BUG(!str && size != 0);
AA_BUG(!label);
- if (flags & FLAG_ABS_ROOT) {
+ if (AA_DEBUG_LABEL && (flags & FLAG_ABS_ROOT)) {
ns = root_ns;
- len = snprintf(str, size, "=");
+ len = snprintf(str, size, "_");
update_for_len(total, len, size, str);
} else if (!ns) {
ns = labels_ns(label);
@@ -1901,7 +1901,8 @@ struct aa_label *aa_label_strn_parse(str
AA_BUG(!str);
str = skipn_spaces(str, n);
- if (str == NULL || (*str == '=' && base != &root_ns->unconfined->label))
+ if (str == NULL || (AA_DEBUG_LABEL && *str == '_' &&
+ base != &root_ns->unconfined->label))
return ERR_PTR(-EINVAL);
len = label_count_strn_entries(str, end - str);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 296/389] apparmor: Fix failed mount permission check error message
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 295/389] apparmor: fix absroot causing audited secids to begin with = Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 297/389] apparmor: fix aa_label_asxprint return check Greg Kroah-Hartman
` (97 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John Johansen
From: John Johansen <john.johansen@canonical.com>
commit ec240b5905bbb09a03dccffee03062cf39e38dc2 upstream.
When the mount check fails due to a permission check failure instead
of explicitly at one of the subcomponent checks, AppArmor is reporting
a failure in the flags match. However this is not true and AppArmor
can not attribute the error at this point to any particular component,
and should only indicate the mount failed due to missing permissions.
Fixes: 2ea3ffb7782a ("apparmor: add mount mediation")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/mount.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -229,7 +229,8 @@ static const char * const mnt_info_table
"failed srcname match",
"failed type match",
"failed flags match",
- "failed data match"
+ "failed data match",
+ "failed perms check"
};
/*
@@ -284,8 +285,8 @@ static int do_match_mnt(struct aa_dfa *d
return 0;
}
- /* failed at end of flags match */
- return 4;
+ /* failed at perms check, don't confuse with flags match */
+ return 6;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 297/389] apparmor: fix aa_label_asxprint return check
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 296/389] apparmor: Fix failed mount permission check error message Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 298/389] apparmor: fix overlapping attachment computation Greg Kroah-Hartman
` (96 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tom Rix, John Johansen
From: Tom Rix <trix@redhat.com>
commit 3e2a3a0830a2090e766d0d887d52c67de2a6f323 upstream.
Clang static analysis reports this issue
label.c:1802:3: warning: 2nd function call argument
is an uninitialized value
pr_info("%s", str);
^~~~~~~~~~~~~~~~~~
str is set from a successful call to aa_label_asxprint(&str, ...)
On failure a negative value is returned, not a -1. So change
the check.
Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/label.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1750,7 +1750,7 @@ void aa_label_xaudit(struct audit_buffer
if (!use_label_hname(ns, label, flags) ||
display_mode(ns, label, flags)) {
len = aa_label_asxprint(&name, ns, label, flags, gfp);
- if (len == -1) {
+ if (len < 0) {
AA_DEBUG("label print error");
return;
}
@@ -1778,7 +1778,7 @@ void aa_label_seq_xprint(struct seq_file
int len;
len = aa_label_asxprint(&str, ns, label, flags, gfp);
- if (len == -1) {
+ if (len < 0) {
AA_DEBUG("label print error");
return;
}
@@ -1801,7 +1801,7 @@ void aa_label_xprintk(struct aa_ns *ns,
int len;
len = aa_label_asxprint(&str, ns, label, flags, gfp);
- if (len == -1) {
+ if (len < 0) {
AA_DEBUG("label print error");
return;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 298/389] apparmor: fix overlapping attachment computation
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 297/389] apparmor: fix aa_label_asxprint return check Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 299/389] apparmor: fix reference count leak in aa_pivotroot() Greg Kroah-Hartman
` (95 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John Johansen
From: John Johansen <john.johansen@canonical.com>
commit 2504db207146543736e877241f3b3de005cbe056 upstream.
When finding the profile via patterned attachments, the longest left
match is being set to the static compile time value and not using the
runtime computed value.
Fix this by setting the candidate value to the greater of the
precomputed value or runtime computed value.
Fixes: 21f606610502 ("apparmor: improve overlapping domain attachment resolution")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/domain.c | 2 +-
security/apparmor/include/policy.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -460,7 +460,7 @@ restart:
* xattrs, or a longer match
*/
candidate = profile;
- candidate_len = profile->xmatch_len;
+ candidate_len = max(count, profile->xmatch_len);
candidate_xattrs = ret;
conflict = false;
}
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -135,7 +135,7 @@ struct aa_profile {
const char *attach;
struct aa_dfa *xmatch;
- int xmatch_len;
+ unsigned int xmatch_len;
enum audit_mode audit;
long mode;
u32 path_flags;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 299/389] apparmor: fix reference count leak in aa_pivotroot()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 298/389] apparmor: fix overlapping attachment computation Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 300/389] apparmor: Fix memleak in aa_simple_write_to_buffer() Greg Kroah-Hartman
` (94 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiyu Yang, Xin Tan, Xin Xiong, John Johansen
From: Xin Xiong <xiongx18@fudan.edu.cn>
commit 11c3627ec6b56c1525013f336f41b79a983b4d46 upstream.
The aa_pivotroot() function has a reference counting bug in a specific
path. When aa_replace_current_label() returns on success, the function
forgets to decrement the reference count of “target”, which is
increased earlier by build_pivotroot(), causing a reference leak.
Fix it by decreasing the refcount of “target” in that path.
Fixes: 2ea3ffb7782a ("apparmor: add mount mediation")
Co-developed-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Co-developed-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/mount.c | 1 +
1 file changed, 1 insertion(+)
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -683,6 +683,7 @@ int aa_pivotroot(struct aa_label *label,
aa_put_label(target);
goto out;
}
+ aa_put_label(target);
} else
/* already audited error */
error = PTR_ERR(target);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 300/389] apparmor: Fix memleak in aa_simple_write_to_buffer()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 299/389] apparmor: fix reference count leak in aa_pivotroot() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 301/389] Documentation: ACPI: EINJ: Fix obsolete example Greg Kroah-Hartman
` (93 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiu Jianfeng, John Johansen
From: Xiu Jianfeng <xiujianfeng@huawei.com>
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the
management struct and data blob are allocated independently, so only
kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to
fix this issue.
Fixes: a6a52579e52b5 ("apparmor: split load data into management struct and data blob")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/apparmor/apparmorfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -403,7 +403,7 @@ static struct aa_loaddata *aa_simple_wri
data->size = copy_size;
if (copy_from_user(data->data, userbuf, copy_size)) {
- kvfree(data);
+ aa_put_loaddata(data);
return ERR_PTR(-EFAULT);
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 301/389] Documentation: ACPI: EINJ: Fix obsolete example
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 300/389] apparmor: Fix memleak in aa_simple_write_to_buffer() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 302/389] NFSv4.1: Dont decrease the value of seq_nr_highest_sent Greg Kroah-Hartman
` (92 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Qifu Zhang, Tony Luck, Rafael J. Wysocki
From: Qifu Zhang <zhangqifu@bytedance.com>
commit 9066e151c37950af92c3be6a7270daa8e8063db9 upstream.
Since commit 488dac0c9237 ("libfs: fix error cast of negative value in
simple_attr_write()"), the EINJ debugfs interface no longer accepts
negative values as input. Attempt to do so will result in EINVAL.
Fixes: 488dac0c9237 ("libfs: fix error cast of negative value in simple_attr_write()")
Signed-off-by: Qifu Zhang <zhangqifu@bytedance.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/firmware-guide/acpi/apei/einj.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/firmware-guide/acpi/apei/einj.rst
+++ b/Documentation/firmware-guide/acpi/apei/einj.rst
@@ -168,7 +168,7 @@ An error injection example::
0x00000008 Memory Correctable
0x00000010 Memory Uncorrectable non-fatal
# echo 0x12345000 > param1 # Set memory address for injection
- # echo $((-1 << 12)) > param2 # Mask 0xfffffffffffff000 - anywhere in this page
+ # echo 0xfffffffffffff000 > param2 # Mask - anywhere in this page
# echo 0x8 > error_type # Choose correctable memory error
# echo 1 > error_inject # Inject now
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 302/389] NFSv4.1: Dont decrease the value of seq_nr_highest_sent
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 301/389] Documentation: ACPI: EINJ: Fix obsolete example Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 303/389] NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly Greg Kroah-Hartman
` (91 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit f07a5d2427fc113dc50c5c818eba8929bc27b8ca upstream.
When we're trying to figure out what the server may or may not have seen
in terms of request numbers, do not assume that requests with a larger
number were missed, just because we saw a reply to a request with a
smaller number.
Fixes: 3453d5708b33 ("NFSv4.1: Avoid false retries when RPC calls are interrupted")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4proc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -779,10 +779,9 @@ static void nfs4_slot_sequence_record_se
if ((s32)(seqnr - slot->seq_nr_highest_sent) > 0)
slot->seq_nr_highest_sent = seqnr;
}
-static void nfs4_slot_sequence_acked(struct nfs4_slot *slot,
- u32 seqnr)
+static void nfs4_slot_sequence_acked(struct nfs4_slot *slot, u32 seqnr)
{
- slot->seq_nr_highest_sent = seqnr;
+ nfs4_slot_sequence_record_sent(slot, seqnr);
slot->seq_nr_last_acked = seqnr;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 303/389] NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 302/389] NFSv4.1: Dont decrease the value of seq_nr_highest_sent Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 304/389] NFSv4: Fix races in the legacy idmapper upcall Greg Kroah-Hartman
` (90 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 7ccafd4b2b9f34e6d8185f796f151c47424e273e upstream.
Don't assume that the NFS4ERR_DELAY means that the server is processing
this slot id.
Fixes: 3453d5708b33 ("NFSv4.1: Avoid false retries when RPC calls are interrupted")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4proc.c | 1 -
1 file changed, 1 deletion(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -848,7 +848,6 @@ static int nfs41_sequence_process(struct
__func__,
slot->slot_nr,
slot->seq_nr);
- nfs4_slot_sequence_acked(slot, slot->seq_nr);
goto out_retry;
case -NFS4ERR_RETRY_UNCACHED_REP:
case -NFS4ERR_SEQ_FALSE_RETRY:
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 304/389] NFSv4: Fix races in the legacy idmapper upcall
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 303/389] NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 305/389] NFSv4.1: RECLAIM_COMPLETE must handle EACCES Greg Kroah-Hartman
` (89 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 51fd2eb52c0ca8275a906eed81878ef50ae94eb0 upstream.
nfs_idmap_instantiate() will cause the process that is waiting in
request_key_with_auxdata() to wake up and exit. If there is a second
process waiting for the idmap->idmap_mutex, then it may wake up and
start a new call to request_key_with_auxdata(). If the call to
idmap_pipe_downcall() from the first process has not yet finished
calling nfs_idmap_complete_pipe_upcall_locked(), then we may end up
triggering the WARN_ON_ONCE() in nfs_idmap_prepare_pipe_upcall().
The fix is to ensure that we clear idmap->idmap_upcall_data before
calling nfs_idmap_instantiate().
Fixes: e9ab41b620e4 ("NFSv4: Clean up the legacy idmapper upcall")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4idmap.c | 46 ++++++++++++++++++++++++----------------------
1 file changed, 24 insertions(+), 22 deletions(-)
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -560,22 +560,20 @@ nfs_idmap_prepare_pipe_upcall(struct idm
return true;
}
-static void
-nfs_idmap_complete_pipe_upcall_locked(struct idmap *idmap, int ret)
+static void nfs_idmap_complete_pipe_upcall(struct idmap_legacy_upcalldata *data,
+ int ret)
{
- struct key *authkey = idmap->idmap_upcall_data->authkey;
-
- kfree(idmap->idmap_upcall_data);
- idmap->idmap_upcall_data = NULL;
- complete_request_key(authkey, ret);
- key_put(authkey);
+ complete_request_key(data->authkey, ret);
+ key_put(data->authkey);
+ kfree(data);
}
-static void
-nfs_idmap_abort_pipe_upcall(struct idmap *idmap, int ret)
+static void nfs_idmap_abort_pipe_upcall(struct idmap *idmap,
+ struct idmap_legacy_upcalldata *data,
+ int ret)
{
- if (idmap->idmap_upcall_data != NULL)
- nfs_idmap_complete_pipe_upcall_locked(idmap, ret);
+ if (cmpxchg(&idmap->idmap_upcall_data, data, NULL) == data)
+ nfs_idmap_complete_pipe_upcall(data, ret);
}
static int nfs_idmap_legacy_upcall(struct key *authkey, void *aux)
@@ -612,7 +610,7 @@ static int nfs_idmap_legacy_upcall(struc
ret = rpc_queue_upcall(idmap->idmap_pipe, msg);
if (ret < 0)
- nfs_idmap_abort_pipe_upcall(idmap, ret);
+ nfs_idmap_abort_pipe_upcall(idmap, data, ret);
return ret;
out2:
@@ -668,6 +666,7 @@ idmap_pipe_downcall(struct file *filp, c
struct request_key_auth *rka;
struct rpc_inode *rpci = RPC_I(file_inode(filp));
struct idmap *idmap = (struct idmap *)rpci->private;
+ struct idmap_legacy_upcalldata *data;
struct key *authkey;
struct idmap_msg im;
size_t namelen_in;
@@ -677,10 +676,11 @@ idmap_pipe_downcall(struct file *filp, c
* will have been woken up and someone else may now have used
* idmap_key_cons - so after this point we may no longer touch it.
*/
- if (idmap->idmap_upcall_data == NULL)
+ data = xchg(&idmap->idmap_upcall_data, NULL);
+ if (data == NULL)
goto out_noupcall;
- authkey = idmap->idmap_upcall_data->authkey;
+ authkey = data->authkey;
rka = get_request_key_auth(authkey);
if (mlen != sizeof(im)) {
@@ -702,18 +702,17 @@ idmap_pipe_downcall(struct file *filp, c
if (namelen_in == 0 || namelen_in == IDMAP_NAMESZ) {
ret = -EINVAL;
goto out;
-}
+ }
- ret = nfs_idmap_read_and_verify_message(&im,
- &idmap->idmap_upcall_data->idmap_msg,
- rka->target_key, authkey);
+ ret = nfs_idmap_read_and_verify_message(&im, &data->idmap_msg,
+ rka->target_key, authkey);
if (ret >= 0) {
key_set_timeout(rka->target_key, nfs_idmap_cache_timeout);
ret = mlen;
}
out:
- nfs_idmap_complete_pipe_upcall_locked(idmap, ret);
+ nfs_idmap_complete_pipe_upcall(data, ret);
out_noupcall:
return ret;
}
@@ -727,7 +726,7 @@ idmap_pipe_destroy_msg(struct rpc_pipe_m
struct idmap *idmap = data->idmap;
if (msg->errno)
- nfs_idmap_abort_pipe_upcall(idmap, msg->errno);
+ nfs_idmap_abort_pipe_upcall(idmap, data, msg->errno);
}
static void
@@ -735,8 +734,11 @@ idmap_release_pipe(struct inode *inode)
{
struct rpc_inode *rpci = RPC_I(inode);
struct idmap *idmap = (struct idmap *)rpci->private;
+ struct idmap_legacy_upcalldata *data;
- nfs_idmap_abort_pipe_upcall(idmap, -EPIPE);
+ data = xchg(&idmap->idmap_upcall_data, NULL);
+ if (data)
+ nfs_idmap_complete_pipe_upcall(data, -EPIPE);
}
int nfs_map_name_to_uid(const struct nfs_server *server, const char *name, size_t namelen, kuid_t *uid)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 305/389] NFSv4.1: RECLAIM_COMPLETE must handle EACCES
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 304/389] NFSv4: Fix races in the legacy idmapper upcall Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 306/389] NFSv4/pnfs: Fix a use-after-free bug in open Greg Kroah-Hartman
` (88 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Xianwei, Yi Wang, Trond Myklebust
From: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
commit e35a5e782f67ed76a65ad0f23a484444a95f000f upstream.
A client should be able to handle getting an EACCES error while doing
a mount operation to reclaim state due to NFS4CLNT_RECLAIM_REBOOT
being set. If the server returns RPC_AUTH_BADCRED because authentication
failed when we execute "exportfs -au", then RECLAIM_COMPLETE will go a
wrong way. After mount succeeds, all OPEN call will fail due to an
NFS4ERR_GRACE error being returned. This patch is to fix it by resending
a RPC request.
Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Fixes: aa5190d0ed7d ("NFSv4: Kill nfs4_async_handle_error() abuses by NFSv4.1")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4proc.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -8986,6 +8986,9 @@ static int nfs41_reclaim_complete_handle
rpc_delay(task, NFS4_POLL_RETRY_MAX);
/* fall through */
case -NFS4ERR_RETRY_UNCACHED_REP:
+ case -EACCES:
+ dprintk("%s: failed to reclaim complete error %d for server %s, retrying\n",
+ __func__, task->tk_status, clp->cl_hostname);
return -EAGAIN;
case -NFS4ERR_BADSESSION:
case -NFS4ERR_DEADSESSION:
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 306/389] NFSv4/pnfs: Fix a use-after-free bug in open
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 305/389] NFSv4.1: RECLAIM_COMPLETE must handle EACCES Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 307/389] can: mcp251x: Fix race condition on receive interrupt Greg Kroah-Hartman
` (87 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 2135e5d56278ffdb1c2e6d325dc6b87f669b9dac upstream.
If someone cancels the open RPC call, then we must not try to free
either the open slot or the layoutget operation arguments, since they
are likely still in use by the hung RPC call.
Fixes: 6949493884fe ("NFSv4: Don't hold the layoutget locks across multiple RPC calls")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfs/nfs4proc.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3039,12 +3039,13 @@ static int _nfs4_open_and_get_state(stru
}
out:
- if (opendata->lgp) {
- nfs4_lgopen_release(opendata->lgp);
- opendata->lgp = NULL;
- }
- if (!opendata->cancelled)
+ if (!opendata->cancelled) {
+ if (opendata->lgp) {
+ nfs4_lgopen_release(opendata->lgp);
+ opendata->lgp = NULL;
+ }
nfs4_sequence_free_slot(&opendata->o_res.seq_res);
+ }
return ret;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 307/389] can: mcp251x: Fix race condition on receive interrupt
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 306/389] NFSv4/pnfs: Fix a use-after-free bug in open Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 308/389] sunrpc: fix expiry of auth creds Greg Kroah-Hartman
` (86 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sebastian Würl, Marc Kleine-Budde
From: Sebastian Würl <sebastian.wuerl@ororatech.com>
commit d80d60b0db6ff3dd2e29247cc2a5166d7e9ae37e upstream.
The mcp251x driver uses both receiving mailboxes of the CAN controller
chips. For retrieving the CAN frames from the controller via SPI, it checks
once per interrupt which mailboxes have been filled and will retrieve the
messages accordingly.
This introduces a race condition, as another CAN frame can enter mailbox 1
while mailbox 0 is emptied. If now another CAN frame enters mailbox 0 until
the interrupt handler is called next, mailbox 0 is emptied before
mailbox 1, leading to out-of-order CAN frames in the network device.
This is fixed by checking the interrupt flags once again after freeing
mailbox 0, to correctly also empty mailbox 1 before leaving the handler.
For reproducing the bug I created the following setup:
- Two CAN devices, one Raspberry Pi with MCP2515, the other can be any.
- Setup CAN to 1 MHz
- Spam bursts of 5 CAN-messages with increasing CAN-ids
- Continue sending the bursts while sleeping a second between the bursts
- Check on the RPi whether the received messages have increasing CAN-ids
- Without this patch, every burst of messages will contain a flipped pair
v3: https://lore.kernel.org/all/20220804075914.67569-1-sebastian.wuerl@ororatech.com
v2: https://lore.kernel.org/all/20220804064803.63157-1-sebastian.wuerl@ororatech.com
v1: https://lore.kernel.org/all/20220803153300.58732-1-sebastian.wuerl@ororatech.com
Fixes: bf66f3736a94 ("can: mcp251x: Move to threaded interrupts instead of workqueues.")
Signed-off-by: Sebastian Würl <sebastian.wuerl@ororatech.com>
Link: https://lore.kernel.org/all/20220804081411.68567-1-sebastian.wuerl@ororatech.com
[mkl: reduce scope of intf1, eflag1]
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/spi/mcp251x.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
--- a/drivers/net/can/spi/mcp251x.c
+++ b/drivers/net/can/spi/mcp251x.c
@@ -756,9 +756,6 @@ static irqreturn_t mcp251x_can_ist(int i
mcp251x_read_2regs(spi, CANINTF, &intf, &eflag);
- /* mask out flags we don't care about */
- intf &= CANINTF_RX | CANINTF_TX | CANINTF_ERR;
-
/* receive buffer 0 */
if (intf & CANINTF_RX0IF) {
mcp251x_hw_rx(spi, 0);
@@ -768,6 +765,18 @@ static irqreturn_t mcp251x_can_ist(int i
if (mcp251x_is_2510(spi))
mcp251x_write_bits(spi, CANINTF,
CANINTF_RX0IF, 0x00);
+
+ /* check if buffer 1 is already known to be full, no need to re-read */
+ if (!(intf & CANINTF_RX1IF)) {
+ u8 intf1, eflag1;
+
+ /* intf needs to be read again to avoid a race condition */
+ mcp251x_read_2regs(spi, CANINTF, &intf1, &eflag1);
+
+ /* combine flags from both operations for error handling */
+ intf |= intf1;
+ eflag |= eflag1;
+ }
}
/* receive buffer 1 */
@@ -778,6 +787,9 @@ static irqreturn_t mcp251x_can_ist(int i
clear_intf |= CANINTF_RX1IF;
}
+ /* mask out flags we don't care about */
+ intf &= CANINTF_RX | CANINTF_TX | CANINTF_ERR;
+
/* any error or tx interrupt we need to clear? */
if (intf & (CANINTF_ERR | CANINTF_TX))
clear_intf |= intf & (CANINTF_ERR | CANINTF_TX);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 308/389] sunrpc: fix expiry of auth creds
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 307/389] can: mcp251x: Fix race condition on receive interrupt Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 309/389] SUNRPC: Reinitialise the backchannel request buffers before reuse Greg Kroah-Hartman
` (85 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Aloni, Trond Myklebust
From: Dan Aloni <dan.aloni@vastdata.com>
commit f1bafa7375c01ff71fb7cb97c06caadfcfe815f3 upstream.
Before this commit, with a large enough LRU of expired items (100), the
loop skipped all the expired items and was entirely ineffectual in
trimming the LRU list.
Fixes: 95cd623250ad ('SUNRPC: Clean up the AUTH cache code')
Signed-off-by: Dan Aloni <dan.aloni@vastdata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/auth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -494,7 +494,7 @@ rpcauth_prune_expired(struct list_head *
* Enforce a 60 second garbage collection moratorium
* Note that the cred_unused list must be time-ordered.
*/
- if (!time_in_range(cred->cr_expire, expired, jiffies))
+ if (time_in_range(cred->cr_expire, expired, jiffies))
continue;
if (!rpcauth_unhash_cred(cred))
continue;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 309/389] SUNRPC: Reinitialise the backchannel request buffers before reuse
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 308/389] sunrpc: fix expiry of auth creds Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 310/389] devlink: Fix use-after-free after a failed reload Greg Kroah-Hartman
` (84 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Trond Myklebust
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 6622e3a73112fc336c1c2c582428fb5ef18e456a upstream.
When we're reusing the backchannel requests instead of freeing them,
then we should reinitialise any values of the send/receive xdr_bufs so
that they reflect the available space.
Fixes: 0d2a970d0ae5 ("SUNRPC: Fix a backchannel race")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/backchannel_rqst.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/net/sunrpc/backchannel_rqst.c
+++ b/net/sunrpc/backchannel_rqst.c
@@ -64,6 +64,17 @@ static void xprt_free_allocation(struct
kfree(req);
}
+static void xprt_bc_reinit_xdr_buf(struct xdr_buf *buf)
+{
+ buf->head[0].iov_len = PAGE_SIZE;
+ buf->tail[0].iov_len = 0;
+ buf->pages = NULL;
+ buf->page_len = 0;
+ buf->flags = 0;
+ buf->len = 0;
+ buf->buflen = PAGE_SIZE;
+}
+
static int xprt_alloc_xdr_buf(struct xdr_buf *buf, gfp_t gfp_flags)
{
struct page *page;
@@ -292,6 +303,9 @@ void xprt_free_bc_rqst(struct rpc_rqst *
*/
spin_lock_bh(&xprt->bc_pa_lock);
if (xprt_need_to_requeue(xprt)) {
+ xprt_bc_reinit_xdr_buf(&req->rq_snd_buf);
+ xprt_bc_reinit_xdr_buf(&req->rq_rcv_buf);
+ req->rq_rcv_buf.len = PAGE_SIZE;
list_add_tail(&req->rq_bc_pa_list, &xprt->bc_pa_list);
xprt->bc_alloc_count++;
atomic_inc(&xprt->bc_slot_count);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 310/389] devlink: Fix use-after-free after a failed reload
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 309/389] SUNRPC: Reinitialise the backchannel request buffers before reuse Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 311/389] net: bgmac: Fix a BUG triggered by wrong bytes_compl Greg Kroah-Hartman
` (83 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ido Schimmel, Jiri Pirko, David S. Miller
From: Ido Schimmel <idosch@nvidia.com>
commit 6b4db2e528f650c7fb712961aac36455468d5902 upstream.
After a failed devlink reload, devlink parameters are still registered,
which means user space can set and get their values. In the case of the
mlxsw "acl_region_rehash_interval" parameter, these operations will
trigger a use-after-free [1].
Fix this by rejecting set and get operations while in the failed state.
Return the "-EOPNOTSUPP" error code which does not abort the parameters
dump, but instead causes it to skip over the problematic parameter.
Another possible fix is to perform these checks in the mlxsw parameter
callbacks, but other drivers might be affected by the same problem and I
am not aware of scenarios where these stricter checks will cause a
regression.
[1]
mlxsw_spectrum3 0000:00:10.0: Port 125: Failed to register netdev
mlxsw_spectrum3 0000:00:10.0: Failed to create ports
==================================================================
BUG: KASAN: use-after-free in mlxsw_sp_acl_tcam_vregion_rehash_intrvl_get+0xbd/0xd0 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:904
Read of size 4 at addr ffff8880099dcfd8 by task kworker/u4:4/777
CPU: 1 PID: 777 Comm: kworker/u4:4 Not tainted 5.19.0-rc7-custom-126601-gfe26f28c586d #1
Hardware name: QEMU MSN4700, BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: netns cleanup_net
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x92/0xbd lib/dump_stack.c:106
print_address_description mm/kasan/report.c:313 [inline]
print_report.cold+0x5e/0x5cf mm/kasan/report.c:429
kasan_report+0xb9/0xf0 mm/kasan/report.c:491
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:306
mlxsw_sp_acl_tcam_vregion_rehash_intrvl_get+0xbd/0xd0 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c:904
mlxsw_sp_acl_region_rehash_intrvl_get+0x49/0x60 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c:1106
mlxsw_sp_params_acl_region_rehash_intrvl_get+0x33/0x80 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3854
devlink_param_get net/core/devlink.c:4981 [inline]
devlink_nl_param_fill+0x238/0x12d0 net/core/devlink.c:5089
devlink_param_notify+0xe5/0x230 net/core/devlink.c:5168
devlink_ns_change_notify net/core/devlink.c:4417 [inline]
devlink_ns_change_notify net/core/devlink.c:4396 [inline]
devlink_reload+0x15f/0x700 net/core/devlink.c:4507
devlink_pernet_pre_exit+0x112/0x1d0 net/core/devlink.c:12272
ops_pre_exit_list net/core/net_namespace.c:152 [inline]
cleanup_net+0x494/0xc00 net/core/net_namespace.c:582
process_one_work+0x9fc/0x1710 kernel/workqueue.c:2289
worker_thread+0x675/0x10b0 kernel/workqueue.c:2436
kthread+0x30c/0x3d0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
The buggy address belongs to the physical page:
page:ffffea0000267700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99dc
flags: 0x100000000000000(node=0|zone=1)
raw: 0100000000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880099dce80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8880099dcf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8880099dcf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8880099dd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8880099dd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
Fixes: 98bbf70c1c41 ("mlxsw: spectrum: add "acl_region_rehash_interval" devlink param")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/devlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/core/devlink.c
+++ b/net/core/devlink.c
@@ -2953,7 +2953,7 @@ static int devlink_param_get(struct devl
const struct devlink_param *param,
struct devlink_param_gset_ctx *ctx)
{
- if (!param->get)
+ if (!param->get || devlink->reload_failed)
return -EOPNOTSUPP;
return param->get(devlink, param->id, ctx);
}
@@ -2962,7 +2962,7 @@ static int devlink_param_set(struct devl
const struct devlink_param *param,
struct devlink_param_gset_ctx *ctx)
{
- if (!param->set)
+ if (!param->set || devlink->reload_failed)
return -EOPNOTSUPP;
return param->set(devlink, param->id, ctx);
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 311/389] net: bgmac: Fix a BUG triggered by wrong bytes_compl
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 310/389] devlink: Fix use-after-free after a failed reload Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 312/389] pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map Greg Kroah-Hartman
` (82 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sandor Bodo-Merle, Florian Fainelli,
Jakub Kicinski
From: Sandor Bodo-Merle <sbodomerle@gmail.com>
commit 1b7680c6c1f6de9904f1d9b05c952f0c64a03350 upstream.
On one of our machines we got:
kernel BUG at lib/dynamic_queue_limits.c:27!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1
Hardware name: BRCM XGS iProc
task: ee3415c0 task.stack: ee32a000
PC is at dql_completed+0x168/0x178
LR is at bgmac_poll+0x18c/0x6d8
pc : [<c03b9430>] lr : [<c04b5a18>] psr: 800a0313
sp : ee32be14 ip : 000005ea fp : 00000bd4
r10: ee558500 r9 : c0116298 r8 : 00000002
r7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851
r3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180
Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 12c5387d Table: 8e88c04a DAC: 00000051
Process irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)
Stack: (0xee32be14 to 0xee32c000)
be00: ee558520 ee52c100 ef128810
be20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040
be40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040
be60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a
be80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98
bea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8
bec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000
bee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520
bf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900
bf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c
bf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28
bf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70
bf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000
bfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000
bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[<c03b9430>] (dql_completed) from [<c04b5a18>] (bgmac_poll+0x18c/0x6d8)
[<c04b5a18>] (bgmac_poll) from [<c0528744>] (net_rx_action+0x1c4/0x494)
[<c0528744>] (net_rx_action) from [<c0124d3c>] (do_current_softirqs+0x1ec/0x43c)
[<c0124d3c>] (do_current_softirqs) from [<c012500c>] (__local_bh_enable+0x80/0x98)
[<c012500c>] (__local_bh_enable) from [<c016da14>] (irq_forced_thread_fn+0x84/0x98)
[<c016da14>] (irq_forced_thread_fn) from [<c016dd14>] (irq_thread+0x118/0x1c0)
[<c016dd14>] (irq_thread) from [<c013edcc>] (kthread+0x150/0x158)
[<c013edcc>] (kthread) from [<c0108470>] (ret_from_fork+0x14/0x24)
Code: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)
The issue seems similar to commit 90b3b339364c ("net: hisilicon: Fix a BUG
trigered by wrong bytes_compl") and potentially introduced by commit
b38c83dd0866 ("bgmac: simplify tx ring index handling").
If there is an RX interrupt between setting ring->end
and netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()
can miscalculate the queue size while called from bgmac_poll().
The machine which triggered the BUG runs a v4.14 RT kernel - but the issue
seems present in mainline too.
Fixes: b38c83dd0866 ("bgmac: simplify tx ring index handling")
Signed-off-by: Sandor Bodo-Merle <sbodomerle@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20220808173939.193804-1-sbodomerle@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/bgmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bgmac.c b/drivers/net/ethernet/broadcom/bgmac.c
index 2dfc1e32bbb3..93580484a3f4 100644
--- a/drivers/net/ethernet/broadcom/bgmac.c
+++ b/drivers/net/ethernet/broadcom/bgmac.c
@@ -189,8 +189,8 @@ static netdev_tx_t bgmac_dma_tx_add(struct bgmac *bgmac,
}
slot->skb = skb;
- ring->end += nr_frags + 1;
netdev_sent_queue(net_dev, skb->len);
+ ring->end += nr_frags + 1;
wmb();
--
2.37.2
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 312/389] pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 311/389] net: bgmac: Fix a BUG triggered by wrong bytes_compl Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 313/389] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed Greg Kroah-Hartman
` (81 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij
From: Miaoqian Lin <linmq006@gmail.com>
commit 4b32e054335ea0ce50967f63a7bfd4db058b14b9 upstream.
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak."
Fixes: c2f6d059abfc ("pinctrl: nomadik: refactor DT parser to take two paths")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220607111602.57355-1-linmq006@gmail.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c
+++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c
@@ -1461,8 +1461,10 @@ static int nmk_pinctrl_dt_subnode_to_map
has_config = nmk_pinctrl_dt_get_config(np, &configs);
np_config = of_parse_phandle(np, "ste,config", 0);
- if (np_config)
+ if (np_config) {
has_config |= nmk_pinctrl_dt_get_config(np_config, &configs);
+ of_node_put(np_config);
+ }
if (has_config) {
const char *gpio_name;
const char *pin;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 313/389] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 312/389] pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 314/389] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO Greg Kroah-Hartman
` (80 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nikita Travkin, Linus Walleij
From: Nikita Travkin <nikita@trvn.ru>
commit 44339391c666e46cba522d19c65a6ad1071c68b7 upstream.
GPIO 31, 32 can be muxed to GCC_CAMSS_GP(1,2)_CLK respectively but the
function was never assigned to the pingroup (even though the function
exists already).
Add this mode to the related pins.
Fixes: 5373a2c5abb6 ("pinctrl: qcom: Add msm8916 pinctrl driver")
Signed-off-by: Nikita Travkin <nikita@trvn.ru>
Link: https://lore.kernel.org/r/20220612145955.385787-4-nikita@trvn.ru
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/qcom/pinctrl-msm8916.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/pinctrl/qcom/pinctrl-msm8916.c
+++ b/drivers/pinctrl/qcom/pinctrl-msm8916.c
@@ -844,8 +844,8 @@ static const struct msm_pingroup msm8916
PINGROUP(28, pwr_modem_enabled_a, NA, NA, NA, NA, NA, qdss_tracedata_b, NA, atest_combodac),
PINGROUP(29, cci_i2c, NA, NA, NA, NA, NA, qdss_tracedata_b, NA, atest_combodac),
PINGROUP(30, cci_i2c, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
- PINGROUP(31, cci_timer0, NA, NA, NA, NA, NA, NA, NA, NA),
- PINGROUP(32, cci_timer1, NA, NA, NA, NA, NA, NA, NA, NA),
+ PINGROUP(31, cci_timer0, flash_strobe, NA, NA, NA, NA, NA, NA, NA),
+ PINGROUP(32, cci_timer1, flash_strobe, NA, NA, NA, NA, NA, NA, NA),
PINGROUP(33, cci_async, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
PINGROUP(34, pwr_nav_enabled_a, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
PINGROUP(35, pwr_crypto_enabled_a, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 314/389] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 313/389] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 315/389] ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool Greg Kroah-Hartman
` (79 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jernej Skrabec, Heiko Stuebner,
Samuel Holland, Linus Walleij
From: Samuel Holland <samuel@sholland.org>
commit fc153c8f283bf5925615195fc9d4056414d7b168 upstream.
H6 requires I/O bias configuration on both of its PIO devices.
Previously it was only done for the main PIO.
The setting for Port L is at bit 0, so the bank calculation needs to
account for the pin base. Otherwise the wrong bit is used.
Fixes: cc62383fcebe ("pinctrl: sunxi: Support I/O bias voltage setting on H6")
Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Link: https://lore.kernel.org/r/20220713025233.27248-3-samuel@sholland.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/sunxi/pinctrl-sun50i-h6-r.c | 1 +
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 7 ++++---
2 files changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/pinctrl/sunxi/pinctrl-sun50i-h6-r.c
+++ b/drivers/pinctrl/sunxi/pinctrl-sun50i-h6-r.c
@@ -105,6 +105,7 @@ static const struct sunxi_pinctrl_desc s
.npins = ARRAY_SIZE(sun50i_h6_r_pins),
.pin_base = PL_BASE,
.irq_banks = 2,
+ .io_bias_cfg_variant = BIAS_VOLTAGE_PIO_POW_MODE_SEL,
};
static int sun50i_h6_r_pinctrl_probe(struct platform_device *pdev)
--- a/drivers/pinctrl/sunxi/pinctrl-sunxi.c
+++ b/drivers/pinctrl/sunxi/pinctrl-sunxi.c
@@ -616,7 +616,7 @@ static int sunxi_pinctrl_set_io_bias_cfg
unsigned pin,
struct regulator *supply)
{
- unsigned short bank = pin / PINS_PER_BANK;
+ unsigned short bank;
unsigned long flags;
u32 val, reg;
int uV;
@@ -632,6 +632,9 @@ static int sunxi_pinctrl_set_io_bias_cfg
if (uV == 0)
return 0;
+ pin -= pctl->desc->pin_base;
+ bank = pin / PINS_PER_BANK;
+
switch (pctl->desc->io_bias_cfg_variant) {
case BIAS_VOLTAGE_GRP_CONFIG:
/*
@@ -649,8 +652,6 @@ static int sunxi_pinctrl_set_io_bias_cfg
else
val = 0xD; /* 3.3V */
- pin -= pctl->desc->pin_base;
-
reg = readl(pctl->membase + sunxi_grp_config_reg(pin));
reg &= ~IO_BIAS_MASK;
writel(reg | val, pctl->membase + sunxi_grp_config_reg(pin));
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 315/389] ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 314/389] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 316/389] geneve: do not use RT_TOS for IPv6 flowlabel Greg Kroah-Hartman
` (78 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sakari Ailus, Andy Shevchenko,
Rafael J. Wysocki
From: Sakari Ailus <sakari.ailus@linux.intel.com>
commit 85140ef275f577f64e8a2c5789447222dfc14fc4 upstream.
The value acpi_add_nondev_subnodes() returns is bool so change the return
type of the function to match that.
Fixes: 445b0eb058f5 ("ACPI / property: Add support for data-only subnodes")
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/acpi/property.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/acpi/property.c
+++ b/drivers/acpi/property.c
@@ -152,10 +152,10 @@ static bool acpi_nondev_subnode_ok(acpi_
return acpi_nondev_subnode_data_ok(handle, link, list, parent);
}
-static int acpi_add_nondev_subnodes(acpi_handle scope,
- const union acpi_object *links,
- struct list_head *list,
- struct fwnode_handle *parent)
+static bool acpi_add_nondev_subnodes(acpi_handle scope,
+ const union acpi_object *links,
+ struct list_head *list,
+ struct fwnode_handle *parent)
{
bool ret = false;
int i;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 316/389] geneve: do not use RT_TOS for IPv6 flowlabel
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 315/389] ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 317/389] plip: avoid rcu debug splat Greg Kroah-Hartman
` (77 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guillaume Nault, Matthias May,
Jakub Kicinski
From: Matthias May <matthias.may@westermo.com>
commit ca2bb69514a8bc7f83914122f0d596371352416c upstream.
According to Guillaume Nault RT_TOS should never be used for IPv6.
Quote:
RT_TOS() is an old macro used to interprete IPv4 TOS as described in
the obsolete RFC 1349. It's conceptually wrong to use it even in IPv4
code, although, given the current state of the code, most of the
existing calls have no consequence.
But using RT_TOS() in IPv6 code is always a bug: IPv6 never had a "TOS"
field to be interpreted the RFC 1349 way. There's no historical
compatibility to worry about.
Fixes: 3a56f86f1be6 ("geneve: handle ipv6 priority like ipv4 tos")
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Matthias May <matthias.may@westermo.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/geneve.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -851,8 +851,7 @@ static struct dst_entry *geneve_get_v6_d
use_cache = false;
}
- fl6->flowlabel = ip6_make_flowinfo(RT_TOS(prio),
- info->key.label);
+ fl6->flowlabel = ip6_make_flowinfo(prio, info->key.label);
dst_cache = (struct dst_cache *)&info->dst_cache;
if (use_cache) {
dst = dst_cache_get_ip6(dst_cache, &fl6->saddr);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 317/389] plip: avoid rcu debug splat
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 316/389] geneve: do not use RT_TOS for IPv6 flowlabel Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 318/389] vsock: Fix memory leak in vsock_connect() Greg Kroah-Hartman
` (76 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Florian Westphal,
Jakub Kicinski
From: Florian Westphal <fw@strlen.de>
commit bc3c8fe3c79bcdae4d90e3726054fac5cca8ac32 upstream.
WARNING: suspicious RCU usage
5.2.0-rc2-00605-g2638eb8b50cfc #1 Not tainted
drivers/net/plip/plip.c:1110 suspicious rcu_dereference_check() usage!
plip_open is called with RTNL held, switch to the correct helper.
Fixes: 2638eb8b50cf ("net: ipv4: provide __rcu annotation for ifa_list")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20220807115304.13257-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/plip/plip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/plip/plip.c
+++ b/drivers/net/plip/plip.c
@@ -1103,7 +1103,7 @@ plip_open(struct net_device *dev)
/* Any address will do - we take the first. We already
have the first two bytes filled with 0xfc, from
plip_init_dev(). */
- const struct in_ifaddr *ifa = rcu_dereference(in_dev->ifa_list);
+ const struct in_ifaddr *ifa = rtnl_dereference(in_dev->ifa_list);
if (ifa != NULL) {
memcpy(dev->dev_addr+2, &ifa->ifa_local, 4);
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 318/389] vsock: Fix memory leak in vsock_connect()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 317/389] plip: avoid rcu debug splat Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 319/389] vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() Greg Kroah-Hartman
` (75 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Garzarella, Peilin Ye,
David S. Miller, syzbot+b03f55bf128f9a38f064
From: Peilin Ye <peilin.ye@bytedance.com>
commit 7e97cfed9929eaabc41829c395eb0d1350fccb9d upstream.
