* [PATCH 5.18 000/339] 5.18.4-rc1 review
@ 2022-06-13 10:07 Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 001/339] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
` (340 more replies)
0 siblings, 341 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, slade
This is the start of the stable review cycle for the 5.18.4 release.
There are 339 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.18.4-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.18.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 5.18.4-rc1
Damien Le Moal <damien.lemoal@opensource.wdc.com>
zonefs: fix handling of explicit_open option on mount
Pascal Hambourg <pascal@plouf.fr.eu.org>
md/raid0: Ignore RAID0 layout if the second zone has only one device
Jason A. Donenfeld <Jason@zx2c4.com>
random: account for arch randomness in bits
Jason A. Donenfeld <Jason@zx2c4.com>
random: mark bootloader randomness code as __init
Jason A. Donenfeld <Jason@zx2c4.com>
random: avoid checking crng_ready() twice in random_init()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Jason Wang <jasowang@redhat.com>
virtio-rng: make device ready before making request
Alex Deucher <alexander.deucher@amd.com>
drm/amdgpu: update VCN codec support for Yellow Carp
Aurabindo Pillai <aurabindo.pillai@amd.com>
drm/amd/display: remove stale config guards
Mohammad Zafar Ziya <Mohammadzafar.ziya@amd.com>
drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit
Brian Norris <briannorris@chromium.org>
drm/atomic: Force bridge self-refresh-exit on CRTC switch
Brian Norris <briannorris@chromium.org>
drm/bridge: analogix_dp: Support PSR-exit to disable transition
Jesse Zhang <Jesse.Zhang@amd.com>
drm/amdkfd:Fix fw version for 10.3.6
Michael Ellerman <mpe@ellerman.id.au>
powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK
Matthew Wilcox (Oracle) <willy@infradead.org>
mm/huge_memory: Fix xarray node memory leak
Peter Zijlstra <peterz@infradead.org>
cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE
Xie Yongji <xieyongji@bytedance.com>
vduse: Fix NULL pointer dereference on sysfs access
Mathias Nyman <mathias.nyman@linux.intel.com>
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
Olivier Matz <olivier.matz@6wind.com>
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
Olivier Matz <olivier.matz@6wind.com>
ixgbe: fix bcast packets Rx on VF after promisc removal
Martin Faltesek <mfaltesek@google.com>
nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
Martin Faltesek <mfaltesek@google.com>
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
Martin Faltesek <mfaltesek@google.com>
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
Jchao Sun <sunjunchao2870@gmail.com>
writeback: Fix inode->i_io_list not be protected by inode->i_lock error
Ilya Maximets <i.maximets@ovn.org>
net: openvswitch: fix misuse of the cached connection on tuple changes
Tan Tee Min <tee.min.tan@linux.intel.com>
net: phy: dp83867: retrigger SGMII AN when link change
Adrian Hunter <adrian.hunter@intel.com>
mmc: block: Fix CQE recovery reset success
Ben Chuang <benchuanggli@gmail.com>
mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend
Sergey Shtylyov <s.shtylyov@omp.ru>
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
Tyler Erickson <tyler.erickson@seagate.com>
libata: fix translation of concurrent positioning ranges
Tyler Erickson <tyler.erickson@seagate.com>
libata: fix reading concurrent positioning ranges log
David Safford <david.safford@gmail.com>
KEYS: trusted: tpm2: Fix migratable logic
Matthew Wilcox (Oracle) <willy@infradead.org>
filemap: Cache the value of vm_flags
Maxim Levitsky <mlevitsk@redhat.com>
KVM: SVM: fix tsc scaling cache logic
Shaoqin Huang <shaoqin.huang@intel.com>
KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots()
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Resolve some cleanup issues following abort path refactoring
Tyler Erickson <tyler.erickson@seagate.com>
scsi: sd: Fix interpretation of VPD B9h length
Shyam Prasad N <sprasad@microsoft.com>
cifs: populate empty hostnames for extra channels
Paulo Alcantara <pc@cjr.nz>
cifs: fix reconnect on smb3 mount types
Shyam Prasad N <sprasad@microsoft.com>
cifs: return errors during session setup during reconnects
Jeremy Soller <jeremy@system76.com>
ALSA: hda/realtek: Add quirk for HP Dev One
Cameron Berkenpas <cam@neo-zeon.de>
ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021
huangwenhui <huangwenhuia@uniontech.com>
ALSA: hda/conexant - Fix loopback issue with CX20632
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Set up (implicit) sync for Saffire 6
Takashi Iwai <tiwai@suse.de>
ALSA: usb-audio: Skip generic sync EP parse for secondary EP
Bedant Patnaik <bedant.patnaik@gmail.com>
platform/x86: hp-wmi: Use zero insize parameter only when supported
Jorge Lopez <jorge.lopez2@hp.com>
platform/x86: hp-wmi: Resolve WMI query failures on some devices
Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
scripts/gdb: change kernel config dumping method
Jiasheng Jiang <jiasheng@iscas.ac.cn>
platform/x86: barco-p50-gpio: Add check for platform_driver_register
Xie Yongji <xieyongji@bytedance.com>
vringh: Fix loop descriptors check in the indirect cases
James Smart <jsmart2021@gmail.com>
scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event()
Kees Cook <keescook@chromium.org>
nodemask: Fix return values to be unsigned
Yury Norov <yury.norov@gmail.com>
drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate
Steve French <stfrench@microsoft.com>
cifs: version operations for smb20 unneeded when legacy support disabled
Christian Borntraeger <borntraeger@linux.ibm.com>
s390/gmap: voluntarily schedule during key setting
Vincent Whitchurch <vincent.whitchurch@axis.com>
cifs: fix potential deadlock in direct reclaim
Bjorn Helgaas <bhelgaas@google.com>
Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs"
Bjorn Helgaas <bhelgaas@google.com>
Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators"
Bjorn Helgaas <bhelgaas@google.com>
Revert "PCI: brcmstb: Add control of subdevice voltage regulators"
Bjorn Helgaas <bhelgaas@google.com>
Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend"
Yu Kuai <yukuai3@huawei.com>
nbd: fix io hung while disconnecting device
Yu Kuai <yukuai3@huawei.com>
nbd: fix race between nbd_alloc_config() and module removal
Yu Kuai <yukuai3@huawei.com>
nbd: call genl_unregister_family() first in nbd_cleanup()
Peter Zijlstra <peterz@infradead.org>
jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds
Peter Zijlstra <peterz@infradead.org>
x86/cpu: Elide KCSAN for cpu_has() and friends
Peter Zijlstra <peterz@infradead.org>
objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn
Masahiro Yamada <masahiroy@kernel.org>
modpost: fix undefined behavior of is_arm_mapping_symbol()
Johannes Berg <johannes.berg@intel.com>
um: line: Use separate IRQs per line
Evan Quan <evan.quan@amd.com>
drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13
Lijo Lazar <lijo.lazar@amd.com>
drm/amd/pm: Fix missing thermal throttler status
Gong Yuanjun <ruc_gongyuanjun@163.com>
drm/amd/pm: fix a potential gpu_metrics_table memory leak
Gong Yuanjun <ruc_gongyuanjun@163.com>
drm/radeon: fix a possible null pointer dereference
Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
drm/amd/display: Check zero planes for OTG disable W/A on clock change
David Galiffi <David.Galiffi@amd.com>
drm/amd/display: Check if modulo is 0 before dividing.
Daniel Borkmann <daniel@iogearbox.net>
net, neigh: Set lower cap for neigh_managed_work rearming
Xiubo Li <xiubli@redhat.com>
ceph: fix possible deadlock when holding Fwb to get inline_data
Xiubo Li <xiubli@redhat.com>
ceph: flush the mdlog for filesystem sync
Venky Shankar <vshankar@redhat.com>
ceph: allow ceph.dir.rctime xattr to be updatable
Michal Kubecek <mkubecek@suse.cz>
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
Oder Chiou <oder_chiou@realtek.com>
ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM
Hannes Reinecke <hare@suse.de>
scsi: myrb: Fix up null pointer access on myrb_cleanup()
Syed Saba kareem <ssabakar@amd.com>
ASoC: SOF: amd: Fixed Build error
Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
md: protect md_unregister_thread from reentrancy
Hyunchul Lee <hyc.lee@gmail.com>
ksmbd: smbd: fix connection dropped issue
Liu Xinpeng <liuxp11@chinatelecom.cn>
watchdog: wdat_wdt: Stop watchdog when rebooting the system
Hao Luo <haoluo@google.com>
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
John Ogness <john.ogness@linutronix.de>
serial: msm_serial: disable interrupts in __msm_console_write()
Wang Cheng <wanngchenng@gmail.com>
staging: rtl8712: fix uninit-value in r871xu_drv_init()
Wang Cheng <wanngchenng@gmail.com>
staging: rtl8712: fix uninit-value in usb_read8() and friends
Andre Przywara <andre.przywara@arm.com>
clocksource/drivers/sp804: Avoid error on multiple instances
bumwoo lee <bw365.lee@samsung.com>
extcon: Modify extcon device to be created after driver data is set
Dan Carpenter <dan.carpenter@oracle.com>
extcon: Fix extcon_get_extcon_dev() error handling
Shuah Khan <skhan@linuxfoundation.org>
misc: rtsx: set NULL intfdata when probe fails
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
soundwire: qcom: adjust autoenumeration timeout
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: gadget: Only End Transfer for ep0 data phase
Heikki Krogerus <heikki.krogerus@linux.intel.com>
usb: dwc3: host: Stop setting the ACPI companion
Marek Szyprowski <m.szyprowski@samsung.com>
usb: dwc2: gadget: don't reset gadget's driver->bus
Changbin Du <changbin.du@intel.com>
sysrq: do not omit current cpu when showing backtrace of all active CPUs
Hangyu Hua <hbh25y@gmail.com>
char: xillybus: fix a refcount leak in cleanup_dev()
Evan Green <evgreen@chromium.org>
USB: hcd-pci: Fully suspend across freeze/thaw cycle
Duoming Zhou <duoming@zju.edu.cn>
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
Duoming Zhou <duoming@zju.edu.cn>
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
Zhen Ni <nizhen@uniontech.com>
USB: host: isp116x: check return value after calling platform_get_resource()
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Use different lane for second DisplayPort tunnel
Huang Guobin <huangguobin4@huawei.com>
tty: Fix a possible resource leak in icom_probe
Zheyu Ma <zheyuma97@gmail.com>
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()
Duoming Zhou <duoming@zju.edu.cn>
drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()
Kees Cook <keescook@chromium.org>
lkdtm/usercopy: Expand size of "out of frame" object
Miquel Raynal <miquel.raynal@bootlin.com>
iio: st_sensors: Add a local lock for protecting odr
Xiaoke Wang <xkernel.wang@foxmail.com>
staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
Xiaoke Wang <xkernel.wang@foxmail.com>
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
David Howells <dhowells@redhat.com>
iov_iter: Fix iter_xarray_get_pages{,_alloc}()
Andrea Mayer <andrea.mayer@uniroma2.it>
net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev
Etienne van der Linde <etienne.vanderlinde@corigine.com>
nfp: flower: restructure flow-key for gre+vlan combination
Linus Torvalds <torvalds@linux-foundation.org>
drm: imx: fix compiler warning with gcc-12
Muchun Song <songmuchun@bytedance.com>
tcp: use alloc_large_system_hash() to allocate table_perturb
Alvin Šipraga <alsi@bang-olufsen.dk>
net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY
Marek Behún <kabel@kernel.org>
net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete
Miaoqian Lin <linmq006@gmail.com>
net: altera: Fix refcount leak in altera_tse_mdio_create
Willem de Bruijn <willemb@google.com>
ip_gre: test csum_start instead of transport header
Mark Bloch <mbloch@nvidia.com>
net/mlx5: fs, fail conflicting actions
Feras Daoud <ferasda@nvidia.com>
net/mlx5: Rearm the FW tracer after each tracer event
Saeed Mahameed <saeedm@nvidia.com>
net/mlx5: Fix mlx5_get_next_dev() peer device matching
Mark Bloch <mbloch@nvidia.com>
net/mlx5: Lag, filter non compatible devices
Paul Blakey <paulb@nvidia.com>
net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules
Masahiro Yamada <masahiroy@kernel.org>
net: ipv6: unexport __init-annotated seg6_hmac_init()
Masahiro Yamada <masahiroy@kernel.org>
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
Masahiro Yamada <masahiroy@kernel.org>
net: mdio: unexport __init-annotated mdio_bus_init()
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
Christian König <christian.koenig@amd.com>
drm/amdgpu: fix limiting AV1 to the first instance on VCN3
Maciej Fijalkowski <maciej.fijalkowski@intel.com>
xsk: Fix handling of invalid descriptors in XSK TX batching API
Gal Pressman <gal@nvidia.com>
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
Miaoqian Lin <linmq006@gmail.com>
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
Eric Dumazet <edumazet@google.com>
bpf, arm64: Clear prog->jited_len along prog->jited
Jan Beulich <jbeulich@suse.com>
x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
Lina Wang <lina.wang@mediatek.com>
selftests net: fix bpf build error
Kuniyuki Iwashima <kuniyu@amazon.com>
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
stmmac: intel: Fix an error handling path in intel_eth_pci_probe()
Masahiro Yamada <masahiroy@kernel.org>
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
Miaoqian Lin <linmq006@gmail.com>
net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
Taehee Yoo <ap420073@gmail.com>
amt: fix wrong type string definition
Taehee Yoo <ap420073@gmail.com>
amt: fix possible null-ptr-deref in amt_rcv()
Taehee Yoo <ap420073@gmail.com>
amt: fix wrong usage of pskb_may_pull()
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: bail out early if hardware offload is not supported
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: memleak flow rule from commit path
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: release new hooks on unsupported flowtable flags
Miaoqian Lin <linmq006@gmail.com>
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: always initialize flowtable hook list in transaction
Chuck Lever <chuck.lever@oracle.com>
SUNRPC: Trap RDMA segment overflows
Chuck Lever <chuck.lever@oracle.com>
NFSD: Fix potential use-after-free in nfsd_file_put()
Michael Ellerman <mpe@ellerman.id.au>
powerpc/kasan: Force thread size increase with KASAN
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: delete flowtable hooks via transaction list
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path
Florian Westphal <fw@strlen.de>
netfilter: nat: really support inet nat without l3 address
Vaibhav Jain <vaibhav@linux.ibm.com>
powerpc/papr_scm: don't requests stats with '0' sized stats buffer
Steven Price <steven.price@arm.com>
drm/panfrost: Job should reference MMU not file_priv
Marek Vasut <marex@denx.de>
drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid
Kinglong Mee <kinglongmee@gmail.com>
xprtrdma: treat all calls not a bcall when bc_serv is NULL
Chao Yu <chao@kernel.org>
f2fs: fix to tag gcing flag on page during file defragment
Daniel Bristot de Oliveira <bristot@kernel.org>
rtla/Makefile: Properly handle dependencies
Greg Ungerer <gerg@linux-m68k.org>
m68knommu: fix undefined reference to `mach_get_rtc_pll'
Liao Chang <liaochang1@huawei.com>
RISC-V: use memcpy for kexec_file mode
Yang Yingliang <yangyingliang@huawei.com>
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
Saurabh Sengar <ssengar@linux.microsoft.com>
video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1
Trond Myklebust <trond.myklebust@hammerspace.com>
NFSv4: Don't hold the layoutget locks across multiple RPC calls
Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
Greg Ungerer <gerg@linux-m68k.org>
m68knommu: fix undefined reference to `_init_sp'
Greg Ungerer <gerg@linux-m68k.org>
m68knommu: set ZERO_PAGE() to the allocated zeroed page
Lucas Tanure <tanureal@opensource.cirrus.com>
i2c: cadence: Increase timeout per message if necessary
Jaegeuk Kim <jaegeuk@kernel.org>
f2fs: avoid infinite loop to flush node pages
Dongliang Mu <mudongliangabcd@gmail.com>
f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
Yang Yingliang <yangyingliang@huawei.com>
iommu/arm-smmu-v3: check return value after calling platform_get_resource()
Yang Yingliang <yangyingliang@huawei.com>
iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
i2c: mediatek: Optimize master_xfer() and avoid circular locking
Mark-PK Tsai <mark-pk.tsai@mediatek.com>
tracing: Avoid adding tracer option before update_tracer_options
Jun Miao <jun.miao@intel.com>
tracing: Fix sleeping function called from invalid context on RT kernel
Jeff Xie <xiehuan09@gmail.com>
tracing: Make tp_printk work on syscall tracepoints
Masami Hiramatsu <mhiramat@kernel.org>
bootconfig: Make the bootconfig.o as a normal object file
Gong Yuanjun <ruc_gongyuanjun@163.com>
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
Dave Jiang <dave.jiang@intel.com>
dmaengine: idxd: set DMA_INTERRUPT cap bit
Linus Torvalds <torvalds@linux-foundation.org>
bluetooth: don't use bitmaps for random flag accesses
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP
Leo Yan <leo.yan@linaro.org>
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
Zhengjun Xing <zhengjun.xing@linux.intel.com>
perf record: Support sample-read topdown metric group for hybrid platforms
Kan Liang <kan.liang@linux.intel.com>
perf parse-events: Move slots event for the hybrid platform too
Kan Liang <kan.liang@linux.intel.com>
perf evsel: Fixes topdown events in a weak group for the hybrid platform
Saravana Kannan <saravanak@google.com>
driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
Hoang Le <hoang.h.le@dektech.com.au>
tipc: check attribute length for bearer name
Fei Qin <fei.qin@corigine.com>
nfp: remove padding in nfp_nfdk_tx_desc
Duoming Zhou <duoming@zju.edu.cn>
ax25: Fix ax25 session cleanup problems
Damien Le Moal <damien.lemoal@opensource.wdc.com>
scsi: sd: Fix potential NULL pointer dereference
Kuogee Hsieh <quic_khsieh@quicinc.com>
drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl()
David Howells <dhowells@redhat.com>
afs: Fix infinite loop found by xfstest generic/676
Haibo Chen <haibo.chen@nxp.com>
gpio: pca953x: use the correct register address to do regcache sync
Dan Carpenter <dan.carpenter@oracle.com>
net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6()
Aya Levin <ayal@nvidia.com>
net: ping6: Fix ping -6 with interface name
Fabien Parent <fparent@baylibre.com>
regulator: mt6315-regulator: fix invalid allowed mode
Alexander Gordeev <agordeev@linux.ibm.com>
s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
Dan Carpenter <dan.carpenter@oracle.com>
octeontx2-af: fix error code in is_valid_offset()
Hangbin Liu <liuhangbin@gmail.com>
bonding: guard ns_targets by CONFIG_IPV6
Jason Wang <jasowang@redhat.com>
vdpa: ifcvf: set pci driver data in probe
Eric Dumazet <edumazet@google.com>
tcp: tcp_rtx_synack() can be called from process context
Guoju Fang <gjfang@linux.alibaba.com>
net: sched: add barrier to fix packet stuck problem for lockless qdisc
Maxim Mikityanskiy <maximmi@nvidia.com>
net/mlx5e: Update netdev features after changing XDP state
Changcheng Liu <jerrliu@nvidia.com>
net/mlx5: correct ECE offset in query qp output
Maxim Mikityanskiy <maximmi@nvidia.com>
net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition
Paul Blakey <paulb@nvidia.com>
net/mlx5: CT: Fix header-rewrite re-use for tupels
Maor Dickman <maord@nvidia.com>
net/mlx5e: TC NIC mode, fix tc chains miss table
Leon Romanovsky <leon@kernel.org>
net/mlx5: Don't use already freed action pointer
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
virtio: pci: Fix an error handling path in vp_modern_probe()
Eli Cohen <elic@nvidia.com>
vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit
Weizhao Ouyang <o451686892@gmail.com>
erofs: fix 'backmost' member of z_erofs_decompress_frontend
Hangbin Liu <liuhangbin@gmail.com>
bonding: show NS IPv6 targets in proc master info
Viorel Suman <viorel.suman@nxp.com>
net: phy: at803x: disable WOL at probe
Haisu Wang <haisuwang@tencent.com>
blk-mq: do not update io_ticks with passthrough requests
Peter Zijlstra <peterz@infradead.org>
sched/autogroup: Fix sysctl move
Jens Axboe <axboe@kernel.dk>
block: make bioset_exit() fully resilient against being called twice
Íñigo Huguet <ihuguet@redhat.com>
sfc: fix wrong tx channel offset with efx_separate_tx_channels
Martin Habets <habetsm.xilinx@gmail.com>
sfc: fix considering that all channels have TX queues
Hangbin Liu <liuhangbin@gmail.com>
bonding: NS target should accept link local address
Christoph Hellwig <hch@lst.de>
block: use bio_queue_enter instead of blk_queue_enter in bio_poll
Yu Xiao <yu.xiao@corigine.com>
nfp: only report pause frame configuration for physical device
Eric Dumazet <edumazet@google.com>
tcp: add accessors to read/set tp->snd_cwnd
Guangguan Wang <guangguan.wang@linux.alibaba.com>
net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *"
Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
riscv: read-only pages should not be writable
Zhang Wensheng <zhangwensheng5@huawei.com>
nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
Yu Kuai <yukuai3@huawei.com>
nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed
Christoph Hellwig <hch@lst.de>
block: take destination bvec offsets into account in bio_copy_data_iter
Menglong Dong <imagedong@tencent.com>
bpf: Fix probe read error in ___bpf_prog_run()
Song Liu <song@kernel.org>
selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
Zhihao Cheng <chengzhihao1@huawei.com>
ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty
Baokun Li <libaokun1@huawei.com>
jffs2: fix memory leak in jffs2_do_fill_super
Genjian Zhang <zhanggenjian123@gmail.com>
ep93xx: clock: Do not return the address of the freed memory
Christoph Hellwig <hch@lst.de>
block, loop: support partitions without scanning
Alexander Lobakin <alexandr.lobakin@intel.com>
modpost: fix removing numeric suffixes
Miaoqian Lin <linmq006@gmail.com>
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
Miaoqian Lin <linmq006@gmail.com>
net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
Dan Carpenter <dan.carpenter@oracle.com>
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
Vincent Ray <vray@kalrayinc.com>
net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
Michael Walle <michael@walle.cc>
net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE
Dan Carpenter <dan.carpenter@oracle.com>
drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
Eddie James <eajames@linux.ibm.com>
spi: fsi: Fix spurious timeout
liuyacan <liuyacan@corp.netease.com>
net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable
Siddharth Vadapalli <s-vadapalli@ti.com>
net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create()
Taehee Yoo <ap420073@gmail.com>
amt: fix possible memory leak in amt_rcv()
Taehee Yoo <ap420073@gmail.com>
amt: fix return value of amt_update_handler()
Jann Horn <jannh@google.com>
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
Christoph Hellwig <hch@lst.de>
scsi: sd: Don't call blk_cleanup_disk() in sd_probe()
Shengjiu Wang <shengjiu.wang@nxp.com>
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
Ming Lei <ming.lei@redhat.com>
blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx
Miaoqian Lin <linmq006@gmail.com>
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
Miaoqian Lin <linmq006@gmail.com>
watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking
Zhang Wensheng <zhangwensheng5@huawei.com>
driver core: fix deadlock in __device_attach
Schspa Shi <schspa@gmail.com>
driver: base: fix UAF when driver_attach failed
Tony Lindgren <tony@atomide.com>
bus: ti-sysc: Fix warnings for unbind for serial
Miaoqian Lin <linmq006@gmail.com>
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: stm32-usart: Correct CSIZE, bits, and parity
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: sifive: Sanitize CSIZE and c_iflag
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: sh-sci: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: txx9: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: rda-uart: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: digicolor-usart: Don't allow CS5-6
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: uartlite: Fix BRKINT clearing
YueHaibing <yuehaibing@huawei.com>
serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
John Ogness <john.ogness@linutronix.de>
serial: meson: acquire port->lock in startup()
Jiasheng Jiang <jiasheng@iscas.ac.cn>
staging: r8188eu: add check for kzalloc
Miaoqian Lin <linmq006@gmail.com>
rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe
Yang Yingliang <yangyingliang@huawei.com>
rtc: mt6397: check return value after calling platform_get_resource()
Howard Chiu <howard_chiu@aspeedtech.com>
ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1
Samuel Holland <samuel@sholland.org>
clocksource/drivers/riscv: Events are stopped during CPU suspend
Miaoqian Lin <linmq006@gmail.com>
soc: rockchip: Fix refcount leak in rockchip_grf_init
Nícolas F. R. A. Prado <nfraprado@collabora.com>
dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x
Li Jun <jun.li@nxp.com>
extcon: ptn5150: Add queue work sync before driver release
Xin Xiong <xiongx18@fudan.edu.cn>
ksmbd: fix reference count leak in smb_check_perm_dacl()
Guilherme G. Piccoli <gpiccoli@igalia.com>
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
soundwire: qcom: return error when pm_runtime_get_sync fails
Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
soundwire: intel: prevent pm_runtime resume prior to system suspend
Biju Das <biju.das.jz@bp.renesas.com>
watchdog: rzg2l_wdt: Fix reset control imbalance
Biju Das <biju.das.jz@bp.renesas.com>
watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context'
Biju Das <biju.das.jz@bp.renesas.com>
watchdog: rzg2l_wdt: Fix Runtime PM usage
Biju Das <biju.das.jz@bp.renesas.com>
watchdog: rzg2l_wdt: Fix 32bit overflow issue
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
export: fix string handling of namespace in EXPORT_SYMBOL_NS
Maciej W. Rozycki <macro@orcam.me.uk>
serial: sifive: Report actual baud base rather than fixed 115200
Linus Walleij <linus.walleij@linaro.org>
power: supply: ab8500_fg: Allocate wq in probe
Hans de Goede <hdegoede@redhat.com>
power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk
Hans de Goede <hdegoede@redhat.com>
power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1
Linus Walleij <linus.walleij@linaro.org>
power: supply: core: Initialize struct to zero
Johan Hovold <johan+linaro@kernel.org>
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
Guilherme G. Piccoli <gpiccoli@igalia.com>
misc/pvpanic: Convert regular spinlock into trylock on panic path
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
Cixi Geng <cixi.geng1@unisoc.com>
iio: adc: sc27xx: Fine tune the scale calibration values
Cixi Geng <cixi.geng1@unisoc.com>
iio: adc: sc27xx: fix read big scale voltage not right
Miaoqian Lin <linmq006@gmail.com>
iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout
Miaoqian Lin <linmq006@gmail.com>
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl
Hangyu Hua <hbh25y@gmail.com>
rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev()
Hangyu Hua <hbh25y@gmail.com>
rpmsg: virtio: Fix possible double free in rpmsg_probe()
Bjorn Andersson <bjorn.andersson@linaro.org>
usb: typec: mux: Check dev_set_name() return value
Xiaomeng Tong <xiam0nd.tong@gmail.com>
firmware: stratix10-svc: fix a missing check on list iterator
Xiaomeng Tong <xiam0nd.tong@gmail.com>
misc: fastrpc: fix an incorrect NULL check on list iterator
SeongJae Park <sj@kernel.org>
scripts/get_abi: Fix wrong script file name in the help message
Zheng Yongjun <zhengyongjun3@huawei.com>
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
Wesley Cheng <quic_wcheng@quicinc.com>
usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
pwm: raspberrypi-poe: Fix endianness in firmware struct
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
pwm: lp3943: Fix duty calculation in case period was clamped
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
Miaoqian Lin <linmq006@gmail.com>
usb: musb: Fix missing of_node_put() in omap2430_probe
Lin Ma <linma@zju.edu.cn>
USB: storage: karma: fix rio_karma_init return
Niels Dossche <dossche.niels@gmail.com>
usb: usbip: add missing device lock on tweak configuration cmd
Hangyu Hua <hbh25y@gmail.com>
usb: usbip: fix a refcount leak in stub_probe()
Michael Straube <straube.linux@gmail.com>
staging: r8188eu: fix struct rt_firmware_hdr
Samuel Holland <samuel@sholland.org>
phy: rockchip-inno-usb2: Fix muxed interrupt support
Peng Fan <peng.fan@nxp.com>
remoteproc: imx_rproc: Ignore create mem entry for resource table
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
Miaoqian Lin <linmq006@gmail.com>
serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe
Daniel Gibson <daniel@gibson.sh>
tty: n_tty: Restore EOF push handling behavior
Miaoqian Lin <linmq006@gmail.com>
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
Wang Weiyang <wangweiyang2@huawei.com>
tty: goldfish: Use tty_port_destroy() to destroy port
Christophe Leroy <christophe.leroy@csgroup.eu>
lkdtm/bugs: Don't expect thread termination without CONFIG_UBSAN_TRAP
Jiasheng Jiang <jiasheng@iscas.ac.cn>
lkdtm/bugs: Check for the NULL pointer after calling kmalloc
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
remoteproc: mtk_scp: Fix a potential double free
Tinghan Shen <tinghan.shen@mediatek.com>
remoteproc: mediatek: Fix side effect of mt8195 sram power on
Dan Carpenter <dan.carpenter@oracle.com>
soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled()
Alexandru Tachici <alexandru.tachici@analog.com>
iio: adc: ad7124: Remove shift from scan_type
Jakob Koschel <jakobkoschel@gmail.com>
staging: greybus: codecs: fix type confusion of list iterator variable
Randy Dunlap <rdunlap@infradead.org>
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
-------------
Diffstat:
Documentation/ABI/testing/sysfs-ata | 11 +-
.../bindings/regulator/mt6315-regulator.yaml | 4 +-
.../devicetree/bindings/remoteproc/mtk,scp.yaml | 44 ++--
Documentation/tools/rtla/Makefile | 14 +-
Makefile | 4 +-
arch/arm/boot/dts/aspeed-ast2600-evb.dts | 4 +-
arch/arm/mach-ep93xx/clock.c | 10 +-
arch/arm64/net/bpf_jit_comp.c | 1 +
arch/m68k/Kconfig.machine | 1 +
arch/m68k/include/asm/pgtable_no.h | 3 +-
arch/m68k/kernel/setup_mm.c | 7 -
arch/m68k/kernel/setup_no.c | 1 -
arch/m68k/kernel/time.c | 9 +
arch/mips/kernel/mips-cpc.c | 1 +
arch/powerpc/Kconfig | 2 -
arch/powerpc/include/asm/thread_info.h | 10 +-
arch/powerpc/kernel/ptrace/ptrace-fpu.c | 20 +-
arch/powerpc/kernel/ptrace/ptrace.c | 3 +
arch/powerpc/platforms/pseries/papr_scm.c | 3 +
arch/riscv/kernel/efi.c | 2 +-
arch/riscv/kernel/machine_kexec.c | 4 +-
arch/s390/crypto/aes_s390.c | 4 +-
arch/s390/kernel/entry.S | 6 +-
arch/s390/mm/gmap.c | 14 ++
arch/um/drivers/chan_kern.c | 10 +-
arch/um/drivers/line.c | 22 +-
arch/um/drivers/line.h | 4 +-
arch/um/drivers/ssl.c | 2 -
arch/um/drivers/stdio_console.c | 2 -
arch/um/include/asm/irq.h | 22 +-
arch/x86/include/asm/cpufeature.h | 2 +-
arch/x86/include/asm/uaccess.h | 2 +-
arch/x86/kvm/mmu/mmu.c | 2 +-
arch/x86/kvm/svm/nested.c | 4 +-
arch/x86/kvm/svm/svm.c | 32 ++-
arch/x86/kvm/svm/svm.h | 2 +-
block/bio.c | 9 +-
block/blk-core.c | 2 +-
block/blk-mq.c | 10 +-
block/genhd.c | 2 +
drivers/ata/libata-core.c | 21 +-
drivers/ata/libata-scsi.c | 2 +-
drivers/ata/libata-transport.c | 2 +-
drivers/ata/pata_octeon_cf.c | 3 +
drivers/base/bus.c | 4 +-
drivers/base/dd.c | 10 +-
drivers/block/loop.c | 8 +-
drivers/block/nbd.c | 78 ++++---
drivers/bus/ti-sysc.c | 4 +-
drivers/char/hw_random/virtio-rng.c | 2 +
drivers/char/random.c | 15 +-
drivers/char/xillybus/xillyusb.c | 1 +
drivers/clocksource/timer-oxnas-rps.c | 2 +-
drivers/clocksource/timer-riscv.c | 2 +-
drivers/clocksource/timer-sp804.c | 10 +-
drivers/dma/idxd/dma.c | 1 +
drivers/dma/xilinx/zynqmp_dma.c | 5 +-
drivers/extcon/extcon-axp288.c | 4 +-
drivers/extcon/extcon-ptn5150.c | 11 +
drivers/extcon/extcon.c | 33 +--
drivers/firmware/dmi-sysfs.c | 2 +-
drivers/firmware/stratix10-svc.c | 12 +-
drivers/gpio/gpio-pca953x.c | 19 +-
drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 6 +-
drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 1 +
drivers/gpu/drm/amd/amdgpu/nv.c | 1 +
drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 17 +-
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +-
.../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 5 +-
.../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 3 +-
.../gpu/drm/amd/display/dc/dce/dce_clock_source.c | 9 +-
drivers/gpu/drm/amd/display/dc/dml/dml_wrapper.c | 2 -
.../drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 57 +++--
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 +
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +-
.../gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 3 +
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 42 +++-
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 2 +-
drivers/gpu/drm/drm_atomic_helper.c | 16 +-
drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +-
drivers/gpu/drm/msm/dp/dp_ctrl.c | 9 +-
drivers/gpu/drm/panfrost/panfrost_drv.c | 5 +-
drivers/gpu/drm/panfrost/panfrost_job.c | 6 +-
drivers/gpu/drm/panfrost/panfrost_job.h | 2 +-
drivers/gpu/drm/radeon/radeon_connectors.c | 4 +
drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 +-
drivers/i2c/busses/i2c-cadence.c | 12 +-
drivers/i2c/busses/i2c-mt65xx.c | 11 +-
drivers/idle/intel_idle.c | 32 ++-
drivers/iio/adc/ad7124.c | 1 -
drivers/iio/adc/sc27xx_adc.c | 20 +-
drivers/iio/adc/stmpe-adc.c | 8 +-
drivers/iio/common/st_sensors/st_sensors_core.c | 24 +-
drivers/iio/dummy/iio_simple_dummy.c | 20 +-
drivers/iio/proximity/vl53l0x-i2c.c | 7 +-
drivers/input/mouse/bcm5974.c | 7 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +
drivers/iommu/arm/arm-smmu/arm-smmu.c | 5 +-
drivers/md/md.c | 15 +-
drivers/md/raid0.c | 31 +--
drivers/misc/cardreader/rtsx_usb.c | 1 +
drivers/misc/fastrpc.c | 9 +-
drivers/misc/lkdtm/bugs.c | 10 +-
drivers/misc/lkdtm/lkdtm.h | 8 +-
drivers/misc/lkdtm/usercopy.c | 17 +-
drivers/misc/pvpanic/pvpanic.c | 10 +-
drivers/mmc/core/block.c | 3 +-
drivers/mmc/host/sdhci-pci-gli.c | 3 +
drivers/mtd/ubi/fastmap-wl.c | 69 ++++--
drivers/mtd/ubi/fastmap.c | 11 -
drivers/mtd/ubi/ubi.h | 4 +-
drivers/mtd/ubi/vmt.c | 1 -
drivers/mtd/ubi/wl.c | 19 +-
drivers/net/amt.c | 59 +++--
drivers/net/bonding/bond_main.c | 2 +
drivers/net/bonding/bond_netlink.c | 5 -
drivers/net/bonding/bond_options.c | 10 +-
drivers/net/bonding/bond_procfs.c | 15 ++
drivers/net/dsa/lantiq_gswip.c | 4 +-
drivers/net/dsa/mv88e6xxx/chip.c | 1 +
drivers/net/dsa/mv88e6xxx/serdes.c | 27 +--
drivers/net/dsa/realtek/rtl8365mb.c | 38 +--
drivers/net/ethernet/altera/altera_tse_main.c | 6 +-
drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +-
.../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 2 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/dev.c | 72 ++++--
.../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 +
drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 2 +
drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 1 +
.../ethernet/mellanox/mlx5/core/en/reporter_rx.c | 6 +
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 19 +-
drivers/net/ethernet/mellanox/mlx5/core/en/trap.c | 1 +
.../net/ethernet/mellanox/mlx5/core/en/xsk/pool.c | 1 +
.../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 5 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 29 ++-
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 31 +--
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 38 ++-
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 37 ++-
drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 +-
.../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 +
.../ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 +-
.../net/ethernet/microchip/lan966x/lan966x_main.c | 9 +-
.../net/ethernet/netronome/nfp/flower/conntrack.c | 32 +--
drivers/net/ethernet/netronome/nfp/flower/match.c | 16 +-
drivers/net/ethernet/netronome/nfp/nfdk/dp.c | 12 +-
drivers/net/ethernet/netronome/nfp/nfdk/nfdk.h | 3 +-
drivers/net/ethernet/netronome/nfp/nfp_net.h | 11 +-
.../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 +-
drivers/net/ethernet/sfc/efx_channels.c | 6 +-
drivers/net/ethernet/sfc/net_driver.h | 2 +-
drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 4 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 8 +-
drivers/net/phy/at803x.c | 33 ++-
drivers/net/phy/dp83867.c | 29 +++
drivers/net/phy/mdio_bus.c | 1 -
drivers/nfc/st21nfca/se.c | 53 +++--
drivers/pci/controller/pcie-brcmstb.c | 257 +++------------------
drivers/pcmcia/Kconfig | 2 +-
drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +-
drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 +-
drivers/platform/x86/barco-p50-gpio.c | 5 +-
drivers/platform/x86/hp-wmi.c | 29 ++-
drivers/power/supply/ab8500_fg.c | 19 +-
drivers/power/supply/axp288_charger.c | 17 +-
drivers/power/supply/axp288_fuel_gauge.c | 41 +++-
drivers/power/supply/charger-manager.c | 7 +-
drivers/power/supply/max8997_charger.c | 8 +-
drivers/power/supply/power_supply_core.c | 2 +-
drivers/pwm/pwm-lp3943.c | 1 +
drivers/pwm/pwm-raspberrypi-poe.c | 2 +-
drivers/remoteproc/imx_rproc.c | 3 +
drivers/remoteproc/mtk_common.h | 2 +
drivers/remoteproc/mtk_scp.c | 70 ++++--
drivers/rpmsg/qcom_smd.c | 4 +-
drivers/rpmsg/virtio_rpmsg_bus.c | 9 +-
drivers/rtc/rtc-ftrtc010.c | 34 ++-
drivers/rtc/rtc-mt6397.c | 2 +
drivers/scsi/lpfc/lpfc_crtn.h | 4 +-
drivers/scsi/lpfc/lpfc_ct.c | 2 +-
drivers/scsi/lpfc/lpfc_init.c | 2 +-
drivers/scsi/lpfc/lpfc_nvme.c | 6 +-
drivers/scsi/lpfc/lpfc_scsi.c | 6 +
drivers/scsi/lpfc/lpfc_sli.c | 25 +-
drivers/scsi/myrb.c | 11 +-
drivers/scsi/sd.c | 5 +-
drivers/soc/rockchip/grf.c | 2 +
drivers/soundwire/intel.c | 3 +
drivers/soundwire/qcom.c | 6 +-
drivers/spi/spi-fsi.c | 12 +-
drivers/staging/fieldbus/anybuss/host.c | 2 +-
drivers/staging/greybus/audio_codec.c | 4 +-
drivers/staging/r8188eu/core/rtw_fw.c | 2 +-
drivers/staging/r8188eu/core/rtw_mlme.c | 6 +-
drivers/staging/r8188eu/core/rtw_xmit.c | 13 +-
drivers/staging/r8188eu/include/rtw_xmit.h | 2 +-
drivers/staging/rtl8192e/rtllib_softmac.c | 2 +-
.../staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +-
drivers/staging/rtl8712/os_intfs.c | 1 -
drivers/staging/rtl8712/usb_intf.c | 12 +-
drivers/staging/rtl8712/usb_ops.c | 27 ++-
drivers/staging/rtl8723bs/core/rtw_mlme.c | 12 +-
drivers/thunderbolt/tb.c | 19 +-
drivers/thunderbolt/test.c | 16 +-
drivers/thunderbolt/tunnel.c | 11 +-
drivers/thunderbolt/tunnel.h | 4 +-
drivers/tty/goldfish.c | 2 +
drivers/tty/n_tty.c | 38 ++-
drivers/tty/serial/8250/8250_aspeed_vuart.c | 2 +
drivers/tty/serial/8250/8250_fintek.c | 8 +-
drivers/tty/serial/8250/8250_mtk.c | 7 -
drivers/tty/serial/cpm_uart/cpm_uart_core.c | 2 +-
drivers/tty/serial/digicolor-usart.c | 2 +
drivers/tty/serial/fsl_lpuart.c | 24 +-
drivers/tty/serial/icom.c | 2 +-
drivers/tty/serial/meson_uart.c | 13 ++
drivers/tty/serial/msm_serial.c | 5 +
drivers/tty/serial/owl-uart.c | 1 +
drivers/tty/serial/rda-uart.c | 2 +
drivers/tty/serial/sa1100.c | 4 +-
drivers/tty/serial/serial_txx9.c | 2 +
drivers/tty/serial/sh-sci.c | 6 +-
drivers/tty/serial/sifive.c | 8 +-
drivers/tty/serial/st-asc.c | 4 +
drivers/tty/serial/stm32-usart.c | 15 +-
drivers/tty/serial/uartlite.c | 3 +-
drivers/tty/synclink_gt.c | 2 +
drivers/tty/sysrq.c | 13 +-
drivers/usb/core/hcd-pci.c | 4 +-
drivers/usb/dwc2/gadget.c | 1 -
drivers/usb/dwc3/drd.c | 9 +-
drivers/usb/dwc3/dwc3-pci.c | 2 +-
drivers/usb/dwc3/gadget.c | 31 ++-
drivers/usb/dwc3/host.c | 2 -
drivers/usb/host/isp116x-hcd.c | 6 +-
drivers/usb/host/oxu210hp-hcd.c | 2 +
drivers/usb/musb/omap2430.c | 1 +
drivers/usb/phy/phy-omap-otg.c | 4 +-
drivers/usb/storage/karma.c | 15 +-
drivers/usb/typec/mux.c | 14 +-
drivers/usb/typec/tcpm/fusb302.c | 4 +-
drivers/usb/usbip/stub_dev.c | 2 +-
drivers/usb/usbip/stub_rx.c | 2 +
drivers/vdpa/ifcvf/ifcvf_main.c | 3 +-
drivers/vdpa/vdpa.c | 13 +-
drivers/vdpa/vdpa_user/vduse_dev.c | 7 +-
drivers/vhost/vringh.c | 10 +-
drivers/video/fbdev/hyperv_fb.c | 19 +-
drivers/video/fbdev/pxa3xx-gcu.c | 12 +-
drivers/virtio/virtio_pci_modern_dev.c | 1 +
drivers/watchdog/rti_wdt.c | 2 +-
drivers/watchdog/rzg2l_wdt.c | 46 ++--
drivers/watchdog/ts4800_wdt.c | 5 +-
drivers/watchdog/wdat_wdt.c | 1 +
drivers/xen/xlate_mmu.c | 1 -
fs/afs/dir.c | 5 +-
fs/ceph/addr.c | 33 +--
fs/ceph/mds_client.c | 33 ++-
fs/ceph/xattr.c | 10 +-
fs/cifs/cifs_swn.c | 4 +-
fs/cifs/cifsencrypt.c | 8 +-
fs/cifs/cifsfs.c | 2 +-
fs/cifs/cifsfs.h | 2 +-
fs/cifs/cifsglob.h | 24 +-
fs/cifs/connect.c | 30 +--
fs/cifs/dfs_cache.c | 4 +-
fs/cifs/misc.c | 27 ++-
fs/cifs/sess.c | 11 +-
fs/cifs/smb1ops.c | 6 +-
fs/cifs/smb2ops.c | 7 +-
fs/cifs/smb2pdu.c | 9 +-
fs/cifs/smbdirect.c | 4 +-
fs/cifs/transport.c | 40 ++--
fs/erofs/zdata.c | 2 +-
fs/f2fs/checkpoint.c | 12 +-
fs/f2fs/f2fs.h | 23 +-
fs/f2fs/file.c | 1 +
fs/f2fs/node.c | 23 +-
fs/fs-writeback.c | 37 ++-
fs/inode.c | 2 +-
fs/jffs2/fs.c | 1 +
fs/kernfs/dir.c | 31 ++-
fs/ksmbd/smbacl.c | 1 +
fs/ksmbd/transport_rdma.c | 1 +
fs/nfs/nfs4proc.c | 4 +
fs/nfsd/filecache.c | 9 +-
fs/zonefs/super.c | 11 +-
include/linux/blkdev.h | 1 +
include/linux/export.h | 7 +-
include/linux/extcon.h | 2 +-
include/linux/iio/common/st_sensors.h | 3 +
include/linux/jump_label.h | 4 +-
include/linux/mlx5/mlx5_ifc.h | 5 +-
include/linux/nodemask.h | 38 +--
include/linux/random.h | 2 +-
include/linux/xarray.h | 1 +
include/net/ax25.h | 1 +
include/net/bluetooth/hci_core.h | 17 +-
include/net/bonding.h | 6 +
include/net/flow_offload.h | 1 +
include/net/netfilter/nf_tables.h | 1 -
include/net/netfilter/nf_tables_offload.h | 2 +-
include/net/sch_generic.h | 42 ++--
include/net/tcp.h | 19 +-
include/trace/events/tcp.h | 2 +-
kernel/bpf/core.c | 14 +-
kernel/sched/autogroup.c | 2 +-
kernel/trace/trace.c | 13 +-
kernel/trace/trace_syscalls.c | 35 +--
lib/Makefile | 2 +-
lib/iov_iter.c | 20 +-
lib/nodemask.c | 4 +-
lib/xarray.c | 5 +-
mm/filemap.c | 9 +-
mm/huge_memory.c | 3 +-
net/ax25/af_ax25.c | 27 ++-
net/ax25/ax25_dev.c | 1 +
net/ax25/ax25_subr.c | 2 +-
net/bluetooth/hci_core.c | 4 +-
net/bluetooth/hci_request.c | 2 +-
net/bluetooth/hci_sync.c | 62 +++--
net/bluetooth/mgmt.c | 45 ++--
net/core/filter.c | 2 +-
net/core/flow_offload.c | 6 +
net/core/neighbour.c | 2 +-
net/ipv4/inet_hashtables.c | 10 +-
net/ipv4/ip_gre.c | 11 +-
net/ipv4/tcp.c | 8 +-
net/ipv4/tcp_bbr.c | 20 +-
net/ipv4/tcp_bic.c | 14 +-
net/ipv4/tcp_cdg.c | 30 +--
net/ipv4/tcp_cong.c | 18 +-
net/ipv4/tcp_cubic.c | 22 +-
net/ipv4/tcp_dctcp.c | 11 +-
net/ipv4/tcp_highspeed.c | 18 +-
net/ipv4/tcp_htcp.c | 10 +-
net/ipv4/tcp_hybla.c | 18 +-
net/ipv4/tcp_illinois.c | 12 +-
net/ipv4/tcp_input.c | 36 +--
net/ipv4/tcp_ipv4.c | 2 +-
net/ipv4/tcp_lp.c | 6 +-
net/ipv4/tcp_metrics.c | 12 +-
net/ipv4/tcp_nv.c | 24 +-
net/ipv4/tcp_output.c | 34 +--
net/ipv4/tcp_rate.c | 2 +-
net/ipv4/tcp_scalable.c | 4 +-
net/ipv4/tcp_vegas.c | 21 +-
net/ipv4/tcp_veno.c | 24 +-
net/ipv4/tcp_westwood.c | 3 +-
net/ipv4/tcp_yeah.c | 30 +--
net/ipv4/xfrm4_protocol.c | 1 -
net/ipv6/ping.c | 8 +-
net/ipv6/seg6_hmac.c | 1 -
net/ipv6/seg6_local.c | 1 +
net/ipv6/tcp_ipv6.c | 2 +-
net/key/af_key.c | 10 +-
net/netfilter/nf_tables_api.c | 54 ++---
net/netfilter/nf_tables_offload.c | 23 +-
net/netfilter/nft_nat.c | 3 +-
net/openvswitch/actions.c | 6 +
net/openvswitch/conntrack.c | 4 +-
net/sched/act_ct.c | 2 +-
net/smc/af_smc.c | 1 +
net/smc/smc_cdc.c | 2 +-
net/sunrpc/xdr.c | 6 +-
net/sunrpc/xprtrdma/rpc_rdma.c | 5 +
net/sunrpc/xprtrdma/svc_rdma_rw.c | 4 +-
net/tipc/bearer.c | 3 +-
net/unix/af_unix.c | 2 +-
net/xdp/xsk.c | 5 +-
net/xdp/xsk_queue.h | 8 -
scripts/gdb/linux/config.py | 6 +-
scripts/get_abi.pl | 4 +-
scripts/mod/modpost.c | 5 +-
security/keys/trusted-keys/trusted_tpm2.c | 4 +-
sound/pci/hda/patch_conexant.c | 7 +
sound/pci/hda/patch_realtek.c | 2 +
sound/soc/amd/acp/acp-pci.c | 1 +
sound/soc/codecs/rt5640.c | 11 +-
sound/soc/codecs/rt5640.h | 2 +
sound/soc/fsl/fsl_sai.h | 4 +-
sound/soc/intel/boards/bytcr_rt5640.c | 2 +
sound/usb/pcm.c | 5 +-
sound/usb/quirks-table.h | 7 +-
tools/objtool/check.c | 3 +-
tools/perf/arch/x86/util/evlist.c | 5 +-
tools/perf/arch/x86/util/evsel.c | 24 +-
tools/perf/arch/x86/util/evsel.h | 7 +
tools/perf/arch/x86/util/topdown.c | 46 ++--
tools/perf/arch/x86/util/topdown.h | 7 +
tools/perf/builtin-c2c.c | 4 +-
.../selftests/bpf/progs/test_stacktrace_build_id.c | 2 +-
tools/testing/selftests/net/bpf/Makefile | 4 +-
tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++
tools/tracing/rtla/Makefile | 35 +++
400 files changed, 2758 insertions(+), 1806 deletions(-)
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 001/339] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 002/339] staging: greybus: codecs: fix type confusion of list iterator variable Greg Kroah-Hartman
` (339 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Randy Dunlap, kernel test robot,
Arnd Bergmann, Daniel Vetter, Kees Cook, Thomas Bogendoerfer,
linux-mips, Manuel Lauss, Dominik Brodowski, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 3928cf08334ed895a31458cbebd8d4ec6d84c080 ]
When the MIPS_ALCHEMY board selection is MIPS_XXS1500 instead of
MIPS_DB1XXX, the PCMCIA driver 'db1xxx_ss' has build errors due
to missing DB1XXX symbols. The PCMCIA driver should be restricted
to MIPS_DB1XXX instead of MIPS_ALCHEMY to fix this build error.
ERROR: modpost: "bcsr_read" [drivers/pcmcia/db1xxx_ss.ko] undefined!
ERROR: modpost: "bcsr_mod" [drivers/pcmcia/db1xxx_ss.ko] undefined!
Fixes: 42a4f17dc356 ("MIPS: Alchemy: remove SOC_AU1X00 in favor of MIPS_ALCHEMY")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: linux-mips@vger.kernel.org
Acked-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pcmcia/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pcmcia/Kconfig b/drivers/pcmcia/Kconfig
index 2ce261cfff8e..89e4511e9c43 100644
--- a/drivers/pcmcia/Kconfig
+++ b/drivers/pcmcia/Kconfig
@@ -151,7 +151,7 @@ config TCIC
config PCMCIA_ALCHEMY_DEVBOARD
tristate "Alchemy Db/Pb1xxx PCMCIA socket services"
- depends on MIPS_ALCHEMY && PCMCIA
+ depends on MIPS_DB1XXX && PCMCIA
help
Enable this driver of you want PCMCIA support on your Alchemy
Db1000, Db/Pb1100, Db/Pb1500, Db/Pb1550, Db/Pb1200, DB1300
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 002/339] staging: greybus: codecs: fix type confusion of list iterator variable
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 001/339] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 003/339] iio: adc: ad7124: Remove shift from scan_type Greg Kroah-Hartman
` (338 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Vaibhav Agarwal,
Mark Greer, Jakob Koschel, Sasha Levin
From: Jakob Koschel <jakobkoschel@gmail.com>
[ Upstream commit 84ef256550196bc06e6849a34224c998b45bd557 ]
If the list does not exit early then data == NULL and 'module' does not
point to a valid list element.
Using 'module' in such a case is not valid and was therefore removed.
Fixes: 6dd67645f22c ("greybus: audio: Use single codec driver registration")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Vaibhav Agarwal <vaibhav.sr@gmail.com>
Reviewed-by: Mark Greer <mgreer@animalcreek.com>
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Link: https://lore.kernel.org/r/20220321123626.3068639-1-jakobkoschel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/greybus/audio_codec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/greybus/audio_codec.c b/drivers/staging/greybus/audio_codec.c
index b589cf6b1d03..e19b91e7a72e 100644
--- a/drivers/staging/greybus/audio_codec.c
+++ b/drivers/staging/greybus/audio_codec.c
@@ -599,8 +599,8 @@ static int gbcodec_mute_stream(struct snd_soc_dai *dai, int mute, int stream)
break;
}
if (!data) {
- dev_err(dai->dev, "%s:%s DATA connection missing\n",
- dai->name, module->name);
+ dev_err(dai->dev, "%s DATA connection missing\n",
+ dai->name);
mutex_unlock(&codec->lock);
return -ENODEV;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 003/339] iio: adc: ad7124: Remove shift from scan_type
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 001/339] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 002/339] staging: greybus: codecs: fix type confusion of list iterator variable Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 004/339] soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled() Greg Kroah-Hartman
` (337 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexandru Tachici, Jonathan Cameron,
Sasha Levin
From: Alexandru Tachici <alexandru.tachici@analog.com>
[ Upstream commit fe78ccf79b0e29fd6d8dc2e2c3b0dbeda4ce3ad8 ]
The 24 bits data is stored in 32 bits in BE. There
is no need to shift it. This confuses user-space apps.
Fixes: b3af341bbd966 ("iio: adc: Add ad7124 support")
Signed-off-by: Alexandru Tachici <alexandru.tachici@analog.com>
Link: https://lore.kernel.org/r/20220322105029.86389-2-alexandru.tachici@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/ad7124.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c
index c47ead15f6e5..3752b2c88959 100644
--- a/drivers/iio/adc/ad7124.c
+++ b/drivers/iio/adc/ad7124.c
@@ -188,7 +188,6 @@ static const struct iio_chan_spec ad7124_channel_template = {
.sign = 'u',
.realbits = 24,
.storagebits = 32,
- .shift = 8,
.endianness = IIO_BE,
},
};
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 004/339] soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 003/339] iio: adc: ad7124: Remove shift from scan_type Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 005/339] remoteproc: mediatek: Fix side effect of mt8195 sram power on Greg Kroah-Hartman
` (336 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Vinod Koul, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit d146de3430d2b21054f6dc8a890f84062515f4d2 ]
The logical AND && is supposed to be bitwise AND & so it will sometimes
print "connected" instead of "disconnected".
Fixes: 74e79da9fd46 ("soundwire: qcom: add runtime pm support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20220307125814.GD16710@kili
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/qcom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soundwire/qcom.c b/drivers/soundwire/qcom.c
index da1ad7ebb1aa..dd9f67f895b2 100644
--- a/drivers/soundwire/qcom.c
+++ b/drivers/soundwire/qcom.c
@@ -1452,7 +1452,7 @@ static bool swrm_wait_for_frame_gen_enabled(struct qcom_swrm_ctrl *swrm)
} while (retry--);
dev_err(swrm->dev, "%s: link status not %s\n", __func__,
- comp_sts && SWRM_FRM_GEN_ENABLED ? "connected" : "disconnected");
+ comp_sts & SWRM_FRM_GEN_ENABLED ? "connected" : "disconnected");
return false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 005/339] remoteproc: mediatek: Fix side effect of mt8195 sram power on
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 004/339] soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 006/339] remoteproc: mtk_scp: Fix a potential double free Greg Kroah-Hartman
` (335 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tinghan Shen,
AngeloGioacchino Del Regno, Matthias Brugger, Mathieu Poirier,
Sasha Levin
From: Tinghan Shen <tinghan.shen@mediatek.com>
[ Upstream commit f20e232d74ee0ace386be0b7db1ff993ea69b4c4 ]
The definition of L1TCM_SRAM_PDN bits on mt8195 is different to mt8192.
L1TCM_SRAM_PDN bits[3:0] control the power of mt8195 L1TCM SRAM.
L1TCM_SRAM_PDN bits[7:4] control the access path to EMI for SCP.
These bits have to be powered on to allow EMI access for SCP.
Bits[7:4] also affect audio DSP because audio DSP and SCP are
placed on the same hardware bus. If SCP cannot access EMI, audio DSP is
blocked too.
L1TCM_SRAM_PDN bits[31:8] are not used.
This fix removes modification of bits[7:4] when power on/off mt8195 SCP
L1TCM. It's because the modification introduces a short period of time
blocking audio DSP to access EMI. This was not a problem until we have
to load both SCP module and audio DSP module. audio DSP needs to access
EMI because it has source/data on DRAM. Audio DSP will have unexpected
behavior when it accesses EMI and the SCP driver blocks the EMI path at
the same time.