An O_NONBLOCK vsock_connect() request may try to reschedule
@connect_work. Imagine the following sequence of vsock_connect()
requests:
1. The 1st, non-blocking request schedules @connect_work, which will
expire after 200 jiffies. Socket state is now SS_CONNECTING;
2. Later, the 2nd, blocking request gets interrupted by a signal after
a few jiffies while waiting for the connection to be established.
Socket state is back to SS_UNCONNECTED, but @connect_work is still
pending, and will expire after 100 jiffies.
3. Now, the 3rd, non-blocking request tries to schedule @connect_work
again. Since @connect_work is already scheduled,
schedule_delayed_work() silently returns. sock_hold() is called
twice, but sock_put() will only be called once in
vsock_connect_timeout(), causing a memory leak reported by syzbot:
BUG: memory leak
unreferenced object 0xffff88810ea56a40 (size 1232):
comm "syz-executor756", pid 3604, jiffies 4294947681 (age 12.350s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
28 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............
backtrace:
[<ffffffff837c830e>] sk_prot_alloc+0x3e/0x1b0 net/core/sock.c:1930
[<ffffffff837cbe22>] sk_alloc+0x32/0x2e0 net/core/sock.c:1989
[<ffffffff842ccf68>] __vsock_create.constprop.0+0x38/0x320 net/vmw_vsock/af_vsock.c:734
[<ffffffff842ce8f1>] vsock_create+0xc1/0x2d0 net/vmw_vsock/af_vsock.c:2203
[<ffffffff837c0cbb>] __sock_create+0x1ab/0x2b0 net/socket.c:1468
[<ffffffff837c3acf>] sock_create net/socket.c:1519 [inline]
[<ffffffff837c3acf>] __sys_socket+0x6f/0x140 net/socket.c:1561
[<ffffffff837c3bba>] __do_sys_socket net/socket.c:1570 [inline]
[<ffffffff837c3bba>] __se_sys_socket net/socket.c:1568 [inline]
[<ffffffff837c3bba>] __x64_sys_socket+0x1a/0x20 net/socket.c:1568
[<ffffffff84512815>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff84512815>] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80
[<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
<...>
Use mod_delayed_work() instead: if @connect_work is already scheduled,
reschedule it, and undo sock_hold() to keep the reference count
balanced.
Reported-and-tested-by: syzbot+b03f55bf128f9a38f064@syzkaller.appspotmail.com
Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
Co-developed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/vmw_vsock/af_vsock.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1207,7 +1207,14 @@ static int vsock_stream_connect(struct s
* timeout fires.
*/
sock_hold(sk);
- schedule_delayed_work(&vsk->connect_work, timeout);
+
+ /* If the timeout function is already scheduled,
+ * reschedule it, then ungrab the socket refcount to
+ * keep it balanced.
+ */
+ if (mod_delayed_work(system_wq, &vsk->connect_work,
+ timeout))
+ sock_put(sk);
/* Skip ahead to preserve error code set above. */
goto out_wait;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 319/389] vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 318/389] vsock: Fix memory leak in vsock_connect() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 320/389] dt-bindings: arm: qcom: fix MSM8916 MTP compatibles Greg Kroah-Hartman
` (74 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stefano Garzarella, Peilin Ye,
David S. Miller
From: Peilin Ye <peilin.ye@bytedance.com>
commit a3e7b29e30854ed67be0d17687e744ad0c769c4b upstream.
Imagine two non-blocking vsock_connect() requests on the same socket.
The first request schedules @connect_work, and after it times out,
vsock_connect_timeout() sets *sock* state back to TCP_CLOSE, but keeps
*socket* state as SS_CONNECTING.
Later, the second request returns -EALREADY, meaning the socket "already
has a pending connection in progress", even though the first request has
already timed out.
As suggested by Stefano, fix it by setting *socket* state back to
SS_UNCONNECTED, so that the second request will return -ETIMEDOUT.
Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/vmw_vsock/af_vsock.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1110,6 +1110,7 @@ static void vsock_connect_timeout(struct
if (sk->sk_state == TCP_SYN_SENT &&
(sk->sk_shutdown != SHUTDOWN_MASK)) {
sk->sk_state = TCP_CLOSE;
+ sk->sk_socket->state = SS_UNCONNECTED;
sk->sk_err = ETIMEDOUT;
sk->sk_error_report(sk);
vsock_transport_cancel_pkt(vsk);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 320/389] dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 319/389] vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 321/389] tools/vm/slabinfo: use alphabetic order when two values are equal Greg Kroah-Hartman
` (73 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Rob Herring,
Bjorn Andersson
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit bb35fe1efbae4114bd288fae0f56070f563adcfc upstream.
The order of compatibles for MSM8916 MTP board is different:
msm8916-mtp.dtb: /: compatible: 'oneOf' conditional failed, one must be fixed:
['qcom,msm8916-mtp', 'qcom,msm8916-mtp/1', 'qcom,msm8916'] is too long
Fixes: 9d3ef77fe568 ("dt-bindings: arm: Convert QCom board/soc bindings to json-schema")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Acked-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20220520123252.365762-3-krzysztof.kozlowski@linaro.org
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/devicetree/bindings/arm/qcom.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/Documentation/devicetree/bindings/arm/qcom.yaml
+++ b/Documentation/devicetree/bindings/arm/qcom.yaml
@@ -112,8 +112,8 @@ properties:
- const: qcom,msm8974
- items:
- - const: qcom,msm8916-mtp/1
- const: qcom,msm8916-mtp
+ - const: qcom,msm8916-mtp/1
- const: qcom,msm8916
- items:
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 321/389] tools/vm/slabinfo: use alphabetic order when two values are equal
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 320/389] dt-bindings: arm: qcom: fix MSM8916 MTP compatibles Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 322/389] tools build: Switch to new openssl API for test-libcrypto Greg Kroah-Hartman
` (72 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuanzheng Song, Tobin C. Harding,
Andrew Morton
From: Yuanzheng Song <songyuanzheng@huawei.com>
commit 4f5ceb8851f0081af54313abbf56de1615911faf upstream.
When the number of partial slabs in each cache is the same (e.g., the
value are 0), the results of the `slabinfo -X -N5` and `slabinfo -P -N5`
are different.
/ # slabinfo -X -N5
...
Slabs sorted by number of partial slabs
---------------------------------------
Name Objects Objsize Space Slabs/Part/Cpu O/S O %Fr %Ef Flg
inode_cache 15180 392 6217728 758/0/1 20 1 0 95 a
kernfs_node_cache 22494 88 2002944 488/0/1 46 0 0 98
shmem_inode_cache 663 464 319488 38/0/1 17 1 0 96
biovec-max 50 3072 163840 4/0/1 10 3 0 93 A
dentry 19050 136 2600960 633/0/2 30 0 0 99 a
/ # slabinfo -P -N5
Name Objects Objsize Space Slabs/Part/Cpu O/S O %Fr %Ef Flg
bdev_cache 32 984 32.7K 1/0/1 16 2 0 96 Aa
ext4_inode_cache 42 752 32.7K 1/0/1 21 2 0 96 a
dentry 19050 136 2.6M 633/0/2 30 0 0 99 a
TCPv6 17 1840 32.7K 0/0/1 17 3 0 95 A
RAWv6 18 856 16.3K 0/0/1 18 2 0 94 A
This problem is caused by the sort_slabs(). So let's use alphabetic order
when two values are equal in the sort_slabs().
By the way, the content of the `slabinfo -h` is not aligned because the
`-P|--partial Sort by number of partial slabs`
uses tabs instead of spaces. So let's use spaces instead of tabs to fix
it.
Link: https://lkml.kernel.org/r/20220528063117.935158-1-songyuanzheng@huawei.com
Fixes: 1106b205a3fe ("tools/vm/slabinfo: add partial slab listing to -X")
Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
Cc: "Tobin C. Harding" <tobin@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/vm/slabinfo.c | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
--- a/tools/vm/slabinfo.c
+++ b/tools/vm/slabinfo.c
@@ -125,7 +125,7 @@ static void usage(void)
"-n|--numa Show NUMA information\n"
"-N|--lines=K Show the first K slabs\n"
"-o|--ops Show kmem_cache_ops\n"
- "-P|--partial Sort by number of partial slabs\n"
+ "-P|--partial Sort by number of partial slabs\n"
"-r|--report Detailed report on single slabs\n"
"-s|--shrink Shrink slabs\n"
"-S|--Size Sort by size\n"
@@ -1045,15 +1045,27 @@ static void sort_slabs(void)
for (s2 = s1 + 1; s2 < slabinfo + slabs; s2++) {
int result;
- if (sort_size)
- result = slab_size(s1) < slab_size(s2);
- else if (sort_active)
- result = slab_activity(s1) < slab_activity(s2);
- else if (sort_loss)
- result = slab_waste(s1) < slab_waste(s2);
- else if (sort_partial)
- result = s1->partial < s2->partial;
- else
+ if (sort_size) {
+ if (slab_size(s1) == slab_size(s2))
+ result = strcasecmp(s1->name, s2->name);
+ else
+ result = slab_size(s1) < slab_size(s2);
+ } else if (sort_active) {
+ if (slab_activity(s1) == slab_activity(s2))
+ result = strcasecmp(s1->name, s2->name);
+ else
+ result = slab_activity(s1) < slab_activity(s2);
+ } else if (sort_loss) {
+ if (slab_waste(s1) == slab_waste(s2))
+ result = strcasecmp(s1->name, s2->name);
+ else
+ result = slab_waste(s1) < slab_waste(s2);
+ } else if (sort_partial) {
+ if (s1->partial == s2->partial)
+ result = strcasecmp(s1->name, s2->name);
+ else
+ result = s1->partial < s2->partial;
+ } else
result = strcasecmp(s1->name, s2->name);
if (show_inverted)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 322/389] tools build: Switch to new openssl API for test-libcrypto
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 321/389] tools/vm/slabinfo: use alphabetic order when two values are equal Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 323/389] NTB: ntb_tool: uninitialized heap data in tool_fn_write() Greg Kroah-Hartman
` (71 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Roberto Sassu, Alexei Starovoitov,
Andrii Nakryiko, bpf, Daniel Borkmann, Ingo Molnar,
John Fastabend, KP Singh, llvm, Martin KaFai Lau,
Nathan Chancellor, Nick Desaulniers, Nick Terrell,
Peter Zijlstra, Quentin Monnet, Song Liu, Stanislav Fomichev,
Arnaldo Carvalho de Melo
From: Roberto Sassu <roberto.sassu@huawei.com>
commit 5b245985a6de5ac18b5088c37068816d413fb8ed upstream.
Switch to new EVP API for detecting libcrypto, as Fedora 36 returns an
error when it encounters the deprecated function MD5_Init() and the others.
The error would be interpreted as missing libcrypto, while in reality it is
not.
Fixes: 6e8ccb4f624a73c5 ("tools/bpf: properly account for libbfd variations")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andrii Nakryiko <andrii@kernel.org>
Cc: bpf@vger.kernel.org
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: John Fastabend <john.fastabend@gmail.com>
Cc: KP Singh <kpsingh@kernel.org>
Cc: llvm@lists.linux.dev
Cc: Martin KaFai Lau <martin.lau@linux.dev>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nick Terrell <terrelln@fb.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Monnet <quentin@isovalent.com>
Cc: Song Liu <song@kernel.org>
Cc: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/20220719170555.2576993-4-roberto.sassu@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/build/feature/test-libcrypto.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
--- a/tools/build/feature/test-libcrypto.c
+++ b/tools/build/feature/test-libcrypto.c
@@ -1,16 +1,23 @@
// SPDX-License-Identifier: GPL-2.0
+#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
int main(void)
{
- MD5_CTX context;
+ EVP_MD_CTX *mdctx;
unsigned char md[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
unsigned char dat[] = "12345";
+ unsigned int digest_len;
- MD5_Init(&context);
- MD5_Update(&context, &dat[0], sizeof(dat));
- MD5_Final(&md[0], &context);
+ mdctx = EVP_MD_CTX_new();
+ if (!mdctx)
+ return 0;
+
+ EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(mdctx, &dat[0], sizeof(dat));
+ EVP_DigestFinal_ex(mdctx, &md[0], &digest_len);
+ EVP_MD_CTX_free(mdctx);
SHA1(&dat[0], sizeof(dat), &md[0]);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 323/389] NTB: ntb_tool: uninitialized heap data in tool_fn_write()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 322/389] tools build: Switch to new openssl API for test-libcrypto Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 324/389] nfp: ethtool: fix the display error of `ethtool -m DEVNAME` Greg Kroah-Hartman
` (70 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Jon Mason
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 45e1058b77feade4e36402828bfe3e0d3363177b upstream.
The call to:
ret = simple_write_to_buffer(buf, size, offp, ubuf, size);
will return success if it is able to write even one byte to "buf".
The value of "*offp" controls which byte. This could result in
reading uninitialized data when we do the sscanf() on the next line.
This code is not really desigined to handle partial writes where
*offp is non-zero and the "buf" is preserved and re-used between writes.
Just ban partial writes and replace the simple_write_to_buffer() with
copy_from_user().
Fixes: 578b881ba9c4 ("NTB: Add tool test client")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ntb/test/ntb_tool.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/ntb/test/ntb_tool.c
+++ b/drivers/ntb/test/ntb_tool.c
@@ -367,14 +367,16 @@ static ssize_t tool_fn_write(struct tool
u64 bits;
int n;
+ if (*offp)
+ return 0;
+
buf = kmalloc(size + 1, GFP_KERNEL);
if (!buf)
return -ENOMEM;
- ret = simple_write_to_buffer(buf, size, offp, ubuf, size);
- if (ret < 0) {
+ if (copy_from_user(buf, ubuf, size)) {
kfree(buf);
- return ret;
+ return -EFAULT;
}
buf[size] = 0;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 324/389] nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 323/389] NTB: ntb_tool: uninitialized heap data in tool_fn_write() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 325/389] xen/xenbus: fix return type in xenbus_file_read() Greg Kroah-Hartman
` (69 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Louis Peens, Yu Xiao, Simon Horman,
Jakub Kicinski
From: Yu Xiao <yu.xiao@corigine.com>
commit 4ae97cae07e15d41e5c0ebabba64c6eefdeb0bbe upstream.
The port flag isn't set to `NFP_PORT_CHANGED` when using
`ethtool -m DEVNAME` before, so the port state (e.g. interface)
cannot be updated. Therefore, it caused that `ethtool -m DEVNAME`
sometimes cannot read the correct information.
E.g. `ethtool -m DEVNAME` cannot work when load driver before plug
in optical module, as the port interface is still NONE without port
update.
Now update the port state before sending info to NIC to ensure that
port interface is correct (latest state).
Fixes: 61f7c6f44870 ("nfp: implement ethtool get module EEPROM")
Reviewed-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Yu Xiao <yu.xiao@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20220802093355.69065-1-simon.horman@corigine.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
@@ -1127,6 +1127,8 @@ nfp_port_get_module_info(struct net_devi
u8 data;
port = nfp_port_from_netdev(netdev);
+ /* update port state to get latest interface */
+ set_bit(NFP_PORT_CHANGED, &port->flags);
eth_port = nfp_port_get_eth_port(port);
if (!eth_port)
return -EOPNOTSUPP;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 325/389] xen/xenbus: fix return type in xenbus_file_read()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 324/389] nfp: ethtool: fix the display error of `ethtool -m DEVNAME` Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 326/389] atm: idt77252: fix use-after-free bugs caused by tst_timer Greg Kroah-Hartman
` (68 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Oleksandr Tyshchenko,
Juergen Gross
From: Dan Carpenter <dan.carpenter@oracle.com>
commit 32ad11127b95236dfc52375f3707853194a7f4b4 upstream.
This code tries to store -EFAULT in an unsigned int. The
xenbus_file_read() function returns type ssize_t so the negative value
is returned as a positive value to the user.
This change forces another change to the min() macro. Originally, the
min() macro used "unsigned" type which checkpatch complains about. Also
unsigned type would break if "len" were not capped at MAX_RW_COUNT. Use
size_t for the min(). (No effect on runtime for the min_t() change).
Fixes: 2fb3683e7b16 ("xen: Add xenbus device driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Link: https://lore.kernel.org/r/YutxJUaUYRG/VLVc@kili
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/xen/xenbus/xenbus_dev_frontend.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
@@ -128,7 +128,7 @@ static ssize_t xenbus_file_read(struct f
{
struct xenbus_file_priv *u = filp->private_data;
struct read_buffer *rb;
- unsigned i;
+ ssize_t i;
int ret;
mutex_lock(&u->reply_mutex);
@@ -148,7 +148,7 @@ again:
rb = list_entry(u->read_buffers.next, struct read_buffer, list);
i = 0;
while (i < len) {
- unsigned sz = min((unsigned)len - i, rb->len - rb->cons);
+ size_t sz = min_t(size_t, len - i, rb->len - rb->cons);
ret = copy_to_user(ubuf + i, &rb->msg[rb->cons], sz);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 326/389] atm: idt77252: fix use-after-free bugs caused by tst_timer
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 325/389] xen/xenbus: fix return type in xenbus_file_read() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 327/389] dpaa2-eth: trace the allocated address instead of page struct Greg Kroah-Hartman
` (67 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Jakub Kicinski
From: Duoming Zhou <duoming@zju.edu.cn>
commit 3f4093e2bf4673f218c0bf17d8362337c400e77b upstream.
There are use-after-free bugs caused by tst_timer. The root cause
is that there are no functions to stop tst_timer in idt77252_exit().
One of the possible race conditions is shown below:
(thread 1) | (thread 2)
| idt77252_init_one
| init_card
| fill_tst
| mod_timer(&card->tst_timer, ...)
idt77252_exit | (wait a time)
| tst_timer
|
| ...
kfree(card) // FREE |
| card->soft_tst[e] // USE
The idt77252_dev is deallocated in idt77252_exit() and used in
timer handler.
This patch adds del_timer_sync() in idt77252_exit() in order that
the timer handler could be stopped before the idt77252_dev is
deallocated.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220805070008.18007-1-duoming@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/atm/idt77252.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3766,6 +3766,7 @@ static void __exit idt77252_exit(void)
card = idt77252_chain;
dev = card->atmdev;
idt77252_chain = card->next;
+ del_timer_sync(&card->tst_timer);
if (dev->phy->stop)
dev->phy->stop(dev);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 327/389] dpaa2-eth: trace the allocated address instead of page struct
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 326/389] atm: idt77252: fix use-after-free bugs caused by tst_timer Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 328/389] tee: add overflow check in register_shm_helper() Greg Kroah-Hartman
` (66 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen Lin, Ioana Ciornei, Jakub Kicinski
From: Chen Lin <chen45464546@163.com>
commit e34f49348f8b7a53205b6f77707a3a6a40cf420b upstream.
We should trace the allocated address instead of page struct.
Fixes: 27c874867c4e ("dpaa2-eth: Use a single page per Rx buffer")
Signed-off-by: Chen Lin <chen.lin5@zte.com.cn>
Reviewed-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Link: https://lore.kernel.org/r/20220811151651.3327-1-chen45464546@163.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
+++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
@@ -971,8 +971,8 @@ static int add_bufs(struct dpaa2_eth_pri
buf_array[i] = addr;
/* tracing point */
- trace_dpaa2_eth_buf_seed(priv->net_dev,
- page, DPAA2_ETH_RX_BUF_RAW_SIZE,
+ trace_dpaa2_eth_buf_seed(priv->net_dev, page_address(page),
+ DPAA2_ETH_RX_BUF_RAW_SIZE,
addr, priv->rx_buf_size,
bpid);
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 328/389] tee: add overflow check in register_shm_helper()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 327/389] dpaa2-eth: trace the allocated address instead of page struct Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 329/389] nios2: page fault et.al. are *not* restartable syscalls Greg Kroah-Hartman
` (65 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nimish Mishra, Anirban Chakraborty,
Debdeep Mukhopadhyay, Jerome Forissier, Jens Wiklander,
Linus Torvalds
From: Jens Wiklander <jens.wiklander@linaro.org>
commit 573ae4f13f630d6660008f1974c0a8a29c30e18a upstream.
With special lengths supplied by user space, register_shm_helper() has
an integer overflow when calculating the number of pages covered by a
supplied user space memory region.
This causes internal_get_user_pages_fast() a helper function of
pin_user_pages_fast() to do a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
Modules linked in:
CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11
Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
pc : internal_get_user_pages_fast+0x474/0xa80
Call trace:
internal_get_user_pages_fast+0x474/0xa80
pin_user_pages_fast+0x24/0x4c
register_shm_helper+0x194/0x330
tee_shm_register_user_buf+0x78/0x120
tee_ioctl+0xd0/0x11a0
__arm64_sys_ioctl+0xa8/0xec
invoke_syscall+0x48/0x114
Fix this by adding an an explicit call to access_ok() in
tee_shm_register_user_buf() to catch an invalid user space address
early.
Fixes: 033ddf12bcf5 ("tee: add register user memory")
Cc: stable@vger.kernel.org
Reported-by: Nimish Mishra <neelam.nimish@gmail.com>
Reported-by: Anirban Chakraborty <ch.anirban00727@gmail.com>
Reported-by: Debdeep Mukhopadhyay <debdeep.mukhopadhyay@gmail.com>
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[JW: backport to stable-5.4 + update commit message]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tee/tee_core.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/tee/tee_core.c
+++ b/drivers/tee/tee_core.c
@@ -182,6 +182,9 @@ tee_ioctl_shm_register(struct tee_contex
if (data.flags)
return -EINVAL;
+ if (!access_ok((void __user *)(unsigned long)data.addr, data.length))
+ return -EFAULT;
+
shm = tee_shm_register(ctx, data.addr, data.length,
TEE_SHM_DMA_BUF | TEE_SHM_USER_MAPPED);
if (IS_ERR(shm))
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 329/389] nios2: page fault et.al. are *not* restartable syscalls...
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 328/389] tee: add overflow check in register_shm_helper() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 330/389] nios2: dont leave NULLs in sys_call_table[] Greg Kroah-Hartman
` (64 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Dinh Nguyen
From: Al Viro <viro@zeniv.linux.org.uk>
commit 8535c239ac674f7ead0f2652932d35c52c4123b2 upstream.
make sure that ->orig_r2 is negative for everything except
the syscalls.
Fixes: 82ed08dd1b0e ("nios2: Exception handling")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/include/asm/entry.h | 3 ++-
arch/nios2/kernel/entry.S | 4 +---
2 files changed, 3 insertions(+), 4 deletions(-)
--- a/arch/nios2/include/asm/entry.h
+++ b/arch/nios2/include/asm/entry.h
@@ -50,7 +50,8 @@
stw r13, PT_R13(sp)
stw r14, PT_R14(sp)
stw r15, PT_R15(sp)
- stw r2, PT_ORIG_R2(sp)
+ movi r24, -1
+ stw r24, PT_ORIG_R2(sp)
stw r7, PT_ORIG_R7(sp)
stw ra, PT_RA(sp)
--- a/arch/nios2/kernel/entry.S
+++ b/arch/nios2/kernel/entry.S
@@ -185,6 +185,7 @@ ENTRY(handle_system_call)
ldw r5, PT_R5(sp)
local_restart:
+ stw r2, PT_ORIG_R2(sp)
/* Check that the requested system call is within limits */
movui r1, __NR_syscalls
bgeu r2, r1, ret_invsyscall
@@ -336,9 +337,6 @@ external_interrupt:
/* skip if no interrupt is pending */
beq r12, r0, ret_from_interrupt
- movi r24, -1
- stw r24, PT_ORIG_R2(sp)
-
/*
* Process an external hardware interrupt.
*/
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 330/389] nios2: dont leave NULLs in sys_call_table[]
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 329/389] nios2: page fault et.al. are *not* restartable syscalls Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 331/389] nios2: traced syscall does need to check the syscall number Greg Kroah-Hartman
` (63 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Dinh Nguyen
From: Al Viro <viro@zeniv.linux.org.uk>
commit 45ec746c65097c25e77d24eae8fee0def5b6cc5d upstream.
fill the gaps in there with sys_ni_syscall, as everyone does...
Fixes: 82ed08dd1b0e ("nios2: Exception handling")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/kernel/entry.S | 1 -
arch/nios2/kernel/syscall_table.c | 1 +
2 files changed, 1 insertion(+), 1 deletion(-)
--- a/arch/nios2/kernel/entry.S
+++ b/arch/nios2/kernel/entry.S
@@ -193,7 +193,6 @@ local_restart:
movhi r11, %hiadj(sys_call_table)
add r1, r1, r11
ldw r1, %lo(sys_call_table)(r1)
- beq r1, r0, ret_invsyscall
/* Check if we are being traced */
GET_THREAD_INFO r11
--- a/arch/nios2/kernel/syscall_table.c
+++ b/arch/nios2/kernel/syscall_table.c
@@ -13,5 +13,6 @@
#define __SYSCALL(nr, call) [nr] = (call),
void *sys_call_table[__NR_syscalls] = {
+ [0 ... __NR_syscalls-1] = sys_ni_syscall,
#include <asm/unistd.h>
};
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 331/389] nios2: traced syscall does need to check the syscall number
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 330/389] nios2: dont leave NULLs in sys_call_table[] Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 332/389] nios2: fix syscall restart checks Greg Kroah-Hartman
` (62 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Dinh Nguyen
From: Al Viro <viro@zeniv.linux.org.uk>
commit 25ba820ef36bdbaf9884adeac69b6e1821a7df76 upstream.
all checks done before letting the tracer modify the register
state are worthless...
Fixes: 82ed08dd1b0e ("nios2: Exception handling")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/kernel/entry.S | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/arch/nios2/kernel/entry.S
+++ b/arch/nios2/kernel/entry.S
@@ -255,9 +255,9 @@ traced_system_call:
ldw r6, PT_R6(sp)
ldw r7, PT_R7(sp)
- /* Fetch the syscall function, we don't need to check the boundaries
- * since this is already done.
- */
+ /* Fetch the syscall function. */
+ movui r1, __NR_syscalls
+ bgeu r2, r1, traced_invsyscall
slli r1, r2, 2
movhi r11,%hiadj(sys_call_table)
add r1, r1, r11
@@ -287,6 +287,11 @@ end_translate_rc_and_ret2:
RESTORE_SWITCH_STACK
br ret_from_exception
+ /* If the syscall number was invalid return ENOSYS */
+traced_invsyscall:
+ movi r2, -ENOSYS
+ br translate_rc_and_ret2
+
Luser_return:
GET_THREAD_INFO r11 /* get thread_info pointer */
ldw r10, TI_FLAGS(r11) /* get thread_info->flags */
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 332/389] nios2: fix syscall restart checks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 331/389] nios2: traced syscall does need to check the syscall number Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 333/389] nios2: restarts apply only to the first sigframe we build Greg Kroah-Hartman
` (61 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Dinh Nguyen
From: Al Viro <viro@zeniv.linux.org.uk>
commit 2d631bd58fe0ea3e3350212e23c9aba1fb606514 upstream.
sys_foo() returns -512 (aka -ERESTARTSYS) => do_signal() sees
512 in r2 and 1 in r1.
sys_foo() returns 512 => do_signal() sees 512 in r2 and 0 in r1.
The former is restart-worthy; the latter obviously isn't.
Fixes: b53e906d255d ("nios2: Signal handling support")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/kernel/signal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/nios2/kernel/signal.c
+++ b/arch/nios2/kernel/signal.c
@@ -240,7 +240,7 @@ static int do_signal(struct pt_regs *reg
/*
* If we were from a system call, check for system call restarting...
*/
- if (regs->orig_r2 >= 0) {
+ if (regs->orig_r2 >= 0 && regs->r1) {
continue_addr = regs->ea;
restart_addr = continue_addr - 4;
retval = regs->r2;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 333/389] nios2: restarts apply only to the first sigframe we build...
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 332/389] nios2: fix syscall restart checks Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 334/389] nios2: add force_successful_syscall_return() Greg Kroah-Hartman
` (60 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Dinh Nguyen
From: Al Viro <viro@zeniv.linux.org.uk>
commit 411a76b7219555c55867466c82d70ce928d6c9e1 upstream.
Fixes: b53e906d255d ("nios2: Signal handling support")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/kernel/signal.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/nios2/kernel/signal.c
+++ b/arch/nios2/kernel/signal.c
@@ -261,6 +261,7 @@ static int do_signal(struct pt_regs *reg
regs->ea = restart_addr;
break;
}
+ regs->orig_r2 = -1;
}
if (get_signal(&ksig)) {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 334/389] nios2: add force_successful_syscall_return()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 333/389] nios2: restarts apply only to the first sigframe we build Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 335/389] iavf: Fix adminq error handling Greg Kroah-Hartman
` (59 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Al Viro, Dinh Nguyen
From: Al Viro <viro@zeniv.linux.org.uk>
commit fd0c153daad135d0ec1a53c5dbe6936a724d6ae1 upstream.
If we use the ancient SysV syscall ABI, we'd better have tell the
kernel how to claim that a negative return value is a success.
Use ->orig_r2 for that - it's inaccessible via ptrace, so it's
a fair game for changes and it's normally[*] non-negative on return
from syscall. Set to -1; syscall is not going to be restart-worthy
by definition, so we won't interfere with that use either.
[*] the only exception is rt_sigreturn(), where we skip the entire
messing with r1/r2 anyway.
Fixes: 82ed08dd1b0e ("nios2: Exception handling")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/nios2/include/asm/ptrace.h | 2 ++
arch/nios2/kernel/entry.S | 6 ++++++
2 files changed, 8 insertions(+)
--- a/arch/nios2/include/asm/ptrace.h
+++ b/arch/nios2/include/asm/ptrace.h
@@ -74,6 +74,8 @@ extern void show_regs(struct pt_regs *);
((struct pt_regs *)((unsigned long)current_thread_info() + THREAD_SIZE)\
- 1)
+#define force_successful_syscall_return() (current_pt_regs()->orig_r2 = -1)
+
int do_syscall_trace_enter(void);
void do_syscall_trace_exit(void);
#endif /* __ASSEMBLY__ */
--- a/arch/nios2/kernel/entry.S
+++ b/arch/nios2/kernel/entry.S
@@ -213,6 +213,9 @@ local_restart:
translate_rc_and_ret:
movi r1, 0
bge r2, zero, 3f
+ ldw r1, PT_ORIG_R2(sp)
+ addi r1, r1, 1
+ beq r1, zero, 3f
sub r2, zero, r2
movi r1, 1
3:
@@ -276,6 +279,9 @@ traced_system_call:
translate_rc_and_ret2:
movi r1, 0
bge r2, zero, 4f
+ ldw r1, PT_ORIG_R2(sp)
+ addi r1, r1, 1
+ beq r1, zero, 4f
sub r2, zero, r2
movi r1, 1
4:
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 335/389] iavf: Fix adminq error handling
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 334/389] nios2: add force_successful_syscall_return() Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 336/389] clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks Greg Kroah-Hartman
` (58 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Przemyslaw Patynowski,
Jedrzej Jagielski, Marek Szlosek, Tony Nguyen
From: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
commit 419831617ed349992c84344dbd9e627f9e68f842 upstream.
iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent
memory for VF mailbox.
Free DMA regions for both ASQ and ARQ in case error happens during
configuration of ASQ/ARQ registers.
Without this change it is possible to see when unloading interface:
74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32]
One of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]
Fixes: d358aa9a7a2d ("i40evf: init code and hardware support")
Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com>
Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Tested-by: Marek Szlosek <marek.szlosek@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/iavf/iavf_adminq.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/iavf/iavf_adminq.c
+++ b/drivers/net/ethernet/intel/iavf/iavf_adminq.c
@@ -324,6 +324,7 @@ static enum iavf_status iavf_config_arq_
static enum iavf_status iavf_init_asq(struct iavf_hw *hw)
{
enum iavf_status ret_code = 0;
+ int i;
if (hw->aq.asq.count > 0) {
/* queue already initialized */
@@ -354,12 +355,17 @@ static enum iavf_status iavf_init_asq(st
/* initialize base registers */
ret_code = iavf_config_asq_regs(hw);
if (ret_code)
- goto init_adminq_free_rings;
+ goto init_free_asq_bufs;
/* success! */
hw->aq.asq.count = hw->aq.num_asq_entries;
goto init_adminq_exit;
+init_free_asq_bufs:
+ for (i = 0; i < hw->aq.num_asq_entries; i++)
+ iavf_free_dma_mem(hw, &hw->aq.asq.r.asq_bi[i]);
+ iavf_free_virt_mem(hw, &hw->aq.asq.dma_head);
+
init_adminq_free_rings:
iavf_free_adminq_asq(hw);
@@ -383,6 +389,7 @@ init_adminq_exit:
static enum iavf_status iavf_init_arq(struct iavf_hw *hw)
{
enum iavf_status ret_code = 0;
+ int i;
if (hw->aq.arq.count > 0) {
/* queue already initialized */
@@ -413,12 +420,16 @@ static enum iavf_status iavf_init_arq(st
/* initialize base registers */
ret_code = iavf_config_arq_regs(hw);
if (ret_code)
- goto init_adminq_free_rings;
+ goto init_free_arq_bufs;
/* success! */
hw->aq.arq.count = hw->aq.num_arq_entries;
goto init_adminq_exit;
+init_free_arq_bufs:
+ for (i = 0; i < hw->aq.num_arq_entries; i++)
+ iavf_free_dma_mem(hw, &hw->aq.arq.r.arq_bi[i]);
+ iavf_free_virt_mem(hw, &hw->aq.arq.dma_head);
init_adminq_free_rings:
iavf_free_adminq_arq(hw);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 336/389] clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 335/389] iavf: Fix adminq error handling Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 337/389] netfilter: nf_tables: really skip inactive sets when allocating name Greg Kroah-Hartman
` (57 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Bee, Heiko Stuebner,
Alexander Kochetkov
From: Alex Bee <knaerzche@gmail.com>
commit ef990bcad58cf1d13c5a49191a2c2342eb8d6709 upstream.
Since the loopbacktest clock is not exported and is not touched in the
driver, it has to be added to rk3188_critical_clocks to be protected from
being disabled and in order to get the emac working.
Signed-off-by: Alex Bee <knaerzche@gmail.com>
Link: https://lore.kernel.org/r/20200722161820.5316-1-knaerzche@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Cc: Alexander Kochetkov <al.kochet@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/clk/rockchip/clk-rk3188.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/clk/rockchip/clk-rk3188.c
+++ b/drivers/clk/rockchip/clk-rk3188.c
@@ -751,6 +751,7 @@ static const char *const rk3188_critical
"pclk_peri",
"hclk_cpubus",
"hclk_vio_bus",
+ "sclk_mac_lbtest",
};
static struct rockchip_clk_provider *__init rk3188_common_clk_init(struct device_node *np)
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 337/389] netfilter: nf_tables: really skip inactive sets when allocating name
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 336/389] clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 338/389] powerpc/pci: Fix get_phb_number() locking Greg Kroah-Hartman
` (56 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 271c5ca826e0c3c53e0eb4032f8eaedea1ee391c upstream.
While looping to build the bitmap of used anonymous set names, check the
current set in the iteration, instead of the one that is being created.
Fixes: 37a9cc525525 ("netfilter: nf_tables: add generation mask to sets")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3253,7 +3253,7 @@ cont:
list_for_each_entry(i, &ctx->table->sets, list) {
int tmp;
- if (!nft_is_active_next(ctx->net, set))
+ if (!nft_is_active_next(ctx->net, i))
continue;
if (!sscanf(i->name, name, &tmp))
continue;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 338/389] powerpc/pci: Fix get_phb_number() locking
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 337/389] netfilter: nf_tables: really skip inactive sets when allocating name Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 339/389] net: dsa: mv88e6060: prevent crash on an unused port Greg Kroah-Hartman
` (55 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 8d48562a2729742f767b0fdd994d6b2a56a49c63 upstream.
The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP
warning on some systems:
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
1 lock held by swapper/1:
#0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220
Preemption disabled at:
[<00000000>] 0x0
CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1
Call Trace:
[d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable)
[d101dcb0] [c0093b70] __might_resched+0x258/0x2a8
[d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec
[d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4
[d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220
[d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784
[d101de50] [c140852c] discover_phbs+0x30/0x4c
[d101de60] [c0007fd4] do_one_initcall+0x94/0x344
[d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c
[d101df10] [c00086e0] kernel_init+0x34/0x160
[d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64
This is because pcibios_alloc_controller() holds hose_spinlock but
of_alias_get_id() takes of_mutex which can sleep.
The hose_spinlock protects the phb_bitmap, and also the hose_list, but
it doesn't need to be held while get_phb_number() calls the OF routines,
because those are only looking up information in the device tree.
So fix it by having get_phb_number() take the hose_spinlock itself, only
where required, and then dropping the lock before returning.
pcibios_alloc_controller() then needs to take the lock again before the
list_add() but that's safe, the order of the list is not important.
Fixes: 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220815065550.1303620-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/pci-common.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -66,10 +66,6 @@ void set_pci_dma_ops(const struct dma_ma
pci_dma_ops = dma_ops;
}
-/*
- * This function should run under locking protection, specifically
- * hose_spinlock.
- */
static int get_phb_number(struct device_node *dn)
{
int ret, phb_id = -1;
@@ -106,15 +102,20 @@ static int get_phb_number(struct device_
if (!ret)
phb_id = (int)(prop & (MAX_PHBS - 1));
+ spin_lock(&hose_spinlock);
+
/* We need to be sure to not use the same PHB number twice. */
if ((phb_id >= 0) && !test_and_set_bit(phb_id, phb_bitmap))
- return phb_id;
+ goto out_unlock;
/* If everything fails then fallback to dynamic PHB numbering. */
phb_id = find_first_zero_bit(phb_bitmap, MAX_PHBS);
BUG_ON(phb_id >= MAX_PHBS);
set_bit(phb_id, phb_bitmap);
+out_unlock:
+ spin_unlock(&hose_spinlock);
+
return phb_id;
}
@@ -125,10 +126,13 @@ struct pci_controller *pcibios_alloc_con
phb = zalloc_maybe_bootmem(sizeof(struct pci_controller), GFP_KERNEL);
if (phb == NULL)
return NULL;
- spin_lock(&hose_spinlock);
+
phb->global_number = get_phb_number(dev);
+
+ spin_lock(&hose_spinlock);
list_add_tail(&phb->list_node, &hose_list);
spin_unlock(&hose_spinlock);
+
phb->dn = dev;
phb->is_dynamic = slab_is_available();
#ifdef CONFIG_PPC64
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 339/389] net: dsa: mv88e6060: prevent crash on an unused port
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 338/389] powerpc/pci: Fix get_phb_number() locking Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 340/389] net: moxa: pass pdev instead of ndev to DMA functions Greg Kroah-Hartman
` (54 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vivien Didelot, Florian Fainelli,
Sergei Antonov, Vladimir Oltean, Jakub Kicinski
From: Sergei Antonov <saproj@gmail.com>
commit 246bbf2f977ea36aaf41f5d24370fef433250728 upstream.
If the port isn't a CPU port nor a user port, 'cpu_dp'
is a null pointer and a crash happened on dereferencing
it in mv88e6060_setup_port():
[ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014
...
[ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84
[ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54
[ 9.954433] mdio_probe from really_probe.part.0+0x98/0x2a0
[ 9.960375] really_probe.part.0 from driver_probe_device+0x30/0x10c
[ 9.967029] driver_probe_device from __device_attach_driver+0xb8/0x13c
[ 9.973946] __device_attach_driver from bus_for_each_drv+0x90/0xe0
[ 9.980509] bus_for_each_drv from __device_attach+0x110/0x184
[ 9.986632] __device_attach from bus_probe_device+0x8c/0x94
[ 9.992577] bus_probe_device from deferred_probe_work_func+0x78/0xa8
[ 9.999311] deferred_probe_work_func from process_one_work+0x290/0x73c
[ 10.006292] process_one_work from worker_thread+0x30/0x4b8
[ 10.012155] worker_thread from kthread+0xd4/0x10c
[ 10.017238] kthread from ret_from_fork+0x14/0x3c
Fixes: 0abfd494deef ("net: dsa: use dedicated CPU port")
CC: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
CC: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Link: https://lore.kernel.org/r/20220811070939.1717146-1-saproj@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/dsa/mv88e6060.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/dsa/mv88e6060.c
+++ b/drivers/net/dsa/mv88e6060.c
@@ -117,6 +117,9 @@ static int mv88e6060_setup_port(struct m
int addr = REG_PORT(p);
int ret;
+ if (dsa_is_unused_port(priv->ds, p))
+ return 0;
+
/* Do not force flow control, disable Ingress and Egress
* Header tagging, disable VLAN tunneling, and set the port
* state to Forwarding. Additionally, if this is the CPU
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 340/389] net: moxa: pass pdev instead of ndev to DMA functions
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 339/389] net: dsa: mv88e6060: prevent crash on an unused port Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 341/389] net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry Greg Kroah-Hartman
` (53 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sergei Antonov, Andrew Lunn, Jakub Kicinski
From: Sergei Antonov <saproj@gmail.com>
commit 3a12df22a8f68954a4ba48435c06b3d1791c87c4 upstream.
dma_map_single() calls fail in moxart_mac_setup_desc_ring() and
moxart_mac_start_xmit() which leads to an incessant output of this:
[ 16.043925] moxart-ethernet 92000000.mac eth0: DMA mapping error
[ 16.050957] moxart-ethernet 92000000.mac eth0: DMA mapping error
[ 16.058229] moxart-ethernet 92000000.mac eth0: DMA mapping error
Passing pdev to DMA is a common approach among net drivers.
Fixes: 6c821bd9edc9 ("net: Add MOXA ART SoCs ethernet driver")
Signed-off-by: Sergei Antonov <saproj@gmail.com>
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220812171339.2271788-1-saproj@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/moxa/moxart_ether.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
--- a/drivers/net/ethernet/moxa/moxart_ether.c
+++ b/drivers/net/ethernet/moxa/moxart_ether.c
@@ -77,7 +77,7 @@ static void moxart_mac_free_memory(struc
int i;
for (i = 0; i < RX_DESC_NUM; i++)
- dma_unmap_single(&ndev->dev, priv->rx_mapping[i],
+ dma_unmap_single(&priv->pdev->dev, priv->rx_mapping[i],
priv->rx_buf_size, DMA_FROM_DEVICE);
if (priv->tx_desc_base)
@@ -147,11 +147,11 @@ static void moxart_mac_setup_desc_ring(s
desc + RX_REG_OFFSET_DESC1);
priv->rx_buf[i] = priv->rx_buf_base + priv->rx_buf_size * i;
- priv->rx_mapping[i] = dma_map_single(&ndev->dev,
+ priv->rx_mapping[i] = dma_map_single(&priv->pdev->dev,
priv->rx_buf[i],
priv->rx_buf_size,
DMA_FROM_DEVICE);
- if (dma_mapping_error(&ndev->dev, priv->rx_mapping[i]))
+ if (dma_mapping_error(&priv->pdev->dev, priv->rx_mapping[i]))
netdev_err(ndev, "DMA mapping error\n");
moxart_desc_write(priv->rx_mapping[i],
@@ -240,7 +240,7 @@ static int moxart_rx_poll(struct napi_st
if (len > RX_BUF_SIZE)
len = RX_BUF_SIZE;
- dma_sync_single_for_cpu(&ndev->dev,
+ dma_sync_single_for_cpu(&priv->pdev->dev,
priv->rx_mapping[rx_head],
priv->rx_buf_size, DMA_FROM_DEVICE);
skb = netdev_alloc_skb_ip_align(ndev, len);
@@ -294,7 +294,7 @@ static void moxart_tx_finished(struct ne
unsigned int tx_tail = priv->tx_tail;
while (tx_tail != tx_head) {
- dma_unmap_single(&ndev->dev, priv->tx_mapping[tx_tail],
+ dma_unmap_single(&priv->pdev->dev, priv->tx_mapping[tx_tail],
priv->tx_len[tx_tail], DMA_TO_DEVICE);
ndev->stats.tx_packets++;
@@ -357,9 +357,9 @@ static int moxart_mac_start_xmit(struct
len = skb->len > TX_BUF_SIZE ? TX_BUF_SIZE : skb->len;
- priv->tx_mapping[tx_head] = dma_map_single(&ndev->dev, skb->data,
+ priv->tx_mapping[tx_head] = dma_map_single(&priv->pdev->dev, skb->data,
len, DMA_TO_DEVICE);
- if (dma_mapping_error(&ndev->dev, priv->tx_mapping[tx_head])) {
+ if (dma_mapping_error(&priv->pdev->dev, priv->tx_mapping[tx_head])) {
netdev_err(ndev, "DMA mapping error\n");
goto out_unlock;
}
@@ -378,7 +378,7 @@ static int moxart_mac_start_xmit(struct
len = ETH_ZLEN;
}
- dma_sync_single_for_device(&ndev->dev, priv->tx_mapping[tx_head],
+ dma_sync_single_for_device(&priv->pdev->dev, priv->tx_mapping[tx_head],
priv->tx_buf_size, DMA_TO_DEVICE);
txdes1 = TX_DESC1_LTS | TX_DESC1_FTS | (len & TX_DESC1_BUF_SIZE_MASK);
@@ -498,7 +498,7 @@ static int moxart_mac_probe(struct platf
priv->tx_buf_size = TX_BUF_SIZE;
priv->rx_buf_size = RX_BUF_SIZE;
- priv->tx_desc_base = dma_alloc_coherent(&pdev->dev, TX_REG_DESC_SIZE *
+ priv->tx_desc_base = dma_alloc_coherent(p_dev, TX_REG_DESC_SIZE *
TX_DESC_NUM, &priv->tx_base,
GFP_DMA | GFP_KERNEL);
if (!priv->tx_desc_base) {
@@ -506,7 +506,7 @@ static int moxart_mac_probe(struct platf
goto init_fail;
}
- priv->rx_desc_base = dma_alloc_coherent(&pdev->dev, RX_REG_DESC_SIZE *
+ priv->rx_desc_base = dma_alloc_coherent(p_dev, RX_REG_DESC_SIZE *
RX_DESC_NUM, &priv->rx_base,
GFP_DMA | GFP_KERNEL);
if (!priv->rx_desc_base) {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 341/389] net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 340/389] net: moxa: pass pdev instead of ndev to DMA functions Greg Kroah-Hartman
@ 2022-08-23 8:26 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 342/389] ice: Ignore EEXIST when setting promisc mode Greg Kroah-Hartman
` (52 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:26 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arun Ramadoss, Vladimir Oltean,
Jakub Kicinski
From: Arun Ramadoss <arun.ramadoss@microchip.com>
commit 36c0d935015766bf20d621c18313f17691bda5e3 upstream.
In the ksz9477_fdb_dump function it reads the ALU control register and
exit from the timeout loop if there is valid entry or search is
complete. After exiting the loop, it reads the alu entry and report to
the user space irrespective of entry is valid. It works till the valid
entry. If the loop exited when search is complete, it reads the alu
table. The table returns all ones and it is reported to user space. So
bridge fdb show gives ff:ff:ff:ff:ff:ff as last entry for every port.
To fix it, after exiting the loop the entry is reported only if it is
valid one.
Fixes: b987e98e50ab ("dsa: add DSA switch driver for Microchip KSZ9477")
Signed-off-by: Arun Ramadoss <arun.ramadoss@microchip.com>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Link: https://lore.kernel.org/r/20220816105516.18350-1-arun.ramadoss@microchip.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/dsa/microchip/ksz9477.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/dsa/microchip/ksz9477.c
+++ b/drivers/net/dsa/microchip/ksz9477.c
@@ -766,6 +766,9 @@ static int ksz9477_port_fdb_dump(struct
goto exit;
}
+ if (!(ksz_data & ALU_VALID))
+ continue;
+
/* read ALU table */
ksz9477_read_table(dev, alu_table);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 342/389] ice: Ignore EEXIST when setting promisc mode
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2022-08-23 8:26 ` [PATCH 5.4 341/389] net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 343/389] i40e: Fix to stop tx_timeout recovery if GLOBR fails Greg Kroah-Hartman
` (51 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Grzegorz Siwik, Jaroslav Pulchart,
Igor Raits, Tony Nguyen, Gurucharan
From: Grzegorz Siwik <grzegorz.siwik@intel.com>
commit 11e551a2efa4481bd4f616ab75374a2710b480e9 upstream.
Ignore EEXIST error when setting promiscuous mode.
This fix is needed because the driver could set promiscuous mode
when it still has not cleared properly.
Promiscuous mode could be set only once, so setting it second
time will be rejected.
Fixes: 5eda8afd6bcc ("ice: Add support for PF/VF promiscuous mode")
Signed-off-by: Grzegorz Siwik <grzegorz.siwik@intel.com>
Link: https://lore.kernel.org/all/CAK8fFZ7m-KR57M_rYX6xZN39K89O=LGooYkKsu6HKt0Bs+x6xQ@mail.gmail.com/
Tested-by: Jaroslav Pulchart <jaroslav.pulchart@gooddata.com>
Tested-by: Igor Raits <igor@gooddata.com>
Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ice/ice_switch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/ice/ice_switch.c
+++ b/drivers/net/ethernet/intel/ice/ice_switch.c
@@ -2627,7 +2627,7 @@ ice_set_vlan_vsi_promisc(struct ice_hw *
else
status = ice_set_vsi_promisc(hw, vsi_handle,
promisc_mask, vlan_id);
- if (status)
+ if (status && status != -EEXIST)
break;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 343/389] i40e: Fix to stop tx_timeout recovery if GLOBR fails
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 342/389] ice: Ignore EEXIST when setting promisc mode Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 344/389] fec: Fix timer capture timing in `fec_ptp_enable_pps()` Greg Kroah-Hartman
` (50 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Brady, Mateusz Palczewski,
Tony Nguyen, Gurucharan
From: Alan Brady <alan.brady@intel.com>
commit 57c942bc3bef0970f0b21f8e0998e76a900ea80d upstream.
When a tx_timeout fires, the PF attempts to recover by incrementally
resetting. First we try a PFR, then CORER and finally a GLOBR. If the
GLOBR fails, then we keep hitting the tx_timeout and incrementing the
recovery level and issuing dmesgs, which is both annoying to the user
and accomplishes nothing.
If the GLOBR fails, then we're pretty much totally hosed, and there's
not much else we can do to recover, so this makes it such that we just
kill the VSI and stop hitting the tx_timeout in such a case.
Fixes: 41c445ff0f48 ("i40e: main driver core")
Signed-off-by: Alan Brady <alan.brady@intel.com>
Signed-off-by: Mateusz Palczewski <mateusz.palczewski@intel.com>
Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -409,7 +409,9 @@ static void i40e_tx_timeout(struct net_d
set_bit(__I40E_GLOBAL_RESET_REQUESTED, pf->state);
break;
default:
- netdev_err(netdev, "tx_timeout recovery unsuccessful\n");
+ netdev_err(netdev, "tx_timeout recovery unsuccessful, device is in non-recoverable state.\n");
+ set_bit(__I40E_DOWN_REQUESTED, pf->state);
+ set_bit(__I40E_VSI_DOWN_REQUESTED, vsi->state);
break;
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 344/389] fec: Fix timer capture timing in `fec_ptp_enable_pps()`
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 343/389] i40e: Fix to stop tx_timeout recovery if GLOBR fails Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 345/389] igb: Add lock to avoid data race Greg Kroah-Hartman
` (49 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Csókás Bence, Jakub Kicinski
From: Csókás Bence <csokas.bence@prolan.hu>
commit 61d5e2a251fb20c2c5e998c3f1d52ed6d5360319 upstream.
Code reimplements functionality already in `fec_ptp_read()`,
but misses check for FEC_QUIRK_BUG_CAPTURE. Replace with function call.
Fixes: 28b5f058cf1d ("net: fec: ptp: fix convergence issue to support LinuxPTP stack")
Signed-off-by: Csókás Bence <csokas.bence@prolan.hu>
Link: https://lore.kernel.org/r/20220811101348.13755-1-csokas.bence@prolan.hu
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/freescale/fec_ptp.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/drivers/net/ethernet/freescale/fec_ptp.c
+++ b/drivers/net/ethernet/freescale/fec_ptp.c
@@ -141,11 +141,7 @@ static int fec_ptp_enable_pps(struct fec
* NSEC_PER_SEC - ts.tv_nsec. Add the remaining nanoseconds
* to current timer would be next second.
*/
- tempval = readl(fep->hwp + FEC_ATIME_CTRL);
- tempval |= FEC_T_CTRL_CAPTURE;
- writel(tempval, fep->hwp + FEC_ATIME_CTRL);
-
- tempval = readl(fep->hwp + FEC_ATIME);
+ tempval = fep->cc.read(&fep->cc);
/* Convert the ptp local counter to 1588 timestamp */
ns = timecounter_cyc2time(&fep->tc, tempval);
ts = ns_to_timespec64(ns);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 345/389] igb: Add lock to avoid data race
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 344/389] fec: Fix timer capture timing in `fec_ptp_enable_pps()` Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 346/389] gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file Greg Kroah-Hartman
` (48 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lin Ma, Konrad Jankowski,
Tony Nguyen, Jakub Kicinski
From: Lin Ma <linma@zju.edu.cn>
commit 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 upstream.
The commit c23d92b80e0b ("igb: Teardown SR-IOV before
unregister_netdev()") places the unregister_netdev() call after the
igb_disable_sriov() call to avoid functionality issue.
However, it introduces several race conditions when detaching a device.
For example, when .remove() is called, the below interleaving leads to
use-after-free.
(FREE from device detaching) | (USE from netdev core)
igb_remove | igb_ndo_get_vf_config
igb_disable_sriov | vf >= adapter->vfs_allocated_count?
kfree(adapter->vf_data) |
adapter->vfs_allocated_count = 0 |
| memcpy(... adapter->vf_data[vf]
Moreover, the igb_disable_sriov() also suffers from data race with the
requests from VF driver.
(FREE from device detaching) | (USE from requests)
igb_remove | igb_msix_other
igb_disable_sriov | igb_msg_task
kfree(adapter->vf_data) | vf < adapter->vfs_allocated_count
adapter->vfs_allocated_count = 0 |
To this end, this commit first eliminates the data races from netdev
core by using rtnl_lock (similar to commit 719479230893 ("dpaa2-eth: add
MAC/PHY support through phylink")). And then adds a spinlock to
eliminate races from driver requests. (similar to commit 1e53834ce541
("ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero")
Fixes: c23d92b80e0b ("igb: Teardown SR-IOV before unregister_netdev()")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20220817184921.735244-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/igb/igb.h | 2 ++
drivers/net/ethernet/intel/igb/igb_main.c | 12 +++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/intel/igb/igb.h
+++ b/drivers/net/ethernet/intel/igb/igb.h
@@ -594,6 +594,8 @@ struct igb_adapter {
struct igb_mac_addr *mac_table;
struct vf_mac_filter vf_macs;
struct vf_mac_filter *vf_mac_list;
+ /* lock for VF resources */
+ spinlock_t vfs_lock;
};
/* flags controlling PTP/1588 function */
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -3491,6 +3491,7 @@ static int igb_disable_sriov(struct pci_
struct net_device *netdev = pci_get_drvdata(pdev);
struct igb_adapter *adapter = netdev_priv(netdev);
struct e1000_hw *hw = &adapter->hw;
+ unsigned long flags;
/* reclaim resources allocated to VFs */
if (adapter->vf_data) {
@@ -3503,12 +3504,13 @@ static int igb_disable_sriov(struct pci_
pci_disable_sriov(pdev);
msleep(500);
}
-
+ spin_lock_irqsave(&adapter->vfs_lock, flags);
kfree(adapter->vf_mac_list);
adapter->vf_mac_list = NULL;
kfree(adapter->vf_data);
adapter->vf_data = NULL;
adapter->vfs_allocated_count = 0;
+ spin_unlock_irqrestore(&adapter->vfs_lock, flags);
wr32(E1000_IOVCTL, E1000_IOVCTL_REUSE_VFQ);
wrfl();
msleep(100);
@@ -3668,7 +3670,9 @@ static void igb_remove(struct pci_dev *p
igb_release_hw_control(adapter);
#ifdef CONFIG_PCI_IOV
+ rtnl_lock();
igb_disable_sriov(pdev);
+ rtnl_unlock();
#endif
unregister_netdev(netdev);
@@ -3829,6 +3833,9 @@ static int igb_sw_init(struct igb_adapte
spin_lock_init(&adapter->nfc_lock);
spin_lock_init(&adapter->stats64_lock);
+
+ /* init spinlock to avoid concurrency of VF resources */
+ spin_lock_init(&adapter->vfs_lock);
#ifdef CONFIG_PCI_IOV
switch (hw->mac.type) {
case e1000_82576:
@@ -7569,8 +7576,10 @@ unlock:
static void igb_msg_task(struct igb_adapter *adapter)
{
struct e1000_hw *hw = &adapter->hw;
+ unsigned long flags;
u32 vf;
+ spin_lock_irqsave(&adapter->vfs_lock, flags);
for (vf = 0; vf < adapter->vfs_allocated_count; vf++) {
/* process any reset requests */
if (!igb_check_for_rst(hw, vf))
@@ -7584,6 +7593,7 @@ static void igb_msg_task(struct igb_adap
if (!igb_check_for_ack(hw, vf))
igb_rcv_ack_from_vf(adapter, vf);
}
+ spin_unlock_irqrestore(&adapter->vfs_lock, flags);
}
/**
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 346/389] gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 345/389] igb: Add lock to avoid data race Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 347/389] locking/atomic: Make test_and_*_bit() ordered on failure Greg Kroah-Hartman
` (47 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yury Norov, Erhard Furtner,
Andrew Donnellan, Kees Cook
From: Andrew Donnellan <ajd@linux.ibm.com>
commit 012e8d2034f1bda8863435cd589636e618d6a659 upstream.
Commit 36d4b36b6959 ("lib/nodemask: inline next_node_in() and
node_random()") refactored some code by moving node_random() from
lib/nodemask.c to include/linux/nodemask.h, thus requiring nodemask.h to
include random.h, which conditionally defines add_latent_entropy()
depending on whether the macro LATENT_ENTROPY_PLUGIN is defined.
This broke the build on powerpc, where nodemask.h is indirectly included
in arch/powerpc/kernel/prom_init.c, part of the early boot machinery that
is excluded from the latent entropy plugin using
DISABLE_LATENT_ENTROPY_PLUGIN. It turns out that while we add a gcc flag
to disable the actual plugin, we don't undefine LATENT_ENTROPY_PLUGIN.
This leads to the following:
CC arch/powerpc/kernel/prom_init.o
In file included from ./include/linux/nodemask.h:97,
from ./include/linux/mmzone.h:17,
from ./include/linux/gfp.h:7,
from ./include/linux/xarray.h:15,
from ./include/linux/radix-tree.h:21,
from ./include/linux/idr.h:15,
from ./include/linux/kernfs.h:12,
from ./include/linux/sysfs.h:16,
from ./include/linux/kobject.h:20,
from ./include/linux/pci.h:35,
from arch/powerpc/kernel/prom_init.c:24:
./include/linux/random.h: In function 'add_latent_entropy':
./include/linux/random.h:25:46: error: 'latent_entropy' undeclared (first use in this function); did you mean 'add_latent_entropy'?
25 | add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
| ^~~~~~~~~~~~~~
| add_latent_entropy
./include/linux/random.h:25:46: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [scripts/Makefile.build:249: arch/powerpc/kernel/prom_init.o] Fehler 1
make[1]: *** [scripts/Makefile.build:465: arch/powerpc/kernel] Fehler 2
make: *** [Makefile:1855: arch/powerpc] Error 2
Change the DISABLE_LATENT_ENTROPY_PLUGIN flags to undefine
LATENT_ENTROPY_PLUGIN for files where the plugin is disabled.
Cc: Yury Norov <yury.norov@gmail.com>
Fixes: 38addce8b600 ("gcc-plugins: Add latent_entropy plugin")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216367
Link: https://lore.kernel.org/linuxppc-dev/alpine.DEB.2.22.394.2208152006320.289321@ramsan.of.borg/
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Reviewed-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220816051720.44108-1-ajd@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/Makefile.gcc-plugins | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/scripts/Makefile.gcc-plugins
+++ b/scripts/Makefile.gcc-plugins
@@ -6,7 +6,7 @@ gcc-plugin-$(CONFIG_GCC_PLUGIN_LATENT_EN
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) \
+= -DLATENT_ENTROPY_PLUGIN
ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
- DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
+ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable -ULATENT_ENTROPY_PLUGIN
endif
export DISABLE_LATENT_ENTROPY_PLUGIN
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 347/389] locking/atomic: Make test_and_*_bit() ordered on failure
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 346/389] gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 348/389] drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() Greg Kroah-Hartman
` (46 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Torvalds, Hector Martin,
Will Deacon, Arnd Bergmann
From: Hector Martin <marcan@marcan.st>
commit 415d832497098030241605c52ea83d4e2cfa7879 upstream.
These operations are documented as always ordered in
include/asm-generic/bitops/instrumented-atomic.h, and producer-consumer
type use cases where one side needs to ensure a flag is left pending
after some shared data was updated rely on this ordering, even in the
failure case.
This is the case with the workqueue code, which currently suffers from a
reproducible ordering violation on Apple M1 platforms (which are
notoriously out-of-order) that ends up causing the TTY layer to fail to
deliver data to userspace properly under the right conditions. This
change fixes that bug.
Change the documentation to restrict the "no order on failure" story to
the _lock() variant (for which it makes sense), and remove the
early-exit from the generic implementation, which is what causes the
missing barrier semantics in that case. Without this, the remaining
atomic op is fully ordered (including on ARM64 LSE, as of recent
versions of the architecture spec).
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes: e986a0d6cb36 ("locking/atomics, asm-generic/bitops/atomic.h: Rewrite using atomic_*() APIs")
Fixes: 61e02392d3c7 ("locking/atomic/bitops: Document and clarify ordering semantics for failed test_and_{}_bit()")
Signed-off-by: Hector Martin <marcan@marcan.st>
Acked-by: Will Deacon <will@kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/atomic_bitops.txt | 2 +-
include/asm-generic/bitops/atomic.h | 6 ------
2 files changed, 1 insertion(+), 7 deletions(-)
--- a/Documentation/atomic_bitops.txt
+++ b/Documentation/atomic_bitops.txt
@@ -59,7 +59,7 @@ Like with atomic_t, the rule of thumb is
- RMW operations that have a return value are fully ordered.
- RMW operations that are conditional are unordered on FAILURE,
- otherwise the above rules apply. In the case of test_and_{}_bit() operations,
+ otherwise the above rules apply. In the case of test_and_set_bit_lock(),
if the bit in memory is unchanged by the operation then it is deemed to have
failed.
--- a/include/asm-generic/bitops/atomic.h
+++ b/include/asm-generic/bitops/atomic.h
@@ -35,9 +35,6 @@ static inline int test_and_set_bit(unsig
unsigned long mask = BIT_MASK(nr);
p += BIT_WORD(nr);
- if (READ_ONCE(*p) & mask)
- return 1;
-
old = atomic_long_fetch_or(mask, (atomic_long_t *)p);
return !!(old & mask);
}
@@ -48,9 +45,6 @@ static inline int test_and_clear_bit(uns
unsigned long mask = BIT_MASK(nr);
p += BIT_WORD(nr);
- if (!(READ_ONCE(*p) & mask))
- return 0;
-
old = atomic_long_fetch_andnot(mask, (atomic_long_t *)p);
return !!(old & mask);
}
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 348/389] drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 347/389] locking/atomic: Make test_and_*_bit() ordered on failure Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 349/389] PCI: Add ACS quirk for Broadcom BCM5750x NICs Greg Kroah-Hartman
` (45 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Martin Blumenstingl,
Neil Armstrong, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 91b3c8dbe898df158fd2a84675f3a284ff6666f7 ]
In this function, there are two refcount leak bugs:
(1) when breaking out of for_each_endpoint_of_node(), we need call
the of_node_put() for the 'ep';
(2) we should call of_node_put() for the reference returned by
of_graph_get_remote_port() when it is not used anymore.
Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller")
Signed-off-by: Liang He <windhl@126.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220726010722.1319416-1-windhl@126.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_drv.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
index 61a6536e7e61..9a39afc3939b 100644
--- a/drivers/gpu/drm/meson/meson_drv.c
+++ b/drivers/gpu/drm/meson/meson_drv.c
@@ -124,8 +124,11 @@ static bool meson_vpu_has_available_connectors(struct device *dev)
for_each_endpoint_of_node(dev->of_node, ep) {
/* If the endpoint node exists, consider it enabled */
remote = of_graph_get_remote_port(ep);
- if (remote)
+ if (remote) {
+ of_node_put(remote);
+ of_node_put(ep);
return true;
+ }
}
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 349/389] PCI: Add ACS quirk for Broadcom BCM5750x NICs
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 348/389] drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 350/389] usb: cdns3 fix use-after-free at workaround 2 Greg Kroah-Hartman
` (44 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pavan Chebbi, Michael Chan,
Bjorn Helgaas, Sasha Levin
From: Pavan Chebbi <pavan.chebbi@broadcom.com>
[ Upstream commit afd306a65cedb9589564bdb23a0c368abc4215fd ]
The Broadcom BCM5750x NICs may be multi-function devices. They do not
advertise ACS capability. Peer-to-peer transactions are not possible
between the individual functions, so it is safe to treat them as fully
isolated.
Add an ACS quirk for these devices so the functions can be in independent
IOMMU groups and attached individually to userspace applications using
VFIO.
Link: https://lore.kernel.org/r/1654796507-28610-1-git-send-email-michael.chan@broadcom.com
Signed-off-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 2a4bc8df8563..8b98b7f3eb24 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4943,6 +4943,9 @@ static const struct pci_dev_acs_enabled {
{ PCI_VENDOR_ID_AMPERE, 0xE00C, pci_quirk_xgene_acs },
/* Broadcom multi-function device */
{ PCI_VENDOR_ID_BROADCOM, 0x16D7, pci_quirk_mf_endpoint_acs },
+ { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs },
+ { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs },
+ { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs },
{ PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs },
/* Amazon Annapurna Labs */
{ PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs },
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 350/389] usb: cdns3 fix use-after-free at workaround 2
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 349/389] PCI: Add ACS quirk for Broadcom BCM5750x NICs Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 351/389] usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info Greg Kroah-Hartman
` (43 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frank Li, Faqiang Zhu, Sasha Levin
From: Frank Li <Frank.Li@nxp.com>
[ Upstream commit 7d602f30149a117eea260208b1661bc404c21dfd ]
BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac
cdns3_wa2_remove_old_request()
{
...
kfree(priv_req->request.buf);
cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);
list_del_init(&priv_req->list);
^^^ use after free
...
}
cdns3_gadget_ep_free_request() free the space pointed by priv_req,
but priv_req is used in the following list_del_init().
This patch move list_del_init() before cdns3_gadget_ep_free_request().
Signed-off-by: Frank Li <Frank.Li@nxp.com>
Signed-off-by: Faqiang Zhu <faqiang.zhu@nxp.com>
Link: https://lore.kernel.org/r/20220608190430.2814358-1-Frank.Li@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/cdns3/gadget.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/cdns3/gadget.c b/drivers/usb/cdns3/gadget.c
index 296f2ee1b680..a9399f2b3930 100644
--- a/drivers/usb/cdns3/gadget.c
+++ b/drivers/usb/cdns3/gadget.c
@@ -549,9 +549,9 @@ static void cdns3_wa2_remove_old_request(struct cdns3_endpoint *priv_ep)
trace_cdns3_wa2(priv_ep, "removes eldest request");
kfree(priv_req->request.buf);
+ list_del_init(&priv_req->list);
cdns3_gadget_ep_free_request(&priv_ep->endpoint,
&priv_req->request);
- list_del_init(&priv_req->list);
--priv_ep->wa2_counter;
if (!chain)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 351/389] usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 350/389] usb: cdns3 fix use-after-free at workaround 2 Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 352/389] irqchip/tegra: Fix overflow implicit truncation warnings Greg Kroah-Hartman
` (42 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Pinchart, Michael Grzeschik,
Sasha Levin
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit a725d0f6dfc5d3739d6499f30ec865305ba3544d ]
Likewise to the uvcvideo hostside driver, this patch is changing the
usb_request message of an non zero completion handler call from dev_info
to dev_warn.
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220529223848.105914-4-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/uvc_video.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c
index 5c042f380708..f9fad639a489 100644
--- a/drivers/usb/gadget/function/uvc_video.c
+++ b/drivers/usb/gadget/function/uvc_video.c
@@ -191,7 +191,7 @@ uvc_video_complete(struct usb_ep *ep, struct usb_request *req)
goto requeue;
default:
- uvcg_info(&video->uvc->func,
+ uvcg_warn(&video->uvc->func,
"VS request completed with status %d.\n",
req->status);
uvcg_queue_cancel(queue, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 352/389] irqchip/tegra: Fix overflow implicit truncation warnings
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 351/389] usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 353/389] drm/meson: " Greg Kroah-Hartman
` (41 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Zyngier, Sai Prakash Ranjan,
Arnd Bergmann, Sasha Levin
From: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
[ Upstream commit 443685992bda9bb4f8b17fc02c9f6c60e62b1461 ]
Fix -Woverflow warnings for tegra irqchip driver which is a result
of moving arm64 custom MMIO accessor macros to asm-generic function
implementations giving a bonus type-checking now and uncovering these
overflow warnings.
drivers/irqchip/irq-tegra.c: In function ‘tegra_ictlr_suspend’:
drivers/irqchip/irq-tegra.c:151:18: warning: large integer implicitly truncated to unsigned type [-Woverflow]
writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR);
^
Suggested-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Cc: Marc Zyngier <maz@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-tegra.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/irqchip/irq-tegra.c b/drivers/irqchip/irq-tegra.c
index e1f771c72fc4..ad3e2c1b3c87 100644
--- a/drivers/irqchip/irq-tegra.c
+++ b/drivers/irqchip/irq-tegra.c
@@ -148,10 +148,10 @@ static int tegra_ictlr_suspend(void)
lic->cop_iep[i] = readl_relaxed(ictlr + ICTLR_COP_IEP_CLASS);
/* Disable COP interrupts */
- writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_COP_IER_CLR);
/* Disable CPU interrupts */
- writel_relaxed(~0ul, ictlr + ICTLR_CPU_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_CPU_IER_CLR);
/* Enable the wakeup sources of ictlr */
writel_relaxed(lic->ictlr_wake_mask[i], ictlr + ICTLR_CPU_IER_SET);
@@ -172,12 +172,12 @@ static void tegra_ictlr_resume(void)
writel_relaxed(lic->cpu_iep[i],
ictlr + ICTLR_CPU_IEP_CLASS);
- writel_relaxed(~0ul, ictlr + ICTLR_CPU_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_CPU_IER_CLR);
writel_relaxed(lic->cpu_ier[i],
ictlr + ICTLR_CPU_IER_SET);
writel_relaxed(lic->cop_iep[i],
ictlr + ICTLR_COP_IEP_CLASS);
- writel_relaxed(~0ul, ictlr + ICTLR_COP_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), ictlr + ICTLR_COP_IER_CLR);
writel_relaxed(lic->cop_ier[i],
ictlr + ICTLR_COP_IER_SET);
}
@@ -312,7 +312,7 @@ static int __init tegra_ictlr_init(struct device_node *node,
lic->base[i] = base;
/* Disable all interrupts */
- writel_relaxed(~0UL, base + ICTLR_CPU_IER_CLR);
+ writel_relaxed(GENMASK(31, 0), base + ICTLR_CPU_IER_CLR);
/* All interrupts target IRQ */
writel_relaxed(0, base + ICTLR_CPU_IEP_CLASS);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 353/389] drm/meson: Fix overflow implicit truncation warnings
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 352/389] irqchip/tegra: Fix overflow implicit truncation warnings Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 354/389] usb: host: ohci-ppc-of: Fix refcount leak bug Greg Kroah-Hartman
` (40 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Sai Prakash Ranjan, Arnd Bergmann, Neil Armstrong, Sasha Levin
From: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
[ Upstream commit 98692f52c588225034cbff458622c2c06dfcb544 ]
Fix -Woverflow warnings for drm/meson driver which is a result
of moving arm64 custom MMIO accessor macros to asm-generic function
implementations giving a bonus type-checking now and uncovering these
overflow warnings.
drivers/gpu/drm/meson/meson_viu.c: In function ‘meson_viu_init’:
drivers/gpu/drm/meson/meson_registers.h:1826:48: error: large integer implicitly truncated to unsigned type [-Werror=overflow]
#define VIU_OSD_BLEND_REORDER(dest, src) ((src) << (dest * 4))
^
drivers/gpu/drm/meson/meson_viu.c:472:18: note: in expansion of macro ‘VIU_OSD_BLEND_REORDER’
writel_relaxed(VIU_OSD_BLEND_REORDER(0, 1) |
^~~~~~~~~~~~~~~~~~~~~
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Sai Prakash Ranjan <quic_saipraka@quicinc.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/meson/meson_viu.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/gpu/drm/meson/meson_viu.c b/drivers/gpu/drm/meson/meson_viu.c
index 33698814c022..9991f0a43b1a 100644
--- a/drivers/gpu/drm/meson/meson_viu.c
+++ b/drivers/gpu/drm/meson/meson_viu.c
@@ -400,17 +400,17 @@ void meson_viu_init(struct meson_drm *priv)
priv->io_base + _REG(VD2_IF0_LUMA_FIFO_SIZE));
if (meson_vpu_is_compatible(priv, VPU_COMPATIBLE_G12A)) {
- writel_relaxed(VIU_OSD_BLEND_REORDER(0, 1) |
- VIU_OSD_BLEND_REORDER(1, 0) |
- VIU_OSD_BLEND_REORDER(2, 0) |
- VIU_OSD_BLEND_REORDER(3, 0) |
- VIU_OSD_BLEND_DIN_EN(1) |
- VIU_OSD_BLEND1_DIN3_BYPASS_TO_DOUT1 |
- VIU_OSD_BLEND1_DOUT_BYPASS_TO_BLEND2 |
- VIU_OSD_BLEND_DIN0_BYPASS_TO_DOUT0 |
- VIU_OSD_BLEND_BLEN2_PREMULT_EN(1) |
- VIU_OSD_BLEND_HOLD_LINES(4),
- priv->io_base + _REG(VIU_OSD_BLEND_CTRL));
+ u32 val = (u32)VIU_OSD_BLEND_REORDER(0, 1) |
+ (u32)VIU_OSD_BLEND_REORDER(1, 0) |
+ (u32)VIU_OSD_BLEND_REORDER(2, 0) |
+ (u32)VIU_OSD_BLEND_REORDER(3, 0) |
+ (u32)VIU_OSD_BLEND_DIN_EN(1) |
+ (u32)VIU_OSD_BLEND1_DIN3_BYPASS_TO_DOUT1 |
+ (u32)VIU_OSD_BLEND1_DOUT_BYPASS_TO_BLEND2 |
+ (u32)VIU_OSD_BLEND_DIN0_BYPASS_TO_DOUT0 |
+ (u32)VIU_OSD_BLEND_BLEN2_PREMULT_EN(1) |
+ (u32)VIU_OSD_BLEND_HOLD_LINES(4);
+ writel_relaxed(val, priv->io_base + _REG(VIU_OSD_BLEND_CTRL));
writel_relaxed(OSD_BLEND_PATH_SEL_ENABLE,
priv->io_base + _REG(OSD1_BLEND_SRC_CTRL));
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 354/389] usb: host: ohci-ppc-of: Fix refcount leak bug
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 353/389] drm/meson: " Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 355/389] usb: renesas: " Greg Kroah-Hartman
` (39 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Liang He, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 40a959d7042bb7711e404ad2318b30e9f92c6b9b ]
In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return
a node pointer with refcount incremented. We should use of_node_put()
when it is not used anymore.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220617034637.4003115-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/ohci-ppc-of.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/host/ohci-ppc-of.c b/drivers/usb/host/ohci-ppc-of.c
index 45f7cceb6df3..98e46725999e 100644
--- a/drivers/usb/host/ohci-ppc-of.c
+++ b/drivers/usb/host/ohci-ppc-of.c
@@ -169,6 +169,7 @@ static int ohci_hcd_ppc_of_probe(struct platform_device *op)
release_mem_region(res.start, 0x4);
} else
pr_debug("%s: cannot get ehci offset from fdt\n", __FILE__);
+ of_node_put(np);
}
irq_dispose_mapping(irq);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 355/389] usb: renesas: Fix refcount leak bug
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 354/389] usb: host: ohci-ppc-of: Fix refcount leak bug Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 356/389] vboxguest: Do not use devm for irq Greg Kroah-Hartman
` (38 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liang He, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 9d6d5303c39b8bc182475b22f45504106a07f086 ]
In usbhs_rza1_hardware_init(), of_find_node_by_name() will return
a node pointer with refcount incremented. We should use of_node_put()
when it is not used anymore.
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220618023205.4056548-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/renesas_usbhs/rza.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/renesas_usbhs/rza.c b/drivers/usb/renesas_usbhs/rza.c
index 24de64edb674..2d77edefb4b3 100644
--- a/drivers/usb/renesas_usbhs/rza.c
+++ b/drivers/usb/renesas_usbhs/rza.c
@@ -23,6 +23,10 @@ static int usbhs_rza1_hardware_init(struct platform_device *pdev)
extal_clk = of_find_node_by_name(NULL, "extal");
of_property_read_u32(usb_x1_clk, "clock-frequency", &freq_usb);
of_property_read_u32(extal_clk, "clock-frequency", &freq_extal);
+
+ of_node_put(usb_x1_clk);
+ of_node_put(extal_clk);
+
if (freq_usb == 0) {
if (freq_extal == 12000000) {
/* Select 12MHz XTAL */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 356/389] vboxguest: Do not use devm for irq
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 355/389] usb: renesas: " Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 357/389] clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Greg Kroah-Hartman
` (37 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Pascal Terjan, Sasha Levin
From: Pascal Terjan <pterjan@google.com>
[ Upstream commit 6169525b76764acb81918aa387ac168fb9a55575 ]
When relying on devm it doesn't get freed early enough which causes the
following warning when unloading the module:
[249348.837181] remove_proc_entry: removing non-empty directory 'irq/20', leaking at least 'vboxguest'
[249348.837219] WARNING: CPU: 0 PID: 6708 at fs/proc/generic.c:715 remove_proc_entry+0x119/0x140
[249348.837379] Call Trace:
[249348.837385] unregister_irq_proc+0xbd/0xe0
[249348.837392] free_desc+0x23/0x60
[249348.837396] irq_free_descs+0x4a/0x70
[249348.837401] irq_domain_free_irqs+0x160/0x1a0
[249348.837452] mp_unmap_irq+0x5c/0x60
[249348.837458] acpi_unregister_gsi_ioapic+0x29/0x40
[249348.837463] acpi_unregister_gsi+0x17/0x30
[249348.837467] acpi_pci_irq_disable+0xbf/0xe0
[249348.837473] pcibios_disable_device+0x20/0x30
[249348.837478] pci_disable_device+0xef/0x120
[249348.837482] vbg_pci_remove+0x6c/0x70 [vboxguest]
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Pascal Terjan <pterjan@google.com>
Link: https://lore.kernel.org/r/20220612133744.4030602-1-pterjan@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virt/vboxguest/vboxguest_linux.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/virt/vboxguest/vboxguest_linux.c b/drivers/virt/vboxguest/vboxguest_linux.c
index 32c2c52f7e84..484c2f09f2ea 100644
--- a/drivers/virt/vboxguest/vboxguest_linux.c
+++ b/drivers/virt/vboxguest/vboxguest_linux.c
@@ -361,8 +361,8 @@ static int vbg_pci_probe(struct pci_dev *pci, const struct pci_device_id *id)
goto err_vbg_core_exit;
}
- ret = devm_request_irq(dev, pci->irq, vbg_core_isr, IRQF_SHARED,
- DEVICE_NAME, gdev);
+ ret = request_irq(pci->irq, vbg_core_isr, IRQF_SHARED, DEVICE_NAME,
+ gdev);
if (ret) {
vbg_err("vboxguest: Error requesting irq: %d\n", ret);
goto err_vbg_core_exit;
@@ -372,7 +372,7 @@ static int vbg_pci_probe(struct pci_dev *pci, const struct pci_device_id *id)
if (ret) {
vbg_err("vboxguest: Error misc_register %s failed: %d\n",
DEVICE_NAME, ret);
- goto err_vbg_core_exit;
+ goto err_free_irq;
}
ret = misc_register(&gdev->misc_device_user);
@@ -408,6 +408,8 @@ static int vbg_pci_probe(struct pci_dev *pci, const struct pci_device_id *id)
misc_deregister(&gdev->misc_device_user);
err_unregister_misc_device:
misc_deregister(&gdev->misc_device);
+err_free_irq:
+ free_irq(pci->irq, gdev);
err_vbg_core_exit:
vbg_core_exit(gdev);
err_disable_pcidev:
@@ -424,6 +426,7 @@ static void vbg_pci_remove(struct pci_dev *pci)
vbg_gdev = NULL;
mutex_unlock(&vbg_gdev_mutex);
+ free_irq(pci->irq, gdev);
device_remove_file(gdev->dev, &dev_attr_host_features);
device_remove_file(gdev->dev, &dev_attr_host_version);
misc_deregister(&gdev->misc_device_user);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 357/389] clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 356/389] vboxguest: Do not use devm for irq Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 358/389] scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Greg Kroah-Hartman
` (36 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robert Marko, Bjorn Andersson, Sasha Levin
From: Robert Marko <robimarko@gmail.com>
[ Upstream commit 1bf7305e79aab095196131bdc87a97796e0e3fac ]
Once the usb sleep clocks are disabled, clock framework is trying to
disable the sleep clock source also.