Fixes: 79111df414fc ("remoteproc: mediatek: Support mt8195 scp")
Signed-off-by: Tinghan Shen <tinghan.shen@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Link: https://lore.kernel.org/r/20220321060340.10975-1-tinghan.shen@mediatek.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/mtk_common.h | 2 +
drivers/remoteproc/mtk_scp.c | 69 +++++++++++++++++++++++++--------
2 files changed, 54 insertions(+), 17 deletions(-)
diff --git a/drivers/remoteproc/mtk_common.h b/drivers/remoteproc/mtk_common.h
index 71ce4977cb0b..ea6fa1100a00 100644
--- a/drivers/remoteproc/mtk_common.h
+++ b/drivers/remoteproc/mtk_common.h
@@ -54,6 +54,8 @@
#define MT8192_CORE0_WDT_IRQ 0x10030
#define MT8192_CORE0_WDT_CFG 0x10034
+#define MT8195_L1TCM_SRAM_PDN_RESERVED_RSI_BITS GENMASK(7, 4)
+
#define SCP_FW_VER_LEN 32
#define SCP_SHARE_BUFFER_SIZE 288
diff --git a/drivers/remoteproc/mtk_scp.c b/drivers/remoteproc/mtk_scp.c
index 38609153bf64..ee6c4009586e 100644
--- a/drivers/remoteproc/mtk_scp.c
+++ b/drivers/remoteproc/mtk_scp.c
@@ -365,22 +365,22 @@ static int mt8183_scp_before_load(struct mtk_scp *scp)
return 0;
}
-static void mt8192_power_on_sram(void __iomem *addr)
+static void scp_sram_power_on(void __iomem *addr, u32 reserved_mask)
{
int i;
for (i = 31; i >= 0; i--)
- writel(GENMASK(i, 0), addr);
+ writel(GENMASK(i, 0) & ~reserved_mask, addr);
writel(0, addr);
}
-static void mt8192_power_off_sram(void __iomem *addr)
+static void scp_sram_power_off(void __iomem *addr, u32 reserved_mask)
{
int i;
writel(0, addr);
for (i = 0; i < 32; i++)
- writel(GENMASK(i, 0), addr);
+ writel(GENMASK(i, 0) & ~reserved_mask, addr);
}
static int mt8186_scp_before_load(struct mtk_scp *scp)
@@ -393,7 +393,7 @@ static int mt8186_scp_before_load(struct mtk_scp *scp)
writel(0x0, scp->reg_base + MT8183_SCP_CLK_DIV_SEL);
/* Turn on the power of SCP's SRAM before using it. Enable 1 block per time*/
- mt8192_power_on_sram(scp->reg_base + MT8183_SCP_SRAM_PDN);
+ scp_sram_power_on(scp->reg_base + MT8183_SCP_SRAM_PDN, 0);
/* Initialize TCM before loading FW. */
writel(0x0, scp->reg_base + MT8183_SCP_L1_SRAM_PD);
@@ -412,11 +412,32 @@ static int mt8192_scp_before_load(struct mtk_scp *scp)
writel(1, scp->reg_base + MT8192_CORE0_SW_RSTN_SET);
/* enable SRAM clock */
- mt8192_power_on_sram(scp->reg_base + MT8192_L2TCM_SRAM_PD_0);
- mt8192_power_on_sram(scp->reg_base + MT8192_L2TCM_SRAM_PD_1);
- mt8192_power_on_sram(scp->reg_base + MT8192_L2TCM_SRAM_PD_2);
- mt8192_power_on_sram(scp->reg_base + MT8192_L1TCM_SRAM_PDN);
- mt8192_power_on_sram(scp->reg_base + MT8192_CPU0_SRAM_PD);
+ scp_sram_power_on(scp->reg_base + MT8192_L2TCM_SRAM_PD_0, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_L2TCM_SRAM_PD_1, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_L2TCM_SRAM_PD_2, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_L1TCM_SRAM_PDN, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_CPU0_SRAM_PD, 0);
+
+ /* enable MPU for all memory regions */
+ writel(0xff, scp->reg_base + MT8192_CORE0_MEM_ATT_PREDEF);
+
+ return 0;
+}
+
+static int mt8195_scp_before_load(struct mtk_scp *scp)
+{
+ /* clear SPM interrupt, SCP2SPM_IPC_CLR */
+ writel(0xff, scp->reg_base + MT8192_SCP2SPM_IPC_CLR);
+
+ writel(1, scp->reg_base + MT8192_CORE0_SW_RSTN_SET);
+
+ /* enable SRAM clock */
+ scp_sram_power_on(scp->reg_base + MT8192_L2TCM_SRAM_PD_0, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_L2TCM_SRAM_PD_1, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_L2TCM_SRAM_PD_2, 0);
+ scp_sram_power_on(scp->reg_base + MT8192_L1TCM_SRAM_PDN,
+ MT8195_L1TCM_SRAM_PDN_RESERVED_RSI_BITS);
+ scp_sram_power_on(scp->reg_base + MT8192_CPU0_SRAM_PD, 0);
/* enable MPU for all memory regions */
writel(0xff, scp->reg_base + MT8192_CORE0_MEM_ATT_PREDEF);
@@ -572,11 +593,25 @@ static void mt8183_scp_stop(struct mtk_scp *scp)
static void mt8192_scp_stop(struct mtk_scp *scp)
{
/* Disable SRAM clock */
- mt8192_power_off_sram(scp->reg_base + MT8192_L2TCM_SRAM_PD_0);
- mt8192_power_off_sram(scp->reg_base + MT8192_L2TCM_SRAM_PD_1);
- mt8192_power_off_sram(scp->reg_base + MT8192_L2TCM_SRAM_PD_2);
- mt8192_power_off_sram(scp->reg_base + MT8192_L1TCM_SRAM_PDN);
- mt8192_power_off_sram(scp->reg_base + MT8192_CPU0_SRAM_PD);
+ scp_sram_power_off(scp->reg_base + MT8192_L2TCM_SRAM_PD_0, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_L2TCM_SRAM_PD_1, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_L2TCM_SRAM_PD_2, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_L1TCM_SRAM_PDN, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_CPU0_SRAM_PD, 0);
+
+ /* Disable SCP watchdog */
+ writel(0, scp->reg_base + MT8192_CORE0_WDT_CFG);
+}
+
+static void mt8195_scp_stop(struct mtk_scp *scp)
+{
+ /* Disable SRAM clock */
+ scp_sram_power_off(scp->reg_base + MT8192_L2TCM_SRAM_PD_0, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_L2TCM_SRAM_PD_1, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_L2TCM_SRAM_PD_2, 0);
+ scp_sram_power_off(scp->reg_base + MT8192_L1TCM_SRAM_PDN,
+ MT8195_L1TCM_SRAM_PDN_RESERVED_RSI_BITS);
+ scp_sram_power_off(scp->reg_base + MT8192_CPU0_SRAM_PD, 0);
/* Disable SCP watchdog */
writel(0, scp->reg_base + MT8192_CORE0_WDT_CFG);
@@ -922,11 +957,11 @@ static const struct mtk_scp_of_data mt8192_of_data = {
static const struct mtk_scp_of_data mt8195_of_data = {
.scp_clk_get = mt8195_scp_clk_get,
- .scp_before_load = mt8192_scp_before_load,
+ .scp_before_load = mt8195_scp_before_load,
.scp_irq_handler = mt8192_scp_irq_handler,
.scp_reset_assert = mt8192_scp_reset_assert,
.scp_reset_deassert = mt8192_scp_reset_deassert,
- .scp_stop = mt8192_scp_stop,
+ .scp_stop = mt8195_scp_stop,
.scp_da_to_va = mt8192_scp_da_to_va,
.host_to_scp_reg = MT8192_GIPC_IN_SET,
.host_to_scp_int_bit = MT8192_HOST_IPC_INT_BIT,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 006/339] remoteproc: mtk_scp: Fix a potential double free
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 005/339] remoteproc: mediatek: Fix side effect of mt8195 sram power on Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 007/339] lkdtm/bugs: Check for the NULL pointer after calling kmalloc Greg Kroah-Hartman
` (334 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
AngeloGioacchino Del Regno, Mathieu Poirier, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit eac3e5b1c12f85732e60f5f8b985444d273866bb ]
'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need
to free it explicitly in the remove function.
Fixes: c1407ac1099a ("remoteproc: mtk_scp: Use devm variant of rproc_alloc()")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Link: https://lore.kernel.org/r/1d15023b4afb94591435c48482fe1276411b9a07.1648981531.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/mtk_scp.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/remoteproc/mtk_scp.c b/drivers/remoteproc/mtk_scp.c
index ee6c4009586e..621174ea7fd6 100644
--- a/drivers/remoteproc/mtk_scp.c
+++ b/drivers/remoteproc/mtk_scp.c
@@ -912,7 +912,6 @@ static int scp_remove(struct platform_device *pdev)
for (i = 0; i < SCP_IPI_MAX; i++)
mutex_destroy(&scp->ipi_desc[i].lock);
mutex_destroy(&scp->send_lock);
- rproc_free(scp->rproc);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 007/339] lkdtm/bugs: Check for the NULL pointer after calling kmalloc
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 006/339] remoteproc: mtk_scp: Fix a potential double free Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 008/339] lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP Greg Kroah-Hartman
` (333 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Dan Carpenter,
Kees Cook, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 4a9800c81d2f34afb66b4b42e0330ae8298019a2 ]
As the possible failure of the kmalloc(), the not_checked and checked
could be NULL pointer.
Therefore, it should be better to check it in order to avoid the
dereference of the NULL pointer.
Also, we need to kfree the 'not_checked' and 'checked' to avoid
the memory leak if fails.
And since it is just a test, it may directly return without error
number.
Fixes: ae2e1aad3e48 ("drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds checks")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220120092936.1874264-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/lkdtm/bugs.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c
index f21854ac5cc2..4f2808b2ca3c 100644
--- a/drivers/misc/lkdtm/bugs.c
+++ b/drivers/misc/lkdtm/bugs.c
@@ -327,6 +327,11 @@ void lkdtm_ARRAY_BOUNDS(void)
not_checked = kmalloc(sizeof(*not_checked) * 2, GFP_KERNEL);
checked = kmalloc(sizeof(*checked) * 2, GFP_KERNEL);
+ if (!not_checked || !checked) {
+ kfree(not_checked);
+ kfree(checked);
+ return;
+ }
pr_info("Array access within bounds ...\n");
/* For both, touch all bytes in the actual member size. */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 008/339] lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 007/339] lkdtm/bugs: Check for the NULL pointer after calling kmalloc Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 009/339] tty: goldfish: Use tty_port_destroy() to destroy port Greg Kroah-Hartman
` (332 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe Leroy, Kees Cook, Sasha Levin
From: Christophe Leroy <christophe.leroy@csgroup.eu>
[ Upstream commit 8bfdbddd68249e0d8598777cca8249619ee51df0 ]
When you don't select CONFIG_UBSAN_TRAP, you get:
# echo ARRAY_BOUNDS > /sys/kernel/debug/provoke-crash/DIRECT
[ 102.265827] ================================================================================
[ 102.278433] UBSAN: array-index-out-of-bounds in drivers/misc/lkdtm/bugs.c:342:16
[ 102.287207] index 8 is out of range for type 'char [8]'
[ 102.298722] ================================================================================
[ 102.313712] lkdtm: FAIL: survived array bounds overflow!
[ 102.318770] lkdtm: Unexpected! This kernel (5.16.0-rc1-s3k-dev-01884-g720dcf79314a ppc) was built with CONFIG_UBSAN_BOUNDS=y
It is not correct because when CONFIG_UBSAN_TRAP is not selected
you can't expect array bounds overflow to kill the thread.
Modify the logic so that when the kernel is built with
CONFIG_UBSAN_BOUNDS but without CONFIG_UBSAN_TRAP, you get a warning
about CONFIG_UBSAN_TRAP not been selected instead.
This also require a fix of pr_expected_config(), otherwise the
following error is encountered.
CC drivers/misc/lkdtm/bugs.o
drivers/misc/lkdtm/bugs.c: In function 'lkdtm_ARRAY_BOUNDS':
drivers/misc/lkdtm/bugs.c:351:2: error: 'else' without a previous 'if'
351 | else
| ^~~~
Fixes: c75be56e35b2 ("lkdtm/bugs: Add ARRAY_BOUNDS to selftests")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/363b58690e907c677252467a94fe49444c80ea76.1649704381.git.christophe.leroy@csgroup.eu
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/lkdtm/bugs.c | 5 ++++-
drivers/misc/lkdtm/lkdtm.h | 8 ++++----
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c
index 4f2808b2ca3c..8cb342c562af 100644
--- a/drivers/misc/lkdtm/bugs.c
+++ b/drivers/misc/lkdtm/bugs.c
@@ -351,7 +351,10 @@ void lkdtm_ARRAY_BOUNDS(void)
kfree(not_checked);
kfree(checked);
pr_err("FAIL: survived array bounds overflow!\n");
- pr_expected_config(CONFIG_UBSAN_BOUNDS);
+ if (IS_ENABLED(CONFIG_UBSAN_BOUNDS))
+ pr_expected_config(CONFIG_UBSAN_TRAP);
+ else
+ pr_expected_config(CONFIG_UBSAN_BOUNDS);
}
void lkdtm_CORRUPT_LIST_ADD(void)
diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h
index 305fc2ec3f25..90f87b193c1e 100644
--- a/drivers/misc/lkdtm/lkdtm.h
+++ b/drivers/misc/lkdtm/lkdtm.h
@@ -9,19 +9,19 @@
extern char *lkdtm_kernel_info;
#define pr_expected_config(kconfig) \
-{ \
+do { \
if (IS_ENABLED(kconfig)) \
pr_err("Unexpected! This %s was built with " #kconfig "=y\n", \
lkdtm_kernel_info); \
else \
pr_warn("This is probably expected, since this %s was built *without* " #kconfig "=y\n", \
lkdtm_kernel_info); \
-}
+} while (0)
#ifndef MODULE
int lkdtm_check_bool_cmdline(const char *param);
#define pr_expected_config_param(kconfig, param) \
-{ \
+do { \
if (IS_ENABLED(kconfig)) { \
switch (lkdtm_check_bool_cmdline(param)) { \
case 0: \
@@ -52,7 +52,7 @@ int lkdtm_check_bool_cmdline(const char *param);
break; \
} \
} \
-}
+} while (0)
#else
#define pr_expected_config_param(kconfig, param) pr_expected_config(kconfig)
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 009/339] tty: goldfish: Use tty_port_destroy() to destroy port
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 008/339] lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 010/339] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Greg Kroah-Hartman
` (331 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Wang Weiyang, Sasha Levin
From: Wang Weiyang <wangweiyang2@huawei.com>
[ Upstream commit 507b05063d1b7a1fcb9f7d7c47586fc4f3508f98 ]
In goldfish_tty_probe(), the port initialized through tty_port_init()
should be destroyed in error paths.In goldfish_tty_remove(), qtty->port
also should be destroyed or else might leak resources.
Fix the above by calling tty_port_destroy().
Fixes: 666b7793d4bf ("goldfish: tty driver")
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
Link: https://lore.kernel.org/r/20220328115844.86032-1-wangweiyang2@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/goldfish.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/goldfish.c b/drivers/tty/goldfish.c
index 9e8ccb8ed6d6..c7968aecd870 100644
--- a/drivers/tty/goldfish.c
+++ b/drivers/tty/goldfish.c
@@ -405,6 +405,7 @@ static int goldfish_tty_probe(struct platform_device *pdev)
err_tty_register_device_failed:
free_irq(irq, qtty);
err_dec_line_count:
+ tty_port_destroy(&qtty->port);
goldfish_tty_current_line_count--;
if (goldfish_tty_current_line_count == 0)
goldfish_tty_delete_driver();
@@ -426,6 +427,7 @@ static int goldfish_tty_remove(struct platform_device *pdev)
iounmap(qtty->base);
qtty->base = NULL;
free_irq(qtty->irq, pdev);
+ tty_port_destroy(&qtty->port);
goldfish_tty_current_line_count--;
if (goldfish_tty_current_line_count == 0)
goldfish_tty_delete_driver();
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 010/339] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 009/339] tty: goldfish: Use tty_port_destroy() to destroy port Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 011/339] tty: n_tty: Restore EOF push handling behavior Greg Kroah-Hartman
` (330 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit bcea0f547ec1a2ee44d429aaf0334633e386e67c ]
Fix the missing clk_disable_unprepare() before return
from owl_uart_probe() in the error handling case.
Fixes: abf42d2f333b ("tty: serial: owl: add "much needed" clk_prepare_enable()")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220307105135.11698-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/owl-uart.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c
index 5250bd7d390a..0866d749a9f4 100644
--- a/drivers/tty/serial/owl-uart.c
+++ b/drivers/tty/serial/owl-uart.c
@@ -731,6 +731,7 @@ static int owl_uart_probe(struct platform_device *pdev)
owl_port->port.uartclk = clk_get_rate(owl_port->clk);
if (owl_port->port.uartclk == 0) {
dev_err(&pdev->dev, "clock rate is zero\n");
+ clk_disable_unprepare(owl_port->clk);
return -EINVAL;
}
owl_port->port.flags = UPF_BOOT_AUTOCONF | UPF_IOREMAP | UPF_LOW_LATENCY;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 011/339] tty: n_tty: Restore EOF push handling behavior
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 010/339] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 012/339] serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe Greg Kroah-Hartman
` (329 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Hurley, Jiri Slaby,
Linus Torvalds, Daniel Gibson, Sasha Levin
From: Daniel Gibson <daniel@gibson.sh>
[ Upstream commit 65a8b287023da68c4550deab5c764e6891cf1caf ]
TTYs in ICANON mode have a special case that allows "pushing" a line
without a regular EOL character (like newline), by using EOF (the EOT
character - ASCII 0x4) as a pseudo-EOL. It is silently discarded, so
the reader of the PTS will receive the line *without* EOF or any other
terminating character.
This special case has an edge case: What happens if the readers buffer
is the same size as the line (without EOF)? Will they be able to tell
if the whole line is received, i.e. if the next read() will return more
of the same line or the next line?
There are two possibilities, that both have (dis)advantages:
1. The next read() returns 0. FreeBSD (13.0) and OSX (10.11) do this.
Advantage: The reader can interpret this as "the line is over".
Disadvantage: read() returning 0 means EOF, the reader could also
interpret it as "there's no more data" and stop reading or even
close the PT.
2. The next read() returns the next line, the EOF is silently discarded.
Solaris (or at least OpenIndiana 2021.10) does this, Linux has done
do this since commit 40d5e0905a03 ("n_tty: Fix EOF push handling");
this behavior was recently broken by commit 359303076163 ("tty:
n_tty: do not look ahead for EOL character past the end of the buffer").
Advantage: read() won't return 0 (EOF), reader less likely to be
confused (and things like `while(read(..)>0)` don't break)
Disadvantage: The reader can't really know if the read() continues
the last line (that filled the whole read buffer) or starts a
new line.
As both options are defensible (and are used by other Unix-likes), it's
best to stick to the "old" behavior since "n_tty: Fix EOF push handling"
of 2013, i.e. silently discard that EOF.
This patch - that I actually got from Linus for testing and only
modified slightly - restores that behavior by skipping an EOF
character if it's the next character after reading is done.
Based on a patch from Linus Torvalds.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215611
Fixes: 359303076163 ("tty: n_tty: do not look ahead for EOL character past the end of the buffer")
Cc: Peter Hurley <peter@hurleysoftware.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jirislaby@kernel.org>
Reviewed-and-tested-by: Daniel Gibson <daniel@gibson.sh>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Daniel Gibson <daniel@gibson.sh>
Link: https://lore.kernel.org/r/20220329235810.452513-2-daniel@gibson.sh
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/n_tty.c | 38 +++++++++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
index efc72104c840..bdc314aeab88 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -1975,6 +1975,35 @@ static bool canon_copy_from_read_buf(struct tty_struct *tty,
return ldata->read_tail != canon_head;
}
+/*
+ * If we finished a read at the exact location of an
+ * EOF (special EOL character that's a __DISABLED_CHAR)
+ * in the stream, silently eat the EOF.
+ */
+static void canon_skip_eof(struct tty_struct *tty)
+{
+ struct n_tty_data *ldata = tty->disc_data;
+ size_t tail, canon_head;
+
+ canon_head = smp_load_acquire(&ldata->canon_head);
+ tail = ldata->read_tail;
+
+ // No data?
+ if (tail == canon_head)
+ return;
+
+ // See if the tail position is EOF in the circular buffer
+ tail &= (N_TTY_BUF_SIZE - 1);
+ if (!test_bit(tail, ldata->read_flags))
+ return;
+ if (read_buf(ldata, tail) != __DISABLED_CHAR)
+ return;
+
+ // Clear the EOL bit, skip the EOF char.
+ clear_bit(tail, ldata->read_flags);
+ smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
+}
+
/**
* job_control - check job control
* @tty: tty
@@ -2045,7 +2074,14 @@ static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
*/
if (*cookie) {
if (ldata->icanon && !L_EXTPROC(tty)) {
- if (canon_copy_from_read_buf(tty, &kb, &nr))
+ /*
+ * If we have filled the user buffer, see
+ * if we should skip an EOF character before
+ * releasing the lock and returning done.
+ */
+ if (!nr)
+ canon_skip_eof(tty);
+ else if (canon_copy_from_read_buf(tty, &kb, &nr))
return kb - kbuf;
} else {
if (copy_from_read_buf(tty, &kb, &nr))
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 012/339] serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 011/339] tty: n_tty: Restore EOF push handling behavior Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 013/339] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Greg Kroah-Hartman
` (328 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 0e0fd55719fa081de6f9e5d9e6cef48efb04d34a ]
platform_get_resource() may fail and return NULL, so we should
better check it's return value to avoid a NULL pointer dereference.
Fixes: 54da3e381c2b ("serial: 8250_aspeed_vuart: use UPF_IOREMAP to set up register mapping")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220404143842.16960-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_aspeed_vuart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/8250/8250_aspeed_vuart.c b/drivers/tty/serial/8250/8250_aspeed_vuart.c
index 93fe10c680fb..9d2a7856784f 100644
--- a/drivers/tty/serial/8250/8250_aspeed_vuart.c
+++ b/drivers/tty/serial/8250/8250_aspeed_vuart.c
@@ -429,6 +429,8 @@ static int aspeed_vuart_probe(struct platform_device *pdev)
timer_setup(&vuart->unthrottle_timer, aspeed_vuart_unthrottle_exp, 0);
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -EINVAL;
memset(&port, 0, sizeof(port));
port.port.private_data = vuart;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 013/339] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 012/339] serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 014/339] remoteproc: imx_rproc: Ignore create mem entry for resource table Greg Kroah-Hartman
` (327 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sherry Sun, Sasha Levin
From: Sherry Sun <sherry.sun@nxp.com>
[ Upstream commit f398e0aa325c61fa20903833a5b534ecb8e6e418 ]
Now fsl_lpuart driver use both of_alias_get_id() and ida_simple_get() in
.probe(), which has the potential bug. For example, when remove the
lpuart7 alias in dts, of_alias_get_id() will return error, then call
ida_simple_get() to allocate the id 0 for lpuart7, this may confilct
with the lpuart4 which has alias 0.
aliases {
...
serial0 = &lpuart4;
serial1 = &lpuart5;
serial2 = &lpuart6;
serial3 = &lpuart7;
}
So remove the ida_simple_get() in .probe(), return an error directly
when calling of_alias_get_id() fails, which is consistent with other
uart drivers behavior.
Fixes: 3bc3206e1c0f ("serial: fsl_lpuart: Remove the alias node dependence")
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Link: https://lore.kernel.org/r/20220321112211.8895-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/fsl_lpuart.c | 24 ++++--------------------
1 file changed, 4 insertions(+), 20 deletions(-)
diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index be12fee94db5..2cb89491dd09 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -239,8 +239,6 @@
/* IMX lpuart has four extra unused regs located at the beginning */
#define IMX_REG_OFF 0x10
-static DEFINE_IDA(fsl_lpuart_ida);
-
enum lpuart_type {
VF610_LPUART,
LS1021A_LPUART,
@@ -276,7 +274,6 @@ struct lpuart_port {
int rx_dma_rng_buf_len;
unsigned int dma_tx_nents;
wait_queue_head_t dma_wait;
- bool id_allocated;
};
struct lpuart_soc_data {
@@ -2717,23 +2714,18 @@ static int lpuart_probe(struct platform_device *pdev)
ret = of_alias_get_id(np, "serial");
if (ret < 0) {
- ret = ida_simple_get(&fsl_lpuart_ida, 0, UART_NR, GFP_KERNEL);
- if (ret < 0) {
- dev_err(&pdev->dev, "port line is full, add device failed\n");
- return ret;
- }
- sport->id_allocated = true;
+ dev_err(&pdev->dev, "failed to get alias id, errno %d\n", ret);
+ return ret;
}
if (ret >= ARRAY_SIZE(lpuart_ports)) {
dev_err(&pdev->dev, "serial%d out of range\n", ret);
- ret = -EINVAL;
- goto failed_out_of_range;
+ return -EINVAL;
}
sport->port.line = ret;
ret = lpuart_enable_clks(sport);
if (ret)
- goto failed_clock_enable;
+ return ret;
sport->port.uartclk = lpuart_get_baud_clk_rate(sport);
lpuart_ports[sport->port.line] = sport;
@@ -2781,10 +2773,6 @@ static int lpuart_probe(struct platform_device *pdev)
uart_remove_one_port(&lpuart_reg, &sport->port);
failed_attach_port:
lpuart_disable_clks(sport);
-failed_clock_enable:
-failed_out_of_range:
- if (sport->id_allocated)
- ida_simple_remove(&fsl_lpuart_ida, sport->port.line);
return ret;
}
@@ -2794,9 +2782,6 @@ static int lpuart_remove(struct platform_device *pdev)
uart_remove_one_port(&lpuart_reg, &sport->port);
- if (sport->id_allocated)
- ida_simple_remove(&fsl_lpuart_ida, sport->port.line);
-
lpuart_disable_clks(sport);
if (sport->dma_tx_chan)
@@ -2926,7 +2911,6 @@ static int __init lpuart_serial_init(void)
static void __exit lpuart_serial_exit(void)
{
- ida_destroy(&fsl_lpuart_ida);
platform_driver_unregister(&lpuart_driver);
uart_unregister_driver(&lpuart_reg);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 014/339] remoteproc: imx_rproc: Ignore create mem entry for resource table
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 013/339] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 015/339] phy: rockchip-inno-usb2: Fix muxed interrupt support Greg Kroah-Hartman
` (326 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peng Fan, Mathieu Poirier, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 58b7c856519fe946620ee68dd0c37bd3c695484a ]
Resource table is used by Linux to get information published by
remote processor. It should be not be used for memory allocation, so
not create rproc mem entry.
Fixes: b29b4249f8f0 ("remoteproc: imx_rproc: add i.MX specific parse fw hook")
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Link: https://lore.kernel.org/r/20220415025737.1561976-1-peng.fan@oss.nxp.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/imx_rproc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c
index 7a096f1891e6..91eb037089ef 100644
--- a/drivers/remoteproc/imx_rproc.c
+++ b/drivers/remoteproc/imx_rproc.c
@@ -423,6 +423,9 @@ static int imx_rproc_prepare(struct rproc *rproc)
if (!strcmp(it.node->name, "vdev0buffer"))
continue;
+ if (!strcmp(it.node->name, "rsc-table"))
+ continue;
+
rmem = of_reserved_mem_lookup(it.node);
if (!rmem) {
dev_err(priv->dev, "unable to acquire memory-region\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 015/339] phy: rockchip-inno-usb2: Fix muxed interrupt support
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 014/339] remoteproc: imx_rproc: Ignore create mem entry for resource table Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 016/339] staging: r8188eu: fix struct rt_firmware_hdr Greg Kroah-Hartman
` (325 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Holland, Michael Riesch,
Vinod Koul, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 6a98df08ccd55e87947d253b19925691763e755c ]
This commit fixes two issues with the muxed interrupt handler. First,
the OTG port has the "bvalid" interrupt enabled, not "linestate". Since
only the linestate interrupt was handled, and not the bvalid interrupt,
plugging in a cable to the OTG port caused an interrupt storm.
Second, the return values from the individual port IRQ handlers need to
be OR-ed together. Otherwise, the lack of an interrupt from the last
port would cause the handler to erroneously return IRQ_NONE.
Fixes: ed2b5a8e6b98 ("phy: phy-rockchip-inno-usb2: support muxed interrupts")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Tested-by: Michael Riesch <michael.riesch@wolfvision.net>
Link: https://lore.kernel.org/r/20220414032258.40984-2-samuel@sholland.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/rockchip/phy-rockchip-inno-usb2.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
index eca77e44a4c1..cba5c32cbaee 100644
--- a/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
+++ b/drivers/phy/rockchip/phy-rockchip-inno-usb2.c
@@ -940,8 +940,14 @@ static irqreturn_t rockchip_usb2phy_irq(int irq, void *data)
if (!rport->phy)
continue;
- /* Handle linestate irq for both otg port and host port */
- ret = rockchip_usb2phy_linestate_irq(irq, rport);
+ switch (rport->port_id) {
+ case USB2PHY_PORT_OTG:
+ ret |= rockchip_usb2phy_otg_mux_irq(irq, rport);
+ break;
+ case USB2PHY_PORT_HOST:
+ ret |= rockchip_usb2phy_linestate_irq(irq, rport);
+ break;
+ }
}
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 016/339] staging: r8188eu: fix struct rt_firmware_hdr
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 015/339] phy: rockchip-inno-usb2: Fix muxed interrupt support Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 017/339] usb: usbip: fix a refcount leak in stub_probe() Greg Kroah-Hartman
` (324 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Larry Finger, Michael Straube, Sasha Levin
From: Michael Straube <straube.linux@gmail.com>
[ Upstream commit fbfdc1b6f80abc40cb1f7bac68248b899754d8be ]
The size of struct rt_firmware_hdr is 36 bytes.
$ pahole -C rt_firmware_hdr drivers/staging/r8188eu/r8188eu.o
struct rt_firmware_hdr {
__le16 Signature; /* 0 2 */
u8 Category; /* 2 1 */
u8 Function; /* 3 1 */
__le16 Version; /* 4 2 */
u8 Subversion; /* 6 1 */
/* XXX 1 byte hole, try to pack */
u16 Rsvd1; /* 8 2 */
u8 Month; /* 10 1 */
u8 Date; /* 11 1 */
u8 Hour; /* 12 1 */
u8 Minute; /* 13 1 */
__le16 RamCodeSize; /* 14 2 */
u8 Foundry; /* 16 1 */
u8 Rsvd2; /* 17 1 */
/* XXX 2 bytes hole, try to pack */
__le32 SvnIdx; /* 20 4 */
u32 Rsvd3; /* 24 4 */
u32 Rsvd4; /* 28 4 */
u32 Rsvd5; /* 32 4 */
/* size: 36, cachelines: 1, members: 17 */
/* sum members: 33, holes: 2, sum holes: 3 */
/* last cacheline: 36 bytes */
};
But the header in the firmware file is only 32 bytes long.
The hexdump of rtl8188eufw.bin shows that the field Rsvd1 should be u8
instead of __le16.
OFFSET rtl8188eufw.bin
-----------------------------------------------------------
0x00000000 E1 88 10 00 0B 00 01 00 01 21 11 27 30 36 00 00
0x00000010 2D 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000000 E1 88 10 00 0B 00 01 00 01 21 11 27 30 36 00 00
^ ^ ^ ^ ^ ^
Subversion Rsvd1 Month Date Hour Minute
With the change of field Rsvd1 from __le16 to u8 the structure has the
correct size 32.
$ pahole -C rt_firmware_hdr drivers/staging/r8188eu/r8188eu.o
struct rt_firmware_hdr {
__le16 Signature; /* 0 2 */
u8 Category; /* 2 1 */
u8 Function; /* 3 1 */
__le16 Version; /* 4 2 */
u8 Subversion; /* 6 1 */
u8 Rsvd1; /* 7 1 */
u8 Month; /* 8 1 */
u8 Date; /* 9 1 */
u8 Hour; /* 10 1 */
u8 Minute; /* 11 1 */
__le16 RamCodeSize; /* 12 2 */
u8 Foundry; /* 14 1 */
u8 Rsvd2; /* 15 1 */
__le32 SvnIdx; /* 16 4 */
u32 Rsvd3; /* 20 4 */
u32 Rsvd4; /* 24 4 */
u32 Rsvd5; /* 28 4 */
/* size: 32, cachelines: 1, members: 17 */
/* last cacheline: 32 bytes */
The wrong size had no effect because the header size is hardcoded to
32 where it is used in the code and the fields after Subversion are
not used.
Fixes: 7884fc0a1473 ("staging: r8188eu: introduce new include dir for RTL8188eu driver")
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20220417175441.13830-2-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/r8188eu/core/rtw_fw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/r8188eu/core/rtw_fw.c b/drivers/staging/r8188eu/core/rtw_fw.c
index 625d186c3647..ce431d8ffea0 100644
--- a/drivers/staging/r8188eu/core/rtw_fw.c
+++ b/drivers/staging/r8188eu/core/rtw_fw.c
@@ -29,7 +29,7 @@ struct rt_firmware_hdr {
* FW for different conditions */
__le16 Version; /* FW Version */
u8 Subversion; /* FW Subversion, default 0x00 */
- u16 Rsvd1;
+ u8 Rsvd1;
/* LONG WORD 1 ---- */
u8 Month; /* Release time Month field */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 017/339] usb: usbip: fix a refcount leak in stub_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 016/339] staging: r8188eu: fix struct rt_firmware_hdr Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 018/339] usb: usbip: add missing device lock on tweak configuration cmd Greg Kroah-Hartman
` (323 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Hangyu Hua, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 9ec4cbf1cc55d126759051acfe328d489c5d6e60 ]
usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
after that, usb_put_dev() needs to be called to release the reference.
Fix this by moving usb_put_dev() to sdev_free error path handling.
Find this by code review.
Fixes: 3ff67445750a ("usbip: fix error handling in stub_probe()")
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220412020257.9767-1-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/usbip/stub_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c
index d8d3892e5a69..3c6d452e3bf4 100644
--- a/drivers/usb/usbip/stub_dev.c
+++ b/drivers/usb/usbip/stub_dev.c
@@ -393,7 +393,6 @@ static int stub_probe(struct usb_device *udev)
err_port:
dev_set_drvdata(&udev->dev, NULL);
- usb_put_dev(udev);
/* we already have busid_priv, just lock busid_lock */
spin_lock(&busid_priv->busid_lock);
@@ -408,6 +407,7 @@ static int stub_probe(struct usb_device *udev)
put_busid_priv(busid_priv);
sdev_free:
+ usb_put_dev(udev);
stub_device_free(sdev);
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 018/339] usb: usbip: add missing device lock on tweak configuration cmd
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 017/339] usb: usbip: fix a refcount leak in stub_probe() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 019/339] USB: storage: karma: fix rio_karma_init return Greg Kroah-Hartman
` (322 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shuah Khan, Niels Dossche, Sasha Levin
From: Niels Dossche <dossche.niels@gmail.com>
[ Upstream commit d088fabace2ca337b275d1d4b36db4fe7771e44f ]
The function documentation of usb_set_configuration says that its
callers should hold the device lock. This lock is held for all
callsites except tweak_set_configuration_cmd. The code path can be
executed for example when attaching a remote USB device.
The solution is to surround the call by the device lock.
This bug was found using my experimental own-developed static analysis
tool, which reported the missing lock on v5.17.2. I manually verified
this bug report by doing code review as well. I runtime checked that
the required lock is not held. I compiled and runtime tested this on
x86_64 with a USB mouse. After applying this patch, my analyser no
longer reports this potential bug.
Fixes: 2c8c98158946 ("staging: usbip: let client choose device configuration")
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Link: https://lore.kernel.org/r/20220412165055.257113-1-dossche.niels@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/usbip/stub_rx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c
index 325c22008e53..5dd41e8215e0 100644
--- a/drivers/usb/usbip/stub_rx.c
+++ b/drivers/usb/usbip/stub_rx.c
@@ -138,7 +138,9 @@ static int tweak_set_configuration_cmd(struct urb *urb)
req = (struct usb_ctrlrequest *) urb->setup_packet;
config = le16_to_cpu(req->wValue);
+ usb_lock_device(sdev->udev);
err = usb_set_configuration(sdev->udev, config);
+ usb_unlock_device(sdev->udev);
if (err && err != -ENODEV)
dev_err(&sdev->udev->dev, "can't set config #%d, error %d\n",
config, err);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 019/339] USB: storage: karma: fix rio_karma_init return
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 018/339] usb: usbip: add missing device lock on tweak configuration cmd Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 020/339] usb: musb: Fix missing of_node_put() in omap2430_probe Greg Kroah-Hartman
` (321 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alan Stern, Lin Ma, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit b92ffb1eddd9a66a90defc556dcbf65a43c196c7 ]
The function rio_karam_init() should return -ENOMEM instead of
value 0 (USB_STOR_TRANSPORT_GOOD) when allocation fails.
Similarly, it should return -EIO when rio_karma_send_command() fails.
Fixes: dfe0d3ba20e8 ("USB Storage: add rio karma eject support")
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20220412144359.28447-1-linma@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/storage/karma.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/storage/karma.c b/drivers/usb/storage/karma.c
index 05cec81dcd3f..38ddfedef629 100644
--- a/drivers/usb/storage/karma.c
+++ b/drivers/usb/storage/karma.c
@@ -174,24 +174,25 @@ static void rio_karma_destructor(void *extra)
static int rio_karma_init(struct us_data *us)
{
- int ret = 0;
struct karma_data *data = kzalloc(sizeof(struct karma_data), GFP_NOIO);
if (!data)
- goto out;
+ return -ENOMEM;
data->recv = kmalloc(RIO_RECV_LEN, GFP_NOIO);
if (!data->recv) {
kfree(data);
- goto out;
+ return -ENOMEM;
}
us->extra = data;
us->extra_destructor = rio_karma_destructor;
- ret = rio_karma_send_command(RIO_ENTER_STORAGE, us);
- data->in_storage = (ret == 0);
-out:
- return ret;
+ if (rio_karma_send_command(RIO_ENTER_STORAGE, us))
+ return -EIO;
+
+ data->in_storage = 1;
+
+ return 0;
}
static struct scsi_host_template karma_host_template;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 020/339] usb: musb: Fix missing of_node_put() in omap2430_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 019/339] USB: storage: karma: fix rio_karma_init return Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 021/339] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Greg Kroah-Hartman
` (320 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 424bef51fa530389b0b9008c9e144e40c10e8458 ]
The device_node pointer is returned by of_parse_phandle() with refcount
incremented. We should use of_node_put() on it when done.
Fixes: 8934d3e4d0e7 ("usb: musb: omap2430: Don't use omap_get_control_dev()")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220309111033.24487-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/musb/omap2430.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/musb/omap2430.c b/drivers/usb/musb/omap2430.c
index d2b7e613eb34..f571a65ae6ee 100644
--- a/drivers/usb/musb/omap2430.c
+++ b/drivers/usb/musb/omap2430.c
@@ -362,6 +362,7 @@ static int omap2430_probe(struct platform_device *pdev)
control_node = of_parse_phandle(np, "ctrl-module", 0);
if (control_node) {
control_pdev = of_find_device_by_node(control_node);
+ of_node_put(control_node);
if (!control_pdev) {
dev_err(&pdev->dev, "Failed to get control device\n");
ret = -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 021/339] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 020/339] usb: musb: Fix missing of_node_put() in omap2430_probe Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 022/339] pwm: lp3943: Fix duty calculation in case period was clamped Greg Kroah-Hartman
` (319 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 7079b3483a17be2cfba64cbd4feb1b7ae07f1ea7 ]
If device_register() fails, device_unregister() should not be called
because it will free some resources that are not allocated.
put_device() should be used instead.
Fixes: 308ee87a2f1e ("staging: fieldbus: anybus-s: support HMS Anybus-S bus")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/5401a519608d6e1a4e7435c20f4f20b0c5c36c23.1650610082.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/fieldbus/anybuss/host.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/fieldbus/anybuss/host.c b/drivers/staging/fieldbus/anybuss/host.c
index a344410e48fe..cd86b9c9e345 100644
--- a/drivers/staging/fieldbus/anybuss/host.c
+++ b/drivers/staging/fieldbus/anybuss/host.c
@@ -1384,7 +1384,7 @@ anybuss_host_common_probe(struct device *dev,
goto err_device;
return cd;
err_device:
- device_unregister(&cd->client->dev);
+ put_device(&cd->client->dev);
err_kthread:
kthread_stop(cd->qthread);
err_reset:
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 022/339] pwm: lp3943: Fix duty calculation in case period was clamped
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 021/339] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 023/339] pwm: raspberrypi-poe: Fix endianness in firmware struct Greg Kroah-Hartman
` (318 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König,
Thierry Reding, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 5e3b07ca5cc78cd4a987e78446849e41288d87cb ]
The hardware only supports periods <= 1.6 ms and if a bigger period is
requested it is clamped to 1.6 ms. In this case duty_cycle might be bigger
than 1.6 ms and then the duty cycle register is written with a value
bigger than LP3943_MAX_DUTY. So clamp duty_cycle accordingly.
Fixes: af66b3c0934e ("pwm: Add LP3943 PWM driver")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-lp3943.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/pwm/pwm-lp3943.c b/drivers/pwm/pwm-lp3943.c
index ea17d446a627..2bd04ecb508c 100644
--- a/drivers/pwm/pwm-lp3943.c
+++ b/drivers/pwm/pwm-lp3943.c
@@ -125,6 +125,7 @@ static int lp3943_pwm_config(struct pwm_chip *chip, struct pwm_device *pwm,
if (err)
return err;
+ duty_ns = min(duty_ns, period_ns);
val = (u8)(duty_ns * LP3943_MAX_DUTY / period_ns);
return lp3943_write_byte(lp3943, reg_duty, val);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 023/339] pwm: raspberrypi-poe: Fix endianness in firmware struct
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 022/339] pwm: lp3943: Fix duty calculation in case period was clamped Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 024/339] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (317 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Uwe Kleine-König,
Thierry Reding, Sasha Levin
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit 09f688f0718f57f9cf68ee1aa94490f641e759ba ]
The reg member of struct raspberrypi_pwm_prop is a little endian 32 bit
quantity. Explicitly convert the (native endian) value to little endian
on assignment as is already done in raspberrypi_pwm_set_property().
This fixes the following sparse warning:
drivers/pwm/pwm-raspberrypi-poe.c:69:24: warning: incorrect type in initializer (different base types)
drivers/pwm/pwm-raspberrypi-poe.c:69:24: expected restricted __le32 [usertype] reg
drivers/pwm/pwm-raspberrypi-poe.c:69:24: got unsigned int [usertype] reg
Fixes: 79caa362eab6 ("pwm: Add Raspberry Pi Firmware based PWM bus")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-raspberrypi-poe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pwm/pwm-raspberrypi-poe.c b/drivers/pwm/pwm-raspberrypi-poe.c
index e52e29fc8231..6ff73029f367 100644
--- a/drivers/pwm/pwm-raspberrypi-poe.c
+++ b/drivers/pwm/pwm-raspberrypi-poe.c
@@ -66,7 +66,7 @@ static int raspberrypi_pwm_get_property(struct rpi_firmware *firmware,
u32 reg, u32 *val)
{
struct raspberrypi_pwm_prop msg = {
- .reg = reg
+ .reg = cpu_to_le32(reg),
};
int ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 024/339] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 023/339] pwm: raspberrypi-poe: Fix endianness in firmware struct Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 025/339] usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback Greg Kroah-Hartman
` (316 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 1a358d35066487d228a68303d808bc4721c6b1b9 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220422105326.78713-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_smd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c
index 764c980507be..6ccfa12abd10 100644
--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1407,7 +1407,7 @@ static int qcom_smd_parse_edge(struct device *dev,
edge->name = node->name;
irq = irq_of_parse_and_map(node, 0);
- if (irq < 0) {
+ if (!irq) {
dev_err(dev, "required smd interrupt missing\n");
ret = irq;
goto put_node;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 025/339] usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 024/339] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 026/339] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
` (315 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Wesley Cheng, Sasha Levin
From: Wesley Cheng <quic_wcheng@quicinc.com>
[ Upstream commit bf594d1d0c1d7b895954018043536ffd327844f9 ]
The list_for_each_entry_safe() macro saves the current item (n) and
the item after (n+1), so that n can be safely removed without
corrupting the list. However, when traversing the list and removing
items using gadget giveback, the DWC3 lock is briefly released,
allowing other routines to execute. There is a situation where, while
items are being removed from the cancelled_list using
dwc3_gadget_ep_cleanup_cancelled_requests(), the pullup disable
routine is running in parallel (due to UDC unbind). As the cleanup
routine removes n, and the pullup disable removes n+1, once the
cleanup retakes the DWC3 lock, it references a request who was already
removed/handled. With list debug enabled, this leads to a panic.
Ensure all instances of the macro are replaced where gadget giveback
is used.
Example call stack:
Thread#1:
__dwc3_gadget_ep_set_halt() - CLEAR HALT
-> dwc3_gadget_ep_cleanup_cancelled_requests()
->list_for_each_entry_safe()
->dwc3_gadget_giveback(n)
->dwc3_gadget_del_and_unmap_request()- n deleted[cancelled_list]
->spin_unlock
->Thread#2 executes
...
->dwc3_gadget_giveback(n+1)
->Already removed!
Thread#2:
dwc3_gadget_pullup()
->waiting for dwc3 spin_lock
...
->Thread#1 released lock
->dwc3_stop_active_transfers()
->dwc3_remove_requests()
->fetches n+1 item from cancelled_list (n removed by Thread#1)
->dwc3_gadget_giveback()
->dwc3_gadget_del_and_unmap_request()- n+1 deleted[cancelled_list]
->spin_unlock
Fixes: d4f1afe5e896 ("usb: dwc3: gadget: move requests to cancelled_list")
Signed-off-by: Wesley Cheng <quic_wcheng@quicinc.com>
Link: https://lore.kernel.org/r/20220414183521.23451-1-quic_wcheng@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 026fc360cc50..6936d8ce8981 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2001,10 +2001,10 @@ static void dwc3_gadget_ep_skip_trbs(struct dwc3_ep *dep, struct dwc3_request *r
static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep)
{
struct dwc3_request *req;
- struct dwc3_request *tmp;
struct dwc3 *dwc = dep->dwc;
- list_for_each_entry_safe(req, tmp, &dep->cancelled_list, list) {
+ while (!list_empty(&dep->cancelled_list)) {
+ req = next_request(&dep->cancelled_list);
dwc3_gadget_ep_skip_trbs(dep, req);
switch (req->status) {
case DWC3_REQUEST_STATUS_DISCONNECTED:
@@ -2021,6 +2021,12 @@ static void dwc3_gadget_ep_cleanup_cancelled_requests(struct dwc3_ep *dep)
dwc3_gadget_giveback(dep, req, -ECONNRESET);
break;
}
+ /*
+ * The endpoint is disabled, let the dwc3_remove_requests()
+ * handle the cleanup.
+ */
+ if (!dep->endpoint.desc)
+ break;
}
}
@@ -3333,15 +3339,21 @@ static void dwc3_gadget_ep_cleanup_completed_requests(struct dwc3_ep *dep,
const struct dwc3_event_depevt *event, int status)
{
struct dwc3_request *req;
- struct dwc3_request *tmp;
- list_for_each_entry_safe(req, tmp, &dep->started_list, list) {
+ while (!list_empty(&dep->started_list)) {
int ret;
+ req = next_request(&dep->started_list);
ret = dwc3_gadget_ep_cleanup_completed_request(dep, event,
req, status);
if (ret)
break;
+ /*
+ * The endpoint is disabled, let the dwc3_remove_requests()
+ * handle the cleanup.
+ */
+ if (!dep->endpoint.desc)
+ break;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 026/339] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 025/339] usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 027/339] scripts/get_abi: Fix wrong script file name in the help message Greg Kroah-Hartman
` (314 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zheng Yongjun, Sasha Levin
From: Zheng Yongjun <zhengyongjun3@huawei.com>
[ Upstream commit a03e2ddab8e735e2cc315609b297b300e9cc60d2 ]
If the device is already in a runtime PM enabled state
pm_runtime_get_sync() will return 1, so a test for negative
value should be used to check for errors.
Fixes: 8eed00b237a28 ("usb: dwc3: pci: Runtime resume child device from wq")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Link: https://lore.kernel.org/r/20220422062652.10575-1-zhengyongjun3@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/dwc3-pci.c b/drivers/usb/dwc3/dwc3-pci.c
index 2e19e0e4ea53..ba51de7dd760 100644
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -288,7 +288,7 @@ static void dwc3_pci_resume_work(struct work_struct *work)
int ret;
ret = pm_runtime_get_sync(&dwc3->dev);
- if (ret) {
+ if (ret < 0) {
pm_runtime_put_sync_autosuspend(&dwc3->dev);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 027/339] scripts/get_abi: Fix wrong script file name in the help message
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 026/339] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 028/339] misc: fastrpc: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
` (313 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, SeongJae Park, Sasha Levin
From: SeongJae Park <sj@kernel.org>
[ Upstream commit 5b5bfecaa333fb6a0cce1bfc4852a622dacfed1d ]
The help message of 'get_abi.pl' is mistakenly saying it's
'abi_book.pl'. This commit fixes the wrong name in the help message.
Fixes: bbc249f2b859 ("scripts: add an script to parse the ABI files")
Signed-off-by: SeongJae Park <sj@kernel.org>
Link: https://lore.kernel.org/r/20220419121636.290407-1-sj@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/get_abi.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/get_abi.pl b/scripts/get_abi.pl
index 1389db76cff3..0ffd5531242a 100755
--- a/scripts/get_abi.pl
+++ b/scripts/get_abi.pl
@@ -981,11 +981,11 @@ __END__
=head1 NAME
-abi_book.pl - parse the Linux ABI files and produce a ReST book.
+get_abi.pl - parse the Linux ABI files and produce a ReST book.
=head1 SYNOPSIS
-B<abi_book.pl> [--debug <level>] [--enable-lineno] [--man] [--help]
+B<get_abi.pl> [--debug <level>] [--enable-lineno] [--man] [--help]
[--(no-)rst-source] [--dir=<dir>] [--show-hints]
[--search-string <regex>]
<COMMAND> [<ARGUMENT>]
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 028/339] misc: fastrpc: fix an incorrect NULL check on list iterator
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 027/339] scripts/get_abi: Fix wrong script file name in the help message Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 029/339] firmware: stratix10-svc: fix a missing " Greg Kroah-Hartman
` (312 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Sasha Levin
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
[ Upstream commit 5ac11fe03a0a83042d1a040dbce4fa2fb5521e23 ]
The bug is here:
if (!buf) {
The list iterator value 'buf' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty (in this case, the
check 'if (!buf) {' will always be false and never exit expectly).
To fix the bug, use a new variable 'iter' as the list iterator,
while use the original variable 'buf' as a dedicated pointer to
point to the found element.
Fixes: 2419e55e532de ("misc: fastrpc: add mmap/unmap support")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220327062202.5720-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/fastrpc.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
index 29cf292c0aba..93ebd174d848 100644
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -1606,17 +1606,18 @@ static int fastrpc_req_munmap_impl(struct fastrpc_user *fl,
struct fastrpc_req_munmap *req)
{
struct fastrpc_invoke_args args[1] = { [0] = { 0 } };
- struct fastrpc_buf *buf, *b;
+ struct fastrpc_buf *buf = NULL, *iter, *b;
struct fastrpc_munmap_req_msg req_msg;
struct device *dev = fl->sctx->dev;
int err;
u32 sc;
spin_lock(&fl->lock);
- list_for_each_entry_safe(buf, b, &fl->mmaps, node) {
- if ((buf->raddr == req->vaddrout) && (buf->size == req->size))
+ list_for_each_entry_safe(iter, b, &fl->mmaps, node) {
+ if ((iter->raddr == req->vaddrout) && (iter->size == req->size)) {
+ buf = iter;
break;
- buf = NULL;
+ }
}
spin_unlock(&fl->lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 029/339] firmware: stratix10-svc: fix a missing check on list iterator
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 028/339] misc: fastrpc: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 030/339] usb: typec: mux: Check dev_set_name() return value Greg Kroah-Hartman
` (311 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Xiaomeng Tong, Sasha Levin
From: Xiaomeng Tong <xiam0nd.tong@gmail.com>
[ Upstream commit 5a0793ac66ac0e254d292f129a4d6c526f9f2aff ]
The bug is here:
pmem->vaddr = NULL;
The list iterator 'pmem' will point to a bogus position containing
HEAD if the list is empty or no element is found. This case must
be checked before any use of the iterator, otherwise it will
lead to a invalid memory access.
To fix this bug, just gen_pool_free/set NULL/list_del() and return
when found, otherwise list_del HEAD and return;
Fixes: 7ca5ce896524f ("firmware: add Intel Stratix10 service layer driver")
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220414035609.2239-1-xiam0nd.tong@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/stratix10-svc.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c
index 8177a0fae11d..14663f671323 100644
--- a/drivers/firmware/stratix10-svc.c
+++ b/drivers/firmware/stratix10-svc.c
@@ -948,17 +948,17 @@ EXPORT_SYMBOL_GPL(stratix10_svc_allocate_memory);
void stratix10_svc_free_memory(struct stratix10_svc_chan *chan, void *kaddr)
{
struct stratix10_svc_data_mem *pmem;
- size_t size = 0;
list_for_each_entry(pmem, &svc_data_mem, node)
if (pmem->vaddr == kaddr) {
- size = pmem->size;
- break;
+ gen_pool_free(chan->ctrl->genpool,
+ (unsigned long)kaddr, pmem->size);
+ pmem->vaddr = NULL;
+ list_del(&pmem->node);
+ return;
}
- gen_pool_free(chan->ctrl->genpool, (unsigned long)kaddr, size);
- pmem->vaddr = NULL;
- list_del(&pmem->node);
+ list_del(&svc_data_mem);
}
EXPORT_SYMBOL_GPL(stratix10_svc_free_memory);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 030/339] usb: typec: mux: Check dev_set_name() return value
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 029/339] firmware: stratix10-svc: fix a missing " Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 031/339] rpmsg: virtio: Fix possible double free in rpmsg_probe() Greg Kroah-Hartman
` (310 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andy Shevchenko, Andy Shevchenko,
Heikki Krogerus, Bjorn Andersson, Sasha Levin
From: Bjorn Andersson <bjorn.andersson@linaro.org>
[ Upstream commit b9fa0292490db39d6542f514117333d366ec0011 ]
It's possible that dev_set_name() returns -ENOMEM, catch and handle this.
Fixes: 3370db35193b ("usb: typec: Registering real device entries for the muxes")
Reported-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220422222351.1297276-4-bjorn.andersson@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/mux.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/typec/mux.c b/drivers/usb/typec/mux.c
index c8340de0ed49..d2aaf294b649 100644
--- a/drivers/usb/typec/mux.c
+++ b/drivers/usb/typec/mux.c
@@ -131,8 +131,11 @@ typec_switch_register(struct device *parent,
sw->dev.class = &typec_mux_class;
sw->dev.type = &typec_switch_dev_type;
sw->dev.driver_data = desc->drvdata;
- dev_set_name(&sw->dev, "%s-switch",
- desc->name ? desc->name : dev_name(parent));
+ ret = dev_set_name(&sw->dev, "%s-switch", desc->name ? desc->name : dev_name(parent));
+ if (ret) {
+ put_device(&sw->dev);
+ return ERR_PTR(ret);
+ }
ret = device_add(&sw->dev);
if (ret) {
@@ -338,8 +341,11 @@ typec_mux_register(struct device *parent, const struct typec_mux_desc *desc)
mux->dev.class = &typec_mux_class;
mux->dev.type = &typec_mux_dev_type;
mux->dev.driver_data = desc->drvdata;
- dev_set_name(&mux->dev, "%s-mux",
- desc->name ? desc->name : dev_name(parent));
+ ret = dev_set_name(&mux->dev, "%s-mux", desc->name ? desc->name : dev_name(parent));
+ if (ret) {
+ put_device(&mux->dev);
+ return ERR_PTR(ret);
+ }
ret = device_add(&mux->dev);
if (ret) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 031/339] rpmsg: virtio: Fix possible double free in rpmsg_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 030/339] usb: typec: mux: Check dev_set_name() return value Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 032/339] rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() Greg Kroah-Hartman
` (309 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Arnaud Pouliquen,
Mathieu Poirier, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit c2eecefec5df1306eafce28ccdf1ca159a552ecc ]
vch will be free in virtio_rpmsg_release_device() when
rpmsg_ns_register_device() fails. There is no need to call kfree() again.
Fix this by changing error path from free_vch to free_ctrldev.
Fixes: c486682ae1e2 ("rpmsg: virtio: Register the rpmsg_char device")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Tested-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Link: https://lore.kernel.org/r/20220426060536.15594-2-hbh25y@gmail.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/virtio_rpmsg_bus.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/rpmsg/virtio_rpmsg_bus.c b/drivers/rpmsg/virtio_rpmsg_bus.c
index 3ede25b1f2e4..d4e453062062 100644
--- a/drivers/rpmsg/virtio_rpmsg_bus.c
+++ b/drivers/rpmsg/virtio_rpmsg_bus.c
@@ -973,7 +973,8 @@ static int rpmsg_probe(struct virtio_device *vdev)
err = rpmsg_ns_register_device(rpdev_ns);
if (err)
- goto free_vch;
+ /* vch will be free in virtio_rpmsg_release_device() */
+ goto free_ctrldev;
}
/*
@@ -997,8 +998,6 @@ static int rpmsg_probe(struct virtio_device *vdev)
return 0;
-free_vch:
- kfree(vch);
free_ctrldev:
rpmsg_virtio_del_ctrl_dev(rpdev_ctrl);
free_coherent:
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 032/339] rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 031/339] rpmsg: virtio: Fix possible double free in rpmsg_probe() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 033/339] rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl Greg Kroah-Hartman
` (308 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangyu Hua, Arnaud Pouliquen,
Mathieu Poirier, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit 1680939e9ecf7764fba8689cfb3429c2fe2bb23c ]
vch will be free in virtio_rpmsg_release_device() when
rpmsg_ctrldev_register_device() fails. There is no need to call
kfree() again.
Fixes: c486682ae1e2 ("rpmsg: virtio: Register the rpmsg_char device")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Tested-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Link: https://lore.kernel.org/r/20220426060536.15594-3-hbh25y@gmail.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/virtio_rpmsg_bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rpmsg/virtio_rpmsg_bus.c b/drivers/rpmsg/virtio_rpmsg_bus.c
index d4e453062062..9948a7335b83 100644
--- a/drivers/rpmsg/virtio_rpmsg_bus.c
+++ b/drivers/rpmsg/virtio_rpmsg_bus.c
@@ -851,7 +851,7 @@ static struct rpmsg_device *rpmsg_virtio_add_ctrl_dev(struct virtio_device *vdev
err = rpmsg_ctrldev_register_device(rpdev_ctrl);
if (err) {
- kfree(vch);
+ /* vch will be free in virtio_rpmsg_release_device() */
return ERR_PTR(err);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 033/339] rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 032/339] rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 034/339] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Greg Kroah-Hartman
` (307 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Arnaud Pouliquen, Hangyu Hua,
Mathieu Poirier, Sasha Levin
From: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
[ Upstream commit df191796985922488e4e6b64f7bd79c3934412f2 ]
Unregister the rpmsg_ctrl device instead of just freeing the
the virtio_rpmsg_channel structure.
This will properly unregister the device and call
virtio_rpmsg_release_device() that frees the structure.
Fixes: c486682ae1e2 ("rpmsg: virtio: Register the rpmsg_char device")
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220426060536.15594-4-hbh25y@gmail.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/virtio_rpmsg_bus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rpmsg/virtio_rpmsg_bus.c b/drivers/rpmsg/virtio_rpmsg_bus.c
index 9948a7335b83..905ac7910c98 100644
--- a/drivers/rpmsg/virtio_rpmsg_bus.c
+++ b/drivers/rpmsg/virtio_rpmsg_bus.c
@@ -862,7 +862,7 @@ static void rpmsg_virtio_del_ctrl_dev(struct rpmsg_device *rpdev_ctrl)
{
if (!rpdev_ctrl)
return;
- kfree(to_virtio_rpmsg_channel(rpdev_ctrl));
+ device_unregister(&rpdev_ctrl->dev);
}
static int rpmsg_probe(struct virtio_device *vdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 034/339] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 033/339] rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 035/339] iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout Greg Kroah-Hartman
` (306 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Philippe Schenker,
Jonathan Cameron, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit d345b23200bcdbd2bd3582213d738c258b77718f ]
wait_for_completion_timeout() returns unsigned long not long.
it returns 0 if timed out, and positive if completed.
The check for <= 0 is ambiguous and should be == 0 here
indicating timeout which is the only error case
Fixes: e813dde6f833 ("iio: stmpe-adc: Use wait_for_completion_timeout")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Philippe Schenker <philippe.schenker@toradex.com>
Link: https://lore.kernel.org/r/20220412065150.14486-1-linmq006@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/stmpe-adc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/adc/stmpe-adc.c b/drivers/iio/adc/stmpe-adc.c
index d2d405388499..83e0ac4467ca 100644
--- a/drivers/iio/adc/stmpe-adc.c
+++ b/drivers/iio/adc/stmpe-adc.c
@@ -61,7 +61,7 @@ struct stmpe_adc {
static int stmpe_read_voltage(struct stmpe_adc *info,
struct iio_chan_spec const *chan, int *val)
{
- long ret;
+ unsigned long ret;
mutex_lock(&info->lock);
@@ -79,7 +79,7 @@ static int stmpe_read_voltage(struct stmpe_adc *info,
ret = wait_for_completion_timeout(&info->completion, STMPE_ADC_TIMEOUT);
- if (ret <= 0) {
+ if (ret == 0) {
stmpe_reg_write(info->stmpe, STMPE_REG_ADC_INT_STA,
STMPE_ADC_CH(info->channel));
mutex_unlock(&info->lock);
@@ -96,7 +96,7 @@ static int stmpe_read_voltage(struct stmpe_adc *info,
static int stmpe_read_temp(struct stmpe_adc *info,
struct iio_chan_spec const *chan, int *val)
{
- long ret;
+ unsigned long ret;
mutex_lock(&info->lock);
@@ -114,7 +114,7 @@ static int stmpe_read_temp(struct stmpe_adc *info,
ret = wait_for_completion_timeout(&info->completion, STMPE_ADC_TIMEOUT);
- if (ret <= 0) {
+ if (ret == 0) {
mutex_unlock(&info->lock);
return -ETIMEDOUT;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 035/339] iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 034/339] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 036/339] iio: adc: sc27xx: fix read big scale voltage not right Greg Kroah-Hartman
` (305 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Jonathan Cameron, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 50f2959113cb6756ffd73c4fedc712cf2661f711 ]
wait_for_completion_timeout() returns unsigned long not int.