However, it seems that it cannot be disabled and trying to do so produces:
[ 245.436390] ------------[ cut here ]------------
[ 245.441233] gcc_sleep_clk_src status stuck at 'on'
[ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140
[ 245.450435] Modules linked in: xhci_plat_hcd xhci_hcd dwc3 dwc3_qcom leds_gpio
[ 245.456601] CPU: 2 PID: 223 Comm: sh Not tainted 5.18.0-rc4 #215
[ 245.463889] Hardware name: Xiaomi AX9000 (DT)
[ 245.470050] pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 245.474307] pc : clk_branch_wait+0x130/0x140
[ 245.481073] lr : clk_branch_wait+0x130/0x140
[ 245.485588] sp : ffffffc009f2bad0
[ 245.489838] x29: ffffffc009f2bad0 x28: ffffff8003e6c800 x27: 0000000000000000
[ 245.493057] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800226ef20
[ 245.500175] x23: ffffffc0089ff550 x22: 0000000000000000 x21: ffffffc008476ad0
[ 245.507294] x20: 0000000000000000 x19: ffffffc00965ac70 x18: fffffffffffc51a7
[ 245.514413] x17: 68702e3030303837 x16: 3a6d726f6674616c x15: ffffffc089f2b777
[ 245.521531] x14: ffffffc0095c9d18 x13: 0000000000000129 x12: 0000000000000129
[ 245.528649] x11: 00000000ffffffea x10: ffffffc009621d18 x9 : 0000000000000001
[ 245.535767] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : 0000000000000001
[ 245.542885] x5 : ffffff803fdca6d8 x4 : 0000000000000000 x3 : 0000000000000027
[ 245.550002] x2 : 0000000000000027 x1 : 0000000000000023 x0 : 0000000000000026
[ 245.557122] Call trace:
[ 245.564229] clk_branch_wait+0x130/0x140
[ 245.566490] clk_branch2_disable+0x2c/0x40
[ 245.570656] clk_core_disable+0x60/0xb0
[ 245.574561] clk_core_disable+0x68/0xb0
[ 245.578293] clk_disable+0x30/0x50
[ 245.582113] dwc3_qcom_remove+0x60/0xc0 [dwc3_qcom]
[ 245.585588] platform_remove+0x28/0x60
[ 245.590361] device_remove+0x4c/0x80
[ 245.594179] device_release_driver_internal+0x1dc/0x230
[ 245.597914] device_driver_detach+0x18/0x30
[ 245.602861] unbind_store+0xec/0x110
[ 245.607027] drv_attr_store+0x24/0x40
[ 245.610847] sysfs_kf_write+0x44/0x60
[ 245.614405] kernfs_fop_write_iter+0x128/0x1c0
[ 245.618052] new_sync_write+0xc0/0x130
[ 245.622391] vfs_write+0x1d4/0x2a0
[ 245.626123] ksys_write+0x58/0xe0
[ 245.629508] __arm64_sys_write+0x1c/0x30
[ 245.632895] invoke_syscall.constprop.0+0x5c/0x110
[ 245.636890] do_el0_svc+0xa0/0x150
[ 245.641488] el0_svc+0x18/0x60
[ 245.644872] el0t_64_sync_handler+0xa4/0x130
[ 245.647914] el0t_64_sync+0x174/0x178
[ 245.652340] ---[ end trace 0000000000000000 ]---
So, add CLK_IS_CRITICAL flag to the clock so that the kernel won't try
to disable the sleep clock.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220515210048.483898-10-robimarko@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq8074.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c
index 68fe80a0a92f..e9835db941d8 100644
--- a/drivers/clk/qcom/gcc-ipq8074.c
+++ b/drivers/clk/qcom/gcc-ipq8074.c
@@ -667,6 +667,7 @@ static struct clk_branch gcc_sleep_clk_src = {
},
.num_parents = 1,
.ops = &clk_branch2_ops,
+ .flags = CLK_IS_CRITICAL,
},
},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 358/389] scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 357/389] clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 359/389] gadgetfs: ep_io - wait until IRQ finishes Greg Kroah-Hartman
` (35 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit f8191d40aa612981ce897e66cda6a88db8df17bb ]
Malformed user input to debugfs results in buffer overflow crashes. Adapt
input string lengths to fit within internal buffers, leaving space for NULL
terminators.
Link: https://lore.kernel.org/r/20220701211425.2708-3-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_debugfs.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
index e15bb3dfe995..69551132f304 100644
--- a/drivers/scsi/lpfc/lpfc_debugfs.c
+++ b/drivers/scsi/lpfc/lpfc_debugfs.c
@@ -2402,8 +2402,8 @@ lpfc_debugfs_multixripools_write(struct file *file, const char __user *buf,
struct lpfc_sli4_hdw_queue *qp;
struct lpfc_multixri_pool *multixri_pool;
- if (nbytes > 64)
- nbytes = 64;
+ if (nbytes > sizeof(mybuf) - 1)
+ nbytes = sizeof(mybuf) - 1;
/* Protect copy from user */
if (!access_ok(buf, nbytes))
@@ -2487,8 +2487,8 @@ lpfc_debugfs_nvmestat_write(struct file *file, const char __user *buf,
if (!phba->targetport)
return -ENXIO;
- if (nbytes > 64)
- nbytes = 64;
+ if (nbytes > sizeof(mybuf) - 1)
+ nbytes = sizeof(mybuf) - 1;
memset(mybuf, 0, sizeof(mybuf));
@@ -2629,8 +2629,8 @@ lpfc_debugfs_nvmektime_write(struct file *file, const char __user *buf,
char mybuf[64];
char *pbuf;
- if (nbytes > 64)
- nbytes = 64;
+ if (nbytes > sizeof(mybuf) - 1)
+ nbytes = sizeof(mybuf) - 1;
memset(mybuf, 0, sizeof(mybuf));
@@ -2757,8 +2757,8 @@ lpfc_debugfs_nvmeio_trc_write(struct file *file, const char __user *buf,
char mybuf[64];
char *pbuf;
- if (nbytes > 63)
- nbytes = 63;
+ if (nbytes > sizeof(mybuf) - 1)
+ nbytes = sizeof(mybuf) - 1;
memset(mybuf, 0, sizeof(mybuf));
@@ -2863,8 +2863,8 @@ lpfc_debugfs_cpucheck_write(struct file *file, const char __user *buf,
char *pbuf;
int i, j;
- if (nbytes > 64)
- nbytes = 64;
+ if (nbytes > sizeof(mybuf) - 1)
+ nbytes = sizeof(mybuf) - 1;
memset(mybuf, 0, sizeof(mybuf));
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 359/389] gadgetfs: ep_io - wait until IRQ finishes
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 358/389] scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 360/389] cxl: Fix a memory leak in an error handling path Greg Kroah-Hartman
` (34 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jozef Martiniak, Sasha Levin
From: Jozef Martiniak <jomajm@gmail.com>
[ Upstream commit 04cb742d4d8f30dc2e83b46ac317eec09191c68e ]
after usb_ep_queue() if wait_for_completion_interruptible() is
interrupted we need to wait until IRQ gets finished.
Otherwise complete() from epio_complete() can corrupt stack.
Signed-off-by: Jozef Martiniak <jomajm@gmail.com>
Link: https://lore.kernel.org/r/20220708070645.6130-1-jomajm@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/legacy/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index 9cd80ad075bd..97c73d610eeb 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -362,6 +362,7 @@ ep_io (struct ep_data *epdata, void *buf, unsigned len)
spin_unlock_irq (&epdata->dev->lock);
DBG (epdata->dev, "endpoint gone\n");
+ wait_for_completion(&done);
epdata->status = -ENODEV;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 360/389] cxl: Fix a memory leak in an error handling path
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 359/389] gadgetfs: ep_io - wait until IRQ finishes Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 361/389] PCI/ACPI: Guard ARM64-specific mcfg_quirks Greg Kroah-Hartman
` (33 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andrew Donnellan, Christophe JAILLET,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 3a15b45b5454da862376b5d69a4967f5c6fa1368 ]
A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the
error handling path of afu_allocate_irqs().
Acked-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/ce5869418f5838187946eb6b11a52715a93ece3d.1657566849.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cxl/irq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/cxl/irq.c b/drivers/misc/cxl/irq.c
index 4cb829d5d873..2e4dcfebf19a 100644
--- a/drivers/misc/cxl/irq.c
+++ b/drivers/misc/cxl/irq.c
@@ -349,6 +349,7 @@ int afu_allocate_irqs(struct cxl_context *ctx, u32 count)
out:
cxl_ops->release_irq_ranges(&ctx->irqs, ctx->afu->adapter);
+ bitmap_free(ctx->irq_bitmap);
afu_irq_name_free(ctx);
return -ENOMEM;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 361/389] PCI/ACPI: Guard ARM64-specific mcfg_quirks
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 360/389] cxl: Fix a memory leak in an error handling path Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 362/389] um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups Greg Kroah-Hartman
` (32 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Huacai Chen, Bjorn Helgaas, Sasha Levin
From: Huacai Chen <chenhuacai@loongson.cn>
[ Upstream commit 40a6cc141b4b9580de140bcb3e893445708acc5d ]
Guard ARM64-specific quirks with CONFIG_ARM64 to avoid build errors,
since mcfg_quirks will be shared by more than one architectures.
Link: https://lore.kernel.org/r/20220714124216.1489304-2-chenhuacai@loongson.cn
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/pci_mcfg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
index 47e43c949825..ed2f880b63b5 100644
--- a/drivers/acpi/pci_mcfg.c
+++ b/drivers/acpi/pci_mcfg.c
@@ -41,6 +41,8 @@ struct mcfg_fixup {
static struct mcfg_fixup mcfg_quirks[] = {
/* { OEM_ID, OEM_TABLE_ID, REV, SEGMENT, BUS_RANGE, ops, cfgres }, */
+#ifdef CONFIG_ARM64
+
#define AL_ECAM(table_id, rev, seg, ops) \
{ "AMAZON", table_id, rev, seg, MCFG_BUS_ANY, ops }
@@ -162,6 +164,7 @@ static struct mcfg_fixup mcfg_quirks[] = {
ALTRA_ECAM_QUIRK(1, 13),
ALTRA_ECAM_QUIRK(1, 14),
ALTRA_ECAM_QUIRK(1, 15),
+#endif /* ARM64 */
};
static char mcfg_oem_id[ACPI_OEM_ID_SIZE];
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 362/389] um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 361/389] PCI/ACPI: Guard ARM64-specific mcfg_quirks Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 363/389] selftests/kprobe: Do not test for GRP/ without event failures Greg Kroah-Hartman
` (31 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld,
Richard Weinberger, Sasha Levin
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit dda520d07b95072a0b63f6c52a8eb566d08ea897 ]
QEMU has a -no-reboot option, which halts instead of reboots when the
guest asks to reboot. This is invaluable when used with
CONFIG_PANIC_TIMEOUT=-1 (and panic_on_warn), because it allows panics
and warnings to be caught immediately in CI. Implement this in UML too,
by way of a basic setup param.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/os-Linux/skas/process.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/arch/um/os-Linux/skas/process.c b/arch/um/os-Linux/skas/process.c
index 4fb877b99dde..0571cc0a30fc 100644
--- a/arch/um/os-Linux/skas/process.c
+++ b/arch/um/os-Linux/skas/process.c
@@ -5,6 +5,7 @@
*/
#include <stdlib.h>
+#include <stdbool.h>
#include <unistd.h>
#include <sched.h>
#include <errno.h>
@@ -641,10 +642,24 @@ void halt_skas(void)
UML_LONGJMP(&initial_jmpbuf, INIT_JMP_HALT);
}
+static bool noreboot;
+
+static int __init noreboot_cmd_param(char *str, int *add)
+{
+ noreboot = true;
+ return 0;
+}
+
+__uml_setup("noreboot", noreboot_cmd_param,
+"noreboot\n"
+" Rather than rebooting, exit always, akin to QEMU's -no-reboot option.\n"
+" This is useful if you're using CONFIG_PANIC_TIMEOUT in order to catch\n"
+" crashes in CI\n");
+
void reboot_skas(void)
{
block_signals_trace();
- UML_LONGJMP(&initial_jmpbuf, INIT_JMP_REBOOT);
+ UML_LONGJMP(&initial_jmpbuf, noreboot ? INIT_JMP_HALT : INIT_JMP_REBOOT);
}
void __switch_mm(struct mm_id *mm_idp)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 363/389] selftests/kprobe: Do not test for GRP/ without event failures
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 362/389] um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 364/389] dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed Greg Kroah-Hartman
` (30 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Rostedt (Google), Sasha Levin
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit f5eab65ff2b76449286d18efc7fee3e0b72f7d9b ]
A new feature is added where kprobes (and other probes) do not need to
explicitly state the event name when creating a probe. The event name will
come from what is being attached.
That is:
# echo 'p:foo/ vfs_read' > kprobe_events
Will no longer error, but instead create an event:
# cat kprobe_events
p:foo/p_vfs_read_0 vfs_read
This should not be tested as an error case anymore. Remove it from the
selftest as now this feature "breaks" the selftest as it no longer fails
as expected.
Link: https://lore.kernel.org/all/1656296348-16111-1-git-send-email-quic_linyyuan@quicinc.com/
Link: https://lkml.kernel.org/r/20220712161707.6dc08a14@gandalf.local.home
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc
index ef1e9bafb098..728c2762ee58 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc
@@ -24,7 +24,6 @@ check_error 'p:^/bar vfs_read' # NO_GROUP_NAME
check_error 'p:^12345678901234567890123456789012345678901234567890123456789012345/bar vfs_read' # GROUP_TOO_LONG
check_error 'p:^foo.1/bar vfs_read' # BAD_GROUP_NAME
-check_error 'p:foo/^ vfs_read' # NO_EVENT_NAME
check_error 'p:foo/^12345678901234567890123456789012345678901234567890123456789012345 vfs_read' # EVENT_TOO_LONG
check_error 'p:foo/^bar.1 vfs_read' # BAD_EVENT_NAME
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 364/389] dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 363/389] selftests/kprobe: Do not test for GRP/ without event failures Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 365/389] nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown Greg Kroah-Hartman
` (29 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König, Baolin Wang,
Vinod Koul, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 1e42f82cbec7b2cc4873751e7791e6611901c5fc ]
It's not allowed to quit remove early without cleaning up completely.
Otherwise this results in resource leaks that probably yield graver
problems later. Here for example some tasklets might survive the lifetime
of the sprd-dma device and access sdev which is freed after .remove()
returns.
As none of the device freeing requires an active device, just ignore the
return value of pm_runtime_get_sync().
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Link: https://lore.kernel.org/r/20220721204054.323602-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/sprd-dma.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/dma/sprd-dma.c b/drivers/dma/sprd-dma.c
index b966115bfad1..4f0c50106321 100644
--- a/drivers/dma/sprd-dma.c
+++ b/drivers/dma/sprd-dma.c
@@ -1201,11 +1201,8 @@ static int sprd_dma_remove(struct platform_device *pdev)
{
struct sprd_dma_dev *sdev = platform_get_drvdata(pdev);
struct sprd_dma_chn *c, *cn;
- int ret;
- ret = pm_runtime_get_sync(&pdev->dev);
- if (ret < 0)
- return ret;
+ pm_runtime_get_sync(&pdev->dev);
/* explicitly free the irq */
if (sdev->irq > 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 365/389] nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 364/389] dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 366/389] drivers:md:fix a potential use-after-free bug Greg Kroah-Hartman
` (28 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Zhang, Sagi Grimberg,
Christoph Hellwig, Jens Axboe, Sasha Levin
From: Sagi Grimberg <sagi@grimberg.me>
[ Upstream commit 533d2e8b4d5e4c89772a0adce913525fb86cbbee ]
We probably need nvmet_tcp_wq to have MEM_RECLAIM as we are
sending/receiving for the socket from works on this workqueue.
Also this eliminates lockdep complaints:
--
[ 6174.010200] workqueue: WQ_MEM_RECLAIM
nvmet-wq:nvmet_tcp_release_queue_work [nvmet_tcp] is flushing
!WQ_MEM_RECLAIM nvmet_tcp_wq:nvmet_tcp_io_work [nvmet_tcp]
[ 6174.010216] WARNING: CPU: 20 PID: 14456 at kernel/workqueue.c:2628
check_flush_dependency+0x110/0x14c
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/target/tcp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
index 4341c7244662..e9512d077b8a 100644
--- a/drivers/nvme/target/tcp.c
+++ b/drivers/nvme/target/tcp.c
@@ -1762,7 +1762,8 @@ static int __init nvmet_tcp_init(void)
{
int ret;
- nvmet_tcp_wq = alloc_workqueue("nvmet_tcp_wq", WQ_HIGHPRI, 0);
+ nvmet_tcp_wq = alloc_workqueue("nvmet_tcp_wq",
+ WQ_MEM_RECLAIM | WQ_HIGHPRI, 0);
if (!nvmet_tcp_wq)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 366/389] drivers:md:fix a potential use-after-free bug
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 365/389] nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 367/389] ext4: avoid remove directory when directory is corrupted Greg Kroah-Hartman
` (27 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Wentao_Liang, Song Liu, Jens Axboe,
Sasha Levin
From: Wentao_Liang <Wentao_Liang_g@163.com>
[ Upstream commit 104212471b1c1817b311771d817fb692af983173 ]
In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines
2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an
use-after-free bug.
It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of
the function.
Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 474cf6abefea..fe99e8cdc026 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2666,10 +2666,10 @@ static void raid5_end_write_request(struct bio *bi)
if (!test_and_clear_bit(R5_DOUBLE_LOCKED, &sh->dev[i].flags))
clear_bit(R5_LOCKED, &sh->dev[i].flags);
set_bit(STRIPE_HANDLE, &sh->state);
- raid5_release_stripe(sh);
if (sh->batch_head && sh != sh->batch_head)
raid5_release_stripe(sh->batch_head);
+ raid5_release_stripe(sh);
}
static void raid5_error(struct mddev *mddev, struct md_rdev *rdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 367/389] ext4: avoid remove directory when directory is corrupted
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 366/389] drivers:md:fix a potential use-after-free bug Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 368/389] ext4: avoid resizing to a partial cluster size Greg Kroah-Hartman
` (26 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ye Bin, Jan Kara, Theodore Tso, Sasha Levin
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit b24e77ef1c6d4dbf42749ad4903c97539cc9755a ]
Now if check directoy entry is corrupted, ext4_empty_dir may return true
then directory will be removed when file system mounted with "errors=continue".
In order not to make things worse just return false when directory is corrupted.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220622090223.682234-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/namei.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 0ba35465ac75..aaf1ed8ba87c 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2929,11 +2929,8 @@ bool ext4_empty_dir(struct inode *inode)
de = (struct ext4_dir_entry_2 *) (bh->b_data +
(offset & (sb->s_blocksize - 1)));
if (ext4_check_dir_entry(inode, NULL, de, bh,
- bh->b_data, bh->b_size, offset)) {
- offset = (offset | (sb->s_blocksize - 1)) + 1;
- continue;
- }
- if (le32_to_cpu(de->inode)) {
+ bh->b_data, bh->b_size, offset) ||
+ le32_to_cpu(de->inode)) {
brelse(bh);
return false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 368/389] ext4: avoid resizing to a partial cluster size
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 367/389] ext4: avoid remove directory when directory is corrupted Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 369/389] lib/list_debug.c: Detect uninitialized lists Greg Kroah-Hartman
` (25 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Kiselev, Theodore Tso, Sasha Levin
From: Kiselev, Oleg <okiselev@amazon.com>
[ Upstream commit 69cb8e9d8cd97cdf5e293b26d70a9dee3e35e6bd ]
This patch avoids an attempt to resize the filesystem to an
unaligned cluster boundary. An online resize to a size that is not
integral to cluster size results in the last iteration attempting to
grow the fs by a negative amount, which trips a BUG_ON and leaves the fs
with a corrupted in-memory superblock.
Signed-off-by: Oleg Kiselev <okiselev@amazon.com>
Link: https://lore.kernel.org/r/0E92A0AB-4F16-4F1A-94B7-702CC6504FDE@amazon.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/resize.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index 306003e29c4c..f0fc7fc579e6 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1979,6 +1979,16 @@ int ext4_resize_fs(struct super_block *sb, ext4_fsblk_t n_blocks_count)
}
brelse(bh);
+ /*
+ * For bigalloc, trim the requested size to the nearest cluster
+ * boundary to avoid creating an unusable filesystem. We do this
+ * silently, instead of returning an error, to avoid breaking
+ * callers that blindly resize the filesystem to the full size of
+ * the underlying block device.
+ */
+ if (ext4_has_feature_bigalloc(sb))
+ n_blocks_count &= ~((1 << EXT4_CLUSTER_BITS(sb)) - 1);
+
retry:
o_blocks_count = ext4_blocks_count(es);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 369/389] lib/list_debug.c: Detect uninitialized lists
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 368/389] ext4: avoid resizing to a partial cluster size Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 370/389] tty: serial: Fix refcount leak bug in ucc_uart.c Greg Kroah-Hartman
` (24 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guenter Roeck, Steven Rostedt,
Andrew Morton, Sasha Levin
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 0cc011c576aaa4de505046f7a6c90933d7c749a9 ]
In some circumstances, attempts are made to add entries to or to remove
entries from an uninitialized list. A prime example is
amdgpu_bo_vm_destroy(): It is indirectly called from
ttm_bo_init_reserved() if that function fails, and tries to remove an
entry from a list. However, that list is only initialized in
amdgpu_bo_create_vm() after the call to ttm_bo_init_reserved() returned
success. This results in crashes such as
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 1 PID: 1479 Comm: chrome Not tainted 5.10.110-15768-g29a72e65dae5
Hardware name: Google Grunt/Grunt, BIOS Google_Grunt.11031.149.0 07/15/2020
RIP: 0010:__list_del_entry_valid+0x26/0x7d
...
Call Trace:
amdgpu_bo_vm_destroy+0x48/0x8b
ttm_bo_init_reserved+0x1d7/0x1e0
amdgpu_bo_create+0x212/0x476
? amdgpu_bo_user_destroy+0x23/0x23
? kmem_cache_alloc+0x60/0x271
amdgpu_bo_create_vm+0x40/0x7d
amdgpu_vm_pt_create+0xe8/0x24b
...
Check if the list's prev and next pointers are NULL to catch such problems.
Link: https://lkml.kernel.org/r/20220531222951.92073-1-linux@roeck-us.net
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/list_debug.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lib/list_debug.c b/lib/list_debug.c
index 5d5424b51b74..413daa72a3d8 100644
--- a/lib/list_debug.c
+++ b/lib/list_debug.c
@@ -20,7 +20,11 @@
bool __list_add_valid(struct list_head *new, struct list_head *prev,
struct list_head *next)
{
- if (CHECK_DATA_CORRUPTION(next->prev != prev,
+ if (CHECK_DATA_CORRUPTION(prev == NULL,
+ "list_add corruption. prev is NULL.\n") ||
+ CHECK_DATA_CORRUPTION(next == NULL,
+ "list_add corruption. next is NULL.\n") ||
+ CHECK_DATA_CORRUPTION(next->prev != prev,
"list_add corruption. next->prev should be prev (%px), but was %px. (next=%px).\n",
prev, next->prev, next) ||
CHECK_DATA_CORRUPTION(prev->next != next,
@@ -42,7 +46,11 @@ bool __list_del_entry_valid(struct list_head *entry)
prev = entry->prev;
next = entry->next;
- if (CHECK_DATA_CORRUPTION(next == LIST_POISON1,
+ if (CHECK_DATA_CORRUPTION(next == NULL,
+ "list_del corruption, %px->next is NULL\n", entry) ||
+ CHECK_DATA_CORRUPTION(prev == NULL,
+ "list_del corruption, %px->prev is NULL\n", entry) ||
+ CHECK_DATA_CORRUPTION(next == LIST_POISON1,
"list_del corruption, %px->next is LIST_POISON1 (%px)\n",
entry, LIST_POISON1) ||
CHECK_DATA_CORRUPTION(prev == LIST_POISON2,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 370/389] tty: serial: Fix refcount leak bug in ucc_uart.c
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 369/389] lib/list_debug.c: Detect uninitialized lists Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 371/389] vfio: Clear the caps->buf to NULL after free Greg Kroah-Hartman
` (23 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Timur Tabi, Liang He, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit d24d7bb2cd947676f9b71fb944d045e09b8b282f ]
In soc_info(), of_find_node_by_type() will return a node pointer
with refcount incremented. We should use of_node_put() when it is
not used anymore.
Acked-by: Timur Tabi <timur@kernel.org>
Signed-off-by: Liang He <windhl@126.com>
Link: https://lore.kernel.org/r/20220618060850.4058525-1-windhl@126.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/ucc_uart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/ucc_uart.c b/drivers/tty/serial/ucc_uart.c
index a0555ae2b1ef..181d55e0c60f 100644
--- a/drivers/tty/serial/ucc_uart.c
+++ b/drivers/tty/serial/ucc_uart.c
@@ -1141,6 +1141,8 @@ static unsigned int soc_info(unsigned int *rev_h, unsigned int *rev_l)
/* No compatible property, so try the name. */
soc_string = np->name;
+ of_node_put(np);
+
/* Extract the SOC number from the "PowerPC," string */
if ((sscanf(soc_string, "PowerPC,%u", &soc) != 1) || !soc)
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 371/389] vfio: Clear the caps->buf to NULL after free
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 370/389] tty: serial: Fix refcount leak bug in ucc_uart.c Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 372/389] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Greg Kroah-Hartman
` (22 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Schspa Shi, Cornelia Huck,
Alex Williamson, Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit 6641085e8d7b3f061911517f79a2a15a0a21b97b ]
On buffer resize failure, vfio_info_cap_add() will free the buffer,
report zero for the size, and return -ENOMEM. As additional
hardening, also clear the buffer pointer to prevent any chance of a
double free.
Signed-off-by: Schspa Shi <schspa@gmail.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Link: https://lore.kernel.org/r/20220629022948.55608-1-schspa@gmail.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/vfio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c
index 388597930b64..efd3782ead97 100644
--- a/drivers/vfio/vfio.c
+++ b/drivers/vfio/vfio.c
@@ -1802,6 +1802,7 @@ struct vfio_info_cap_header *vfio_info_cap_add(struct vfio_info_cap *caps,
buf = krealloc(caps->buf, caps->size + size, GFP_KERNEL);
if (!buf) {
kfree(caps->buf);
+ caps->buf = NULL;
caps->size = 0;
return ERR_PTR(-ENOMEM);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 372/389] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 371/389] vfio: Clear the caps->buf to NULL after free Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 373/389] riscv: dts: sifive: Add fu540 topology information Greg Kroah-Hartman
` (21 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liang He, Thomas Bogendoerfer, Sasha Levin
From: Liang He <windhl@126.com>
[ Upstream commit 7a9f743ceead60ed454c46fbc3085ee9a79cbebb ]
We should call of_node_put() for the reference 'uctl_node' returned by
of_get_parent() which will increase the refcount. Otherwise, there will
be a refcount leak bug.
Signed-off-by: Liang He <windhl@126.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/cavium-octeon/octeon-platform.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/cavium-octeon/octeon-platform.c b/arch/mips/cavium-octeon/octeon-platform.c
index c214fe4e678b..04bc34714727 100644
--- a/arch/mips/cavium-octeon/octeon-platform.c
+++ b/arch/mips/cavium-octeon/octeon-platform.c
@@ -86,11 +86,12 @@ static void octeon2_usb_clocks_start(struct device *dev)
"refclk-frequency", &clock_rate);
if (i) {
dev_err(dev, "No UCTL \"refclk-frequency\"\n");
+ of_node_put(uctl_node);
goto exit;
}
i = of_property_read_string(uctl_node,
"refclk-type", &clock_type);
-
+ of_node_put(uctl_node);
if (!i && strcmp("crystal", clock_type) == 0)
is_crystal_clock = true;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 373/389] riscv: dts: sifive: Add fu540 topology information
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 372/389] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 374/389] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Greg Kroah-Hartman
` (20 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brice Goglin, Conor Dooley,
Palmer Dabbelt, Sasha Levin
From: Conor Dooley <conor.dooley@microchip.com>
[ Upstream commit af8f260abc608c06e4466a282b53f1e2dc09f042 ]
The fu540 has no cpu-map node, so tools like hwloc cannot correctly
parse the topology. Add the node using the existing node labels.
Reported-by: Brice Goglin <Brice.Goglin@inria.fr>
Link: https://github.com/open-mpi/hwloc/issues/536
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20220705190435.1790466-3-mail@conchuod.ie
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/boot/dts/sifive/fu540-c000.dtsi | 24 ++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/arch/riscv/boot/dts/sifive/fu540-c000.dtsi b/arch/riscv/boot/dts/sifive/fu540-c000.dtsi
index afa43c7ea369..0e4514f32576 100644
--- a/arch/riscv/boot/dts/sifive/fu540-c000.dtsi
+++ b/arch/riscv/boot/dts/sifive/fu540-c000.dtsi
@@ -129,6 +129,30 @@
interrupt-controller;
};
};
+
+ cpu-map {
+ cluster0 {
+ core0 {
+ cpu = <&cpu0>;
+ };
+
+ core1 {
+ cpu = <&cpu1>;
+ };
+
+ core2 {
+ cpu = <&cpu2>;
+ };
+
+ core3 {
+ cpu = <&cpu3>;
+ };
+
+ core4 {
+ cpu = <&cpu4>;
+ };
+ };
+ };
};
soc {
#address-cells = <2>;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 374/389] riscv: mmap with PROT_WRITE but no PROT_READ is invalid
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 373/389] riscv: dts: sifive: Add fu540 topology information Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 375/389] RISC-V: Add fast call path of crash_kexec() Greg Kroah-Hartman
` (19 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, xctan, dram, Ruizhe Pan, Celeste Liu,
Palmer Dabbelt, Sasha Levin
From: Celeste Liu <coelacanthus@outlook.com>
[ Upstream commit 2139619bcad7ac44cc8f6f749089120594056613 ]
As mentioned in Table 4.5 in RISC-V spec Volume 2 Section 4.3, write
but not read is "Reserved for future use.". For now, they are not valid.
In the current code, -wx is marked as invalid, but -w- is not marked
as invalid.
This patch refines that judgment.
Reported-by: xctan <xc-tan@outlook.com>
Co-developed-by: dram <dramforever@live.com>
Signed-off-by: dram <dramforever@live.com>
Co-developed-by: Ruizhe Pan <c141028@gmail.com>
Signed-off-by: Ruizhe Pan <c141028@gmail.com>
Signed-off-by: Celeste Liu <coelacanthus@outlook.com>
Link: https://lore.kernel.org/r/PH7PR14MB559464DBDD310E755F5B21E8CEDC9@PH7PR14MB5594.namprd14.prod.outlook.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/sys_riscv.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index 12f8a7fce78b..8a7880b9c433 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -18,9 +18,8 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if ((prot & PROT_WRITE) && (prot & PROT_EXEC))
- if (unlikely(!(prot & PROT_READ)))
- return -EINVAL;
+ if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
+ return -EINVAL;
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 375/389] RISC-V: Add fast call path of crash_kexec()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 374/389] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 376/389] watchdog: export lockup_detector_reconfigure Greg Kroah-Hartman
` (18 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guo Ren, Xianting Tian,
Palmer Dabbelt, Sasha Levin
From: Xianting Tian <xianting.tian@linux.alibaba.com>
[ Upstream commit 3f1901110a89b0e2e13adb2ac8d1a7102879ea98 ]
Currently, almost all archs (x86, arm64, mips...) support fast call
of crash_kexec() when "regs && kexec_should_crash()" is true. But
RISC-V not, it can only enter crash system via panic(). However panic()
doesn't pass the regs of the real accident scene to crash_kexec(),
it caused we can't get accurate backtrace via gdb,
$ riscv64-linux-gnu-gdb vmlinux vmcore
Reading symbols from vmlinux...
[New LWP 95]
#0 console_unlock () at kernel/printk/printk.c:2557
2557 if (do_cond_resched)
(gdb) bt
#0 console_unlock () at kernel/printk/printk.c:2557
#1 0x0000000000000000 in ?? ()
With the patch we can get the accurate backtrace,
$ riscv64-linux-gnu-gdb vmlinux vmcore
Reading symbols from vmlinux...
[New LWP 95]
#0 0xffffffe00063a4e0 in test_thread (data=<optimized out>) at drivers/test_crash.c:81
81 *(int *)p = 0xdead;
(gdb)
(gdb) bt
#0 0xffffffe00064d5c0 in test_thread (data=<optimized out>) at drivers/test_crash.c:81
#1 0x0000000000000000 in ?? ()
Test code to produce NULL address dereference in test_crash.c,
void *p = NULL;
*(int *)p = 0xdead;
Reviewed-by: Guo Ren <guoren@kernel.org>
Tested-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220606082308.2883458-1-xianting.tian@linux.alibaba.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/traps.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index 473de3ae8bb7..ae462037910b 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -15,6 +15,7 @@
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/irq.h>
+#include <linux/kexec.h>
#include <asm/processor.h>
#include <asm/ptrace.h>
@@ -43,6 +44,9 @@ void die(struct pt_regs *regs, const char *str)
ret = notify_die(DIE_OOPS, str, regs, 0, regs->scause, SIGSEGV);
+ if (regs && kexec_should_crash(current))
+ crash_kexec(regs);
+
bust_spinlocks(0);
add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
spin_unlock_irq(&die_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 376/389] watchdog: export lockup_detector_reconfigure
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 375/389] RISC-V: Add fast call path of crash_kexec() Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 377/389] powerpc/32: Dont always pass -mcpu=powerpc to the compiler Greg Kroah-Hartman
` (17 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Laurent Dufour, Michael Ellerman,
Sasha Levin
From: Laurent Dufour <ldufour@linux.ibm.com>
[ Upstream commit 7c56a8733d0a2a4be2438a7512566e5ce552fccf ]
In some circumstances it may be interesting to reconfigure the watchdog
from inside the kernel.
On PowerPC, this may helpful before and after a LPAR migration (LPM) is
initiated, because it implies some latencies, watchdog, and especially NMI
watchdog is expected to be triggered during this operation. Reconfiguring
the watchdog with a factor, would prevent it to happen too frequently
during LPM.
Rename lockup_detector_reconfigure() as __lockup_detector_reconfigure() and
create a new function lockup_detector_reconfigure() calling
__lockup_detector_reconfigure() under the protection of watchdog_mutex.
Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com>
[mpe: Squash in build fix from Laurent, reported by Sachin]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220713154729.80789-3-ldufour@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/nmi.h | 2 ++
kernel/watchdog.c | 21 ++++++++++++++++-----
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/include/linux/nmi.h b/include/linux/nmi.h
index 9003e29cde46..e972d1ae1ee6 100644
--- a/include/linux/nmi.h
+++ b/include/linux/nmi.h
@@ -122,6 +122,8 @@ int watchdog_nmi_probe(void);
int watchdog_nmi_enable(unsigned int cpu);
void watchdog_nmi_disable(unsigned int cpu);
+void lockup_detector_reconfigure(void);
+
/**
* touch_nmi_watchdog - restart NMI watchdog timeout.
*
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
index cbd3cf503c90..a3d0e928305c 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
@@ -568,7 +568,7 @@ int lockup_detector_offline_cpu(unsigned int cpu)
return 0;
}
-static void lockup_detector_reconfigure(void)
+static void __lockup_detector_reconfigure(void)
{
cpus_read_lock();
watchdog_nmi_stop();
@@ -588,6 +588,13 @@ static void lockup_detector_reconfigure(void)
__lockup_detector_cleanup();
}
+void lockup_detector_reconfigure(void)
+{
+ mutex_lock(&watchdog_mutex);
+ __lockup_detector_reconfigure();
+ mutex_unlock(&watchdog_mutex);
+}
+
/*
* Create the watchdog thread infrastructure and configure the detector(s).
*
@@ -608,13 +615,13 @@ static __init void lockup_detector_setup(void)
return;
mutex_lock(&watchdog_mutex);
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
softlockup_initialized = true;
mutex_unlock(&watchdog_mutex);
}
#else /* CONFIG_SOFTLOCKUP_DETECTOR */
-static void lockup_detector_reconfigure(void)
+static void __lockup_detector_reconfigure(void)
{
cpus_read_lock();
watchdog_nmi_stop();
@@ -622,9 +629,13 @@ static void lockup_detector_reconfigure(void)
watchdog_nmi_start();
cpus_read_unlock();
}
+void lockup_detector_reconfigure(void)
+{
+ __lockup_detector_reconfigure();
+}
static inline void lockup_detector_setup(void)
{
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
}
#endif /* !CONFIG_SOFTLOCKUP_DETECTOR */
@@ -664,7 +675,7 @@ static void proc_watchdog_update(void)
{
/* Remove impossible cpus to keep sysctl output clean. */
cpumask_and(&watchdog_cpumask, &watchdog_cpumask, cpu_possible_mask);
- lockup_detector_reconfigure();
+ __lockup_detector_reconfigure();
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 377/389] powerpc/32: Dont always pass -mcpu=powerpc to the compiler
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 376/389] watchdog: export lockup_detector_reconfigure Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 378/389] ALSA: core: Add async signal helpers Greg Kroah-Hartman
` (16 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pali Rohár, Christophe Leroy,
Arnd Bergmann, Segher Boessenkool, Michael Ellerman, Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 446cda1b21d9a6b3697fe399c6a3a00ff4a285f5 ]
Since commit 4bf4f42a2feb ("powerpc/kbuild: Set default generic
machine type for 32-bit compile"), when building a 32 bits kernel
with a bi-arch version of GCC, or when building a book3s/32 kernel,
the option -mcpu=powerpc is passed to GCC at all time, relying on it
being eventually overriden by a subsequent -mcpu=xxxx.
But when building the same kernel with a 32 bits only version of GCC,
that is not done, relying on gcc being built with the expected default
CPU.
This logic has two problems. First, it is a bit fragile to rely on
whether the GCC version is bi-arch or not, because today we can have
bi-arch versions of GCC configured with a 32 bits default. Second,
there are some versions of GCC which don't support -mcpu=powerpc,
for instance for e500 SPE-only versions.
So, stop relying on this approximative logic and allow the user to
decide whether he/she wants to use the toolchain's default CPU or if
he/she wants to set one, and allow only possible CPUs based on the
selected target.
Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Tested-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/d4df724691351531bf46d685d654689e5dfa0d74.1657549153.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Makefile | 26 +-------------------------
arch/powerpc/platforms/Kconfig.cputype | 21 ++++++++++++++++++---
2 files changed, 19 insertions(+), 28 deletions(-)
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index b9d2fcf030d0..eedd114a017c 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -17,23 +17,6 @@ HAS_BIARCH := $(call cc-option-yn, -m32)
# Set default 32 bits cross compilers for vdso and boot wrapper
CROSS32_COMPILE ?=
-ifeq ($(HAS_BIARCH),y)
-ifeq ($(CROSS32_COMPILE),)
-ifdef CONFIG_PPC32
-# These options will be overridden by any -mcpu option that the CPU
-# or platform code sets later on the command line, but they are needed
-# to set a sane 32-bit cpu target for the 64-bit cross compiler which
-# may default to the wrong ISA.
-KBUILD_CFLAGS += -mcpu=powerpc
-KBUILD_AFLAGS += -mcpu=powerpc
-endif
-endif
-endif
-
-ifdef CONFIG_PPC_BOOK3S_32
-KBUILD_CFLAGS += -mcpu=powerpc
-endif
-
# If we're on a ppc/ppc64/ppc64le machine use that defconfig, otherwise just use
# ppc64_defconfig because we have nothing better to go on.
uname := $(shell uname -m)
@@ -192,6 +175,7 @@ endif
endif
CFLAGS-$(CONFIG_TARGET_CPU_BOOL) += $(call cc-option,-mcpu=$(CONFIG_TARGET_CPU))
+AFLAGS-$(CONFIG_TARGET_CPU_BOOL) += $(call cc-option,-mcpu=$(CONFIG_TARGET_CPU))
# Altivec option not allowed with e500mc64 in GCC.
ifdef CONFIG_ALTIVEC
@@ -202,14 +186,6 @@ endif
CFLAGS-$(CONFIG_E5500_CPU) += $(E5500_CPU)
CFLAGS-$(CONFIG_E6500_CPU) += $(call cc-option,-mcpu=e6500,$(E5500_CPU))
-ifdef CONFIG_PPC32
-ifdef CONFIG_PPC_E500MC
-CFLAGS-y += $(call cc-option,-mcpu=e500mc,-mcpu=powerpc)
-else
-CFLAGS-$(CONFIG_E500) += $(call cc-option,-mcpu=8540 -msoft-float,-mcpu=powerpc)
-endif
-endif
-
asinstr := $(call as-instr,lis 9$(comma)foo@high,-DHAVE_AS_ATHIGH=1)
KBUILD_CPPFLAGS += -I $(srctree)/arch/$(ARCH) $(asinstr)
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index a9b20aa1dfd4..325dc8b53422 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -118,9 +118,9 @@ config GENERIC_CPU
depends on PPC64 && CPU_LITTLE_ENDIAN
select ARCH_HAS_FAST_MULTIPLIER
-config GENERIC_CPU
+config POWERPC_CPU
bool "Generic 32 bits powerpc"
- depends on PPC32 && !PPC_8xx
+ depends on PPC32 && !PPC_8xx && !PPC_85xx
config CELL_CPU
bool "Cell Broadband Engine"
@@ -174,11 +174,23 @@ config G4_CPU
depends on PPC_BOOK3S_32
select ALTIVEC
+config E500_CPU
+ bool "e500 (8540)"
+ depends on PPC_85xx && !PPC_E500MC
+
+config E500MC_CPU
+ bool "e500mc"
+ depends on PPC_85xx && PPC_E500MC
+
+config TOOLCHAIN_DEFAULT_CPU
+ bool "Rely on the toolchain's implicit default CPU"
+ depends on PPC32
+
endchoice
config TARGET_CPU_BOOL
bool
- default !GENERIC_CPU
+ default !GENERIC_CPU && !TOOLCHAIN_DEFAULT_CPU
config TARGET_CPU
string
@@ -193,6 +205,9 @@ config TARGET_CPU
default "e300c2" if E300C2_CPU
default "e300c3" if E300C3_CPU
default "G4" if G4_CPU
+ default "8540" if E500_CPU
+ default "e500mc" if E500MC_CPU
+ default "powerpc" if POWERPC_CPU
config PPC_BOOK3S
def_bool y
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 378/389] ALSA: core: Add async signal helpers
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 377/389] powerpc/32: Dont always pass -mcpu=powerpc to the compiler Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 379/389] ALSA: timer: Use deferred fasync helper Greg Kroah-Hartman
` (15 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit ef34a0ae7a2654bc9e58675e36898217fb2799d8 ]
Currently the call of kill_fasync() from an interrupt handler might
lead to potential spin deadlocks, as spotted by syzkaller.
Unfortunately, it's not so trivial to fix this lock chain as it's
involved with the tasklist_lock that is touched in allover places.
As a temporary workaround, this patch provides the way to defer the
async signal notification in a work. The new helper functions,
snd_fasync_helper() and snd_kill_faync() are replacements for
fasync_helper() and kill_fasync(), respectively. In addition,
snd_fasync_free() needs to be called at the destructor of the relevant
file object.
Link: https://lore.kernel.org/r/20220728125945.29533-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/sound/core.h | 8 ++++
sound/core/misc.c | 94 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 102 insertions(+)
diff --git a/include/sound/core.h b/include/sound/core.h
index ee238f100f73..8a80121811d9 100644
--- a/include/sound/core.h
+++ b/include/sound/core.h
@@ -440,4 +440,12 @@ snd_pci_quirk_lookup_id(u16 vendor, u16 device,
}
#endif
+/* async signal helpers */
+struct snd_fasync;
+
+int snd_fasync_helper(int fd, struct file *file, int on,
+ struct snd_fasync **fasyncp);
+void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll);
+void snd_fasync_free(struct snd_fasync *fasync);
+
#endif /* __SOUND_CORE_H */
diff --git a/sound/core/misc.c b/sound/core/misc.c
index 3579dd7a161f..c3f3d94b5197 100644
--- a/sound/core/misc.c
+++ b/sound/core/misc.c
@@ -10,6 +10,7 @@
#include <linux/time.h>
#include <linux/slab.h>
#include <linux/ioport.h>
+#include <linux/fs.h>
#include <sound/core.h>
#ifdef CONFIG_SND_DEBUG
@@ -145,3 +146,96 @@ snd_pci_quirk_lookup(struct pci_dev *pci, const struct snd_pci_quirk *list)
}
EXPORT_SYMBOL(snd_pci_quirk_lookup);
#endif
+
+/*
+ * Deferred async signal helpers
+ *
+ * Below are a few helper functions to wrap the async signal handling
+ * in the deferred work. The main purpose is to avoid the messy deadlock
+ * around tasklist_lock and co at the kill_fasync() invocation.
+ * fasync_helper() and kill_fasync() are replaced with snd_fasync_helper()
+ * and snd_kill_fasync(), respectively. In addition, snd_fasync_free() has
+ * to be called at releasing the relevant file object.
+ */
+struct snd_fasync {
+ struct fasync_struct *fasync;
+ int signal;
+ int poll;
+ int on;
+ struct list_head list;
+};
+
+static DEFINE_SPINLOCK(snd_fasync_lock);
+static LIST_HEAD(snd_fasync_list);
+
+static void snd_fasync_work_fn(struct work_struct *work)
+{
+ struct snd_fasync *fasync;
+
+ spin_lock_irq(&snd_fasync_lock);
+ while (!list_empty(&snd_fasync_list)) {
+ fasync = list_first_entry(&snd_fasync_list, struct snd_fasync, list);
+ list_del_init(&fasync->list);
+ spin_unlock_irq(&snd_fasync_lock);
+ if (fasync->on)
+ kill_fasync(&fasync->fasync, fasync->signal, fasync->poll);
+ spin_lock_irq(&snd_fasync_lock);
+ }
+ spin_unlock_irq(&snd_fasync_lock);
+}
+
+static DECLARE_WORK(snd_fasync_work, snd_fasync_work_fn);
+
+int snd_fasync_helper(int fd, struct file *file, int on,
+ struct snd_fasync **fasyncp)
+{
+ struct snd_fasync *fasync = NULL;
+
+ if (on) {
+ fasync = kzalloc(sizeof(*fasync), GFP_KERNEL);
+ if (!fasync)
+ return -ENOMEM;
+ INIT_LIST_HEAD(&fasync->list);
+ }
+
+ spin_lock_irq(&snd_fasync_lock);
+ if (*fasyncp) {
+ kfree(fasync);
+ fasync = *fasyncp;
+ } else {
+ if (!fasync) {
+ spin_unlock_irq(&snd_fasync_lock);
+ return 0;
+ }
+ *fasyncp = fasync;
+ }
+ fasync->on = on;
+ spin_unlock_irq(&snd_fasync_lock);
+ return fasync_helper(fd, file, on, &fasync->fasync);
+}
+EXPORT_SYMBOL_GPL(snd_fasync_helper);
+
+void snd_kill_fasync(struct snd_fasync *fasync, int signal, int poll)
+{
+ unsigned long flags;
+
+ if (!fasync || !fasync->on)
+ return;
+ spin_lock_irqsave(&snd_fasync_lock, flags);
+ fasync->signal = signal;
+ fasync->poll = poll;
+ list_move(&fasync->list, &snd_fasync_list);
+ schedule_work(&snd_fasync_work);
+ spin_unlock_irqrestore(&snd_fasync_lock, flags);
+}
+EXPORT_SYMBOL_GPL(snd_kill_fasync);
+
+void snd_fasync_free(struct snd_fasync *fasync)
+{
+ if (!fasync)
+ return;
+ fasync->on = 0;
+ flush_work(&snd_fasync_work);
+ kfree(fasync);
+}
+EXPORT_SYMBOL_GPL(snd_fasync_free);
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 379/389] ALSA: timer: Use deferred fasync helper
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 378/389] ALSA: core: Add async signal helpers Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 380/389] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Greg Kroah-Hartman
` (14 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+1ee0910eca9c94f71f25,
syzbot+49b10793b867871ee26f, syzbot+8285e973a41b5aa68902,
Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 95cc637c1afd83fb7dd3d7c8a53710488f4caf9c ]
For avoiding the potential deadlock via kill_fasync() call, use the
new fasync helpers to defer the invocation from PCI API. Note that
it's merely a workaround.
Reported-by: syzbot+1ee0910eca9c94f71f25@syzkaller.appspotmail.com
Reported-by: syzbot+49b10793b867871ee26f@syzkaller.appspotmail.com
Reported-by: syzbot+8285e973a41b5aa68902@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20220728125945.29533-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/timer.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/sound/core/timer.c b/sound/core/timer.c
index d684aa4150aa..420cc07a7f88 100644
--- a/sound/core/timer.c
+++ b/sound/core/timer.c
@@ -61,7 +61,7 @@ struct snd_timer_user {
unsigned int filter;
struct timespec tstamp; /* trigger tstamp */
wait_queue_head_t qchange_sleep;
- struct fasync_struct *fasync;
+ struct snd_fasync *fasync;
struct mutex ioctl_lock;
};
@@ -1317,7 +1317,7 @@ static void snd_timer_user_interrupt(struct snd_timer_instance *timeri,
}
__wake:
spin_unlock(&tu->qlock);
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1354,7 +1354,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri,
spin_lock_irqsave(&tu->qlock, flags);
snd_timer_user_append_to_tqueue(tu, &r1);
spin_unlock_irqrestore(&tu->qlock, flags);
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1421,7 +1421,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri,
spin_unlock(&tu->qlock);
if (append == 0)
return;
- kill_fasync(&tu->fasync, SIGIO, POLL_IN);
+ snd_kill_fasync(tu->fasync, SIGIO, POLL_IN);
wake_up(&tu->qchange_sleep);
}
@@ -1487,6 +1487,7 @@ static int snd_timer_user_release(struct inode *inode, struct file *file)
if (tu->timeri)
snd_timer_close(tu->timeri);
mutex_unlock(&tu->ioctl_lock);
+ snd_fasync_free(tu->fasync);
kfree(tu->queue);
kfree(tu->tqueue);
kfree(tu);
@@ -2050,7 +2051,7 @@ static int snd_timer_user_fasync(int fd, struct file * file, int on)
struct snd_timer_user *tu;
tu = file->private_data;
- return fasync_helper(fd, file, on, &tu->fasync);
+ return snd_fasync_helper(fd, file, on, &tu->fasync);
}
static ssize_t snd_timer_user_read(struct file *file, char __user *buffer,
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 380/389] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 379/389] ALSA: timer: Use deferred fasync helper Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 381/389] smb3: check xattr value length earlier Greg Kroah-Hartman
` (13 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dipanjan Das, Chao Yu, Jaegeuk Kim,
Sasha Levin
From: Chao Yu <chao.yu@oppo.com>
[ Upstream commit 141170b759e03958f296033bb7001be62d1d363b ]
As Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller
found a f2fs bug as below:
RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295
Call Trace:
write_all_xattrs fs/f2fs/xattr.c:487 [inline]
__f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743
f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790
f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86
__vfs_setxattr+0x115/0x180 fs/xattr.c:182
__vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216
__vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277
vfs_setxattr+0x13f/0x330 fs/xattr.c:303
setxattr+0x146/0x160 fs/xattr.c:611
path_setxattr+0x1a7/0x1d0 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
NAT entry and nat bitmap can be inconsistent, e.g. one nid is free
in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it
may trigger BUG_ON() in f2fs_new_node_page(), fix it.
Reported-by: Dipanjan Das <mail.dipanjan.das@gmail.com>
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/node.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 3dc7cc3d6ac6..b080d5c58f6c 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1240,7 +1240,11 @@ struct page *f2fs_new_node_page(struct dnode_of_data *dn, unsigned int ofs)
dec_valid_node_count(sbi, dn->inode, !ofs);
goto fail;
}
- f2fs_bug_on(sbi, new_ni.blk_addr != NULL_ADDR);
+ if (unlikely(new_ni.blk_addr != NULL_ADDR)) {
+ err = -EFSCORRUPTED;
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ goto fail;
+ }
#endif
new_ni.nid = dn->nid;
new_ni.ino = dn->inode->i_ino;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 381/389] smb3: check xattr value length earlier
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 380/389] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 382/389] powerpc/64: Init jump labels before parse_early_param() Greg Kroah-Hartman
` (12 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French, Sasha Levin
From: Steve French <stfrench@microsoft.com>
[ Upstream commit 5fa2cffba0b82336a2244d941322eb1627ff787b ]
Coverity complains about assigning a pointer based on
value length before checking that value length goes
beyond the end of the SMB. Although this is even more
unlikely as value length is a single byte, and the
pointer is not dereferenced until laterm, it is clearer
to check the lengths first.
Addresses-Coverity: 1467704 ("Speculative execution data leak")
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/smb2ops.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 57164563eec6..6ae281cff0d5 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -960,9 +960,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size,
size_t name_len, value_len, user_name_len;
while (src_size > 0) {
- name = &src->ea_data[0];
name_len = (size_t)src->ea_name_length;
- value = &src->ea_data[src->ea_name_length + 1];
value_len = (size_t)le16_to_cpu(src->ea_value_length);
if (name_len == 0)
@@ -974,6 +972,9 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size,
goto out;
}
+ name = &src->ea_data[0];
+ value = &src->ea_data[src->ea_name_length + 1];
+
if (ea_name) {
if (ea_name_len == name_len &&
memcmp(ea_name, name, name_len) == 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 382/389] powerpc/64: Init jump labels before parse_early_param()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 381/389] smb3: check xattr value length earlier Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 383/389] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Greg Kroah-Hartman
` (11 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Ellerman, Zhouyi Zhou, Sasha Levin
From: Zhouyi Zhou <zhouzhouyi@gmail.com>
[ Upstream commit ca829e05d3d4f728810cc5e4b468d9ebc7745eb3 ]
On 64-bit, calling jump_label_init() in setup_feature_keys() is too
late because static keys may be used in subroutines of
parse_early_param() which is again subroutine of early_init_devtree().
For example booting with "threadirqs":
static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()
WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120
...
NIP static_key_enable_cpuslocked+0xfc/0x120
LR static_key_enable_cpuslocked+0xf8/0x120
Call Trace:
static_key_enable_cpuslocked+0xf8/0x120 (unreliable)
static_key_enable+0x30/0x50
setup_forced_irqthreads+0x28/0x40
do_early_param+0xa0/0x108
parse_args+0x290/0x4e0
parse_early_options+0x48/0x5c
parse_early_param+0x58/0x84
early_init_devtree+0xd4/0x518
early_setup+0xb4/0x214
So call jump_label_init() just before parse_early_param() in
early_init_devtree().
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Zhouyi Zhou <zhouzhouyi@gmail.com>
[mpe: Add call trace to change log and minor wording edits.]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220726015747.11754-1-zhouzhouyi@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index 537142b877b8..d1ba17501343 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -740,6 +740,13 @@ void __init early_init_devtree(void *params)
of_scan_flat_dt(early_init_dt_scan_root, NULL);
of_scan_flat_dt(early_init_dt_scan_memory_ppc, NULL);
+ /*
+ * As generic code authors expect to be able to use static keys
+ * in early_param() handlers, we initialize the static keys just
+ * before parsing early params (it's fine to call jump_label_init()
+ * more than once).
+ */
+ jump_label_init();
parse_early_param();
/* make sure we've parsed cmdline for mem= before this */
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 383/389] video: fbdev: i740fb: Check the argument of i740_calc_vclk()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 382/389] powerpc/64: Init jump labels before parse_early_param() Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 384/389] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Greg Kroah-Hartman
` (10 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Helge Deller, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 40bf722f8064f50200b8c4f8946cd625b441dda9 ]
Since the user can control the arguments of the ioctl() from the user
space, under special arguments that may result in a divide-by-zero bug.
If the user provides an improper 'pixclock' value that makes the argumet
of i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a
divide-by-zero bug in:
drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));
The following log can reveal it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI
RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]
RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]
RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742
Call Trace:
fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034
do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110
fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189
Fix this by checking the argument of i740_calc_vclk() first.
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/i740fb.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/i740fb.c b/drivers/video/fbdev/i740fb.c
index 347cf8babc3e..1434eb0220e7 100644
--- a/drivers/video/fbdev/i740fb.c
+++ b/drivers/video/fbdev/i740fb.c
@@ -400,7 +400,7 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
u32 xres, right, hslen, left, xtotal;
u32 yres, lower, vslen, upper, ytotal;
u32 vxres, xoffset, vyres, yoffset;
- u32 bpp, base, dacspeed24, mem;
+ u32 bpp, base, dacspeed24, mem, freq;
u8 r7;
int i;
@@ -643,7 +643,12 @@ static int i740fb_decode_var(const struct fb_var_screeninfo *var,
par->atc[VGA_ATC_OVERSCAN] = 0;
/* Calculate VCLK that most closely matches the requested dot clock */
- i740_calc_vclk((((u32)1e9) / var->pixclock) * (u32)(1e3), par);
+ freq = (((u32)1e9) / var->pixclock) * (u32)(1e3);
+ if (freq < I740_RFREQ_FIX) {
+ fb_dbg(info, "invalid pixclock\n");
+ freq = I740_RFREQ_FIX;
+ }
+ i740_calc_vclk(freq, par);
/* Since we program the clocks ourselves, always use VCLK2. */
par->misc |= 0x0C;
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 384/389] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 383/389] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 385/389] tracing/probes: Have kprobes and uprobes use $COMM too Greg Kroah-Hartman
` (9 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sudip Mukherjee (Codethink),
Nathan Chancellor, Thomas Bogendoerfer, Sasha Levin
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 74de14fe05dd6b151d73cb0c73c8ec874cbdcde6 ]
When CONFIG_XPA is enabled, Clang warns:
arch/mips/mm/tlbex.c:629:24: error: converting the result of '<<' to a boolean; did you mean '(1 << _PAGE_NO_EXEC_SHIFT) != 0'? [-Werror,-Wint-in-bool-context]
if (cpu_has_rixi && !!_PAGE_NO_EXEC) {
^
arch/mips/include/asm/pgtable-bits.h:174:28: note: expanded from macro '_PAGE_NO_EXEC'
# define _PAGE_NO_EXEC (1 << _PAGE_NO_EXEC_SHIFT)
^
arch/mips/mm/tlbex.c:2568:24: error: converting the result of '<<' to a boolean; did you mean '(1 << _PAGE_NO_EXEC_SHIFT) != 0'? [-Werror,-Wint-in-bool-context]
if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
^
arch/mips/include/asm/pgtable-bits.h:174:28: note: expanded from macro '_PAGE_NO_EXEC'
# define _PAGE_NO_EXEC (1 << _PAGE_NO_EXEC_SHIFT)
^
2 errors generated.
_PAGE_NO_EXEC can be '0' or '1 << _PAGE_NO_EXEC_SHIFT' depending on the
build and runtime configuration, which is what the negation operators
are trying to convey. To silence the warning, explicitly compare against
0 so the result of the '<<' operator is not implicitly converted to a
boolean.
According to its documentation, GCC enables -Wint-in-bool-context with
-Wall but this warning is not visible when building the same
configuration with GCC. It appears GCC only warns when compiling C++,
not C, although the documentation makes no note of this:
https://godbolt.org/z/x39q3brxf
Reported-by: Sudip Mukherjee (Codethink) <sudipm.mukherjee@gmail.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/mm/tlbex.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c
index 547d813ead48..061dc5c97d5a 100644
--- a/arch/mips/mm/tlbex.c
+++ b/arch/mips/mm/tlbex.c
@@ -629,7 +629,7 @@ static __maybe_unused void build_convert_pte_to_entrylo(u32 **p,
return;
}
- if (cpu_has_rixi && !!_PAGE_NO_EXEC) {
+ if (cpu_has_rixi && _PAGE_NO_EXEC != 0) {
if (fill_includes_sw_bits) {
UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL));
} else {
@@ -2568,7 +2568,7 @@ static void check_pabits(void)
unsigned long entry;
unsigned pabits, fillbits;
- if (!cpu_has_rixi || !_PAGE_NO_EXEC) {
+ if (!cpu_has_rixi || _PAGE_NO_EXEC == 0) {
/*
* We'll only be making use of the fact that we can rotate bits
* into the fill if the CPU supports RIXI, so don't bother
--
2.35.1
^ permalink raw reply related [flat|nested] 415+ messages in thread
* [PATCH 5.4 385/389] tracing/probes: Have kprobes and uprobes use $COMM too
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 384/389] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 386/389] can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() Greg Kroah-Hartman
` (8 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Tzvetomir Stoyanov, Tom Zanussi, Masami Hiramatsu (Google),
Steven Rostedt (Google)
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit ab8384442ee512fc0fc72deeb036110843d0e7ff upstream.
Both $comm and $COMM can be used to get current->comm in eprobes and the
filtering and histogram logic. Make kprobes and uprobes consistent in this
regard and allow both $comm and $COMM as well. Currently kprobes and
uprobes only handle $comm, which is inconsistent with the other utilities,
and can be confusing to users.
Link: https://lkml.kernel.org/r/20220820134401.317014913@goodmis.org
Link: https://lore.kernel.org/all/20220820220442.776e1ddaf8836e82edb34d01@kernel.org/
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Fixes: 533059281ee5 ("tracing: probeevent: Introduce new argument fetching code")
Suggested-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_probe.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -300,7 +300,7 @@ static int parse_probe_vars(char *arg, c
}
} else
goto inval_var;
- } else if (strcmp(arg, "comm") == 0) {
+ } else if (strcmp(arg, "comm") == 0 || strcmp(arg, "COMM") == 0) {
code->op = FETCH_OP_COMM;
#ifdef CONFIG_HAVE_FUNCTION_ARG_ACCESS_API
} else if (((flags & TPARG_FL_MASK) ==
@@ -595,7 +595,8 @@ static int traceprobe_parse_probe_arg_bo
* Since $comm and immediate string can not be dereferred,
* we can find those by strcmp.
*/
- if (strcmp(arg, "$comm") == 0 || strncmp(arg, "\\\"", 2) == 0) {
+ if (strcmp(arg, "$comm") == 0 || strcmp(arg, "$COMM") == 0 ||
+ strncmp(arg, "\\\"", 2) == 0) {
/* The type of $comm must be "string", and not an array. */
if (parg->count || (t && strcmp(t, "string")))
return -EINVAL;
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 386/389] can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 385/389] tracing/probes: Have kprobes and uprobes use $COMM too Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 387/389] can: j1939: j1939_session_destroy(): fix memory leak of skbs Greg Kroah-Hartman
` (7 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fedor Pchelkin, Alexey Khoroshilov,
Oleksij Rempel, Marc Kleine-Budde
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 8ef49f7f8244424adcf4a546dba4cbbeb0b09c09 upstream.
We should warn user-space that it is doing something wrong when trying
to activate sessions with identical parameters but WARN_ON_ONCE macro
can not be used here as it serves a different purpose.
So it would be good to replace it with netdev_warn_once() message.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/all/20220729143655.1108297-1-pchelkin@ispras.ru
[mkl: fix indention]
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/j1939/socket.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -178,7 +178,10 @@ activate_next:
if (!first)
return;
- if (WARN_ON_ONCE(j1939_session_activate(first))) {
+ if (j1939_session_activate(first)) {
+ netdev_warn_once(first->priv->ndev,
+ "%s: 0x%p: Identical session is already activated.\n",
+ __func__, first);
first->err = -EBUSY;
goto activate_next;
} else {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 387/389] can: j1939: j1939_session_destroy(): fix memory leak of skbs
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 386/389] can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 388/389] btrfs: only write the sectors in the vertical stripe which has data stripes Greg Kroah-Hartman
` (6 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleksij Rempel, Fedor Pchelkin,
Alexey Khoroshilov, Marc Kleine-Budde
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 8c21c54a53ab21842f5050fa090f26b03c0313d6 upstream.
We need to drop skb references taken in j1939_session_skb_queue() when
destroying a session in j1939_session_destroy(). Otherwise those skbs
would be lost.
Link to Syzkaller info and repro: https://forge.ispras.ru/issues/11743.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
V1: https://lore.kernel.org/all/20220708175949.539064-1-pchelkin@ispras.ru
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Suggested-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/all/20220805150216.66313-1-pchelkin@ispras.ru
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/j1939/transport.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/net/can/j1939/transport.c
+++ b/net/can/j1939/transport.c
@@ -260,6 +260,8 @@ static void __j1939_session_drop(struct
static void j1939_session_destroy(struct j1939_session *session)
{
+ struct sk_buff *skb;
+
if (session->err)
j1939_sk_errqueue(session, J1939_ERRQUEUE_ABORT);
else
@@ -270,7 +272,11 @@ static void j1939_session_destroy(struct
WARN_ON_ONCE(!list_empty(&session->sk_session_queue_entry));
WARN_ON_ONCE(!list_empty(&session->active_session_list_entry));
- skb_queue_purge(&session->skb_queue);
+ while ((skb = skb_dequeue(&session->skb_queue)) != NULL) {
+ /* drop ref taken in j1939_session_skb_queue() */
+ skb_unref(skb);
+ kfree_skb(skb);
+ }
__j1939_session_drop(session);
j1939_priv_put(session->priv);
kfree(session);
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 388/389] btrfs: only write the sectors in the vertical stripe which has data stripes
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 387/389] can: j1939: j1939_session_destroy(): fix memory leak of skbs Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 389/389] btrfs: raid56: dont trust any cached sector in __raid56_parity_recover() Greg Kroah-Hartman
` (5 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Sterba, Qu Wenruo
From: Qu Wenruo <wqu@suse.com>
commit bd8f7e627703ca5707833d623efcd43f104c7b3f upstream.
If we have only 8K partial write at the beginning of a full RAID56
stripe, we will write the following contents:
0 8K 32K 64K
Disk 1 (data): |XX| | |
Disk 2 (data): | | |
Disk 3 (parity): |XXXXXXXXXXXXXXX|XXXXXXXXXXXXXXX|
|X| means the sector will be written back to disk.
Note that, although we won't write any sectors from disk 2, but we will
write the full 64KiB of parity to disk.
This behavior is fine for now, but not for the future (especially for
RAID56J, as we waste quite some space to journal the unused parity
stripes).
So here we will also utilize the btrfs_raid_bio::dbitmap, anytime we
queue a higher level bio into an rbio, we will update rbio::dbitmap to
indicate which vertical stripes we need to writeback.
And at finish_rmw(), we also check dbitmap to see if we need to write
any sector in the vertical stripe.
So after the patch, above example will only lead to the following
writeback pattern:
0 8K 32K 64K
Disk 1 (data): |XX| | |
Disk 2 (data): | | |
Disk 3 (parity): |XX| | |
Acked-by: David Sterba <dsterba@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/raid56.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 51 insertions(+), 4 deletions(-)
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -334,6 +334,9 @@ static void merge_rbio(struct btrfs_raid
{
bio_list_merge(&dest->bio_list, &victim->bio_list);
dest->bio_list_bytes += victim->bio_list_bytes;
+ /* Also inherit the bitmaps from @victim. */
+ bitmap_or(dest->dbitmap, victim->dbitmap, dest->dbitmap,
+ dest->stripe_npages);
dest->generic_bio_cnt += victim->generic_bio_cnt;
bio_list_init(&victim->bio_list);
}
@@ -878,6 +881,12 @@ static void rbio_orig_end_io(struct btrf
if (rbio->generic_bio_cnt)
btrfs_bio_counter_sub(rbio->fs_info, rbio->generic_bio_cnt);
+ /*
+ * Clear the data bitmap, as the rbio may be cached for later usage.
+ * do this before before unlock_stripe() so there will be no new bio
+ * for this bio.
+ */
+ bitmap_clear(rbio->dbitmap, 0, rbio->stripe_npages);
/*
* At this moment, rbio->bio_list is empty, however since rbio does not
@@ -1212,6 +1221,9 @@ static noinline void finish_rmw(struct b
else
BUG();
+ /* We should have at least one data sector. */
+ ASSERT(bitmap_weight(rbio->dbitmap, rbio->stripe_npages));
+
/* at this point we either have a full stripe,
* or we've read the full stripe from the drive.
* recalculate the parity and write the new results.
@@ -1285,6 +1297,11 @@ static noinline void finish_rmw(struct b
for (stripe = 0; stripe < rbio->real_stripes; stripe++) {
for (pagenr = 0; pagenr < rbio->stripe_npages; pagenr++) {
struct page *page;
+
+ /* This vertical stripe has no data, skip it. */
+ if (!test_bit(pagenr, rbio->dbitmap))
+ continue;
+
if (stripe < rbio->nr_data) {
page = page_in_rbio(rbio, stripe, pagenr, 1);
if (!page)
@@ -1309,6 +1326,11 @@ static noinline void finish_rmw(struct b
for (pagenr = 0; pagenr < rbio->stripe_npages; pagenr++) {
struct page *page;
+
+ /* This vertical stripe has no data, skip it. */
+ if (!test_bit(pagenr, rbio->dbitmap))
+ continue;
+
if (stripe < rbio->nr_data) {
page = page_in_rbio(rbio, stripe, pagenr, 1);
if (!page)
@@ -1748,6 +1770,33 @@ static void btrfs_raid_unplug(struct blk
run_plug(plug);
}
+/* Add the original bio into rbio->bio_list, and update rbio::dbitmap. */
+static void rbio_add_bio(struct btrfs_raid_bio *rbio, struct bio *orig_bio)
+{
+ const struct btrfs_fs_info *fs_info = rbio->fs_info;
+ const u64 orig_logical = orig_bio->bi_iter.bi_sector << SECTOR_SHIFT;
+ const u64 full_stripe_start = rbio->bbio->raid_map[0];
+ const u32 orig_len = orig_bio->bi_iter.bi_size;
+ const u32 sectorsize = fs_info->sectorsize;
+ u64 cur_logical;
+
+ ASSERT(orig_logical >= full_stripe_start &&
+ orig_logical + orig_len <= full_stripe_start +
+ rbio->nr_data * rbio->stripe_len);
+
+ bio_list_add(&rbio->bio_list, orig_bio);
+ rbio->bio_list_bytes += orig_bio->bi_iter.bi_size;
+
+ /* Update the dbitmap. */
+ for (cur_logical = orig_logical; cur_logical < orig_logical + orig_len;
+ cur_logical += sectorsize) {
+ int bit = ((u32)(cur_logical - full_stripe_start) >>
+ PAGE_SHIFT) % rbio->stripe_npages;
+
+ set_bit(bit, rbio->dbitmap);
+ }
+}
+
/*
* our main entry point for writes from the rest of the FS.
*/
@@ -1764,9 +1813,8 @@ int raid56_parity_write(struct btrfs_fs_
btrfs_put_bbio(bbio);
return PTR_ERR(rbio);
}
- bio_list_add(&rbio->bio_list, bio);
- rbio->bio_list_bytes = bio->bi_iter.bi_size;
rbio->operation = BTRFS_RBIO_WRITE;
+ rbio_add_bio(rbio, bio);
btrfs_bio_counter_inc_noblocked(fs_info);
rbio->generic_bio_cnt = 1;
@@ -2170,8 +2218,7 @@ int raid56_parity_recover(struct btrfs_f
}
rbio->operation = BTRFS_RBIO_READ_REBUILD;
- bio_list_add(&rbio->bio_list, bio);
- rbio->bio_list_bytes = bio->bi_iter.bi_size;
+ rbio_add_bio(rbio, bio);
rbio->faila = find_logical_bio_stripe(rbio, bio);
if (rbio->faila == -1) {
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 389/389] btrfs: raid56: dont trust any cached sector in __raid56_parity_recover()
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 388/389] btrfs: only write the sectors in the vertical stripe which has data stripes Greg Kroah-Hartman
@ 2022-08-23 8:27 ` Greg Kroah-Hartman
2022-08-23 21:02 ` [PATCH 5.4 000/389] 5.4.211-rc1 review Guenter Roeck
` (4 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-23 8:27 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, David Sterba, Qu Wenruo
From: Qu Wenruo <wqu@suse.com>
commit f6065f8edeb25f4a9dfe0b446030ad995a84a088 upstream.
[BUG]
There is a small workload which will always fail with recent kernel:
(A simplified version from btrfs/125 test case)
mkfs.btrfs -f -m raid5 -d raid5 -b 1G $dev1 $dev2 $dev3
mount $dev1 $mnt
xfs_io -f -c "pwrite -S 0xee 0 1M" $mnt/file1
sync
umount $mnt
btrfs dev scan -u $dev3
mount -o degraded $dev1 $mnt
xfs_io -f -c "pwrite -S 0xff 0 128M" $mnt/file2
umount $mnt
btrfs dev scan
mount $dev1 $mnt
btrfs balance start --full-balance $mnt
umount $mnt
The failure is always failed to read some tree blocks:
BTRFS info (device dm-4): relocating block group 217710592 flags data|raid5
BTRFS error (device dm-4): parent transid verify failed on 38993920 wanted 9 found 7
BTRFS error (device dm-4): parent transid verify failed on 38993920 wanted 9 found 7
...
[CAUSE]
With the recently added debug output, we can see all RAID56 operations
related to full stripe 38928384:
56.1183: raid56_read_partial: full_stripe=38928384 devid=2 type=DATA1 offset=0 opf=0x0 physical=9502720 len=65536
56.1185: raid56_read_partial: full_stripe=38928384 devid=3 type=DATA2 offset=16384 opf=0x0 physical=9519104 len=16384
56.1185: raid56_read_partial: full_stripe=38928384 devid=3 type=DATA2 offset=49152 opf=0x0 physical=9551872 len=16384
56.1187: raid56_write_stripe: full_stripe=38928384 devid=3 type=DATA2 offset=0 opf=0x1 physical=9502720 len=16384
56.1188: raid56_write_stripe: full_stripe=38928384 devid=3 type=DATA2 offset=32768 opf=0x1 physical=9535488 len=16384
56.1188: raid56_write_stripe: full_stripe=38928384 devid=1 type=PQ1 offset=0 opf=0x1 physical=30474240 len=16384
56.1189: raid56_write_stripe: full_stripe=38928384 devid=1 type=PQ1 offset=32768 opf=0x1 physical=30507008 len=16384
56.1218: raid56_write_stripe: full_stripe=38928384 devid=3 type=DATA2 offset=49152 opf=0x1 physical=9551872 len=16384
56.1219: raid56_write_stripe: full_stripe=38928384 devid=1 type=PQ1 offset=49152 opf=0x1 physical=30523392 len=16384
56.2721: raid56_parity_recover: full stripe=38928384 eb=39010304 mirror=2
56.2723: raid56_parity_recover: full stripe=38928384 eb=39010304 mirror=2
56.2724: raid56_parity_recover: full stripe=38928384 eb=39010304 mirror=2
Before we enter raid56_parity_recover(), we have triggered some metadata
write for the full stripe 38928384, this leads to us to read all the
sectors from disk.
Furthermore, btrfs raid56 write will cache its calculated P/Q sectors to
avoid unnecessary read.
This means, for that full stripe, after any partial write, we will have
stale data, along with P/Q calculated using that stale data.
Thankfully due to patch "btrfs: only write the sectors in the vertical stripe
which has data stripes" we haven't submitted all the corrupted P/Q to disk.
When we really need to recover certain range, aka in
raid56_parity_recover(), we will use the cached rbio, along with its
cached sectors (the full stripe is all cached).
This explains why we have no event raid56_scrub_read_recover()
triggered.
Since we have the cached P/Q which is calculated using the stale data,
the recovered one will just be stale.
In our particular test case, it will always return the same incorrect
metadata, thus causing the same error message "parent transid verify
failed on 39010304 wanted 9 found 7" again and again.
[BTRFS DESTRUCTIVE RMW PROBLEM]
Test case btrfs/125 (and above workload) always has its trouble with
the destructive read-modify-write (RMW) cycle:
0 32K 64K
Data1: | Good | Good |
Data2: | Bad | Bad |
Parity: | Good | Good |
In above case, if we trigger any write into Data1, we will use the bad
data in Data2 to re-generate parity, killing the only chance to recovery
Data2, thus Data2 is lost forever.
This destructive RMW cycle is not specific to btrfs RAID56, but there
are some btrfs specific behaviors making the case even worse:
- Btrfs will cache sectors for unrelated vertical stripes.
In above example, if we're only writing into 0~32K range, btrfs will
still read data range (32K ~ 64K) of Data1, and (64K~128K) of Data2.
This behavior is to cache sectors for later update.
Incidentally commit d4e28d9b5f04 ("btrfs: raid56: make steal_rbio()
subpage compatible") has a bug which makes RAID56 to never trust the
cached sectors, thus slightly improve the situation for recovery.
Unfortunately, follow up fix "btrfs: update stripe_sectors::uptodate in
steal_rbio" will revert the behavior back to the old one.
- Btrfs raid56 partial write will update all P/Q sectors and cache them
This means, even if data at (64K ~ 96K) of Data2 is free space, and
only (96K ~ 128K) of Data2 is really stale data.
And we write into that (96K ~ 128K), we will update all the parity
sectors for the full stripe.
This unnecessary behavior will completely kill the chance of recovery.
Thankfully, an unrelated optimization "btrfs: only write the sectors
in the vertical stripe which has data stripes" will prevent
submitting the write bio for untouched vertical sectors.
That optimization will keep the on-disk P/Q untouched for a chance for
later recovery.
[FIX]
Although we have no good way to completely fix the destructive RMW
(unless we go full scrub for each partial write), we can still limit the
damage.
With patch "btrfs: only write the sectors in the vertical stripe which
has data stripes" now we won't really submit the P/Q of unrelated
vertical stripes, so the on-disk P/Q should still be fine.
Now we really need to do is just drop all the cached sectors when doing
recovery.
By this, we have a chance to read the original P/Q from disk, and have a
chance to recover the stale data, while still keep the cache to speed up
regular write path.
In fact, just dropping all the cache for recovery path is good enough to
allow the test case btrfs/125 along with the small script to pass
reliably.
The lack of metadata write after the degraded mount, and forced metadata
COW is saving us this time.
So this patch will fix the behavior by not trust any cache in
__raid56_parity_recover(), to solve the problem while still keep the
cache useful.
But please note that this test pass DOES NOT mean we have solved the
destructive RMW problem, we just do better damage control a little
better.
Related patches:
- btrfs: only write the sectors in the vertical stripe
- d4e28d9b5f04 ("btrfs: raid56: make steal_rbio() subpage compatible")
- btrfs: update stripe_sectors::uptodate in steal_rbio
Acked-by: David Sterba <dsterba@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/raid56.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
--- a/fs/btrfs/raid56.c
+++ b/fs/btrfs/raid56.c
@@ -2116,9 +2116,12 @@ static int __raid56_parity_recover(struc
atomic_set(&rbio->error, 0);
/*
- * read everything that hasn't failed. Thanks to the
- * stripe cache, it is possible that some or all of these
- * pages are going to be uptodate.
+ * Read everything that hasn't failed. However this time we will
+ * not trust any cached sector.
+ * As we may read out some stale data but higher layer is not reading
+ * that stale part.
+ *
+ * So here we always re-read everything in recovery path.
*/
for (stripe = 0; stripe < rbio->real_stripes; stripe++) {
if (rbio->faila == stripe || rbio->failb == stripe) {
@@ -2127,16 +2130,6 @@ static int __raid56_parity_recover(struc
}
for (pagenr = 0; pagenr < rbio->stripe_npages; pagenr++) {
- struct page *p;
-
- /*
- * the rmw code may have already read this
- * page in
- */
- p = rbio_stripe_page(rbio, stripe, pagenr);
- if (PageUptodate(p))
- continue;
-
ret = rbio_add_io_page(rbio, &bio_list,
rbio_stripe_page(rbio, stripe, pagenr),
stripe, pagenr, rbio->stripe_len);
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 000/389] 5.4.211-rc1 review
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2022-08-23 8:27 ` [PATCH 5.4 389/389] btrfs: raid56: dont trust any cached sector in __raid56_parity_recover() Greg Kroah-Hartman
@ 2022-08-23 21:02 ` Guenter Roeck
2022-08-23 22:03 ` Shuah Khan
` (3 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Guenter Roeck @ 2022-08-23 21:02 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Tue, Aug 23, 2022 at 10:21:18AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.211 release.
> There are 389 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 25 Aug 2022 08:00:15 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 161 pass: 161 fail: 0
Qemu test results:
total: 446 pass: 446 fail: 0
Tested-by: Guenter Roeck <linux@roeck-us.net>
Guenter
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 000/389] 5.4.211-rc1 review
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2022-08-23 21:02 ` [PATCH 5.4 000/389] 5.4.211-rc1 review Guenter Roeck
@ 2022-08-23 22:03 ` Shuah Khan
2022-08-24 7:02 ` Naresh Kamboju
` (2 subsequent siblings)
393 siblings, 0 replies; 415+ messages in thread
From: Shuah Khan @ 2022-08-23 22:03 UTC (permalink / raw)
To: Greg Kroah-Hartman, linux-kernel
Cc: stable, torvalds, akpm, linux, shuah, patches, lkft-triage,
pavel, jonathanh, f.fainelli, sudipm.mukherjee, slade,
Shuah Khan
On 8/23/22 2:21 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.211 release.
> There are 389 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 25 Aug 2022 08:00:15 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.211-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
[not found] ` <CABhMZUVycsyy76j2Z=K+C6S1fwtzKE1Lx2povXKfB80o9g0MtQ@mail.gmail.com>
@ 2022-08-24 6:41 ` Greg Kroah-Hartman
2022-08-30 20:47 ` Ben Greear
0 siblings, 1 reply; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-24 6:41 UTC (permalink / raw)
To: bjorn
Cc: LKML, stable, Stefan Roese, Bjorn Helgaas, Pali Rohár,
Rafael J. Wysocki, Bharat Kumar Gogada, Michal Simek, Yao Hongbo,
Naveen Naidu, Sasha Levin
On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
> On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> wrote:
>
> > From: Stefan Roese <sr@denx.de>
> >
> > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
> >
>
> There's an open regression related to this commit:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=216373
This is already in the following released stable kernels:
5.10.137 5.15.61 5.18.18 5.19.2
I'll go drop it from the 4.19 and 5.4 queues, but when this gets
resolved in Linus's tree, make sure there's a cc: stable on the fix so
that we know to backport it to the above branches as well. Or at the
least, a "Fixes:" tag.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 000/389] 5.4.211-rc1 review
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2022-08-23 22:03 ` Shuah Khan
@ 2022-08-24 7:02 ` Naresh Kamboju
2022-08-24 11:05 ` Sudip Mukherjee (Codethink)
[not found] ` <3d191fcd-62bb-323f-ea2b-cf5599a75b07@huawei.com>
393 siblings, 0 replies; 415+ messages in thread
From: Naresh Kamboju @ 2022-08-24 7:02 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Tue, 23 Aug 2022 at 14:45, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.4.211 release.
> There are 389 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 25 Aug 2022 08:00:15 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.211-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro's test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 5.4.211-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-5.4.y
* git commit: 1cece69eaa889a27cf3e9f2051fcc57eda957271
* git describe: v5.4.210-390-g1cece69eaa88
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-5.4.y/build/v5.4.210-390-g1cece69eaa88
## No test Regressions (compared to v5.4.210)
## No metric Regressions (compared to v5.4.210)
## No test Fixes (compared to v5.4.210)
## No metric Fixes (compared to v5.4.210)
## Test result summary
total: 64174, pass: 57363, fail: 716, skip: 6017, xfail: 78
## Build Summary
* arc: 10 total, 10 passed, 0 failed
* arm: 302 total, 302 passed, 0 failed
* arm64: 61 total, 57 passed, 4 failed
* i386: 28 total, 26 passed, 2 failed
* mips: 45 total, 45 passed, 0 failed
* parisc: 12 total, 12 passed, 0 failed
* powerpc: 54 total, 54 passed, 0 failed
* riscv: 27 total, 26 passed, 1 failed
* s390: 12 total, 12 passed, 0 failed
* sh: 24 total, 24 passed, 0 failed
* sparc: 12 total, 12 passed, 0 failed
* x86_64: 54 total, 52 passed, 2 failed
## Test suites summary
* kunit
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-fsx
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-syscalls
* ltp-tracing
* rcutorture
* v4l2-compliance
* vdso
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 000/389] 5.4.211-rc1 review
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2022-08-24 7:02 ` Naresh Kamboju
@ 2022-08-24 11:05 ` Sudip Mukherjee (Codethink)
[not found] ` <3d191fcd-62bb-323f-ea2b-cf5599a75b07@huawei.com>
393 siblings, 0 replies; 415+ messages in thread
From: Sudip Mukherjee (Codethink) @ 2022-08-24 11:05 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, slade
Hi Greg,
On Tue, Aug 23, 2022 at 10:21:18AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.4.211 release.
> There are 389 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 25 Aug 2022 08:00:15 +0000.
> Anything received after that time might be too late.