It returns 0 if timed out, and positive if completed.
The check for <= 0 is ambiguous and should be == 0 here
indicating timeout which is the only error case.
Fixes: 3cef2e31b54b ("iio: proximity: vl53l0x: Add IRQ support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220412064210.10734-1-linmq006@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/proximity/vl53l0x-i2c.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/iio/proximity/vl53l0x-i2c.c b/drivers/iio/proximity/vl53l0x-i2c.c
index 661a79ea200d..a284b20529fb 100644
--- a/drivers/iio/proximity/vl53l0x-i2c.c
+++ b/drivers/iio/proximity/vl53l0x-i2c.c
@@ -104,6 +104,7 @@ static int vl53l0x_read_proximity(struct vl53l0x_data *data,
u16 tries = 20;
u8 buffer[12];
int ret;
+ unsigned long time_left;
ret = i2c_smbus_write_byte_data(client, VL_REG_SYSRANGE_START, 1);
if (ret < 0)
@@ -112,10 +113,8 @@ static int vl53l0x_read_proximity(struct vl53l0x_data *data,
if (data->client->irq) {
reinit_completion(&data->completion);
- ret = wait_for_completion_timeout(&data->completion, HZ/10);
- if (ret < 0)
- return ret;
- else if (ret == 0)
+ time_left = wait_for_completion_timeout(&data->completion, HZ/10);
+ if (time_left == 0)
return -ETIMEDOUT;
vl53l0x_clear_irq(data);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 036/339] iio: adc: sc27xx: fix read big scale voltage not right
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 035/339] iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 037/339] iio: adc: sc27xx: Fine tune the scale calibration values Greg Kroah-Hartman
` (304 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cixi Geng, Baolin Wang,
Jonathan Cameron, Sasha Levin
From: Cixi Geng <cixi.geng1@unisoc.com>
[ Upstream commit ad930a75613282400179361e220e58b87386b8c7 ]
Fix wrong configuration value of SC27XX_ADC_SCALE_MASK and
SC27XX_ADC_SCALE_SHIFT by spec documetation.
Fixes: 5df362a6cf49c (iio: adc: Add Spreadtrum SC27XX PMICs ADC support)
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Reviewed-by: Baolin Wang <baolin.wang7@gmail.com>
Link: https://lore.kernel.org/r/20220419142458.884933-3-gengcixi@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/sc27xx_adc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/adc/sc27xx_adc.c b/drivers/iio/adc/sc27xx_adc.c
index 00098caf6d9e..aee076c8e2b1 100644
--- a/drivers/iio/adc/sc27xx_adc.c
+++ b/drivers/iio/adc/sc27xx_adc.c
@@ -36,8 +36,8 @@
/* Bits and mask definition for SC27XX_ADC_CH_CFG register */
#define SC27XX_ADC_CHN_ID_MASK GENMASK(4, 0)
-#define SC27XX_ADC_SCALE_MASK GENMASK(10, 8)
-#define SC27XX_ADC_SCALE_SHIFT 8
+#define SC27XX_ADC_SCALE_MASK GENMASK(10, 9)
+#define SC27XX_ADC_SCALE_SHIFT 9
/* Bits definitions for SC27XX_ADC_INT_EN registers */
#define SC27XX_ADC_IRQ_EN BIT(0)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 037/339] iio: adc: sc27xx: Fine tune the scale calibration values
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 036/339] iio: adc: sc27xx: fix read big scale voltage not right Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 038/339] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Greg Kroah-Hartman
` (303 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cixi Geng, Jonathan Cameron, Sasha Levin
From: Cixi Geng <cixi.geng1@unisoc.com>
[ Upstream commit 5a7a184b11c6910f47600ff5cbbee34168f701a8 ]
Small adjustment the scale calibration value for the sc2731,
use new name sc2731_[big|small]_scale_graph_calib, and remove
the origin [big|small]_scale_graph_calib struct for unused.
Fixes: 8ba0dbfd07a35 (iio: adc: sc27xx: Add ADC scale calibration)
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Link: https://lore.kernel.org/r/20220419142458.884933-4-gengcixi@gmail.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/sc27xx_adc.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/iio/adc/sc27xx_adc.c b/drivers/iio/adc/sc27xx_adc.c
index aee076c8e2b1..cfe003cc4f0b 100644
--- a/drivers/iio/adc/sc27xx_adc.c
+++ b/drivers/iio/adc/sc27xx_adc.c
@@ -103,14 +103,14 @@ static struct sc27xx_adc_linear_graph small_scale_graph = {
100, 341,
};
-static const struct sc27xx_adc_linear_graph big_scale_graph_calib = {
- 4200, 856,
- 3600, 733,
+static const struct sc27xx_adc_linear_graph sc2731_big_scale_graph_calib = {
+ 4200, 850,
+ 3600, 728,
};
-static const struct sc27xx_adc_linear_graph small_scale_graph_calib = {
- 1000, 833,
- 100, 80,
+static const struct sc27xx_adc_linear_graph sc2731_small_scale_graph_calib = {
+ 1000, 838,
+ 100, 84,
};
static int sc27xx_adc_get_calib_data(u32 calib_data, int calib_adc)
@@ -130,11 +130,11 @@ static int sc27xx_adc_scale_calibration(struct sc27xx_adc_data *data,
size_t len;
if (big_scale) {
- calib_graph = &big_scale_graph_calib;
+ calib_graph = &sc2731_big_scale_graph_calib;
graph = &big_scale_graph;
cell_name = "big_scale_calib";
} else {
- calib_graph = &small_scale_graph_calib;
+ calib_graph = &sc2731_small_scale_graph_calib;
graph = &small_scale_graph;
cell_name = "small_scale_calib";
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 038/339] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 037/339] iio: adc: sc27xx: Fine tune the scale calibration values Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 039/339] misc/pvpanic: Convert regular spinlock into trylock on panic path Greg Kroah-Hartman
` (302 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Bjorn Andersson,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 59d6f72f6f9c92fec8757d9e29527da828e9281f ]
irq_of_parse_and_map() returns 0 on failure, so this should not be
passed further as error return code.
Fixes: 1a358d350664 ("rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220423093932.32136-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rpmsg/qcom_smd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rpmsg/qcom_smd.c b/drivers/rpmsg/qcom_smd.c
index 6ccfa12abd10..1957b27c4cf3 100644
--- a/drivers/rpmsg/qcom_smd.c
+++ b/drivers/rpmsg/qcom_smd.c
@@ -1409,7 +1409,7 @@ static int qcom_smd_parse_edge(struct device *dev,
irq = irq_of_parse_and_map(node, 0);
if (!irq) {
dev_err(dev, "required smd interrupt missing\n");
- ret = irq;
+ ret = -EINVAL;
goto put_node;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 039/339] misc/pvpanic: Convert regular spinlock into trylock on panic path
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 038/339] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 040/339] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Greg Kroah-Hartman
` (301 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Mihai Carabas,
Shile Zhang, Wang ShaoBo, zhenwei pi, Guilherme G. Piccoli,
Sasha Levin
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
[ Upstream commit e918c10265ef2bc82ce8a6fed6d8123d09ec1db3 ]
The pvpanic driver relies on panic notifiers to execute a callback
on panic event. Such function is executed in atomic context - the
panic function disables local IRQs, preemption and all other CPUs
that aren't running the panic code.
With that said, it's dangerous to use regular spinlocks in such path,
as introduced by commit b3c0f8774668 ("misc/pvpanic: probe multiple instances").
This patch fixes that by replacing regular spinlocks with the trylock
safer approach.
It also fixes an old comment (about a long gone framebuffer code) and
the notifier priority - we should execute hypervisor notifiers early,
deferring this way the panic action to the hypervisor, as expected by
the users that are setting up pvpanic.
Fixes: b3c0f8774668 ("misc/pvpanic: probe multiple instances")
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: Mihai Carabas <mihai.carabas@oracle.com>
Cc: Shile Zhang <shile.zhang@linux.alibaba.com>
Cc: Wang ShaoBo <bobo.shaobowang@huawei.com>
Cc: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Link: https://lore.kernel.org/r/20220427224924.592546-6-gpiccoli@igalia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/pvpanic/pvpanic.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/misc/pvpanic/pvpanic.c b/drivers/misc/pvpanic/pvpanic.c
index 4b8f1c7d726d..049a12006348 100644
--- a/drivers/misc/pvpanic/pvpanic.c
+++ b/drivers/misc/pvpanic/pvpanic.c
@@ -34,7 +34,9 @@ pvpanic_send_event(unsigned int event)
{
struct pvpanic_instance *pi_cur;
- spin_lock(&pvpanic_lock);
+ if (!spin_trylock(&pvpanic_lock))
+ return;
+
list_for_each_entry(pi_cur, &pvpanic_list, list) {
if (event & pi_cur->capability & pi_cur->events)
iowrite8(event, pi_cur->base);
@@ -55,9 +57,13 @@ pvpanic_panic_notify(struct notifier_block *nb, unsigned long code, void *unused
return NOTIFY_DONE;
}
+/*
+ * Call our notifier very early on panic, deferring the
+ * action taken to the hypervisor.
+ */
static struct notifier_block pvpanic_panic_nb = {
.notifier_call = pvpanic_panic_notify,
- .priority = 1, /* let this called before broken drm_fb_helper() */
+ .priority = INT_MAX,
};
static void pvpanic_remove(void *param)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 040/339] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 039/339] misc/pvpanic: Convert regular spinlock into trylock on panic path Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 041/339] power: supply: core: Initialize struct to zero Greg Kroah-Hartman
` (300 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Green, Johan Hovold, Vinod Koul,
Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 5e73b2d9867998278479ccc065a8a8227a5513ef ]
Make sure to disable the pipe clock also if ufs-reset deassertion fails
during power on.
Note that the ufs-reset is asserted in qcom_qmp_phy_com_exit().
Fixes: c9b589791fc1 ("phy: qcom: Utilize UFS reset controller")
Cc: Evan Green <evgreen@chromium.org>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20220502133130.4125-2-johan+linaro@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/qualcomm/phy-qcom-qmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/qualcomm/phy-qcom-qmp.c b/drivers/phy/qualcomm/phy-qcom-qmp.c
index 9afac02e0eaa..4d50a6925600 100644
--- a/drivers/phy/qualcomm/phy-qcom-qmp.c
+++ b/drivers/phy/qualcomm/phy-qcom-qmp.c
@@ -5246,7 +5246,7 @@ static int qcom_qmp_phy_power_on(struct phy *phy)
ret = reset_control_deassert(qmp->ufs_reset);
if (ret)
- goto err_lane_rst;
+ goto err_pcs_ready;
qcom_qmp_phy_configure(pcs_misc, cfg->regs, cfg->pcs_misc_tbl,
cfg->pcs_misc_tbl_num);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 041/339] power: supply: core: Initialize struct to zero
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 040/339] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 042/339] power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 Greg Kroah-Hartman
` (299 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Walleij, Sebastian Reichel,
Sasha Levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit e56a4be2843c95c08cf8421dc1f8e880cafbaf91 ]
As we rely on pointers in the battery info to be zero-initialized
such as in the helper function power_supply_supports_vbat2ri()
we certainly need to allocate the struct power_supply_battery_info
with kzalloc() as well. Else this happens:
Unable to handle kernel paging request at virtual address 00280000
(...)
PC is at power_supply_vbat2ri+0x50/0x12c
LR is at ab8500_fg_battery_resistance+0x34/0x108
Fixes: e9e7d165b4b0 ("power: supply: Support VBAT-to-Ri lookup tables")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/power_supply_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c
index d925cb137e12..fad5890c899e 100644
--- a/drivers/power/supply/power_supply_core.c
+++ b/drivers/power/supply/power_supply_core.c
@@ -616,7 +616,7 @@ int power_supply_get_battery_info(struct power_supply *psy,
goto out_put_node;
}
- info = devm_kmalloc(&psy->dev, sizeof(*info), GFP_KERNEL);
+ info = devm_kzalloc(&psy->dev, sizeof(*info), GFP_KERNEL);
if (!info) {
err = -ENOMEM;
goto out_put_node;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 042/339] power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 041/339] power: supply: core: Initialize struct to zero Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 043/339] power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk Greg Kroah-Hartman
` (298 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sebastian Reichel,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 34f243e9fb5ace1ca760c72e366247eaeff430c0 ]
Commit 3a06b912a5ce ("power: supply: axp288_fuel_gauge: Make "T3 MRD"
no_battery_list DMI entry more generic") added a generic no-battery DMI
match for many mini-PCs / HDMI-sticks which use "T3 MRD" as their DMI
board-name.
It turns out that the One Mix 1 mini laptop also uses "T3 MRD" for its
DMI boardname and it also has its chassis-type wrongly set to a value
of "3" (desktop). This was causing the axp288_fuel_gauge driver to
disable battery reporting because this matches the no-battery DMI
list entry for generic "T3 MRD" mini-PCs.
Change the no-battery DMI list into a quirks DMI list and add a
specific match for the One Mix 1 mini laptop before the generic
"T3 MRD" no-battery quirk entry to fix this.
Fixes: 3a06b912a5ce ("power: supply: axp288_fuel_gauge: Make "T3 MRD" no_battery_list DMI entry more generic")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/axp288_fuel_gauge.c | 40 +++++++++++++++++++++---
1 file changed, 36 insertions(+), 4 deletions(-)
diff --git a/drivers/power/supply/axp288_fuel_gauge.c b/drivers/power/supply/axp288_fuel_gauge.c
index e9f285dae489..5b8aa4a980cd 100644
--- a/drivers/power/supply/axp288_fuel_gauge.c
+++ b/drivers/power/supply/axp288_fuel_gauge.c
@@ -90,6 +90,8 @@
#define AXP288_REG_UPDATE_INTERVAL (60 * HZ)
#define AXP288_FG_INTR_NUM 6
+#define AXP288_QUIRK_NO_BATTERY BIT(0)
+
static bool no_current_sense_res;
module_param(no_current_sense_res, bool, 0444);
MODULE_PARM_DESC(no_current_sense_res, "No (or broken) current sense resistor");
@@ -524,7 +526,7 @@ static struct power_supply_desc fuel_gauge_desc = {
* detection reports one despite it not being there.
* Please keep this listed sorted alphabetically.
*/
-static const struct dmi_system_id axp288_no_battery_list[] = {
+static const struct dmi_system_id axp288_quirks[] = {
{
/* ACEPC T8 Cherry Trail Z8350 mini PC */
.matches = {
@@ -534,6 +536,7 @@ static const struct dmi_system_id axp288_no_battery_list[] = {
/* also match on somewhat unique bios-version */
DMI_EXACT_MATCH(DMI_BIOS_VERSION, "1.000"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{
/* ACEPC T11 Cherry Trail Z8350 mini PC */
@@ -544,6 +547,7 @@ static const struct dmi_system_id axp288_no_battery_list[] = {
/* also match on somewhat unique bios-version */
DMI_EXACT_MATCH(DMI_BIOS_VERSION, "1.000"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{
/* Intel Cherry Trail Compute Stick, Windows version */
@@ -551,6 +555,7 @@ static const struct dmi_system_id axp288_no_battery_list[] = {
DMI_MATCH(DMI_SYS_VENDOR, "Intel"),
DMI_MATCH(DMI_PRODUCT_NAME, "STK1AW32SC"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{
/* Intel Cherry Trail Compute Stick, version without an OS */
@@ -558,34 +563,55 @@ static const struct dmi_system_id axp288_no_battery_list[] = {
DMI_MATCH(DMI_SYS_VENDOR, "Intel"),
DMI_MATCH(DMI_PRODUCT_NAME, "STK1A32SC"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{
/* Meegopad T02 */
.matches = {
DMI_MATCH(DMI_PRODUCT_NAME, "MEEGOPAD T02"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{ /* Mele PCG03 Mini PC */
.matches = {
DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Mini PC"),
DMI_EXACT_MATCH(DMI_BOARD_NAME, "Mini PC"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{
/* Minix Neo Z83-4 mini PC */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "MINIX"),
DMI_MATCH(DMI_PRODUCT_NAME, "Z83-4"),
- }
+ },
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{
- /* Various Ace PC/Meegopad/MinisForum/Wintel Mini-PCs/HDMI-sticks */
+ /*
+ * One Mix 1, this uses the "T3 MRD" boardname used by
+ * generic mini PCs, but it is a mini laptop so it does
+ * actually have a battery!
+ */
+ .matches = {
+ DMI_MATCH(DMI_BOARD_NAME, "T3 MRD"),
+ DMI_MATCH(DMI_BIOS_DATE, "06/14/2018"),
+ },
+ .driver_data = NULL,
+ },
+ {
+ /*
+ * Various Ace PC/Meegopad/MinisForum/Wintel Mini-PCs/HDMI-sticks
+ * This entry must be last because it is generic, this allows
+ * adding more specifuc quirks overriding this generic entry.
+ */
.matches = {
DMI_MATCH(DMI_BOARD_NAME, "T3 MRD"),
DMI_MATCH(DMI_CHASSIS_TYPE, "3"),
DMI_MATCH(DMI_BIOS_VENDOR, "American Megatrends Inc."),
DMI_MATCH(DMI_BIOS_VERSION, "5.11"),
},
+ .driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
{}
};
@@ -665,7 +691,9 @@ static int axp288_fuel_gauge_probe(struct platform_device *pdev)
[BAT_D_CURR] = "axp288-chrg-d-curr",
[BAT_VOLT] = "axp288-batt-volt",
};
+ const struct dmi_system_id *dmi_id;
struct device *dev = &pdev->dev;
+ unsigned long quirks = 0;
int i, pirq, ret;
/*
@@ -675,7 +703,11 @@ static int axp288_fuel_gauge_probe(struct platform_device *pdev)
if (!acpi_quirk_skip_acpi_ac_and_battery())
return -ENODEV;
- if (dmi_check_system(axp288_no_battery_list))
+ dmi_id = dmi_first_match(axp288_quirks);
+ if (dmi_id)
+ quirks = (unsigned long)dmi_id->driver_data;
+
+ if (quirks & AXP288_QUIRK_NO_BATTERY)
return -ENODEV;
info = devm_kzalloc(dev, sizeof(*info), GFP_KERNEL);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 043/339] power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 042/339] power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 044/339] power: supply: ab8500_fg: Allocate wq in probe Greg Kroah-Hartman
` (297 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hans de Goede, Sebastian Reichel,
Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit f61509a6f0b70f5bedea34efaf8065621689bd7a ]
Some "T3 MRD" mini-PCs / HDMI-sticks without a battery use a different
value then "5.11" for their DMI BIOS version field.
Drop the BIOS version check so that the no-battery "T3 MRD" DMI quirk
applies to these too.
Fixes: 3a06b912a5ce ("power: supply: axp288_fuel_gauge: Make "T3 MRD" no_battery_list DMI entry more generic")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/axp288_fuel_gauge.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/power/supply/axp288_fuel_gauge.c b/drivers/power/supply/axp288_fuel_gauge.c
index 5b8aa4a980cd..8e6f8a655079 100644
--- a/drivers/power/supply/axp288_fuel_gauge.c
+++ b/drivers/power/supply/axp288_fuel_gauge.c
@@ -609,7 +609,6 @@ static const struct dmi_system_id axp288_quirks[] = {
DMI_MATCH(DMI_BOARD_NAME, "T3 MRD"),
DMI_MATCH(DMI_CHASSIS_TYPE, "3"),
DMI_MATCH(DMI_BIOS_VENDOR, "American Megatrends Inc."),
- DMI_MATCH(DMI_BIOS_VERSION, "5.11"),
},
.driver_data = (void *)AXP288_QUIRK_NO_BATTERY,
},
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 044/339] power: supply: ab8500_fg: Allocate wq in probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 043/339] power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 045/339] serial: sifive: Report actual baud base rather than fixed 115200 Greg Kroah-Hartman
` (296 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Linus Walleij, Sebastian Reichel,
Sasha Levin
From: Linus Walleij <linus.walleij@linaro.org>
[ Upstream commit 010ddb813f3554cbbf8bd13b731452236a2c8017 ]
The workqueue is allocated in bind() but all interrupts are
registered in probe().
Some interrupts put work on the workqueue, which can have
bad side effects.
Allocate the workqueue in probe() instead, destroy it in
.remove() and make unbind() simply flush the workqueue.
Fixes: 1c1f13a006ed ("power: supply: ab8500: Move to componentized binding")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/power/supply/ab8500_fg.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/drivers/power/supply/ab8500_fg.c b/drivers/power/supply/ab8500_fg.c
index 97ac588a9e9c..ec8a404d71b4 100644
--- a/drivers/power/supply/ab8500_fg.c
+++ b/drivers/power/supply/ab8500_fg.c
@@ -3037,13 +3037,6 @@ static int ab8500_fg_bind(struct device *dev, struct device *master,
{
struct ab8500_fg *di = dev_get_drvdata(dev);
- /* Create a work queue for running the FG algorithm */
- di->fg_wq = alloc_ordered_workqueue("ab8500_fg_wq", WQ_MEM_RECLAIM);
- if (di->fg_wq == NULL) {
- dev_err(dev, "failed to create work queue\n");
- return -ENOMEM;
- }
-
di->bat_cap.max_mah_design = di->bm->bi->charge_full_design_uah;
di->bat_cap.max_mah = di->bat_cap.max_mah_design;
di->vbat_nom_uv = di->bm->bi->voltage_max_design_uv;
@@ -3067,8 +3060,7 @@ static void ab8500_fg_unbind(struct device *dev, struct device *master,
if (ret)
dev_err(dev, "failed to disable coulomb counter\n");
- destroy_workqueue(di->fg_wq);
- flush_scheduled_work();
+ flush_workqueue(di->fg_wq);
}
static const struct component_ops ab8500_fg_component_ops = {
@@ -3117,6 +3109,13 @@ static int ab8500_fg_probe(struct platform_device *pdev)
ab8500_fg_charge_state_to(di, AB8500_FG_CHARGE_INIT);
ab8500_fg_discharge_state_to(di, AB8500_FG_DISCHARGE_INIT);
+ /* Create a work queue for running the FG algorithm */
+ di->fg_wq = alloc_ordered_workqueue("ab8500_fg_wq", WQ_MEM_RECLAIM);
+ if (di->fg_wq == NULL) {
+ dev_err(dev, "failed to create work queue\n");
+ return -ENOMEM;
+ }
+
/* Init work for running the fg algorithm instantly */
INIT_WORK(&di->fg_work, ab8500_fg_instant_work);
@@ -3227,6 +3226,8 @@ static int ab8500_fg_remove(struct platform_device *pdev)
{
struct ab8500_fg *di = platform_get_drvdata(pdev);
+ destroy_workqueue(di->fg_wq);
+ flush_scheduled_work();
component_del(&pdev->dev, &ab8500_fg_component_ops);
list_del(&di->node);
ab8500_fg_sysfs_exit(di);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 045/339] serial: sifive: Report actual baud base rather than fixed 115200
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 044/339] power: supply: ab8500_fg: Allocate wq in probe Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 046/339] export: fix string handling of namespace in EXPORT_SYMBOL_NS Greg Kroah-Hartman
` (295 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maciej W. Rozycki, Sasha Levin
From: Maciej W. Rozycki <macro@orcam.me.uk>
[ Upstream commit 0a7ff843d507ce2cca2c3b7e169ee56e28133530 ]
The base baud value reported is supposed to be the highest baud rate
that can be set for a serial port. The SiFive FU740-C000 SOC's on-chip
UART supports baud rates of up to 1/16 of the input clock rate, which is
the bus clock `tlclk'[1], often at 130MHz in the case of the HiFive
Unmatched board.
However the sifive UART driver reports a fixed value of 115200 instead:
10010000.serial: ttySIF0 at MMIO 0x10010000 (irq = 1, base_baud = 115200) is a SiFive UART v0
10011000.serial: ttySIF1 at MMIO 0x10011000 (irq = 2, base_baud = 115200) is a SiFive UART v0
even though we already support setting higher baud rates, e.g.:
$ tty
/dev/ttySIF1
$ stty speed
230400
The baud base value is computed by the serial core by dividing the UART
clock recorded in `struct uart_port' by 16, which is also the minimum
value of the clock divider supported, so correct the baud base value
reported by setting the UART clock recorded to the input clock rate
rather than 115200:
10010000.serial: ttySIF0 at MMIO 0x10010000 (irq = 1, base_baud = 8125000) is a SiFive UART v0
10011000.serial: ttySIF1 at MMIO 0x10011000 (irq = 2, base_baud = 8125000) is a SiFive UART v0
[1] "SiFive FU740-C000 Manual", v1p3, SiFive, Inc., August 13, 2021,
Section 16.9 "Baud Rate Divisor Register (div)", pp.143-144
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes: 1f1496a923b6 ("riscv: Fix sifive serial driver")
Link: https://lore.kernel.org/r/alpine.DEB.2.21.2204291656280.9383@angie.orcam.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sifive.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c
index f5ac14c384c4..6140166b7ed5 100644
--- a/drivers/tty/serial/sifive.c
+++ b/drivers/tty/serial/sifive.c
@@ -998,7 +998,7 @@ static int sifive_serial_probe(struct platform_device *pdev)
/* Set up clock divider */
ssp->clkin_rate = clk_get_rate(ssp->clk);
ssp->baud_rate = SIFIVE_DEFAULT_BAUD_RATE;
- ssp->port.uartclk = ssp->baud_rate * 16;
+ ssp->port.uartclk = ssp->clkin_rate;
__ssp_update_div(ssp);
platform_set_drvdata(pdev, ssp);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 046/339] export: fix string handling of namespace in EXPORT_SYMBOL_NS
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 045/339] serial: sifive: Report actual baud base rather than fixed 115200 Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 047/339] watchdog: rzg2l_wdt: Fix 32bit overflow issue Greg Kroah-Hartman
` (294 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miroslav Benes, Emil Velikov,
Jessica Yu, Quentin Perret, Matthias Maennich, Masahiro Yamada,
Sasha Levin
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit d143b9db8069f0e2a0fa34484e806a55a0dd4855 ]
Commit c3a6cf19e695 ("export: avoid code duplication in
include/linux/export.h") broke the ability for a defined string to be
used as a namespace value. Fix this up by using stringify to properly
encode the namespace name.
Fixes: c3a6cf19e695 ("export: avoid code duplication in include/linux/export.h")
Cc: Miroslav Benes <mbenes@suse.cz>
Cc: Emil Velikov <emil.l.velikov@gmail.com>
Cc: Jessica Yu <jeyu@kernel.org>
Cc: Quentin Perret <qperret@google.com>
Cc: Matthias Maennich <maennich@google.com>
Reviewed-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20220427090442.2105905-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/export.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/include/linux/export.h b/include/linux/export.h
index 27d848712b90..5910ccb66ca2 100644
--- a/include/linux/export.h
+++ b/include/linux/export.h
@@ -2,6 +2,8 @@
#ifndef _LINUX_EXPORT_H
#define _LINUX_EXPORT_H
+#include <linux/stringify.h>
+
/*
* Export symbols from the kernel to modules. Forked from module.h
* to reduce the amount of pointless cruft we feed to gcc when only
@@ -154,7 +156,6 @@ struct kernel_symbol {
#endif /* CONFIG_MODULES */
#ifdef DEFAULT_SYMBOL_NAMESPACE
-#include <linux/stringify.h>
#define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, __stringify(DEFAULT_SYMBOL_NAMESPACE))
#else
#define _EXPORT_SYMBOL(sym, sec) __EXPORT_SYMBOL(sym, sec, "")
@@ -162,8 +163,8 @@ struct kernel_symbol {
#define EXPORT_SYMBOL(sym) _EXPORT_SYMBOL(sym, "")
#define EXPORT_SYMBOL_GPL(sym) _EXPORT_SYMBOL(sym, "_gpl")
-#define EXPORT_SYMBOL_NS(sym, ns) __EXPORT_SYMBOL(sym, "", #ns)
-#define EXPORT_SYMBOL_NS_GPL(sym, ns) __EXPORT_SYMBOL(sym, "_gpl", #ns)
+#define EXPORT_SYMBOL_NS(sym, ns) __EXPORT_SYMBOL(sym, "", __stringify(ns))
+#define EXPORT_SYMBOL_NS_GPL(sym, ns) __EXPORT_SYMBOL(sym, "_gpl", __stringify(ns))
#endif /* !__ASSEMBLY__ */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 047/339] watchdog: rzg2l_wdt: Fix 32bit overflow issue
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 046/339] export: fix string handling of namespace in EXPORT_SYMBOL_NS Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 048/339] watchdog: rzg2l_wdt: Fix Runtime PM usage Greg Kroah-Hartman
` (293 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Guenter Roeck,
Geert Uytterhoeven, Wim Van Sebroeck, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit ea2949df22a533cdf75e4583c00b1ce94cd5a83b ]
The value of timer_cycle_us can be 0 due to 32bit overflow.
For eg:- If we assign the counter value "0xfff" for computing
maxval.
This patch fixes this issue by appending ULL to 1024, so that
it is promoted to 64bit.
This patch also fixes the warning message, 'watchdog: Invalid min and
max timeout values, resetting to 0!'.
Fixes: 2cbc5cd0b55fa2 ("watchdog: Add Watchdog Timer driver for RZ/G2L")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20220225175320.11041-2-biju.das.jz@bp.renesas.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/rzg2l_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/watchdog/rzg2l_wdt.c b/drivers/watchdog/rzg2l_wdt.c
index 6b426df34fd6..96f2a018ab62 100644
--- a/drivers/watchdog/rzg2l_wdt.c
+++ b/drivers/watchdog/rzg2l_wdt.c
@@ -53,7 +53,7 @@ static void rzg2l_wdt_wait_delay(struct rzg2l_wdt_priv *priv)
static u32 rzg2l_wdt_get_cycle_usec(unsigned long cycle, u32 wdttime)
{
- u64 timer_cycle_us = 1024 * 1024 * (wdttime + 1) * MICRO;
+ u64 timer_cycle_us = 1024 * 1024ULL * (wdttime + 1) * MICRO;
return div64_ul(timer_cycle_us, cycle);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 048/339] watchdog: rzg2l_wdt: Fix Runtime PM usage
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 047/339] watchdog: rzg2l_wdt: Fix 32bit overflow issue Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 049/339] watchdog: rzg2l_wdt: Fix BUG: Invalid wait context Greg Kroah-Hartman
` (292 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven,
Guenter Roeck, Wim Van Sebroeck, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 95abafe76297fa057de6c3486ef844bd446bdf18 ]
Both rzg2l_wdt_probe() and rzg2l_wdt_start() calls pm_runtime_get() which
results in a usage counter imbalance. This patch fixes this issue by
removing pm_runtime_get() call from probe.
Fixes: 2cbc5cd0b55fa2 ("watchdog: Add Watchdog Timer driver for RZ/G2L")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220225175320.11041-3-biju.das.jz@bp.renesas.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/rzg2l_wdt.c | 16 ++--------------
1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/drivers/watchdog/rzg2l_wdt.c b/drivers/watchdog/rzg2l_wdt.c
index 96f2a018ab62..0fc73b8a9567 100644
--- a/drivers/watchdog/rzg2l_wdt.c
+++ b/drivers/watchdog/rzg2l_wdt.c
@@ -151,12 +151,11 @@ static const struct watchdog_ops rzg2l_wdt_ops = {
.restart = rzg2l_wdt_restart,
};
-static void rzg2l_wdt_reset_assert_pm_disable_put(void *data)
+static void rzg2l_wdt_reset_assert_pm_disable(void *data)
{
struct watchdog_device *wdev = data;
struct rzg2l_wdt_priv *priv = watchdog_get_drvdata(wdev);
- pm_runtime_put(wdev->parent);
pm_runtime_disable(wdev->parent);
reset_control_assert(priv->rstc);
}
@@ -206,11 +205,6 @@ static int rzg2l_wdt_probe(struct platform_device *pdev)
reset_control_deassert(priv->rstc);
pm_runtime_enable(&pdev->dev);
- ret = pm_runtime_resume_and_get(&pdev->dev);
- if (ret < 0) {
- dev_err(dev, "pm_runtime_resume_and_get failed ret=%pe", ERR_PTR(ret));
- goto out_pm_get;
- }
priv->wdev.info = &rzg2l_wdt_ident;
priv->wdev.ops = &rzg2l_wdt_ops;
@@ -222,7 +216,7 @@ static int rzg2l_wdt_probe(struct platform_device *pdev)
watchdog_set_drvdata(&priv->wdev, priv);
ret = devm_add_action_or_reset(&pdev->dev,
- rzg2l_wdt_reset_assert_pm_disable_put,
+ rzg2l_wdt_reset_assert_pm_disable,
&priv->wdev);
if (ret < 0)
return ret;
@@ -235,12 +229,6 @@ static int rzg2l_wdt_probe(struct platform_device *pdev)
dev_warn(dev, "Specified timeout invalid, using default");
return devm_watchdog_register_device(&pdev->dev, &priv->wdev);
-
-out_pm_get:
- pm_runtime_disable(dev);
- reset_control_assert(priv->rstc);
-
- return ret;
}
static const struct of_device_id rzg2l_wdt_ids[] = {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 049/339] watchdog: rzg2l_wdt: Fix BUG: Invalid wait context
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 048/339] watchdog: rzg2l_wdt: Fix Runtime PM usage Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 050/339] watchdog: rzg2l_wdt: Fix reset control imbalance Greg Kroah-Hartman
` (291 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven,
Guenter Roeck, Wim Van Sebroeck, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit e4cf89596c1f1e33309556699f910ced4abbaf44 ]
This patch fixes the issue 'BUG: Invalid wait context' during restart()
callback by using clk_prepare_enable() instead of pm_runtime_get_sync()
for turning on the clocks during restart.
This issue is noticed when testing with renesas_defconfig.
[ 42.213802] reboot: Restarting system
[ 42.217860]
[ 42.219364] =============================
[ 42.223368] [ BUG: Invalid wait context ]
[ 42.227372] 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522 Not tainted
[ 42.234153] -----------------------------
[ 42.238155] systemd-shutdow/1 is trying to lock:
[ 42.242766] ffff00000a650828 (&genpd->mlock){+.+.}-{3:3}, at: genpd_lock_mtx+0x14/0x20
[ 42.250709] other info that might help us debug this:
[ 42.255753] context-{4:4}
[ 42.258368] 2 locks held by systemd-shutdow/1:
[ 42.262806] #0: ffff80000944e1c8 (system_transition_mutex#2){+.+.}-{3:3}, at: __do_sys_reboot+0xd0/0x250
[ 42.272388] #1: ffff8000094c4e40 (rcu_read_lock){....}-{1:2}, at: atomic_notifier_call_chain+0x0/0x150
[ 42.281795] stack backtrace:
[ 42.284672] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 5.17.0-rc5-arm64-renesas-00002-g10393723e35e #522
[ 42.294577] Hardware name: Renesas SMARC EVK based on r9a07g044c2 (DT)
[ 42.301096] Call trace:
[ 42.303538] dump_backtrace+0xcc/0xd8
[ 42.307203] show_stack+0x14/0x30
[ 42.310517] dump_stack_lvl+0x88/0xb0
[ 42.314180] dump_stack+0x14/0x2c
[ 42.317492] __lock_acquire+0x1b24/0x1b50
[ 42.321502] lock_acquire+0x120/0x3a8
[ 42.325162] __mutex_lock+0x84/0x8f8
[ 42.328737] mutex_lock_nested+0x30/0x58
[ 42.332658] genpd_lock_mtx+0x14/0x20
[ 42.336319] genpd_runtime_resume+0xc4/0x228
[ 42.340587] __rpm_callback+0x44/0x170
[ 42.344337] rpm_callback+0x64/0x70
[ 42.347824] rpm_resume+0x4e0/0x6b8
[ 42.351310] __pm_runtime_resume+0x50/0x78
[ 42.355404] rzg2l_wdt_restart+0x28/0x68
[ 42.359329] watchdog_restart_notifier+0x1c/0x30
[ 42.363943] atomic_notifier_call_chain+0x94/0x150
[ 42.368732] do_kernel_restart+0x24/0x30
[ 42.372652] machine_restart+0x44/0x70
[ 42.376399] kernel_restart+0x3c/0x60
[ 42.380058] __do_sys_reboot+0x228/0x250
[ 42.383977] __arm64_sys_reboot+0x20/0x28
[ 42.387983] invoke_syscall+0x40/0xf8
Fixes: 2cbc5cd0b55fa2 ("watchdog: Add Watchdog Timer driver for RZ/G2L")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220225175320.11041-4-biju.das.jz@bp.renesas.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/rzg2l_wdt.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/watchdog/rzg2l_wdt.c b/drivers/watchdog/rzg2l_wdt.c
index 0fc73b8a9567..48dfe6e5e64f 100644
--- a/drivers/watchdog/rzg2l_wdt.c
+++ b/drivers/watchdog/rzg2l_wdt.c
@@ -43,6 +43,8 @@ struct rzg2l_wdt_priv {
struct reset_control *rstc;
unsigned long osc_clk_rate;
unsigned long delay;
+ struct clk *pclk;
+ struct clk *osc_clk;
};
static void rzg2l_wdt_wait_delay(struct rzg2l_wdt_priv *priv)
@@ -118,7 +120,9 @@ static int rzg2l_wdt_restart(struct watchdog_device *wdev,
/* Reset the module before we modify any register */
reset_control_reset(priv->rstc);
- pm_runtime_get_sync(wdev->parent);
+
+ clk_prepare_enable(priv->pclk);
+ clk_prepare_enable(priv->osc_clk);
/* smallest counter value to reboot soon */
rzg2l_wdt_write(priv, WDTSET_COUNTER_VAL(1), WDTSET);
@@ -165,7 +169,6 @@ static int rzg2l_wdt_probe(struct platform_device *pdev)
struct device *dev = &pdev->dev;
struct rzg2l_wdt_priv *priv;
unsigned long pclk_rate;
- struct clk *wdt_clk;
int ret;
priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
@@ -177,22 +180,20 @@ static int rzg2l_wdt_probe(struct platform_device *pdev)
return PTR_ERR(priv->base);
/* Get watchdog main clock */
- wdt_clk = clk_get(&pdev->dev, "oscclk");
- if (IS_ERR(wdt_clk))
- return dev_err_probe(&pdev->dev, PTR_ERR(wdt_clk), "no oscclk");
+ priv->osc_clk = devm_clk_get(&pdev->dev, "oscclk");
+ if (IS_ERR(priv->osc_clk))
+ return dev_err_probe(&pdev->dev, PTR_ERR(priv->osc_clk), "no oscclk");
- priv->osc_clk_rate = clk_get_rate(wdt_clk);
- clk_put(wdt_clk);
+ priv->osc_clk_rate = clk_get_rate(priv->osc_clk);
if (!priv->osc_clk_rate)
return dev_err_probe(&pdev->dev, -EINVAL, "oscclk rate is 0");
/* Get Peripheral clock */
- wdt_clk = clk_get(&pdev->dev, "pclk");
- if (IS_ERR(wdt_clk))
- return dev_err_probe(&pdev->dev, PTR_ERR(wdt_clk), "no pclk");
+ priv->pclk = devm_clk_get(&pdev->dev, "pclk");
+ if (IS_ERR(priv->pclk))
+ return dev_err_probe(&pdev->dev, PTR_ERR(priv->pclk), "no pclk");
- pclk_rate = clk_get_rate(wdt_clk);
- clk_put(wdt_clk);
+ pclk_rate = clk_get_rate(priv->pclk);
if (!pclk_rate)
return dev_err_probe(&pdev->dev, -EINVAL, "pclk rate is 0");
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 050/339] watchdog: rzg2l_wdt: Fix reset control imbalance
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 049/339] watchdog: rzg2l_wdt: Fix BUG: Invalid wait context Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 051/339] soundwire: intel: prevent pm_runtime resume prior to system suspend Greg Kroah-Hartman
` (290 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Biju Das, Geert Uytterhoeven,
Guenter Roeck, Wim Van Sebroeck, Sasha Levin
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 33d04d0fdba9fae18c7d58364643d2c606a43dba ]
Both rzg2l_wdt_probe() and rzg2l_wdt_start() calls reset_control_
deassert() which results in a reset control imbalance.
This patch fixes reset control imbalance by removing reset_control_
deassert() from rzg2l_wdt_start() and replaces reset_control_assert with
reset_control_reset in rzg2l_wdt_stop() as watchdog module can be stopped
only by a module reset. This change will allow us to restart WDT after
stop() by configuring WDT timeout and enable registers.
Fixes: 2cbc5cd0b55fa2 ("watchdog: Add Watchdog Timer driver for RZ/G2L")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220225175320.11041-5-biju.das.jz@bp.renesas.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/rzg2l_wdt.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/watchdog/rzg2l_wdt.c b/drivers/watchdog/rzg2l_wdt.c
index 48dfe6e5e64f..88274704b260 100644
--- a/drivers/watchdog/rzg2l_wdt.c
+++ b/drivers/watchdog/rzg2l_wdt.c
@@ -88,7 +88,6 @@ static int rzg2l_wdt_start(struct watchdog_device *wdev)
{
struct rzg2l_wdt_priv *priv = watchdog_get_drvdata(wdev);
- reset_control_deassert(priv->rstc);
pm_runtime_get_sync(wdev->parent);
/* Initialize time out */
@@ -108,7 +107,7 @@ static int rzg2l_wdt_stop(struct watchdog_device *wdev)
struct rzg2l_wdt_priv *priv = watchdog_get_drvdata(wdev);
pm_runtime_put(wdev->parent);
- reset_control_assert(priv->rstc);
+ reset_control_reset(priv->rstc);
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 051/339] soundwire: intel: prevent pm_runtime resume prior to system suspend
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 050/339] watchdog: rzg2l_wdt: Fix reset control imbalance Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 052/339] soundwire: qcom: return error when pm_runtime_get_sync fails Greg Kroah-Hartman
` (289 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart,
Ranjani Sridharan, Rander Wang, Bard Liao, Vinod Koul,
Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit 6d9f2dadba698114fed97b224578c5338a36b0d9 ]
commit e38f9ff63e6d ("ACPI: scan: Do not add device IDs from _CID if _HID is not valid")
exposes a race condition on a TGL RVP device leading to a timeout.
The detailed analysis shows the RT711 codec driver scheduling a jack
detection workqueue while attaching during a spurious pm_runtime
resume, and the work function happens to be scheduled after the
manager device is suspended.
The direct link between this ACPI patch and a spurious pm_runtime
resume is not obvious; the most likely explanation is that a change in
the ACPI device linked list management modifies the order in which the
pm_runtime device status is checked and exposes a race condition that
was probably present for a very long time, but was not identified.
We already have a check in the .prepare stage, where we will resume to
full power from specific clock-stop modes. In all other cases, we
don't need to resume to full power by default. Adding the
SMART_SUSPEND flag prevents the spurious resume from happening.
BugLink: https://github.com/thesofproject/linux/issues/3459
Fixes: 029bfd1cd53cd ("soundwire: intel: conditionally exit clock stop mode on system suspend")
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Rander Wang <rander.wang@intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Link: https://lore.kernel.org/r/20220420023241.14335-2-yung-chuan.liao@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/intel.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/soundwire/intel.c b/drivers/soundwire/intel.c
index 63101f1ba271..32e5fdb823c4 100644
--- a/drivers/soundwire/intel.c
+++ b/drivers/soundwire/intel.c
@@ -1293,6 +1293,9 @@ static int intel_link_probe(struct auxiliary_device *auxdev,
/* use generic bandwidth allocation algorithm */
sdw->cdns.bus.compute_params = sdw_compute_params;
+ /* avoid resuming from pm_runtime suspend if it's not required */
+ dev_pm_set_driver_flags(dev, DPM_FLAG_SMART_SUSPEND);
+
ret = sdw_bus_master_add(bus, dev, dev->fwnode);
if (ret) {
dev_err(dev, "sdw_bus_master_add fail: %d\n", ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 052/339] soundwire: qcom: return error when pm_runtime_get_sync fails
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 051/339] soundwire: intel: prevent pm_runtime resume prior to system suspend Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 053/339] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Greg Kroah-Hartman
` (288 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Pierre-Louis Bossart,
Péter Ujfalusi, Bard Liao, Srinivas Kandagatla, Vinod Koul,
Sasha Levin
From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
[ Upstream commit f6ee6c8499226eb158ca30457d346511f5e329ce ]
For some reason there's a missing error return in two places.
Fixes: 74e79da9fd46a ("soundwire: qcom: add runtime pm support")
Fixes: 04d46a7b38375 ("soundwire: qcom: add in-band wake up interrupt support")
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220426235623.4253-2-yung-chuan.liao@linux.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/qcom.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/soundwire/qcom.c b/drivers/soundwire/qcom.c
index dd9f67f895b2..b38525b35bec 100644
--- a/drivers/soundwire/qcom.c
+++ b/drivers/soundwire/qcom.c
@@ -516,6 +516,7 @@ static irqreturn_t qcom_swrm_wake_irq_handler(int irq, void *dev_id)
"pm_runtime_get_sync failed in %s, ret %d\n",
__func__, ret);
pm_runtime_put_noidle(swrm->dev);
+ return ret;
}
if (swrm->wake_irq > 0) {
@@ -1258,6 +1259,7 @@ static int swrm_reg_show(struct seq_file *s_file, void *data)
"pm_runtime_get_sync failed in %s, ret %d\n",
__func__, ret);
pm_runtime_put_noidle(swrm->dev);
+ return ret;
}
for (reg = 0; reg <= SWR_MSTR_MAX_REG_ADDR; reg += 4) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 053/339] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 052/339] soundwire: qcom: return error when pm_runtime_get_sync fails Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 054/339] ksmbd: fix reference count leak in smb_check_perm_dacl() Greg Kroah-Hartman
` (287 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leo Yan, Mathieu Poirier, Mike Leach,
Suzuki K Poulose, Guilherme G. Piccoli, Sasha Levin
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
[ Upstream commit 1adff542d67a2ed1120955cb219bfff8a9c53f59 ]
The panic notifier infrastructure executes registered callbacks when
a panic event happens - such callbacks are executed in atomic context,
with interrupts and preemption disabled in the running CPU and all other
CPUs disabled. That said, mutexes in such context are not a good idea.
This patch replaces a regular mutex with a mutex_trylock safer approach;
given the nature of the mutex used in the driver, it should be pretty
uncommon being unable to acquire such mutex in the panic path, hence
no functional change should be observed (and if it is, that would be
likely a deadlock with the regular mutex).
Fixes: 2227b7c74634 ("coresight: add support for CPU debug module")
Cc: Leo Yan <leo.yan@linaro.org>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Mike Leach <mike.leach@linaro.org>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20220427224924.592546-10-gpiccoli@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwtracing/coresight/coresight-cpu-debug.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/hwtracing/coresight/coresight-cpu-debug.c b/drivers/hwtracing/coresight/coresight-cpu-debug.c
index 8845ec4b4402..1874df7c6a73 100644
--- a/drivers/hwtracing/coresight/coresight-cpu-debug.c
+++ b/drivers/hwtracing/coresight/coresight-cpu-debug.c
@@ -380,9 +380,10 @@ static int debug_notifier_call(struct notifier_block *self,
int cpu;
struct debug_drvdata *drvdata;
- mutex_lock(&debug_lock);
+ /* Bail out if we can't acquire the mutex or the functionality is off */
+ if (!mutex_trylock(&debug_lock))
+ return NOTIFY_DONE;
- /* Bail out if the functionality is disabled */
if (!debug_enable)
goto skip_dump;
@@ -401,7 +402,7 @@ static int debug_notifier_call(struct notifier_block *self,
skip_dump:
mutex_unlock(&debug_lock);
- return 0;
+ return NOTIFY_DONE;
}
static struct notifier_block debug_notifier = {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 054/339] ksmbd: fix reference count leak in smb_check_perm_dacl()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 053/339] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Greg Kroah-Hartman
@ 2022-06-13 10:07 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 055/339] extcon: ptn5150: Add queue work sync before driver release Greg Kroah-Hartman
` (286 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:07 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xin Xiong, Xin Tan, Namjae Jeon,
Steve French, Sasha Levin
From: Xin Xiong <xiongx18@fudan.edu.cn>
[ Upstream commit d21a580dafc69aa04f46e6099616146a536b0724 ]
The issue happens in a specific path in smb_check_perm_dacl(). When
"id" and "uid" have the same value, the function simply jumps out of
the loop without decrementing the reference count of the object
"posix_acls", which is increased by get_acl() earlier. This may
result in memory leaks.
Fix it by decreasing the reference count of "posix_acls" before
jumping to label "check_access_bits".
Fixes: 777cad1604d6 ("ksmbd: remove select FS_POSIX_ACL in Kconfig")
Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ksmbd/smbacl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ksmbd/smbacl.c b/fs/ksmbd/smbacl.c
index 6ecf55ea1fed..38f23bf981ac 100644
--- a/fs/ksmbd/smbacl.c
+++ b/fs/ksmbd/smbacl.c
@@ -1261,6 +1261,7 @@ int smb_check_perm_dacl(struct ksmbd_conn *conn, struct path *path,
if (!access_bits)
access_bits =
SET_MINIMUM_RIGHTS;
+ posix_acl_release(posix_acls);
goto check_access_bits;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 055/339] extcon: ptn5150: Add queue work sync before driver release
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2022-06-13 10:07 ` [PATCH 5.18 054/339] ksmbd: fix reference count leak in smb_check_perm_dacl() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 056/339] dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x Greg Kroah-Hartman
` (285 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Li Jun,
Chanwoo Choi, Sasha Levin
From: Li Jun <jun.li@nxp.com>
[ Upstream commit 782cd939cbe0f569197cd1c9b0477ee213167f04 ]
Add device managed action to sync pending queue work, otherwise
the queued work may run after the work is destroyed.
Fixes: 4ed754de2d66 ("extcon: Add support for ptn5150 extcon driver")
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Li Jun <jun.li@nxp.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon-ptn5150.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/extcon/extcon-ptn5150.c b/drivers/extcon/extcon-ptn5150.c
index 5b9a3cf8df26..2a7874108df8 100644
--- a/drivers/extcon/extcon-ptn5150.c
+++ b/drivers/extcon/extcon-ptn5150.c
@@ -194,6 +194,13 @@ static int ptn5150_init_dev_type(struct ptn5150_info *info)
return 0;
}
+static void ptn5150_work_sync_and_put(void *data)
+{
+ struct ptn5150_info *info = data;
+
+ cancel_work_sync(&info->irq_work);
+}
+
static int ptn5150_i2c_probe(struct i2c_client *i2c)
{
struct device *dev = &i2c->dev;
@@ -284,6 +291,10 @@ static int ptn5150_i2c_probe(struct i2c_client *i2c)
if (ret)
return -EINVAL;
+ ret = devm_add_action_or_reset(dev, ptn5150_work_sync_and_put, info);
+ if (ret)
+ return ret;
+
/*
* Update current extcon state if for example OTG connection was there
* before the probe
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 056/339] dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 055/339] extcon: ptn5150: Add queue work sync before driver release Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 057/339] soc: rockchip: Fix refcount leak in rockchip_grf_init Greg Kroah-Hartman
` (284 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nícolas F . R . A . Prado,
Krzysztof Kozlowski, Mathieu Poirier, Sasha Levin
From: Nícolas F. R. A. Prado <nfraprado@collabora.com>
[ Upstream commit 6bbe1065121b8cd3b3e734ef8cd99f142bdab241 ]
Commit ca23ecfdbd44 ("remoteproc/mediatek: support L1TCM") added support
for the l1tcm memory region on the MT8192 SCP, adding a new da_to_va
callback that handles l1tcm while keeping the old one for
back-compatibility with MT8183. However, since the mt8192 compatible was
missing from the dt-binding, the accompanying dt-binding commit
503c64cc42f1 ("dt-bindings: remoteproc: mediatek: add L1TCM memory region")
mistakenly added this reg as if it were for mt8183. And later
it became common to all platforms as their compatibles were added.
Fix the dt-binding so that the l1tcm reg can be present only on the
supported platforms: mt8192 and mt8195.
Fixes: 503c64cc42f1 ("dt-bindings: remoteproc: mediatek: add L1TCM memory region")
Signed-off-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220511195452.871897-2-nfraprado@collabora.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bindings/remoteproc/mtk,scp.yaml | 44 +++++++++++++------
1 file changed, 30 insertions(+), 14 deletions(-)
diff --git a/Documentation/devicetree/bindings/remoteproc/mtk,scp.yaml b/Documentation/devicetree/bindings/remoteproc/mtk,scp.yaml
index 5b693a2d049c..d55b861db605 100644
--- a/Documentation/devicetree/bindings/remoteproc/mtk,scp.yaml
+++ b/Documentation/devicetree/bindings/remoteproc/mtk,scp.yaml
@@ -23,11 +23,13 @@ properties:
reg:
description:
- Should contain the address ranges for memory regions SRAM, CFG, and
- L1TCM.
+ Should contain the address ranges for memory regions SRAM, CFG, and,
+ on some platforms, L1TCM.
+ minItems: 2
maxItems: 3
reg-names:
+ minItems: 2
items:
- const: sram
- const: cfg
@@ -47,16 +49,30 @@ required:
- reg
- reg-names
-if:
- properties:
- compatible:
- enum:
- - mediatek,mt8183-scp
- - mediatek,mt8192-scp
-then:
- required:
- - clocks
- - clock-names
+allOf:
+ - if:
+ properties:
+ compatible:
+ enum:
+ - mediatek,mt8183-scp
+ - mediatek,mt8192-scp
+ then:
+ required:
+ - clocks
+ - clock-names
+
+ - if:
+ properties:
+ compatible:
+ enum:
+ - mediatek,mt8183-scp
+ - mediatek,mt8186-scp
+ then:
+ properties:
+ reg:
+ maxItems: 2
+ reg-names:
+ maxItems: 2
additionalProperties:
type: object
@@ -76,10 +92,10 @@ additionalProperties:
examples:
- |
- #include <dt-bindings/clock/mt8183-clk.h>
+ #include <dt-bindings/clock/mt8192-clk.h>
scp@10500000 {
- compatible = "mediatek,mt8183-scp";
+ compatible = "mediatek,mt8192-scp";
reg = <0x10500000 0x80000>,
<0x10700000 0x8000>,
<0x10720000 0xe0000>;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 057/339] soc: rockchip: Fix refcount leak in rockchip_grf_init
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 056/339] dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 058/339] clocksource/drivers/riscv: Events are stopped during CPU suspend Greg Kroah-Hartman
` (283 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Heiko Stuebner, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 9b59588d8be91c96bfb0371e912ceb4f16315dbf ]
of_find_matching_node_and_match returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() to avoid refcount leak.
Fixes: 4c58063d4258 ("soc: rockchip: add driver handling grf setup")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220516072013.19731-1-linmq006@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/rockchip/grf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/soc/rockchip/grf.c b/drivers/soc/rockchip/grf.c
index 494cf2b5bf7b..343ff61ccccb 100644
--- a/drivers/soc/rockchip/grf.c
+++ b/drivers/soc/rockchip/grf.c
@@ -148,12 +148,14 @@ static int __init rockchip_grf_init(void)
return -ENODEV;
if (!match || !match->data) {
pr_err("%s: missing grf data\n", __func__);
+ of_node_put(np);
return -EINVAL;
}
grf_info = match->data;
grf = syscon_node_to_regmap(np);
+ of_node_put(np);
if (IS_ERR(grf)) {
pr_err("%s: could not get grf syscon\n", __func__);
return PTR_ERR(grf);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 058/339] clocksource/drivers/riscv: Events are stopped during CPU suspend
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 057/339] soc: rockchip: Fix refcount leak in rockchip_grf_init Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 059/339] ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 Greg Kroah-Hartman
` (282 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Samuel Holland, Anup Patel,
Daniel Lezcano, Sasha Levin
From: Samuel Holland <samuel@sholland.org>
[ Upstream commit 232ccac1bd9b5bfe73895f527c08623e7fa0752d ]
Some implementations of the SBI time extension depend on hart-local
state (for example, CSRs) that are lost or hardware that is powered
down when a CPU is suspended. To be safe, the clockevents driver
cannot assume that timer IRQs will be received during CPU suspend.
Fixes: 62b019436814 ("clocksource: new RISC-V SBI timer driver")
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Anup Patel <anup@brainfault.org>
Link: https://lore.kernel.org/r/20220509012121.40031-1-samuel@sholland.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-riscv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clocksource/timer-riscv.c b/drivers/clocksource/timer-riscv.c
index 1767f8bf2013..593d5a957b69 100644
--- a/drivers/clocksource/timer-riscv.c
+++ b/drivers/clocksource/timer-riscv.c
@@ -34,7 +34,7 @@ static int riscv_clock_next_event(unsigned long delta,
static unsigned int riscv_clock_event_irq;
static DEFINE_PER_CPU(struct clock_event_device, riscv_clock_event) = {
.name = "riscv_timer_clockevent",
- .features = CLOCK_EVT_FEAT_ONESHOT,
+ .features = CLOCK_EVT_FEAT_ONESHOT | CLOCK_EVT_FEAT_C3STOP,
.rating = 100,
.set_next_event = riscv_clock_next_event,
};
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 059/339] ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 058/339] clocksource/drivers/riscv: Events are stopped during CPU suspend Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 060/339] rtc: mt6397: check return value after calling platform_get_resource() Greg Kroah-Hartman
` (281 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Howard Chiu, Joel Stanley, Sasha Levin
From: Howard Chiu <howard_chiu@aspeedtech.com>
[ Upstream commit 4d338ee40ba89e508c5d3e1b4af956af7cb5e12e ]
Since mac0/1 and mac2/3 are physically located on different die,
they have different properties by nature, which is mac0/1 has smaller delay step.
The property 'phy-mode' on ast2600 mac0 and mac1 is recommended to set to 'rgmii-rxid'
which enables the RX interface delay from the PHY chip.
Refer page 45 of SDK User Guide v08.00
https://github.com/AspeedTech-BMC/openbmc/releases/download/v08.00/SDK_User_Guide_v08.00.pdf
Fixes: 2ca5646b5c2f ("ARM: dts: aspeed: Add AST2600 and EVB")
Signed-off-by: Howard Chiu <howard_chiu@aspeedtech.com>
Link: https://lore.kernel.org/r/SG2PR06MB23152A548AAE81140B57DD69E6E09@SG2PR06MB2315.apcprd06.prod.outlook.com
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/aspeed-ast2600-evb.dts | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm/boot/dts/aspeed-ast2600-evb.dts b/arch/arm/boot/dts/aspeed-ast2600-evb.dts
index b7eb552640cb..788448cdd6b3 100644
--- a/arch/arm/boot/dts/aspeed-ast2600-evb.dts
+++ b/arch/arm/boot/dts/aspeed-ast2600-evb.dts
@@ -103,7 +103,7 @@
&mac0 {
status = "okay";
- phy-mode = "rgmii";
+ phy-mode = "rgmii-rxid";
phy-handle = <ðphy0>;
pinctrl-names = "default";
@@ -114,7 +114,7 @@
&mac1 {
status = "okay";
- phy-mode = "rgmii";
+ phy-mode = "rgmii-rxid";
phy-handle = <ðphy1>;
pinctrl-names = "default";
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 060/339] rtc: mt6397: check return value after calling platform_get_resource()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 059/339] ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 061/339] rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe Greg Kroah-Hartman
` (280 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang,
AngeloGioacchino Del Regno, Alexandre Belloni, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d3b43eb505bffb8e4cdf6800c15660c001553fe6 ]
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
Fixes: fc2979118f3f ("rtc: mediatek: Add MT6397 RTC driver")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20220505125043.1594771-1-yangyingliang@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-mt6397.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/rtc/rtc-mt6397.c b/drivers/rtc/rtc-mt6397.c
index 80dc479a6ff0..1d297af80f87 100644
--- a/drivers/rtc/rtc-mt6397.c
+++ b/drivers/rtc/rtc-mt6397.c
@@ -269,6 +269,8 @@ static int mtk_rtc_probe(struct platform_device *pdev)
return -ENOMEM;
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -EINVAL;
rtc->addr_base = res->start;
rtc->data = of_device_get_match_data(&pdev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 061/339] rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 060/339] rtc: mt6397: check return value after calling platform_get_resource() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 062/339] staging: r8188eu: add check for kzalloc Greg Kroah-Hartman
` (279 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Linus Walleij,
Alexandre Belloni, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b520cbe5be37b1b9b401c0b6ecbdae32575273db ]
In the error handling path, the clk_prepare_enable() function
call should be balanced by a corresponding 'clk_disable_unprepare()'
call , as already done in the remove function.
clk_disable_unprepare calls clk_disable() and clk_unprepare().
They will use IS_ERR_OR_NULL to check the argument.
Fixes: ac05fba39cc5 ("rtc: gemini: Add optional clock handling")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Link: https://lore.kernel.org/r/20220403054912.31739-1-linmq006@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-ftrtc010.c | 34 ++++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/drivers/rtc/rtc-ftrtc010.c b/drivers/rtc/rtc-ftrtc010.c
index 53bb08fe1cd4..25c6e7d9570f 100644
--- a/drivers/rtc/rtc-ftrtc010.c
+++ b/drivers/rtc/rtc-ftrtc010.c
@@ -137,26 +137,34 @@ static int ftrtc010_rtc_probe(struct platform_device *pdev)
ret = clk_prepare_enable(rtc->extclk);
if (ret) {
dev_err(dev, "failed to enable EXTCLK\n");
- return ret;
+ goto err_disable_pclk;
}
}
rtc->rtc_irq = platform_get_irq(pdev, 0);
- if (rtc->rtc_irq < 0)
- return rtc->rtc_irq;
+ if (rtc->rtc_irq < 0) {
+ ret = rtc->rtc_irq;
+ goto err_disable_extclk;
+ }
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- if (!res)
- return -ENODEV;
+ if (!res) {
+ ret = -ENODEV;
+ goto err_disable_extclk;
+ }
rtc->rtc_base = devm_ioremap(dev, res->start,
resource_size(res));
- if (!rtc->rtc_base)
- return -ENOMEM;
+ if (!rtc->rtc_base) {
+ ret = -ENOMEM;
+ goto err_disable_extclk;
+ }
rtc->rtc_dev = devm_rtc_allocate_device(dev);
- if (IS_ERR(rtc->rtc_dev))
- return PTR_ERR(rtc->rtc_dev);
+ if (IS_ERR(rtc->rtc_dev)) {
+ ret = PTR_ERR(rtc->rtc_dev);
+ goto err_disable_extclk;
+ }
rtc->rtc_dev->ops = &ftrtc010_rtc_ops;
@@ -172,9 +180,15 @@ static int ftrtc010_rtc_probe(struct platform_device *pdev)
ret = devm_request_irq(dev, rtc->rtc_irq, ftrtc010_rtc_interrupt,
IRQF_SHARED, pdev->name, dev);
if (unlikely(ret))
- return ret;
+ goto err_disable_extclk;
return devm_rtc_register_device(rtc->rtc_dev);
+
+err_disable_extclk:
+ clk_disable_unprepare(rtc->extclk);
+err_disable_pclk:
+ clk_disable_unprepare(rtc->pclk);
+ return ret;
}
static int ftrtc010_rtc_remove(struct platform_device *pdev)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 062/339] staging: r8188eu: add check for kzalloc
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 061/339] rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 063/339] serial: meson: acquire port->lock in startup() Greg Kroah-Hartman
` (278 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Jiasheng Jiang, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit f94b47c6bde624d6c07f43054087607c52054a95 ]
As kzalloc() may return null pointer, it should be better to
check the return value and return error if fails in order
to avoid dereference of null pointer.
Moreover, the return value of rtw_alloc_hwxmits() should also
be dealt with.
Fixes: 15865124feed ("staging: r8188eu: introduce new core dir for RTL8188eu driver")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220518075957.514603-1-jiasheng@iscas.ac.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/r8188eu/core/rtw_xmit.c | 13 +++++++++++--
drivers/staging/r8188eu/include/rtw_xmit.h | 2 +-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/r8188eu/core/rtw_xmit.c b/drivers/staging/r8188eu/core/rtw_xmit.c
index c2a550e7250e..2ee92bbe66a0 100644
--- a/drivers/staging/r8188eu/core/rtw_xmit.c
+++ b/drivers/staging/r8188eu/core/rtw_xmit.c
@@ -178,7 +178,12 @@ s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter)
pxmitpriv->free_xmit_extbuf_cnt = num_xmit_extbuf;
- rtw_alloc_hwxmits(padapter);
+ res = rtw_alloc_hwxmits(padapter);
+ if (res) {
+ res = _FAIL;
+ goto exit;
+ }
+
rtw_init_hwxmits(pxmitpriv->hwxmits, pxmitpriv->hwxmit_entry);
for (i = 0; i < 4; i++)
@@ -1474,7 +1479,7 @@ s32 rtw_xmit_classifier(struct adapter *padapter, struct xmit_frame *pxmitframe)
return res;
}
-void rtw_alloc_hwxmits(struct adapter *padapter)
+int rtw_alloc_hwxmits(struct adapter *padapter)
{
struct hw_xmit *hwxmits;
struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
@@ -1482,6 +1487,8 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
pxmitpriv->hwxmit_entry = HWXMIT_ENTRY;
pxmitpriv->hwxmits = kzalloc(sizeof(struct hw_xmit) * pxmitpriv->hwxmit_entry, GFP_KERNEL);
+ if (!pxmitpriv->hwxmits)
+ return -ENOMEM;
hwxmits = pxmitpriv->hwxmits;
@@ -1498,6 +1505,8 @@ void rtw_alloc_hwxmits(struct adapter *padapter)
hwxmits[3] .sta_queue = &pxmitpriv->bk_pending;
} else {
}
+
+ return 0;
}
void rtw_free_hwxmits(struct adapter *padapter)
diff --git a/drivers/staging/r8188eu/include/rtw_xmit.h b/drivers/staging/r8188eu/include/rtw_xmit.h
index b2df1480d66b..e73632972900 100644
--- a/drivers/staging/r8188eu/include/rtw_xmit.h
+++ b/drivers/staging/r8188eu/include/rtw_xmit.h
@@ -341,7 +341,7 @@ s32 rtw_txframes_sta_ac_pending(struct adapter *padapter,
void rtw_init_hwxmits(struct hw_xmit *phwxmit, int entry);
s32 _rtw_init_xmit_priv(struct xmit_priv *pxmitpriv, struct adapter *padapter);
void _rtw_free_xmit_priv(struct xmit_priv *pxmitpriv);
-void rtw_alloc_hwxmits(struct adapter *padapter);
+int rtw_alloc_hwxmits(struct adapter *padapter);
void rtw_free_hwxmits(struct adapter *padapter);
s32 rtw_xmit(struct adapter *padapter, struct sk_buff **pkt);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 063/339] serial: meson: acquire port->lock in startup()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 062/339] staging: r8188eu: add check for kzalloc Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 064/339] Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL" Greg Kroah-Hartman
` (277 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Petr Mladek,
Jiri Slaby, Neil Armstrong, John Ogness, Sasha Levin
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit 589f892ac8ef244e47c5a00ffd8605daa1eaef8e ]
The uart_ops startup() callback is called without interrupts
disabled and without port->lock locked, relatively late during the
boot process (from the call path of console_on_rootfs()). If the
device is a console, it was already previously registered and could
be actively printing messages.
Since the startup() callback is reading/writing registers used by
the console write() callback (AML_UART_CONTROL), its access must
be synchronized using the port->lock. Currently it is not.
The startup() callback is the only function that explicitly enables
interrupts. Without the synchronization, it is possible that
interrupts become accidentally permanently disabled.
CPU0 CPU1
meson_serial_console_write meson_uart_startup
-------------------------- ------------------
spin_lock(port->lock)
val = readl(AML_UART_CONTROL)
uart_console_write()
writel(INT_EN, AML_UART_CONTROL)
writel(val, AML_UART_CONTROL)
spin_unlock(port->lock)
Add port->lock synchronization to meson_uart_startup() to avoid
racing with meson_serial_console_write().
Also add detailed comments to meson_uart_reset() explaining why it
is *not* using port->lock synchronization.
Link: https://lore.kernel.org/lkml/2a82eae7-a256-f70c-fd82-4e510750906e@samsung.com
Fixes: ff7693d079e5 ("ARM: meson: serial: add MesonX SoC on-chip uart driver")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Acked-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Link: https://lore.kernel.org/r/20220508103547.626355-1-john.ogness@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/meson_uart.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/tty/serial/meson_uart.c b/drivers/tty/serial/meson_uart.c
index 2bf1c57e0981..39021dac09cc 100644
--- a/drivers/tty/serial/meson_uart.c
+++ b/drivers/tty/serial/meson_uart.c
@@ -253,6 +253,14 @@ static const char *meson_uart_type(struct uart_port *port)
return (port->type == PORT_MESON) ? "meson_uart" : NULL;
}
+/*
+ * This function is called only from probe() using a temporary io mapping
+ * in order to perform a reset before setting up the device. Since the
+ * temporarily mapped region was successfully requested, there can be no
+ * console on this port at this time. Hence it is not necessary for this
+ * function to acquire the port->lock. (Since there is no console on this
+ * port at this time, the port->lock is not initialized yet.)
+ */
static void meson_uart_reset(struct uart_port *port)
{
u32 val;
@@ -267,9 +275,12 @@ static void meson_uart_reset(struct uart_port *port)
static int meson_uart_startup(struct uart_port *port)
{
+ unsigned long flags;
u32 val;
int ret = 0;
+ spin_lock_irqsave(&port->lock, flags);
+
val = readl(port->membase + AML_UART_CONTROL);
val |= AML_UART_CLEAR_ERR;
writel(val, port->membase + AML_UART_CONTROL);
@@ -285,6 +296,8 @@ static int meson_uart_startup(struct uart_port *port)
val = (AML_UART_RECV_IRQ(1) | AML_UART_XMIT_IRQ(port->fifosize / 2));
writel(val, port->membase + AML_UART_MISC);
+ spin_unlock_irqrestore(&port->lock, flags);
+
ret = request_irq(port->irq, meson_uart_interrupt, 0,
port->name, port);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 064/339] Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 063/339] serial: meson: acquire port->lock in startup() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 065/339] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 Greg Kroah-Hartman
` (276 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
kernelci.org bot, Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit f0136f65285bcfb7e8f90d1013723076a35acd51 ]
It was found that some MediaTek SoCs are incompatible with this
change. Also, this register was mistakenly understood as it was
related to the 16550A register layout selection but, at least
on some IPs, if not all, it's related to something else unknown.
This reverts commit 6f81fdded0d024c7d4084d434764f30bca1cd6b1.
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Fixes: 6f81fdded0d0 ("serial: 8250_mtk: Make sure to select the right FEATURE_SEL")
Reported-by: "kernelci.org bot" <bot@kernelci.org>
Link: https://lore.kernel.org/r/20220510122620.150342-1-angelogioacchino.delregno@collabora.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_mtk.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_mtk.c b/drivers/tty/serial/8250/8250_mtk.c
index 21053db93ff1..54051ec7b499 100644
--- a/drivers/tty/serial/8250/8250_mtk.c
+++ b/drivers/tty/serial/8250/8250_mtk.c
@@ -54,9 +54,6 @@
#define MTK_UART_TX_TRIGGER 1
#define MTK_UART_RX_TRIGGER MTK_UART_RX_SIZE
-#define MTK_UART_FEATURE_SEL 39 /* Feature Selection register */
-#define MTK_UART_FEAT_NEWRMAP BIT(0) /* Use new register map */
-
#define MTK_UART_XON1 40 /* I/O: Xon character 1 */
#define MTK_UART_XOFF1 42 /* I/O: Xoff character 1 */
@@ -575,10 +572,6 @@ static int mtk8250_probe(struct platform_device *pdev)
uart.dma = data->dma;
#endif
- /* Set AP UART new register map */
- writel(MTK_UART_FEAT_NEWRMAP, uart.port.membase +
- (MTK_UART_FEATURE_SEL << uart.port.regshift));
-
/* Disable Rate Fix function */
writel(0x0, uart.port.membase +
(MTK_UART_RATE_FIX << uart.port.regshift));
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 065/339] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 064/339] Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL" Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 066/339] serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE Greg Kroah-Hartman
` (275 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ricardo Ribalda Delgado,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit af0179270977508df6986b51242825d7edd59caf ]
SER_RS485_RTS_ON_SEND and SER_RS485_RTS_AFTER_SEND relate to behavior
within RS485 operation. The driver checks if they have the same value
which is not possible to realize with the hardware. The check is taken
regardless of SER_RS485_ENABLED flag and -EINVAL is returned when the
check fails, which creates problems.
This check makes it unnecessarily complicated to turn RS485 mode off as
simple zeroed serial_rs485 struct will trigger that equal values check.
In addition, the driver itself memsets its rs485 structure to zero when
RS485 is disabled but if userspace would try to make an TIOCSRS485
ioctl() call with the very same struct, it would end up failing with
-EINVAL which doesn't make much sense.
Resolve the problem by moving the check inside SER_RS485_ENABLED block.
Fixes: 7ecc77011c6f ("serial: 8250_fintek: Return -EINVAL on invalid configuration")
Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/035c738-8ea5-8b17-b1d7-84a7b3aeaa51@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_fintek.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_fintek.c b/drivers/tty/serial/8250/8250_fintek.c
index 251f0018ae8c..dba5950b8d0e 100644
--- a/drivers/tty/serial/8250/8250_fintek.c
+++ b/drivers/tty/serial/8250/8250_fintek.c
@@ -200,12 +200,12 @@ static int fintek_8250_rs485_config(struct uart_port *port,
if (!pdata)
return -EINVAL;
- /* Hardware do not support same RTS level on send and receive */
- if (!(rs485->flags & SER_RS485_RTS_ON_SEND) ==
- !(rs485->flags & SER_RS485_RTS_AFTER_SEND))
- return -EINVAL;
if (rs485->flags & SER_RS485_ENABLED) {
+ /* Hardware do not support same RTS level on send and receive */
+ if (!(rs485->flags & SER_RS485_RTS_ON_SEND) ==
+ !(rs485->flags & SER_RS485_RTS_AFTER_SEND))
+ return -EINVAL;
memset(rs485->padding, 0, sizeof(rs485->padding));
config |= RS485_URA;
} else {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 066/339] serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 065/339] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 067/339] serial: uartlite: Fix BRKINT clearing Greg Kroah-Hartman
` (274 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, YueHaibing, Sasha Levin
From: YueHaibing <yuehaibing@huawei.com>
[ Upstream commit 0258502f11a4f6036b5f8b34b09027c8a92def3a ]
drivers/tty/serial/cpm_uart/cpm_uart_core.c: In function ‘cpm_uart_init_port’:
drivers/tty/serial/cpm_uart/cpm_uart_core.c:1251:7: error: ‘udbg_port’ undeclared (first use in this function); did you mean ‘uart_port’?
if (!udbg_port)
^~~~~~~~~
uart_port
commit d142585bceb3 leave this corner, wrap it with #ifdef block
Fixes: d142585bceb3 ("serial: cpm_uart: Protect udbg definitions by CONFIG_SERIAL_CPM_CONSOLE")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Link: https://lore.kernel.org/r/20220518135452.39480-1-yuehaibing@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/cpm_uart/cpm_uart_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/cpm_uart/cpm_uart_core.c b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
index d6d3db9c3b1f..db07d6a5d764 100644
--- a/drivers/tty/serial/cpm_uart/cpm_uart_core.c
+++ b/drivers/tty/serial/cpm_uart/cpm_uart_core.c
@@ -1247,7 +1247,7 @@ static int cpm_uart_init_port(struct device_node *np,
}
#ifdef CONFIG_PPC_EARLY_DEBUG_CPM
-#ifdef CONFIG_CONSOLE_POLL
+#if defined(CONFIG_CONSOLE_POLL) && defined(CONFIG_SERIAL_CPM_CONSOLE)
if (!udbg_port)
#endif
udbg_putc = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 067/339] serial: uartlite: Fix BRKINT clearing
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 066/339] serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 068/339] serial: digicolor-usart: Dont allow CS5-6 Greg Kroah-Hartman
` (273 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Anderson, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 3f7fed405c118607d4d42255f2572072db728399 ]
BRKINT is within c_iflag rather than c_cflag.
Fixes: ea017f5853e9 (tty: serial: uartlite: Prevent changing fixed parameters)
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-2-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/uartlite.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/uartlite.c b/drivers/tty/serial/uartlite.c
index 007db67292a2..880e2afbb97b 100644
--- a/drivers/tty/serial/uartlite.c
+++ b/drivers/tty/serial/uartlite.c
@@ -321,7 +321,8 @@ static void ulite_set_termios(struct uart_port *port, struct ktermios *termios,
struct uartlite_data *pdata = port->private_data;
/* Set termios to what the hardware supports */
- termios->c_cflag &= ~(BRKINT | CSTOPB | PARENB | PARODD | CSIZE);
+ termios->c_iflag &= ~BRKINT;
+ termios->c_cflag &= ~(CSTOPB | PARENB | PARODD | CSIZE);
termios->c_cflag |= pdata->cflags & (PARENB | PARODD | CSIZE);
tty_termios_encode_baud_rate(termios, pdata->baud, pdata->baud);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 068/339] serial: digicolor-usart: Dont allow CS5-6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 067/339] serial: uartlite: Fix BRKINT clearing Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 069/339] serial: rda-uart: " Greg Kroah-Hartman
` (272 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baruch Siach, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit fd63031b8c0763addcecdefe0e0c59d49646204e ]
Only CS7 and CS8 seem supported but CSIZE is not sanitized to CS8 in
the default: block.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: 5930cb3511df (serial: driver for Conexant Digicolor USART)
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-3-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/digicolor-usart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/digicolor-usart.c b/drivers/tty/serial/digicolor-usart.c
index e37a917b9dbb..af951e6a2ef4 100644
--- a/drivers/tty/serial/digicolor-usart.c
+++ b/drivers/tty/serial/digicolor-usart.c
@@ -309,6 +309,8 @@ static void digicolor_uart_set_termios(struct uart_port *port,
case CS8:
default:
config |= UA_CONFIG_CHAR_LEN;
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 069/339] serial: rda-uart: Dont allow CS5-6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 068/339] serial: digicolor-usart: Dont allow CS5-6 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 070/339] serial: txx9: " Greg Kroah-Hartman
` (271 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Manivannan Sadhasivam,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 098333a9c7d12bb3ce44c82f08b4d810c44d31b0 ]
Only CS7 and CS8 are supported but CSIZE is not sanitized after
fallthrough from CS5 or CS6 to CS7.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: c10b13325ced (tty: serial: Add RDA8810PL UART driver)
Cc: Manivannan Sadhasivam <mani@kernel.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-4-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/rda-uart.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/rda-uart.c b/drivers/tty/serial/rda-uart.c
index e5f1fded423a..f556b4955f59 100644
--- a/drivers/tty/serial/rda-uart.c
+++ b/drivers/tty/serial/rda-uart.c
@@ -262,6 +262,8 @@ static void rda_uart_set_termios(struct uart_port *port,
fallthrough;
case CS7:
ctrl &= ~RDA_UART_DBITS_8;
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS7;
break;
default:
ctrl |= RDA_UART_DBITS_8;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 070/339] serial: txx9: Dont allow CS5-6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 069/339] serial: rda-uart: " Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 071/339] serial: sh-sci: " Greg Kroah-Hartman
` (270 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 79ac88655dc0551e3571ad16bdabdbe65d61553e ]
Only CS7 and CS8 are supported but CSIZE is not sanitized with
CS5 or CS6 to CS8.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: 1da177e4c3f4 (Linux-2.6.12-rc2)
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-5-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/serial_txx9.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/serial/serial_txx9.c b/drivers/tty/serial/serial_txx9.c
index 2213e6b841d3..228e380db080 100644
--- a/drivers/tty/serial/serial_txx9.c
+++ b/drivers/tty/serial/serial_txx9.c
@@ -618,6 +618,8 @@ serial_txx9_set_termios(struct uart_port *up, struct ktermios *termios,
case CS6: /* not supported */
case CS8:
cval |= TXX9_SILCR_UMODE_8BIT;
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 071/339] serial: sh-sci: Dont allow CS5-6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 070/339] serial: txx9: " Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 072/339] serial: sifive: Sanitize CSIZE and c_iflag Greg Kroah-Hartman
` (269 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 9b87162de8be26bf3156460b37deee6399fd0fcb ]
Only CS7 and CS8 seem supported but CSIZE is not sanitized from
CS5 or CS6 to CS8.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: 1da177e4c3f4 (Linux-2.6.12-rc2)
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-6-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sh-sci.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index 0f9b8bd23500..0075a1420005 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -2379,8 +2379,12 @@ static void sci_set_termios(struct uart_port *port, struct ktermios *termios,
int best_clk = -1;
unsigned long flags;
- if ((termios->c_cflag & CSIZE) == CS7)
+ if ((termios->c_cflag & CSIZE) == CS7) {
smr_val |= SCSMR_CHR;
+ } else {
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
+ }
if (termios->c_cflag & PARENB)
smr_val |= SCSMR_PE;
if (termios->c_cflag & PARODD)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 072/339] serial: sifive: Sanitize CSIZE and c_iflag
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 071/339] serial: sh-sci: " Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 073/339] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Greg Kroah-Hartman
` (268 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Walmsley, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit c069d2756c01ed36121fae6a42c14fdf1325c71d ]
Only CS8 is supported but CSIZE was not sanitized to CS8.
Set CSIZE correctly so that userspace knows the effective value.
Incorrect CSIZE also results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Similarly, INPCK, PARMRK, and BRKINT are reported textually unsupported
but were not cleared in termios c_iflag which is the machine-readable
format.
Fixes: 45c054d0815b (tty: serial: add driver for the SiFive UART)
Cc: Paul Walmsley <paul.walmsley@sifive.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-7-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sifive.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c
index 6140166b7ed5..776aec6516c4 100644
--- a/drivers/tty/serial/sifive.c
+++ b/drivers/tty/serial/sifive.c
@@ -666,12 +666,16 @@ static void sifive_serial_set_termios(struct uart_port *port,
int rate;
char nstop;
- if ((termios->c_cflag & CSIZE) != CS8)
+ if ((termios->c_cflag & CSIZE) != CS8) {
dev_err_once(ssp->port.dev, "only 8-bit words supported\n");
+ termios->c_cflag &= ~CSIZE;
+ termios->c_cflag |= CS8;
+ }
if (termios->c_iflag & (INPCK | PARMRK))
dev_err_once(ssp->port.dev, "parity checking not supported\n");
if (termios->c_iflag & BRKINT)
dev_err_once(ssp->port.dev, "BREAK detection not supported\n");
+ termios->c_iflag &= ~(INPCK|PARMRK|BRKINT);
/* Set number of stop bits */
nstop = (termios->c_cflag & CSTOPB) ? 2 : 1;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 073/339] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 072/339] serial: sifive: Sanitize CSIZE and c_iflag Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 074/339] serial: stm32-usart: Correct CSIZE, bits, and parity Greg Kroah-Hartman
` (267 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivas Kandagatla,
Ilpo Järvinen, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 52bb1cb7118564166b04d52387bd8403632f5190 ]
Only CS7 and CS8 seem supported but CSIZE is not sanitized from CS5 or
CS6 to CS8. In addition, ASC_CTL_MODE_7BIT_PAR suggests that CS7 has
to have parity, thus add PARENB.
Incorrect CSIZE results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: c4b058560762 (serial:st-asc: Add ST ASC driver.)
Cc: Srinivas Kandagatla <srinivas.kandagatla@st.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-8-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/st-asc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/tty/serial/st-asc.c b/drivers/tty/serial/st-asc.c
index d7fd692286cf..1b0da603ab54 100644
--- a/drivers/tty/serial/st-asc.c
+++ b/drivers/tty/serial/st-asc.c
@@ -535,10 +535,14 @@ static void asc_set_termios(struct uart_port *port, struct ktermios *termios,
/* set character length */
if ((cflag & CSIZE) == CS7) {
ctrl_val |= ASC_CTL_MODE_7BIT_PAR;
+ cflag |= PARENB;
} else {
ctrl_val |= (cflag & PARENB) ? ASC_CTL_MODE_8BIT_PAR :
ASC_CTL_MODE_8BIT;
+ cflag &= ~CSIZE;
+ cflag |= CS8;
}
+ termios->c_cflag = cflag;
/* set stop bit */
ctrl_val |= (cflag & CSTOPB) ? ASC_CTL_STOP_2BIT : ASC_CTL_STOP_1BIT;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 074/339] serial: stm32-usart: Correct CSIZE, bits, and parity
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 073/339] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 075/339] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Greg Kroah-Hartman
` (266 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erwan Le Ray, Ilpo Järvinen,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 1deeda8d2877c18bc2b9eeee10dd6d2628852848 ]
Add CSIZE sanitization for unsupported CSIZE configurations. In
addition, if parity is asked for but CSx was unsupported, the sensible
result is CS8+parity which requires setting USART_CR1_M0 like with 9
bits.
Incorrect CSIZE results in miscalculation of the frame bits in
tty_get_char_size() or in its predecessor where the roughly the same
code is directly within uart_update_timeout().
Fixes: c8a9d043947b (serial: stm32: fix word length configuration)
Cc: Erwan Le Ray <erwan.leray@st.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20220519081808.3776-9-ilpo.jarvinen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/stm32-usart.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c
index 87b5cd4c9743..3c551fd4f3ff 100644
--- a/drivers/tty/serial/stm32-usart.c
+++ b/drivers/tty/serial/stm32-usart.c
@@ -1037,13 +1037,22 @@ static void stm32_usart_set_termios(struct uart_port *port,
* CS8 or (CS7 + parity), 8 bits word aka [M1:M0] = 0b00
* M0 and M1 already cleared by cr1 initialization.
*/
- if (bits == 9)
+ if (bits == 9) {
cr1 |= USART_CR1_M0;
- else if ((bits == 7) && cfg->has_7bits_data)
+ } else if ((bits == 7) && cfg->has_7bits_data) {
cr1 |= USART_CR1_M1;
- else if (bits != 8)
+ } else if (bits != 8) {
dev_dbg(port->dev, "Unsupported data bits config: %u bits\n"
, bits);
+ cflag &= ~CSIZE;
+ cflag |= CS8;
+ termios->c_cflag = cflag;
+ bits = 8;
+ if (cflag & PARENB) {
+ bits++;
+ cr1 |= USART_CR1_M0;
+ }
+ }
if (ofs->rtor != UNDEF_REG && (stm32_port->rx_ch ||
(stm32_port->fifoen &&
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 075/339] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 074/339] serial: stm32-usart: Correct CSIZE, bits, and parity Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 076/339] bus: ti-sysc: Fix warnings for unbind for serial Greg Kroah-Hartman
` (265 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 660ba678f9998aca6db74f2dd912fa5124f0fa31 ]
kobject_init_and_add() takes reference even when it fails.
According to the doc of kobject_init_and_add()
If this function returns an error, kobject_put() must be called to
properly clean up the memory associated with the object.
Fix this issue by calling kobject_put().
Fixes: 948af1f0bbc8 ("firmware: Basic dmi-sysfs support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220511071421.9769-1-linmq006@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/dmi-sysfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/dmi-sysfs.c b/drivers/firmware/dmi-sysfs.c
index 3a353776bd34..66727ad3361b 100644
--- a/drivers/firmware/dmi-sysfs.c
+++ b/drivers/firmware/dmi-sysfs.c
@@ -604,7 +604,7 @@ static void __init dmi_sysfs_register_handle(const struct dmi_header *dh,
"%d-%d", dh->type, entry->instance);
if (*ret) {
- kfree(entry);
+ kobject_put(&entry->kobj);
return;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 076/339] bus: ti-sysc: Fix warnings for unbind for serial
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 075/339] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 077/339] driver: base: fix UAF when driver_attach failed Greg Kroah-Hartman
` (264 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Romain Naour, Tony Lindgren, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit c337125b8834f9719dfda0e40b25eaa266f1b8cf ]
We can get "failed to disable" clock_unprepare warnings on unbind at least
for the serial console device if the unbind is done before the device has
been idled.
As some devices are using deferred idle, we must check the status for
pending idle work to idle the device.
Fixes: 76f0f772e469 ("bus: ti-sysc: Improve handling for no-reset-on-init and no-idle-on-init")
Cc: Romain Naour <romain.naour@smile.fr>
Reviewed-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Link: https://lore.kernel.org/r/20220512053021.61650-1-tony@atomide.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/ti-sysc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c
index 7a1b1f9e4933..70d00cea9d22 100644
--- a/drivers/bus/ti-sysc.c
+++ b/drivers/bus/ti-sysc.c
@@ -3395,7 +3395,9 @@ static int sysc_remove(struct platform_device *pdev)
struct sysc *ddata = platform_get_drvdata(pdev);
int error;
- cancel_delayed_work_sync(&ddata->idle_work);
+ /* Device can still be enabled, see deferred idle quirk in probe */
+ if (cancel_delayed_work_sync(&ddata->idle_work))
+ ti_sysc_idle(&ddata->idle_work.work);
error = pm_runtime_resume_and_get(ddata->dev);
if (error < 0) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 077/339] driver: base: fix UAF when driver_attach failed
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 076/339] bus: ti-sysc: Fix warnings for unbind for serial Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 078/339] driver core: fix deadlock in __device_attach Greg Kroah-Hartman
` (263 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Schspa Shi, Sasha Levin
From: Schspa Shi <schspa@gmail.com>
[ Upstream commit 310862e574001a97ad02272bac0fd13f75f42a27 ]
When driver_attach(drv); failed, the driver_private will be freed.
But it has been added to the bus, which caused a UAF.
To fix it, we need to delete it from the bus when failed.
Fixes: 190888ac01d0 ("driver core: fix possible missing of device probe")
Signed-off-by: Schspa Shi <schspa@gmail.com>
Link: https://lore.kernel.org/r/20220513112444.45112-1-schspa@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/bus.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 97936ec49bde..7ca47e5b3c1f 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -617,7 +617,7 @@ int bus_add_driver(struct device_driver *drv)
if (drv->bus->p->drivers_autoprobe) {
error = driver_attach(drv);
if (error)
- goto out_unregister;
+ goto out_del_list;
}
module_add_driver(drv->owner, drv);
@@ -644,6 +644,8 @@ int bus_add_driver(struct device_driver *drv)
return 0;
+out_del_list:
+ klist_del(&priv->knode_bus);
out_unregister:
kobject_put(&priv->kobj);
/* drv->p is freed in driver_release() */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 078/339] driver core: fix deadlock in __device_attach
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 077/339] driver: base: fix UAF when driver_attach failed Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 079/339] watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
` (262 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhang Wensheng, Sasha Levin
From: Zhang Wensheng <zhangwensheng5@huawei.com>
[ Upstream commit b232b02bf3c205b13a26dcec08e53baddd8e59ed ]
In __device_attach function, The lock holding logic is as follows:
...
__device_attach
device_lock(dev) // get lock dev
async_schedule_dev(__device_attach_async_helper, dev); // func
async_schedule_node
async_schedule_node_domain(func)
entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);
/* when fail or work limit, sync to execute func, but
__device_attach_async_helper will get lock dev as
well, which will lead to A-A deadlock. */
if (!entry || atomic_read(&entry_count) > MAX_WORK) {
func;
else
queue_work_node(node, system_unbound_wq, &entry->work)
device_unlock(dev)
As shown above, when it is allowed to do async probes, because of
out of memory or work limit, async work is not allowed, to do
sync execute instead. it will lead to A-A deadlock because of
__device_attach_async_helper getting lock dev.
To fix the deadlock, move the async_schedule_dev outside device_lock,
as we can see, in async_schedule_node_domain, the parameter of
queue_work_node is system_unbound_wq, so it can accept concurrent
operations. which will also not change the code logic, and will
not lead to deadlock.
Fixes: 765230b5f084 ("driver-core: add asynchronous probing support for drivers")
Signed-off-by: Zhang Wensheng <zhangwensheng5@huawei.com>
Link: https://lore.kernel.org/r/20220518074516.1225580-1-zhangwensheng5@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/dd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 3fc3b5940bb3..ed02a529a896 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -941,6 +941,7 @@ static void __device_attach_async_helper(void *_dev, async_cookie_t cookie)
static int __device_attach(struct device *dev, bool allow_async)
{
int ret = 0;
+ bool async = false;
device_lock(dev);
if (dev->p->dead) {
@@ -979,7 +980,7 @@ static int __device_attach(struct device *dev, bool allow_async)
*/
dev_dbg(dev, "scheduling asynchronous probe\n");
get_device(dev);
- async_schedule_dev(__device_attach_async_helper, dev);
+ async = true;
} else {
pm_request_idle(dev);
}
@@ -989,6 +990,8 @@ static int __device_attach(struct device *dev, bool allow_async)
}
out_unlock:
device_unlock(dev);
+ if (async)
+ async_schedule_dev(__device_attach_async_helper, dev);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 079/339] watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 078/339] driver core: fix deadlock in __device_attach Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 080/339] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Greg Kroah-Hartman
` (261 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b3ac0c58fa8934926360268f3d89ec7680644d7b ]
If the device is already in a runtime PM enabled state
pm_runtime_get_sync() will return 1, so a test for negative
value should be used to check for errors.
Fixes: 2d63908bdbfb ("watchdog: Add K3 RTI watchdog support")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220412070824.23708-1-linmq006@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/rti_wdt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/watchdog/rti_wdt.c b/drivers/watchdog/rti_wdt.c
index db843f825860..00ebeffc674f 100644
--- a/drivers/watchdog/rti_wdt.c
+++ b/drivers/watchdog/rti_wdt.c
@@ -226,7 +226,7 @@ static int rti_wdt_probe(struct platform_device *pdev)
pm_runtime_enable(dev);
ret = pm_runtime_get_sync(dev);
- if (ret) {
+ if (ret < 0) {
pm_runtime_put_noidle(dev);
pm_runtime_disable(&pdev->dev);
return dev_err_probe(dev, ret, "runtime pm failed\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 080/339] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 079/339] watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 081/339] blk-mq: dont touch ->tagset in blk_mq_get_sq_hctx Greg Kroah-Hartman
` (260 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 5d24df3d690809952528e7a19a43d84bc5b99d44 ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Add missing of_node_put() in some error paths.
Fixes: bf9006399939 ("watchdog: ts4800: add driver for TS-4800 watchdog")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20220511114203.47420-1-linmq006@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/ts4800_wdt.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/watchdog/ts4800_wdt.c b/drivers/watchdog/ts4800_wdt.c
index c137ad2bd5c3..0ea554c7cda5 100644
--- a/drivers/watchdog/ts4800_wdt.c
+++ b/drivers/watchdog/ts4800_wdt.c
@@ -125,13 +125,16 @@ static int ts4800_wdt_probe(struct platform_device *pdev)
ret = of_property_read_u32_index(np, "syscon", 1, ®);
if (ret < 0) {
dev_err(dev, "no offset in syscon\n");
+ of_node_put(syscon_np);
return ret;
}
/* allocate memory for watchdog struct */
wdt = devm_kzalloc(dev, sizeof(*wdt), GFP_KERNEL);
- if (!wdt)
+ if (!wdt) {
+ of_node_put(syscon_np);
return -ENOMEM;
+ }
/* set regmap and offset to know where to write */
wdt->feed_offset = reg;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 081/339] blk-mq: dont touch ->tagset in blk_mq_get_sq_hctx
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 080/339] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 082/339] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Greg Kroah-Hartman
` (259 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, yukuai (C),
Jan Kara, Ming Lei, Jens Axboe, Sasha Levin
From: Ming Lei <ming.lei@redhat.com>
[ Upstream commit 5d05426e2d5fd7df8afc866b78c36b37b00188b7 ]
blk_mq_run_hw_queues() could be run when there isn't queued request and
after queue is cleaned up, at that time tagset is freed, because tagset
lifetime is covered by driver, and often freed after blk_cleanup_queue()
returns.
So don't touch ->tagset for figuring out current default hctx by the mapping
built in request queue, so use-after-free on tagset can be avoided. Meantime
this way should be fast than retrieving mapping from tagset.
Cc: "yukuai (C)" <yukuai3@huawei.com>
Cc: Jan Kara <jack@suse.cz>
Fixes: b6e68ee82585 ("blk-mq: Improve performance of non-mq IO schedulers with multiple HW queues")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220522122350.743103-1-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 84d749511f55..9d33e0032fee 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -2123,8 +2123,7 @@ static bool blk_mq_has_sqsched(struct request_queue *q)
*/
static struct blk_mq_hw_ctx *blk_mq_get_sq_hctx(struct request_queue *q)
{
- struct blk_mq_hw_ctx *hctx;
-
+ struct blk_mq_ctx *ctx = blk_mq_get_ctx(q);
/*
* If the IO scheduler does not respect hardware queues when
* dispatching, we just don't bother with multiple HW queues and
@@ -2132,8 +2131,8 @@ static struct blk_mq_hw_ctx *blk_mq_get_sq_hctx(struct request_queue *q)
* just causes lock contention inside the scheduler and pointless cache
* bouncing.
*/
- hctx = blk_mq_map_queue_type(q, HCTX_TYPE_DEFAULT,
- raw_smp_processor_id());
+ struct blk_mq_hw_ctx *hctx = blk_mq_map_queue(q, 0, ctx);
+
if (!blk_mq_hctx_stopped(hctx))
return hctx;
return NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 082/339] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 081/339] blk-mq: dont touch ->tagset in blk_mq_get_sq_hctx Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 083/339] scsi: sd: Dont call blk_cleanup_disk() in sd_probe() Greg Kroah-Hartman
` (258 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shengjiu Wang, Mark Brown, Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit e4dd748dc87cf431af7b3954963be0d9f6150217 ]
There are multiple xDR and xFR registers, the index is
from 0 to 7. FSL_SAI_xDR and FSL_SAI_xFR is abandoned,
replace them with FSL_SAI_xDR0 and FSL_SAI_xFR0.
Fixes: 4f7a0728b530 ("ASoC: fsl_sai: Add support for SAI new version")
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Link: https://lore.kernel.org/r/1653284661-18964-1-git-send-email-shengjiu.wang@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_sai.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/fsl/fsl_sai.h b/sound/soc/fsl/fsl_sai.h
index 7310fd02cc3c..bd0b56589bdb 100644
--- a/sound/soc/fsl/fsl_sai.h
+++ b/sound/soc/fsl/fsl_sai.h
@@ -80,8 +80,8 @@
#define FSL_SAI_xCR3(tx, ofs) (tx ? FSL_SAI_TCR3(ofs) : FSL_SAI_RCR3(ofs))
#define FSL_SAI_xCR4(tx, ofs) (tx ? FSL_SAI_TCR4(ofs) : FSL_SAI_RCR4(ofs))
#define FSL_SAI_xCR5(tx, ofs) (tx ? FSL_SAI_TCR5(ofs) : FSL_SAI_RCR5(ofs))
-#define FSL_SAI_xDR(tx, ofs) (tx ? FSL_SAI_TDR(ofs) : FSL_SAI_RDR(ofs))
-#define FSL_SAI_xFR(tx, ofs) (tx ? FSL_SAI_TFR(ofs) : FSL_SAI_RFR(ofs))
+#define FSL_SAI_xDR0(tx) (tx ? FSL_SAI_TDR0 : FSL_SAI_RDR0)
+#define FSL_SAI_xFR0(tx) (tx ? FSL_SAI_TFR0 : FSL_SAI_RFR0)
#define FSL_SAI_xMR(tx) (tx ? FSL_SAI_TMR : FSL_SAI_RMR)
/* SAI Transmit/Receive Control Register */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 083/339] scsi: sd: Dont call blk_cleanup_disk() in sd_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 082/339] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 084/339] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
` (257 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig,
Martin K. Petersen, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 7274ce0558adb4b9b1f5c5b613fb4fe331c18911 ]
In SCSI the midlayer has ownership of the request_queue, so on probe
failure we must only put the gendisk, but leave the request_queue alone.
Link: https://lore.kernel.org/r/20220523083813.227935-1-hch@lst.de
Fixes: 03252259e18e ("scsi: sd: Clean up gendisk if device_add_disk() failed")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/sd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index dc6e55761fd1..5539d75dcfe7 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3475,7 +3475,7 @@ static int sd_probe(struct device *dev)
error = device_add_disk(dev, gd, NULL);
if (error) {
put_device(&sdkp->disk_dev);
- blk_cleanup_disk(gd);
+ put_disk(gd);
goto out;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 084/339] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 083/339] scsi: sd: Dont call blk_cleanup_disk() in sd_probe() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 085/339] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Greg Kroah-Hartman
` (256 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Krzysztof Kozlowski, Neil Armstrong,
Daniel Lezcano, Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 9c04a8ff03def4df3f81219ffbe1ec9b44ff5348 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes: 89355274e1f7 ("clocksource/drivers/oxnas-rps: Add Oxford Semiconductor RPS Dual Timer")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lore.kernel.org/r/20220422104101.55754-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-oxnas-rps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clocksource/timer-oxnas-rps.c b/drivers/clocksource/timer-oxnas-rps.c
index 56c0cc32d0ac..d514b44e67dd 100644
--- a/drivers/clocksource/timer-oxnas-rps.c
+++ b/drivers/clocksource/timer-oxnas-rps.c
@@ -236,7 +236,7 @@ static int __init oxnas_rps_timer_init(struct device_node *np)
}
rps->irq = irq_of_parse_and_map(np, 0);
- if (rps->irq < 0) {
+ if (!rps->irq) {
ret = -EINVAL;
goto err_iomap;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 085/339] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 084/339] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 086/339] amt: fix return value of amt_update_handler() Greg Kroah-Hartman
` (255 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jann Horn, Harald Freudenberger,
Heiko Carstens, Sasha Levin
From: Jann Horn <jannh@google.com>
[ Upstream commit bd52cd5e23f134019b23f0c389db0f9a436e4576 ]
The argument of scatterwalk_unmap() is supposed to be the void* that was
returned by the previous scatterwalk_map() call.
The s390 AES-GCM implementation was instead passing the pointer to the
struct scatter_walk.
This doesn't actually break anything because scatterwalk_unmap() only uses
its argument under CONFIG_HIGHMEM and ARCH_HAS_FLUSH_ON_KUNMAP.
Fixes: bf7fa038707c ("s390/crypto: add s390 platform specific aes gcm support.")
Signed-off-by: Jann Horn <jannh@google.com>
Acked-by: Harald Freudenberger <freude@linux.ibm.com>
Link: https://lore.kernel.org/r/20220517143047.3054498-1-jannh@google.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/crypto/aes_s390.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index 54c7536f2482..1023e9d43d44 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -701,7 +701,7 @@ static inline void _gcm_sg_unmap_and_advance(struct gcm_sg_walk *gw,
unsigned int nbytes)
{
gw->walk_bytes_remain -= nbytes;
- scatterwalk_unmap(&gw->walk);
+ scatterwalk_unmap(gw->walk_ptr);
scatterwalk_advance(&gw->walk, nbytes);
scatterwalk_done(&gw->walk, 0, gw->walk_bytes_remain);
gw->walk_ptr = NULL;
@@ -776,7 +776,7 @@ static int gcm_out_walk_go(struct gcm_sg_walk *gw, unsigned int minbytesneeded)
goto out;
}
- scatterwalk_unmap(&gw->walk);
+ scatterwalk_unmap(gw->walk_ptr);
gw->walk_ptr = NULL;
gw->ptr = gw->buf;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 086/339] amt: fix return value of amt_update_handler()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 085/339] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 087/339] amt: fix possible memory leak in amt_rcv() Greg Kroah-Hartman
` (254 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Jakub Kicinski, Sasha Levin
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit ac1dbf55981b88d64312858ea06e3e63001f085d ]
If a relay receives an update message, it lookup a tunnel.
and if there is no tunnel for that message, it should be treated
as an error, not a success.
But amt_update_handler() returns false, which means success.
Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/amt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index de4ea518c793..d376ed89f836 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -2423,7 +2423,7 @@ static bool amt_update_handler(struct amt_dev *amt, struct sk_buff *skb)
}
}
- return false;
+ return true;
report:
iph = ip_hdr(skb);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 087/339] amt: fix possible memory leak in amt_rcv()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 086/339] amt: fix return value of amt_update_handler() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 088/339] net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create() Greg Kroah-Hartman
` (253 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Jakub Kicinski, Sasha Levin
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 1a1a0e80e005cbdc2c250fc858e1d8570f4e4acb ]
If an amt receives packets and it finds socket.
If it can't find a socket, it should free a received skb.
But it doesn't.
So, a memory leak would possibly occur.
Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/amt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index d376ed89f836..22d7da749a24 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -2679,7 +2679,7 @@ static int amt_rcv(struct sock *sk, struct sk_buff *skb)
amt = rcu_dereference_sk_user_data(sk);
if (!amt) {
err = true;
- goto out;
+ goto drop;
}
skb->dev = amt->dev;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 088/339] net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 087/339] amt: fix possible memory leak in amt_rcv() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 089/339] net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable Greg Kroah-Hartman
` (252 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Siddharth Vadapalli, Jakub Kicinski,
Sasha Levin
From: Siddharth Vadapalli <s-vadapalli@ti.com>
[ Upstream commit 0b7180072a9df5e18af5b58410fec38230848a8d ]
am65-cpsw-nuss driver incorrectly uses fwnode member of common
ethernet device's "struct device_node" instead of using fwnode
member of the port's "struct device_node" in phylink_create().
This results in all ports having the same phy data when there
are multiple ports with their phy properties populated in their
respective nodes rather than the common ethernet device node.
Fix it here by using fwnode member of the port's node.
Fixes: e8609e69470f ("net: ethernet: ti: am65-cpsw: Convert to PHYLINK")
Signed-off-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Link: https://lore.kernel.org/r/20220524062558.19296-1-s-vadapalli@ti.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/am65-cpsw-nuss.c b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
index d2747e9db286..98969070ed4b 100644
--- a/drivers/net/ethernet/ti/am65-cpsw-nuss.c
+++ b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
@@ -9,6 +9,7 @@
#include <linux/etherdevice.h>
#include <linux/if_vlan.h>
#include <linux/interrupt.h>
+#include <linux/irqdomain.h>
#include <linux/kernel.h>
#include <linux/kmemleak.h>
#include <linux/module.h>
@@ -1989,7 +1990,9 @@ am65_cpsw_nuss_init_port_ndev(struct am65_cpsw_common *common, u32 port_idx)
phy_interface_set_rgmii(port->slave.phylink_config.supported_interfaces);
- phylink = phylink_create(&port->slave.phylink_config, dev->fwnode, port->slave.phy_if,
+ phylink = phylink_create(&port->slave.phylink_config,
+ of_node_to_fwnode(port->slave.phy_node),
+ port->slave.phy_if,
&am65_cpsw_phylink_mac_ops);
if (IS_ERR(phylink))
return PTR_ERR(phylink);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 089/339] net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 088/339] net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 090/339] spi: fsi: Fix spurious timeout Greg Kroah-Hartman
` (251 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, liuyacan, Karsten Graul,
Jakub Kicinski, Sasha Levin
From: liuyacan <liuyacan@corp.netease.com>
[ Upstream commit b3b1a17538d3ef6a9667b2271216fd16d7678ab5 ]
In the process of checking whether RDMAv2 is available, the current
implementation first sets ini->smcrv2.ib_dev_v2, and then allocates
smc buf desc and register rmb, but the latter may fail. In this case,
the pointer should be reset.
Fixes: e49300a6bf62 ("net/smc: add listen processing for SMC-Rv2")
Signed-off-by: liuyacan <liuyacan@corp.netease.com>
Reviewed-by: Karsten Graul <kgraul@linux.ibm.com>
Link: https://lore.kernel.org/r/20220525085408.812273-1-liuyacan@corp.netease.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/af_smc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 45a24d24210f..540b32d86d9b 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -2136,6 +2136,7 @@ static void smc_find_rdma_v2_device_serv(struct smc_sock *new_smc,
not_found:
ini->smcr_version &= ~SMC_V2;
+ ini->smcrv2.ib_dev_v2 = NULL;
ini->check_smcrv2 = false;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 090/339] spi: fsi: Fix spurious timeout
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 089/339] net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 091/339] drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() Greg Kroah-Hartman
` (250 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eddie James, Mark Brown, Sasha Levin
From: Eddie James <eajames@linux.ibm.com>
[ Upstream commit 61bf40ef51aa73f6216b33563271b6acf7ea8d70 ]
The driver may return a timeout error even if the status register
indicates that the transfer may proceed. Fix this by restructuring
the polling loop.
Fixes: 89b35e3f2851 ("spi: fsi: Implement a timeout for polling status")
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Link: https://lore.kernel.org/r/20220525165852.33167-2-eajames@linux.ibm.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-fsi.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/spi/spi-fsi.c b/drivers/spi/spi-fsi.c
index d403a7a3021d..72ab066ce552 100644
--- a/drivers/spi/spi-fsi.c
+++ b/drivers/spi/spi-fsi.c
@@ -319,12 +319,12 @@ static int fsi_spi_transfer_data(struct fsi_spi *ctx,
end = jiffies + msecs_to_jiffies(SPI_FSI_STATUS_TIMEOUT_MS);
do {
+ if (time_after(jiffies, end))
+ return -ETIMEDOUT;
+
rc = fsi_spi_status(ctx, &status, "TX");
if (rc)
return rc;
-
- if (time_after(jiffies, end))
- return -ETIMEDOUT;
} while (status & SPI_FSI_STATUS_TDR_FULL);
sent += nb;
@@ -337,12 +337,12 @@ static int fsi_spi_transfer_data(struct fsi_spi *ctx,
while (transfer->len > recv) {
end = jiffies + msecs_to_jiffies(SPI_FSI_STATUS_TIMEOUT_MS);
do {
+ if (time_after(jiffies, end))
+ return -ETIMEDOUT;
+
rc = fsi_spi_status(ctx, &status, "RX");
if (rc)
return rc;
-
- if (time_after(jiffies, end))
- return -ETIMEDOUT;
} while (!(status & SPI_FSI_STATUS_RDR_FULL));
rc = fsi_spi_read_reg(ctx, SPI_FSI_DATA_RX, &in);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 091/339] drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 090/339] spi: fsi: Fix spurious timeout Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 092/339] net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE Greg Kroah-Hartman
` (249 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Harry Wentland, Dan Carpenter,
Alex Deucher, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit a35faec3db0e13aac8ea720bc1a3503081dd5a3d ]
The > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of bounds
access.
Fixes: e27c41d5b068 ("drm/amd/display: Support for DMUB HPD interrupt handling")
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index 62139ff35476..8dd03de7c277 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -771,7 +771,7 @@ static void dm_dmub_outbox1_low_irq(void *interrupt_params)
do {
dc_stat_get_dmub_notification(adev->dm.dc, ¬ify);
- if (notify.type > ARRAY_SIZE(dm->dmub_thread_offload)) {
+ if (notify.type >= ARRAY_SIZE(dm->dmub_thread_offload)) {
DRM_ERROR("DM: notify type %d invalid!", notify.type);
continue;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 092/339] net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 091/339] drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 093/339] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Greg Kroah-Hartman
` (248 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael Walle, Jakub Kicinski, Sasha Levin
From: Michael Walle <michael@walle.cc>
[ Upstream commit b58cdd4388b1d8f5bee9f5a3897a7e780d1eaa48 ]
At the moment, if devm_of_phy_get() returns an error the serdes
simply isn't set. While it is bad to ignore an error in general, there
is a particular bug that network isn't working if the serdes driver is
compiled as a module. In that case, devm_of_phy_get() returns
-EDEFER_PROBE and the error is silently ignored.
The serdes is optional, it is not there if the port is using RGMII, in
which case devm_of_phy_get() returns -ENODEV. Rearrange the error
handling so that -ENODEV will be handled but other error codes will
abort the probing.
Fixes: d28d6d2e37d1 ("net: lan966x: add port module support")
Signed-off-by: Michael Walle <michael@walle.cc>
Link: https://lore.kernel.org/r/20220525231239.1307298-1-michael@walle.cc
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c
index 05f6dcc9dfd5..f180a157eea4 100644
--- a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c
+++ b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c
@@ -1080,8 +1080,13 @@ static int lan966x_probe(struct platform_device *pdev)
lan966x->ports[p]->fwnode = fwnode_handle_get(portnp);
serdes = devm_of_phy_get(lan966x->dev, to_of_node(portnp), NULL);
- if (!IS_ERR(serdes))
- lan966x->ports[p]->serdes = serdes;
+ if (PTR_ERR(serdes) == -ENODEV)
+ serdes = NULL;
+ if (IS_ERR(serdes)) {
+ err = PTR_ERR(serdes);
+ goto cleanup_ports;
+ }
+ lan966x->ports[p]->serdes = serdes;
lan966x_port_init(lan966x->ports[p]);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 093/339] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 092/339] net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 094/339] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Greg Kroah-Hartman
` (247 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Vincent Ray, Eric Dumazet,
Jakub Kicinski, Sasha Levin
From: Vincent Ray <vray@kalrayinc.com>
[ Upstream commit a54ce3703613e41fe1d98060b62ec09a3984dc28 ]
In qdisc_run_begin(), smp_mb__before_atomic() used before test_bit()
does not provide any ordering guarantee as test_bit() is not an atomic
operation. This, added to the fact that the spin_trylock() call at
the beginning of qdisc_run_begin() does not guarantee acquire
semantics if it does not grab the lock, makes it possible for the
following statement :
if (test_bit(__QDISC_STATE_MISSED, &qdisc->state))
to be executed before an enqueue operation called before
qdisc_run_begin().
As a result the following race can happen :
CPU 1 CPU 2
qdisc_run_begin() qdisc_run_begin() /* true */
set(MISSED) .
/* returns false */ .
. /* sees MISSED = 1 */
. /* so qdisc not empty */
. __qdisc_run()
. .
. pfifo_fast_dequeue()
----> /* may be done here */ .
| . clear(MISSED)
| . .
| . smp_mb __after_atomic();
| . .
| . /* recheck the queue */
| . /* nothing => exit */
| enqueue(skb1)
| .
| qdisc_run_begin()
| .
| spin_trylock() /* fail */
| .
| smp_mb__before_atomic() /* not enough */
| .
---- if (test_bit(MISSED))
return false; /* exit */
In the above scenario, CPU 1 and CPU 2 both try to grab the
qdisc->seqlock at the same time. Only CPU 2 succeeds and enters the
bypass code path, where it emits its skb then calls __qdisc_run().
CPU1 fails, sets MISSED and goes down the traditionnal enqueue() +
dequeue() code path. But when executing qdisc_run_begin() for the
second time, after enqueuing its skbuff, it sees the MISSED bit still
set (by itself) and consequently chooses to exit early without setting
it again nor trying to grab the spinlock again.
Meanwhile CPU2 has seen MISSED = 1, cleared it, checked the queue
and found it empty, so it returned.
At the end of the sequence, we end up with skb1 enqueued in the
backlog, both CPUs out of __dev_xmit_skb(), the MISSED bit not set,
and no __netif_schedule() called made. skb1 will now linger in the
qdisc until somebody later performs a full __qdisc_run(). Associated
to the bypass capacity of the qdisc, and the ability of the TCP layer
to avoid resending packets which it knows are still in the qdisc, this
can lead to serious traffic "holes" in a TCP connection.
We fix this by replacing the smp_mb__before_atomic() / test_bit() /
set_bit() / smp_mb__after_atomic() sequence inside qdisc_run_begin()
by a single test_and_set_bit() call, which is more concise and
enforces the needed memory barriers.
Fixes: 89837eb4b246 ("net: sched: add barrier to ensure correct ordering for lockless qdisc")
Signed-off-by: Vincent Ray <vray@kalrayinc.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220526001746.2437669-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sch_generic.h | 36 ++++++++----------------------------
1 file changed, 8 insertions(+), 28 deletions(-)
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 9bab396c1f3b..80973ce820f3 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -187,37 +187,17 @@ static inline bool qdisc_run_begin(struct Qdisc *qdisc)
if (spin_trylock(&qdisc->seqlock))
return true;
- /* Paired with smp_mb__after_atomic() to make sure
- * STATE_MISSED checking is synchronized with clearing
- * in pfifo_fast_dequeue().
+ /* No need to insist if the MISSED flag was already set.
+ * Note that test_and_set_bit() also gives us memory ordering
+ * guarantees wrt potential earlier enqueue() and below
+ * spin_trylock(), both of which are necessary to prevent races
*/
- smp_mb__before_atomic();
-
- /* If the MISSED flag is set, it means other thread has
- * set the MISSED flag before second spin_trylock(), so
- * we can return false here to avoid multi cpus doing
- * the set_bit() and second spin_trylock() concurrently.
- */
- if (test_bit(__QDISC_STATE_MISSED, &qdisc->state))
+ if (test_and_set_bit(__QDISC_STATE_MISSED, &qdisc->state))
return false;
- /* Set the MISSED flag before the second spin_trylock(),
- * if the second spin_trylock() return false, it means
- * other cpu holding the lock will do dequeuing for us
- * or it will see the MISSED flag set after releasing
- * lock and reschedule the net_tx_action() to do the
- * dequeuing.
- */
- set_bit(__QDISC_STATE_MISSED, &qdisc->state);
-
- /* spin_trylock() only has load-acquire semantic, so use
- * smp_mb__after_atomic() to ensure STATE_MISSED is set
- * before doing the second spin_trylock().
- */
- smp_mb__after_atomic();
-
- /* Retry again in case other CPU may not see the new flag
- * after it releases the lock at the end of qdisc_run_end().
+ /* Try to take the lock again to make sure that we will either
+ * grab it or the CPU that still has it will see MISSED set
+ * when testing it in qdisc_run_end()
*/
return spin_trylock(&qdisc->seqlock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 094/339] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 093/339] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 095/339] net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks Greg Kroah-Hartman
` (246 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, David S. Miller, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit e7e7104e2d5ddf3806a28695670f21bef471f1e1 ]
The "fsp->location" variable comes from user via ethtool_get_rxnfc().
Check that it is valid to prevent an out of bounds read.
Fixes: 7aab747e5563 ("net: ethernet: mediatek: add ethtool functions to configure RX flows of HW LRO")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index f02d07ec5ccb..a50090e62c8f 100644
--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -1949,6 +1949,9 @@ static int mtk_hwlro_get_fdir_entry(struct net_device *dev,
struct ethtool_rx_flow_spec *fsp =
(struct ethtool_rx_flow_spec *)&cmd->fs;
+ if (fsp->location >= ARRAY_SIZE(mac->hwlro_ip))
+ return -EINVAL;
+
/* only tcp dst ipv4 is meaningful, others are meaningless */
fsp->flow_type = TCP_V4_FLOW;
fsp->h_u.tcp_ip4_spec.ip4dst = ntohl(mac->hwlro_ip[fsp->location]);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 095/339] net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 094/339] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 096/339] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Greg Kroah-Hartman
` (245 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, David S. Miller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 5dd89d2fc438457811cbbec07999ce0d80051ff5 ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
am65_cpsw_init_cpts() and am65_cpsw_nuss_probe() don't release
the refcount in error case.