Build test (gcc version 11.3.1 20220819):
mips: 65 configs -> no failure
arm: 106 configs -> no failure
arm64: 2 configs -> no failure
x86_64: 4 configs -> no failure
alpha allmodconfig -> no failure
powerpc allmodconfig -> no failure
riscv allmodconfig -> no failure
s390 allmodconfig -> no failure
xtensa allmodconfig -> no failure
Boot test:
x86_64: Booted on my test laptop. No regression.
x86_64: Booted on qemu. No regression. [1]
[1]. https://openqa.qa.codethink.co.uk/tests/1685
Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
--
Regards
Sudip
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 000/389] 5.4.211-rc1 review
[not found] ` <3d191fcd-62bb-323f-ea2b-cf5599a75b07@huawei.com>
@ 2022-08-25 9:35 ` Greg Kroah-Hartman
0 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-08-25 9:35 UTC (permalink / raw)
To: zhouzhixiu
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Thu, Aug 25, 2022 at 05:20:46PM +0800, zhouzhixiu wrote:
>
> On 2022/8/23 16:21, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.4.211 release.
> > There are 389 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know. Responses should be made by Thu, 25 Aug 2022 08:00:15
> > +0000. Anything received after that time might be too late. The whole
> > patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.211-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> > linux-5.4.y and the diffstat can be found below. thanks, greg k-h
>
> Tested on arm64 and x86 for 5.4.211-rc1,
>
> Kernel repo:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
>
> Branch: linux-5.10.yVersion:
> 5.4.211-rc1Commit:1cece69eaa889a27cf3e9f2051fcc57eda957271Compiler: gcc
> version 7.3.0 (GCC) arm64:--------------------------------------------------------------------Testcase
> Result Summary:total: 9017passed: 9017failed: 0timeout: 0--------------------------------------------------------------------x86:--------------------------------------------------------------------Testcase
> Result Summary:total: 9017passed: 9017failed: 0timeout: 0--------------------------------------------------------------------Tested-by:
> Hulk Robot <hulkrobot@huawei.com>
Your emails are being sent in html format and not being accepted by the
mialing list.
Also this response is very odd :(
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-24 6:41 ` Greg Kroah-Hartman
@ 2022-08-30 20:47 ` Ben Greear
2022-08-30 20:58 ` Pali Rohár
2022-08-30 22:11 ` Bjorn Helgaas
0 siblings, 2 replies; 415+ messages in thread
From: Ben Greear @ 2022-08-30 20:47 UTC (permalink / raw)
To: Greg Kroah-Hartman, bjorn
Cc: LKML, stable, Stefan Roese, Bjorn Helgaas, Pali Rohár,
Rafael J. Wysocki, Bharat Kumar Gogada, Michal Simek, Yao Hongbo,
Naveen Naidu, Sasha Levin
On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
> On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
>> On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> wrote:
>>
>>> From: Stefan Roese <sr@denx.de>
>>>
>>> [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
>>>
>>
>> There's an open regression related to this commit:
>>
>> https://bugzilla.kernel.org/show_bug.cgi?id=216373
>
> This is already in the following released stable kernels:
> 5.10.137 5.15.61 5.18.18 5.19.2
>
> I'll go drop it from the 4.19 and 5.4 queues, but when this gets
> resolved in Linus's tree, make sure there's a cc: stable on the fix so
> that we know to backport it to the above branches as well. Or at the
> least, a "Fixes:" tag.
This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
that we did not see in 5.19.0+. I just bisected the scary looking AER errors to this
patch, though I do not know for certain if it causes the iwlwifi related crashes yet.
In general, from reading the commit msg, this patch doesn't seem to be a great candidate
for stable in general. Does it fix some important problem?
In case it helps, here is example of what I see in dmesg. The kernel crashes in iwlwifi
had to do with rx messages from the firmware, and some warnings lead me to believe that
pci messages were slow coming back and/or maybe duplicated. So maybe this AER patch changes
timing or otherwise screws up the PCI adapter boards we use...
[ 50.905809] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
[ 50.905830] pcieport 0000:03:01.0: AER: device recovery failed
[ 50.905831] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:01.0
[ 50.905845] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 50.915679] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
[ 50.922735] pcieport 0000:03:01.0: [20] UnsupReq (First)
[ 50.928230] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
[ 50.935126] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
[ 50.935133] pcieport 0000:03:01.0: AER: device recovery failed
[ 50.935134] pcieport 0000:00:1c.0: AER: Multiple Uncorrected (Non-Fatal) error received: 0000:03:01.0
[ 50.935222] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 50.945059] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
[ 50.952120] pcieport 0000:03:01.0: [20] UnsupReq (First)
[ 50.957614] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
[ 50.964492] pcieport 0000:03:01.0: AER: Error of this Agent is reported first
[ 50.970519] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 50.980344] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 50.987399] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 50.992891] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 50.999785] pcieport 0000:03:03.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.009611] pcieport 0000:03:03.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.016665] pcieport 0000:03:03.0: [20] UnsupReq (First)
[ 51.022161] pcieport 0000:03:03.0: AER: TLP Header: 34000000 06001f10 00000000 88c888c8
[ 51.029052] pcieport 0000:03:05.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.038881] pcieport 0000:03:05.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.045931] pcieport 0000:03:05.0: [20] UnsupReq (First)
[ 51.051430] pcieport 0000:03:05.0: AER: TLP Header: 34000000 07001f10 00000000 88c888c8
[ 51.058320] pcieport 0000:03:07.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.068147] pcieport 0000:03:07.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.075200] pcieport 0000:03:07.0: [20] UnsupReq (First)
[ 51.080696] pcieport 0000:03:07.0: AER: TLP Header: 34000000 08001f10 00000000 88c888c8
[ 51.087589] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
[ 51.087598] pcieport 0000:03:01.0: AER: device recovery failed
[ 51.087611] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 51.087615] pcieport 0000:03:02.0: AER: device recovery failed
[ 51.087628] iwlwifi 0000:06:00.0: AER: can't recover (no error_detected callback)
[ 51.087631] pcieport 0000:03:03.0: AER: device recovery failed
[ 51.087643] iwlwifi 0000:07:00.0: AER: can't recover (no error_detected callback)
[ 51.087646] pcieport 0000:03:05.0: AER: device recovery failed
[ 51.087659] iwlwifi 0000:08:00.0: AER: can't recover (no error_detected callback)
[ 51.087662] pcieport 0000:03:07.0: AER: device recovery failed
[ 51.103761] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
[ 51.103778] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.113608] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.120658] pcieport 0000:03:0f.0: [20] UnsupReq (First)
[ 51.126152] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
[ 51.133044] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
[ 51.133068] pcieport 0000:03:0f.0: AER: device recovery failed
[ 51.168925] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
[ 51.168940] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.178773] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.185823] pcieport 0000:03:0f.0: [20] UnsupReq (First)
[ 51.191318] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
[ 51.198211] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
[ 51.198234] pcieport 0000:03:0f.0: AER: device recovery failed
[ 51.260695] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
[ 51.260710] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.270548] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.277605] pcieport 0000:03:0f.0: [20] UnsupReq (First)
[ 51.283103] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
[ 51.290009] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
[ 51.290033] pcieport 0000:03:0f.0: AER: device recovery failed
[ 51.328514] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
[ 51.328530] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 51.331638] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
[ 51.338363] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
[ 51.338364] pcieport 0000:03:0f.0: [20] UnsupReq (First)
[ 51.345413] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
[ 51.350900] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
[ 51.350927] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 20:47 ` Ben Greear
@ 2022-08-30 20:58 ` Pali Rohár
2022-08-30 21:28 ` Ben Greear
2022-08-30 22:11 ` Bjorn Helgaas
1 sibling, 1 reply; 415+ messages in thread
From: Pali Rohár @ 2022-08-30 20:58 UTC (permalink / raw)
To: Ben Greear
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Stefan Roese,
Bjorn Helgaas, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin
On Tuesday 30 August 2022 13:47:48 Ben Greear wrote:
> On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
> > On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
> > > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > wrote:
> > >
> > > > From: Stefan Roese <sr@denx.de>
> > > >
> > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
> > > >
> > >
> > > There's an open regression related to this commit:
> > >
> > > https://bugzilla.kernel.org/show_bug.cgi?id=216373
> >
> > This is already in the following released stable kernels:
> > 5.10.137 5.15.61 5.18.18 5.19.2
> >
> > I'll go drop it from the 4.19 and 5.4 queues, but when this gets
> > resolved in Linus's tree, make sure there's a cc: stable on the fix so
> > that we know to backport it to the above branches as well. Or at the
> > least, a "Fixes:" tag.
>
> This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
> that we did not see in 5.19.0+. I just bisected the scary looking AER errors to this
> patch, though I do not know for certain if it causes the iwlwifi related crashes yet.
>
> In general, from reading the commit msg, this patch doesn't seem to be a great candidate
> for stable in general. Does it fix some important problem?
>
> In case it helps, here is example of what I see in dmesg. The kernel crashes in iwlwifi
> had to do with rx messages from the firmware, and some warnings lead me to believe that
> pci messages were slow coming back and/or maybe duplicated. So maybe this AER patch changes
> timing or otherwise screws up the PCI adapter boards we use...
From that log I have feeling that issue is in that intel wifi card and
it was there also before that commit. Card is crashing (or something
other happens on PCIe bus) and because kernel had disabled Error
Reporting for this card, nobody spotted any issue. And that commit just
opened eye to kernel to see those errors.
I think this issue should be reported to intel wifi card developers,
maybe they comment it, why card is reporting errors.
>
> [ 50.905809] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> [ 50.905830] pcieport 0000:03:01.0: AER: device recovery failed
> [ 50.905831] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:01.0
> [ 50.905845] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 50.915679] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 50.922735] pcieport 0000:03:01.0: [20] UnsupReq (First)
> [ 50.928230] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
> [ 50.935126] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> [ 50.935133] pcieport 0000:03:01.0: AER: device recovery failed
> [ 50.935134] pcieport 0000:00:1c.0: AER: Multiple Uncorrected (Non-Fatal) error received: 0000:03:01.0
> [ 50.935222] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 50.945059] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 50.952120] pcieport 0000:03:01.0: [20] UnsupReq (First)
> [ 50.957614] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
> [ 50.964492] pcieport 0000:03:01.0: AER: Error of this Agent is reported first
> [ 50.970519] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 50.980344] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 50.987399] pcieport 0000:03:02.0: [20] UnsupReq (First)
> [ 50.992891] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
> [ 50.999785] pcieport 0000:03:03.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.009611] pcieport 0000:03:03.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.016665] pcieport 0000:03:03.0: [20] UnsupReq (First)
> [ 51.022161] pcieport 0000:03:03.0: AER: TLP Header: 34000000 06001f10 00000000 88c888c8
> [ 51.029052] pcieport 0000:03:05.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.038881] pcieport 0000:03:05.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.045931] pcieport 0000:03:05.0: [20] UnsupReq (First)
> [ 51.051430] pcieport 0000:03:05.0: AER: TLP Header: 34000000 07001f10 00000000 88c888c8
> [ 51.058320] pcieport 0000:03:07.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.068147] pcieport 0000:03:07.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.075200] pcieport 0000:03:07.0: [20] UnsupReq (First)
> [ 51.080696] pcieport 0000:03:07.0: AER: TLP Header: 34000000 08001f10 00000000 88c888c8
> [ 51.087589] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> [ 51.087598] pcieport 0000:03:01.0: AER: device recovery failed
> [ 51.087611] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
> [ 51.087615] pcieport 0000:03:02.0: AER: device recovery failed
> [ 51.087628] iwlwifi 0000:06:00.0: AER: can't recover (no error_detected callback)
> [ 51.087631] pcieport 0000:03:03.0: AER: device recovery failed
> [ 51.087643] iwlwifi 0000:07:00.0: AER: can't recover (no error_detected callback)
> [ 51.087646] pcieport 0000:03:05.0: AER: device recovery failed
> [ 51.087659] iwlwifi 0000:08:00.0: AER: can't recover (no error_detected callback)
> [ 51.087662] pcieport 0000:03:07.0: AER: device recovery failed
> [ 51.103761] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> [ 51.103778] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.113608] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.120658] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> [ 51.126152] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> [ 51.133044] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> [ 51.133068] pcieport 0000:03:0f.0: AER: device recovery failed
> [ 51.168925] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> [ 51.168940] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.178773] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.185823] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> [ 51.191318] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> [ 51.198211] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> [ 51.198234] pcieport 0000:03:0f.0: AER: device recovery failed
> [ 51.260695] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> [ 51.260710] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.270548] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.277605] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> [ 51.283103] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> [ 51.290009] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> [ 51.290033] pcieport 0000:03:0f.0: AER: device recovery failed
> [ 51.328514] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> [ 51.328530] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 51.331638] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
> [ 51.338363] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 51.338364] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> [ 51.345413] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
> [ 51.350900] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> [ 51.350927] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
>
>
> Thanks,
> Ben
>
> --
> Ben Greear <greearb@candelatech.com>
> Candela Technologies Inc http://www.candelatech.com
>
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 20:58 ` Pali Rohár
@ 2022-08-30 21:28 ` Ben Greear
2022-08-30 21:55 ` Pali Rohár
0 siblings, 1 reply; 415+ messages in thread
From: Ben Greear @ 2022-08-30 21:28 UTC (permalink / raw)
To: Pali Rohár
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Stefan Roese,
Bjorn Helgaas, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin
On 8/30/22 1:58 PM, Pali Rohár wrote:
> On Tuesday 30 August 2022 13:47:48 Ben Greear wrote:
>> On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
>>> On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
>>>> On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>>>> wrote:
>>>>
>>>>> From: Stefan Roese <sr@denx.de>
>>>>>
>>>>> [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
>>>>>
>>>>
>>>> There's an open regression related to this commit:
>>>>
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=216373
>>>
>>> This is already in the following released stable kernels:
>>> 5.10.137 5.15.61 5.18.18 5.19.2
>>>
>>> I'll go drop it from the 4.19 and 5.4 queues, but when this gets
>>> resolved in Linus's tree, make sure there's a cc: stable on the fix so
>>> that we know to backport it to the above branches as well. Or at the
>>> least, a "Fixes:" tag.
>>
>> This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
>> that we did not see in 5.19.0+. I just bisected the scary looking AER errors to this
>> patch, though I do not know for certain if it causes the iwlwifi related crashes yet.
>>
>> In general, from reading the commit msg, this patch doesn't seem to be a great candidate
>> for stable in general. Does it fix some important problem?
>>
>> In case it helps, here is example of what I see in dmesg. The kernel crashes in iwlwifi
>> had to do with rx messages from the firmware, and some warnings lead me to believe that
>> pci messages were slow coming back and/or maybe duplicated. So maybe this AER patch changes
>> timing or otherwise screws up the PCI adapter boards we use...
>
> From that log I have feeling that issue is in that intel wifi card and
> it was there also before that commit. Card is crashing (or something
> other happens on PCIe bus) and because kernel had disabled Error
> Reporting for this card, nobody spotted any issue. And that commit just
> opened eye to kernel to see those errors.
>
> I think this issue should be reported to intel wifi card developers,
> maybe they comment it, why card is reporting errors.
My main concern is not that AER messages started showing up, but that there
started being kernel NPE and WARNINGS showing up sometime after 5.19.0.
Possibly this AER thing is mis-direction and the real bug is elsewhere,
but since the bugzilla also indicated (different) driver crashes, then
I am suspicious this changes things more significantly, at least in a subset
of hardware out there.
Also, any idea what this error in my logs is actually indicating?
Thanks,
Ben
>
>>
>> [ 50.905809] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
>> [ 50.905830] pcieport 0000:03:01.0: AER: device recovery failed
>> [ 50.905831] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:01.0
>> [ 50.905845] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 50.915679] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 50.922735] pcieport 0000:03:01.0: [20] UnsupReq (First)
>> [ 50.928230] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
>> [ 50.935126] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
>> [ 50.935133] pcieport 0000:03:01.0: AER: device recovery failed
>> [ 50.935134] pcieport 0000:00:1c.0: AER: Multiple Uncorrected (Non-Fatal) error received: 0000:03:01.0
>> [ 50.935222] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 50.945059] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 50.952120] pcieport 0000:03:01.0: [20] UnsupReq (First)
>> [ 50.957614] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
>> [ 50.964492] pcieport 0000:03:01.0: AER: Error of this Agent is reported first
>> [ 50.970519] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 50.980344] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 50.987399] pcieport 0000:03:02.0: [20] UnsupReq (First)
>> [ 50.992891] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
>> [ 50.999785] pcieport 0000:03:03.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.009611] pcieport 0000:03:03.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.016665] pcieport 0000:03:03.0: [20] UnsupReq (First)
>> [ 51.022161] pcieport 0000:03:03.0: AER: TLP Header: 34000000 06001f10 00000000 88c888c8
>> [ 51.029052] pcieport 0000:03:05.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.038881] pcieport 0000:03:05.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.045931] pcieport 0000:03:05.0: [20] UnsupReq (First)
>> [ 51.051430] pcieport 0000:03:05.0: AER: TLP Header: 34000000 07001f10 00000000 88c888c8
>> [ 51.058320] pcieport 0000:03:07.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.068147] pcieport 0000:03:07.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.075200] pcieport 0000:03:07.0: [20] UnsupReq (First)
>> [ 51.080696] pcieport 0000:03:07.0: AER: TLP Header: 34000000 08001f10 00000000 88c888c8
>> [ 51.087589] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
>> [ 51.087598] pcieport 0000:03:01.0: AER: device recovery failed
>> [ 51.087611] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
>> [ 51.087615] pcieport 0000:03:02.0: AER: device recovery failed
>> [ 51.087628] iwlwifi 0000:06:00.0: AER: can't recover (no error_detected callback)
>> [ 51.087631] pcieport 0000:03:03.0: AER: device recovery failed
>> [ 51.087643] iwlwifi 0000:07:00.0: AER: can't recover (no error_detected callback)
>> [ 51.087646] pcieport 0000:03:05.0: AER: device recovery failed
>> [ 51.087659] iwlwifi 0000:08:00.0: AER: can't recover (no error_detected callback)
>> [ 51.087662] pcieport 0000:03:07.0: AER: device recovery failed
>> [ 51.103761] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
>> [ 51.103778] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.113608] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.120658] pcieport 0000:03:0f.0: [20] UnsupReq (First)
>> [ 51.126152] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
>> [ 51.133044] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
>> [ 51.133068] pcieport 0000:03:0f.0: AER: device recovery failed
>> [ 51.168925] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
>> [ 51.168940] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.178773] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.185823] pcieport 0000:03:0f.0: [20] UnsupReq (First)
>> [ 51.191318] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
>> [ 51.198211] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
>> [ 51.198234] pcieport 0000:03:0f.0: AER: device recovery failed
>> [ 51.260695] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
>> [ 51.260710] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.270548] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.277605] pcieport 0000:03:0f.0: [20] UnsupReq (First)
>> [ 51.283103] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
>> [ 51.290009] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
>> [ 51.290033] pcieport 0000:03:0f.0: AER: device recovery failed
>> [ 51.328514] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
>> [ 51.328530] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 51.331638] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
>> [ 51.338363] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 51.338364] pcieport 0000:03:0f.0: [20] UnsupReq (First)
>> [ 51.345413] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
>> [ 51.350900] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
>> [ 51.350927] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
>>
>>
>> Thanks,
>> Ben
>>
>> --
>> Ben Greear <greearb@candelatech.com>
>> Candela Technologies Inc http://www.candelatech.com
>>
>
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 21:28 ` Ben Greear
@ 2022-08-30 21:55 ` Pali Rohár
2022-08-30 22:16 ` Ben Greear
0 siblings, 1 reply; 415+ messages in thread
From: Pali Rohár @ 2022-08-30 21:55 UTC (permalink / raw)
To: Ben Greear
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Stefan Roese,
Bjorn Helgaas, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin
On Tuesday 30 August 2022 14:28:14 Ben Greear wrote:
> On 8/30/22 1:58 PM, Pali Rohár wrote:
> > On Tuesday 30 August 2022 13:47:48 Ben Greear wrote:
> > > On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
> > > > On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
> > > > > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > > > wrote:
> > > > >
> > > > > > From: Stefan Roese <sr@denx.de>
> > > > > >
> > > > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
> > > > > >
> > > > >
> > > > > There's an open regression related to this commit:
> > > > >
> > > > > https://bugzilla.kernel.org/show_bug.cgi?id=216373
> > > >
> > > > This is already in the following released stable kernels:
> > > > 5.10.137 5.15.61 5.18.18 5.19.2
> > > >
> > > > I'll go drop it from the 4.19 and 5.4 queues, but when this gets
> > > > resolved in Linus's tree, make sure there's a cc: stable on the fix so
> > > > that we know to backport it to the above branches as well. Or at the
> > > > least, a "Fixes:" tag.
> > >
> > > This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
> > > that we did not see in 5.19.0+. I just bisected the scary looking AER errors to this
> > > patch, though I do not know for certain if it causes the iwlwifi related crashes yet.
> > >
> > > In general, from reading the commit msg, this patch doesn't seem to be a great candidate
> > > for stable in general. Does it fix some important problem?
> > >
> > > In case it helps, here is example of what I see in dmesg. The kernel crashes in iwlwifi
> > > had to do with rx messages from the firmware, and some warnings lead me to believe that
> > > pci messages were slow coming back and/or maybe duplicated. So maybe this AER patch changes
> > > timing or otherwise screws up the PCI adapter boards we use...
> >
> > From that log I have feeling that issue is in that intel wifi card and
> > it was there also before that commit. Card is crashing (or something
> > other happens on PCIe bus) and because kernel had disabled Error
> > Reporting for this card, nobody spotted any issue. And that commit just
> > opened eye to kernel to see those errors.
> >
> > I think this issue should be reported to intel wifi card developers,
> > maybe they comment it, why card is reporting errors.
>
> My main concern is not that AER messages started showing up, but that there
> started being kernel NPE and WARNINGS showing up sometime after 5.19.0.
>
> Possibly this AER thing is mis-direction and the real bug is elsewhere,
> but since the bugzilla also indicated (different) driver crashes, then
> I am suspicious this changes things more significantly, at least in a subset
> of hardware out there.
Yea, of course, this is something needed to investigate.
Anyway, do you see driver crashes? Or just these AER errors? And are
your PCIe cards working, or after seeing these messages in dmesg they
stopped working? It is needed to know if you are just spammed by tons of
lines in dmesg and otherwise everything works. Or if after AER errors
your PCIe devices stop working and rebooting system is required.
> Also, any idea what this error in my logs is actually indicating?
Your PCIe controller received non-fatal, but uncorrected error. There is
also indication of Unsupported Request Completion Status. Unsupported
Request is generated by PCIe device when controller / host / kernel try
to do something which is not supported by device; pretty generic error.
PCIe base spec describe lot of scenarios when card should return this
error. Maybe some more detailed information are in TLP Header hexdump,
but I cannot decode it now.
Basically it is PCIe card driver who could know how fatal it is that
issue and how to recover from it. But as you can see intel wifi driver
does not implement that callback.
> Thanks,
> Ben
>
> >
> > >
> > > [ 50.905809] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> > > [ 50.905830] pcieport 0000:03:01.0: AER: device recovery failed
> > > [ 50.905831] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:01.0
> > > [ 50.905845] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 50.915679] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 50.922735] pcieport 0000:03:01.0: [20] UnsupReq (First)
> > > [ 50.928230] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
> > > [ 50.935126] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> > > [ 50.935133] pcieport 0000:03:01.0: AER: device recovery failed
> > > [ 50.935134] pcieport 0000:00:1c.0: AER: Multiple Uncorrected (Non-Fatal) error received: 0000:03:01.0
> > > [ 50.935222] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 50.945059] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 50.952120] pcieport 0000:03:01.0: [20] UnsupReq (First)
> > > [ 50.957614] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
> > > [ 50.964492] pcieport 0000:03:01.0: AER: Error of this Agent is reported first
> > > [ 50.970519] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 50.980344] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 50.987399] pcieport 0000:03:02.0: [20] UnsupReq (First)
> > > [ 50.992891] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
> > > [ 50.999785] pcieport 0000:03:03.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.009611] pcieport 0000:03:03.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.016665] pcieport 0000:03:03.0: [20] UnsupReq (First)
> > > [ 51.022161] pcieport 0000:03:03.0: AER: TLP Header: 34000000 06001f10 00000000 88c888c8
> > > [ 51.029052] pcieport 0000:03:05.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.038881] pcieport 0000:03:05.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.045931] pcieport 0000:03:05.0: [20] UnsupReq (First)
> > > [ 51.051430] pcieport 0000:03:05.0: AER: TLP Header: 34000000 07001f10 00000000 88c888c8
> > > [ 51.058320] pcieport 0000:03:07.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.068147] pcieport 0000:03:07.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.075200] pcieport 0000:03:07.0: [20] UnsupReq (First)
> > > [ 51.080696] pcieport 0000:03:07.0: AER: TLP Header: 34000000 08001f10 00000000 88c888c8
> > > [ 51.087589] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.087598] pcieport 0000:03:01.0: AER: device recovery failed
> > > [ 51.087611] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.087615] pcieport 0000:03:02.0: AER: device recovery failed
> > > [ 51.087628] iwlwifi 0000:06:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.087631] pcieport 0000:03:03.0: AER: device recovery failed
> > > [ 51.087643] iwlwifi 0000:07:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.087646] pcieport 0000:03:05.0: AER: device recovery failed
> > > [ 51.087659] iwlwifi 0000:08:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.087662] pcieport 0000:03:07.0: AER: device recovery failed
> > > [ 51.103761] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> > > [ 51.103778] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.113608] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.120658] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> > > [ 51.126152] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> > > [ 51.133044] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.133068] pcieport 0000:03:0f.0: AER: device recovery failed
> > > [ 51.168925] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> > > [ 51.168940] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.178773] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.185823] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> > > [ 51.191318] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> > > [ 51.198211] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.198234] pcieport 0000:03:0f.0: AER: device recovery failed
> > > [ 51.260695] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> > > [ 51.260710] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.270548] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.277605] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> > > [ 51.283103] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> > > [ 51.290009] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> > > [ 51.290033] pcieport 0000:03:0f.0: AER: device recovery failed
> > > [ 51.328514] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:0f.0
> > > [ 51.328530] pcieport 0000:03:0f.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 51.331638] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
> > > [ 51.338363] pcieport 0000:03:0f.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 51.338364] pcieport 0000:03:0f.0: [20] UnsupReq (First)
> > > [ 51.345413] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
> > > [ 51.350900] pcieport 0000:03:0f.0: AER: TLP Header: 34000000 0f001f10 00000000 88c888c8
> > > [ 51.350927] iwlwifi 0000:0f:00.0: AER: can't recover (no error_detected callback)
> > >
> > >
> > > Thanks,
> > > Ben
> > >
> > > --
> > > Ben Greear <greearb@candelatech.com>
> > > Candela Technologies Inc http://www.candelatech.com
> > >
> >
>
>
> --
> Ben Greear <greearb@candelatech.com>
> Candela Technologies Inc http://www.candelatech.com
>
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 20:47 ` Ben Greear
2022-08-30 20:58 ` Pali Rohár
@ 2022-08-30 22:11 ` Bjorn Helgaas
2022-08-31 5:52 ` Stefan Roese
1 sibling, 1 reply; 415+ messages in thread
From: Bjorn Helgaas @ 2022-08-30 22:11 UTC (permalink / raw)
To: Ben Greear
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Stefan Roese,
Bjorn Helgaas, Pali Rohár, Rafael J. Wysocki,
Bharat Kumar Gogada, Michal Simek, Yao Hongbo, Naveen Naidu,
Sasha Levin, Gregory Greenman, linux-wireless
[+cc Gregory, linux-wireless for iwlwifi issue]
On Tue, Aug 30, 2022 at 01:47:48PM -0700, Ben Greear wrote:
> On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
> > On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
> > > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > wrote:
> > >
> > > > From: Stefan Roese <sr@denx.de>
> > > >
> > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
> > > >
> > >
> > > There's an open regression related to this commit:
> > >
> > > https://bugzilla.kernel.org/show_bug.cgi?id=216373
> >
> > This is already in the following released stable kernels:
> > 5.10.137 5.15.61 5.18.18 5.19.2
> >
> > I'll go drop it from the 4.19 and 5.4 queues, but when this gets
> > resolved in Linus's tree, make sure there's a cc: stable on the fix so
> > that we know to backport it to the above branches as well. Or at the
> > least, a "Fixes:" tag.
>
> This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
> that we did not see in 5.19.0+. I just bisected the scary looking
> AER errors to this patch, though I do not know for certain if it
> causes the iwlwifi related crashes yet.
>
> In general, from reading the commit msg, this patch doesn't seem to
> be a great candidate for stable in general. Does it fix some
> important problem?
I agree, I don't think this is a good candidate for stable. It has
already exposed latent amdgpu issues and we'll likely find more. It's
good to find and fix these things, but I'd rather do it in -rc than in
stable kernels.
It would be interesting to know whether similar crashes or AER reports
occur in v6.0-rc.
> In case it helps, here is example of what I see in dmesg. The
> kernel crashes in iwlwifi had to do with rx messages from the
> firmware, and some warnings lead me to believe that pci messages
> were slow coming back and/or maybe duplicated. So maybe this AER
> patch changes timing or otherwise screws up the PCI adapter boards
> we use...
It shouldn't. This looks like a latent issue that happened before but
was ignored because we didn't have AER enabled at the switch that
detected the error.
> [ 50.905809] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
> [ 50.905830] pcieport 0000:03:01.0: AER: device recovery failed
> [ 50.905831] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:01.0
> [ 50.905845] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 50.915679] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 50.922735] pcieport 0000:03:01.0: [20] UnsupReq (First)
> [ 50.928230] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
This is an LTR message (Message Code 0x10), Requester ID 04:00.0. I
think the iwlwifi device at 04:00.0 sent the LTR message, and 03:01.0
(probably a Switch Downstream Port leading to bus 04) received it but
had LTR disabled. In that case, 03:01.0 would treat the LTR message
as an Unsupported Request.
The other errors below are the same but from different devices.
Does this happen during or after a suspend/resume? I assume no
hotplug involved. Can you collect the output of "sudo lspci -vv" so
we can see the LTR config for the entire path?
You can boot with "pci=noaer" to shut up the AER messages (that
shouldn't affect the parts of lspci output I'm interested in). Would
be interesting to know whether "pci=noaer" affects the iwlwifi
crashes, though.
> [ 51.331638] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
> [ 51.345413] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
These look like they're from iwlwifi:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/wireless/intel/iwlwifi/fw/acpi.c?id=v5.19#n13
No idea what this is about. Maybe unrelated, but the fact that Google
can't find anything with that UUID makes me think it might actually be
related. The UUID was only added to the message in v5.19-rc1 by
06eb8dc097b3 ("ACPI: utils: include UUID in _DSM evaluation warning"),
but that should be enough time to see some for a common device like
iwlwifi.
Too bad we print the GUID in a different byte order than GUID_INIT
takes, which makes it hard to search for, even in the Linux source.
Bjorn
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 21:55 ` Pali Rohár
@ 2022-08-30 22:16 ` Ben Greear
2023-03-29 23:17 ` Ben Greear
0 siblings, 1 reply; 415+ messages in thread
From: Ben Greear @ 2022-08-30 22:16 UTC (permalink / raw)
To: Pali Rohár
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Stefan Roese,
Bjorn Helgaas, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin
On 8/30/22 2:55 PM, Pali Rohár wrote:
> On Tuesday 30 August 2022 14:28:14 Ben Greear wrote:
>> On 8/30/22 1:58 PM, Pali Rohár wrote:
>>> On Tuesday 30 August 2022 13:47:48 Ben Greear wrote:
>>>> On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
>>>>> On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
>>>>>> On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>>>>>> wrote:
>>>>>>
>>>>>>> From: Stefan Roese <sr@denx.de>
>>>>>>>
>>>>>>> [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
>>>>>>>
>>>>>>
>>>>>> There's an open regression related to this commit:
>>>>>>
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=216373
>>>>>
>>>>> This is already in the following released stable kernels:
>>>>> 5.10.137 5.15.61 5.18.18 5.19.2
>>>>>
>>>>> I'll go drop it from the 4.19 and 5.4 queues, but when this gets
>>>>> resolved in Linus's tree, make sure there's a cc: stable on the fix so
>>>>> that we know to backport it to the above branches as well. Or at the
>>>>> least, a "Fixes:" tag.
>>>>
>>>> This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
>>>> that we did not see in 5.19.0+. I just bisected the scary looking AER errors to this
>>>> patch, though I do not know for certain if it causes the iwlwifi related crashes yet.
>>>>
>>>> In general, from reading the commit msg, this patch doesn't seem to be a great candidate
>>>> for stable in general. Does it fix some important problem?
>>>>
>>>> In case it helps, here is example of what I see in dmesg. The kernel crashes in iwlwifi
>>>> had to do with rx messages from the firmware, and some warnings lead me to believe that
>>>> pci messages were slow coming back and/or maybe duplicated. So maybe this AER patch changes
>>>> timing or otherwise screws up the PCI adapter boards we use...
>>>
>>> From that log I have feeling that issue is in that intel wifi card and
>>> it was there also before that commit. Card is crashing (or something
>>> other happens on PCIe bus) and because kernel had disabled Error
>>> Reporting for this card, nobody spotted any issue. And that commit just
>>> opened eye to kernel to see those errors.
>>>
>>> I think this issue should be reported to intel wifi card developers,
>>> maybe they comment it, why card is reporting errors.
>>
>> My main concern is not that AER messages started showing up, but that there
>> started being kernel NPE and WARNINGS showing up sometime after 5.19.0.
>>
>> Possibly this AER thing is mis-direction and the real bug is elsewhere,
>> but since the bugzilla also indicated (different) driver crashes, then
>> I am suspicious this changes things more significantly, at least in a subset
>> of hardware out there.
>
> Yea, of course, this is something needed to investigate.
>
> Anyway, do you see driver crashes? Or just these AER errors? And are
> your PCIe cards working, or after seeing these messages in dmesg they
> stopped working? It is needed to know if you are just spammed by tons of
> lines in dmesg and otherwise everything works. Or if after AER errors
> your PCIe devices stop working and rebooting system is required.
We did see higher frequency of weird crashes (accessing null-ish pointer) after upgrading to 5.19.3,
I am building kernel now with 5.19.5 and that AER patch reverted. We will
test to see if that solves the crashes.
>> Also, any idea what this error in my logs is actually indicating?
>
> Your PCIe controller received non-fatal, but uncorrected error. There is
> also indication of Unsupported Request Completion Status. Unsupported
> Request is generated by PCIe device when controller / host / kernel try
> to do something which is not supported by device; pretty generic error.
> PCIe base spec describe lot of scenarios when card should return this
> error. Maybe some more detailed information are in TLP Header hexdump,
> but I cannot decode it now.
>
> Basically it is PCIe card driver who could know how fatal it is that
> issue and how to recover from it. But as you can see intel wifi driver
> does not implement that callback.
Odds of me getting a good answer on that are pretty small.
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 22:11 ` Bjorn Helgaas
@ 2022-08-31 5:52 ` Stefan Roese
2022-09-01 11:08 ` Greg Kroah-Hartman
0 siblings, 1 reply; 415+ messages in thread
From: Stefan Roese @ 2022-08-31 5:52 UTC (permalink / raw)
To: Bjorn Helgaas, Ben Greear
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Bjorn Helgaas,
Pali Rohár, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin,
Gregory Greenman, linux-wireless
On 31.08.22 00:11, Bjorn Helgaas wrote:
> [+cc Gregory, linux-wireless for iwlwifi issue]
>
> On Tue, Aug 30, 2022 at 01:47:48PM -0700, Ben Greear wrote:
>> On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
>>> On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
>>>> On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>>>> wrote:
>>>>
>>>>> From: Stefan Roese <sr@denx.de>
>>>>>
>>>>> [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
>>>>>
>>>>
>>>> There's an open regression related to this commit:
>>>>
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=216373
>>>
>>> This is already in the following released stable kernels:
>>> 5.10.137 5.15.61 5.18.18 5.19.2
>>>
>>> I'll go drop it from the 4.19 and 5.4 queues, but when this gets
>>> resolved in Linus's tree, make sure there's a cc: stable on the fix so
>>> that we know to backport it to the above branches as well. Or at the
>>> least, a "Fixes:" tag.
>>
>> This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
>> that we did not see in 5.19.0+. I just bisected the scary looking
>> AER errors to this patch, though I do not know for certain if it
>> causes the iwlwifi related crashes yet.
>>
>> In general, from reading the commit msg, this patch doesn't seem to
>> be a great candidate for stable in general. Does it fix some
>> important problem?
>
> I agree, I don't think this is a good candidate for stable. It has
> already exposed latent amdgpu issues and we'll likely find more. It's
> good to find and fix these things, but I'd rather do it in -rc than in
> stable kernels.
I also agree. It was not my intention to have this patch added to
the stable branches. Frankly I missed intervening when seeing the
mails about the integration into stable a few weeks ago.
Still I find it very interesting to see, if and what now pops up with
full AER enabled in such more complex (PCIe wise) systems. I expect to
see more users detecting PCIe related problems in their system now.
This will definitely help fixing some bug, as already seen in the
AMD GPU thread. But again not really stable material but better -next
and -rc.
Thanks,
Stefan
> It would be interesting to know whether similar crashes or AER reports
> occur in v6.0-rc.
>
>> In case it helps, here is example of what I see in dmesg. The
>> kernel crashes in iwlwifi had to do with rx messages from the
>> firmware, and some warnings lead me to believe that pci messages
>> were slow coming back and/or maybe duplicated. So maybe this AER
>> patch changes timing or otherwise screws up the PCI adapter boards
>> we use...
>
> It shouldn't. This looks like a latent issue that happened before but
> was ignored because we didn't have AER enabled at the switch that
> detected the error.
>
>> [ 50.905809] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
>> [ 50.905830] pcieport 0000:03:01.0: AER: device recovery failed
>> [ 50.905831] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:01.0
>> [ 50.905845] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 50.915679] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 50.922735] pcieport 0000:03:01.0: [20] UnsupReq (First)
>> [ 50.928230] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
>
> This is an LTR message (Message Code 0x10), Requester ID 04:00.0. I
> think the iwlwifi device at 04:00.0 sent the LTR message, and 03:01.0
> (probably a Switch Downstream Port leading to bus 04) received it but
> had LTR disabled. In that case, 03:01.0 would treat the LTR message
> as an Unsupported Request.
>
> The other errors below are the same but from different devices.
>
> Does this happen during or after a suspend/resume? I assume no
> hotplug involved. Can you collect the output of "sudo lspci -vv" so
> we can see the LTR config for the entire path?
>
> You can boot with "pci=noaer" to shut up the AER messages (that
> shouldn't affect the parts of lspci output I'm interested in). Would
> be interesting to know whether "pci=noaer" affects the iwlwifi
> crashes, though.
>
>> [ 51.331638] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
>> [ 51.345413] ACPI: \: failed to evaluate _DSM bf0212f2-788f-c64d-a5b3-1f738e285ade (0x1001)
>
> These look like they're from iwlwifi:
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/wireless/intel/iwlwifi/fw/acpi.c?id=v5.19#n13
>
> No idea what this is about. Maybe unrelated, but the fact that Google
> can't find anything with that UUID makes me think it might actually be
> related. The UUID was only added to the message in v5.19-rc1 by
> 06eb8dc097b3 ("ACPI: utils: include UUID in _DSM evaluation warning"),
> but that should be enough time to see some for a common device like
> iwlwifi.
>
> Too bad we print the GUID in a different byte order than GUID_INIT
> takes, which makes it hard to search for, even in the Linux source.
>
> Bjorn
Viele Grüße,
Stefan Roese
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-31 5:52 ` Stefan Roese
@ 2022-09-01 11:08 ` Greg Kroah-Hartman
0 siblings, 0 replies; 415+ messages in thread
From: Greg Kroah-Hartman @ 2022-09-01 11:08 UTC (permalink / raw)
To: Stefan Roese
Cc: Bjorn Helgaas, Ben Greear, bjorn, LKML, stable, Bjorn Helgaas,
Pali Rohár, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin,
Gregory Greenman, linux-wireless
On Wed, Aug 31, 2022 at 07:52:00AM +0200, Stefan Roese wrote:
> On 31.08.22 00:11, Bjorn Helgaas wrote:
> > [+cc Gregory, linux-wireless for iwlwifi issue]
> >
> > On Tue, Aug 30, 2022 at 01:47:48PM -0700, Ben Greear wrote:
> > > On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
> > > > On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
> > > > > On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > > > > wrote:
> > > > >
> > > > > > From: Stefan Roese <sr@denx.de>
> > > > > >
> > > > > > [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
> > > > > >
> > > > >
> > > > > There's an open regression related to this commit:
> > > > >
> > > > > https://bugzilla.kernel.org/show_bug.cgi?id=216373
> > > >
> > > > This is already in the following released stable kernels:
> > > > 5.10.137 5.15.61 5.18.18 5.19.2
> > > >
> > > > I'll go drop it from the 4.19 and 5.4 queues, but when this gets
> > > > resolved in Linus's tree, make sure there's a cc: stable on the fix so
> > > > that we know to backport it to the above branches as well. Or at the
> > > > least, a "Fixes:" tag.
> > >
> > > This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
> > > that we did not see in 5.19.0+. I just bisected the scary looking
> > > AER errors to this patch, though I do not know for certain if it
> > > causes the iwlwifi related crashes yet.
> > >
> > > In general, from reading the commit msg, this patch doesn't seem to
> > > be a great candidate for stable in general. Does it fix some
> > > important problem?
> >
> > I agree, I don't think this is a good candidate for stable. It has
> > already exposed latent amdgpu issues and we'll likely find more. It's
> > good to find and fix these things, but I'd rather do it in -rc than in
> > stable kernels.
>
> I also agree. It was not my intention to have this patch added to
> the stable branches. Frankly I missed intervening when seeing the
> mails about the integration into stable a few weeks ago.
It was maked with a Fixes: tag, which makes it ripe for backporting,
especially as it is written as "this fixes this problem".