Add missing of_node_put() to avoid refcount leak.
Fixes: b1f66a5bee07 ("net: ethernet: ti: am65-cpsw-nuss: enable packet timestamping support")
Fixes: 93a76530316a ("net: ethernet: ti: introduce am65x/j721e gigabit eth subsystem driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/am65-cpsw-nuss.c b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
index 98969070ed4b..6d978dbf708f 100644
--- a/drivers/net/ethernet/ti/am65-cpsw-nuss.c
+++ b/drivers/net/ethernet/ti/am65-cpsw-nuss.c
@@ -1797,6 +1797,7 @@ static int am65_cpsw_init_cpts(struct am65_cpsw_common *common)
if (IS_ERR(cpts)) {
int ret = PTR_ERR(cpts);
+ of_node_put(node);
if (ret == -EOPNOTSUPP) {
dev_info(dev, "cpts disabled\n");
return 0;
@@ -2673,9 +2674,9 @@ static int am65_cpsw_nuss_probe(struct platform_device *pdev)
if (!node)
return -ENOENT;
common->port_num = of_get_child_count(node);
+ of_node_put(node);
if (common->port_num < 1 || common->port_num > AM65_CPSW_MAX_PORTS)
return -ENOENT;
- of_node_put(node);
common->rx_flow_id_base = -1;
init_completion(&common->tdown_complete);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 096/339] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 095/339] net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 097/339] modpost: fix removing numeric suffixes Greg Kroah-Hartman
` (244 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Marek Behún,
David S. Miller, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 02ded5a173619b11728b8bf75a3fd995a2c1ff28 ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
mv88e6xxx_mdio_register() pass the device node to of_mdiobus_register().
We don't need the device node after it.
Add missing of_node_put() to avoid refcount leak.
Fixes: a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/mv88e6xxx/chip.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index 64f4fdd02902..732570fb97b1 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -3960,6 +3960,7 @@ static int mv88e6xxx_mdios_register(struct mv88e6xxx_chip *chip,
*/
child = of_get_child_by_name(np, "mdio");
err = mv88e6xxx_mdio_register(chip, child, false);
+ of_node_put(child);
if (err)
return err;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 097/339] modpost: fix removing numeric suffixes
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 096/339] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 098/339] block, loop: support partitions without scanning Greg Kroah-Hartman
` (243 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Lobakin, Petr Mladek,
Masahiro Yamada, Sasha Levin
From: Alexander Lobakin <alexandr.lobakin@intel.com>
[ Upstream commit b5beffa20d83c4e15306c991ffd00de0d8628338 ]
With the `-z unique-symbol` linker flag or any similar mechanism,
it is possible to trigger the following:
ERROR: modpost: "param_set_uint.0" [vmlinux] is a static EXPORT_SYMBOL
The reason is that for now the condition from remove_dot():
if (m && (s[n + m] == '.' || s[n + m] == 0))
which was designed to test if it's a dot or a '\0' after the suffix
is never satisfied.
This is due to that `s[n + m]` always points to the last digit of a
numeric suffix, not on the symbol next to it (from a custom debug
print added to modpost):
param_set_uint.0, s[n + m] is '0', s[n + m + 1] is '\0'
So it's off-by-one and was like that since 2014.
Fix this for the sake of any potential upcoming features, but don't
bother stable-backporting, as it's well hidden -- apart from that
LD flag, it can be triggered only with GCC LTO which never landed
upstream.
Fixes: fcd38ed0ff26 ("scripts: modpost: fix compilation warning")
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index ed9d056d2108..d81019db9da4 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1993,7 +1993,7 @@ static char *remove_dot(char *s)
if (n && s[n]) {
size_t m = strspn(s + n + 1, "0123456789");
- if (m && (s[n + m] == '.' || s[n + m] == 0))
+ if (m && (s[n + m + 1] == '.' || s[n + m + 1] == 0))
s[n] = 0;
/* strip trailing .prelink */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 098/339] block, loop: support partitions without scanning
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 097/339] modpost: fix removing numeric suffixes Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 099/339] ep93xx: clock: Do not return the address of the freed memory Greg Kroah-Hartman
` (242 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ming Lei, Christoph Hellwig,
Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit b9684a71fca793213378dd410cd11675d973eaa1 ]
Historically we did distinguish between a flag that surpressed partition
scanning, and a combinations of the minors variable and another flag if
any partitions were supported. This was generally confusing and doesn't
make much sense, but some corner case uses of the loop driver actually
do want to support manually added partitions on a device that does not
actively scan for partitions. To make things worsee the loop driver
also wants to dynamically toggle the scanning for partitions on a live
gendisk, which makes the disk->flags updates non-atomic.
Introduce a new GD_SUPPRESS_PART_SCAN bit in disk->state that disables
just scanning for partitions, and toggle that instead of GENHD_FL_NO_PART
in the loop driver.
Fixes: 1ebe2e5f9d68 ("block: remove GENHD_FL_EXT_DEVT")
Reported-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20220527055806.1972352-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/genhd.c | 2 ++
drivers/block/loop.c | 8 ++++----
include/linux/blkdev.h | 1 +
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/block/genhd.c b/block/genhd.c
index b8b6759d670f..3008ec213654 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -385,6 +385,8 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode)
if (disk->flags & (GENHD_FL_NO_PART | GENHD_FL_HIDDEN))
return -EINVAL;
+ if (test_bit(GD_SUPPRESS_PART_SCAN, &disk->state))
+ return -EINVAL;
if (disk->open_partitions)
return -EBUSY;
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index ed7bec11948c..4e1dce3beab0 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1066,7 +1066,7 @@ static int loop_configure(struct loop_device *lo, fmode_t mode,
lo->lo_flags |= LO_FLAGS_PARTSCAN;
partscan = lo->lo_flags & LO_FLAGS_PARTSCAN;
if (partscan)
- lo->lo_disk->flags &= ~GENHD_FL_NO_PART;
+ clear_bit(GD_SUPPRESS_PART_SCAN, &lo->lo_disk->state);
loop_global_unlock(lo, is_loop);
if (partscan)
@@ -1185,7 +1185,7 @@ static void __loop_clr_fd(struct loop_device *lo, bool release)
*/
lo->lo_flags = 0;
if (!part_shift)
- lo->lo_disk->flags |= GENHD_FL_NO_PART;
+ set_bit(GD_SUPPRESS_PART_SCAN, &lo->lo_disk->state);
mutex_lock(&lo->lo_mutex);
lo->lo_state = Lo_unbound;
mutex_unlock(&lo->lo_mutex);
@@ -1295,7 +1295,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
if (!err && (lo->lo_flags & LO_FLAGS_PARTSCAN) &&
!(prev_lo_flags & LO_FLAGS_PARTSCAN)) {
- lo->lo_disk->flags &= ~GENHD_FL_NO_PART;
+ clear_bit(GD_SUPPRESS_PART_SCAN, &lo->lo_disk->state);
partscan = true;
}
out_unlock:
@@ -2054,7 +2054,7 @@ static int loop_add(int i)
* userspace tools. Parameters like this in general should be avoided.
*/
if (!part_shift)
- disk->flags |= GENHD_FL_NO_PART;
+ set_bit(GD_SUPPRESS_PART_SCAN, &disk->state);
atomic_set(&lo->lo_refcnt, 0);
mutex_init(&lo->lo_mutex);
lo->lo_number = i;
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
index 60d016138997..108e3d114bfc 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -147,6 +147,7 @@ struct gendisk {
#define GD_DEAD 2
#define GD_NATIVE_CAPACITY 3
#define GD_ADDED 4
+#define GD_SUPPRESS_PART_SCAN 5
struct mutex open_mutex; /* open/close mutex */
unsigned open_partitions; /* number of open partitions */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 099/339] ep93xx: clock: Do not return the address of the freed memory
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 098/339] block, loop: support partitions without scanning Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 100/339] jffs2: fix memory leak in jffs2_do_fill_super Greg Kroah-Hartman
` (241 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Genjian Zhang, Alexander Sverdlin,
Arnd Bergmann, Sasha Levin
From: Genjian Zhang <zhanggenjian123@gmail.com>
[ Upstream commit 8a7322a3a05f75e8a4902bdf8129aecd37d54fe9 ]
Avoid return freed memory addresses,Modified to the actual error
return value of clk_register().
Fixes: 9645ccc7bd7a ("ep93xx: clock: convert in-place to COMMON_CLK")
Signed-off-by: Genjian Zhang <zhanggenjian@kylinos.cn>
Acked-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-ep93xx/clock.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/arm/mach-ep93xx/clock.c b/arch/arm/mach-ep93xx/clock.c
index 4fa6ea5461b7..85a496ddc619 100644
--- a/arch/arm/mach-ep93xx/clock.c
+++ b/arch/arm/mach-ep93xx/clock.c
@@ -345,9 +345,10 @@ static struct clk_hw *clk_hw_register_ddiv(const char *name,
psc->hw.init = &init;
clk = clk_register(NULL, &psc->hw);
- if (IS_ERR(clk))
+ if (IS_ERR(clk)) {
kfree(psc);
-
+ return ERR_CAST(clk);
+ }
return &psc->hw;
}
@@ -452,9 +453,10 @@ static struct clk_hw *clk_hw_register_div(const char *name,
psc->hw.init = &init;
clk = clk_register(NULL, &psc->hw);
- if (IS_ERR(clk))
+ if (IS_ERR(clk)) {
kfree(psc);
-
+ return ERR_CAST(clk);
+ }
return &psc->hw;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 100/339] jffs2: fix memory leak in jffs2_do_fill_super
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 099/339] ep93xx: clock: Do not return the address of the freed memory Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 101/339] ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Greg Kroah-Hartman
` (240 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Baokun Li, Richard Weinberger, Sasha Levin
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit c14adb1cf70a984ed081c67e9d27bc3caad9537c ]
If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns
an error, we can observe the following kmemleak report:
--------------------------------------------
unreferenced object 0xffff888105a65340 (size 64):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff859c45e5>] kmem_cache_alloc_trace+0x475/0x8a0
[<ffffffff86160146>] jffs2_sum_init+0x96/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
unreferenced object 0xffff8881bd7f0000 (size 65536):
comm "mount", pid 710, jiffies 4302851558 (age 58.239s)
hex dump (first 32 bytes):
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................
backtrace:
[<ffffffff858579ba>] kmalloc_order+0xda/0x110
[<ffffffff85857a11>] kmalloc_order_trace+0x21/0x130
[<ffffffff859c2ed1>] __kmalloc+0x711/0x8a0
[<ffffffff86160189>] jffs2_sum_init+0xd9/0x1a0
[<ffffffff86140e25>] jffs2_do_mount_fs+0x745/0x2120
[<ffffffff86149fec>] jffs2_do_fill_super+0x35c/0x810
[<ffffffff8614aae9>] jffs2_fill_super+0x2b9/0x3b0
[...]
--------------------------------------------
This is because the resources allocated in jffs2_sum_init() are not
released. Call jffs2_sum_exit() to release these resources to solve
the problem.
Fixes: e631ddba5887 ("[JFFS2] Add erase block summary support (mount time improvement)")
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/jffs2/fs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
index 71f03a5d36ed..f83a468b6488 100644
--- a/fs/jffs2/fs.c
+++ b/fs/jffs2/fs.c
@@ -604,6 +604,7 @@ int jffs2_do_fill_super(struct super_block *sb, struct fs_context *fc)
jffs2_free_raw_node_refs(c);
kvfree(c->blocks);
jffs2_clear_xattr_subsystem(c);
+ jffs2_sum_exit(c);
out_inohash:
kfree(c->inocache_list);
out_wbuf:
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 101/339] ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 100/339] jffs2: fix memory leak in jffs2_do_fill_super Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 102/339] ubi: ubi_create_volume: Fix use-after-free when volume creation failed Greg Kroah-Hartman
` (239 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger,
Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit d09e9a2bddba6c48e0fddb16c4383172ac593251 ]
There at least 6 PEBs reserved on UBI device:
1. EBA_RESERVED_PEBS[1]
2. WL_RESERVED_PEBS[1]
3. UBI_LAYOUT_VOLUME_EBS[2]
4. MIN_FASTMAP_RESERVED_PEBS[2]
When all ubi volumes take all their PEBs, there are 3 (EBA_RESERVED_PEBS +
WL_RESERVED_PEBS + MIN_FASTMAP_RESERVED_PEBS - MIN_FASTMAP_TAKEN_PEBS[1])
free PEBs. Since commit f9c34bb529975fe ("ubi: Fix producing anchor PEBs")
and commit 4b68bf9a69d22dd ("ubi: Select fastmap anchor PEBs considering
wear level rules") applied, there is only 1 (3 - FASTMAP_ANCHOR_PEBS[1] -
FASTMAP_NEXT_ANCHOR_PEBS[1]) free PEB to fill pool and wl_pool, after
filling pool, wl_pool is always empty. So, UBI could be stuck in an
infinite loop:
ubi_thread system_wq
wear_leveling_worker <--------------------------------------------------
get_peb_for_wl |
// fm_wl_pool, used = size = 0 |
schedule_work(&ubi->fm_work) |
|
update_fastmap_work_fn |
ubi_update_fastmap |
ubi_refill_pools |
// ubi->free_count - ubi->beb_rsvd_pebs < 5 |
// wl_pool is not filled with any PEBs |
schedule_erase(old_fm_anchor) |
ubi_ensure_anchor_pebs |
__schedule_ubi_work(wear_leveling_worker) |
|
__erase_worker |
ensure_wear_leveling |
__schedule_ubi_work(wear_leveling_worker) --------------------------
, which cause high cpu usage of ubi_bgt:
top - 12:10:42 up 5 min, 2 users, load average: 1.76, 0.68, 0.27
Tasks: 123 total, 3 running, 54 sleeping, 0 stopped, 0 zombie
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1589 root 20 0 0 0 0 R 45.0 0.0 0:38.86 ubi_bgt0d
319 root 20 0 0 0 0 I 15.2 0.0 0:15.29 kworker/0:3-eve
371 root 20 0 0 0 0 I 14.9 0.0 0:12.85 kworker/3:3-eve
20 root 20 0 0 0 0 I 11.3 0.0 0:05.33 kworker/1:0-eve
202 root 20 0 0 0 0 I 11.3 0.0 0:04.93 kworker/2:3-eve
In commit 4b68bf9a69d22dd ("ubi: Select fastmap anchor PEBs considering
wear level rules"), there are three key changes:
1) Choose the fastmap anchor when the most free PEBs are available.
2) Enable anchor move within the anchor area again as it is useful
for distributing wear.
3) Import a candidate fm anchor and check this PEB's erase count during
wear leveling. If the wear leveling limit is exceeded, use the used
anchor area PEB with the lowest erase count to replace it.
The anchor candidate can be removed, we can check fm_anchor PEB's erase
count during wear leveling. Fix it by:
1) Removing 'fm_next_anchor' and check 'fm_anchor' during wear leveling.
2) Preferentially filling one free peb into fm_wl_pool in condition of
ubi->free_count > ubi->beb_rsvd_pebs, then try to reserve enough
free count for fastmap non anchor pebs after the above prerequisites
are met.
Then, there are at least 1 PEB in pool and 1 PEB in wl_pool after calling
ubi_refill_pools() with all erase works done.
Fetch a reproducer in [Link].
Fixes: 4b68bf9a69d22dd ("ubi: Select fastmap anchor PEBs ... rules")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215407
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/fastmap-wl.c | 69 ++++++++++++++++++++++++------------
drivers/mtd/ubi/fastmap.c | 11 ------
drivers/mtd/ubi/ubi.h | 4 +--
drivers/mtd/ubi/wl.c | 19 +++++-----
4 files changed, 57 insertions(+), 46 deletions(-)
diff --git a/drivers/mtd/ubi/fastmap-wl.c b/drivers/mtd/ubi/fastmap-wl.c
index 28f55f9cf715..053ab52668e8 100644
--- a/drivers/mtd/ubi/fastmap-wl.c
+++ b/drivers/mtd/ubi/fastmap-wl.c
@@ -97,6 +97,33 @@ struct ubi_wl_entry *ubi_wl_get_fm_peb(struct ubi_device *ubi, int anchor)
return e;
}
+/*
+ * has_enough_free_count - whether ubi has enough free pebs to fill fm pools
+ * @ubi: UBI device description object
+ * @is_wl_pool: whether UBI is filling wear leveling pool
+ *
+ * This helper function checks whether there are enough free pebs (deducted
+ * by fastmap pebs) to fill fm_pool and fm_wl_pool, above rule works after
+ * there is at least one of free pebs is filled into fm_wl_pool.
+ * For wear leveling pool, UBI should also reserve free pebs for bad pebs
+ * handling, because there maybe no enough free pebs for user volumes after
+ * producing new bad pebs.
+ */
+static bool has_enough_free_count(struct ubi_device *ubi, bool is_wl_pool)
+{
+ int fm_used = 0; // fastmap non anchor pebs.
+ int beb_rsvd_pebs;
+
+ if (!ubi->free.rb_node)
+ return false;
+
+ beb_rsvd_pebs = is_wl_pool ? ubi->beb_rsvd_pebs : 0;
+ if (ubi->fm_wl_pool.size > 0 && !(ubi->ro_mode || ubi->fm_disabled))
+ fm_used = ubi->fm_size / ubi->leb_size - 1;
+
+ return ubi->free_count - beb_rsvd_pebs > fm_used;
+}
+
/**
* ubi_refill_pools - refills all fastmap PEB pools.
* @ubi: UBI device description object
@@ -120,21 +147,17 @@ void ubi_refill_pools(struct ubi_device *ubi)
wl_tree_add(ubi->fm_anchor, &ubi->free);
ubi->free_count++;
}
- if (ubi->fm_next_anchor) {
- wl_tree_add(ubi->fm_next_anchor, &ubi->free);
- ubi->free_count++;
- }
- /* All available PEBs are in ubi->free, now is the time to get
+ /*
+ * All available PEBs are in ubi->free, now is the time to get
* the best anchor PEBs.
*/
ubi->fm_anchor = ubi_wl_get_fm_peb(ubi, 1);
- ubi->fm_next_anchor = ubi_wl_get_fm_peb(ubi, 1);
for (;;) {
enough = 0;
if (pool->size < pool->max_size) {
- if (!ubi->free.rb_node)
+ if (!has_enough_free_count(ubi, false))
break;
e = wl_get_wle(ubi);
@@ -147,8 +170,7 @@ void ubi_refill_pools(struct ubi_device *ubi)
enough++;
if (wl_pool->size < wl_pool->max_size) {
- if (!ubi->free.rb_node ||
- (ubi->free_count - ubi->beb_rsvd_pebs < 5))
+ if (!has_enough_free_count(ubi, true))
break;
e = find_wl_entry(ubi, &ubi->free, WL_FREE_MAX_DIFF);
@@ -286,20 +308,26 @@ static struct ubi_wl_entry *get_peb_for_wl(struct ubi_device *ubi)
int ubi_ensure_anchor_pebs(struct ubi_device *ubi)
{
struct ubi_work *wrk;
+ struct ubi_wl_entry *anchor;
spin_lock(&ubi->wl_lock);
- /* Do we have a next anchor? */
- if (!ubi->fm_next_anchor) {
- ubi->fm_next_anchor = ubi_wl_get_fm_peb(ubi, 1);
- if (!ubi->fm_next_anchor)
- /* Tell wear leveling to produce a new anchor PEB */
- ubi->fm_do_produce_anchor = 1;
+ /* Do we already have an anchor? */
+ if (ubi->fm_anchor) {
+ spin_unlock(&ubi->wl_lock);
+ return 0;
}
- /* Do wear leveling to get a new anchor PEB or check the
- * existing next anchor candidate.
- */
+ /* See if we can find an anchor PEB on the list of free PEBs */
+ anchor = ubi_wl_get_fm_peb(ubi, 1);
+ if (anchor) {
+ ubi->fm_anchor = anchor;
+ spin_unlock(&ubi->wl_lock);
+ return 0;
+ }
+
+ ubi->fm_do_produce_anchor = 1;
+ /* No luck, trigger wear leveling to produce a new anchor PEB. */
if (ubi->wl_scheduled) {
spin_unlock(&ubi->wl_lock);
return 0;
@@ -381,11 +409,6 @@ static void ubi_fastmap_close(struct ubi_device *ubi)
ubi->fm_anchor = NULL;
}
- if (ubi->fm_next_anchor) {
- return_unused_peb(ubi, ubi->fm_next_anchor);
- ubi->fm_next_anchor = NULL;
- }
-
if (ubi->fm) {
for (i = 0; i < ubi->fm->used_blocks; i++)
kfree(ubi->fm->e[i]);
diff --git a/drivers/mtd/ubi/fastmap.c b/drivers/mtd/ubi/fastmap.c
index 6b5f1ffd961b..6e95c4b1473e 100644
--- a/drivers/mtd/ubi/fastmap.c
+++ b/drivers/mtd/ubi/fastmap.c
@@ -1230,17 +1230,6 @@ static int ubi_write_fastmap(struct ubi_device *ubi,
fm_pos += sizeof(*fec);
ubi_assert(fm_pos <= ubi->fm_size);
}
- if (ubi->fm_next_anchor) {
- fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
-
- fec->pnum = cpu_to_be32(ubi->fm_next_anchor->pnum);
- set_seen(ubi, ubi->fm_next_anchor->pnum, seen_pebs);
- fec->ec = cpu_to_be32(ubi->fm_next_anchor->ec);
-
- free_peb_count++;
- fm_pos += sizeof(*fec);
- ubi_assert(fm_pos <= ubi->fm_size);
- }
fmh->free_peb_count = cpu_to_be32(free_peb_count);
ubi_for_each_used_peb(ubi, wl_e, tmp_rb) {
diff --git a/drivers/mtd/ubi/ubi.h b/drivers/mtd/ubi/ubi.h
index 7c083ad58274..078112e23dfd 100644
--- a/drivers/mtd/ubi/ubi.h
+++ b/drivers/mtd/ubi/ubi.h
@@ -489,8 +489,7 @@ struct ubi_debug_info {
* @fm_work: fastmap work queue
* @fm_work_scheduled: non-zero if fastmap work was scheduled
* @fast_attach: non-zero if UBI was attached by fastmap
- * @fm_anchor: The new anchor PEB used during fastmap update
- * @fm_next_anchor: An anchor PEB candidate for the next time fastmap is updated
+ * @fm_anchor: The next anchor PEB to use for fastmap
* @fm_do_produce_anchor: If true produce an anchor PEB in wl
*
* @used: RB-tree of used physical eraseblocks
@@ -601,7 +600,6 @@ struct ubi_device {
int fm_work_scheduled;
int fast_attach;
struct ubi_wl_entry *fm_anchor;
- struct ubi_wl_entry *fm_next_anchor;
int fm_do_produce_anchor;
/* Wear-leveling sub-system's stuff */
diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index 8455f1d47f3c..afcdacb9d0e9 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -689,16 +689,16 @@ static int wear_leveling_worker(struct ubi_device *ubi, struct ubi_work *wrk,
#ifdef CONFIG_MTD_UBI_FASTMAP
e1 = find_anchor_wl_entry(&ubi->used);
- if (e1 && ubi->fm_next_anchor &&
- (ubi->fm_next_anchor->ec - e1->ec >= UBI_WL_THRESHOLD)) {
+ if (e1 && ubi->fm_anchor &&
+ (ubi->fm_anchor->ec - e1->ec >= UBI_WL_THRESHOLD)) {
ubi->fm_do_produce_anchor = 1;
- /* fm_next_anchor is no longer considered a good anchor
- * candidate.
+ /*
+ * fm_anchor is no longer considered a good anchor.
* NULL assignment also prevents multiple wear level checks
* of this PEB.
*/
- wl_tree_add(ubi->fm_next_anchor, &ubi->free);
- ubi->fm_next_anchor = NULL;
+ wl_tree_add(ubi->fm_anchor, &ubi->free);
+ ubi->fm_anchor = NULL;
ubi->free_count++;
}
@@ -1085,12 +1085,13 @@ static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk)
if (!err) {
spin_lock(&ubi->wl_lock);
- if (!ubi->fm_disabled && !ubi->fm_next_anchor &&
+ if (!ubi->fm_disabled && !ubi->fm_anchor &&
e->pnum < UBI_FM_MAX_START) {
- /* Abort anchor production, if needed it will be
+ /*
+ * Abort anchor production, if needed it will be
* enabled again in the wear leveling started below.
*/
- ubi->fm_next_anchor = e;
+ ubi->fm_anchor = e;
ubi->fm_do_produce_anchor = 0;
} else {
wl_tree_add(e, &ubi->free);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 102/339] ubi: ubi_create_volume: Fix use-after-free when volume creation failed
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 101/339] ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 103/339] selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read Greg Kroah-Hartman
` (238 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhihao Cheng, Richard Weinberger,
Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit 8c03a1c21d72210f81cb369cc528e3fde4b45411 ]
There is an use-after-free problem for 'eba_tbl' in ubi_create_volume()'s
error handling path:
ubi_eba_replace_table(vol, eba_tbl)
vol->eba_tbl = tbl
out_mapping:
ubi_eba_destroy_table(eba_tbl) // Free 'eba_tbl'
out_unlock:
put_device(&vol->dev)
vol_release
kfree(tbl->entries) // UAF
Fix it by removing redundant 'eba_tbl' releasing.
Fetch a reproducer in [Link].
Fixes: 493cfaeaa0c9b ("mtd: utilize new cdev_device_add helper function")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215965
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/vmt.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
index 1bc7b3a05604..6ea95ade4ca6 100644
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -309,7 +309,6 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
ubi->volumes[vol_id] = NULL;
ubi->vol_count -= 1;
spin_unlock(&ubi->volumes_lock);
- ubi_eba_destroy_table(eba_tbl);
out_acc:
spin_lock(&ubi->volumes_lock);
ubi->rsvd_pebs -= vol->reserved_pebs;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 103/339] selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 102/339] ubi: ubi_create_volume: Fix use-after-free when volume creation failed Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 104/339] bpf: Fix probe read error in ___bpf_prog_run() Greg Kroah-Hartman
` (237 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mykola Lysenko, Song Liu,
David Vernet, Alexei Starovoitov, Sasha Levin
From: Song Liu <song@kernel.org>
[ Upstream commit 59ed76fe2f981bccde37bdddb465f260a96a2404 ]
Kernel function urandom_read is replaced with urandom_read_iter.
Therefore, kprobe on urandom_read is not working any more:
[root@eth50-1 bpf]# ./test_progs -n 161
test_stacktrace_build_id:PASS:skel_open_and_load 0 nsec
libbpf: kprobe perf_event_open() failed: No such file or directory
libbpf: prog 'oncpu': failed to create kprobe 'urandom_read+0x0' \
perf event: No such file or directory
libbpf: prog 'oncpu': failed to auto-attach: -2
test_stacktrace_build_id:FAIL:attach_tp err -2
161 stacktrace_build_id:FAIL
Fix this by replacing urandom_read with urandom_read_iter in the test.
Fixes: 1b388e7765f2 ("random: convert to using fops->read_iter()")
Reported-by: Mykola Lysenko <mykolal@fb.com>
Signed-off-by: Song Liu <song@kernel.org>
Acked-by: David Vernet <void@manifault.com>
Link: https://lore.kernel.org/r/20220526191608.2364049-1-song@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/test_stacktrace_build_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/progs/test_stacktrace_build_id.c b/tools/testing/selftests/bpf/progs/test_stacktrace_build_id.c
index 6c62bfb8bb6f..0c4426592a26 100644
--- a/tools/testing/selftests/bpf/progs/test_stacktrace_build_id.c
+++ b/tools/testing/selftests/bpf/progs/test_stacktrace_build_id.c
@@ -39,7 +39,7 @@ struct {
__type(value, stack_trace_t);
} stack_amap SEC(".maps");
-SEC("kprobe/urandom_read")
+SEC("kprobe/urandom_read_iter")
int oncpu(struct pt_regs *args)
{
__u32 max_len = sizeof(struct bpf_stack_build_id)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 104/339] bpf: Fix probe read error in ___bpf_prog_run()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 103/339] selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 105/339] block: take destination bvec offsets into account in bio_copy_data_iter Greg Kroah-Hartman
` (236 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Menglong Dong, Daniel Borkmann,
Jiang Biao, Hao Peng, Ilya Leoshkevich, Sasha Levin
From: Menglong Dong <imagedong@tencent.com>
[ Upstream commit caff1fa4118cec4dfd4336521ebd22a6408a1e3e ]
I think there is something wrong with BPF_PROBE_MEM in ___bpf_prog_run()
in big-endian machine. Let's make a test and see what will happen if we
want to load a 'u16' with BPF_PROBE_MEM.
Let's make the src value '0x0001', the value of dest register will become
0x0001000000000000, as the value will be loaded to the first 2 byte of
DST with following code:
bpf_probe_read_kernel(&DST, SIZE, (const void *)(long) (SRC + insn->off));
Obviously, the value in DST is not correct. In fact, we can compare
BPF_PROBE_MEM with LDX_MEM_H:
DST = *(SIZE *)(unsigned long) (SRC + insn->off);
If the memory load is done by LDX_MEM_H, the value in DST will be 0x1 now.
And I think this error results in the test case 'test_bpf_sk_storage_map'
failing:
test_bpf_sk_storage_map:PASS:bpf_iter_bpf_sk_storage_map__open_and_load 0 nsec
test_bpf_sk_storage_map:PASS:socket 0 nsec
test_bpf_sk_storage_map:PASS:map_update 0 nsec
test_bpf_sk_storage_map:PASS:socket 0 nsec
test_bpf_sk_storage_map:PASS:map_update 0 nsec
test_bpf_sk_storage_map:PASS:socket 0 nsec
test_bpf_sk_storage_map:PASS:map_update 0 nsec
test_bpf_sk_storage_map:PASS:attach_iter 0 nsec
test_bpf_sk_storage_map:PASS:create_iter 0 nsec
test_bpf_sk_storage_map:PASS:read 0 nsec
test_bpf_sk_storage_map:FAIL:ipv6_sk_count got 0 expected 3
$10/26 bpf_iter/bpf_sk_storage_map:FAIL
The code of the test case is simply, it will load sk->sk_family to the
register with BPF_PROBE_MEM and check if it is AF_INET6. With this patch,
now the test case 'bpf_iter' can pass:
$10 bpf_iter:OK
Fixes: 2a02759ef5f8 ("bpf: Add support for BTF pointers to interpreter")
Signed-off-by: Menglong Dong <imagedong@tencent.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jiang Biao <benbjiang@tencent.com>
Reviewed-by: Hao Peng <flyingpeng@tencent.com>
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Link: https://lore.kernel.org/bpf/20220524021228.533216-1-imagedong@tencent.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/core.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 05e701f0da81..1e92b52fc814 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -1950,6 +1950,11 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn)
CONT; \
LDX_MEM_##SIZEOP: \
DST = *(SIZE *)(unsigned long) (SRC + insn->off); \
+ CONT; \
+ LDX_PROBE_MEM_##SIZEOP: \
+ bpf_probe_read_kernel(&DST, sizeof(SIZE), \
+ (const void *)(long) (SRC + insn->off)); \
+ DST = *((SIZE *)&DST); \
CONT;
LDST(B, u8)
@@ -1957,15 +1962,6 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn)
LDST(W, u32)
LDST(DW, u64)
#undef LDST
-#define LDX_PROBE(SIZEOP, SIZE) \
- LDX_PROBE_MEM_##SIZEOP: \
- bpf_probe_read_kernel(&DST, SIZE, (const void *)(long) (SRC + insn->off)); \
- CONT;
- LDX_PROBE(B, 1)
- LDX_PROBE(H, 2)
- LDX_PROBE(W, 4)
- LDX_PROBE(DW, 8)
-#undef LDX_PROBE
#define ATOMIC_ALU_OP(BOP, KOP) \
case BOP: \
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 105/339] block: take destination bvec offsets into account in bio_copy_data_iter
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 104/339] bpf: Fix probe read error in ___bpf_prog_run() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 106/339] nbd: dont clear NBD_CMD_INFLIGHT flag if request is not completed Greg Kroah-Hartman
` (235 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit 403d50341cce6b5481a92eb481e6df60b1f49b55 ]
Appartly bcache can copy into bios that do not just contain fresh
pages but can have offsets into the bio_vecs. Restore support for tht
in bio_copy_data_iter.
Fixes: f8b679a070c5 ("block: rewrite bio_copy_data_iter to use bvec_kmap_local and memcpy_to_bvec")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220524143919.1155501-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/block/bio.c b/block/bio.c
index 4259125e16ab..ac29c87c6735 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1336,10 +1336,12 @@ void bio_copy_data_iter(struct bio *dst, struct bvec_iter *dst_iter,
struct bio_vec src_bv = bio_iter_iovec(src, *src_iter);
struct bio_vec dst_bv = bio_iter_iovec(dst, *dst_iter);
unsigned int bytes = min(src_bv.bv_len, dst_bv.bv_len);
- void *src_buf;
+ void *src_buf = bvec_kmap_local(&src_bv);
+ void *dst_buf = bvec_kmap_local(&dst_bv);
- src_buf = bvec_kmap_local(&src_bv);
- memcpy_to_bvec(&dst_bv, src_buf);
+ memcpy(dst_buf, src_buf, bytes);
+
+ kunmap_local(dst_buf);
kunmap_local(src_buf);
bio_advance_iter_single(src, src_iter, bytes);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 106/339] nbd: dont clear NBD_CMD_INFLIGHT flag if request is not completed
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 105/339] block: take destination bvec offsets into account in bio_copy_data_iter Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 107/339] nbd: fix possible overflow on first_minor in nbd_dev_add() Greg Kroah-Hartman
` (234 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Yu Kuai, Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 2895f1831e911ca87d4efdf43e35eb72a0c7e66e ]
Otherwise io will hung because request will only be completed if the
cmd has the flag 'NBD_CMD_INFLIGHT'.
Fixes: 07175cb1baf4 ("nbd: make sure request completion won't concurrent")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-4-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 284557041336..ed678037ba6d 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -404,13 +404,14 @@ static enum blk_eh_timer_return nbd_xmit_timeout(struct request *req,
if (!mutex_trylock(&cmd->lock))
return BLK_EH_RESET_TIMER;
- if (!__test_and_clear_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
+ if (!test_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
mutex_unlock(&cmd->lock);
return BLK_EH_DONE;
}
if (!refcount_inc_not_zero(&nbd->config_refs)) {
cmd->status = BLK_STS_TIMEOUT;
+ __clear_bit(NBD_CMD_INFLIGHT, &cmd->flags);
mutex_unlock(&cmd->lock);
goto done;
}
@@ -479,6 +480,7 @@ static enum blk_eh_timer_return nbd_xmit_timeout(struct request *req,
dev_err_ratelimited(nbd_to_dev(nbd), "Connection timed out\n");
set_bit(NBD_RT_TIMEDOUT, &config->runtime_flags);
cmd->status = BLK_STS_IOERR;
+ __clear_bit(NBD_CMD_INFLIGHT, &cmd->flags);
mutex_unlock(&cmd->lock);
sock_shutdown(nbd);
nbd_config_put(nbd);
@@ -746,7 +748,7 @@ static struct nbd_cmd *nbd_handle_reply(struct nbd_device *nbd, int index,
cmd = blk_mq_rq_to_pdu(req);
mutex_lock(&cmd->lock);
- if (!__test_and_clear_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
+ if (!test_bit(NBD_CMD_INFLIGHT, &cmd->flags)) {
dev_err(disk_to_dev(nbd->disk), "Suspicious reply %d (status %u flags %lu)",
tag, cmd->status, cmd->flags);
ret = -ENOENT;
@@ -855,8 +857,16 @@ static void recv_work(struct work_struct *work)
}
rq = blk_mq_rq_from_pdu(cmd);
- if (likely(!blk_should_fake_timeout(rq->q)))
- blk_mq_complete_request(rq);
+ if (likely(!blk_should_fake_timeout(rq->q))) {
+ bool complete;
+
+ mutex_lock(&cmd->lock);
+ complete = __test_and_clear_bit(NBD_CMD_INFLIGHT,
+ &cmd->flags);
+ mutex_unlock(&cmd->lock);
+ if (complete)
+ blk_mq_complete_request(rq);
+ }
percpu_ref_put(&q->q_usage_counter);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 107/339] nbd: fix possible overflow on first_minor in nbd_dev_add()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 106/339] nbd: dont clear NBD_CMD_INFLIGHT flag if request is not completed Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 108/339] riscv: read-only pages should not be writable Greg Kroah-Hartman
` (233 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zhang Wensheng, Yu Kuai, Josef Bacik,
Jens Axboe, Sasha Levin
From: Zhang Wensheng <zhangwensheng5@huawei.com>
[ Upstream commit 858f1bf65d3d9c00b5e2d8ca87dc79ed88267c98 ]
When 'index' is a big numbers, it may become negative which forced
to 'int'. then 'index << part_shift' might overflow to a positive
value that is not greater than '0xfffff', then sysfs might complains
about duplicate creation. Because of this, move the 'index' judgment
to the front will fix it and be better.
Fixes: b0d9111a2d53 ("nbd: use an idr to keep track of nbd devices")
Fixes: 940c264984fd ("nbd: fix possible overflow for 'first_minor' in nbd_dev_add()")
Signed-off-by: Zhang Wensheng <zhangwensheng5@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-6-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index ed678037ba6d..c860a9930855 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1814,17 +1814,7 @@ static struct nbd_device *nbd_dev_add(int index, unsigned int refs)
refcount_set(&nbd->refs, 0);
INIT_LIST_HEAD(&nbd->list);
disk->major = NBD_MAJOR;
-
- /* Too big first_minor can cause duplicate creation of
- * sysfs files/links, since index << part_shift might overflow, or
- * MKDEV() expect that the max bits of first_minor is 20.
- */
disk->first_minor = index << part_shift;
- if (disk->first_minor < index || disk->first_minor > MINORMASK) {
- err = -EINVAL;
- goto out_free_work;
- }
-
disk->minors = 1 << part_shift;
disk->fops = &nbd_fops;
disk->private_data = nbd;
@@ -1929,8 +1919,19 @@ static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
if (!netlink_capable(skb, CAP_SYS_ADMIN))
return -EPERM;
- if (info->attrs[NBD_ATTR_INDEX])
+ if (info->attrs[NBD_ATTR_INDEX]) {
index = nla_get_u32(info->attrs[NBD_ATTR_INDEX]);
+
+ /*
+ * Too big first_minor can cause duplicate creation of
+ * sysfs files/links, since index << part_shift might overflow, or
+ * MKDEV() expect that the max bits of first_minor is 20.
+ */
+ if (index < 0 || index > MINORMASK >> part_shift) {
+ printk(KERN_ERR "nbd: illegal input index %d\n", index);
+ return -EINVAL;
+ }
+ }
if (!info->attrs[NBD_ATTR_SOCKETS]) {
printk(KERN_ERR "nbd: must specify at least one socket\n");
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 108/339] riscv: read-only pages should not be writable
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 107/339] nbd: fix possible overflow on first_minor in nbd_dev_add() Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 109/339] net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" Greg Kroah-Hartman
` (232 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Heinrich Schuchardt, Ard Biesheuvel,
Sasha Levin
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
[ Upstream commit 630f972d76d6460235e84e1aa034ee06f9c8c3a9 ]
If EFI pages are marked as read-only,
we should remove the _PAGE_WRITE flag.
The current code overwrites an unused value.
Fixes: b91540d52a08b ("RISC-V: Add EFI runtime services")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Link: https://lore.kernel.org/r/20220528014132.91052-1-heinrich.schuchardt@canonical.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/efi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/efi.c b/arch/riscv/kernel/efi.c
index 024159298231..1aa540350abd 100644
--- a/arch/riscv/kernel/efi.c
+++ b/arch/riscv/kernel/efi.c
@@ -65,7 +65,7 @@ static int __init set_permissions(pte_t *ptep, unsigned long addr, void *data)
if (md->attribute & EFI_MEMORY_RO) {
val = pte_val(pte) & ~_PAGE_WRITE;
- val = pte_val(pte) | _PAGE_READ;
+ val |= _PAGE_READ;
pte = __pte(val);
}
if (md->attribute & EFI_MEMORY_XP) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 109/339] net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 108/339] riscv: read-only pages should not be writable Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 110/339] tcp: add accessors to read/set tp->snd_cwnd Greg Kroah-Hartman
` (231 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guangguan Wang, David S. Miller, Sasha Levin
From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
[ Upstream commit e225c9a5a74b12e9ef8516f30a3db2c7eb866ee1 ]
"struct smc_cdc_tx_pend **" can not directly convert
to "struct smc_wr_tx_pend_priv *".
Fixes: 2bced6aefa3d ("net/smc: put slot when connection is killed")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/smc_cdc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/smc/smc_cdc.c b/net/smc/smc_cdc.c
index 5c731f27996e..53f63bfbaf5f 100644
--- a/net/smc/smc_cdc.c
+++ b/net/smc/smc_cdc.c
@@ -82,7 +82,7 @@ int smc_cdc_get_free_slot(struct smc_connection *conn,
/* abnormal termination */
if (!rc)
smc_wr_tx_put_slot(link,
- (struct smc_wr_tx_pend_priv *)pend);
+ (struct smc_wr_tx_pend_priv *)(*pend));
rc = -EPIPE;
}
return rc;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 110/339] tcp: add accessors to read/set tp->snd_cwnd
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 109/339] net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 111/339] nfp: only report pause frame configuration for physical device Greg Kroah-Hartman
` (230 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Yuchung Cheng,
Neal Cardwell, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 40570375356c874b1578e05c1dcc3ff7c1322dbe ]
We had various bugs over the years with code
breaking the assumption that tp->snd_cwnd is greater
than zero.
Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added
in commit 8b8a321ff72c ("tcp: fix zero cwnd in tcp_cwnd_reduction")
can trigger, and without a repro we would have to spend
considerable time finding the bug.
Instead of complaining too late, we want to catch where
and when tp->snd_cwnd is set to an illegal value.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Link: https://lore.kernel.org/r/20220405233538.947344-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/tcp.h | 19 +++++++++++++++----
include/trace/events/tcp.h | 2 +-
net/core/filter.c | 2 +-
net/ipv4/tcp.c | 8 ++++----
net/ipv4/tcp_bbr.c | 20 ++++++++++----------
net/ipv4/tcp_bic.c | 14 +++++++-------
net/ipv4/tcp_cdg.c | 30 +++++++++++++++---------------
net/ipv4/tcp_cong.c | 18 +++++++++---------
net/ipv4/tcp_cubic.c | 22 +++++++++++-----------
net/ipv4/tcp_dctcp.c | 11 ++++++-----
net/ipv4/tcp_highspeed.c | 18 +++++++++---------
net/ipv4/tcp_htcp.c | 10 +++++-----
net/ipv4/tcp_hybla.c | 18 +++++++++---------
net/ipv4/tcp_illinois.c | 12 +++++++-----
net/ipv4/tcp_input.c | 36 ++++++++++++++++++------------------
net/ipv4/tcp_ipv4.c | 2 +-
net/ipv4/tcp_lp.c | 6 +++---
net/ipv4/tcp_metrics.c | 12 ++++++------
net/ipv4/tcp_nv.c | 24 ++++++++++++------------
net/ipv4/tcp_output.c | 30 +++++++++++++++---------------
net/ipv4/tcp_rate.c | 2 +-
net/ipv4/tcp_scalable.c | 4 ++--
net/ipv4/tcp_vegas.c | 21 +++++++++++----------
net/ipv4/tcp_veno.c | 24 ++++++++++++------------
net/ipv4/tcp_westwood.c | 3 ++-
net/ipv4/tcp_yeah.c | 30 +++++++++++++++---------------
net/ipv6/tcp_ipv6.c | 2 +-
27 files changed, 208 insertions(+), 192 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index cc1295037533..2d9a78b3beaa 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1215,9 +1215,20 @@ static inline unsigned int tcp_packets_in_flight(const struct tcp_sock *tp)
#define TCP_INFINITE_SSTHRESH 0x7fffffff
+static inline u32 tcp_snd_cwnd(const struct tcp_sock *tp)
+{
+ return tp->snd_cwnd;
+}
+
+static inline void tcp_snd_cwnd_set(struct tcp_sock *tp, u32 val)
+{
+ WARN_ON_ONCE((int)val <= 0);
+ tp->snd_cwnd = val;
+}
+
static inline bool tcp_in_slow_start(const struct tcp_sock *tp)
{
- return tp->snd_cwnd < tp->snd_ssthresh;
+ return tcp_snd_cwnd(tp) < tp->snd_ssthresh;
}
static inline bool tcp_in_initial_slowstart(const struct tcp_sock *tp)
@@ -1243,8 +1254,8 @@ static inline __u32 tcp_current_ssthresh(const struct sock *sk)
return tp->snd_ssthresh;
else
return max(tp->snd_ssthresh,
- ((tp->snd_cwnd >> 1) +
- (tp->snd_cwnd >> 2)));
+ ((tcp_snd_cwnd(tp) >> 1) +
+ (tcp_snd_cwnd(tp) >> 2)));
}
/* Use define here intentionally to get WARN_ON location shown at the caller */
@@ -1286,7 +1297,7 @@ static inline bool tcp_is_cwnd_limited(const struct sock *sk)
/* If in slow start, ensure cwnd grows to twice what was ACKed. */
if (tcp_in_slow_start(tp))
- return tp->snd_cwnd < 2 * tp->max_packets_out;
+ return tcp_snd_cwnd(tp) < 2 * tp->max_packets_out;
return tp->is_cwnd_limited;
}
diff --git a/include/trace/events/tcp.h b/include/trace/events/tcp.h
index 521059d8dc0a..edcd6369de10 100644
--- a/include/trace/events/tcp.h
+++ b/include/trace/events/tcp.h
@@ -279,7 +279,7 @@ TRACE_EVENT(tcp_probe,
__entry->data_len = skb->len - __tcp_hdrlen(th);
__entry->snd_nxt = tp->snd_nxt;
__entry->snd_una = tp->snd_una;
- __entry->snd_cwnd = tp->snd_cwnd;
+ __entry->snd_cwnd = tcp_snd_cwnd(tp);
__entry->snd_wnd = tp->snd_wnd;
__entry->rcv_wnd = tp->rcv_wnd;
__entry->ssthresh = tcp_current_ssthresh(sk);
diff --git a/net/core/filter.c b/net/core/filter.c
index 966796b345e7..8847316ee20e 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5173,7 +5173,7 @@ static int _bpf_setsockopt(struct sock *sk, int level, int optname,
if (val <= 0 || tp->data_segs_out > tp->syn_data)
ret = -EINVAL;
else
- tp->snd_cwnd = val;
+ tcp_snd_cwnd_set(tp, val);
break;
case TCP_BPF_SNDCWND_CLAMP:
if (val <= 0) {
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index cf18fbcbf123..e31cf137c614 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -429,7 +429,7 @@ void tcp_init_sock(struct sock *sk)
* algorithms that we must have the following bandaid to talk
* efficiently to them. -DaveM
*/
- tp->snd_cwnd = TCP_INIT_CWND;
+ tcp_snd_cwnd_set(tp, TCP_INIT_CWND);
/* There's a bubble in the pipe until at least the first ACK. */
tp->app_limited = ~0U;
@@ -3033,7 +3033,7 @@ int tcp_disconnect(struct sock *sk, int flags)
icsk->icsk_rto_min = TCP_RTO_MIN;
icsk->icsk_delack_max = TCP_DELACK_MAX;
tp->snd_ssthresh = TCP_INFINITE_SSTHRESH;
- tp->snd_cwnd = TCP_INIT_CWND;
+ tcp_snd_cwnd_set(tp, TCP_INIT_CWND);
tp->snd_cwnd_cnt = 0;
tp->window_clamp = 0;
tp->delivered = 0;
@@ -3744,7 +3744,7 @@ void tcp_get_info(struct sock *sk, struct tcp_info *info)
info->tcpi_max_pacing_rate = rate64;
info->tcpi_reordering = tp->reordering;
- info->tcpi_snd_cwnd = tp->snd_cwnd;
+ info->tcpi_snd_cwnd = tcp_snd_cwnd(tp);
if (info->tcpi_state == TCP_LISTEN) {
/* listeners aliased fields :
@@ -3915,7 +3915,7 @@ struct sk_buff *tcp_get_timestamping_opt_stats(const struct sock *sk,
rate64 = tcp_compute_delivery_rate(tp);
nla_put_u64_64bit(stats, TCP_NLA_DELIVERY_RATE, rate64, TCP_NLA_PAD);
- nla_put_u32(stats, TCP_NLA_SND_CWND, tp->snd_cwnd);
+ nla_put_u32(stats, TCP_NLA_SND_CWND, tcp_snd_cwnd(tp));
nla_put_u32(stats, TCP_NLA_REORDERING, tp->reordering);
nla_put_u32(stats, TCP_NLA_MIN_RTT, tcp_min_rtt(tp));
diff --git a/net/ipv4/tcp_bbr.c b/net/ipv4/tcp_bbr.c
index 02e8626ccb27..c7d30a3bbd81 100644
--- a/net/ipv4/tcp_bbr.c
+++ b/net/ipv4/tcp_bbr.c
@@ -276,7 +276,7 @@ static void bbr_init_pacing_rate_from_rtt(struct sock *sk)
} else { /* no RTT sample yet */
rtt_us = USEC_PER_MSEC; /* use nominal default RTT */
}
- bw = (u64)tp->snd_cwnd * BW_UNIT;
+ bw = (u64)tcp_snd_cwnd(tp) * BW_UNIT;
do_div(bw, rtt_us);
sk->sk_pacing_rate = bbr_bw_to_pacing_rate(sk, bw, bbr_high_gain);
}
@@ -323,9 +323,9 @@ static void bbr_save_cwnd(struct sock *sk)
struct bbr *bbr = inet_csk_ca(sk);
if (bbr->prev_ca_state < TCP_CA_Recovery && bbr->mode != BBR_PROBE_RTT)
- bbr->prior_cwnd = tp->snd_cwnd; /* this cwnd is good enough */
+ bbr->prior_cwnd = tcp_snd_cwnd(tp); /* this cwnd is good enough */
else /* loss recovery or BBR_PROBE_RTT have temporarily cut cwnd */
- bbr->prior_cwnd = max(bbr->prior_cwnd, tp->snd_cwnd);
+ bbr->prior_cwnd = max(bbr->prior_cwnd, tcp_snd_cwnd(tp));
}
static void bbr_cwnd_event(struct sock *sk, enum tcp_ca_event event)
@@ -482,7 +482,7 @@ static bool bbr_set_cwnd_to_recover_or_restore(
struct tcp_sock *tp = tcp_sk(sk);
struct bbr *bbr = inet_csk_ca(sk);
u8 prev_state = bbr->prev_ca_state, state = inet_csk(sk)->icsk_ca_state;
- u32 cwnd = tp->snd_cwnd;
+ u32 cwnd = tcp_snd_cwnd(tp);
/* An ACK for P pkts should release at most 2*P packets. We do this
* in two steps. First, here we deduct the number of lost packets.
@@ -520,7 +520,7 @@ static void bbr_set_cwnd(struct sock *sk, const struct rate_sample *rs,
{
struct tcp_sock *tp = tcp_sk(sk);
struct bbr *bbr = inet_csk_ca(sk);
- u32 cwnd = tp->snd_cwnd, target_cwnd = 0;
+ u32 cwnd = tcp_snd_cwnd(tp), target_cwnd = 0;
if (!acked)
goto done; /* no packet fully ACKed; just apply caps */
@@ -544,9 +544,9 @@ static void bbr_set_cwnd(struct sock *sk, const struct rate_sample *rs,
cwnd = max(cwnd, bbr_cwnd_min_target);
done:
- tp->snd_cwnd = min(cwnd, tp->snd_cwnd_clamp); /* apply global cap */
+ tcp_snd_cwnd_set(tp, min(cwnd, tp->snd_cwnd_clamp)); /* apply global cap */
if (bbr->mode == BBR_PROBE_RTT) /* drain queue, refresh min_rtt */
- tp->snd_cwnd = min(tp->snd_cwnd, bbr_cwnd_min_target);
+ tcp_snd_cwnd_set(tp, min(tcp_snd_cwnd(tp), bbr_cwnd_min_target));
}
/* End cycle phase if it's time and/or we hit the phase's in-flight target. */
@@ -856,7 +856,7 @@ static void bbr_update_ack_aggregation(struct sock *sk,
bbr->ack_epoch_acked = min_t(u32, 0xFFFFF,
bbr->ack_epoch_acked + rs->acked_sacked);
extra_acked = bbr->ack_epoch_acked - expected_acked;
- extra_acked = min(extra_acked, tp->snd_cwnd);
+ extra_acked = min(extra_acked, tcp_snd_cwnd(tp));
if (extra_acked > bbr->extra_acked[bbr->extra_acked_win_idx])
bbr->extra_acked[bbr->extra_acked_win_idx] = extra_acked;
}
@@ -914,7 +914,7 @@ static void bbr_check_probe_rtt_done(struct sock *sk)
return;
bbr->min_rtt_stamp = tcp_jiffies32; /* wait a while until PROBE_RTT */
- tp->snd_cwnd = max(tp->snd_cwnd, bbr->prior_cwnd);
+ tcp_snd_cwnd_set(tp, max(tcp_snd_cwnd(tp), bbr->prior_cwnd));
bbr_reset_mode(sk);
}
@@ -1093,7 +1093,7 @@ static u32 bbr_undo_cwnd(struct sock *sk)
bbr->full_bw = 0; /* spurious slow-down; reset full pipe detection */
bbr->full_bw_cnt = 0;
bbr_reset_lt_bw_sampling(sk);
- return tcp_sk(sk)->snd_cwnd;
+ return tcp_snd_cwnd(tcp_sk(sk));
}
/* Entering loss recovery, so save cwnd for when we exit or undo recovery. */
diff --git a/net/ipv4/tcp_bic.c b/net/ipv4/tcp_bic.c
index f5f588b1f6e9..58358bf92e1b 100644
--- a/net/ipv4/tcp_bic.c
+++ b/net/ipv4/tcp_bic.c
@@ -150,7 +150,7 @@ static void bictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
if (!acked)
return;
}
- bictcp_update(ca, tp->snd_cwnd);
+ bictcp_update(ca, tcp_snd_cwnd(tp));
tcp_cong_avoid_ai(tp, ca->cnt, acked);
}
@@ -166,16 +166,16 @@ static u32 bictcp_recalc_ssthresh(struct sock *sk)
ca->epoch_start = 0; /* end of epoch */
/* Wmax and fast convergence */
- if (tp->snd_cwnd < ca->last_max_cwnd && fast_convergence)
- ca->last_max_cwnd = (tp->snd_cwnd * (BICTCP_BETA_SCALE + beta))
+ if (tcp_snd_cwnd(tp) < ca->last_max_cwnd && fast_convergence)
+ ca->last_max_cwnd = (tcp_snd_cwnd(tp) * (BICTCP_BETA_SCALE + beta))
/ (2 * BICTCP_BETA_SCALE);
else
- ca->last_max_cwnd = tp->snd_cwnd;
+ ca->last_max_cwnd = tcp_snd_cwnd(tp);
- if (tp->snd_cwnd <= low_window)
- return max(tp->snd_cwnd >> 1U, 2U);
+ if (tcp_snd_cwnd(tp) <= low_window)
+ return max(tcp_snd_cwnd(tp) >> 1U, 2U);
else
- return max((tp->snd_cwnd * beta) / BICTCP_BETA_SCALE, 2U);
+ return max((tcp_snd_cwnd(tp) * beta) / BICTCP_BETA_SCALE, 2U);
}
static void bictcp_state(struct sock *sk, u8 new_state)
diff --git a/net/ipv4/tcp_cdg.c b/net/ipv4/tcp_cdg.c
index 709d23801823..ddc7ba0554bd 100644
--- a/net/ipv4/tcp_cdg.c
+++ b/net/ipv4/tcp_cdg.c
@@ -161,8 +161,8 @@ static void tcp_cdg_hystart_update(struct sock *sk)
LINUX_MIB_TCPHYSTARTTRAINDETECT);
NET_ADD_STATS(sock_net(sk),
LINUX_MIB_TCPHYSTARTTRAINCWND,
- tp->snd_cwnd);
- tp->snd_ssthresh = tp->snd_cwnd;
+ tcp_snd_cwnd(tp));
+ tp->snd_ssthresh = tcp_snd_cwnd(tp);
return;
}
}
@@ -180,8 +180,8 @@ static void tcp_cdg_hystart_update(struct sock *sk)
LINUX_MIB_TCPHYSTARTDELAYDETECT);
NET_ADD_STATS(sock_net(sk),
LINUX_MIB_TCPHYSTARTDELAYCWND,
- tp->snd_cwnd);
- tp->snd_ssthresh = tp->snd_cwnd;
+ tcp_snd_cwnd(tp));
+ tp->snd_ssthresh = tcp_snd_cwnd(tp);
}
}
}
@@ -252,7 +252,7 @@ static bool tcp_cdg_backoff(struct sock *sk, u32 grad)
return false;
}
- ca->shadow_wnd = max(ca->shadow_wnd, tp->snd_cwnd);
+ ca->shadow_wnd = max(ca->shadow_wnd, tcp_snd_cwnd(tp));
ca->state = CDG_BACKOFF;
tcp_enter_cwr(sk);
return true;
@@ -285,14 +285,14 @@ static void tcp_cdg_cong_avoid(struct sock *sk, u32 ack, u32 acked)
}
if (!tcp_is_cwnd_limited(sk)) {
- ca->shadow_wnd = min(ca->shadow_wnd, tp->snd_cwnd);
+ ca->shadow_wnd = min(ca->shadow_wnd, tcp_snd_cwnd(tp));
return;
}
- prior_snd_cwnd = tp->snd_cwnd;
+ prior_snd_cwnd = tcp_snd_cwnd(tp);
tcp_reno_cong_avoid(sk, ack, acked);
- incr = tp->snd_cwnd - prior_snd_cwnd;
+ incr = tcp_snd_cwnd(tp) - prior_snd_cwnd;
ca->shadow_wnd = max(ca->shadow_wnd, ca->shadow_wnd + incr);
}
@@ -331,15 +331,15 @@ static u32 tcp_cdg_ssthresh(struct sock *sk)
struct tcp_sock *tp = tcp_sk(sk);
if (ca->state == CDG_BACKOFF)
- return max(2U, (tp->snd_cwnd * min(1024U, backoff_beta)) >> 10);
+ return max(2U, (tcp_snd_cwnd(tp) * min(1024U, backoff_beta)) >> 10);
if (ca->state == CDG_NONFULL && use_tolerance)
- return tp->snd_cwnd;
+ return tcp_snd_cwnd(tp);
- ca->shadow_wnd = min(ca->shadow_wnd >> 1, tp->snd_cwnd);
+ ca->shadow_wnd = min(ca->shadow_wnd >> 1, tcp_snd_cwnd(tp));
if (use_shadow)
- return max3(2U, ca->shadow_wnd, tp->snd_cwnd >> 1);
- return max(2U, tp->snd_cwnd >> 1);
+ return max3(2U, ca->shadow_wnd, tcp_snd_cwnd(tp) >> 1);
+ return max(2U, tcp_snd_cwnd(tp) >> 1);
}
static void tcp_cdg_cwnd_event(struct sock *sk, const enum tcp_ca_event ev)
@@ -357,7 +357,7 @@ static void tcp_cdg_cwnd_event(struct sock *sk, const enum tcp_ca_event ev)
ca->gradients = gradients;
ca->rtt_seq = tp->snd_nxt;
- ca->shadow_wnd = tp->snd_cwnd;
+ ca->shadow_wnd = tcp_snd_cwnd(tp);
break;
case CA_EVENT_COMPLETE_CWR:
ca->state = CDG_UNKNOWN;
@@ -380,7 +380,7 @@ static void tcp_cdg_init(struct sock *sk)
ca->gradients = kcalloc(window, sizeof(ca->gradients[0]),
GFP_NOWAIT | __GFP_NOWARN);
ca->rtt_seq = tp->snd_nxt;
- ca->shadow_wnd = tp->snd_cwnd;
+ ca->shadow_wnd = tcp_snd_cwnd(tp);
}
static void tcp_cdg_release(struct sock *sk)
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index dc95572163df..d854bcfb9906 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -393,10 +393,10 @@ int tcp_set_congestion_control(struct sock *sk, const char *name, bool load,
*/
u32 tcp_slow_start(struct tcp_sock *tp, u32 acked)
{
- u32 cwnd = min(tp->snd_cwnd + acked, tp->snd_ssthresh);
+ u32 cwnd = min(tcp_snd_cwnd(tp) + acked, tp->snd_ssthresh);
- acked -= cwnd - tp->snd_cwnd;
- tp->snd_cwnd = min(cwnd, tp->snd_cwnd_clamp);
+ acked -= cwnd - tcp_snd_cwnd(tp);
+ tcp_snd_cwnd_set(tp, min(cwnd, tp->snd_cwnd_clamp));
return acked;
}
@@ -410,7 +410,7 @@ void tcp_cong_avoid_ai(struct tcp_sock *tp, u32 w, u32 acked)
/* If credits accumulated at a higher w, apply them gently now. */
if (tp->snd_cwnd_cnt >= w) {
tp->snd_cwnd_cnt = 0;
- tp->snd_cwnd++;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
}
tp->snd_cwnd_cnt += acked;
@@ -418,9 +418,9 @@ void tcp_cong_avoid_ai(struct tcp_sock *tp, u32 w, u32 acked)
u32 delta = tp->snd_cwnd_cnt / w;
tp->snd_cwnd_cnt -= delta * w;
- tp->snd_cwnd += delta;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + delta);
}
- tp->snd_cwnd = min(tp->snd_cwnd, tp->snd_cwnd_clamp);
+ tcp_snd_cwnd_set(tp, min(tcp_snd_cwnd(tp), tp->snd_cwnd_clamp));
}
EXPORT_SYMBOL_GPL(tcp_cong_avoid_ai);
@@ -445,7 +445,7 @@ void tcp_reno_cong_avoid(struct sock *sk, u32 ack, u32 acked)
return;
}
/* In dangerous area, increase slowly. */
- tcp_cong_avoid_ai(tp, tp->snd_cwnd, acked);
+ tcp_cong_avoid_ai(tp, tcp_snd_cwnd(tp), acked);
}
EXPORT_SYMBOL_GPL(tcp_reno_cong_avoid);
@@ -454,7 +454,7 @@ u32 tcp_reno_ssthresh(struct sock *sk)
{
const struct tcp_sock *tp = tcp_sk(sk);
- return max(tp->snd_cwnd >> 1U, 2U);
+ return max(tcp_snd_cwnd(tp) >> 1U, 2U);
}
EXPORT_SYMBOL_GPL(tcp_reno_ssthresh);
@@ -462,7 +462,7 @@ u32 tcp_reno_undo_cwnd(struct sock *sk)
{
const struct tcp_sock *tp = tcp_sk(sk);
- return max(tp->snd_cwnd, tp->prior_cwnd);
+ return max(tcp_snd_cwnd(tp), tp->prior_cwnd);
}
EXPORT_SYMBOL_GPL(tcp_reno_undo_cwnd);
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index 24d562dd6225..b0918839bee7 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -334,7 +334,7 @@ static void cubictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
if (!acked)
return;
}
- bictcp_update(ca, tp->snd_cwnd, acked);
+ bictcp_update(ca, tcp_snd_cwnd(tp), acked);
tcp_cong_avoid_ai(tp, ca->cnt, acked);
}
@@ -346,13 +346,13 @@ static u32 cubictcp_recalc_ssthresh(struct sock *sk)
ca->epoch_start = 0; /* end of epoch */
/* Wmax and fast convergence */
- if (tp->snd_cwnd < ca->last_max_cwnd && fast_convergence)
- ca->last_max_cwnd = (tp->snd_cwnd * (BICTCP_BETA_SCALE + beta))
+ if (tcp_snd_cwnd(tp) < ca->last_max_cwnd && fast_convergence)
+ ca->last_max_cwnd = (tcp_snd_cwnd(tp) * (BICTCP_BETA_SCALE + beta))
/ (2 * BICTCP_BETA_SCALE);
else
- ca->last_max_cwnd = tp->snd_cwnd;
+ ca->last_max_cwnd = tcp_snd_cwnd(tp);
- return max((tp->snd_cwnd * beta) / BICTCP_BETA_SCALE, 2U);
+ return max((tcp_snd_cwnd(tp) * beta) / BICTCP_BETA_SCALE, 2U);
}
static void cubictcp_state(struct sock *sk, u8 new_state)
@@ -413,13 +413,13 @@ static void hystart_update(struct sock *sk, u32 delay)
ca->found = 1;
pr_debug("hystart_ack_train (%u > %u) delay_min %u (+ ack_delay %u) cwnd %u\n",
now - ca->round_start, threshold,
- ca->delay_min, hystart_ack_delay(sk), tp->snd_cwnd);
+ ca->delay_min, hystart_ack_delay(sk), tcp_snd_cwnd(tp));
NET_INC_STATS(sock_net(sk),
LINUX_MIB_TCPHYSTARTTRAINDETECT);
NET_ADD_STATS(sock_net(sk),
LINUX_MIB_TCPHYSTARTTRAINCWND,
- tp->snd_cwnd);
- tp->snd_ssthresh = tp->snd_cwnd;
+ tcp_snd_cwnd(tp));
+ tp->snd_ssthresh = tcp_snd_cwnd(tp);
}
}
}
@@ -438,8 +438,8 @@ static void hystart_update(struct sock *sk, u32 delay)
LINUX_MIB_TCPHYSTARTDELAYDETECT);
NET_ADD_STATS(sock_net(sk),
LINUX_MIB_TCPHYSTARTDELAYCWND,
- tp->snd_cwnd);
- tp->snd_ssthresh = tp->snd_cwnd;
+ tcp_snd_cwnd(tp));
+ tp->snd_ssthresh = tcp_snd_cwnd(tp);
}
}
}
@@ -469,7 +469,7 @@ static void cubictcp_acked(struct sock *sk, const struct ack_sample *sample)
/* hystart triggers when cwnd is larger than some threshold */
if (!ca->found && tcp_in_slow_start(tp) && hystart &&
- tp->snd_cwnd >= hystart_low_window)
+ tcp_snd_cwnd(tp) >= hystart_low_window)
hystart_update(sk, delay);
}
diff --git a/net/ipv4/tcp_dctcp.c b/net/ipv4/tcp_dctcp.c
index 1943a6630341..ab034a4e9324 100644
--- a/net/ipv4/tcp_dctcp.c
+++ b/net/ipv4/tcp_dctcp.c
@@ -106,8 +106,8 @@ static u32 dctcp_ssthresh(struct sock *sk)
struct dctcp *ca = inet_csk_ca(sk);
struct tcp_sock *tp = tcp_sk(sk);
- ca->loss_cwnd = tp->snd_cwnd;
- return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->dctcp_alpha) >> 11U), 2U);
+ ca->loss_cwnd = tcp_snd_cwnd(tp);
+ return max(tcp_snd_cwnd(tp) - ((tcp_snd_cwnd(tp) * ca->dctcp_alpha) >> 11U), 2U);
}
static void dctcp_update_alpha(struct sock *sk, u32 flags)
@@ -148,8 +148,8 @@ static void dctcp_react_to_loss(struct sock *sk)
struct dctcp *ca = inet_csk_ca(sk);
struct tcp_sock *tp = tcp_sk(sk);
- ca->loss_cwnd = tp->snd_cwnd;
- tp->snd_ssthresh = max(tp->snd_cwnd >> 1U, 2U);
+ ca->loss_cwnd = tcp_snd_cwnd(tp);
+ tp->snd_ssthresh = max(tcp_snd_cwnd(tp) >> 1U, 2U);
}
static void dctcp_state(struct sock *sk, u8 new_state)
@@ -211,8 +211,9 @@ static size_t dctcp_get_info(struct sock *sk, u32 ext, int *attr,
static u32 dctcp_cwnd_undo(struct sock *sk)
{
const struct dctcp *ca = inet_csk_ca(sk);
+ struct tcp_sock *tp = tcp_sk(sk);
- return max(tcp_sk(sk)->snd_cwnd, ca->loss_cwnd);
+ return max(tcp_snd_cwnd(tp), ca->loss_cwnd);
}
static struct tcp_congestion_ops dctcp __read_mostly = {
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c
index 349069d6cd0a..c6de5ce79ad3 100644
--- a/net/ipv4/tcp_highspeed.c
+++ b/net/ipv4/tcp_highspeed.c
@@ -127,22 +127,22 @@ static void hstcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
* snd_cwnd <=
* hstcp_aimd_vals[ca->ai].cwnd
*/
- if (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd) {
- while (tp->snd_cwnd > hstcp_aimd_vals[ca->ai].cwnd &&
+ if (tcp_snd_cwnd(tp) > hstcp_aimd_vals[ca->ai].cwnd) {
+ while (tcp_snd_cwnd(tp) > hstcp_aimd_vals[ca->ai].cwnd &&
ca->ai < HSTCP_AIMD_MAX - 1)
ca->ai++;
- } else if (ca->ai && tp->snd_cwnd <= hstcp_aimd_vals[ca->ai-1].cwnd) {
- while (ca->ai && tp->snd_cwnd <= hstcp_aimd_vals[ca->ai-1].cwnd)
+ } else if (ca->ai && tcp_snd_cwnd(tp) <= hstcp_aimd_vals[ca->ai-1].cwnd) {
+ while (ca->ai && tcp_snd_cwnd(tp) <= hstcp_aimd_vals[ca->ai-1].cwnd)
ca->ai--;
}
/* Do additive increase */
- if (tp->snd_cwnd < tp->snd_cwnd_clamp) {
+ if (tcp_snd_cwnd(tp) < tp->snd_cwnd_clamp) {
/* cwnd = cwnd + a(w) / cwnd */
tp->snd_cwnd_cnt += ca->ai + 1;
- if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
- tp->snd_cwnd_cnt -= tp->snd_cwnd;
- tp->snd_cwnd++;
+ if (tp->snd_cwnd_cnt >= tcp_snd_cwnd(tp)) {
+ tp->snd_cwnd_cnt -= tcp_snd_cwnd(tp);
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
}
}
}
@@ -154,7 +154,7 @@ static u32 hstcp_ssthresh(struct sock *sk)
struct hstcp *ca = inet_csk_ca(sk);
/* Do multiplicative decrease */
- return max(tp->snd_cwnd - ((tp->snd_cwnd * hstcp_aimd_vals[ca->ai].md) >> 8), 2U);
+ return max(tcp_snd_cwnd(tp) - ((tcp_snd_cwnd(tp) * hstcp_aimd_vals[ca->ai].md) >> 8), 2U);
}
static struct tcp_congestion_ops tcp_highspeed __read_mostly = {
diff --git a/net/ipv4/tcp_htcp.c b/net/ipv4/tcp_htcp.c
index 55adcfcf96fe..52b1f2665dfa 100644
--- a/net/ipv4/tcp_htcp.c
+++ b/net/ipv4/tcp_htcp.c
@@ -124,7 +124,7 @@ static void measure_achieved_throughput(struct sock *sk,
ca->packetcount += sample->pkts_acked;
- if (ca->packetcount >= tp->snd_cwnd - (ca->alpha >> 7 ? : 1) &&
+ if (ca->packetcount >= tcp_snd_cwnd(tp) - (ca->alpha >> 7 ? : 1) &&
now - ca->lasttime >= ca->minRTT &&
ca->minRTT > 0) {
__u32 cur_Bi = ca->packetcount * HZ / (now - ca->lasttime);
@@ -225,7 +225,7 @@ static u32 htcp_recalc_ssthresh(struct sock *sk)
const struct htcp *ca = inet_csk_ca(sk);
htcp_param_update(sk);
- return max((tp->snd_cwnd * ca->beta) >> 7, 2U);
+ return max((tcp_snd_cwnd(tp) * ca->beta) >> 7, 2U);
}
static void htcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
@@ -242,9 +242,9 @@ static void htcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
/* In dangerous area, increase slowly.
* In theory this is tp->snd_cwnd += alpha / tp->snd_cwnd
*/
- if ((tp->snd_cwnd_cnt * ca->alpha)>>7 >= tp->snd_cwnd) {
- if (tp->snd_cwnd < tp->snd_cwnd_clamp)
- tp->snd_cwnd++;
+ if ((tp->snd_cwnd_cnt * ca->alpha)>>7 >= tcp_snd_cwnd(tp)) {
+ if (tcp_snd_cwnd(tp) < tp->snd_cwnd_clamp)
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
tp->snd_cwnd_cnt = 0;
htcp_alpha_update(ca);
} else
diff --git a/net/ipv4/tcp_hybla.c b/net/ipv4/tcp_hybla.c
index be39327e04e6..abd7d91807e5 100644
--- a/net/ipv4/tcp_hybla.c
+++ b/net/ipv4/tcp_hybla.c
@@ -54,7 +54,7 @@ static void hybla_init(struct sock *sk)
ca->rho2_7ls = 0;
ca->snd_cwnd_cents = 0;
ca->hybla_en = true;
- tp->snd_cwnd = 2;
+ tcp_snd_cwnd_set(tp, 2);
tp->snd_cwnd_clamp = 65535;
/* 1st Rho measurement based on initial srtt */
@@ -62,7 +62,7 @@ static void hybla_init(struct sock *sk)
/* set minimum rtt as this is the 1st ever seen */
ca->minrtt_us = tp->srtt_us;
- tp->snd_cwnd = ca->rho;
+ tcp_snd_cwnd_set(tp, ca->rho);
}
static void hybla_state(struct sock *sk, u8 ca_state)
@@ -137,31 +137,31 @@ static void hybla_cong_avoid(struct sock *sk, u32 ack, u32 acked)
* as long as increment is estimated as (rho<<7)/window
* it already is <<7 and we can easily count its fractions.
*/
- increment = ca->rho2_7ls / tp->snd_cwnd;
+ increment = ca->rho2_7ls / tcp_snd_cwnd(tp);
if (increment < 128)
tp->snd_cwnd_cnt++;
}
odd = increment % 128;
- tp->snd_cwnd += increment >> 7;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + (increment >> 7));
ca->snd_cwnd_cents += odd;
/* check when fractions goes >=128 and increase cwnd by 1. */
while (ca->snd_cwnd_cents >= 128) {
- tp->snd_cwnd++;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
ca->snd_cwnd_cents -= 128;
tp->snd_cwnd_cnt = 0;
}
/* check when cwnd has not been incremented for a while */
- if (increment == 0 && odd == 0 && tp->snd_cwnd_cnt >= tp->snd_cwnd) {
- tp->snd_cwnd++;
+ if (increment == 0 && odd == 0 && tp->snd_cwnd_cnt >= tcp_snd_cwnd(tp)) {
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
tp->snd_cwnd_cnt = 0;
}
/* clamp down slowstart cwnd to ssthresh value. */
if (is_slowstart)
- tp->snd_cwnd = min(tp->snd_cwnd, tp->snd_ssthresh);
+ tcp_snd_cwnd_set(tp, min(tcp_snd_cwnd(tp), tp->snd_ssthresh));
- tp->snd_cwnd = min_t(u32, tp->snd_cwnd, tp->snd_cwnd_clamp);
+ tcp_snd_cwnd_set(tp, min(tcp_snd_cwnd(tp), tp->snd_cwnd_clamp));
}
static struct tcp_congestion_ops tcp_hybla __read_mostly = {
diff --git a/net/ipv4/tcp_illinois.c b/net/ipv4/tcp_illinois.c
index 00e54873213e..c0c81a2c77fa 100644
--- a/net/ipv4/tcp_illinois.c
+++ b/net/ipv4/tcp_illinois.c
@@ -224,7 +224,7 @@ static void update_params(struct sock *sk)
struct tcp_sock *tp = tcp_sk(sk);
struct illinois *ca = inet_csk_ca(sk);
- if (tp->snd_cwnd < win_thresh) {
+ if (tcp_snd_cwnd(tp) < win_thresh) {
ca->alpha = ALPHA_BASE;
ca->beta = BETA_BASE;
} else if (ca->cnt_rtt > 0) {
@@ -284,9 +284,9 @@ static void tcp_illinois_cong_avoid(struct sock *sk, u32 ack, u32 acked)
* tp->snd_cwnd += alpha/tp->snd_cwnd
*/
delta = (tp->snd_cwnd_cnt * ca->alpha) >> ALPHA_SHIFT;
- if (delta >= tp->snd_cwnd) {
- tp->snd_cwnd = min(tp->snd_cwnd + delta / tp->snd_cwnd,
- (u32)tp->snd_cwnd_clamp);
+ if (delta >= tcp_snd_cwnd(tp)) {
+ tcp_snd_cwnd_set(tp, min(tcp_snd_cwnd(tp) + delta / tcp_snd_cwnd(tp),
+ (u32)tp->snd_cwnd_clamp));
tp->snd_cwnd_cnt = 0;
}
}
@@ -296,9 +296,11 @@ static u32 tcp_illinois_ssthresh(struct sock *sk)
{
struct tcp_sock *tp = tcp_sk(sk);
struct illinois *ca = inet_csk_ca(sk);
+ u32 decr;
/* Multiplicative decrease */
- return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U);
+ decr = (tcp_snd_cwnd(tp) * ca->beta) >> BETA_SHIFT;
+ return max(tcp_snd_cwnd(tp) - decr, 2U);
}
/* Extract info for Tcp socket info provided via netlink. */
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 1f3ce7aea716..59593fba9e35 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -414,7 +414,7 @@ static void tcp_sndbuf_expand(struct sock *sk)
per_mss = roundup_pow_of_two(per_mss) +
SKB_DATA_ALIGN(sizeof(struct sk_buff));
- nr_segs = max_t(u32, TCP_INIT_CWND, tp->snd_cwnd);
+ nr_segs = max_t(u32, TCP_INIT_CWND, tcp_snd_cwnd(tp));
nr_segs = max_t(u32, nr_segs, tp->reordering + 1);
/* Fast Recovery (RFC 5681 3.2) :
@@ -909,12 +909,12 @@ static void tcp_update_pacing_rate(struct sock *sk)
* If snd_cwnd >= (tp->snd_ssthresh / 2), we are approaching
* end of slow start and should slow down.
*/
- if (tp->snd_cwnd < tp->snd_ssthresh / 2)
+ if (tcp_snd_cwnd(tp) < tp->snd_ssthresh / 2)
rate *= sock_net(sk)->ipv4.sysctl_tcp_pacing_ss_ratio;
else
rate *= sock_net(sk)->ipv4.sysctl_tcp_pacing_ca_ratio;
- rate *= max(tp->snd_cwnd, tp->packets_out);
+ rate *= max(tcp_snd_cwnd(tp), tp->packets_out);
if (likely(tp->srtt_us))
do_div(rate, tp->srtt_us);
@@ -2147,12 +2147,12 @@ void tcp_enter_loss(struct sock *sk)
!after(tp->high_seq, tp->snd_una) ||
(icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) {
tp->prior_ssthresh = tcp_current_ssthresh(sk);
- tp->prior_cwnd = tp->snd_cwnd;
+ tp->prior_cwnd = tcp_snd_cwnd(tp);
tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk);
tcp_ca_event(sk, CA_EVENT_LOSS);
tcp_init_undo(tp);
}
- tp->snd_cwnd = tcp_packets_in_flight(tp) + 1;
+ tcp_snd_cwnd_set(tp, tcp_packets_in_flight(tp) + 1);
tp->snd_cwnd_cnt = 0;
tp->snd_cwnd_stamp = tcp_jiffies32;
@@ -2458,7 +2458,7 @@ static void DBGUNDO(struct sock *sk, const char *msg)
pr_debug("Undo %s %pI4/%u c%u l%u ss%u/%u p%u\n",
msg,
&inet->inet_daddr, ntohs(inet->inet_dport),
- tp->snd_cwnd, tcp_left_out(tp),
+ tcp_snd_cwnd(tp), tcp_left_out(tp),
tp->snd_ssthresh, tp->prior_ssthresh,
tp->packets_out);
}
@@ -2467,7 +2467,7 @@ static void DBGUNDO(struct sock *sk, const char *msg)
pr_debug("Undo %s %pI6/%u c%u l%u ss%u/%u p%u\n",
msg,
&sk->sk_v6_daddr, ntohs(inet->inet_dport),
- tp->snd_cwnd, tcp_left_out(tp),
+ tcp_snd_cwnd(tp), tcp_left_out(tp),
tp->snd_ssthresh, tp->prior_ssthresh,
tp->packets_out);
}
@@ -2492,7 +2492,7 @@ static void tcp_undo_cwnd_reduction(struct sock *sk, bool unmark_loss)
if (tp->prior_ssthresh) {
const struct inet_connection_sock *icsk = inet_csk(sk);
- tp->snd_cwnd = icsk->icsk_ca_ops->undo_cwnd(sk);
+ tcp_snd_cwnd_set(tp, icsk->icsk_ca_ops->undo_cwnd(sk));
if (tp->prior_ssthresh > tp->snd_ssthresh) {
tp->snd_ssthresh = tp->prior_ssthresh;
@@ -2599,7 +2599,7 @@ static void tcp_init_cwnd_reduction(struct sock *sk)
tp->high_seq = tp->snd_nxt;
tp->tlp_high_seq = 0;
tp->snd_cwnd_cnt = 0;
- tp->prior_cwnd = tp->snd_cwnd;
+ tp->prior_cwnd = tcp_snd_cwnd(tp);
tp->prr_delivered = 0;
tp->prr_out = 0;
tp->snd_ssthresh = inet_csk(sk)->icsk_ca_ops->ssthresh(sk);
@@ -2629,7 +2629,7 @@ void tcp_cwnd_reduction(struct sock *sk, int newly_acked_sacked, int newly_lost,
}
/* Force a fast retransmit upon entering fast recovery */
sndcnt = max(sndcnt, (tp->prr_out ? 0 : 1));
- tp->snd_cwnd = tcp_packets_in_flight(tp) + sndcnt;
+ tcp_snd_cwnd_set(tp, tcp_packets_in_flight(tp) + sndcnt);
}
static inline void tcp_end_cwnd_reduction(struct sock *sk)
@@ -2642,7 +2642,7 @@ static inline void tcp_end_cwnd_reduction(struct sock *sk)
/* Reset cwnd to ssthresh in CWR or Recovery (unless it's undone) */
if (tp->snd_ssthresh < TCP_INFINITE_SSTHRESH &&
(inet_csk(sk)->icsk_ca_state == TCP_CA_CWR || tp->undo_marker)) {
- tp->snd_cwnd = tp->snd_ssthresh;
+ tcp_snd_cwnd_set(tp, tp->snd_ssthresh);
tp->snd_cwnd_stamp = tcp_jiffies32;
}
tcp_ca_event(sk, CA_EVENT_COMPLETE_CWR);
@@ -2709,9 +2709,9 @@ static void tcp_mtup_probe_success(struct sock *sk)
/* FIXME: breaks with very large cwnd */
tp->prior_ssthresh = tcp_current_ssthresh(sk);
- tp->snd_cwnd = tp->snd_cwnd *
- tcp_mss_to_mtu(sk, tp->mss_cache) /
- icsk->icsk_mtup.probe_size;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) *
+ tcp_mss_to_mtu(sk, tp->mss_cache) /
+ icsk->icsk_mtup.probe_size);
tp->snd_cwnd_cnt = 0;
tp->snd_cwnd_stamp = tcp_jiffies32;
tp->snd_ssthresh = tcp_current_ssthresh(sk);
@@ -3034,7 +3034,7 @@ static void tcp_fastretrans_alert(struct sock *sk, const u32 prior_snd_una,
tp->snd_una == tp->mtu_probe.probe_seq_start) {
tcp_mtup_probe_failed(sk);
/* Restores the reduction we did in tcp_mtup_probe() */
- tp->snd_cwnd++;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
tcp_simple_retransmit(sk);
return;
}
@@ -5437,7 +5437,7 @@ static bool tcp_should_expand_sndbuf(struct sock *sk)
return false;
/* If we filled the congestion window, do not expand. */
- if (tcp_packets_in_flight(tp) >= tp->snd_cwnd)
+ if (tcp_packets_in_flight(tp) >= tcp_snd_cwnd(tp))
return false;
return true;
@@ -6013,9 +6013,9 @@ void tcp_init_transfer(struct sock *sk, int bpf_op, struct sk_buff *skb)
* retransmission has occurred.
*/
if (tp->total_retrans > 1 && tp->undo_marker)
- tp->snd_cwnd = 1;
+ tcp_snd_cwnd_set(tp, 1);
else
- tp->snd_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk));
+ tcp_snd_cwnd_set(tp, tcp_init_cwnd(tp, __sk_dst_get(sk)));
tp->snd_cwnd_stamp = tcp_jiffies32;
bpf_skops_established(sk, bpf_op, skb);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 457f5b5d5d4a..30a74e4eeab4 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2621,7 +2621,7 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i)
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sk),
- tp->snd_cwnd,
+ tcp_snd_cwnd(tp),
state == TCP_LISTEN ?
fastopenq->max_qlen :
(tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh));
diff --git a/net/ipv4/tcp_lp.c b/net/ipv4/tcp_lp.c
index 82b36ec3f2f8..ae36780977d2 100644
--- a/net/ipv4/tcp_lp.c
+++ b/net/ipv4/tcp_lp.c
@@ -297,7 +297,7 @@ static void tcp_lp_pkts_acked(struct sock *sk, const struct ack_sample *sample)
lp->flag &= ~LP_WITHIN_THR;
pr_debug("TCP-LP: %05o|%5u|%5u|%15u|%15u|%15u\n", lp->flag,
- tp->snd_cwnd, lp->remote_hz, lp->owd_min, lp->owd_max,
+ tcp_snd_cwnd(tp), lp->remote_hz, lp->owd_min, lp->owd_max,
lp->sowd >> 3);
if (lp->flag & LP_WITHIN_THR)
@@ -313,12 +313,12 @@ static void tcp_lp_pkts_acked(struct sock *sk, const struct ack_sample *sample)
/* happened within inference
* drop snd_cwnd into 1 */
if (lp->flag & LP_WITHIN_INF)
- tp->snd_cwnd = 1U;
+ tcp_snd_cwnd_set(tp, 1U);
/* happened after inference
* cut snd_cwnd into half */
else
- tp->snd_cwnd = max(tp->snd_cwnd >> 1U, 1U);
+ tcp_snd_cwnd_set(tp, max(tcp_snd_cwnd(tp) >> 1U, 1U));
/* record this drop time */
lp->last_drop = now;
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 0588b004ddac..7029b0e98edb 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -388,15 +388,15 @@ void tcp_update_metrics(struct sock *sk)
if (!net->ipv4.sysctl_tcp_no_ssthresh_metrics_save &&
!tcp_metric_locked(tm, TCP_METRIC_SSTHRESH)) {
val = tcp_metric_get(tm, TCP_METRIC_SSTHRESH);
- if (val && (tp->snd_cwnd >> 1) > val)
+ if (val && (tcp_snd_cwnd(tp) >> 1) > val)
tcp_metric_set(tm, TCP_METRIC_SSTHRESH,
- tp->snd_cwnd >> 1);
+ tcp_snd_cwnd(tp) >> 1);
}
if (!tcp_metric_locked(tm, TCP_METRIC_CWND)) {
val = tcp_metric_get(tm, TCP_METRIC_CWND);
- if (tp->snd_cwnd > val)
+ if (tcp_snd_cwnd(tp) > val)
tcp_metric_set(tm, TCP_METRIC_CWND,
- tp->snd_cwnd);
+ tcp_snd_cwnd(tp));
}
} else if (!tcp_in_slow_start(tp) &&
icsk->icsk_ca_state == TCP_CA_Open) {
@@ -404,10 +404,10 @@ void tcp_update_metrics(struct sock *sk)
if (!net->ipv4.sysctl_tcp_no_ssthresh_metrics_save &&
!tcp_metric_locked(tm, TCP_METRIC_SSTHRESH))
tcp_metric_set(tm, TCP_METRIC_SSTHRESH,
- max(tp->snd_cwnd >> 1, tp->snd_ssthresh));
+ max(tcp_snd_cwnd(tp) >> 1, tp->snd_ssthresh));
if (!tcp_metric_locked(tm, TCP_METRIC_CWND)) {
val = tcp_metric_get(tm, TCP_METRIC_CWND);
- tcp_metric_set(tm, TCP_METRIC_CWND, (val + tp->snd_cwnd) >> 1);
+ tcp_metric_set(tm, TCP_METRIC_CWND, (val + tcp_snd_cwnd(tp)) >> 1);
}
} else {
/* Else slow start did not finish, cwnd is non-sense,
diff --git a/net/ipv4/tcp_nv.c b/net/ipv4/tcp_nv.c
index ab552356bdba..a60662f4bdf9 100644
--- a/net/ipv4/tcp_nv.c
+++ b/net/ipv4/tcp_nv.c
@@ -197,10 +197,10 @@ static void tcpnv_cong_avoid(struct sock *sk, u32 ack, u32 acked)
}
if (ca->cwnd_growth_factor < 0) {
- cnt = tp->snd_cwnd << -ca->cwnd_growth_factor;
+ cnt = tcp_snd_cwnd(tp) << -ca->cwnd_growth_factor;
tcp_cong_avoid_ai(tp, cnt, acked);
} else {
- cnt = max(4U, tp->snd_cwnd >> ca->cwnd_growth_factor);
+ cnt = max(4U, tcp_snd_cwnd(tp) >> ca->cwnd_growth_factor);
tcp_cong_avoid_ai(tp, cnt, acked);
}
}
@@ -209,7 +209,7 @@ static u32 tcpnv_recalc_ssthresh(struct sock *sk)
{
const struct tcp_sock *tp = tcp_sk(sk);
- return max((tp->snd_cwnd * nv_loss_dec_factor) >> 10, 2U);
+ return max((tcp_snd_cwnd(tp) * nv_loss_dec_factor) >> 10, 2U);
}
static void tcpnv_state(struct sock *sk, u8 new_state)
@@ -257,7 +257,7 @@ static void tcpnv_acked(struct sock *sk, const struct ack_sample *sample)
return;
/* Stop cwnd growth if we were in catch up mode */
- if (ca->nv_catchup && tp->snd_cwnd >= nv_min_cwnd) {
+ if (ca->nv_catchup && tcp_snd_cwnd(tp) >= nv_min_cwnd) {
ca->nv_catchup = 0;
ca->nv_allow_cwnd_growth = 0;
}
@@ -371,7 +371,7 @@ static void tcpnv_acked(struct sock *sk, const struct ack_sample *sample)
* if cwnd < max_win, grow cwnd
* else leave the same
*/
- if (tp->snd_cwnd > max_win) {
+ if (tcp_snd_cwnd(tp) > max_win) {
/* there is congestion, check that it is ok
* to make a CA decision
* 1. We should have at least nv_dec_eval_min_calls
@@ -398,20 +398,20 @@ static void tcpnv_acked(struct sock *sk, const struct ack_sample *sample)
ca->nv_allow_cwnd_growth = 0;
tp->snd_ssthresh =
(nv_ssthresh_factor * max_win) >> 3;
- if (tp->snd_cwnd - max_win > 2) {
+ if (tcp_snd_cwnd(tp) - max_win > 2) {
/* gap > 2, we do exponential cwnd decrease */
int dec;
- dec = max(2U, ((tp->snd_cwnd - max_win) *
+ dec = max(2U, ((tcp_snd_cwnd(tp) - max_win) *
nv_cong_dec_mult) >> 7);
- tp->snd_cwnd -= dec;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) - dec);
} else if (nv_cong_dec_mult > 0) {
- tp->snd_cwnd = max_win;
+ tcp_snd_cwnd_set(tp, max_win);
}
if (ca->cwnd_growth_factor > 0)
ca->cwnd_growth_factor = 0;
ca->nv_no_cong_cnt = 0;
- } else if (tp->snd_cwnd <= max_win - nv_pad_buffer) {
+ } else if (tcp_snd_cwnd(tp) <= max_win - nv_pad_buffer) {
/* There is no congestion, grow cwnd if allowed*/
if (ca->nv_eval_call_cnt < nv_inc_eval_min_calls)
return;
@@ -444,8 +444,8 @@ static void tcpnv_acked(struct sock *sk, const struct ack_sample *sample)
* (it wasn't before, if it is now is because nv
* decreased it).
*/
- if (tp->snd_cwnd < nv_min_cwnd)
- tp->snd_cwnd = nv_min_cwnd;
+ if (tcp_snd_cwnd(tp) < nv_min_cwnd)
+ tcp_snd_cwnd_set(tp, nv_min_cwnd);
}
}
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 1ca2f28c9981..5f91a9536e00 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -143,7 +143,7 @@ void tcp_cwnd_restart(struct sock *sk, s32 delta)
{
struct tcp_sock *tp = tcp_sk(sk);
u32 restart_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk));
- u32 cwnd = tp->snd_cwnd;
+ u32 cwnd = tcp_snd_cwnd(tp);
tcp_ca_event(sk, CA_EVENT_CWND_RESTART);
@@ -152,7 +152,7 @@ void tcp_cwnd_restart(struct sock *sk, s32 delta)
while ((delta -= inet_csk(sk)->icsk_rto) > 0 && cwnd > restart_cwnd)
cwnd >>= 1;
- tp->snd_cwnd = max(cwnd, restart_cwnd);
+ tcp_snd_cwnd_set(tp, max(cwnd, restart_cwnd));
tp->snd_cwnd_stamp = tcp_jiffies32;
tp->snd_cwnd_used = 0;
}
@@ -1014,7 +1014,7 @@ static void tcp_tsq_write(struct sock *sk)
struct tcp_sock *tp = tcp_sk(sk);
if (tp->lost_out > tp->retrans_out &&
- tp->snd_cwnd > tcp_packets_in_flight(tp)) {
+ tcp_snd_cwnd(tp) > tcp_packets_in_flight(tp)) {
tcp_mstamp_refresh(tp);
tcp_xmit_retransmit_queue(sk);
}
@@ -1861,9 +1861,9 @@ static void tcp_cwnd_application_limited(struct sock *sk)
/* Limited by application or receiver window. */
u32 init_win = tcp_init_cwnd(tp, __sk_dst_get(sk));
u32 win_used = max(tp->snd_cwnd_used, init_win);
- if (win_used < tp->snd_cwnd) {
+ if (win_used < tcp_snd_cwnd(tp)) {
tp->snd_ssthresh = tcp_current_ssthresh(sk);
- tp->snd_cwnd = (tp->snd_cwnd + win_used) >> 1;
+ tcp_snd_cwnd_set(tp, (tcp_snd_cwnd(tp) + win_used) >> 1);
}
tp->snd_cwnd_used = 0;
}
@@ -2044,7 +2044,7 @@ static inline unsigned int tcp_cwnd_test(const struct tcp_sock *tp,
return 1;
in_flight = tcp_packets_in_flight(tp);
- cwnd = tp->snd_cwnd;
+ cwnd = tcp_snd_cwnd(tp);
if (in_flight >= cwnd)
return 0;
@@ -2197,12 +2197,12 @@ static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb,
in_flight = tcp_packets_in_flight(tp);
BUG_ON(tcp_skb_pcount(skb) <= 1);
- BUG_ON(tp->snd_cwnd <= in_flight);
+ BUG_ON(tcp_snd_cwnd(tp) <= in_flight);
send_win = tcp_wnd_end(tp) - TCP_SKB_CB(skb)->seq;
/* From in_flight test above, we know that cwnd > in_flight. */
- cong_win = (tp->snd_cwnd - in_flight) * tp->mss_cache;
+ cong_win = (tcp_snd_cwnd(tp) - in_flight) * tp->mss_cache;
limit = min(send_win, cong_win);
@@ -2216,7 +2216,7 @@ static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb,
win_divisor = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_tso_win_divisor);
if (win_divisor) {
- u32 chunk = min(tp->snd_wnd, tp->snd_cwnd * tp->mss_cache);
+ u32 chunk = min(tp->snd_wnd, tcp_snd_cwnd(tp) * tp->mss_cache);
/* If at least some fraction of a window is available,
* just use it.
@@ -2346,7 +2346,7 @@ static int tcp_mtu_probe(struct sock *sk)
if (likely(!icsk->icsk_mtup.enabled ||
icsk->icsk_mtup.probe_size ||
inet_csk(sk)->icsk_ca_state != TCP_CA_Open ||
- tp->snd_cwnd < 11 ||
+ tcp_snd_cwnd(tp) < 11 ||
tp->rx_opt.num_sacks || tp->rx_opt.dsack))
return -1;
@@ -2382,7 +2382,7 @@ static int tcp_mtu_probe(struct sock *sk)
return 0;
/* Do we need to wait to drain cwnd? With none in flight, don't stall */
- if (tcp_packets_in_flight(tp) + 2 > tp->snd_cwnd) {
+ if (tcp_packets_in_flight(tp) + 2 > tcp_snd_cwnd(tp)) {
if (!tcp_packets_in_flight(tp))
return -1;
else
@@ -2451,7 +2451,7 @@ static int tcp_mtu_probe(struct sock *sk)
if (!tcp_transmit_skb(sk, nskb, 1, GFP_ATOMIC)) {
/* Decrement cwnd here because we are sending
* effectively two packets. */
- tp->snd_cwnd--;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) - 1);
tcp_event_new_data_sent(sk, nskb);
icsk->icsk_mtup.probe_size = tcp_mss_to_mtu(sk, nskb->len);
@@ -2709,7 +2709,7 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
else
tcp_chrono_stop(sk, TCP_CHRONO_RWND_LIMITED);
- is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tp->snd_cwnd);
+ is_cwnd_limited |= (tcp_packets_in_flight(tp) >= tcp_snd_cwnd(tp));
if (likely(sent_pkts || is_cwnd_limited))
tcp_cwnd_validate(sk, is_cwnd_limited);
@@ -2819,7 +2819,7 @@ void tcp_send_loss_probe(struct sock *sk)
if (unlikely(!skb)) {
WARN_ONCE(tp->packets_out,
"invalid inflight: %u state %u cwnd %u mss %d\n",
- tp->packets_out, sk->sk_state, tp->snd_cwnd, mss);
+ tp->packets_out, sk->sk_state, tcp_snd_cwnd(tp), mss);
inet_csk(sk)->icsk_pending = 0;
return;
}
@@ -3303,7 +3303,7 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
if (!hole)
tp->retransmit_skb_hint = skb;
- segs = tp->snd_cwnd - tcp_packets_in_flight(tp);
+ segs = tcp_snd_cwnd(tp) - tcp_packets_in_flight(tp);
if (segs <= 0)
break;
sacked = TCP_SKB_CB(skb)->sacked;
diff --git a/net/ipv4/tcp_rate.c b/net/ipv4/tcp_rate.c
index 9a8e014d9b5b..a8f6d9d06f2e 100644
--- a/net/ipv4/tcp_rate.c
+++ b/net/ipv4/tcp_rate.c
@@ -200,7 +200,7 @@ void tcp_rate_check_app_limited(struct sock *sk)
/* Nothing in sending host's qdisc queues or NIC tx queue. */
sk_wmem_alloc_get(sk) < SKB_TRUESIZE(1) &&
/* We are not limited by CWND. */
- tcp_packets_in_flight(tp) < tp->snd_cwnd &&
+ tcp_packets_in_flight(tp) < tcp_snd_cwnd(tp) &&
/* All lost packets have been retransmitted. */
tp->lost_out <= tp->retrans_out)
tp->app_limited =
diff --git a/net/ipv4/tcp_scalable.c b/net/ipv4/tcp_scalable.c
index 5842081bc8a2..862b96248a92 100644
--- a/net/ipv4/tcp_scalable.c
+++ b/net/ipv4/tcp_scalable.c
@@ -27,7 +27,7 @@ static void tcp_scalable_cong_avoid(struct sock *sk, u32 ack, u32 acked)
if (!acked)
return;
}
- tcp_cong_avoid_ai(tp, min(tp->snd_cwnd, TCP_SCALABLE_AI_CNT),
+ tcp_cong_avoid_ai(tp, min(tcp_snd_cwnd(tp), TCP_SCALABLE_AI_CNT),
acked);
}
@@ -35,7 +35,7 @@ static u32 tcp_scalable_ssthresh(struct sock *sk)
{
const struct tcp_sock *tp = tcp_sk(sk);
- return max(tp->snd_cwnd - (tp->snd_cwnd>>TCP_SCALABLE_MD_SCALE), 2U);
+ return max(tcp_snd_cwnd(tp) - (tcp_snd_cwnd(tp)>>TCP_SCALABLE_MD_SCALE), 2U);
}
static struct tcp_congestion_ops tcp_scalable __read_mostly = {
diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c
index c8003c8aad2c..786848ad37ea 100644
--- a/net/ipv4/tcp_vegas.c
+++ b/net/ipv4/tcp_vegas.c
@@ -159,7 +159,7 @@ EXPORT_SYMBOL_GPL(tcp_vegas_cwnd_event);
static inline u32 tcp_vegas_ssthresh(struct tcp_sock *tp)
{
- return min(tp->snd_ssthresh, tp->snd_cwnd);
+ return min(tp->snd_ssthresh, tcp_snd_cwnd(tp));
}
static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked)
@@ -217,14 +217,14 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked)
* This is:
* (actual rate in segments) * baseRTT
*/
- target_cwnd = (u64)tp->snd_cwnd * vegas->baseRTT;
+ target_cwnd = (u64)tcp_snd_cwnd(tp) * vegas->baseRTT;
do_div(target_cwnd, rtt);
/* Calculate the difference between the window we had,
* and the window we would like to have. This quantity
* is the "Diff" from the Arizona Vegas papers.
*/
- diff = tp->snd_cwnd * (rtt-vegas->baseRTT) / vegas->baseRTT;
+ diff = tcp_snd_cwnd(tp) * (rtt-vegas->baseRTT) / vegas->baseRTT;
if (diff > gamma && tcp_in_slow_start(tp)) {
/* Going too fast. Time to slow down
@@ -238,7 +238,8 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked)
* truncation robs us of full link
* utilization.
*/
- tp->snd_cwnd = min(tp->snd_cwnd, (u32)target_cwnd+1);
+ tcp_snd_cwnd_set(tp, min(tcp_snd_cwnd(tp),
+ (u32)target_cwnd + 1));
tp->snd_ssthresh = tcp_vegas_ssthresh(tp);
} else if (tcp_in_slow_start(tp)) {
@@ -254,14 +255,14 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked)
/* The old window was too fast, so
* we slow down.
*/
- tp->snd_cwnd--;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) - 1);
tp->snd_ssthresh
= tcp_vegas_ssthresh(tp);
} else if (diff < alpha) {
/* We don't have enough extra packets
* in the network, so speed up.
*/
- tp->snd_cwnd++;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
} else {
/* Sending just as fast as we
* should be.
@@ -269,10 +270,10 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked)
}
}
- if (tp->snd_cwnd < 2)
- tp->snd_cwnd = 2;
- else if (tp->snd_cwnd > tp->snd_cwnd_clamp)
- tp->snd_cwnd = tp->snd_cwnd_clamp;
+ if (tcp_snd_cwnd(tp) < 2)
+ tcp_snd_cwnd_set(tp, 2);
+ else if (tcp_snd_cwnd(tp) > tp->snd_cwnd_clamp)
+ tcp_snd_cwnd_set(tp, tp->snd_cwnd_clamp);
tp->snd_ssthresh = tcp_current_ssthresh(sk);
}
diff --git a/net/ipv4/tcp_veno.c b/net/ipv4/tcp_veno.c
index cd50a61c9976..366ff6f214b2 100644
--- a/net/ipv4/tcp_veno.c
+++ b/net/ipv4/tcp_veno.c
@@ -146,11 +146,11 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 acked)
rtt = veno->minrtt;
- target_cwnd = (u64)tp->snd_cwnd * veno->basertt;
+ target_cwnd = (u64)tcp_snd_cwnd(tp) * veno->basertt;
target_cwnd <<= V_PARAM_SHIFT;
do_div(target_cwnd, rtt);
- veno->diff = (tp->snd_cwnd << V_PARAM_SHIFT) - target_cwnd;
+ veno->diff = (tcp_snd_cwnd(tp) << V_PARAM_SHIFT) - target_cwnd;
if (tcp_in_slow_start(tp)) {
/* Slow start. */
@@ -164,15 +164,15 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 acked)
/* In the "non-congestive state", increase cwnd
* every rtt.
*/
- tcp_cong_avoid_ai(tp, tp->snd_cwnd, acked);
+ tcp_cong_avoid_ai(tp, tcp_snd_cwnd(tp), acked);
} else {
/* In the "congestive state", increase cwnd
* every other rtt.
*/
- if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
+ if (tp->snd_cwnd_cnt >= tcp_snd_cwnd(tp)) {
if (veno->inc &&
- tp->snd_cwnd < tp->snd_cwnd_clamp) {
- tp->snd_cwnd++;
+ tcp_snd_cwnd(tp) < tp->snd_cwnd_clamp) {
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) + 1);
veno->inc = 0;
} else
veno->inc = 1;
@@ -181,10 +181,10 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 acked)
tp->snd_cwnd_cnt += acked;
}
done:
- if (tp->snd_cwnd < 2)
- tp->snd_cwnd = 2;
- else if (tp->snd_cwnd > tp->snd_cwnd_clamp)
- tp->snd_cwnd = tp->snd_cwnd_clamp;
+ if (tcp_snd_cwnd(tp) < 2)
+ tcp_snd_cwnd_set(tp, 2);
+ else if (tcp_snd_cwnd(tp) > tp->snd_cwnd_clamp)
+ tcp_snd_cwnd_set(tp, tp->snd_cwnd_clamp);
}
/* Wipe the slate clean for the next rtt. */
/* veno->cntrtt = 0; */
@@ -199,10 +199,10 @@ static u32 tcp_veno_ssthresh(struct sock *sk)
if (veno->diff < beta)
/* in "non-congestive state", cut cwnd by 1/5 */
- return max(tp->snd_cwnd * 4 / 5, 2U);
+ return max(tcp_snd_cwnd(tp) * 4 / 5, 2U);
else
/* in "congestive state", cut cwnd by 1/2 */
- return max(tp->snd_cwnd >> 1U, 2U);
+ return max(tcp_snd_cwnd(tp) >> 1U, 2U);
}
static struct tcp_congestion_ops tcp_veno __read_mostly = {
diff --git a/net/ipv4/tcp_westwood.c b/net/ipv4/tcp_westwood.c
index b2e05c4cea00..c6e97141eef2 100644
--- a/net/ipv4/tcp_westwood.c
+++ b/net/ipv4/tcp_westwood.c
@@ -244,7 +244,8 @@ static void tcp_westwood_event(struct sock *sk, enum tcp_ca_event event)
switch (event) {
case CA_EVENT_COMPLETE_CWR:
- tp->snd_cwnd = tp->snd_ssthresh = tcp_westwood_bw_rttmin(sk);
+ tp->snd_ssthresh = tcp_westwood_bw_rttmin(sk);
+ tcp_snd_cwnd_set(tp, tp->snd_ssthresh);
break;
case CA_EVENT_LOSS:
tp->snd_ssthresh = tcp_westwood_bw_rttmin(sk);
diff --git a/net/ipv4/tcp_yeah.c b/net/ipv4/tcp_yeah.c
index 07c4c93b9fdb..18b07ff5d20e 100644
--- a/net/ipv4/tcp_yeah.c
+++ b/net/ipv4/tcp_yeah.c
@@ -71,11 +71,11 @@ static void tcp_yeah_cong_avoid(struct sock *sk, u32 ack, u32 acked)
if (!yeah->doing_reno_now) {
/* Scalable */
- tcp_cong_avoid_ai(tp, min(tp->snd_cwnd, TCP_SCALABLE_AI_CNT),
+ tcp_cong_avoid_ai(tp, min(tcp_snd_cwnd(tp), TCP_SCALABLE_AI_CNT),
acked);
} else {
/* Reno */
- tcp_cong_avoid_ai(tp, tp->snd_cwnd, acked);
+ tcp_cong_avoid_ai(tp, tcp_snd_cwnd(tp), acked);
}
/* The key players are v_vegas.beg_snd_una and v_beg_snd_nxt.
@@ -130,7 +130,7 @@ static void tcp_yeah_cong_avoid(struct sock *sk, u32 ack, u32 acked)
/* Compute excess number of packets above bandwidth
* Avoid doing full 64 bit divide.
*/
- bw = tp->snd_cwnd;
+ bw = tcp_snd_cwnd(tp);
bw *= rtt - yeah->vegas.baseRTT;
do_div(bw, rtt);
queue = bw;
@@ -138,20 +138,20 @@ static void tcp_yeah_cong_avoid(struct sock *sk, u32 ack, u32 acked)
if (queue > TCP_YEAH_ALPHA ||
rtt - yeah->vegas.baseRTT > (yeah->vegas.baseRTT / TCP_YEAH_PHY)) {
if (queue > TCP_YEAH_ALPHA &&
- tp->snd_cwnd > yeah->reno_count) {
+ tcp_snd_cwnd(tp) > yeah->reno_count) {
u32 reduction = min(queue / TCP_YEAH_GAMMA ,
- tp->snd_cwnd >> TCP_YEAH_EPSILON);
+ tcp_snd_cwnd(tp) >> TCP_YEAH_EPSILON);
- tp->snd_cwnd -= reduction;
+ tcp_snd_cwnd_set(tp, tcp_snd_cwnd(tp) - reduction);
- tp->snd_cwnd = max(tp->snd_cwnd,
- yeah->reno_count);
+ tcp_snd_cwnd_set(tp, max(tcp_snd_cwnd(tp),
+ yeah->reno_count));
- tp->snd_ssthresh = tp->snd_cwnd;
+ tp->snd_ssthresh = tcp_snd_cwnd(tp);
}
if (yeah->reno_count <= 2)
- yeah->reno_count = max(tp->snd_cwnd>>1, 2U);
+ yeah->reno_count = max(tcp_snd_cwnd(tp)>>1, 2U);
else
yeah->reno_count++;
@@ -176,7 +176,7 @@ static void tcp_yeah_cong_avoid(struct sock *sk, u32 ack, u32 acked)
*/
yeah->vegas.beg_snd_una = yeah->vegas.beg_snd_nxt;
yeah->vegas.beg_snd_nxt = tp->snd_nxt;
- yeah->vegas.beg_snd_cwnd = tp->snd_cwnd;
+ yeah->vegas.beg_snd_cwnd = tcp_snd_cwnd(tp);
/* Wipe the slate clean for the next RTT. */
yeah->vegas.cntRTT = 0;
@@ -193,16 +193,16 @@ static u32 tcp_yeah_ssthresh(struct sock *sk)
if (yeah->doing_reno_now < TCP_YEAH_RHO) {
reduction = yeah->lastQ;
- reduction = min(reduction, max(tp->snd_cwnd>>1, 2U));
+ reduction = min(reduction, max(tcp_snd_cwnd(tp)>>1, 2U));
- reduction = max(reduction, tp->snd_cwnd >> TCP_YEAH_DELTA);
+ reduction = max(reduction, tcp_snd_cwnd(tp) >> TCP_YEAH_DELTA);
} else
- reduction = max(tp->snd_cwnd>>1, 2U);
+ reduction = max(tcp_snd_cwnd(tp)>>1, 2U);
yeah->fast_count = 0;
yeah->reno_count = max(yeah->reno_count>>1, 2U);
- return max_t(int, tp->snd_cwnd - reduction, 2);
+ return max_t(int, tcp_snd_cwnd(tp) - reduction, 2);
}
static struct tcp_congestion_ops tcp_yeah __read_mostly = {
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index faaddaf43c90..cbc5fff3d846 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -2044,7 +2044,7 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | inet_csk_in_pingpong_mode(sp),
- tp->snd_cwnd,
+ tcp_snd_cwnd(tp),
state == TCP_LISTEN ?
fastopenq->max_qlen :
(tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 111/339] nfp: only report pause frame configuration for physical device
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 110/339] tcp: add accessors to read/set tp->snd_cwnd Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 112/339] block: use bio_queue_enter instead of blk_queue_enter in bio_poll Greg Kroah-Hartman
` (229 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Xiao, Simon Horman,
David S. Miller, Sasha Levin
From: Yu Xiao <yu.xiao@corigine.com>
[ Upstream commit 0649e4d63420ebc8cbebef3e9d39e12ffc5eb9fa ]
Only report pause frame configuration for physical device. Logical
port of both PCI PF and PCI VF do not support it.
Fixes: 9fdc5d85a8fe ("nfp: update ethtool reporting of pauseframe control")
Signed-off-by: Yu Xiao <yu.xiao@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
index 61c8b450aafb..df0afd271a21 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
@@ -289,8 +289,6 @@ nfp_net_get_link_ksettings(struct net_device *netdev,
/* Init to unknowns */
ethtool_link_ksettings_add_link_mode(cmd, supported, FIBRE);
- ethtool_link_ksettings_add_link_mode(cmd, supported, Pause);
- ethtool_link_ksettings_add_link_mode(cmd, advertising, Pause);
cmd->base.port = PORT_OTHER;
cmd->base.speed = SPEED_UNKNOWN;
cmd->base.duplex = DUPLEX_UNKNOWN;
@@ -298,6 +296,8 @@ nfp_net_get_link_ksettings(struct net_device *netdev,
port = nfp_port_from_netdev(netdev);
eth_port = nfp_port_get_eth_port(port);
if (eth_port) {
+ ethtool_link_ksettings_add_link_mode(cmd, supported, Pause);
+ ethtool_link_ksettings_add_link_mode(cmd, advertising, Pause);
cmd->base.autoneg = eth_port->aneg != NFP_ANEG_DISABLED ?
AUTONEG_ENABLE : AUTONEG_DISABLE;
nfp_net_set_fec_link_mode(eth_port, cmd);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 112/339] block: use bio_queue_enter instead of blk_queue_enter in bio_poll
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 111/339] nfp: only report pause frame configuration for physical device Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 113/339] bonding: NS target should accept link local address Greg Kroah-Hartman
` (228 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christoph Hellwig, Jens Axboe, Sasha Levin
From: Christoph Hellwig <hch@lst.de>
[ Upstream commit ebd076bf7d5deef488ec7ebc3fdbf781eafae269 ]
We want to have a valid live gendisk to call ->poll and not just a
request_queue, so call the right helper.
Fixes: 3e08773c3841 ("block: switch polling to be bio based")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220523124302.526186-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index bc0506772152..84f7b7884d07 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -948,7 +948,7 @@ int bio_poll(struct bio *bio, struct io_comp_batch *iob, unsigned int flags)
blk_flush_plug(current->plug, false);
- if (blk_queue_enter(q, BLK_MQ_REQ_NOWAIT))
+ if (bio_queue_enter(bio))
return 0;
if (queue_is_mq(q)) {
ret = blk_mq_poll(q, cookie, iob, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 113/339] bonding: NS target should accept link local address
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 112/339] block: use bio_queue_enter instead of blk_queue_enter in bio_poll Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 114/339] sfc: fix considering that all channels have TX queues Greg Kroah-Hartman
` (227 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Liang, Hangbin Liu,
Jonathan Toppins, Jay Vosburgh, David S. Miller, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 5e1eeef69c0fef6249b794bda5d68f95a65d062f ]
When setting bond NS target, we use bond_is_ip6_target_ok() to check
if the address valid. The link local address was wrongly rejected in
bond_changelink(), as most time the user just set the ARP/NS target to
gateway, while the IPv6 gateway is always a link local address when user
set up interface via SLAAC.
So remove the link local addr check when setting bond NS target.
Fixes: 129e3c1bab24 ("bonding: add new option ns_ip6_target")
Reported-by: Li Liang <liali@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Jonathan Toppins <jtoppins@redhat.com>
Acked-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_netlink.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c
index f427fa1737c7..6f404f9c34e3 100644
--- a/drivers/net/bonding/bond_netlink.c
+++ b/drivers/net/bonding/bond_netlink.c
@@ -290,11 +290,6 @@ static int bond_changelink(struct net_device *bond_dev, struct nlattr *tb[],
addr6 = nla_get_in6_addr(attr);
- if (ipv6_addr_type(&addr6) & IPV6_ADDR_LINKLOCAL) {
- NL_SET_ERR_MSG(extack, "Invalid IPv6 addr6");
- return -EINVAL;
- }
-
bond_opt_initextra(&newval, &addr6, sizeof(addr6));
err = __bond_opt_set(bond, BOND_OPT_NS_TARGETS,
&newval);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 114/339] sfc: fix considering that all channels have TX queues
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 113/339] bonding: NS target should accept link local address Greg Kroah-Hartman
@ 2022-06-13 10:08 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 115/339] sfc: fix wrong tx channel offset with efx_separate_tx_channels Greg Kroah-Hartman
` (226 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:08 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tianhao Zhao, Martin Habets,
Íñigo Huguet, David S. Miller, Sasha Levin
From: Martin Habets <habetsm.xilinx@gmail.com>
[ Upstream commit 2e102b53f8a778f872dc137f4c7ac548705817aa ]
Normally, all channels have RX and TX queues, but this is not true if
modparam efx_separate_tx_channels=1 is used. In that cases, some
channels only have RX queues and others only TX queues (or more
preciselly, they have them allocated, but not initialized).
Fix efx_channel_has_tx_queues to return the correct value for this case
too.
Messages shown at probe time before the fix:
sfc 0000:03:00.0 ens6f0np0: MC command 0x82 inlen 544 failed rc=-22 (raw=0) arg=0
------------[ cut here ]------------
netdevice: ens6f0np0: failed to initialise TXQ -1
WARNING: CPU: 1 PID: 626 at drivers/net/ethernet/sfc/ef10.c:2393 efx_ef10_tx_init+0x201/0x300 [sfc]
[...] stripped
RIP: 0010:efx_ef10_tx_init+0x201/0x300 [sfc]
[...] stripped
Call Trace:
efx_init_tx_queue+0xaa/0xf0 [sfc]
efx_start_channels+0x49/0x120 [sfc]
efx_start_all+0x1f8/0x430 [sfc]
efx_net_open+0x5a/0xe0 [sfc]
__dev_open+0xd0/0x190
__dev_change_flags+0x1b3/0x220
dev_change_flags+0x21/0x60
[...] stripped
Messages shown at remove time before the fix:
sfc 0000:03:00.0 ens6f0np0: failed to flush 10 queues
sfc 0000:03:00.0 ens6f0np0: failed to flush queues
Fixes: 8700aff08984 ("sfc: fix channel allocation with brute force")
Reported-by: Tianhao Zhao <tizhao@redhat.com>
Signed-off-by: Martin Habets <habetsm.xilinx@gmail.com>
Tested-by: Íñigo Huguet <ihuguet@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/net_driver.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sfc/net_driver.h b/drivers/net/ethernet/sfc/net_driver.h
index c75dc75e2857..d7255d54707c 100644
--- a/drivers/net/ethernet/sfc/net_driver.h
+++ b/drivers/net/ethernet/sfc/net_driver.h
@@ -1535,7 +1535,7 @@ static inline bool efx_channel_is_xdp_tx(struct efx_channel *channel)
static inline bool efx_channel_has_tx_queues(struct efx_channel *channel)
{
- return true;
+ return channel && channel->channel >= channel->efx->tx_channel_offset;
}
static inline unsigned int efx_channel_num_tx_queues(struct efx_channel *channel)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 115/339] sfc: fix wrong tx channel offset with efx_separate_tx_channels
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2022-06-13 10:08 ` [PATCH 5.18 114/339] sfc: fix considering that all channels have TX queues Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 116/339] block: make bioset_exit() fully resilient against being called twice Greg Kroah-Hartman
` (225 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tianhao Zhao, Íñigo Huguet,
David S. Miller, Sasha Levin
From: Íñigo Huguet <ihuguet@redhat.com>
[ Upstream commit c308dfd1b43ef0d4c3e57b741bb3462eb7a7f4a2 ]
tx_channel_offset is calculated in efx_allocate_msix_channels, but it is
also calculated again in efx_set_channels because it was originally done
there, and when efx_allocate_msix_channels was introduced it was
forgotten to be removed from efx_set_channels.