Anyway, I've now reverted it from the stable trees. Hopefully you all
get this figured out so that 6.0 doesn't have the same issue.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 415+ messages in thread
* [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
2022-08-23 8:22 ` [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively Greg Kroah-Hartman
@ 2022-10-26 16:00 ` mdecandia
2022-10-26 16:43 ` Greg KH
0 siblings, 1 reply; 415+ messages in thread
From: mdecandia @ 2022-10-26 16:00 UTC (permalink / raw)
To: gregkh
Cc: akpm, bsegall, edumazet, jbaron, khazhy, linux-kernel, r,
rpenyaev, shakeelb, stable, stable, torvalds, viro
Subject: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
Hi all,
I'm facing an hangup of runc command during startup of containers on Ubuntu 20.04,
just adding this patch to my updated linux kernel 5.4.210.
The runc process exits if I run an strace on it with the strace_runc_hangup.login you can find here
https://github.com/opencontainers/runc/issues/3641
with more details.
Testing it with previous docker-ce/containerio releases, just hangup the runc process and it will remain locked even analyzing it with strace.
Any idea or further test I can do on it?
Thanks,
Michele
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
2022-10-26 16:00 ` mdecandia
@ 2022-10-26 16:43 ` Greg KH
[not found] ` <CAAPDZK9Oz2Hs9wofW9820gM=SeWgycCEWN=Xsjmy-YY_iFBcfQ@mail.gmail.com>
0 siblings, 1 reply; 415+ messages in thread
From: Greg KH @ 2022-10-26 16:43 UTC (permalink / raw)
To: mdecandia
Cc: akpm, bsegall, edumazet, jbaron, khazhy, linux-kernel, r,
rpenyaev, shakeelb, stable, stable, torvalds, viro
On Wed, Oct 26, 2022 at 06:00:51PM +0200, mdecandia@gmail.com wrote:
>
> Subject: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
>
> Hi all,
> I'm facing an hangup of runc command during startup of containers on Ubuntu 20.04,
> just adding this patch to my updated linux kernel 5.4.210.
I do not understand what you mean by this, sorry.
What kernel causes problems?
What commit causes issues?
What commit fixed the issue?
confused,
greg k-h
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
[not found] ` <CAAPDZK9Oz2Hs9wofW9820gM=SeWgycCEWN=Xsjmy-YY_iFBcfQ@mail.gmail.com>
@ 2022-10-26 18:48 ` Shakeel Butt
2022-10-27 10:09 ` Greg KH
0 siblings, 1 reply; 415+ messages in thread
From: Shakeel Butt @ 2022-10-26 18:48 UTC (permalink / raw)
To: Michele Jr De Candia
Cc: Greg KH, akpm, bsegall, edumazet, jbaron, khazhy, linux-kernel,
r, rpenyaev, stable, stable, torvalds, viro
On Wed, Oct 26, 2022 at 11:44 AM Michele Jr De Candia
<mdecandia@gmail.com> wrote:
>
> Hi Greg,
> sorry for the confusion.
>
> I'm running a container-based app on top of Ubuntu Linux 20.04 and linux kernel 5.4 always updated with latest patches.
>
> Updating from 5.4.210 to 5.4.211 we faced the hang up issue and searching for the cause we have tested that
> hangup occurs only with this patch
>
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=cf2db24ec4b8e9d399005ececd6f6336916ab6fc
>
> While understanding root cause, wt the moment we reverted it and hang up does not occurs (actually we are running 5.4.219 without that patch).
>
> Michele
>
Hi Michele, can you try the latest upstream kernel and see if the
issue repro ther? Also is it possible to provide a simplified repro of
the issue?
Shakeel
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
2022-10-26 18:48 ` Shakeel Butt
@ 2022-10-27 10:09 ` Greg KH
2022-11-30 0:34 ` Samuel Mendoza-Jonas
0 siblings, 1 reply; 415+ messages in thread
From: Greg KH @ 2022-10-27 10:09 UTC (permalink / raw)
To: Shakeel Butt
Cc: Michele Jr De Candia, akpm, bsegall, edumazet, jbaron, khazhy,
linux-kernel, r, rpenyaev, stable, stable, torvalds, viro
On Wed, Oct 26, 2022 at 11:48:01AM -0700, Shakeel Butt wrote:
> On Wed, Oct 26, 2022 at 11:44 AM Michele Jr De Candia
> <mdecandia@gmail.com> wrote:
> >
> > Hi Greg,
> > sorry for the confusion.
> >
> > I'm running a container-based app on top of Ubuntu Linux 20.04 and linux kernel 5.4 always updated with latest patches.
> >
> > Updating from 5.4.210 to 5.4.211 we faced the hang up issue and searching for the cause we have tested that
> > hangup occurs only with this patch
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=cf2db24ec4b8e9d399005ececd6f6336916ab6fc
> >
> > While understanding root cause, wt the moment we reverted it and hang up does not occurs (actually we are running 5.4.219 without that patch).
> >
> > Michele
> >
>
> Hi Michele, can you try the latest upstream kernel and see if the
> issue repro ther? Also is it possible to provide a simplified repro of
> the issue?
Also is this issue on 5.10.y and 5.15.y?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively
2022-10-27 10:09 ` Greg KH
@ 2022-11-30 0:34 ` Samuel Mendoza-Jonas
0 siblings, 0 replies; 415+ messages in thread
From: Samuel Mendoza-Jonas @ 2022-11-30 0:34 UTC (permalink / raw)
To: Greg KH
Cc: Shakeel Butt, Michele Jr De Candia, akpm, bsegall, edumazet,
jbaron, khazhy, linux-kernel, r, rpenyaev, stable, stable,
torvalds, viro, benh, risbhat
On Thu, Oct 27, 2022 at 12:09:30PM +0200, Greg KH wrote:
> On Wed, Oct 26, 2022 at 11:48:01AM -0700, Shakeel Butt wrote:
> > On Wed, Oct 26, 2022 at 11:44 AM Michele Jr De Candia
> > <mdecandia@gmail.com> wrote:
> > >
> > > Hi Greg,
> > > sorry for the confusion.
> > >
> > > I'm running a container-based app on top of Ubuntu Linux 20.04 and linux kernel 5.4 always updated with latest patches.
> > >
> > > Updating from 5.4.210 to 5.4.211 we faced the hang up issue and searching for the cause we have tested that
> > > hangup occurs only with this patch
> > >
> > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y&id=cf2db24ec4b8e9d399005ececd6f6336916ab6fc
> > >
> > > While understanding root cause, wt the moment we reverted it and hang up does not occurs (actually we are running 5.4.219 without that patch).
> > >
> > > Michele
> > >
> >
> > Hi Michele, can you try the latest upstream kernel and see if the
> > issue repro ther? Also is it possible to provide a simplified repro of
> > the issue?
>
> Also is this issue on 5.10.y and 5.15.y?
>
> thanks,
>
> greg k-h
Following up this email thread for those of us who were watching it; it
looks like this was only an issue on 5.4.y due to some missing
backports that this change depended on - see this thread for details:
https://lore.kernel.org/lkml/Y38h9oe4ZEGNd7Zx@quatroqueijos.cascardo.eti.br/T/
Cheers,
Sam
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2022-08-30 22:16 ` Ben Greear
@ 2023-03-29 23:17 ` Ben Greear
2023-03-31 22:06 ` Bjorn Helgaas
0 siblings, 1 reply; 415+ messages in thread
From: Ben Greear @ 2023-03-29 23:17 UTC (permalink / raw)
To: Pali Rohár
Cc: Greg Kroah-Hartman, bjorn, LKML, stable, Stefan Roese,
Bjorn Helgaas, Rafael J. Wysocki, Bharat Kumar Gogada,
Michal Simek, Yao Hongbo, Naveen Naidu, Sasha Levin
On 8/30/22 3:16 PM, Ben Greear wrote:
> On 8/30/22 2:55 PM, Pali Rohár wrote:
>> On Tuesday 30 August 2022 14:28:14 Ben Greear wrote:
>>> On 8/30/22 1:58 PM, Pali Rohár wrote:
>>>> On Tuesday 30 August 2022 13:47:48 Ben Greear wrote:
>>>>> On 8/23/22 11:41 PM, Greg Kroah-Hartman wrote:
>>>>>> On Tue, Aug 23, 2022 at 07:20:14AM -0500, Bjorn Helgaas wrote:
>>>>>>> On Tue, Aug 23, 2022, 6:35 AM Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> From: Stefan Roese <sr@denx.de>
>>>>>>>>
>>>>>>>> [ Upstream commit 8795e182b02dc87e343c79e73af6b8b7f9c5e635 ]
>>>>>>>>
>>>>>>>
>>>>>>> There's an open regression related to this commit:
>>>>>>>
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=216373
>>>>>>
>>>>>> This is already in the following released stable kernels:
>>>>>> 5.10.137 5.15.61 5.18.18 5.19.2
>>>>>>
>>>>>> I'll go drop it from the 4.19 and 5.4 queues, but when this gets
>>>>>> resolved in Linus's tree, make sure there's a cc: stable on the fix so
>>>>>> that we know to backport it to the above branches as well. Or at the
>>>>>> least, a "Fixes:" tag.
>>>>>
>>>>> This is still in 5.19.5. We saw some funny iwlwifi crashes in 5.19.3+
>>>>> that we did not see in 5.19.0+. I just bisected the scary looking AER errors to this
>>>>> patch, though I do not know for certain if it causes the iwlwifi related crashes yet.
>>>>>
>>>>> In general, from reading the commit msg, this patch doesn't seem to be a great candidate
>>>>> for stable in general. Does it fix some important problem?
>>>>>
>>>>> In case it helps, here is example of what I see in dmesg. The kernel crashes in iwlwifi
>>>>> had to do with rx messages from the firmware, and some warnings lead me to believe that
>>>>> pci messages were slow coming back and/or maybe duplicated. So maybe this AER patch changes
>>>>> timing or otherwise screws up the PCI adapter boards we use...
>>>>
>>>> From that log I have feeling that issue is in that intel wifi card and
>>>> it was there also before that commit. Card is crashing (or something
>>>> other happens on PCIe bus) and because kernel had disabled Error
>>>> Reporting for this card, nobody spotted any issue. And that commit just
>>>> opened eye to kernel to see those errors.
>>>>
>>>> I think this issue should be reported to intel wifi card developers,
>>>> maybe they comment it, why card is reporting errors.
>>>
>>> My main concern is not that AER messages started showing up, but that there
>>> started being kernel NPE and WARNINGS showing up sometime after 5.19.0.
>>>
>>> Possibly this AER thing is mis-direction and the real bug is elsewhere,
>>> but since the bugzilla also indicated (different) driver crashes, then
>>> I am suspicious this changes things more significantly, at least in a subset
>>> of hardware out there.
>>
>> Yea, of course, this is something needed to investigate.
>>
>> Anyway, do you see driver crashes? Or just these AER errors? And are
>> your PCIe cards working, or after seeing these messages in dmesg they
>> stopped working? It is needed to know if you are just spammed by tons of
>> lines in dmesg and otherwise everything works. Or if after AER errors
>> your PCIe devices stop working and rebooting system is required.
>
> We did see higher frequency of weird crashes (accessing null-ish pointer) after upgrading to 5.19.3,
> I am building kernel now with 5.19.5 and that AER patch reverted. We will
> test to see if that solves the crashes.
>
>>> Also, any idea what this error in my logs is actually indicating?
>>
>> Your PCIe controller received non-fatal, but uncorrected error. There is
>> also indication of Unsupported Request Completion Status. Unsupported
>> Request is generated by PCIe device when controller / host / kernel try
>> to do something which is not supported by device; pretty generic error.
>> PCIe base spec describe lot of scenarios when card should return this
>> error. Maybe some more detailed information are in TLP Header hexdump,
>> but I cannot decode it now.
>>
>> Basically it is PCIe card driver who could know how fatal it is that
>> issue and how to recover from it. But as you can see intel wifi driver
>> does not implement that callback.
Hello,
I notice this patch appears to be in 6.2.6 kernel, and my kernel logs are
full of spam and system is unstable. Possibly the unstable part is related
to something else, but the log spam is definitely extreme.
These systems are fairly stable on 5.19-ish kernels without the patch in
question.
Any suggested cures for this other than reverting the patch?
Here is sample of the spam:
[ 1675.547023] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1675.556851] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1675.563904] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1675.569398] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1675.576296] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1675.576302] pcieport 0000:03:02.0: AER: device recovery failed
[ 1675.576303] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1675.576317] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1675.586144] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1675.593196] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1675.598691] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1675.605584] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1675.605588] pcieport 0000:03:02.0: AER: device recovery failed
[ 1676.497155] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1676.497174] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.507015] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.514091] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1676.519599] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1676.526491] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1676.526516] pcieport 0000:03:02.0: AER: device recovery failed
[ 1676.526517] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1676.526531] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.536367] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.543440] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1676.548936] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1676.555830] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1676.555850] pcieport 0000:03:02.0: AER: device recovery failed
[ 1676.555851] pcieport 0000:00:1c.0: AER: Multiple Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1676.555955] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.565792] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.572846] pcieport 0000:03:01.0: [20] UnsupReq (First)
[ 1676.578344] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
[ 1676.585268] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.595105] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.602162] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1676.607655] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1676.614538] pcieport 0000:03:02.0: AER: Error of this Agent is reported first
[ 1676.620566] pcieport 0000:03:03.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.630398] pcieport 0000:03:03.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.637454] pcieport 0000:03:03.0: [20] UnsupReq (First)
[ 1676.642945] pcieport 0000:03:03.0: AER: TLP Header: 34000000 06001f10 00000000 88c888c8
[ 1676.649840] pcieport 0000:03:05.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.659681] pcieport 0000:03:05.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.666738] pcieport 0000:03:05.0: [20] UnsupReq (First)
[ 1676.672253] pcieport 0000:03:05.0: AER: TLP Header: 34000000 07001f10 00000000 88c888c8
[ 1676.679172] pcieport 0000:03:07.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.689002] pcieport 0000:03:07.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.696055] pcieport 0000:03:07.0: [20] UnsupReq (First)
[ 1676.701550] pcieport 0000:03:07.0: AER: TLP Header: 34000000 08001f10 00000000 88c888c8
[ 1676.708461] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
[ 1676.708467] pcieport 0000:03:01.0: AER: device recovery failed
[ 1676.708480] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1676.708483] pcieport 0000:03:02.0: AER: device recovery failed
[ 1676.708496] iwlwifi 0000:06:00.0: AER: can't recover (no error_detected callback)
[ 1676.708499] pcieport 0000:03:03.0: AER: device recovery failed
[ 1676.708511] iwlwifi 0000:07:00.0: AER: can't recover (no error_detected callback)
[ 1676.708515] pcieport 0000:03:05.0: AER: device recovery failed
[ 1676.708541] iwlwifi 0000:08:00.0: AER: can't recover (no error_detected callback)
[ 1676.708544] pcieport 0000:03:07.0: AER: device recovery failed
[ 1676.893674] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1676.893692] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.903527] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.910584] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1676.916098] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1676.923010] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1676.923018] pcieport 0000:03:02.0: AER: device recovery failed
[ 1676.923018] pcieport 0000:00:1c.0: AER: Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1676.923046] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.932876] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.939929] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1676.945425] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1676.952319] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1676.952325] pcieport 0000:03:02.0: AER: device recovery failed
[ 1676.952325] pcieport 0000:00:1c.0: AER: Multiple Uncorrected (Non-Fatal) error received: 0000:03:02.0
[ 1676.952462] pcieport 0000:03:01.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.962292] pcieport 0000:03:01.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.969347] pcieport 0000:03:01.0: [20] UnsupReq (First)
[ 1676.974839] pcieport 0000:03:01.0: AER: TLP Header: 34000000 04001f10 00000000 88c888c8
[ 1676.981734] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1676.991560] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1676.998614] pcieport 0000:03:02.0: [20] UnsupReq (First)
[ 1677.004107] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
[ 1677.010991] pcieport 0000:03:02.0: AER: Error of this Agent is reported first
[ 1677.017014] pcieport 0000:03:03.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1677.026841] pcieport 0000:03:03.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1677.033894] pcieport 0000:03:03.0: [20] UnsupReq (First)
[ 1677.039390] pcieport 0000:03:03.0: AER: TLP Header: 34000000 06001f10 00000000 88c888c8
[ 1677.046292] pcieport 0000:03:05.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1677.056118] pcieport 0000:03:05.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1677.063174] pcieport 0000:03:05.0: [20] UnsupReq (First)
[ 1677.068667] pcieport 0000:03:05.0: AER: TLP Header: 34000000 07001f10 00000000 88c888c8
[ 1677.075575] pcieport 0000:03:07.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ 1677.085402] pcieport 0000:03:07.0: device [10b5:8619] error status/mask=00100000/00000000
[ 1677.092457] pcieport 0000:03:07.0: [20] UnsupReq (First)
[ 1677.097951] pcieport 0000:03:07.0: AER: TLP Header: 34000000 08001f10 00000000 88c888c8
[ 1677.104844] iwlwifi 0000:04:00.0: AER: can't recover (no error_detected callback)
[ 1677.104849] pcieport 0000:03:01.0: AER: device recovery failed
[ 1677.104881] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
[ 1677.104884] pcieport 0000:03:02.0: AER: device recovery failed
[ 1677.104908] iwlwifi 0000:06:00.0: AER: can't recover (no error_detected callback)
[ 1677.104911] pcieport 0000:03:03.0: AER: device recovery failed
[ 1677.104938] iwlwifi 0000:07:00.0: AER: can't recover (no error_detected callback)
[ 1677.104943] pcieport 0000:03:05.0: AER: device recovery failed
[ 1677.104968] iwlwifi 0000:08:00.0: AER: can't recover (no error_detected callback)
[ 1677.104971] pcieport 0000:03:07.0: AER: device recovery failed
Thanks,
Ben
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2023-03-29 23:17 ` Ben Greear
@ 2023-03-31 22:06 ` Bjorn Helgaas
2023-03-31 22:31 ` Ben Greear
0 siblings, 1 reply; 415+ messages in thread
From: Bjorn Helgaas @ 2023-03-31 22:06 UTC (permalink / raw)
To: Ben Greear
Cc: Pali Rohár, Greg Kroah-Hartman, bjorn, LKML, stable,
Stefan Roese, Bjorn Helgaas, Rafael J. Wysocki,
Bharat Kumar Gogada, Michal Simek, Yao Hongbo, Naveen Naidu,
Sasha Levin, linux-pci, Gregory Greenman, Kalle Valo,
linux-wireless, netdev
[+cc iwlwifi folks]
Re: 8795e182b02d ("PCI/portdrv: Don't disable AER reporting in
get_port_device_capability()")
On Wed, Mar 29, 2023 at 04:17:29PM -0700, Ben Greear wrote:
> On 8/30/22 3:16 PM, Ben Greear wrote:
> ...
> I notice this patch appears to be in 6.2.6 kernel, and my kernel logs are
> full of spam and system is unstable. Possibly the unstable part is related
> to something else, but the log spam is definitely extreme.
>
> These systems are fairly stable on 5.19-ish kernels without the patch in
> question.
Hmmm, I was going to thank you for the report, but looking closer, I
see that you reported this last August [1] and we *should* have
pursued it with the iwlwifi folks or figured out what the PCI core is
doing wrong, but I totally dropped the ball. Sorry about that.
To make sure we're all on the same page, we're talking about
8795e182b02d ("PCI/portdrv: Don't disable AER reporting in
get_port_device_capability()") [2],
which is present in v6.0 and later [3] but not v5.19.16 [4].
> Here is sample of the spam:
>
> [ 1675.547023] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> [ 1675.556851] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
> [ 1675.563904] pcieport 0000:03:02.0: [20] UnsupReq (First)
> [ 1675.569398] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
> [ 1675.576296] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
The TLP header says this is an LTR message from 05:00.0. Apparently
the bridge above 05:00.0 is 03:02.0, which logged an Unsupported
Request error for the message, probably because 03:02.0 doesn't have
LTR enabled.
Can you collect the output of "sudo lspci -vv"? Does this happen even
before loading the iwlwifi driver? I assume there are no hotplug
events before this happens?
The PCI core enables LTR during enumeration for every device for which
LTR is supported and enabled along the entire path up to a Root Port.
If it does that wrong, you might see errors even before loading
iwlwifi.
I see that iwlwifi *reads* PCI_EXP_DEVCTL2_LTR_EN in
iwl_pcie_apm_config(), which should be safe. I don't see any writes,
but the iwlwifi experts should know more about this. There are a
couple paths that do this, which looks somehow related:
__iwl_mvm_mac_start
iwl_mvm_up
iwl_mvm_config_ltr
if (trans->ltr_enabled)
iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, ...)
Bjorn
[1] https://lore.kernel.org/all/47b775c5-57fa-5edf-b59e-8a9041ffbee7@candelatech.com/#t
[2] https://git.kernel.org/linus/8795e182b02d
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/pci/pcie/portdrv_core.c?id=v6.0#n223
[4] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/pci/pcie/portdrv_core.c?id=v5.19.16#n223
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2023-03-31 22:06 ` Bjorn Helgaas
@ 2023-03-31 22:31 ` Ben Greear
2023-04-04 17:09 ` Bjorn Helgaas
0 siblings, 1 reply; 415+ messages in thread
From: Ben Greear @ 2023-03-31 22:31 UTC (permalink / raw)
To: Bjorn Helgaas
Cc: Pali Rohár, Greg Kroah-Hartman, bjorn, LKML, stable,
Stefan Roese, Bjorn Helgaas, Rafael J. Wysocki,
Bharat Kumar Gogada, Michal Simek, Yao Hongbo, Naveen Naidu,
Sasha Levin, linux-pci, Gregory Greenman, Kalle Valo,
linux-wireless, netdev
On 3/31/23 15:06, Bjorn Helgaas wrote:
> [+cc iwlwifi folks]
>
> Re: 8795e182b02d ("PCI/portdrv: Don't disable AER reporting in
> get_port_device_capability()")
>
> On Wed, Mar 29, 2023 at 04:17:29PM -0700, Ben Greear wrote:
>> On 8/30/22 3:16 PM, Ben Greear wrote:
>> ...
>
>> I notice this patch appears to be in 6.2.6 kernel, and my kernel logs are
>> full of spam and system is unstable. Possibly the unstable part is related
>> to something else, but the log spam is definitely extreme.
>>
>> These systems are fairly stable on 5.19-ish kernels without the patch in
>> question.
>
> Hmmm, I was going to thank you for the report, but looking closer, I
> see that you reported this last August [1] and we *should* have
> pursued it with the iwlwifi folks or figured out what the PCI core is
> doing wrong, but I totally dropped the ball. Sorry about that.
>
> To make sure we're all on the same page, we're talking about
> 8795e182b02d ("PCI/portdrv: Don't disable AER reporting in
> get_port_device_capability()") [2],
> which is present in v6.0 and later [3] but not v5.19.16 [4].
Yes, though I manually tried reverting that patch, and problem persisted, so maybe some secondary
patch still enables whatever causes the issue.
Booting with pci=noaer 'fixes' the problem for me, that is what I am running currently.
>
>> Here is sample of the spam:
>>
>> [ 1675.547023] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
>> [ 1675.556851] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
>> [ 1675.563904] pcieport 0000:03:02.0: [20] UnsupReq (First)
>> [ 1675.569398] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
>> [ 1675.576296] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
>
> The TLP header says this is an LTR message from 05:00.0. Apparently
> the bridge above 05:00.0 is 03:02.0, which logged an Unsupported
> Request error for the message, probably because 03:02.0 doesn't have
> LTR enabled.
>
> Can you collect the output of "sudo lspci -vv"? Does this happen even
> before loading the iwlwifi driver? I assume there are no hotplug
> events before this happens?
I'm not certain about exactly when this starts, but it is early in boot. Other systems
without (so many?) ax210 radios seem more stable, or at least internal testers are not
directly complaining to me about it at this time.
>
> The PCI core enables LTR during enumeration for every device for which
> LTR is supported and enabled along the entire path up to a Root Port.
> If it does that wrong, you might see errors even before loading
> iwlwifi.
>
> I see that iwlwifi *reads* PCI_EXP_DEVCTL2_LTR_EN in
> iwl_pcie_apm_config(), which should be safe. I don't see any writes,
> but the iwlwifi experts should know more about this. There are a
> couple paths that do this, which looks somehow related:
>
> __iwl_mvm_mac_start
> iwl_mvm_up
> iwl_mvm_config_ltr
> if (trans->ltr_enabled)
> iwl_mvm_send_cmd_pdu(mvm, LTR_CONFIG, ...)
Here is lspci, and please note that I am using a pcie -> 12x m.2 adapter board, which is not common
in the world. Possibly it is causing some of the problems with the AER logic (though, it is stable in 5.19
and lower. And a similar system with 2 of these adapter boards filled with 24 mtk7922 radios does not show
the AER warnings or instability problems so far.)
The lspci below is from a system with 12 ax210 radios, I have another with 24, it shows similar problems.
0:00.0 Host bridge: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers (rev 05)
Subsystem: Intel Corporation Device 2015
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ >SERR- <PERR- INTx-
Latency: 0
Capabilities: [e0] Vendor Specific Information: Len=10 <?>
Kernel driver in use: skl_uncore
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) (rev 05) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 122
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
I/O behind bridge: None
Memory behind bridge: 90000000-904fffff [size=5M]
Prefetchable memory behind bridge: 00000000d0000000-00000000d08fffff [size=9M]
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [88] Subsystem: Intel Corporation Device 2015
Capabilities: [80] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee00218 Data: 0000
Capabilities: [a0] Express (v2) Root Port (Slot+), MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 256 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr- TransPend-
LnkCap: Port #2, Speed 2.5GT/s, Width x16, ASPM L0s L1, Exit Latency L0s <256ns, L1 <8us
ClockPM- Surprise- LLActRep- BwNot+ ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 8GT/s (strange), Width x4 (downgraded)
TrErr- Train- SlotClk+ DLActive- BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #1, PowerLimit 75.000W; Interlock- NoCompl+
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState-
RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
RootCap: CRSVisible-
RootSta: PME ReqID 0000, PMEStatus- PMEPending-
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR+, OBFF Via WAKE# ARIFwd-
AtomicOpsCap: Routing- 32bit+ 64bit+ 128bitCAS+
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR+, OBFF Via WAKE# ARIFwd-
AtomicOpsCtl: ReqEn- EgressBlck-
LnkCtl2: Target Link Speed: 8GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete+, EqualizationPhase1+
EqualizationPhase2+, EqualizationPhase3+, LinkEqualizationRequest-
Capabilities: [100 v1] Virtual Channel
Caps: LPEVC=0 RefClk=100ns PATEntryBits=1
Arb: Fixed- WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
Capabilities: [140 v1] Root Complex Link
Desc: PortNumber=02 ComponentID=01 EltType=Config
Link0: Desc: TargetPort=00 TargetComponent=01 AssocRCRB- LinkType=MemMapped LinkValid+
Addr: 00000000fed19000
Capabilities: [d94 v1] Secondary PCI Express <?>
Kernel driver in use: pcieport
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 630 (rev 04) (prog-if 00 [VGA controller])
DeviceName: Onboard IGD
Subsystem: Intel Corporation Device 2212
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 151
Region 0: Memory at dd000000 (64-bit, non-prefetchable) [size=16M]
Region 2: Memory at c0000000 (64-bit, prefetchable) [size=256M]
Region 4: I/O ports at f000 [size=64]
[virtual] Expansion ROM at 000c0000 [disabled] [size=128K]
Capabilities: [40] Vendor Specific Information: Len=0c <?>
Capabilities: [70] Express (v2) Root Complex Integrated Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr- TransPend-
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
AtomicOpsCtl: ReqEn-
Capabilities: [ac] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee00018 Data: 0000
Capabilities: [d0] Power Management version 2
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [100 v1] Process Address Space ID (PASID)
PASIDCap: Exec- Priv-, Max PASID Width: 14
PASIDCtl: Enable- Exec- Priv-
Capabilities: [200 v1] Address Translation Service (ATS)
ATSCap: Invalidate Queue Depth: 00
ATSCtl: Enable-, Smallest Translation Unit: 00
Capabilities: [300 v1] Page Request Interface (PRI)
PRICtl: Enable- Reset-
PRISta: RF- UPRGI- Stopped+
Page Request Capacity: 00008000, Page Request Allocation: 00000000
Kernel driver in use: i915
Kernel modules: i915
00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31) (prog-if 30 [XHCI])
Subsystem: Intel Corporation Device 7270
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 140
Region 0: Memory at df010000 (64-bit, non-prefetchable) [size=64K]
Capabilities: [70] Power Management version 2
Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [80] MSI: Enable+ Count=1/8 Maskable- 64bit+
Address: 00000000fee004b8 Data: 0000
Kernel driver in use: xhci_hcd
Kernel modules: xhci_pci
00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31)
Subsystem: Intel Corporation Device 7270
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin C routed to IRQ 18
Region 0: Memory at df02e000 (64-bit, non-prefetchable) [size=4K]
Capabilities: [50] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [80] MSI: Enable- Count=1/1 Maskable- 64bit-
Address: 00000000 Data: 0000
Kernel driver in use: intel_pch_thermal
Kernel modules: intel_pch_thermal
00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31)
Subsystem: Intel Corporation Device 1999
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 138
Region 0: Memory at df02d000 (64-bit, non-prefetchable) [size=4K]
Capabilities: [50] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot+,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [8c] MSI: Enable+ Count=1/1 Maskable- 64bit+
Address: 00000000fee00478 Data: 0000
Kernel driver in use: mei_me
00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31) (prog-if 01 [AHCI 1.0])
Subsystem: Intel Corporation Device 7270
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 139
Region 0: Memory at df028000 (32-bit, non-prefetchable) [size=8K]
Region 1: Memory at df02c000 (32-bit, non-prefetchable) [size=256]
Region 2: I/O ports at f090 [size=8]
Region 3: I/O ports at f080 [size=4]
Region 4: I/O ports at f060 [size=32]
Region 5: Memory at df02b000 (32-bit, non-prefetchable) [size=2K]
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee00498 Data: 0000
Capabilities: [70] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot+,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [a8] SATA HBA v1.0 BAR4 Offset=00000004
Kernel driver in use: ahci
00:1c.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #1 (rev f1) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 123
Bus: primary=00, secondary=02, subordinate=0f, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de000000-decfffff [size=13M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #1, Speed 8GT/s, Width x4, ASPM not supported
ClockPM- Surprise- LLActRep+ BwNot+ ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (downgraded), Width x4 (ok)
TrErr- Train- SlotClk+ DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #4, PowerLimit 25.000W; Interlock- NoCompl+
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet- LinkState+
RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
RootCap: CRSVisible-
RootSta: PME ReqID 0000, PMEStatus- PMEPending-
DevCap2: Completion Timeout: Range ABC, TimeoutDis+, LTR+, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing- 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR+, OBFF Disabled ARIFwd-
AtomicOpsCtl: ReqEn- EgressBlck-
LnkCtl2: Target Link Speed: 8GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee00238 Data: 0000
Capabilities: [90] Subsystem: Intel Corporation Device 7270
Capabilities: [a0] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt+ RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
RootCmd: CERptEn- NFERptEn- FERptEn-
RootSta: CERcvd- MultCERcvd- UERcvd- MultUERcvd-
FirstFatal- NonFatalMsg- FatalMsg- IntMsg 0
ErrorSrc: ERR_COR: 0000 ERR_FATAL/NONFATAL: 0310
Capabilities: [140 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd- EgressCtrl- DirectTrans-
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [220 v1] Secondary PCI Express <?>
Kernel driver in use: pcieport
00:1d.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #9 (rev f1) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 124
Bus: primary=00, secondary=10, subordinate=10, sec-latency=0
I/O behind bridge: 0000e000-0000efff [size=4K]
Memory behind bridge: dee00000-deefffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 256 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #9, Speed 8GT/s, Width x1, ASPM not supported
ClockPM- Surprise- LLActRep+ BwNot+ ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s (downgraded), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive+ BWMgmt+ ABWMgmt-
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #12, PowerLimit 10.000W; Interlock- NoCompl+
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet- LinkState+
RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
RootCap: CRSVisible-
RootSta: PME ReqID 0000, PMEStatus- PMEPending-
DevCap2: Completion Timeout: Range ABC, TimeoutDis+, LTR+, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing- 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR+, OBFF Disabled ARIFwd-
AtomicOpsCtl: ReqEn- EgressBlck-
LnkCtl2: Target Link Speed: 8GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee00258 Data: 0000
Capabilities: [90] Subsystem: Intel Corporation Device 7270
Capabilities: [a0] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt+ RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
RootCmd: CERptEn- NFERptEn- FERptEn-
RootSta: CERcvd- MultCERcvd- UERcvd- MultUERcvd-
FirstFatal- NonFatalMsg- FatalMsg- IntMsg 0
ErrorSrc: ERR_COR: 0000 ERR_FATAL/NONFATAL: 0000
Capabilities: [140 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd- EgressCtrl- DirectTrans-
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [220 v1] Secondary PCI Express <?>
Kernel driver in use: pcieport
00:1d.1 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #10 (rev f1) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin B routed to IRQ 125
Bus: primary=00, secondary=11, subordinate=11, sec-latency=0
I/O behind bridge: 0000d000-0000dfff [size=4K]
Memory behind bridge: ded00000-dedfffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort+ <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Express (v2) Root Port (Slot+), MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 256 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #10, Speed 8GT/s, Width x1, ASPM not supported
ClockPM- Surprise- LLActRep+ BwNot+ ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s (downgraded), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive+ BWMgmt+ ABWMgmt-
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #13, PowerLimit 10.000W; Interlock- NoCompl+
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Unknown, PwrInd Unknown, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet- LinkState+
RootCtl: ErrCorrectable- ErrNon-Fatal- ErrFatal- PMEIntEna- CRSVisible-
RootCap: CRSVisible-
RootSta: PME ReqID 0000, PMEStatus- PMEPending-
DevCap2: Completion Timeout: Range ABC, TimeoutDis+, LTR+, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing- 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR+, OBFF Disabled ARIFwd-
AtomicOpsCtl: ReqEn- EgressBlck-
LnkCtl2: Target Link Speed: 8GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI: Enable+ Count=1/1 Maskable- 64bit-
Address: fee00298 Data: 0000
Capabilities: [90] Subsystem: Intel Corporation Device 7270
Capabilities: [a0] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt+ RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
RootCmd: CERptEn- NFERptEn- FERptEn-
RootSta: CERcvd- MultCERcvd- UERcvd- MultUERcvd-
FirstFatal- NonFatalMsg- FatalMsg- IntMsg 0
ErrorSrc: ERR_COR: 0000 ERR_FATAL/NONFATAL: 0000
Capabilities: [140 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd- EgressCtrl- DirectTrans-
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [220 v1] Secondary PCI Express <?>
Kernel driver in use: pcieport
00:1f.0 ISA bridge: Intel Corporation Q170 Chipset LPC/eSPI Controller (rev 31)
Subsystem: Intel Corporation Device 7270
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31)
Subsystem: Intel Corporation Device 7270
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Region 0: Memory at df024000 (32-bit, non-prefetchable) [size=16K]
00:1f.3 Audio device: Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller (rev 31)
Subsystem: Intel Corporation Device 7270
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 32, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 290
Region 0: Memory at df020000 (64-bit, non-prefetchable) [size=16K]
Region 4: Memory at df000000 (64-bit, non-prefetchable) [size=64K]
Capabilities: [50] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=55mA PME(D0-,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+
Address: 00000000fee01758 Data: 0000
Kernel driver in use: snd_hda_intel
Kernel modules: snd_hda_intel
00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31)
Subsystem: Intel Corporation Device 7270
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 16
Region 0: Memory at df02a000 (64-bit, non-prefetchable) [size=256]
Region 4: I/O ports at f040 [size=32]
Kernel driver in use: i801_smbus
Kernel modules: i2c_i801
01:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10G X550T (rev 01)
Subsystem: Intel Corporation Ethernet Converged Network Adapter X550-T2
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin B routed to IRQ 17
Region 0: Memory at d0400000 (64-bit, prefetchable) [size=4M]
Region 4: Memory at d0804000 (64-bit, prefetchable) [size=16K]
Expansion ROM at 90000000 [disabled] [size=512K]
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=1 PME-
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Address: 0000000000000000 Data: 0000
Masking: 00000000 Pending: 00000000
Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
Vector table: BAR=4 offset=00000000
PBA: BAR=4 offset=00002000
Capabilities: [a0] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s <512ns, L1 <64us
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop- FLReset-
MaxPayload 256 bytes, MaxReadReq 512 bytes
DevSta: CorrErr+ NonFatalErr- FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #0, Speed 8GT/s, Width x4, ASPM L0s L1, Exit Latency L0s <2us, L1 <16us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 8GT/s (ok), Width x4 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR+, OBFF Not Supported
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete+, EqualizationPhase1+
EqualizationPhase2+, EqualizationPhase3+, LinkEqualizationRequest-
Capabilities: [100 v2] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [140 v1] Device Serial Number 9f-c3-b5-ff-ff-48-00-00
Capabilities: [150 v1] Alternative Routing-ID Interpretation (ARI)
ARICap: MFVC- ACS-, Next Function: 1
ARICtl: MFVC- ACS-, Function Group: 0
Capabilities: [160 v1] Single Root I/O Virtualization (SR-IOV)
IOVCap: Migration-, Interrupt Message Number: 000
IOVCtl: Enable- Migration- Interrupt- MSE- ARIHierarchy-
IOVSta: Migration-
Initial VFs: 64, Total VFs: 64, Number of VFs: 0, Function Dependency Link: 00
VF offset: 384, stride: 2, Device ID: 1565
Supported Page Size: 00000553, System Page Size: 00000001
Region 0: Memory at 0000000090100000 (64-bit, non-prefetchable)
Region 3: Memory at 0000000090200000 (64-bit, non-prefetchable)
VF Migration: offset: 00000000, BIR: 0
Capabilities: [1a0 v1] Transaction Processing Hints
No steering table available
Capabilities: [1b0 v1] Access Control Services
ACSCap: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [1c0 v1] Latency Tolerance Reporting
Max snoop latency: 71680ns
Max no snoop latency: 71680ns
Capabilities: [1d0 v1] Secondary PCI Express <?>
Kernel driver in use: ixgbe
Kernel modules: ixgbe
01:00.1 Ethernet controller: Intel Corporation Ethernet Controller 10G X550T (rev 01)
Subsystem: Intel Corporation Ethernet Converged Network Adapter X550-T2
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 16
Region 0: Memory at d0000000 (64-bit, prefetchable) [size=4M]
Region 4: Memory at d0800000 (64-bit, prefetchable) [size=16K]
Expansion ROM at 90080000 [disabled] [size=512K]
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=1 PME-
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Address: 0000000000000000 Data: 0000
Masking: 00000000 Pending: 00000000
Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
Vector table: BAR=4 offset=00000000
PBA: BAR=4 offset=00002000
Capabilities: [a0] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s <512ns, L1 <64us
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop- FLReset-
MaxPayload 256 bytes, MaxReadReq 512 bytes
DevSta: CorrErr+ NonFatalErr- FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #0, Speed 8GT/s, Width x4, ASPM L0s L1, Exit Latency L0s <2us, L1 <16us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 8GT/s (ok), Width x4 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR+, OBFF Not Supported
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [100 v2] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES- TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [140 v1] Device Serial Number 9f-c3-b5-ff-ff-48-00-00
Capabilities: [150 v1] Alternative Routing-ID Interpretation (ARI)
ARICap: MFVC- ACS-, Next Function: 0
ARICtl: MFVC- ACS-, Function Group: 0
Capabilities: [160 v1] Single Root I/O Virtualization (SR-IOV)
IOVCap: Migration-, Interrupt Message Number: 000
IOVCtl: Enable- Migration- Interrupt- MSE- ARIHierarchy-
IOVSta: Migration-
Initial VFs: 64, Total VFs: 64, Number of VFs: 0, Function Dependency Link: 01
VF offset: 384, stride: 2, Device ID: 1565
Supported Page Size: 00000553, System Page Size: 00000001
Region 0: Memory at 0000000090300000 (64-bit, non-prefetchable)
Region 3: Memory at 0000000090400000 (64-bit, non-prefetchable)
VF Migration: offset: 00000000, BIR: 0
Capabilities: [1a0 v1] Transaction Processing Hints
No steering table available
Capabilities: [1b0 v1] Access Control Services
ACSCap: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Kernel driver in use: ixgbe
Kernel modules: ixgbe
02:00.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 16
Region 0: Memory at dec20000 (32-bit, non-prefetchable) [size=128K]
Bus: primary=02, secondary=03, subordinate=0f, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de000000-debfffff [size=12M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable- Count=1/4 Maskable+ 64bit+
Address: 0000000000000000 Data: 0000
Masking: 00000000 Pending: 00000000
Capabilities: [68] Express (v2) Upstream Port, MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ SlotPowerLimit 25.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr- FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #0, Speed 5GT/s, Width x4, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x4 (ok)
TrErr- Train- SlotClk- DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported
AtomicOpsCap: Routing- 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 1f, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [138 v1] Power Budgeting <?>
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=4
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=06 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed- WRR32+ WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=WRR32 TC/VC=ff
Status: NegoPending- InProgress-
Port Arbitration Table <?>
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [448 v1] Vendor Specific Information: ID=0000 Rev=0 Len=0cc <?>
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
02:00.1 System peripheral: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba)
Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin B routed to IRQ 10
Region 0: Memory at dec00000 (32-bit, non-prefetchable) [size=128K]
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable- Count=1/8 Maskable+ 64bit+
Address: 0000000000000000 Data: 0000
Masking: 00000000 Pending: 00000000
Capabilities: [68] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s unlimited, L1 unlimited
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset- SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag+ PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 512 bytes
DevSta: CorrErr+ NonFatalErr- FatalErr- UnsupReq+ AuxPwr- TransPend+
LnkCap: Port #0, Speed 5GT/s, Width x4, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp-
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x4 (ok)
TrErr- Train- SlotClk- DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, OBFF Not Supported
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 1f, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [1f4 v1] Vendor Specific Information: ID=0010 Rev=0 Len=410 <?>
03:01.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 126
Bus: primary=03, secondary=04, subordinate=04, sec-latency=0
I/O behind bridge: None
Memory behind bridge: deb00000-debfffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee002b8 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #1, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #1, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 04001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:02.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 127
Bus: primary=03, secondary=05, subordinate=05, sec-latency=0
I/O behind bridge: None
Memory behind bridge: dea00000-deafffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee002f8 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #2, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #2, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 05001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:03.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 128
Bus: primary=03, secondary=06, subordinate=06, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de900000-de9fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00338 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #3, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #3, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 06001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:05.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 129
Bus: primary=03, secondary=07, subordinate=07, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de800000-de8fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00358 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #5, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #5, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 07001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:07.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 130
Bus: primary=03, secondary=08, subordinate=08, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de700000-de7fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00378 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #7, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #7, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 08001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:09.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 131
Bus: primary=03, secondary=09, subordinate=09, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de600000-de6fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00398 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #9, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #9, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 09001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:0a.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 132
Bus: primary=03, secondary=0a, subordinate=0a, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de500000-de5fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee003b8 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #10, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #10, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 0a001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:0b.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 133
Bus: primary=03, secondary=0b, subordinate=0b, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de400000-de4fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee003d8 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #11, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #11, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 0b001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:0c.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 134
Bus: primary=03, secondary=0c, subordinate=0c, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de300000-de3fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee003f8 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #12, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #12, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 0c001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:0d.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 135
Bus: primary=03, secondary=0d, subordinate=0d, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de200000-de2fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00418 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #13, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #13, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 0d001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:0e.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 136
Bus: primary=03, secondary=0e, subordinate=0e, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de100000-de1fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00438 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #14, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #14, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 0e001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
03:0f.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 137
Bus: primary=03, secondary=0f, subordinate=0f, sec-latency=0
I/O behind bridge: None
Memory behind bridge: de000000-de0fffff [size=1M]
Prefetchable memory behind bridge: None
Secondary status: 66MHz- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- VGA16+ MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable+ Count=1/4 Maskable+ 64bit+
Address: 00000000fee00458 Data: 0000
Masking: 00000001 Pending: 00000000
Capabilities: [68] Express (v2) Downstream Port (Slot+), MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0
ExtTag- RBE+
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd- ExtTag- PhantFunc- AuxPwr- NoSnoop-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr+ NonFatalErr+ FatalErr- UnsupReq+ AuxPwr- TransPend-
LnkCap: Port #15, Speed 5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
ClockPM- Surprise+ LLActRep+ BwNot+ ASPMOptComp-
LnkCtl: ASPM Disabled; Disabled- CommClk-
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk- DLActive+ BWMgmt+ ABWMgmt+
SltCap: AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug- Surprise-
Slot #15, PowerLimit 25.000W; Interlock- NoCompl-
SltCtl: Enable: AttnBtn- PwrFlt- MRL- PresDet- CmdCplt- HPIrq- LinkChg-
Control: AttnInd Off, PwrInd Off, Power- Interlock-
SltSta: Status: AttnBtn- PowerFlt- MRL- CmdCplt- PresDet+ Interlock-
Changed: MRL- PresDet+ LinkState+
DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
AtomicOpsCap: Routing-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
AtomicOpsCtl: EgressBlck-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-, Selectable De-emphasis: -6dB
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [a4] Subsystem: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA
Capabilities: [100 v1] Device Serial Number ba-86-01-10-b5-df-0e-00
Capabilities: [fb4 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 14, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 34000000 0f001f10 00000000 00000000
Capabilities: [148 v1] Virtual Channel
Caps: LPEVC=1 RefClk=100ns PATEntryBits=1
Arb: Fixed+ WRR32- WRR64- WRR128-
Ctrl: ArbSelect=Fixed
Status: InProgress-
VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=ff
Status: NegoPending- InProgress-
VC1: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
Arb: Fixed+ WRR32- WRR64- WRR128- TWRR128- WRR256-
Ctrl: Enable- ID=1 ArbSelect=Fixed TC/VC=00
Status: NegoPending+ InProgress-
Capabilities: [520 v1] Access Control Services
ACSCap: SrcValid+ TransBlk+ ReqRedir+ CmpltRedir+ UpstreamFwd+ EgressCtrl+ DirectTrans+
ACSCtl: SrcValid- TransBlk- ReqRedir- CmpltRedir- UpstreamFwd- EgressCtrl- DirectTrans-
Capabilities: [950 v1] Vendor Specific Information: ID=0001 Rev=0 Len=010 <?>
Kernel driver in use: pcieport
04:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 17
Region 0: Memory at deb00000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #1, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
05:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 18
Region 0: Memory at dea00000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #2, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
06:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 19
Region 0: Memory at de900000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #3, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
07:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 17
Region 0: Memory at de800000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #5, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
08:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 19
Region 0: Memory at de700000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #7, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
09:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 17
Region 0: Memory at de600000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #9, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
0a:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 18
Region 0: Memory at de500000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #10, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
0b:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 19
Region 0: Memory at de400000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #11, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
0c:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 16
Region 0: Memory at de300000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #12, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
0d:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 17
Region 0: Memory at de200000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #13, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
0e:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 18
Region 0: Memory at de100000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #14, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP+ Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
0f:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
Subsystem: Intel Corporation Device 0024
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 19
Region 0: Memory at de000000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [c8] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [d0] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [40] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
MaxPayload 128 bytes, MaxReadReq 128 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #15, Speed 5GT/s, Width x1, ASPM L1, Exit Latency L1 <8us
ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk-
ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [80] MSI-X: Enable+ Count=16 Masked-
Vector table: BAR=0 offset=00002000
PBA: BAR=0 offset=00003000
Capabilities: [100 v1] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [14c v1] Latency Tolerance Reporting
Max snoop latency: 3145728ns
Max no snoop latency: 3145728ns
Capabilities: [154 v1] L1 PM Substates
L1SubCap: PCI-PM_L1.2+ PCI-PM_L1.1+ ASPM_L1.2+ ASPM_L1.1+ L1_PM_Substates+
PortCommonModeRestoreTime=30us PortTPowerOnTime=18us
L1SubCtl1: PCI-PM_L1.2- PCI-PM_L1.1- ASPM_L1.2- ASPM_L1.1-
T_CommonMode=0us LTR1.2_Threshold=0ns
L1SubCtl2: T_PwrOn=10us
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
10:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network Connection (rev 03)
Subsystem: Intel Corporation Device 0000
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 16
Region 0: Memory at dee00000 (32-bit, non-prefetchable) [size=128K]
Region 2: I/O ports at e000 [size=32]
Region 3: Memory at dee20000 (32-bit, non-prefetchable) [size=16K]
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=1 PME-
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Address: 0000000000000000 Data: 0000
Masking: 00000000 Pending: 00000000
Capabilities: [70] MSI-X: Enable+ Count=5 Masked-
Vector table: BAR=3 offset=00000000
PBA: BAR=3 offset=00002000
Capabilities: [a0] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s <512ns, L1 <64us
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+ FLReset-
MaxPayload 256 bytes, MaxReadReq 512 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <2us, L1 <16us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, OBFF Not Supported
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [100 v2] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [140 v1] Device Serial Number 00-60-e0-ff-ff-88-3b-89
Capabilities: [1a0 v1] Transaction Processing Hints
Device specific mode supported
Steering table in TPH capability structure
Kernel driver in use: igb
Kernel modules: igb
11:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network Connection (rev 03)
Subsystem: Intel Corporation Device 0000
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0, Cache Line Size: 64 bytes
Interrupt: pin A routed to IRQ 17
Region 0: Memory at ded00000 (32-bit, non-prefetchable) [size=128K]
Region 2: I/O ports at d000 [size=32]
Region 3: Memory at ded20000 (32-bit, non-prefetchable) [size=16K]
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=1 PME-
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Address: 0000000000000000 Data: 0000
Masking: 00000000 Pending: 00000000
Capabilities: [70] MSI-X: Enable+ Count=5 Masked-
Vector table: BAR=3 offset=00000000
PBA: BAR=3 offset=00002000
Capabilities: [a0] Express (v2) Endpoint, MSI 00
DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s <512ns, L1 <64us
ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
DevCtl: CorrErr- NonFatalErr- FatalErr- UnsupReq-
RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+ FLReset-
MaxPayload 256 bytes, MaxReadReq 512 bytes
DevSta: CorrErr- NonFatalErr- FatalErr- UnsupReq- AuxPwr+ TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <2us, L1 <16us
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp+
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s (ok), Width x1 (ok)
TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, OBFF Not Supported
AtomicOpsCap: 32bit- 64bit- 128bitCAS-
DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
AtomicOpsCtl: ReqEn-
LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-
Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
Compliance De-emphasis: -6dB
LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete-, EqualizationPhase1-
EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
Capabilities: [100 v2] Advanced Error Reporting
UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr-
CEMsk: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
HeaderLog: 00000000 00000000 00000000 00000000
Capabilities: [140 v1] Device Serial Number 00-60-e0-ff-ff-88-3b-8a
Capabilities: [1a0 v1] Transaction Processing Hints
Device specific mode supported
Steering table in TPH capability structure
Kernel driver in use: igb
Kernel modules: igb
Thanks,
Ben
>
> Bjorn
>
> [1] https://lore.kernel.org/all/47b775c5-57fa-5edf-b59e-8a9041ffbee7@candelatech.com/#t
> [2] https://git.kernel.org/linus/8795e182b02d
> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/pci/pcie/portdrv_core.c?id=v6.0#n223
> [4] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/pci/pcie/portdrv_core.c?id=v5.19.16#n223
>
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2023-03-31 22:31 ` Ben Greear
@ 2023-04-04 17:09 ` Bjorn Helgaas
2023-04-18 18:18 ` Ben Greear
0 siblings, 1 reply; 415+ messages in thread
From: Bjorn Helgaas @ 2023-04-04 17:09 UTC (permalink / raw)
To: Ben Greear
Cc: Pali Rohár, Greg Kroah-Hartman, bjorn, LKML, stable,
Stefan Roese, Bjorn Helgaas, Rafael J. Wysocki,
Bharat Kumar Gogada, Michal Simek, Yao Hongbo, Naveen Naidu,
Sasha Levin, linux-pci, Gregory Greenman, Kalle Valo,
linux-wireless, netdev
On Fri, Mar 31, 2023 at 03:31:40PM -0700, Ben Greear wrote:
> On 3/31/23 15:06, Bjorn Helgaas wrote:
> > [+cc iwlwifi folks]
> >
> > Re: 8795e182b02d ("PCI/portdrv: Don't disable AER reporting in
> > get_port_device_capability()")
> >
> > On Wed, Mar 29, 2023 at 04:17:29PM -0700, Ben Greear wrote:
> > > On 8/30/22 3:16 PM, Ben Greear wrote:
> > > ...