Moreover, the old calculation is wrong when using
efx_separate_tx_channels because now we can have XDP channels after the
TX channels, so n_channels - n_tx_channels doesn't point to the first TX
channel.
Remove the old calculation from efx_set_channels, and add the
initialization of this variable if MSI or legacy interrupts are used,
next to the initialization of the rest of the related variables, where
it was missing.
Fixes: 3990a8fffbda ("sfc: allocate channels for XDP tx queues")
Reported-by: Tianhao Zhao <tizhao@redhat.com>
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/efx_channels.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/sfc/efx_channels.c b/drivers/net/ethernet/sfc/efx_channels.c
index 40df910aa140..b9cf873e1e42 100644
--- a/drivers/net/ethernet/sfc/efx_channels.c
+++ b/drivers/net/ethernet/sfc/efx_channels.c
@@ -324,6 +324,7 @@ int efx_probe_interrupts(struct efx_nic *efx)
efx->n_channels = 1;
efx->n_rx_channels = 1;
efx->n_tx_channels = 1;
+ efx->tx_channel_offset = 0;
efx->n_xdp_channels = 0;
efx->xdp_channel_offset = efx->n_channels;
rc = pci_enable_msi(efx->pci_dev);
@@ -344,6 +345,7 @@ int efx_probe_interrupts(struct efx_nic *efx)
efx->n_channels = 1 + (efx_separate_tx_channels ? 1 : 0);
efx->n_rx_channels = 1;
efx->n_tx_channels = 1;
+ efx->tx_channel_offset = 1;
efx->n_xdp_channels = 0;
efx->xdp_channel_offset = efx->n_channels;
efx->legacy_irq = efx->pci_dev->irq;
@@ -979,10 +981,6 @@ int efx_set_channels(struct efx_nic *efx)
struct efx_channel *channel;
int rc;
- efx->tx_channel_offset =
- efx_separate_tx_channels ?
- efx->n_channels - efx->n_tx_channels : 0;
-
if (efx->xdp_tx_queue_count) {
EFX_WARN_ON_PARANOID(efx->xdp_tx_queues);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 116/339] block: make bioset_exit() fully resilient against being called twice
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 115/339] sfc: fix wrong tx channel offset with efx_separate_tx_channels Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 117/339] sched/autogroup: Fix sysctl move Greg Kroah-Hartman
` (224 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Matthew Wilcox, Jens Axboe, Sasha Levin
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit 605f7415ecfb426610195dd6c7577b30592b3369 ]
Most of bioset_exit() is fine being called twice, as it clears the
various allocations etc when they are freed. The exception is
bio_alloc_cache_destroy(), which does not clear ->cache when it has
freed it.
This isn't necessarily a bug, but can be if buggy users does call the
exit path more then once, or with just a memset() bioset which has
never been initialized. dm appears to be one such user.
Fixes: be4d234d7aeb ("bio: add allocation cache abstraction")
Link: https://lore.kernel.org/linux-block/YpK7m+14A+pZKs5k@casper.infradead.org/
Reported-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/bio.c b/block/bio.c
index ac29c87c6735..d3ca79c3ebdf 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -693,6 +693,7 @@ static void bio_alloc_cache_destroy(struct bio_set *bs)
bio_alloc_cache_prune(cache, -1U);
}
free_percpu(bs->cache);
+ bs->cache = NULL;
}
/**
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 117/339] sched/autogroup: Fix sysctl move
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 116/339] block: make bioset_exit() fully resilient against being called twice Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 118/339] blk-mq: do not update io_ticks with passthrough requests Greg Kroah-Hartman
` (223 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ivan Kozik, Peter Zijlstra (Intel),
Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 82f586f923e3ac6062bc7867717a7f8afc09e0ff ]
Ivan reported /proc/sys/kernel/sched_autogroup_enabled went walk-about
and using the noautogroup command line parameter would result in a
boot error message.
Turns out the sysctl move placed the init function wrong.
Fixes: c8eaf6ac76f4 ("sched: move autogroup sysctls into its own file")
Reported-by: Ivan Kozik <ivan@ludios.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Ivan Kozik <ivan@ludios.org>
Link: https://lkml.kernel.org/r/YpR2IqndgsyMzN00@worktop.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/autogroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/autogroup.c b/kernel/sched/autogroup.c
index 16092b49ff6a..4ebaf97f7bd8 100644
--- a/kernel/sched/autogroup.c
+++ b/kernel/sched/autogroup.c
@@ -36,6 +36,7 @@ void __init autogroup_init(struct task_struct *init_task)
kref_init(&autogroup_default.kref);
init_rwsem(&autogroup_default.lock);
init_task->signal->autogroup = &autogroup_default;
+ sched_autogroup_sysctl_init();
}
void autogroup_free(struct task_group *tg)
@@ -219,7 +220,6 @@ void sched_autogroup_exit(struct signal_struct *sig)
static int __init setup_autogroup(char *str)
{
sysctl_sched_autogroup_enabled = 0;
- sched_autogroup_sysctl_init();
return 1;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 118/339] blk-mq: do not update io_ticks with passthrough requests
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 117/339] sched/autogroup: Fix sysctl move Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 119/339] net: phy: at803x: disable WOL at probe Greg Kroah-Hartman
` (222 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haisu Wang, samuelliao,
Christoph Hellwig, Jens Axboe, Sasha Levin
From: Haisu Wang <haisuwang@tencent.com>
[ Upstream commit b81c14ca14b631aa1abae32fb5ae75b5e9251012 ]
Flush or passthrough requests are not accounted as normal IO in completion.
To reflect iostat for slow IO, io_ticks is updated when stat show called
based on inflight numbers.
It may cause inconsistent io_ticks calculation result.
So do not account non-passthrough request when check inflight.
Fixes: 86d7331299fd ("block: update io_ticks when io hang")
Signed-off-by: Haisu Wang <haisuwang@tencent.com>
Reviewed-by: samuelliao <samuelliao@tencent.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20220530064059.1120058-1-haisuwang@tencent.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index 9d33e0032fee..de7fc6957271 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -133,7 +133,8 @@ static bool blk_mq_check_inflight(struct request *rq, void *priv,
{
struct mq_inflight *mi = priv;
- if ((!mi->part->bd_partno || rq->part == mi->part) &&
+ if (rq->part && blk_do_io_stat(rq) &&
+ (!mi->part->bd_partno || rq->part == mi->part) &&
blk_mq_rq_state(rq) == MQ_RQ_IN_FLIGHT)
mi->inflight[rq_data_dir(rq)]++;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 119/339] net: phy: at803x: disable WOL at probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 118/339] blk-mq: do not update io_ticks with passthrough requests Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 120/339] bonding: show NS IPv6 targets in proc master info Greg Kroah-Hartman
` (221 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Viorel Suman, Jakub Kicinski, Sasha Levin
From: Viorel Suman <viorel.suman@nxp.com>
[ Upstream commit d7cd5e06c9dd70a82f1461c7b5f676bc03f5cd61 ]
Before 7beecaf7d507b ("net: phy: at803x: improve the WOL feature") patch
"at803x_get_wol" implementation used AT803X_INTR_ENABLE_WOL value to set
WAKE_MAGIC flag, and now AT803X_WOL_EN value is used for the same purpose.
The problem here is that the values of these two bits are different after
hardware reset: AT803X_INTR_ENABLE_WOL=0 after hardware reset, but
AT803X_WOL_EN=1. So now, if called right after boot, "at803x_get_wol" will
set WAKE_MAGIC flag, even if WOL function is not enabled by calling
"at803x_set_wol" function. The patch disables WOL function on probe thus
the behavior is consistent.
Fixes: 7beecaf7d507b ("net: phy: at803x: improve the WOL feature")
Signed-off-by: Viorel Suman <viorel.suman@nxp.com>
Link: https://lore.kernel.org/r/20220527084935.235274-1-viorel.suman@oss.nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/at803x.c | 33 ++++++++++++++++++++++-----------
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/drivers/net/phy/at803x.c b/drivers/net/phy/at803x.c
index 73926006d319..6a467e7817a6 100644
--- a/drivers/net/phy/at803x.c
+++ b/drivers/net/phy/at803x.c
@@ -433,20 +433,21 @@ static void at803x_context_restore(struct phy_device *phydev,
static int at803x_set_wol(struct phy_device *phydev,
struct ethtool_wolinfo *wol)
{
- struct net_device *ndev = phydev->attached_dev;
- const u8 *mac;
int ret, irq_enabled;
- unsigned int i;
- static const unsigned int offsets[] = {
- AT803X_LOC_MAC_ADDR_32_47_OFFSET,
- AT803X_LOC_MAC_ADDR_16_31_OFFSET,
- AT803X_LOC_MAC_ADDR_0_15_OFFSET,
- };
-
- if (!ndev)
- return -ENODEV;
if (wol->wolopts & WAKE_MAGIC) {
+ struct net_device *ndev = phydev->attached_dev;
+ const u8 *mac;
+ unsigned int i;
+ static const unsigned int offsets[] = {
+ AT803X_LOC_MAC_ADDR_32_47_OFFSET,
+ AT803X_LOC_MAC_ADDR_16_31_OFFSET,
+ AT803X_LOC_MAC_ADDR_0_15_OFFSET,
+ };
+
+ if (!ndev)
+ return -ENODEV;
+
mac = (const u8 *) ndev->dev_addr;
if (!is_valid_ether_addr(mac))
@@ -857,6 +858,9 @@ static int at803x_probe(struct phy_device *phydev)
if (phydev->drv->phy_id == ATH8031_PHY_ID) {
int ccr = phy_read(phydev, AT803X_REG_CHIP_CONFIG);
int mode_cfg;
+ struct ethtool_wolinfo wol = {
+ .wolopts = 0,
+ };
if (ccr < 0)
goto err;
@@ -872,6 +876,13 @@ static int at803x_probe(struct phy_device *phydev)
priv->is_fiber = true;
break;
}
+
+ /* Disable WOL by default */
+ ret = at803x_set_wol(phydev, &wol);
+ if (ret < 0) {
+ phydev_err(phydev, "failed to disable WOL on probe: %d\n", ret);
+ goto err;
+ }
}
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 120/339] bonding: show NS IPv6 targets in proc master info
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 119/339] net: phy: at803x: disable WOL at probe Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 121/339] erofs: fix backmost member of z_erofs_decompress_frontend Greg Kroah-Hartman
` (220 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Li Liang, Hangbin Liu, Paolo Abeni,
Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit 4a1f14df55d1e9ecdfa797a87a80131207cbd66f ]
When adding bond new parameter ns_targets. I forgot to print this
in bond master proc info. After updating, the bond master info will look
like:
ARP IP target/s (n.n.n.n form): 192.168.1.254
NS IPv6 target/s (XX::XX form): 2022::1, 2022::2
Fixes: 4e24be018eb9 ("bonding: add new parameter ns_targets")
Reported-by: Li Liang <liali@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://lore.kernel.org/r/20220530062639.37179-1-liuhangbin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_procfs.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/drivers/net/bonding/bond_procfs.c b/drivers/net/bonding/bond_procfs.c
index cfe37be42be4..43be458422b3 100644
--- a/drivers/net/bonding/bond_procfs.c
+++ b/drivers/net/bonding/bond_procfs.c
@@ -129,6 +129,21 @@ static void bond_info_show_master(struct seq_file *seq)
printed = 1;
}
seq_printf(seq, "\n");
+
+#if IS_ENABLED(CONFIG_IPV6)
+ printed = 0;
+ seq_printf(seq, "NS IPv6 target/s (xx::xx form):");
+
+ for (i = 0; (i < BOND_MAX_NS_TARGETS); i++) {
+ if (ipv6_addr_any(&bond->params.ns_targets[i]))
+ break;
+ if (printed)
+ seq_printf(seq, ",");
+ seq_printf(seq, " %pI6c", &bond->params.ns_targets[i]);
+ printed = 1;
+ }
+ seq_printf(seq, "\n");
+#endif
}
if (BOND_MODE(bond) == BOND_MODE_8023AD) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 121/339] erofs: fix backmost member of z_erofs_decompress_frontend
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 120/339] bonding: show NS IPv6 targets in proc master info Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 122/339] vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit Greg Kroah-Hartman
` (219 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Weizhao Ouyang, Gao Xiang, Yue Hu,
Chao Yu, Sasha Levin
From: Weizhao Ouyang <o451686892@gmail.com>
[ Upstream commit 4398d3c31b582db0d640b23434bf344a6c8df57c ]
Initialize 'backmost' to true in DECOMPRESS_FRONTEND_INIT.
Fixes: 5c6dcc57e2e5 ("erofs: get rid of `struct z_erofs_collector'")
Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Yue Hu <huyue2@coolpad.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20220530075114.918874-1-o451686892@gmail.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/erofs/zdata.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index e6dea6dfca16..3e3e96043b5b 100644
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -214,7 +214,7 @@ struct z_erofs_decompress_frontend {
#define DECOMPRESS_FRONTEND_INIT(__i) { \
.inode = __i, .owned_head = Z_EROFS_PCLUSTER_TAIL, \
- .mode = COLLECT_PRIMARY_FOLLOWED }
+ .mode = COLLECT_PRIMARY_FOLLOWED, .backmost = true }
static struct page *z_pagemap_global[Z_EROFS_VMAP_GLOBAL_PAGES];
static DEFINE_MUTEX(z_pagemap_global_lock);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 122/339] vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 121/339] erofs: fix backmost member of z_erofs_decompress_frontend Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 123/339] virtio: pci: Fix an error handling path in vp_modern_probe() Greg Kroah-Hartman
` (218 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Si-Wei Liu, Jason Wang, Eli Cohen,
Michael S. Tsirkin, Sasha Levin
From: Eli Cohen <elic@nvidia.com>
[ Upstream commit 7a6691f1f89784f775fa0c54be57533445726068 ]
In vdpa_nl_cmd_dev_get_doit(), if the call to genlmsg_reply() fails we
must not call nlmsg_free() since this is done inside genlmsg_reply().
Fix it.
Fixes: bc0d90ee021f ("vdpa: Enable user to query vdpa device info")
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eli Cohen <elic@nvidia.com>
Message-Id: <20220518133804.1075129-2-elic@nvidia.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vdpa/vdpa.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/vdpa/vdpa.c b/drivers/vdpa/vdpa.c
index 2b75c00b1005..fac89a0d8178 100644
--- a/drivers/vdpa/vdpa.c
+++ b/drivers/vdpa/vdpa.c
@@ -756,14 +756,19 @@ static int vdpa_nl_cmd_dev_get_doit(struct sk_buff *skb, struct genl_info *info)
goto mdev_err;
}
err = vdpa_dev_fill(vdev, msg, info->snd_portid, info->snd_seq, 0, info->extack);
- if (!err)
- err = genlmsg_reply(msg, info);
+ if (err)
+ goto mdev_err;
+
+ err = genlmsg_reply(msg, info);
+ put_device(dev);
+ mutex_unlock(&vdpa_dev_mutex);
+ return err;
+
mdev_err:
put_device(dev);
err:
mutex_unlock(&vdpa_dev_mutex);
- if (err)
- nlmsg_free(msg);
+ nlmsg_free(msg);
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 123/339] virtio: pci: Fix an error handling path in vp_modern_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 122/339] vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 124/339] net/mlx5: Dont use already freed action pointer Greg Kroah-Hartman
` (217 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET,
Michael S. Tsirkin, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 7a836a2aba09479c8e71fa43249eecc4af945f61 ]
If an error occurs after a successful pci_request_selected_regions() call,
it should be undone by a corresponding pci_release_selected_regions() call,
as already done in vp_modern_remove().
Fixes: fd502729fbbf ("virtio-pci: introduce modern device module")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Message-Id: <237109725aad2c3c03d14549f777b1927c84b045.1648977064.git.christophe.jaillet@wanadoo.fr>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virtio/virtio_pci_modern_dev.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/virtio/virtio_pci_modern_dev.c b/drivers/virtio/virtio_pci_modern_dev.c
index 591738ad3d56..4093f9cca7a6 100644
--- a/drivers/virtio/virtio_pci_modern_dev.c
+++ b/drivers/virtio/virtio_pci_modern_dev.c
@@ -347,6 +347,7 @@ int vp_modern_probe(struct virtio_pci_modern_device *mdev)
err_map_isr:
pci_iounmap(pci_dev, mdev->common);
err_map_common:
+ pci_release_selected_regions(pci_dev, mdev->modern_bars);
return err;
}
EXPORT_SYMBOL_GPL(vp_modern_probe);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 124/339] net/mlx5: Dont use already freed action pointer
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 123/339] virtio: pci: Fix an error handling path in vp_modern_probe() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 125/339] net/mlx5e: TC NIC mode, fix tc chains miss table Greg Kroah-Hartman
` (216 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Leon Romanovsky,
Saeed Mahameed, Sasha Levin
From: Leon Romanovsky <leonro@nvidia.com>
[ Upstream commit 80b2bd737d0e833e6a2b77e482e5a714a79c86a4 ]
The call to mlx5dr_action_destroy() releases "action" memory. That
pointer is set to miss_action later and generates the following smatch
error:
drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c:53 set_miss_action()
warn: 'action' was already freed.
Make sure that the pointer is always valid by setting NULL after destroy.
Fixes: 6a48faeeca10 ("net/mlx5: Add direct rule fs_cmd implementation")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c
index 728f81882589..6a9abba92df6 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/fs_dr.c
@@ -44,11 +44,10 @@ static int set_miss_action(struct mlx5_flow_root_namespace *ns,
err = mlx5dr_table_set_miss_action(ft->fs_dr_table.dr_table, action);
if (err && action) {
err = mlx5dr_action_destroy(action);
- if (err) {
- action = NULL;
- mlx5_core_err(ns->dev, "Failed to destroy action (%d)\n",
- err);
- }
+ if (err)
+ mlx5_core_err(ns->dev,
+ "Failed to destroy action (%d)\n", err);
+ action = NULL;
}
ft->fs_dr_table.miss_action = action;
if (old_miss_action) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 125/339] net/mlx5e: TC NIC mode, fix tc chains miss table
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 124/339] net/mlx5: Dont use already freed action pointer Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 126/339] net/mlx5: CT: Fix header-rewrite re-use for tupels Greg Kroah-Hartman
` (215 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maor Dickman, Paul Blakey,
Ariel Levkovich, Saeed Mahameed, Sasha Levin
From: Maor Dickman <maord@nvidia.com>
[ Upstream commit 66cb64e292d21588bdb831f08a7ec0ff04d6380d ]
The cited commit changed promisc table to be created on demand with the
highest priority in the NIC table replacing the vlan table, this caused
tc NIC tables miss flow to skip the prmoisc table because it use vlan
table as miss table.
OVS offload in NIC mode use promisc by default so any unicast packet
which will be handled by tc NIC tables miss flow will skip the promisc
rule and will be dropped.
Fix this by adding new empty table in new tc level with low priority and
point the nic tc chain miss to it, the new table is managed so it will
point to vlan table if promisc is disabled and to promisc table if enabled.
Fixes: 1c46d7409f30 ("net/mlx5e: Optimize promiscuous mode")
Signed-off-by: Maor Dickman <maord@nvidia.com>
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Reviewed-by: Ariel Levkovich <lariel@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlx5/core/en/fs.h | 2 +
.../net/ethernet/mellanox/mlx5/core/en_tc.c | 38 ++++++++++++++++++-
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +-
3 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/fs.h b/drivers/net/ethernet/mellanox/mlx5/core/en/fs.h
index 678ffbb48a25..e3e8c1c3ff24 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/fs.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/fs.h
@@ -12,6 +12,7 @@ struct mlx5e_post_act;
enum {
MLX5E_TC_FT_LEVEL = 0,
MLX5E_TC_TTC_FT_LEVEL,
+ MLX5E_TC_MISS_LEVEL,
};
struct mlx5e_tc_table {
@@ -20,6 +21,7 @@ struct mlx5e_tc_table {
*/
struct mutex t_lock;
struct mlx5_flow_table *t;
+ struct mlx5_flow_table *miss_t;
struct mlx5_fs_chains *chains;
struct mlx5e_post_act *post_act;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index ac0f73074f7a..ec2dfecd7f0f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -4688,6 +4688,33 @@ static int mlx5e_tc_nic_get_ft_size(struct mlx5_core_dev *dev)
return tc_tbl_size;
}
+static int mlx5e_tc_nic_create_miss_table(struct mlx5e_priv *priv)
+{
+ struct mlx5_flow_table **ft = &priv->fs.tc.miss_t;
+ struct mlx5_flow_table_attr ft_attr = {};
+ struct mlx5_flow_namespace *ns;
+ int err = 0;
+
+ ft_attr.max_fte = 1;
+ ft_attr.autogroup.max_num_groups = 1;
+ ft_attr.level = MLX5E_TC_MISS_LEVEL;
+ ft_attr.prio = 0;
+ ns = mlx5_get_flow_namespace(priv->mdev, MLX5_FLOW_NAMESPACE_KERNEL);
+
+ *ft = mlx5_create_auto_grouped_flow_table(ns, &ft_attr);
+ if (IS_ERR(*ft)) {
+ err = PTR_ERR(*ft);
+ netdev_err(priv->netdev, "failed to create tc nic miss table err=%d\n", err);
+ }
+
+ return err;
+}
+
+static void mlx5e_tc_nic_destroy_miss_table(struct mlx5e_priv *priv)
+{
+ mlx5_destroy_flow_table(priv->fs.tc.miss_t);
+}
+
int mlx5e_tc_nic_init(struct mlx5e_priv *priv)
{
struct mlx5e_tc_table *tc = &priv->fs.tc;
@@ -4720,19 +4747,23 @@ int mlx5e_tc_nic_init(struct mlx5e_priv *priv)
}
tc->mapping = chains_mapping;
+ err = mlx5e_tc_nic_create_miss_table(priv);
+ if (err)
+ goto err_chains;
+
if (MLX5_CAP_FLOWTABLE_NIC_RX(priv->mdev, ignore_flow_level))
attr.flags = MLX5_CHAINS_AND_PRIOS_SUPPORTED |
MLX5_CHAINS_IGNORE_FLOW_LEVEL_SUPPORTED;
attr.ns = MLX5_FLOW_NAMESPACE_KERNEL;
attr.max_ft_sz = mlx5e_tc_nic_get_ft_size(dev);
attr.max_grp_num = MLX5E_TC_TABLE_NUM_GROUPS;
- attr.default_ft = mlx5e_vlan_get_flowtable(priv->fs.vlan);
+ attr.default_ft = priv->fs.tc.miss_t;
attr.mapping = chains_mapping;
tc->chains = mlx5_chains_create(dev, &attr);
if (IS_ERR(tc->chains)) {
err = PTR_ERR(tc->chains);
- goto err_chains;
+ goto err_miss;
}
tc->post_act = mlx5e_tc_post_act_init(priv, tc->chains, MLX5_FLOW_NAMESPACE_KERNEL);
@@ -4755,6 +4786,8 @@ int mlx5e_tc_nic_init(struct mlx5e_priv *priv)
mlx5_tc_ct_clean(tc->ct);
mlx5e_tc_post_act_destroy(tc->post_act);
mlx5_chains_destroy(tc->chains);
+err_miss:
+ mlx5e_tc_nic_destroy_miss_table(priv);
err_chains:
mapping_destroy(chains_mapping);
err_mapping:
@@ -4795,6 +4828,7 @@ void mlx5e_tc_nic_cleanup(struct mlx5e_priv *priv)
mlx5e_tc_post_act_destroy(tc->post_act);
mapping_destroy(tc->mapping);
mlx5_chains_destroy(tc->chains);
+ mlx5e_tc_nic_destroy_miss_table(priv);
}
int mlx5e_tc_ht_init(struct rhashtable *tc_ht)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index 89ba72e8d109..ab184e154eea 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -116,7 +116,7 @@
#define KERNEL_MIN_LEVEL (KERNEL_NIC_PRIO_NUM_LEVELS + 1)
#define KERNEL_NIC_TC_NUM_PRIOS 1
-#define KERNEL_NIC_TC_NUM_LEVELS 2
+#define KERNEL_NIC_TC_NUM_LEVELS 3
#define ANCHOR_NUM_LEVELS 1
#define ANCHOR_NUM_PRIOS 1
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 126/339] net/mlx5: CT: Fix header-rewrite re-use for tupels
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 125/339] net/mlx5e: TC NIC mode, fix tc chains miss table Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 127/339] net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition Greg Kroah-Hartman
` (214 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Blakey, Ariel Levkovich,
Saeed Mahameed, Sasha Levin
From: Paul Blakey <paulb@nvidia.com>
[ Upstream commit 1f2856cde64baa78475e6d3c601fb7b7f693a161 ]
Tuple entries that don't have nat configured for them
which are added to the ct nat table will always create
a new modify header, as we don't check for possible
re-use on them. The same for tuples that have nat configured
for them but are added to ct table.
Fix the above by only avoiding wasteful re-use lookup
for actually natted entries in ct nat table.
Fixes: 7fac5c2eced3 ("net/mlx5: CT: Avoid reusing modify header context for natted entries")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Reviewed-by: Ariel Levkovich <lariel@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/mellanox/mlx5/core/en/tc_ct.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
index ab4b0f3ee2a0..1ff7a07bcd06 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
@@ -701,7 +701,7 @@ mlx5_tc_ct_entry_create_mod_hdr(struct mlx5_tc_ct_priv *ct_priv,
struct mlx5_flow_attr *attr,
struct flow_rule *flow_rule,
struct mlx5e_mod_hdr_handle **mh,
- u8 zone_restore_id, bool nat)
+ u8 zone_restore_id, bool nat_table, bool has_nat)
{
DECLARE_MOD_HDR_ACTS_ACTIONS(actions_arr, MLX5_CT_MIN_MOD_ACTS);
DECLARE_MOD_HDR_ACTS(mod_acts, actions_arr);
@@ -717,11 +717,12 @@ mlx5_tc_ct_entry_create_mod_hdr(struct mlx5_tc_ct_priv *ct_priv,
&attr->ct_attr.ct_labels_id);
if (err)
return -EOPNOTSUPP;
- if (nat) {
- err = mlx5_tc_ct_entry_create_nat(ct_priv, flow_rule,
- &mod_acts);
- if (err)
- goto err_mapping;
+ if (nat_table) {
+ if (has_nat) {
+ err = mlx5_tc_ct_entry_create_nat(ct_priv, flow_rule, &mod_acts);
+ if (err)
+ goto err_mapping;
+ }
ct_state |= MLX5_CT_STATE_NAT_BIT;
}
@@ -736,7 +737,7 @@ mlx5_tc_ct_entry_create_mod_hdr(struct mlx5_tc_ct_priv *ct_priv,
if (err)
goto err_mapping;
- if (nat) {
+ if (nat_table && has_nat) {
attr->modify_hdr = mlx5_modify_header_alloc(ct_priv->dev, ct_priv->ns_type,
mod_acts.num_actions,
mod_acts.actions);
@@ -804,7 +805,9 @@ mlx5_tc_ct_entry_add_rule(struct mlx5_tc_ct_priv *ct_priv,
err = mlx5_tc_ct_entry_create_mod_hdr(ct_priv, attr, flow_rule,
&zone_rule->mh,
- zone_restore_id, nat);
+ zone_restore_id,
+ nat,
+ mlx5_tc_ct_entry_has_nat(entry));
if (err) {
ct_dbg("Failed to create ct entry mod hdr");
goto err_mod_hdr;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 127/339] net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 126/339] net/mlx5: CT: Fix header-rewrite re-use for tupels Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 128/339] net/mlx5: correct ECE offset in query qp output Greg Kroah-Hartman
` (213 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Mikityanskiy, Karsten Nielsen,
Tariq Toukan, Gal Pressman, Saeed Mahameed, Sasha Levin
From: Maxim Mikityanskiy <maximmi@nvidia.com>
[ Upstream commit 2e642afb61b24401a7ec819d27ddcd69c7c29784 ]
When the driver activates the channels, it assumes NAPI isn't running
yet. mlx5e_activate_rq posts a NOP WQE to ICOSQ to trigger a hardware
interrupt and start NAPI, which will run mlx5e_alloc_rx_mpwqe and post
UMR WQEs to ICOSQ to be able to receive packets with striding RQ.
Unfortunately, a race condition is possible if NAPI is triggered by
something else (for example, TX) at a bad timing, before
mlx5e_activate_rq finishes. In this case, mlx5e_alloc_rx_mpwqe may post
UMR WQEs to ICOSQ, and with the bad timing, the wqe_info of the first
UMR may be overwritten by the wqe_info of the NOP posted by
mlx5e_activate_rq.
The consequence is that icosq->db.wqe_info[0].num_wqebbs will be changed
from MLX5E_UMR_WQEBBS to 1, disrupting the integrity of the array-based
linked list in wqe_info[]. mlx5e_poll_ico_cq will hang in an infinite
loop after processing wqe_info[0], because after the corruption, the
next item to be processed will be wqe_info[1], which is filled with
zeros, and `sqcc += wi->num_wqebbs` will never move further.
This commit fixes this race condition by using async_icosq to post the
NOP and trigger the interrupt. async_icosq is always protected with a
spinlock, eliminating the race condition.
Fixes: bc77b240b3c5 ("net/mlx5e: Add fragmented memory support for RX multi packet WQE")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reported-by: Karsten Nielsen <karsten@foo-bar.dk>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 ++++
.../net/ethernet/mellanox/mlx5/core/en/ptp.c | 1 +
.../mellanox/mlx5/core/en/reporter_rx.c | 6 +++++
.../net/ethernet/mellanox/mlx5/core/en/trap.c | 1 +
.../ethernet/mellanox/mlx5/core/en/xsk/pool.c | 1 +
.../mellanox/mlx5/core/en/xsk/setup.c | 5 +---
.../net/ethernet/mellanox/mlx5/core/en_main.c | 24 +++++++++++++------
7 files changed, 31 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en.h b/drivers/net/ethernet/mellanox/mlx5/core/en.h
index ee34e861d3af..d0d14325a0d9 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h
@@ -765,6 +765,7 @@ struct mlx5e_rq {
u8 wq_type;
u32 rqn;
struct mlx5_core_dev *mdev;
+ struct mlx5e_channel *channel;
u32 umr_mkey;
struct mlx5e_dma_info wqe_overflow;
@@ -1077,6 +1078,9 @@ void mlx5e_close_cq(struct mlx5e_cq *cq);
int mlx5e_open_locked(struct net_device *netdev);
int mlx5e_close_locked(struct net_device *netdev);
+void mlx5e_trigger_napi_icosq(struct mlx5e_channel *c);
+void mlx5e_trigger_napi_sched(struct napi_struct *napi);
+
int mlx5e_open_channels(struct mlx5e_priv *priv,
struct mlx5e_channels *chs);
void mlx5e_close_channels(struct mlx5e_channels *chs);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c b/drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c
index 335b20b6383b..047f88f09203 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c
@@ -736,6 +736,7 @@ void mlx5e_ptp_activate_channel(struct mlx5e_ptp *c)
if (test_bit(MLX5E_PTP_STATE_RX, c->state)) {
mlx5e_ptp_rx_set_fs(c->priv);
mlx5e_activate_rq(&c->rq);
+ mlx5e_trigger_napi_sched(&c->napi);
}
}
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c
index 2684e9da9f41..fc366e66d0b0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/reporter_rx.c
@@ -123,6 +123,8 @@ static int mlx5e_rx_reporter_err_icosq_cqe_recover(void *ctx)
xskrq->stats->recover++;
}
+ mlx5e_trigger_napi_icosq(icosq->channel);
+
mutex_unlock(&icosq->channel->icosq_recovery_lock);
return 0;
@@ -166,6 +168,10 @@ static int mlx5e_rx_reporter_err_rq_cqe_recover(void *ctx)
clear_bit(MLX5E_RQ_STATE_RECOVERING, &rq->state);
mlx5e_activate_rq(rq);
rq->stats->recover++;
+ if (rq->channel)
+ mlx5e_trigger_napi_icosq(rq->channel);
+ else
+ mlx5e_trigger_napi_sched(rq->cq.napi);
return 0;
out:
clear_bit(MLX5E_RQ_STATE_RECOVERING, &rq->state);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/trap.c b/drivers/net/ethernet/mellanox/mlx5/core/en/trap.c
index 857840ab1e91..11f2a7fb72a9 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/trap.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/trap.c
@@ -179,6 +179,7 @@ static void mlx5e_activate_trap(struct mlx5e_trap *trap)
{
napi_enable(&trap->napi);
mlx5e_activate_rq(&trap->rq);
+ mlx5e_trigger_napi_sched(&trap->napi);
}
void mlx5e_deactivate_trap(struct mlx5e_priv *priv)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/pool.c b/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/pool.c
index 279cd8f4e79f..2c520394aa1d 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/pool.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/pool.c
@@ -117,6 +117,7 @@ static int mlx5e_xsk_enable_locked(struct mlx5e_priv *priv,
goto err_remove_pool;
mlx5e_activate_xsk(c);
+ mlx5e_trigger_napi_icosq(c);
/* Don't wait for WQEs, because the newer xdpsock sample doesn't provide
* any Fill Ring entries at the setup stage.
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c b/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c
index 3ad7f1301fa8..98ed9ef3a6bd 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c
@@ -64,6 +64,7 @@ static int mlx5e_init_xsk_rq(struct mlx5e_channel *c,
rq->clock = &mdev->clock;
rq->icosq = &c->icosq;
rq->ix = c->ix;
+ rq->channel = c;
rq->mdev = mdev;
rq->hw_mtu = MLX5E_SW2HW_MTU(params, params->sw_mtu);
rq->xdpsq = &c->rq_xdpsq;
@@ -179,10 +180,6 @@ void mlx5e_activate_xsk(struct mlx5e_channel *c)
mlx5e_reporter_icosq_resume_recovery(c);
/* TX queue is created active. */
-
- spin_lock_bh(&c->async_icosq_lock);
- mlx5e_trigger_irq(&c->async_icosq);
- spin_unlock_bh(&c->async_icosq_lock);
}
void mlx5e_deactivate_xsk(struct mlx5e_channel *c)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 72867a8ff48b..6a35af2c2c8b 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -478,6 +478,7 @@ static int mlx5e_init_rxq_rq(struct mlx5e_channel *c, struct mlx5e_params *param
rq->clock = &mdev->clock;
rq->icosq = &c->icosq;
rq->ix = c->ix;
+ rq->channel = c;
rq->mdev = mdev;
rq->hw_mtu = MLX5E_SW2HW_MTU(params, params->sw_mtu);
rq->xdpsq = &c->rq_xdpsq;
@@ -1072,13 +1073,6 @@ int mlx5e_open_rq(struct mlx5e_params *params, struct mlx5e_rq_param *param,
void mlx5e_activate_rq(struct mlx5e_rq *rq)
{
set_bit(MLX5E_RQ_STATE_ENABLED, &rq->state);
- if (rq->icosq) {
- mlx5e_trigger_irq(rq->icosq);
- } else {
- local_bh_disable();
- napi_schedule(rq->cq.napi);
- local_bh_enable();
- }
}
void mlx5e_deactivate_rq(struct mlx5e_rq *rq)
@@ -2233,6 +2227,20 @@ static int mlx5e_channel_stats_alloc(struct mlx5e_priv *priv, int ix, int cpu)
return 0;
}
+void mlx5e_trigger_napi_icosq(struct mlx5e_channel *c)
+{
+ spin_lock_bh(&c->async_icosq_lock);
+ mlx5e_trigger_irq(&c->async_icosq);
+ spin_unlock_bh(&c->async_icosq_lock);
+}
+
+void mlx5e_trigger_napi_sched(struct napi_struct *napi)
+{
+ local_bh_disable();
+ napi_schedule(napi);
+ local_bh_enable();
+}
+
static int mlx5e_open_channel(struct mlx5e_priv *priv, int ix,
struct mlx5e_params *params,
struct mlx5e_channel_param *cparam,
@@ -2314,6 +2322,8 @@ static void mlx5e_activate_channel(struct mlx5e_channel *c)
if (test_bit(MLX5E_CHANNEL_STATE_XSK, c->state))
mlx5e_activate_xsk(c);
+
+ mlx5e_trigger_napi_icosq(c);
}
static void mlx5e_deactivate_channel(struct mlx5e_channel *c)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 128/339] net/mlx5: correct ECE offset in query qp output
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 127/339] net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 129/339] net/mlx5e: Update netdev features after changing XDP state Greg Kroah-Hartman
` (212 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Changcheng Liu, Saeed Mahameed, Sasha Levin
From: Changcheng Liu <jerrliu@nvidia.com>
[ Upstream commit 3fc2a9e89b3508a5cc0c324f26d7b4740ba8c456 ]
ECE field should be after opt_param_mask in query qp output.
Fixes: 6b646a7e4af6 ("net/mlx5: Add ability to read and write ECE options")
Signed-off-by: Changcheng Liu <jerrliu@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/mlx5/mlx5_ifc.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h
index 7d2d0ba82144..2e162ec2a3d3 100644
--- a/include/linux/mlx5/mlx5_ifc.h
+++ b/include/linux/mlx5/mlx5_ifc.h
@@ -5180,12 +5180,11 @@ struct mlx5_ifc_query_qp_out_bits {
u8 syndrome[0x20];
- u8 reserved_at_40[0x20];
- u8 ece[0x20];
+ u8 reserved_at_40[0x40];
u8 opt_param_mask[0x20];
- u8 reserved_at_a0[0x20];
+ u8 ece[0x20];
struct mlx5_ifc_qpc_bits qpc;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 129/339] net/mlx5e: Update netdev features after changing XDP state
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 128/339] net/mlx5: correct ECE offset in query qp output Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 130/339] net: sched: add barrier to fix packet stuck problem for lockless qdisc Greg Kroah-Hartman
` (211 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maxim Mikityanskiy, Tariq Toukan,
Saeed Mahameed, Sasha Levin
From: Maxim Mikityanskiy <maximmi@nvidia.com>
[ Upstream commit f6279f113ad593971999c877eb69dc3d36a75894 ]
Some features (LRO, HW GRO) conflict with XDP. If there is an attempt to
enable such features while XDP is active, they will be set to `off
[requested on]`. In order to activate these features after XDP is turned
off, the driver needs to call netdev_update_features(). This commit adds
this missing call after XDP state changes.
Fixes: cf6e34c8c22f ("net/mlx5e: Properly block LRO when XDP is enabled")
Fixes: b0617e7b3500 ("net/mlx5e: Properly block HW GRO when XDP is enabled")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 6a35af2c2c8b..58b6c8b82fd0 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -4581,6 +4581,11 @@ static int mlx5e_xdp_set(struct net_device *netdev, struct bpf_prog *prog)
unlock:
mutex_unlock(&priv->state_lock);
+
+ /* Need to fix some features. */
+ if (!err)
+ netdev_update_features(netdev);
+
return err;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 130/339] net: sched: add barrier to fix packet stuck problem for lockless qdisc
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 129/339] net/mlx5e: Update netdev features after changing XDP state Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 131/339] tcp: tcp_rtx_synack() can be called from process context Greg Kroah-Hartman
` (210 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Guoju Fang, Jakub Kicinski, Sasha Levin
From: Guoju Fang <gjfang@linux.alibaba.com>
[ Upstream commit 2e8728c955ce0624b958eee6e030a37aca3a5d86 ]
In qdisc_run_end(), the spin_unlock() only has store-release semantic,
which guarantees all earlier memory access are visible before it. But
the subsequent test_bit() has no barrier semantics so may be reordered
ahead of the spin_unlock(). The store-load reordering may cause a packet
stuck problem.
The concurrent operations can be described as below,
CPU 0 | CPU 1
qdisc_run_end() | qdisc_run_begin()
. | .
----> /* may be reorderd here */ | .
| . | .
| spin_unlock() | set_bit()
| . | smp_mb__after_atomic()
---- test_bit() | spin_trylock()
. | .
Consider the following sequence of events:
CPU 0 reorder test_bit() ahead and see MISSED = 0
CPU 1 calls set_bit()
CPU 1 calls spin_trylock() and return fail
CPU 0 executes spin_unlock()
At the end of the sequence, CPU 0 calls spin_unlock() and does nothing
because it see MISSED = 0. The skb on CPU 1 has beed enqueued but no one
take it, until the next cpu pushing to the qdisc (if ever ...) will
notice and dequeue it.
This patch fix this by adding one explicit barrier. As spin_unlock() and
test_bit() ordering is a store-load ordering, a full memory barrier
smp_mb() is needed here.
Fixes: a90c57f2cedd ("net: sched: fix packet stuck problem for lockless qdisc")
Signed-off-by: Guoju Fang <gjfang@linux.alibaba.com>
Link: https://lore.kernel.org/r/20220528101628.120193-1-gjfang@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sch_generic.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 80973ce820f3..d6cf5116b5f9 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -209,6 +209,12 @@ static inline void qdisc_run_end(struct Qdisc *qdisc)
if (qdisc->flags & TCQ_F_NOLOCK) {
spin_unlock(&qdisc->seqlock);
+ /* spin_unlock() only has store-release semantic. The unlock
+ * and test_bit() ordering is a store-load ordering, so a full
+ * memory barrier is needed here.
+ */
+ smp_mb();
+
if (unlikely(test_bit(__QDISC_STATE_MISSED,
&qdisc->state)))
__netif_schedule(qdisc);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 131/339] tcp: tcp_rtx_synack() can be called from process context
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 130/339] net: sched: add barrier to fix packet stuck problem for lockless qdisc Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 132/339] vdpa: ifcvf: set pci driver data in probe Greg Kroah-Hartman
` (209 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eric Dumazet, Laurent Fasnacht,
Neal Cardwell, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 0a375c822497ed6ad6b5da0792a12a6f1af10c0b ]
Laurent reported the enclosed report [1]
This bug triggers with following coditions:
0) Kernel built with CONFIG_DEBUG_PREEMPT=y
1) A new passive FastOpen TCP socket is created.
This FO socket waits for an ACK coming from client to be a complete
ESTABLISHED one.
2) A socket operation on this socket goes through lock_sock()
release_sock() dance.
3) While the socket is owned by the user in step 2),
a retransmit of the SYN is received and stored in socket backlog.
4) At release_sock() time, the socket backlog is processed while
in process context.
5) A SYNACK packet is cooked in response of the SYN retransmit.
6) -> tcp_rtx_synack() is called in process context.
Before blamed commit, tcp_rtx_synack() was always called from BH handler,
from a timer handler.
Fix this by using TCP_INC_STATS() & NET_INC_STATS()
which do not assume caller is in non preemptible context.
[1]
BUG: using __this_cpu_add() in preemptible [00000000] code: epollpep/2180
caller is tcp_rtx_synack.part.0+0x36/0xc0
CPU: 10 PID: 2180 Comm: epollpep Tainted: G OE 5.16.0-0.bpo.4-amd64 #1 Debian 5.16.12-1~bpo11+1
Hardware name: Supermicro SYS-5039MC-H8TRF/X11SCD-F, BIOS 1.7 11/23/2021
Call Trace:
<TASK>
dump_stack_lvl+0x48/0x5e
check_preemption_disabled+0xde/0xe0
tcp_rtx_synack.part.0+0x36/0xc0
tcp_rtx_synack+0x8d/0xa0
? kmem_cache_alloc+0x2e0/0x3e0
? apparmor_file_alloc_security+0x3b/0x1f0
inet_rtx_syn_ack+0x16/0x30
tcp_check_req+0x367/0x610
tcp_rcv_state_process+0x91/0xf60
? get_nohz_timer_target+0x18/0x1a0
? lock_timer_base+0x61/0x80
? preempt_count_add+0x68/0xa0
tcp_v4_do_rcv+0xbd/0x270
__release_sock+0x6d/0xb0
release_sock+0x2b/0x90
sock_setsockopt+0x138/0x1140
? __sys_getsockname+0x7e/0xc0
? aa_sk_perm+0x3e/0x1a0
__sys_setsockopt+0x198/0x1e0
__x64_sys_setsockopt+0x21/0x30
do_syscall_64+0x38/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 168a8f58059a ("tcp: TCP Fast Open Server - main code path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Laurent Fasnacht <laurent.fasnacht@proton.ch>
Acked-by: Neal Cardwell <ncardwell@google.com>
Link: https://lore.kernel.org/r/20220530213713.601888-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_output.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 5f91a9536e00..6b00c17c72aa 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -4113,8 +4113,8 @@ int tcp_rtx_synack(const struct sock *sk, struct request_sock *req)
res = af_ops->send_synack(sk, NULL, &fl, req, NULL, TCP_SYNACK_NORMAL,
NULL);
if (!res) {
- __TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
- __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
+ TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
if (unlikely(tcp_passive_fastopen(sk)))
tcp_sk(sk)->total_retrans++;
trace_tcp_retransmit_synack(sk, req);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 132/339] vdpa: ifcvf: set pci driver data in probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 131/339] tcp: tcp_rtx_synack() can be called from process context Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 133/339] bonding: guard ns_targets by CONFIG_IPV6 Greg Kroah-Hartman
` (208 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Jason Wang,
Michael S. Tsirkin, Sasha Levin
From: Jason Wang <jasowang@redhat.com>
[ Upstream commit bd8bb9aed56b1814784a975e2dfea12a9adcee92 ]
We should set the pci driver data in probe instead of the vdpa device
adding callback. Otherwise if no vDPA device is created we will lose
the pointer to the management device.
Fixes: 6b5df347c6482 ("vDPA/ifcvf: implement management netlink framework for ifcvf")
Tested-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220524055557.1938-1-jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vdpa/ifcvf/ifcvf_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/vdpa/ifcvf/ifcvf_main.c b/drivers/vdpa/ifcvf/ifcvf_main.c
index 4366320fb68d..197d52e7b801 100644
--- a/drivers/vdpa/ifcvf/ifcvf_main.c
+++ b/drivers/vdpa/ifcvf/ifcvf_main.c
@@ -765,7 +765,6 @@ static int ifcvf_vdpa_dev_add(struct vdpa_mgmt_dev *mdev, const char *name,
}
ifcvf_mgmt_dev->adapter = adapter;
- pci_set_drvdata(pdev, ifcvf_mgmt_dev);
vf = &adapter->vf;
vf->dev_type = get_dev_type(pdev);
@@ -880,6 +879,8 @@ static int ifcvf_probe(struct pci_dev *pdev, const struct pci_device_id *id)
goto err;
}
+ pci_set_drvdata(pdev, ifcvf_mgmt_dev);
+
return 0;
err:
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 133/339] bonding: guard ns_targets by CONFIG_IPV6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 132/339] vdpa: ifcvf: set pci driver data in probe Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 134/339] octeontx2-af: fix error code in is_valid_offset() Greg Kroah-Hartman
` (207 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hangbin Liu, Jonathan Toppins,
Paolo Abeni, Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit c4caa500ffebf64795d1c0f6f9d6f179b502c6b7 ]
Guard ns_targets in struct bond_params by CONFIG_IPV6, which could save
256 bytes if IPv6 not configed. Also add this protection for function
bond_is_ip6_target_ok() and bond_get_targets_ip6().
Remove the IS_ENABLED() check for bond_opts[] as this will make
BOND_OPT_NS_TARGETS uninitialized if CONFIG_IPV6 not enabled. Add
a dummy bond_option_ns_ip6_targets_set() for this situation.
Fixes: 4e24be018eb9 ("bonding: add new parameter ns_targets")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Jonathan Toppins <jtoppins@redhat.com>
Link: https://lore.kernel.org/r/20220531063727.224043-1-liuhangbin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_main.c | 2 ++
drivers/net/bonding/bond_options.c | 10 ++++++----
include/net/bonding.h | 6 ++++++
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index b5c5196e03ee..26a6573adf0f 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -6159,7 +6159,9 @@ static int bond_check_params(struct bond_params *params)
strscpy_pad(params->primary, primary, sizeof(params->primary));
memcpy(params->arp_targets, arp_target, sizeof(arp_target));
+#if IS_ENABLED(CONFIG_IPV6)
memset(params->ns_targets, 0, sizeof(struct in6_addr) * BOND_MAX_NS_TARGETS);
+#endif
return 0;
}
diff --git a/drivers/net/bonding/bond_options.c b/drivers/net/bonding/bond_options.c
index 64f7db2627ce..1f8323ad5282 100644
--- a/drivers/net/bonding/bond_options.c
+++ b/drivers/net/bonding/bond_options.c
@@ -34,10 +34,8 @@ static int bond_option_arp_ip_target_add(struct bonding *bond, __be32 target);
static int bond_option_arp_ip_target_rem(struct bonding *bond, __be32 target);
static int bond_option_arp_ip_targets_set(struct bonding *bond,
const struct bond_opt_value *newval);
-#if IS_ENABLED(CONFIG_IPV6)
static int bond_option_ns_ip6_targets_set(struct bonding *bond,
const struct bond_opt_value *newval);
-#endif
static int bond_option_arp_validate_set(struct bonding *bond,
const struct bond_opt_value *newval);
static int bond_option_arp_all_targets_set(struct bonding *bond,
@@ -299,7 +297,6 @@ static const struct bond_option bond_opts[BOND_OPT_LAST] = {
.flags = BOND_OPTFLAG_RAWVAL,
.set = bond_option_arp_ip_targets_set
},
-#if IS_ENABLED(CONFIG_IPV6)
[BOND_OPT_NS_TARGETS] = {
.id = BOND_OPT_NS_TARGETS,
.name = "ns_ip6_target",
@@ -307,7 +304,6 @@ static const struct bond_option bond_opts[BOND_OPT_LAST] = {
.flags = BOND_OPTFLAG_RAWVAL,
.set = bond_option_ns_ip6_targets_set
},
-#endif
[BOND_OPT_DOWNDELAY] = {
.id = BOND_OPT_DOWNDELAY,
.name = "downdelay",
@@ -1254,6 +1250,12 @@ static int bond_option_ns_ip6_targets_set(struct bonding *bond,
return 0;
}
+#else
+static int bond_option_ns_ip6_targets_set(struct bonding *bond,
+ const struct bond_opt_value *newval)
+{
+ return -EPERM;
+}
#endif
static int bond_option_arp_validate_set(struct bonding *bond,
diff --git a/include/net/bonding.h b/include/net/bonding.h
index b14f4c0b4e9e..cb904d356e31 100644
--- a/include/net/bonding.h
+++ b/include/net/bonding.h
@@ -149,7 +149,9 @@ struct bond_params {
struct reciprocal_value reciprocal_packets_per_slave;
u16 ad_actor_sys_prio;
u16 ad_user_port_key;
+#if IS_ENABLED(CONFIG_IPV6)
struct in6_addr ns_targets[BOND_MAX_NS_TARGETS];
+#endif
/* 2 bytes of padding : see ether_addr_equal_64bits() */
u8 ad_actor_system[ETH_ALEN + 2];
@@ -503,12 +505,14 @@ static inline int bond_is_ip_target_ok(__be32 addr)
return !ipv4_is_lbcast(addr) && !ipv4_is_zeronet(addr);
}
+#if IS_ENABLED(CONFIG_IPV6)
static inline int bond_is_ip6_target_ok(struct in6_addr *addr)
{
return !ipv6_addr_any(addr) &&
!ipv6_addr_loopback(addr) &&
!ipv6_addr_is_multicast(addr);
}
+#endif
/* Get the oldest arp which we've received on this slave for bond's
* arp_targets.
@@ -746,6 +750,7 @@ static inline int bond_get_targets_ip(__be32 *targets, __be32 ip)
return -1;
}
+#if IS_ENABLED(CONFIG_IPV6)
static inline int bond_get_targets_ip6(struct in6_addr *targets, struct in6_addr *ip)
{
int i;
@@ -758,6 +763,7 @@ static inline int bond_get_targets_ip6(struct in6_addr *targets, struct in6_addr
return -1;
}
+#endif
/* exported from bond_main.c */
extern unsigned int bond_net_id;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 134/339] octeontx2-af: fix error code in is_valid_offset()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 133/339] bonding: guard ns_targets by CONFIG_IPV6 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 135/339] s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag Greg Kroah-Hartman
` (206 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Paolo Abeni, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit f3d671c711097a133bc36bd2bde52f1fcca783a6 ]
The is_valid_offset() function returns success/true if the call to
validate_and_get_cpt_blkaddr() fails.
Fixes: ecad2ce8c48f ("octeontx2-af: cn10k: Add mailbox to configure reassembly timeout")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YpXDrTPb8qV01JSP@kili
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c
index a79201a9a6f0..a9da85e418a4 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c
@@ -579,7 +579,7 @@ static bool is_valid_offset(struct rvu *rvu, struct cpt_rd_wr_reg_msg *req)
blkaddr = validate_and_get_cpt_blkaddr(req->blkaddr);
if (blkaddr < 0)
- return blkaddr;
+ return false;
/* Registers that can be accessed from PF/VF */
if ((offset & 0xFF000) == CPT_AF_LFX_CTL(0) ||
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 135/339] s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 134/339] octeontx2-af: fix error code in is_valid_offset() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 136/339] regulator: mt6315-regulator: fix invalid allowed mode Greg Kroah-Hartman
` (205 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sven Schnelle, Christian Borntraeger,
Alexander Gordeev, Heiko Carstens, Sasha Levin
From: Alexander Gordeev <agordeev@linux.ibm.com>
[ Upstream commit 29ccaa4b35ea874ddd50518e5c2c746b9238a792 ]
Commit d768bd892fc8 ("s390: add options to change branch prediction
behaviour for the kernel") introduced .Lsie_exit label - supposedly
to fence off SIE instruction. However, the corresponding address
range length .Lsie_crit_mcck_length was not updated, which led to
BPON code potentionally marked with CIF_MCCK_GUEST flag.
Both .Lsie_exit and .Lsie_crit_mcck_length were removed with commit
0b0ed657fe00 ("s390: remove critical section cleanup from entry.S"),
but the issue persisted - currently BPOFF and BPENTER macros might
get wrongly considered by the machine check handler as a guest.
Fixes: d768bd892fc8 ("s390: add options to change branch prediction behaviour for the kernel")
Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kernel/entry.S | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S
index 59b69c8ab5e1..85e9703e52a8 100644
--- a/arch/s390/kernel/entry.S
+++ b/arch/s390/kernel/entry.S
@@ -258,6 +258,10 @@ ENTRY(sie64a)
BPEXIT __SF_SIE_FLAGS(%r15),(_TIF_ISOLATE_BP|_TIF_ISOLATE_BP_GUEST)
.Lsie_entry:
sie 0(%r14)
+# Let the next instruction be NOP to avoid triggering a machine check
+# and handling it in a guest as result of the instruction execution.
+ nopr 7
+.Lsie_leave:
BPOFF
BPENTER __SF_SIE_FLAGS(%r15),(_TIF_ISOLATE_BP|_TIF_ISOLATE_BP_GUEST)
.Lsie_skip:
@@ -557,7 +561,7 @@ ENTRY(mcck_int_handler)
jno .Lmcck_panic
#if IS_ENABLED(CONFIG_KVM)
OUTSIDE %r9,.Lsie_gmap,.Lsie_done,6f
- OUTSIDE %r9,.Lsie_entry,.Lsie_skip,4f
+ OUTSIDE %r9,.Lsie_entry,.Lsie_leave,4f
oi __LC_CPU_FLAGS+7, _CIF_MCCK_GUEST
j 5f
4: CHKSTG .Lmcck_panic
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 136/339] regulator: mt6315-regulator: fix invalid allowed mode
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 135/339] s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 137/339] net: ping6: Fix ping -6 with interface name Greg Kroah-Hartman
` (204 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fabien Parent, Mark Brown, Sasha Levin
From: Fabien Parent <fparent@baylibre.com>
[ Upstream commit 28cbc2d4c54c09a427b18a1604740efb6b2cc2d6 ]
In the binding example, the regulator mode 4 is shown as a valid mode,
but the driver actually only support mode 0 to 2:
This generates an error in dmesg when copy/pasting the binding example:
[ 0.306080] vbuck1: invalid regulator-allowed-modes element 4
[ 0.307290] vbuck2: invalid regulator-allowed-modes element 4
This commit fixes this error by removing the invalid mode from the
examples.
Fixes: 977fb5b58469 ("regulator: document binding for MT6315 regulator")
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Link: https://lore.kernel.org/r/20220529154613.337559-1-fparent@baylibre.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../devicetree/bindings/regulator/mt6315-regulator.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml b/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
index 5d2d989de893..37402c370fbb 100644
--- a/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
+++ b/Documentation/devicetree/bindings/regulator/mt6315-regulator.yaml
@@ -55,7 +55,7 @@ examples:
regulator-min-microvolt = <300000>;
regulator-max-microvolt = <1193750>;
regulator-enable-ramp-delay = <256>;
- regulator-allowed-modes = <0 1 2 4>;
+ regulator-allowed-modes = <0 1 2>;
};
vbuck3 {
@@ -63,7 +63,7 @@ examples:
regulator-min-microvolt = <300000>;
regulator-max-microvolt = <1193750>;
regulator-enable-ramp-delay = <256>;
- regulator-allowed-modes = <0 1 2 4>;
+ regulator-allowed-modes = <0 1 2>;
};
};
};
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 137/339] net: ping6: Fix ping -6 with interface name
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 136/339] regulator: mt6315-regulator: fix invalid allowed mode Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 138/339] net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6() Greg Kroah-Hartman
` (203 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Aya Levin, Gal Pressman,
Saeed Mahameed, Tariq Toukan, David Ahern, Paolo Abeni,
Sasha Levin
From: Aya Levin <ayal@nvidia.com>
[ Upstream commit e6652a8ef3e64d953168a95878fe29b934ad78ac ]
When passing interface parameter to ping -6:
$ ping -6 ::11:141:84:9 -I eth2
Results in:
PING ::11:141:84:10(::11:141:84:10) from ::11:141:84:9 eth2: 56 data bytes
ping: sendmsg: Invalid argument
ping: sendmsg: Invalid argument
Initialize the fl6's outgoing interface (OIF) before triggering
ip6_datagram_send_ctl. Don't wipe fl6 after ip6_datagram_send_ctl() as
changes in fl6 that may happen in the function are overwritten explicitly.
Update comment accordingly.
Fixes: 13651224c00b ("net: ping6: support setting basic SOL_IPV6 options via cmsg")
Signed-off-by: Aya Levin <ayal@nvidia.com>
Reviewed-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220531084544.15126-1-tariqt@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ping.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
index ff033d16549e..ecf3a553a0dc 100644
--- a/net/ipv6/ping.c
+++ b/net/ipv6/ping.c
@@ -101,6 +101,9 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
ipc6.sockc.tsflags = sk->sk_tsflags;
ipc6.sockc.mark = sk->sk_mark;
+ memset(&fl6, 0, sizeof(fl6));
+ fl6.flowi6_oif = oif;
+
if (msg->msg_controllen) {
struct ipv6_txoptions opt = {};
@@ -112,17 +115,14 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
return err;
/* Changes to txoptions and flow info are not implemented, yet.
- * Drop the options, fl6 is wiped below.
+ * Drop the options.