> >
> > > I notice this patch appears to be in 6.2.6 kernel, and my kernel logs are
> > > full of spam and system is unstable. Possibly the unstable part is related
> > > to something else, but the log spam is definitely extreme.
> > >
> > > These systems are fairly stable on 5.19-ish kernels without the patch in
> > > question.
> >
> > Hmmm, I was going to thank you for the report, but looking closer, I
> > see that you reported this last August [1] and we *should* have
> > pursued it with the iwlwifi folks or figured out what the PCI core is
> > doing wrong, but I totally dropped the ball. Sorry about that.
> >
> > To make sure we're all on the same page, we're talking about
> > 8795e182b02d ("PCI/portdrv: Don't disable AER reporting in
> > get_port_device_capability()") [2],
> > which is present in v6.0 and later [3] but not v5.19.16 [4].
>
> Yes, though I manually tried reverting that patch, and problem
> persisted, so maybe some secondary patch still enables whatever
> causes the issue.
>
> Booting with pci=noaer 'fixes' the problem for me, that is what I am
> running currently.
>
> > > Here is sample of the spam:
> > >
> > > [ 1675.547023] pcieport 0000:03:02.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
> > > [ 1675.556851] pcieport 0000:03:02.0: device [10b5:8619] error status/mask=00100000/00000000
> > > [ 1675.563904] pcieport 0000:03:02.0: [20] UnsupReq (First)
> > > [ 1675.569398] pcieport 0000:03:02.0: AER: TLP Header: 34000000 05001f10 00000000 88c888c8
> > > [ 1675.576296] iwlwifi 0000:05:00.0: AER: can't recover (no error_detected callback)
> >
> > The TLP header says this is an LTR message from 05:00.0. Apparently
> > the bridge above 05:00.0 is 03:02.0, which logged an Unsupported
> > Request error for the message, probably because 03:02.0 doesn't have
> > LTR enabled.
> Here is lspci, and please note that I am using a pcie -> 12x m.2
> adapter board, which is not common in the world. Possibly it is
> causing some of the problems with the AER logic (though, it is
> stable in 5.19 and lower. And a similar system with 2 of these
> adapter boards filled with 24 mtk7922 radios does not show the AER
> warnings or instability problems so far.)
>
> The lspci below is from a system with 12 ax210 radios, I have
> another with 24, it shows similar problems.
Interesting config. Somebody is definitely doing something wrong.
LTR is enabled at 00:1c.0 (which is fine), not supported and disabled
at 02:00.0 and 03:02.0 (also fine), but *enabled* at 05:00.0, which is
absolutely not fine because 03:02.0 won't know what to do with the LTR
messages and would log the AER errors you're seeing.
> 00:1c.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #1 (rev f1) (prog-if 00 [Normal decode])
> Bus: primary=00, secondary=02, subordinate=0f, sec-latency=0
> DevCap2: Completion Timeout: Range ABC, TimeoutDis+, LTR+, OBFF Not Supported ARIFwd+
> AtomicOpsCap: Routing- 32bit- 64bit- 128bitCAS-
> DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR+, OBFF Disabled ARIFwd-
> 02:00.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
> Bus: primary=02, secondary=03, subordinate=0f, sec-latency=0
> DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported
> AtomicOpsCap: Routing- 32bit- 64bit- 128bitCAS-
> DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
> 03:02.0 PCI bridge: PLX Technology, Inc. PEX 8619 16-lane, 16-Port PCI Express Gen 2 (5.0 GT/s) Switch with DMA (rev ba) (prog-if 00 [Normal decode])
> Bus: primary=03, secondary=05, subordinate=05, sec-latency=0
> DevCap2: Completion Timeout: Not Supported, TimeoutDis-, LTR-, OBFF Not Supported ARIFwd+
> AtomicOpsCap: Routing-
> DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled ARIFwd-
> 05:00.0 Network controller: Intel Corporation Device 2725 (rev 1a)
> DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
> AtomicOpsCap: 32bit- 64bit- 128bitCAS-
> DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
> AtomicOpsCtl: ReqEn-
For 02:00.0 and 03:02.0, pci_configure_ltr() should bail out as soon
as it sees they don't support PCI_EXP_DEVCAP2_LTR, so they should
never have dev->ltr_path set. And pci_configure_ltr() should not set
PCI_EXP_DEVCTL2_LTR_EN for 05:00.0 since bridge->ltr_path is not set
for 03:02.0.
Can you collect the dmesg log when booted with "pci=earlydump"? I
wonder if BIOS could be enabling LTR on 05:00.0.
Bjorn
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2023-04-04 17:09 ` Bjorn Helgaas
@ 2023-04-18 18:18 ` Ben Greear
2023-04-18 20:26 ` Bjorn Helgaas
0 siblings, 1 reply; 415+ messages in thread
From: Ben Greear @ 2023-04-18 18:18 UTC (permalink / raw)
To: Bjorn Helgaas
Cc: Pali Rohár, Greg Kroah-Hartman, bjorn, LKML, stable,
Stefan Roese, Bjorn Helgaas, Rafael J. Wysocki,
Bharat Kumar Gogada, Michal Simek, Yao Hongbo, Naveen Naidu,
Sasha Levin, linux-pci, Gregory Greenman, Kalle Valo,
linux-wireless, netdev
The CC list in this email is huge, and the dmesg is also large. I'm going to send the file directly to Bjorn.
Please let me know if anyone wants to see it, or if I should just reply-all and paste it in...
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
^ permalink raw reply [flat|nested] 415+ messages in thread
* Re: [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability()
2023-04-18 18:18 ` Ben Greear
@ 2023-04-18 20:26 ` Bjorn Helgaas
0 siblings, 0 replies; 415+ messages in thread
From: Bjorn Helgaas @ 2023-04-18 20:26 UTC (permalink / raw)
To: Ben Greear
Cc: Pali Rohár, Greg Kroah-Hartman, bjorn, LKML, stable,
Stefan Roese, Bjorn Helgaas, Rafael J. Wysocki,
Bharat Kumar Gogada, Michal Simek, Yao Hongbo, Naveen Naidu,
Sasha Levin, linux-pci, Gregory Greenman, Kalle Valo,
linux-wireless, netdev
On Tue, Apr 18, 2023 at 11:18:58AM -0700, Ben Greear wrote:
> The CC list in this email is huge, and the dmesg is also large. I'm going to send the file directly to Bjorn.
> Please let me know if anyone wants to see it, or if I should just reply-all and paste it in...
Thanks, I got the dmesg log and attached it to this bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=217352
I tried to match the earlydump up with the lspci from
https://lore.kernel.org/r/4ff1397e-1d78-bc59-f577-e69024c4c4f3@candelatech.com
but it doesn't seem to match. Could they be from different systems or
different configs?
Could I trouble you to collect the "sudo lspci -vvxxx" output to match
the pci=earlydump log? (Or just collect both from the same system)
Bjorn
^ permalink raw reply [flat|nested] 415+ messages in thread
end of thread, other threads:[~2023-04-18 20:26 UTC | newest]
Thread overview: 415+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-23 8:21 [PATCH 5.4 000/389] 5.4.211-rc1 review Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 001/389] Makefile: link with -z noexecstack --no-warn-rwx-segments Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 002/389] x86: link vdso and boot " Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 003/389] scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 004/389] ALSA: bcd2000: Fix a UAF bug on the error path of probing Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 005/389] igc: Remove _I_PHY_ID checking Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 006/389] wifi: mac80211_hwsim: fix race condition in pending packet Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 007/389] wifi: mac80211_hwsim: add back erroneously removed cast Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 008/389] wifi: mac80211_hwsim: use 32-bit skb cookie Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 009/389] add barriers to buffer_uptodate and set_buffer_uptodate Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 010/389] HID: wacom: Only report rotation for art pen Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 011/389] HID: wacom: Dont register pad_input for touch switch Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 012/389] KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 013/389] KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL " Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 014/389] KVM: SVM: Dont BUG if userspace injects an interrupt with GIF=0 Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 015/389] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 016/389] KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 017/389] KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 018/389] mm/mremap: hold the rmap lock in write mode when moving page table entries Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 019/389] ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 020/389] ALSA: hda/cirrus - support for iMac 12,1 model Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 021/389] ALSA: hda/realtek: Add quirk for another Asus K42JZ model Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 022/389] tty: vt: initialize unicode screen buffer Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 023/389] vfs: Check the truncate maximum size in inode_newsize_ok() Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 024/389] fs: Add missing umask strip in vfs_tmpfile Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 025/389] thermal: sysfs: Fix cooling_device_stats_setup() error code path Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 026/389] fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 027/389] usbnet: Fix linkwatch use-after-free on disconnect Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 028/389] ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 029/389] parisc: Fix device names in /proc/iomem Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 030/389] parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 031/389] drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 032/389] drm/nouveau: fix another off-by-one in nvbios_addr Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 033/389] drm/amdgpu: Check BOs requested pinning domains against its preferred_domains Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 034/389] iio: light: isl29028: Fix the warning in isl29028_remove() Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 035/389] fuse: limit nsec Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 036/389] serial: mvebu-uart: uart2 error bits clearing Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 037/389] md-raid10: fix KASAN warning Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 038/389] ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 039/389] PCI: Add defines for normal and subtractive PCI bridges Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 040/389] powerpc/fsl-pci: Fix Class Code of PCIe Root Port Greg Kroah-Hartman
2022-08-23 8:21 ` [PATCH 5.4 041/389] powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 042/389] powerpc/powernv: Avoid crashing if rng is NULL Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 043/389] MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 044/389] coresight: Clear the connection field properly Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 045/389] USB: HCD: Fix URB giveback issue in tasklet function Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 046/389] ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 047/389] arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 048/389] netfilter: nf_tables: do not allow SET_ID to refer to another table Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 049/389] netfilter: nf_tables: do not allow RULE_ID to refer to another chain Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 050/389] netfilter: nf_tables: fix null deref due to zeroed list head Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 051/389] epoll: autoremove wakers even more aggressively Greg Kroah-Hartman
2022-10-26 16:00 ` mdecandia
2022-10-26 16:43 ` Greg KH
[not found] ` <CAAPDZK9Oz2Hs9wofW9820gM=SeWgycCEWN=Xsjmy-YY_iFBcfQ@mail.gmail.com>
2022-10-26 18:48 ` Shakeel Butt
2022-10-27 10:09 ` Greg KH
2022-11-30 0:34 ` Samuel Mendoza-Jonas
2022-08-23 8:22 ` [PATCH 5.4 052/389] x86: Handle idle=nomwait cmdline properly for x86_idle Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 053/389] arm64: Do not forget syscall when starting a new thread Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 054/389] arm64: fix oops in concurrently setting insn_emulation sysctls Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 055/389] ext2: Add more validity checks for inode counts Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 056/389] genirq: Dont return error on missing optional irq_request_resources() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 057/389] wait: Fix __wait_event_hrtimeout for RT/DL tasks Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 058/389] ARM: dts: imx6ul: add missing properties for sram Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 059/389] ARM: dts: imx6ul: change operating-points to uint32-matrix Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 060/389] ARM: dts: imx6ul: fix csi node compatible Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 061/389] ARM: dts: imx6ul: fix lcdif " Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 062/389] ARM: dts: imx6ul: fix qspi " Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 063/389] spi: synquacer: Add missing clk_disable_unprepare() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 064/389] ARM: OMAP2+: display: Fix refcount leak bug Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 065/389] ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 066/389] ACPI: PM: save NVS memory for Lenovo G40-45 Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 067/389] ACPI: LPSS: Fix missing check in register_device_clock() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 068/389] arm64: dts: qcom: ipq8074: fix NAND node name Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 069/389] arm64: dts: allwinner: a64: orangepi-win: Fix LED " Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 070/389] ARM: shmobile: rcar-gen2: Increase refcount for new reference Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 071/389] PM: hibernate: defer device probing when resuming from hibernation Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 072/389] selinux: Add boundary check in put_entry() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 073/389] spi: spi-rspi: Fix PIO fallback on RZ platforms Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 074/389] ARM: findbit: fix overflowing offset Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 075/389] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 076/389] ARM: bcm: Fix refcount leak in bcm_kona_smc_init Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 077/389] x86/pmem: Fix platform-device leak in error path Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 078/389] ARM: dts: ast2500-evb: fix board compatible Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 079/389] ARM: dts: ast2600-evb: " Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 080/389] soc: fsl: guts: machine variable might be unset Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 081/389] ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 082/389] ARM: OMAP2+: Fix refcount leak in omapdss_init_of Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 083/389] ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 084/389] cpufreq: zynq: Fix refcount leak in zynq_get_revision Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 085/389] soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 086/389] ARM: dts: qcom: pm8841: add required thermal-sensor-cells Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 087/389] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 088/389] arm64: dts: mt7622: fix BPI-R64 WPS button Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 089/389] erofs: avoid consecutive detection for Highmem memory Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 090/389] blk-mq: dont create hctx debugfs dir until q->debugfs_dir is created Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 091/389] regulator: of: Fix refcount leak bug in of_get_regulation_constraints() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 092/389] nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 093/389] thermal/tools/tmon: Include pthread and time headers in tmon.h Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 094/389] dm: return early from dm_pr_call() if DM device is suspended Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 095/389] ath10k: do not enforce interrupt trigger type Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 096/389] wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 097/389] drm/mipi-dbi: align max_chunk to 2 in spi_transfer Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 098/389] drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 099/389] drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 100/389] drm: adv7511: override i2c address of cec before accessing it Greg Kroah-Hartman
2022-08-23 8:22 ` [PATCH 5.4 101/389] i2c: Fix a potential use after free Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 102/389] media: tw686x: Register the irq at the end of probe Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 103/389] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 104/389] wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 105/389] drm: bridge: adv7511: Add check for mipi_dsi_driver_register Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 106/389] drm/mcde: Fix refcount leak in mcde_dsi_bind Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 107/389] media: hdpvr: fix error value returns in hdpvr_read Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 108/389] drm/vc4: plane: Remove subpixel positioning check Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 109/389] drm/vc4: plane: Fix margin calculations for the right/bottom edges Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 110/389] drm/vc4: dsi: Correct DSI divider calculations Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 111/389] crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 112/389] drm/rockchip: vop: Dont crash for invalid duplicate_state() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 113/389] drm/rockchip: Fix an error handling path rockchip_dp_probe() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 114/389] drm/mediatek: dpi: Remove output format of YUV Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 115/389] drm/mediatek: dpi: Only enable dpi after the bridge is enabled Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 116/389] drm: bridge: sii8620: fix possible off-by-one Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 117/389] drm/msm/mdp5: Fix global state lock backoff Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 118/389] crypto: hisilicon - Kunpeng916 crypto driver dont sleep when in softirq Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 119/389] media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 120/389] mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 121/389] drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 122/389] tcp: make retransmitted SKB fit into the send window Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 123/389] libbpf: Fix the name of a reused map Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 124/389] selftests: timers: valid-adjtimex: build fix for newer toolchains Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 125/389] selftests: timers: clocksource-switch: fix passing errors from child Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 126/389] fs: check FMODE_LSEEK to control internal pipe splicing Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 127/389] wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 128/389] wifi: p54: Fix an error handling path in p54spi_probe() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 129/389] wifi: p54: add missing parentheses in p54_flush() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 130/389] selftests/bpf: fix a test for snprintf() overflow Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 131/389] can: pch_can: do not report txerr and rxerr during bus-off Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 132/389] can: rcar_can: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 133/389] can: sja1000: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 134/389] can: hi311x: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 135/389] can: sun4i_can: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 136/389] can: kvaser_usb_hydra: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 137/389] can: kvaser_usb_leaf: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 138/389] can: usb_8dev: " Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 139/389] can: error: specify the values of data[5..7] of CAN error frames Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 140/389] can: pch_can: pch_can_error(): initialize errc before using it Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 141/389] Bluetooth: hci_intel: Add check for platform_driver_register Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 142/389] i2c: cadence: Support PEC for SMBus block read Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 143/389] i2c: mux-gpmux: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 144/389] wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 145/389] wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 146/389] wifi: libertas: Fix possible refcount leak in if_usb_probe() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 147/389] net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 148/389] crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 149/389] iavf: Fix max_rate limiting Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 150/389] netdevsim: Avoid allocation warnings triggered from user space Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 151/389] net: rose: fix netdev reference changes Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 152/389] dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 153/389] clk: renesas: r9a06g032: Fix UART clkgrp bitsel Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 154/389] mtd: maps: Fix refcount leak in of_flash_probe_versatile Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 155/389] mtd: maps: Fix refcount leak in ap_flash_init Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 156/389] mtd: rawnand: meson: Fix a potential double free issue Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 157/389] HID: cp2112: prevent a buffer overflow in cp2112_xfer() Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 158/389] mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 159/389] mtd: partitions: Fix refcount leak in parse_redboot_of Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 160/389] mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()s error path Greg Kroah-Hartman
2022-08-23 8:23 ` [PATCH 5.4 161/389] fpga: altera-pr-ip: fix unsigned comparison with less than zero Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 162/389] usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 163/389] usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 164/389] usb: xhci: tegra: Fix error check Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 165/389] clk: mediatek: reset: Fix written reset bit offset Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 166/389] misc: rtsx: Fix an error handling path in rtsx_pci_probe() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 167/389] driver core: fix potential deadlock in __driver_attach Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 168/389] clk: qcom: clk-krait: unlock spin after mux completion Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 169/389] usb: host: xhci: use snprintf() in xhci_decode_trb() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 170/389] clk: qcom: ipq8074: fix NSS port frequency tables Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 171/389] clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 172/389] clk: qcom: camcc-sdm845: Fix topology around titan_top power domain Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 173/389] soundwire: bus_type: fix remove and shutdown support Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 174/389] intel_th: Fix a resource leak in an error handling path Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 175/389] intel_th: msu-sink: Potential dereference of null pointer Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 176/389] intel_th: msu: Fix vmalloced buffers Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 177/389] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 178/389] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 179/389] memstick/ms_block: Fix some incorrect memory allocation Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 180/389] memstick/ms_block: Fix a memory leak Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 181/389] mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 182/389] PCI/portdrv: Dont disable AER reporting in get_port_device_capability() Greg Kroah-Hartman
[not found] ` <CABhMZUVycsyy76j2Z=K+C6S1fwtzKE1Lx2povXKfB80o9g0MtQ@mail.gmail.com>
2022-08-24 6:41 ` Greg Kroah-Hartman
2022-08-30 20:47 ` Ben Greear
2022-08-30 20:58 ` Pali Rohár
2022-08-30 21:28 ` Ben Greear
2022-08-30 21:55 ` Pali Rohár
2022-08-30 22:16 ` Ben Greear
2023-03-29 23:17 ` Ben Greear
2023-03-31 22:06 ` Bjorn Helgaas
2023-03-31 22:31 ` Ben Greear
2023-04-04 17:09 ` Bjorn Helgaas
2023-04-18 18:18 ` Ben Greear
2023-04-18 20:26 ` Bjorn Helgaas
2022-08-30 22:11 ` Bjorn Helgaas
2022-08-31 5:52 ` Stefan Roese
2022-09-01 11:08 ` Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 183/389] scsi: smartpqi: Fix DMA direction for RAID requests Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 184/389] usb: gadget: udc: amd5536 depends on HAS_DMA Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 185/389] RDMA/hns: Fix incorrect clearing of interrupt status register Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 186/389] RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 187/389] RDMA/hfi1: fix potential memory leak in setup_base_ctxt() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 188/389] gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 189/389] mmc: cavium-octeon: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 190/389] mmc: cavium-thunderx: " Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 191/389] HID: alps: Declare U1_UNICORN_LEGACY support Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 192/389] PCI: tegra194: Fix Root Port interrupt handling Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 193/389] PCI: tegra194: Fix link up retry sequence Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 194/389] USB: serial: fix tty-port initialized comments Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 195/389] platform/olpc: Fix uninitialized data in debugfs write Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 196/389] mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 197/389] RDMA/rxe: Fix error unwind in rxe_create_qp() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 198/389] null_blk: fix ida error handling in null_add_dev() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 199/389] jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 200/389] ext4: recover csum seed of tmp_inode after migrating to extents Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 201/389] jbd2: fix assertion jh->b_frozen_data == NULL failure when journal aborted Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 202/389] opp: Fix error check in dev_pm_opp_attach_genpd() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 203/389] ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 204/389] ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 205/389] ASoC: codecs: da7210: add check for i2c_add_driver Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 206/389] ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 207/389] serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 208/389] ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 209/389] ASoC: codecs: wcd9335: " Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 210/389] profiling: fix shift too large makes kernel panic Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 211/389] tty: n_gsm: fix non flow control frames during mux flow off Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 212/389] tty: n_gsm: fix packet re-transmission without open control channel Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 213/389] tty: n_gsm: fix race condition in gsmld_write() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 214/389] remoteproc: qcom: wcnss: Fix handling of IRQs Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 215/389] vfio/ccw: Do not change FSM state in subchannel event Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 216/389] tty: n_gsm: fix wrong T1 retry count handling Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 217/389] tty: n_gsm: fix DM command Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 218/389] tty: n_gsm: fix missing corner cases in gsmld_poll() Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 219/389] iommu/exynos: Handle failed IOMMU device registration properly Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 220/389] rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge Greg Kroah-Hartman
2022-08-23 8:24 ` [PATCH 5.4 221/389] kfifo: fix kfifo_to_user() return type Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 222/389] mfd: t7l66xb: Drop platform disable callback Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 223/389] mfd: max77620: Fix refcount leak in max77620_initialise_fps Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 224/389] iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 225/389] s390/zcore: fix race when reading from hardware system area Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 226/389] ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 227/389] fuse: Remove the control interface for virtio-fs Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 228/389] ASoC: audio-graph-card: Add of_node_put() in fail path Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 229/389] watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 230/389] video: fbdev: amba-clcd: Fix refcount leak bugs Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 231/389] video: fbdev: sis: fix typos in SiS_GetModeID() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 232/389] powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 233/389] powerpc/pci: Prefer PCI domain assignment via DT linux,pci-domain and alias Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 234/389] powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 235/389] powerpc/xive: Fix refcount leak in xive_get_max_prio Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 236/389] powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 237/389] perf symbol: Fail to read phdr workaround Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 238/389] kprobes: Forbid probing on trampoline and BPF code areas Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 239/389] powerpc/pci: Fix PHB numbering when using opal-phbid Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 240/389] genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 241/389] scripts/faddr2line: Fix vmlinux detection on arm64 Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 242/389] x86/numa: Use cpumask_available instead of hardcoded NULL check Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 243/389] video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 244/389] tools/thermal: Fix possible path truncations Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 245/389] video: fbdev: vt8623fb: Check the size of screen before memset_io() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 246/389] video: fbdev: arkfb: " Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 247/389] video: fbdev: s3fb: " Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 248/389] scsi: zfcp: Fix missing auto port scan and thus missing target ports Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 249/389] scsi: qla2xxx: Fix discovery issues in FC-AL topology Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 250/389] scsi: qla2xxx: Turn off multi-queue for 8G adapters Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 251/389] scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 252/389] x86/olpc: fix logical not is only applied to the left hand side Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 253/389] spmi: trace: fix stack-out-of-bound access in SPMI tracing functions Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 254/389] kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 255/389] tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 256/389] btrfs: reset block group chunk force if we have to wait Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 257/389] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 258/389] ext4: make sure ext4_append() always allocates new block Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 259/389] ext4: fix use-after-free in ext4_xattr_set_entry Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 260/389] ext4: update s_overhead_clusters in the superblock during an on-line resize Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 261/389] ext4: fix extent status tree race in writeback error recovery path Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 262/389] ext4: correct max_inline_xattr_value_size computing Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 263/389] ext4: correct the misjudgment in ext4_iget_extra_inode Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 264/389] intel_th: pci: Add Raptor Lake-S CPU support Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 265/389] intel_th: pci: Add Raptor Lake-S PCH support Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 266/389] intel_th: pci: Add Meteor Lake-P support Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 267/389] dm raid: fix address sanitizer warning in raid_resume Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 268/389] dm raid: fix address sanitizer warning in raid_status Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 269/389] dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 270/389] dm writecache: set a default MAX_WRITEBACK_JOBS Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 271/389] ACPI: CPPC: Do not prevent CPPC from working in the future Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 272/389] timekeeping: contribute wall clock to rng on time change Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 273/389] firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 274/389] iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 275/389] net_sched: cls_route: remove from list when handle is 0 Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 276/389] btrfs: reject log replay if there is unsupported RO compat flag Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 277/389] KVM: Add infrastructure and macro to mark VM as bugged Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 278/389] KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 279/389] KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 280/389] tcp: fix over estimation in sk_forced_mem_schedule() Greg Kroah-Hartman
2022-08-23 8:25 ` [PATCH 5.4 281/389] scsi: sg: Allow waiting for commands to complete on removed device Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 282/389] Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 283/389] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 284/389] net/9p: Initialize the iounit field during fid creation Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 285/389] net_sched: cls_route: disallow handle of 0 Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 286/389] ALSA: info: Fix llseek return value when using callback Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 287/389] rds: add missing barrier to release_refill Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 288/389] ata: libata-eh: Add missing command name Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 289/389] mmc: pxamci: Fix another error handling path in pxamci_probe() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 290/389] mmc: pxamci: Fix an " Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 291/389] btrfs: fix lost error handling when looking up extended ref on log replay Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 292/389] tracing: Have filter accept "common_cpu" to be consistent Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 293/389] can: ems_usb: fix clangs -Wunaligned-access warning Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 294/389] apparmor: fix quiet_denied for file rules Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 295/389] apparmor: fix absroot causing audited secids to begin with = Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 296/389] apparmor: Fix failed mount permission check error message Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 297/389] apparmor: fix aa_label_asxprint return check Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 298/389] apparmor: fix overlapping attachment computation Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 299/389] apparmor: fix reference count leak in aa_pivotroot() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 300/389] apparmor: Fix memleak in aa_simple_write_to_buffer() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 301/389] Documentation: ACPI: EINJ: Fix obsolete example Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 302/389] NFSv4.1: Dont decrease the value of seq_nr_highest_sent Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 303/389] NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 304/389] NFSv4: Fix races in the legacy idmapper upcall Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 305/389] NFSv4.1: RECLAIM_COMPLETE must handle EACCES Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 306/389] NFSv4/pnfs: Fix a use-after-free bug in open Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 307/389] can: mcp251x: Fix race condition on receive interrupt Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 308/389] sunrpc: fix expiry of auth creds Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 309/389] SUNRPC: Reinitialise the backchannel request buffers before reuse Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 310/389] devlink: Fix use-after-free after a failed reload Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 311/389] net: bgmac: Fix a BUG triggered by wrong bytes_compl Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 312/389] pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 313/389] pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 314/389] pinctrl: sunxi: Add I/O bias setting for H6 R-PIO Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 315/389] ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 316/389] geneve: do not use RT_TOS for IPv6 flowlabel Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 317/389] plip: avoid rcu debug splat Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 318/389] vsock: Fix memory leak in vsock_connect() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 319/389] vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 320/389] dt-bindings: arm: qcom: fix MSM8916 MTP compatibles Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 321/389] tools/vm/slabinfo: use alphabetic order when two values are equal Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 322/389] tools build: Switch to new openssl API for test-libcrypto Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 323/389] NTB: ntb_tool: uninitialized heap data in tool_fn_write() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 324/389] nfp: ethtool: fix the display error of `ethtool -m DEVNAME` Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 325/389] xen/xenbus: fix return type in xenbus_file_read() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 326/389] atm: idt77252: fix use-after-free bugs caused by tst_timer Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 327/389] dpaa2-eth: trace the allocated address instead of page struct Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 328/389] tee: add overflow check in register_shm_helper() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 329/389] nios2: page fault et.al. are *not* restartable syscalls Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 330/389] nios2: dont leave NULLs in sys_call_table[] Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 331/389] nios2: traced syscall does need to check the syscall number Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 332/389] nios2: fix syscall restart checks Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 333/389] nios2: restarts apply only to the first sigframe we build Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 334/389] nios2: add force_successful_syscall_return() Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 335/389] iavf: Fix adminq error handling Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 336/389] clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 337/389] netfilter: nf_tables: really skip inactive sets when allocating name Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 338/389] powerpc/pci: Fix get_phb_number() locking Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 339/389] net: dsa: mv88e6060: prevent crash on an unused port Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 340/389] net: moxa: pass pdev instead of ndev to DMA functions Greg Kroah-Hartman
2022-08-23 8:26 ` [PATCH 5.4 341/389] net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 342/389] ice: Ignore EEXIST when setting promisc mode Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 343/389] i40e: Fix to stop tx_timeout recovery if GLOBR fails Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 344/389] fec: Fix timer capture timing in `fec_ptp_enable_pps()` Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 345/389] igb: Add lock to avoid data race Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 346/389] gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 347/389] locking/atomic: Make test_and_*_bit() ordered on failure Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 348/389] drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 349/389] PCI: Add ACS quirk for Broadcom BCM5750x NICs Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 350/389] usb: cdns3 fix use-after-free at workaround 2 Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 351/389] usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 352/389] irqchip/tegra: Fix overflow implicit truncation warnings Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 353/389] drm/meson: " Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 354/389] usb: host: ohci-ppc-of: Fix refcount leak bug Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 355/389] usb: renesas: " Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 356/389] vboxguest: Do not use devm for irq Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 357/389] clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 358/389] scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 359/389] gadgetfs: ep_io - wait until IRQ finishes Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 360/389] cxl: Fix a memory leak in an error handling path Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 361/389] PCI/ACPI: Guard ARM64-specific mcfg_quirks Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 362/389] um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 363/389] selftests/kprobe: Do not test for GRP/ without event failures Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 364/389] dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 365/389] nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 366/389] drivers:md:fix a potential use-after-free bug Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 367/389] ext4: avoid remove directory when directory is corrupted Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 368/389] ext4: avoid resizing to a partial cluster size Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 369/389] lib/list_debug.c: Detect uninitialized lists Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 370/389] tty: serial: Fix refcount leak bug in ucc_uart.c Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 371/389] vfio: Clear the caps->buf to NULL after free Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 372/389] mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 373/389] riscv: dts: sifive: Add fu540 topology information Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 374/389] riscv: mmap with PROT_WRITE but no PROT_READ is invalid Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 375/389] RISC-V: Add fast call path of crash_kexec() Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 376/389] watchdog: export lockup_detector_reconfigure Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 377/389] powerpc/32: Dont always pass -mcpu=powerpc to the compiler Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 378/389] ALSA: core: Add async signal helpers Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 379/389] ALSA: timer: Use deferred fasync helper Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 380/389] f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 381/389] smb3: check xattr value length earlier Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 382/389] powerpc/64: Init jump labels before parse_early_param() Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 383/389] video: fbdev: i740fb: Check the argument of i740_calc_vclk() Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 384/389] MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 385/389] tracing/probes: Have kprobes and uprobes use $COMM too Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 386/389] can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 387/389] can: j1939: j1939_session_destroy(): fix memory leak of skbs Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 388/389] btrfs: only write the sectors in the vertical stripe which has data stripes Greg Kroah-Hartman
2022-08-23 8:27 ` [PATCH 5.4 389/389] btrfs: raid56: dont trust any cached sector in __raid56_parity_recover() Greg Kroah-Hartman
2022-08-23 21:02 ` [PATCH 5.4 000/389] 5.4.211-rc1 review Guenter Roeck
2022-08-23 22:03 ` Shuah Khan
2022-08-24 7:02 ` Naresh Kamboju
2022-08-24 11:05 ` Sudip Mukherjee (Codethink)
[not found] ` <3d191fcd-62bb-323f-ea2b-cf5599a75b07@huawei.com>
2022-08-25 9:35 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).