*/
ipc6.opt = NULL;
}
- memset(&fl6, 0, sizeof(fl6));
-
fl6.flowi6_proto = IPPROTO_ICMPV6;
fl6.saddr = np->saddr;
fl6.daddr = *daddr;
- fl6.flowi6_oif = oif;
fl6.flowi6_mark = ipc6.sockc.mark;
fl6.flowi6_uid = sk->sk_uid;
fl6.fl6_icmp_type = user_icmph.icmp6_type;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 138/339] net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 137/339] net: ping6: Fix ping -6 with interface name Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 139/339] gpio: pca953x: use the correct register address to do regcache sync Greg Kroah-Hartman
` (202 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Toshiaki Makita,
Paolo Abeni, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 86360030cc5117596626bef1d937277cd2bebe05 ]
The tcf_ct_flow_table_fill_tuple_ipv6() function is supposed to return
false on failure. It should not return negatives because that means
succes/true.
Fixes: fcb6aa86532c ("act_ct: Support GRE offload")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
Link: https://lore.kernel.org/r/YpYFnbDxFl6tQ3Bn@kili
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/act_ct.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index b1f502fce595..b3ca837fd4e8 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -548,7 +548,7 @@ tcf_ct_flow_table_fill_tuple_ipv6(struct sk_buff *skb,
break;
#endif
default:
- return -1;
+ return false;
}
if (ip6h->hop_limit <= 1)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 139/339] gpio: pca953x: use the correct register address to do regcache sync
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 138/339] net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 140/339] afs: Fix infinite loop found by xfstest generic/676 Greg Kroah-Hartman
` (201 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Haibo Chen, Bartosz Golaszewski, Sasha Levin
From: Haibo Chen <haibo.chen@nxp.com>
[ Upstream commit 43624eda86c98b0de726d0b6f2516ccc3ef7313f ]
For regcache_sync_region, need to use pca953x_recalc_addr() to get
the real register address.
Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle")
Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-pca953x.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
index 8726921a1129..33683295a0bf 100644
--- a/drivers/gpio/gpio-pca953x.c
+++ b/drivers/gpio/gpio-pca953x.c
@@ -1108,20 +1108,21 @@ static int pca953x_regcache_sync(struct device *dev)
{
struct pca953x_chip *chip = dev_get_drvdata(dev);
int ret;
+ u8 regaddr;
/*
* The ordering between direction and output is important,
* sync these registers first and only then sync the rest.
*/
- ret = regcache_sync_region(chip->regmap, chip->regs->direction,
- chip->regs->direction + NBANK(chip));
+ regaddr = pca953x_recalc_addr(chip, chip->regs->direction, 0);
+ ret = regcache_sync_region(chip->regmap, regaddr, regaddr + NBANK(chip));
if (ret) {
dev_err(dev, "Failed to sync GPIO dir registers: %d\n", ret);
return ret;
}
- ret = regcache_sync_region(chip->regmap, chip->regs->output,
- chip->regs->output + NBANK(chip));
+ regaddr = pca953x_recalc_addr(chip, chip->regs->output, 0);
+ ret = regcache_sync_region(chip->regmap, regaddr, regaddr + NBANK(chip));
if (ret) {
dev_err(dev, "Failed to sync GPIO out registers: %d\n", ret);
return ret;
@@ -1129,16 +1130,18 @@ static int pca953x_regcache_sync(struct device *dev)
#ifdef CONFIG_GPIO_PCA953X_IRQ
if (chip->driver_data & PCA_PCAL) {
- ret = regcache_sync_region(chip->regmap, PCAL953X_IN_LATCH,
- PCAL953X_IN_LATCH + NBANK(chip));
+ regaddr = pca953x_recalc_addr(chip, PCAL953X_IN_LATCH, 0);
+ ret = regcache_sync_region(chip->regmap, regaddr,
+ regaddr + NBANK(chip));
if (ret) {
dev_err(dev, "Failed to sync INT latch registers: %d\n",
ret);
return ret;
}
- ret = regcache_sync_region(chip->regmap, PCAL953X_INT_MASK,
- PCAL953X_INT_MASK + NBANK(chip));
+ regaddr = pca953x_recalc_addr(chip, PCAL953X_INT_MASK, 0);
+ ret = regcache_sync_region(chip->regmap, regaddr,
+ regaddr + NBANK(chip));
if (ret) {
dev_err(dev, "Failed to sync INT mask registers: %d\n",
ret);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 140/339] afs: Fix infinite loop found by xfstest generic/676
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 139/339] gpio: pca953x: use the correct register address to do regcache sync Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 141/339] drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() Greg Kroah-Hartman
` (200 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Howells, Marc Dionne,
linux-afs, Linus Torvalds, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 17eabd42560f4636648ad65ba5b20228071e2363 ]
In AFS, a directory is handled as a file that the client downloads and
parses locally for the purposes of performing lookup and getdents
operations. The in-kernel afs filesystem has a number of functions that
do this.
A directory file is arranged as a series of 2K blocks divided into
32-byte slots, where a directory entry occupies one or more slots, plus
each block starts with one or more metadata blocks.
When parsing a block, if the last slots are occupied by a dirent that
occupies more than a single slot and the file position points at a slot
that's not the initial one, the logic in afs_dir_iterate_block() that
skips over it won't advance the file pointer to the end of it. This
will cause an infinite loop in getdents() as it will keep retrying that
block and failing to advance beyond the final entry.
Fix this by advancing the file pointer if the next entry will be beyond
it when we skip a block.
This was found by the generic/676 xfstest but can also be triggered with
something like:
~/xfstests-dev/src/t_readdir_3 /xfstest.test/z 4000 1
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: http://lore.kernel.org/r/165391973497.110268.2939296942213894166.stgit@warthog.procyon.org.uk/
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/afs/dir.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/afs/dir.c b/fs/afs/dir.c
index 932e61e28e5d..bdac73554e6e 100644
--- a/fs/afs/dir.c
+++ b/fs/afs/dir.c
@@ -463,8 +463,11 @@ static int afs_dir_iterate_block(struct afs_vnode *dvnode,
}
/* skip if starts before the current position */
- if (offset < curr)
+ if (offset < curr) {
+ if (next > curr)
+ ctx->pos = blkoff + next * sizeof(union afs_xdr_dirent);
continue;
+ }
/* found the next entry */
if (!dir_emit(ctx, dire->u.name, nlen,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 141/339] drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 140/339] afs: Fix infinite loop found by xfstest generic/676 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 142/339] scsi: sd: Fix potential NULL pointer dereference Greg Kroah-Hartman
` (199 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuogee Hsieh, Stephen Boyd,
Abhinav Kumar, Sasha Levin
From: Kuogee Hsieh <quic_khsieh@quicinc.com>
[ Upstream commit 993a2adc6e2e94a0a7b5bfc054eda90ac95f62c3 ]
dp_catalog_ctrl_reset() will software reset DP controller. But it will
not reset programmable registers to default value. DP driver still have
to clear mask bits to interrupt status registers to disable interrupts
after software reset of controller.
At current implementation, dp_ctrl_reset_irq_ctrl() will software reset dp
controller but did not call dp_catalog_ctrl_enable_irq(false) to clear hpd
related interrupt mask bits to disable hpd related interrupts due to it
mistakenly think hpd related interrupt mask bits will be cleared by software
reset of dp controller automatically. This mistake may cause system to crash
during suspending procedure due to unexpected irq fired and trigger event
thread to access dp controller registers with controller clocks are disabled.
This patch fixes system crash during suspending problem by removing "enable"
flag condition checking at dp_ctrl_reset_irq_ctrl() so that hpd related
interrupt mask bits are cleared to prevent unexpected from happening.
Changes in v2:
-- add more details commit text
Changes in v3:
-- add synchrons_irq()
-- add atomic_t suspended
Changes in v4:
-- correct Fixes's commit ID
-- remove synchrons_irq()
Changes in v5:
-- revise commit text
Changes in v6:
-- add event_lock to protect "suspended"
Changes in v7:
-- delete "suspended" flag
Fixes: 989ebe7bc446 ("drm/msm/dp: do not initialize phy until plugin interrupt received")
Signed-off-by: Kuogee Hsieh <quic_khsieh@quicinc.com>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/486591/
Link: https://lore.kernel.org/r/1652804494-19650-1-git-send-email-quic_khsieh@quicinc.com
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/dp/dp_ctrl.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/msm/dp/dp_ctrl.c b/drivers/gpu/drm/msm/dp/dp_ctrl.c
index 08cc48af03b7..de1974916ad2 100644
--- a/drivers/gpu/drm/msm/dp/dp_ctrl.c
+++ b/drivers/gpu/drm/msm/dp/dp_ctrl.c
@@ -1380,8 +1380,13 @@ void dp_ctrl_reset_irq_ctrl(struct dp_ctrl *dp_ctrl, bool enable)
dp_catalog_ctrl_reset(ctrl->catalog);
- if (enable)
- dp_catalog_ctrl_enable_irq(ctrl->catalog, enable);
+ /*
+ * all dp controller programmable registers will not
+ * be reset to default value after DP_SW_RESET
+ * therefore interrupt mask bits have to be updated
+ * to enable/disable interrupts
+ */
+ dp_catalog_ctrl_enable_irq(ctrl->catalog, enable);
}
void dp_ctrl_phy_init(struct dp_ctrl *dp_ctrl)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 142/339] scsi: sd: Fix potential NULL pointer dereference
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 141/339] drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 143/339] ax25: Fix ax25 session cleanup problems Greg Kroah-Hartman
` (198 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dongliang Mu, Christoph Hellwig,
Damien Le Moal, Martin K. Petersen, Sasha Levin
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
[ Upstream commit 05fbde3a77a4f1d62e4c4428f384288c1f1a0be5 ]
If sd_probe() sees an early error before sdkp->device is initialized,
sd_zbc_release_disk() is called. This causes a NULL pointer dereference
when sd_is_zoned() is called inside that function. Avoid this by removing
the call to sd_zbc_release_disk() in sd_probe() error path.
This change is safe and does not result in zone information memory leakage
because the zone information for a zoned disk is allocated only when
sd_revalidate_disk() is called, at which point sdkp->disk_dev is fully set,
resulting in sd_disk_release() being called when needed to cleanup a disk
zone information using sd_zbc_release_disk().
Link: https://lore.kernel.org/r/20220601062544.905141-2-damien.lemoal@opensource.wdc.com
Fixes: 89d947561077 ("sd: Implement support for ZBC devices")
Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Suggested-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/sd.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 5539d75dcfe7..8a16cbf77496 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3501,7 +3501,6 @@ static int sd_probe(struct device *dev)
out_put:
put_disk(gd);
out_free:
- sd_zbc_release_disk(sdkp);
kfree(sdkp);
out:
scsi_autopm_put_device(sdp);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 143/339] ax25: Fix ax25 session cleanup problems
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 142/339] scsi: sd: Fix potential NULL pointer dereference Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 144/339] nfp: remove padding in nfp_nfdk_tx_desc Greg Kroah-Hartman
` (197 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Paolo Abeni,
Sasha Levin, Thomas Osterried
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 7d8a3a477b3e25ada8dc71d22048c2ea417209a0 ]
There are session cleanup problems in ax25_release() and
ax25_disconnect(). If we setup a session and then disconnect,
the disconnected session is still in "LISTENING" state that
is shown below.
Active AX.25 sockets
Dest Source Device State Vr/Vs Send-Q Recv-Q
DL9SAU-4 DL9SAU-3 ??? LISTENING 000/000 0 0
DL9SAU-3 DL9SAU-4 ??? LISTENING 000/000 0 0
The first reason is caused by del_timer_sync() in ax25_release().
The timers of ax25 are used for correct session cleanup. If we use
ax25_release() to close ax25 sessions and ax25_dev is not null,
the del_timer_sync() functions in ax25_release() will execute.
As a result, the sessions could not be cleaned up correctly,
because the timers have stopped.
In order to solve this problem, this patch adds a device_up flag
in ax25_dev in order to judge whether the device is up. If there
are sessions to be cleaned up, the del_timer_sync() in
ax25_release() will not execute. What's more, we add ax25_cb_del()
in ax25_kill_by_device(), because the timers have been stopped
and there are no functions that could delete ax25_cb if we do not
call ax25_release(). Finally, we reorder the position of
ax25_list_lock in ax25_cb_del() in order to synchronize among
different functions that call ax25_cb_del().
The second reason is caused by improper check in ax25_disconnect().
The incoming ax25 sessions which ax25->sk is null will close
heartbeat timer, because the check "if(!ax25->sk || ..)" is
satisfied. As a result, the session could not be cleaned up properly.
In order to solve this problem, this patch changes the improper
check to "if(ax25->sk && ..)" in ax25_disconnect().
What`s more, the ax25_disconnect() may be called twice, which is
not necessary. For example, ax25_kill_by_device() calls
ax25_disconnect() and sets ax25->state to AX25_STATE_0, but
ax25_release() calls ax25_disconnect() again.
In order to solve this problem, this patch add a check in
ax25_release(). If the flag of ax25->sk equals to SOCK_DEAD,
the ax25_disconnect() in ax25_release() should not be executed.
Fixes: 82e31755e55f ("ax25: Fix UAF bugs in ax25 timers")
Fixes: 8a367e74c012 ("ax25: Fix segfault after sock connection timeout")
Reported-and-tested-by: Thomas Osterried <thomas@osterried.de>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220530152158.108619-1-duoming@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/ax25.h | 1 +
net/ax25/af_ax25.c | 27 +++++++++++++++++----------
net/ax25/ax25_dev.c | 1 +
net/ax25/ax25_subr.c | 2 +-
4 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/include/net/ax25.h b/include/net/ax25.h
index 0f9790c455bb..a427a05672e2 100644
--- a/include/net/ax25.h
+++ b/include/net/ax25.h
@@ -228,6 +228,7 @@ typedef struct ax25_dev {
ax25_dama_info dama;
#endif
refcount_t refcount;
+ bool device_up;
} ax25_dev;
typedef struct ax25_cb {
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 363d47f94532..289f355e1853 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -62,12 +62,12 @@ static void ax25_free_sock(struct sock *sk)
*/
static void ax25_cb_del(ax25_cb *ax25)
{
+ spin_lock_bh(&ax25_list_lock);
if (!hlist_unhashed(&ax25->ax25_node)) {
- spin_lock_bh(&ax25_list_lock);
hlist_del_init(&ax25->ax25_node);
- spin_unlock_bh(&ax25_list_lock);
ax25_cb_put(ax25);
}
+ spin_unlock_bh(&ax25_list_lock);
}
/*
@@ -81,6 +81,7 @@ static void ax25_kill_by_device(struct net_device *dev)
if ((ax25_dev = ax25_dev_ax25dev(dev)) == NULL)
return;
+ ax25_dev->device_up = false;
spin_lock_bh(&ax25_list_lock);
again:
@@ -91,6 +92,7 @@ static void ax25_kill_by_device(struct net_device *dev)
spin_unlock_bh(&ax25_list_lock);
ax25_disconnect(s, ENETUNREACH);
s->ax25_dev = NULL;
+ ax25_cb_del(s);
spin_lock_bh(&ax25_list_lock);
goto again;
}
@@ -103,6 +105,7 @@ static void ax25_kill_by_device(struct net_device *dev)
dev_put_track(ax25_dev->dev, &ax25_dev->dev_tracker);
ax25_dev_put(ax25_dev);
}
+ ax25_cb_del(s);
release_sock(sk);
spin_lock_bh(&ax25_list_lock);
sock_put(sk);
@@ -995,9 +998,11 @@ static int ax25_release(struct socket *sock)
if (sk->sk_type == SOCK_SEQPACKET) {
switch (ax25->state) {
case AX25_STATE_0:
- release_sock(sk);
- ax25_disconnect(ax25, 0);
- lock_sock(sk);
+ if (!sock_flag(ax25->sk, SOCK_DEAD)) {
+ release_sock(sk);
+ ax25_disconnect(ax25, 0);
+ lock_sock(sk);
+ }
ax25_destroy_socket(ax25);
break;
@@ -1053,11 +1058,13 @@ static int ax25_release(struct socket *sock)
ax25_destroy_socket(ax25);
}
if (ax25_dev) {
- del_timer_sync(&ax25->timer);
- del_timer_sync(&ax25->t1timer);
- del_timer_sync(&ax25->t2timer);
- del_timer_sync(&ax25->t3timer);
- del_timer_sync(&ax25->idletimer);
+ if (!ax25_dev->device_up) {
+ del_timer_sync(&ax25->timer);
+ del_timer_sync(&ax25->t1timer);
+ del_timer_sync(&ax25->t2timer);
+ del_timer_sync(&ax25->t3timer);
+ del_timer_sync(&ax25->idletimer);
+ }
dev_put_track(ax25_dev->dev, &ax25_dev->dev_tracker);
ax25_dev_put(ax25_dev);
}
diff --git a/net/ax25/ax25_dev.c b/net/ax25/ax25_dev.c
index d2a244e1c260..5451be15e072 100644
--- a/net/ax25/ax25_dev.c
+++ b/net/ax25/ax25_dev.c
@@ -62,6 +62,7 @@ void ax25_dev_device_up(struct net_device *dev)
ax25_dev->dev = dev;
dev_hold_track(dev, &ax25_dev->dev_tracker, GFP_ATOMIC);
ax25_dev->forward = NULL;
+ ax25_dev->device_up = true;
ax25_dev->values[AX25_VALUES_IPDEFMODE] = AX25_DEF_IPDEFMODE;
ax25_dev->values[AX25_VALUES_AXDEFMODE] = AX25_DEF_AXDEFMODE;
diff --git a/net/ax25/ax25_subr.c b/net/ax25/ax25_subr.c
index 3a476e4f6cd0..9ff98f46dc6b 100644
--- a/net/ax25/ax25_subr.c
+++ b/net/ax25/ax25_subr.c
@@ -268,7 +268,7 @@ void ax25_disconnect(ax25_cb *ax25, int reason)
del_timer_sync(&ax25->t3timer);
del_timer_sync(&ax25->idletimer);
} else {
- if (!ax25->sk || !sock_flag(ax25->sk, SOCK_DESTROY))
+ if (ax25->sk && !sock_flag(ax25->sk, SOCK_DESTROY))
ax25_stop_heartbeat(ax25);
ax25_stop_t1timer(ax25);
ax25_stop_t2timer(ax25);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 144/339] nfp: remove padding in nfp_nfdk_tx_desc
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 143/339] ax25: Fix ax25 session cleanup problems Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 145/339] tipc: check attribute length for bearer name Greg Kroah-Hartman
` (196 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Fei Qin, Yinjun Zhang, Louis Peens,
Simon Horman, Paolo Abeni, Sasha Levin
From: Fei Qin <fei.qin@corigine.com>
[ Upstream commit c6fbbf1eae8f35e10966826960e154c9596c86dc ]
NFDK firmware supports 48-bit dma addressing and
parses 16 high bits of dma addresses.
In nfp_nfdk_tx_desc, dma related structure and tso
related structure are union. When "mss" be filled
with nonzero value due to enable tso, the memory used
by "padding" may be also filled. Then, firmware may
parse wrong dma addresses which causes TX watchdog
timeout problem.
This patch removes padding and unifies the dma_addr_hi
bits with the one in firmware. nfp_nfdk_tx_desc_set_dma_addr
is also added to match this change.
Fixes: c10d12e3dce8 ("nfp: add support for NFDK data path")
Signed-off-by: Fei Qin <fei.qin@corigine.com>
Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20220601083449.50556-1-simon.horman@corigine.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/netronome/nfp/nfdk/dp.c | 12 ++++++------
drivers/net/ethernet/netronome/nfp/nfdk/nfdk.h | 3 +--
drivers/net/ethernet/netronome/nfp/nfp_net.h | 11 ++++++++++-
3 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/nfdk/dp.c b/drivers/net/ethernet/netronome/nfp/nfdk/dp.c
index e3da9ac20e57..e509d6dcba5c 100644
--- a/drivers/net/ethernet/netronome/nfp/nfdk/dp.c
+++ b/drivers/net/ethernet/netronome/nfp/nfdk/dp.c
@@ -314,7 +314,7 @@ netdev_tx_t nfp_nfdk_tx(struct sk_buff *skb, struct net_device *netdev)
FIELD_PREP(NFDK_DESC_TX_TYPE_HEAD, type);
txd->dma_len_type = cpu_to_le16(dlen_type);
- nfp_desc_set_dma_addr(txd, dma_addr);
+ nfp_nfdk_tx_desc_set_dma_addr(txd, dma_addr);
/* starts at bit 0 */
BUILD_BUG_ON(!(NFDK_DESC_TX_DMA_LEN_HEAD & 1));
@@ -339,7 +339,7 @@ netdev_tx_t nfp_nfdk_tx(struct sk_buff *skb, struct net_device *netdev)
dlen_type = FIELD_PREP(NFDK_DESC_TX_DMA_LEN, dma_len);
txd->dma_len_type = cpu_to_le16(dlen_type);
- nfp_desc_set_dma_addr(txd, dma_addr);
+ nfp_nfdk_tx_desc_set_dma_addr(txd, dma_addr);
dma_len -= dlen_type;
dma_addr += dlen_type + 1;
@@ -929,7 +929,7 @@ nfp_nfdk_tx_xdp_buf(struct nfp_net_dp *dp, struct nfp_net_rx_ring *rx_ring,
FIELD_PREP(NFDK_DESC_TX_TYPE_HEAD, type);
txd->dma_len_type = cpu_to_le16(dlen_type);
- nfp_desc_set_dma_addr(txd, dma_addr);
+ nfp_nfdk_tx_desc_set_dma_addr(txd, dma_addr);
tmp_dlen = dlen_type & NFDK_DESC_TX_DMA_LEN_HEAD;
dma_len -= tmp_dlen;
@@ -940,7 +940,7 @@ nfp_nfdk_tx_xdp_buf(struct nfp_net_dp *dp, struct nfp_net_rx_ring *rx_ring,
dma_len -= 1;
dlen_type = FIELD_PREP(NFDK_DESC_TX_DMA_LEN, dma_len);
txd->dma_len_type = cpu_to_le16(dlen_type);
- nfp_desc_set_dma_addr(txd, dma_addr);
+ nfp_nfdk_tx_desc_set_dma_addr(txd, dma_addr);
dlen_type &= NFDK_DESC_TX_DMA_LEN;
dma_len -= dlen_type;
@@ -1332,7 +1332,7 @@ nfp_nfdk_ctrl_tx_one(struct nfp_net *nn, struct nfp_net_r_vector *r_vec,
FIELD_PREP(NFDK_DESC_TX_TYPE_HEAD, type);
txd->dma_len_type = cpu_to_le16(dlen_type);
- nfp_desc_set_dma_addr(txd, dma_addr);
+ nfp_nfdk_tx_desc_set_dma_addr(txd, dma_addr);
tmp_dlen = dlen_type & NFDK_DESC_TX_DMA_LEN_HEAD;
dma_len -= tmp_dlen;
@@ -1343,7 +1343,7 @@ nfp_nfdk_ctrl_tx_one(struct nfp_net *nn, struct nfp_net_r_vector *r_vec,
dma_len -= 1;
dlen_type = FIELD_PREP(NFDK_DESC_TX_DMA_LEN, dma_len);
txd->dma_len_type = cpu_to_le16(dlen_type);
- nfp_desc_set_dma_addr(txd, dma_addr);
+ nfp_nfdk_tx_desc_set_dma_addr(txd, dma_addr);
dlen_type &= NFDK_DESC_TX_DMA_LEN;
dma_len -= dlen_type;
diff --git a/drivers/net/ethernet/netronome/nfp/nfdk/nfdk.h b/drivers/net/ethernet/netronome/nfp/nfdk/nfdk.h
index c41e0975eb73..0ea51d9f2325 100644
--- a/drivers/net/ethernet/netronome/nfp/nfdk/nfdk.h
+++ b/drivers/net/ethernet/netronome/nfp/nfdk/nfdk.h
@@ -46,8 +46,7 @@
struct nfp_nfdk_tx_desc {
union {
struct {
- u8 dma_addr_hi; /* High bits of host buf address */
- u8 padding; /* Must be zero */
+ __le16 dma_addr_hi; /* High bits of host buf address */
__le16 dma_len_type; /* Length to DMA for this desc */
__le32 dma_addr_lo; /* Low 32bit of host buf addr */
};
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net.h b/drivers/net/ethernet/netronome/nfp/nfp_net.h
index 428783b7018b..3dd3a92d2e7f 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net.h
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net.h
@@ -117,13 +117,22 @@ struct nfp_nfdk_tx_buf;
/* Convenience macro for writing dma address into RX/TX descriptors */
#define nfp_desc_set_dma_addr(desc, dma_addr) \
do { \
- __typeof(desc) __d = (desc); \
+ __typeof__(desc) __d = (desc); \
dma_addr_t __addr = (dma_addr); \
\
__d->dma_addr_lo = cpu_to_le32(lower_32_bits(__addr)); \
__d->dma_addr_hi = upper_32_bits(__addr) & 0xff; \
} while (0)
+#define nfp_nfdk_tx_desc_set_dma_addr(desc, dma_addr) \
+ do { \
+ __typeof__(desc) __d = (desc); \
+ dma_addr_t __addr = (dma_addr); \
+ \
+ __d->dma_addr_hi = cpu_to_le16(upper_32_bits(__addr) & 0xff); \
+ __d->dma_addr_lo = cpu_to_le32(lower_32_bits(__addr)); \
+ } while (0)
+
/**
* struct nfp_net_tx_ring - TX ring structure
* @r_vec: Back pointer to ring vector structure
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 145/339] tipc: check attribute length for bearer name
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 144/339] nfp: remove padding in nfp_nfdk_tx_desc Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 146/339] driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Greg Kroah-Hartman
` (195 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+e820fdc8ce362f2dea51,
Jon Maloy, Hoang Le, Jakub Kicinski, Sasha Levin
From: Hoang Le <hoang.h.le@dektech.com.au>
[ Upstream commit 7f36f798f89bf32c0164049cb0e3fd1af613d0bb ]
syzbot reported uninit-value:
=====================================================
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]
BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725
string_nocheck lib/vsprintf.c:644 [inline]
string+0x4f9/0x6f0 lib/vsprintf.c:725
vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283
vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50
_printk+0x18d/0x1cf kernel/printk/printk.c:2293
tipc_enable_bearer net/tipc/bearer.c:371 [inline]
__tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033
tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
- Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.
- Do not use 'illegal name' in printing message.
Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
Fixes: cb30a63384bc ("tipc: refactor function tipc_enable_bearer()")
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Link: https://lore.kernel.org/r/20220602063053.5892-1-hoang.h.le@dektech.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/bearer.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 6d39ca05f249..932c87b98eca 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -259,9 +259,8 @@ static int tipc_enable_bearer(struct net *net, const char *name,
u32 i;
if (!bearer_name_validate(name, &b_names)) {
- errstr = "illegal name";
NL_SET_ERR_MSG(extack, "Illegal name");
- goto rejected;
+ return res;
}
if (prio > TIPC_MAX_LINK_PRI && prio != TIPC_MEDIA_LINK_PRI) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 146/339] driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 145/339] tipc: check attribute length for bearer name Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 147/339] perf evsel: Fixes topdown events in a weak group for the hybrid platform Greg Kroah-Hartman
` (194 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, John Stultz, David S. Miller,
Alexey Kuznetsov, Hideaki YOSHIFUJI, Jakub Kicinski, Rob Herring,
Geert Uytterhoeven, Yoshihiro Shimoda, Robin Murphy,
Andy Shevchenko, Sudeep Holla, Andy Shevchenko, Naresh Kamboju,
Basil Eljuse, Ferry Toth, Arnd Bergmann, Anders Roxell, linux-pm,
Nathan Chancellor, Sebastian Andrzej Siewior, Geert Uytterhoeven,
Saravana Kannan, Rafael J. Wysocki, Linus Torvalds, Sasha Levin
From: Saravana Kannan <saravanak@google.com>
[ Upstream commit 5ee76c256e928455212ab759c51d198fedbe7523 ]
Mounting NFS rootfs was timing out when deferred_probe_timeout was
non-zero [1]. This was because ip_auto_config() initcall times out
waiting for the network interfaces to show up when
deferred_probe_timeout was non-zero. While ip_auto_config() calls
wait_for_device_probe() to make sure any currently running deferred
probe work or asynchronous probe finishes, that wasn't sufficient to
account for devices being deferred until deferred_probe_timeout.
Commit 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits
until the deferred_probe_timeout fires") tried to fix that by making
sure wait_for_device_probe() waits for deferred_probe_timeout to expire
before returning.
However, if wait_for_device_probe() is called from the kernel_init()
context:
- Before deferred_probe_initcall() [2], it causes the boot process to
hang due to a deadlock.
- After deferred_probe_initcall() [3], it blocks kernel_init() from
continuing till deferred_probe_timeout expires and beats the point of
deferred_probe_timeout that's trying to wait for userspace to load
modules.
Neither of this is good. So revert the changes to
wait_for_device_probe().
[1] - https://lore.kernel.org/lkml/TYAPR01MB45443DF63B9EF29054F7C41FD8C60@TYAPR01MB4544.jpnprd01.prod.outlook.com/
[2] - https://lore.kernel.org/lkml/YowHNo4sBjr9ijZr@dev-arch.thelio-3990X/
[3] - https://lore.kernel.org/lkml/Yo3WvGnNk3LvLb7R@linutronix.de/
Fixes: 35a672363ab3 ("driver core: Ensure wait_for_device_probe() waits until the deferred_probe_timeout fires")
Cc: John Stultz <jstultz@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Rob Herring <robh@kernel.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Sudeep Holla <sudeep.holla@arm.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: Basil Eljuse <Basil.Eljuse@arm.com>
Cc: Ferry Toth <fntoth@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Anders Roxell <anders.roxell@linaro.org>
Cc: linux-pm@vger.kernel.org
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reported-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: John Stultz <jstultz@google.com>
Signed-off-by: Saravana Kannan <saravanak@google.com>
Link: https://lore.kernel.org/r/20220526034609.480766-2-saravanak@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Rafael J. Wysocki <rafael@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/dd.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index ed02a529a896..d6980f33afc4 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -257,7 +257,6 @@ DEFINE_SHOW_ATTRIBUTE(deferred_devs);
int driver_deferred_probe_timeout;
EXPORT_SYMBOL_GPL(driver_deferred_probe_timeout);
-static DECLARE_WAIT_QUEUE_HEAD(probe_timeout_waitqueue);
static int __init deferred_probe_timeout_setup(char *str)
{
@@ -312,7 +311,6 @@ static void deferred_probe_timeout_work_func(struct work_struct *work)
list_for_each_entry(p, &deferred_probe_pending_list, deferred_probe)
dev_info(p->device, "deferred probe pending\n");
mutex_unlock(&deferred_probe_mutex);
- wake_up_all(&probe_timeout_waitqueue);
}
static DECLARE_DELAYED_WORK(deferred_probe_timeout_work, deferred_probe_timeout_work_func);
@@ -716,9 +714,6 @@ int driver_probe_done(void)
*/
void wait_for_device_probe(void)
{
- /* wait for probe timeout */
- wait_event(probe_timeout_waitqueue, !driver_deferred_probe_timeout);
-
/* wait for the deferred probe workqueue to finish */
flush_work(&deferred_probe_work);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 147/339] perf evsel: Fixes topdown events in a weak group for the hybrid platform
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 146/339] driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 148/339] perf parse-events: Move slots event for the hybrid platform too Greg Kroah-Hartman
` (193 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Ian Rogers, Adrian Hunter,
Andi Kleen, Ingo Molnar, Jiri Olsa, Namhyung Kim, Peter Zijlstra,
Stephane Eranian, Xing Zhengjun, Arnaldo Carvalho de Melo,
Sasha Levin
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit 39d5f412da84784bcc7f39ed49e55376be526fc7 ]
The patch ("perf evlist: Keep topdown counters in weak group") fixes the
perf metrics topdown event issue when the topdown events are in a weak
group on a non-hybrid platform. However, it doesn't work for the hybrid
platform.
$./perf stat -e '{cpu_core/slots/,cpu_core/topdown-bad-spec/,
cpu_core/topdown-be-bound/,cpu_core/topdown-fe-bound/,
cpu_core/topdown-retiring/,cpu_core/branch-instructions/,
cpu_core/branch-misses/,cpu_core/bus-cycles/,cpu_core/cache-misses/,
cpu_core/cache-references/,cpu_core/cpu-cycles/,cpu_core/instructions/,
cpu_core/mem-loads/,cpu_core/mem-stores/,cpu_core/ref-cycles/,
cpu_core/cache-misses/,cpu_core/cache-references/}:W' -a sleep 1
Performance counter stats for 'system wide':
751,765,068 cpu_core/slots/ (84.07%)
<not supported> cpu_core/topdown-bad-spec/
<not supported> cpu_core/topdown-be-bound/
<not supported> cpu_core/topdown-fe-bound/
<not supported> cpu_core/topdown-retiring/
12,398,197 cpu_core/branch-instructions/ (84.07%)
1,054,218 cpu_core/branch-misses/ (84.24%)
539,764,637 cpu_core/bus-cycles/ (84.64%)
14,683 cpu_core/cache-misses/ (84.87%)
7,277,809 cpu_core/cache-references/ (77.30%)
222,299,439 cpu_core/cpu-cycles/ (77.28%)
63,661,714 cpu_core/instructions/ (84.85%)
0 cpu_core/mem-loads/ (77.29%)
12,271,725 cpu_core/mem-stores/ (77.30%)
542,241,102 cpu_core/ref-cycles/ (84.85%)
8,854 cpu_core/cache-misses/ (76.71%)
7,179,013 cpu_core/cache-references/ (76.31%)
1.003245250 seconds time elapsed
A hybrid platform has a different PMU name for the core PMUs, while
the current perf hard code the PMU name "cpu".
The evsel->pmu_name can be used to replace the "cpu" to fix the issue.
For a hybrid platform, the pmu_name must be non-NULL. Because there are
at least two core PMUs. The PMU has to be specified.
For a non-hybrid platform, the pmu_name may be NULL. Because there is
only one core PMU, "cpu". For a NULL pmu_name, we can safely assume that
it is a "cpu" PMU.
In case other PMUs also define the "slots" event, checking the PMU type
as well.
With the patch,
$ perf stat -e '{cpu_core/slots/,cpu_core/topdown-bad-spec/,
cpu_core/topdown-be-bound/,cpu_core/topdown-fe-bound/,
cpu_core/topdown-retiring/,cpu_core/branch-instructions/,
cpu_core/branch-misses/,cpu_core/bus-cycles/,cpu_core/cache-misses/,
cpu_core/cache-references/,cpu_core/cpu-cycles/,cpu_core/instructions/,
cpu_core/mem-loads/,cpu_core/mem-stores/,cpu_core/ref-cycles/,
cpu_core/cache-misses/,cpu_core/cache-references/}:W' -a sleep 1
Performance counter stats for 'system wide':
766,620,266 cpu_core/slots/ (84.06%)
73,172,129 cpu_core/topdown-bad-spec/ # 9.5% bad speculation (84.06%)
193,443,341 cpu_core/topdown-be-bound/ # 25.0% backend bound (84.06%)
403,940,929 cpu_core/topdown-fe-bound/ # 52.3% frontend bound (84.06%)
102,070,237 cpu_core/topdown-retiring/ # 13.2% retiring (84.06%)
12,364,429 cpu_core/branch-instructions/ (84.03%)
1,080,124 cpu_core/branch-misses/ (84.24%)
564,120,383 cpu_core/bus-cycles/ (84.65%)
36,979 cpu_core/cache-misses/ (84.86%)
7,298,094 cpu_core/cache-references/ (77.30%)
227,174,372 cpu_core/cpu-cycles/ (77.31%)
63,886,523 cpu_core/instructions/ (84.87%)
0 cpu_core/mem-loads/ (77.31%)
12,208,782 cpu_core/mem-stores/ (77.31%)
566,409,738 cpu_core/ref-cycles/ (84.87%)
23,118 cpu_core/cache-misses/ (76.71%)
7,212,602 cpu_core/cache-references/ (76.29%)
1.003228667 seconds time elapsed
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Xing Zhengjun <zhengjun.xing@linux.intel.com>
Link: https://lore.kernel.org/r/20220518143900.1493980-2-kan.liang@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/arch/x86/util/evsel.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/tools/perf/arch/x86/util/evsel.c b/tools/perf/arch/x86/util/evsel.c
index 0c9e56ab07b5..ff4561b7b600 100644
--- a/tools/perf/arch/x86/util/evsel.c
+++ b/tools/perf/arch/x86/util/evsel.c
@@ -31,10 +31,29 @@ void arch_evsel__fixup_new_cycles(struct perf_event_attr *attr)
free(env.cpuid);
}
+/* Check whether the evsel's PMU supports the perf metrics */
+static bool evsel__sys_has_perf_metrics(const struct evsel *evsel)
+{
+ const char *pmu_name = evsel->pmu_name ? evsel->pmu_name : "cpu";
+
+ /*
+ * The PERF_TYPE_RAW type is the core PMU type, e.g., "cpu" PMU
+ * on a non-hybrid machine, "cpu_core" PMU on a hybrid machine.
+ * The slots event is only available for the core PMU, which
+ * supports the perf metrics feature.
+ * Checking both the PERF_TYPE_RAW type and the slots event
+ * should be good enough to detect the perf metrics feature.
+ */
+ if ((evsel->core.attr.type == PERF_TYPE_RAW) &&
+ pmu_have_event(pmu_name, "slots"))
+ return true;
+
+ return false;
+}
+
bool arch_evsel__must_be_in_group(const struct evsel *evsel)
{
- if ((evsel->pmu_name && strcmp(evsel->pmu_name, "cpu")) ||
- !pmu_have_event("cpu", "slots"))
+ if (!evsel__sys_has_perf_metrics(evsel))
return false;
return evsel->name &&
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 148/339] perf parse-events: Move slots event for the hybrid platform too
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 147/339] perf evsel: Fixes topdown events in a weak group for the hybrid platform Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 149/339] perf record: Support sample-read topdown metric group for hybrid platforms Greg Kroah-Hartman
` (192 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ian Rogers, Kan Liang, Adrian Hunter,
Andi Kleen, Ingo Molnar, Jiri Olsa, Namhyung Kim, Peter Zijlstra,
Stephane Eranian, Xing Zhengjun, Arnaldo Carvalho de Melo,
Sasha Levin
From: Kan Liang <kan.liang@linux.intel.com>
[ Upstream commit e0e14cdff31d326f81e0edbd5140f788c870756c ]
The commit 94dbfd6781a0e87b ("perf parse-events: Architecture specific
leader override") introduced a feature to reorder the slots event to
fulfill the restriction of the perf metrics topdown group. But the
feature doesn't work on the hybrid machine.
$ perf stat -e "{cpu_core/instructions/,cpu_core/slots/,cpu_core/topdown-retiring/}" -a sleep 1
Performance counter stats for 'system wide':
<not counted> cpu_core/instructions/
<not counted> cpu_core/slots/
<not supported> cpu_core/topdown-retiring/
1.002871801 seconds time elapsed
A hybrid platform has a different PMU name for the core PMUs, while
current perf hard code the PMU name "cpu".
Introduce a new function to check whether the system supports the perf
metrics feature. The result is cached for the future usage.
For X86, the core PMU name always has "cpu" prefix.
With the patch:
$ perf stat -e "{cpu_core/instructions/,cpu_core/slots/,cpu_core/topdown-retiring/}" -a sleep 1
Performance counter stats for 'system wide':
76,337,010 cpu_core/slots/
10,416,809 cpu_core/instructions/
11,692,372 cpu_core/topdown-retiring/
1.002805453 seconds time elapsed
Reviewed-by: Ian Rogers <irogers@google.com>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Xing Zhengjun <zhengjun.xing@linux.intel.com>
Link: https://lore.kernel.org/r/20220518143900.1493980-5-kan.liang@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/arch/x86/util/evlist.c | 5 +++--
tools/perf/arch/x86/util/topdown.c | 25 +++++++++++++++++++++++++
tools/perf/arch/x86/util/topdown.h | 7 +++++++
3 files changed, 35 insertions(+), 2 deletions(-)
create mode 100644 tools/perf/arch/x86/util/topdown.h
diff --git a/tools/perf/arch/x86/util/evlist.c b/tools/perf/arch/x86/util/evlist.c
index 75564a7df15b..68f681ad54c1 100644
--- a/tools/perf/arch/x86/util/evlist.c
+++ b/tools/perf/arch/x86/util/evlist.c
@@ -3,6 +3,7 @@
#include "util/pmu.h"
#include "util/evlist.h"
#include "util/parse-events.h"
+#include "topdown.h"
#define TOPDOWN_L1_EVENTS "{slots,topdown-retiring,topdown-bad-spec,topdown-fe-bound,topdown-be-bound}"
#define TOPDOWN_L2_EVENTS "{slots,topdown-retiring,topdown-bad-spec,topdown-fe-bound,topdown-be-bound,topdown-heavy-ops,topdown-br-mispredict,topdown-fetch-lat,topdown-mem-bound}"
@@ -25,12 +26,12 @@ struct evsel *arch_evlist__leader(struct list_head *list)
first = list_first_entry(list, struct evsel, core.node);
- if (!pmu_have_event("cpu", "slots"))
+ if (!topdown_sys_has_perf_metrics())
return first;
/* If there is a slots event and a topdown event then the slots event comes first. */
__evlist__for_each_entry(list, evsel) {
- if (evsel->pmu_name && !strcmp(evsel->pmu_name, "cpu") && evsel->name) {
+ if (evsel->pmu_name && !strncmp(evsel->pmu_name, "cpu", 3) && evsel->name) {
if (strcasestr(evsel->name, "slots")) {
slots = evsel;
if (slots == first)
diff --git a/tools/perf/arch/x86/util/topdown.c b/tools/perf/arch/x86/util/topdown.c
index 2f3d96aa92a5..f4d5422e9960 100644
--- a/tools/perf/arch/x86/util/topdown.c
+++ b/tools/perf/arch/x86/util/topdown.c
@@ -3,6 +3,31 @@
#include "api/fs/fs.h"
#include "util/pmu.h"
#include "util/topdown.h"
+#include "topdown.h"
+
+/* Check whether there is a PMU which supports the perf metrics. */
+bool topdown_sys_has_perf_metrics(void)
+{
+ static bool has_perf_metrics;
+ static bool cached;
+ struct perf_pmu *pmu;
+
+ if (cached)
+ return has_perf_metrics;
+
+ /*
+ * The perf metrics feature is a core PMU feature.
+ * The PERF_TYPE_RAW type is the type of a core PMU.
+ * The slots event is only available when the core PMU
+ * supports the perf metrics feature.
+ */
+ pmu = perf_pmu__find_by_type(PERF_TYPE_RAW);
+ if (pmu && pmu_have_event(pmu->name, "slots"))
+ has_perf_metrics = true;
+
+ cached = true;
+ return has_perf_metrics;
+}
/*
* Check whether we can use a group for top down.
diff --git a/tools/perf/arch/x86/util/topdown.h b/tools/perf/arch/x86/util/topdown.h
new file mode 100644
index 000000000000..46bf9273e572
--- /dev/null
+++ b/tools/perf/arch/x86/util/topdown.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _TOPDOWN_H
+#define _TOPDOWN_H 1
+
+bool topdown_sys_has_perf_metrics(void);
+
+#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 149/339] perf record: Support sample-read topdown metric group for hybrid platforms
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 148/339] perf parse-events: Move slots event for the hybrid platform too Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 150/339] perf c2c: Fix sorting in percent_rmt_hitm_cmp() Greg Kroah-Hartman
` (191 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kan Liang, Zhengjun Xing, Ian Rogers,
Adrian Hunter, Alexander Shishkin, Andi Kleen, Ingo Molnar,
Jiri Olsa, Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Zhengjun Xing <zhengjun.xing@linux.intel.com>
[ Upstream commit 151e7d75036b4e2ac0f33730bc1a5b3ff424d9a7 ]
With the hardware TopDown metrics feature, the sample-read feature should
be supported for a TopDown group, e.g., sample a non-topdown event and read
a Topdown metric group. But the current perf record code errors are out.
For a TopDown metric group,the slots event must be the leader of the group,
but the leader slots event doesn't support sampling. To support sample-read
the TopDown metric group, uses the 2nd event of the group as the "leader"
for the purposes of sampling.
Only the platform with the TopDown metric feature supports sample-read the
topdown group. In commit acb65150a47c ("perf record: Support sample-read
topdown metric group"), it adds arch_topdown_sample_read() to indicate
whether the TopDown group supports sample-read, it should only work on the
non-hybrid systems, this patch extends the support for hybrid platforms.
Before:
# ./perf record -e "{cpu_core/slots/,cpu_core/cycles/,cpu_core/topdown-retiring/}:S" -a sleep 1
Error:
The sys_perf_event_open() syscall returned with 22 (Invalid argument) for event (cpu_core/topdown-retiring/).
/bin/dmesg | grep -i perf may provide additional information.
After:
# ./perf record -e "{cpu_core/slots/,cpu_core/cycles/,cpu_core/topdown-retiring/}:S" -a sleep 1
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.238 MB perf.data (369 samples) ]
Fixes: acb65150a47c2bae ("perf record: Support sample-read topdown metric group")
Reviewed-by: Kan Liang <kan.liang@linux.intel.com>
Signed-off-by: Zhengjun Xing <zhengjun.xing@linux.intel.com>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220602153603.1884710-1-zhengjun.xing@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/arch/x86/util/evsel.c | 3 ++-
tools/perf/arch/x86/util/evsel.h | 7 +++++++
tools/perf/arch/x86/util/topdown.c | 21 ++++-----------------
3 files changed, 13 insertions(+), 18 deletions(-)
create mode 100644 tools/perf/arch/x86/util/evsel.h
diff --git a/tools/perf/arch/x86/util/evsel.c b/tools/perf/arch/x86/util/evsel.c
index ff4561b7b600..3501399cef35 100644
--- a/tools/perf/arch/x86/util/evsel.c
+++ b/tools/perf/arch/x86/util/evsel.c
@@ -5,6 +5,7 @@
#include "util/env.h"
#include "util/pmu.h"
#include "linux/string.h"
+#include "evsel.h"
void arch_evsel__set_sample_weight(struct evsel *evsel)
{
@@ -32,7 +33,7 @@ void arch_evsel__fixup_new_cycles(struct perf_event_attr *attr)
}
/* Check whether the evsel's PMU supports the perf metrics */
-static bool evsel__sys_has_perf_metrics(const struct evsel *evsel)
+bool evsel__sys_has_perf_metrics(const struct evsel *evsel)
{
const char *pmu_name = evsel->pmu_name ? evsel->pmu_name : "cpu";
diff --git a/tools/perf/arch/x86/util/evsel.h b/tools/perf/arch/x86/util/evsel.h
new file mode 100644
index 000000000000..19ad1691374d
--- /dev/null
+++ b/tools/perf/arch/x86/util/evsel.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _EVSEL_H
+#define _EVSEL_H 1
+
+bool evsel__sys_has_perf_metrics(const struct evsel *evsel);
+
+#endif
diff --git a/tools/perf/arch/x86/util/topdown.c b/tools/perf/arch/x86/util/topdown.c
index f4d5422e9960..f81a7cfe4d63 100644
--- a/tools/perf/arch/x86/util/topdown.c
+++ b/tools/perf/arch/x86/util/topdown.c
@@ -4,6 +4,7 @@
#include "util/pmu.h"
#include "util/topdown.h"
#include "topdown.h"
+#include "evsel.h"
/* Check whether there is a PMU which supports the perf metrics. */
bool topdown_sys_has_perf_metrics(void)
@@ -55,33 +56,19 @@ void arch_topdown_group_warn(void)
#define TOPDOWN_SLOTS 0x0400
-static bool is_topdown_slots_event(struct evsel *counter)
-{
- if (!counter->pmu_name)
- return false;
-
- if (strcmp(counter->pmu_name, "cpu"))
- return false;
-
- if (counter->core.attr.config == TOPDOWN_SLOTS)
- return true;
-
- return false;
-}
-
/*
* Check whether a topdown group supports sample-read.
*
- * Only Topdown metic supports sample-read. The slots
+ * Only Topdown metric supports sample-read. The slots
* event must be the leader of the topdown group.
*/
bool arch_topdown_sample_read(struct evsel *leader)
{
- if (!pmu_have_event("cpu", "slots"))
+ if (!evsel__sys_has_perf_metrics(leader))
return false;
- if (is_topdown_slots_event(leader))
+ if (leader->core.attr.config == TOPDOWN_SLOTS)
return true;
return false;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 150/339] perf c2c: Fix sorting in percent_rmt_hitm_cmp()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 149/339] perf record: Support sample-read topdown metric group for hybrid platforms Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 151/339] Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP Greg Kroah-Hartman
` (190 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Leo Yan, Namhyung Kim,
Alexander Shishkin, Ingo Molnar, Jiri Olsa, Joe Mario,
Mark Rutland, Peter Zijlstra, Arnaldo Carvalho de Melo,
Sasha Levin
From: Leo Yan <leo.yan@linaro.org>
[ Upstream commit b24192a17337abbf3f44aaa75e15df14a2d0016e ]
The function percent_rmt_hitm_cmp() wrongly uses local HITMs for
sorting remote HITMs.
Since this function is to sort cache lines for remote HITMs, this patch
changes to use 'rmt_hitm' field for correct sorting.
Fixes: 9cb3500afc0980c5 ("perf c2c report: Add hitm/store percent related sort keys")
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Joe Mario <jmario@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220530084253.750190-1-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/builtin-c2c.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/perf/builtin-c2c.c b/tools/perf/builtin-c2c.c
index 8c9ffacbdd28..157533d451e3 100644
--- a/tools/perf/builtin-c2c.c
+++ b/tools/perf/builtin-c2c.c
@@ -925,8 +925,8 @@ percent_rmt_hitm_cmp(struct perf_hpp_fmt *fmt __maybe_unused,
double per_left;
double per_right;
- per_left = PERCENT(left, lcl_hitm);
- per_right = PERCENT(right, lcl_hitm);
+ per_left = PERCENT(left, rmt_hitm);
+ per_right = PERCENT(right, rmt_hitm);
return per_left - per_right;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 151/339] Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 150/339] perf c2c: Fix sorting in percent_rmt_hitm_cmp() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 152/339] Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan Greg Kroah-Hartman
` (189 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
Marcel Holtmann, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit a9a347655d224fa2841877957b34fc9d491fc2d7 ]
HCI_CONN_FLAG_REMOTE_WAKEUP can only be set if device can be programmed
in the allowlist which in case of device using RPA requires LL Privacy
support to be enabled.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215768
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/mgmt.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index d2d390534e54..74937a834648 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -4529,6 +4529,23 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
le_addr_type(cp->addr.type));
if (params) {
+ DECLARE_BITMAP(flags, __HCI_CONN_NUM_FLAGS);
+
+ bitmap_from_u64(flags, current_flags);
+
+ /* Devices using RPAs can only be programmed in the
+ * acceptlist LL Privacy has been enable otherwise they
+ * cannot mark HCI_CONN_FLAG_REMOTE_WAKEUP.
+ */
+ if (test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, flags) &&
+ !use_ll_privacy(hdev) &&
+ hci_find_irk_by_addr(hdev, ¶ms->addr,
+ params->addr_type)) {
+ bt_dev_warn(hdev,
+ "Cannot set wakeable for RPA");
+ goto unlock;
+ }
+
bitmap_from_u64(params->flags, current_flags);
status = MGMT_STATUS_SUCCESS;
@@ -4545,6 +4562,7 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
}
}
+unlock:
hci_dev_unlock(hdev);
done:
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 152/339] Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 151/339] Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 153/339] bluetooth: dont use bitmaps for random flag accesses Greg Kroah-Hartman
` (188 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Luiz Augusto von Dentz,
Marcel Holtmann, Sasha Levin
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
[ Upstream commit 3b42055388c30f2761a2d9cd9af2c99611dfe457 ]
When suspending the passive scanning _must_ have its filter_policy set
to 0x01 to use the accept list otherwise _any_ advertise report would
end up waking up the system.
In order to fix the filter_policy the code now checks for
hdev->suspended && HCI_CONN_FLAG_REMOTE_WAKEUP
first, since the MGMT_OP_SET_DEVICE_FLAGS will reject any attempt to
set HCI_CONN_FLAG_REMOTE_WAKEUP when it cannot be programmed in the
acceptlist, so it can return success causing the proper filter_policy
to be used.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215768
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bluetooth/hci_sync.c | 58 +++++++++++++++++++++++++++++-----------
1 file changed, 43 insertions(+), 15 deletions(-)
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 13600bf120b0..6b8d1cd65de4 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -1664,20 +1664,19 @@ static int hci_le_add_accept_list_sync(struct hci_dev *hdev,
struct hci_cp_le_add_to_accept_list cp;
int err;
+ /* During suspend, only wakeable devices can be in acceptlist */
+ if (hdev->suspended &&
+ !test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, params->flags))
+ return 0;
+
/* Select filter policy to accept all advertising */
if (*num_entries >= hdev->le_accept_list_size)
return -ENOSPC;
/* Accept list can not be used with RPAs */
if (!use_ll_privacy(hdev) &&
- hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type)) {
+ hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type))
return -EINVAL;
- }
-
- /* During suspend, only wakeable devices can be in acceptlist */
- if (hdev->suspended &&
- !test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, params->flags))
- return 0;
/* Attempt to program the device in the resolving list first to avoid
* having to rollback in case it fails since the resolving list is
@@ -4881,10 +4880,28 @@ static int hci_update_event_filter_sync(struct hci_dev *hdev)
return 0;
}
+/* This function disables scan (BR and LE) and mark it as paused */
+static int hci_pause_scan_sync(struct hci_dev *hdev)
+{
+ if (hdev->scanning_paused)
+ return 0;
+
+ /* Disable page scan if enabled */
+ if (test_bit(HCI_PSCAN, &hdev->flags))
+ hci_write_scan_enable_sync(hdev, SCAN_DISABLED);
+
+ hci_scan_disable_sync(hdev);
+
+ hdev->scanning_paused = true;
+
+ return 0;
+}
+
/* This function performs the HCI suspend procedures in the follow order:
*
* Pause discovery (active scanning/inquiry)
* Pause Directed Advertising/Advertising
+ * Pause Scanning (passive scanning in case discovery was not active)
* Disconnect all connections
* Set suspend_status to BT_SUSPEND_DISCONNECT if hdev cannot wakeup
* otherwise:
@@ -4910,15 +4927,11 @@ int hci_suspend_sync(struct hci_dev *hdev)
/* Pause other advertisements */
hci_pause_advertising_sync(hdev);
- /* Disable page scan if enabled */
- if (test_bit(HCI_PSCAN, &hdev->flags))
- hci_write_scan_enable_sync(hdev, SCAN_DISABLED);
-
/* Suspend monitor filters */
hci_suspend_monitor_sync(hdev);
/* Prevent disconnects from causing scanning to be re-enabled */
- hdev->scanning_paused = true;
+ hci_pause_scan_sync(hdev);
/* Soft disconnect everything (power off) */
err = hci_disconnect_all_sync(hdev, HCI_ERROR_REMOTE_POWER_OFF);
@@ -4989,6 +5002,22 @@ static void hci_resume_monitor_sync(struct hci_dev *hdev)
}
}
+/* This function resume scan and reset paused flag */
+static int hci_resume_scan_sync(struct hci_dev *hdev)
+{
+ if (!hdev->scanning_paused)
+ return 0;
+
+ hci_update_scan_sync(hdev);
+
+ /* Reset passive scanning to normal */
+ hci_update_passive_scan_sync(hdev);
+
+ hdev->scanning_paused = false;
+
+ return 0;
+}
+
/* This function performs the HCI suspend procedures in the follow order:
*
* Restore event mask
@@ -5011,10 +5040,9 @@ int hci_resume_sync(struct hci_dev *hdev)
/* Clear any event filters and restore scan state */
hci_clear_event_filter_sync(hdev);
- hci_update_scan_sync(hdev);
- /* Reset passive scanning to normal */
- hci_update_passive_scan_sync(hdev);
+ /* Resume scanning */
+ hci_resume_scan_sync(hdev);
/* Resume monitor filters */
hci_resume_monitor_sync(hdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 153/339] bluetooth: dont use bitmaps for random flag accesses
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 152/339] Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 154/339] dmaengine: idxd: set DMA_INTERRUPT cap bit Greg Kroah-Hartman
` (187 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Sudip Mukherjee,
Yury Norov, Luiz Augusto von Dentz, Marcel Holtmann,
Linus Torvalds, Sasha Levin
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit e1cff7002b716bd0b5f5f4afd4273c99aa8644be ]
The bluetooth code uses our bitmap infrastructure for the two bits (!)
of connection setup flags, and in the process causes odd problems when
it converts between a bitmap and just the regular values of said bits.
It's completely pointless to do things like bitmap_to_arr32() to convert
a bitmap into a u32. It shoudln't have been a bitmap in the first
place. The reason to use bitmaps is if you have arbitrary number of
bits you want to manage (not two!), or if you rely on the atomicity
guarantees of the bitmap setting and clearing.
The code could use an "atomic_t" and use "atomic_or/andnot()" to set and
clear the bit values, but considering that it then copies the bitmaps
around with "bitmap_to_arr32()" and friends, there clearly cannot be a
lot of atomicity requirements.
So just use a regular integer.
In the process, this avoids the warnings about erroneous use of
bitmap_from_u64() which were triggered on 32-bit architectures when
conversion from a u64 would access two words (and, surprise, surprise,
only one word is needed - and indeed overkill - for a 2-bit bitmap).
That was always problematic, but the compiler seems to notice it and
warn about the invalid pattern only after commit 0a97953fd221 ("lib: add
bitmap_{from,to}_arr64") changed the exact implementation details of
'bitmap_from_u64()', as reported by Sudip Mukherjee and Stephen Rothwell.
Fixes: fe92ee6425a2 ("Bluetooth: hci_core: Rework hci_conn_params flags")
Link: https://lore.kernel.org/all/YpyJ9qTNHJzz0FHY@debian/
Link: https://lore.kernel.org/all/20220606080631.0c3014f2@canb.auug.org.au/
Link: https://lore.kernel.org/all/20220605162537.1604762-1-yury.norov@gmail.com/
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Reported-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Reviewed-by: Yury Norov <yury.norov@gmail.com>
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/bluetooth/hci_core.h | 17 ++++++---------
net/bluetooth/hci_core.c | 4 ++--
net/bluetooth/hci_request.c | 2 +-
net/bluetooth/hci_sync.c | 6 +++---
net/bluetooth/mgmt.c | 37 ++++++++++++--------------------
5 files changed, 27 insertions(+), 39 deletions(-)
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 5a52a2018b56..c0ea2a4892b1 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -155,21 +155,18 @@ struct bdaddr_list_with_irk {
u8 local_irk[16];
};
+/* Bitmask of connection flags */
enum hci_conn_flags {
- HCI_CONN_FLAG_REMOTE_WAKEUP,
- HCI_CONN_FLAG_DEVICE_PRIVACY,
-
- __HCI_CONN_NUM_FLAGS,
+ HCI_CONN_FLAG_REMOTE_WAKEUP = 1,
+ HCI_CONN_FLAG_DEVICE_PRIVACY = 2,
};
-
-/* Make sure number of flags doesn't exceed sizeof(current_flags) */
-static_assert(__HCI_CONN_NUM_FLAGS < 32);
+typedef u8 hci_conn_flags_t;
struct bdaddr_list_with_flags {
struct list_head list;
bdaddr_t bdaddr;
u8 bdaddr_type;
- DECLARE_BITMAP(flags, __HCI_CONN_NUM_FLAGS);
+ hci_conn_flags_t flags;
};
struct bt_uuid {
@@ -576,7 +573,7 @@ struct hci_dev {
struct rfkill *rfkill;
DECLARE_BITMAP(dev_flags, __HCI_NUM_FLAGS);
- DECLARE_BITMAP(conn_flags, __HCI_CONN_NUM_FLAGS);
+ hci_conn_flags_t conn_flags;
__s8 adv_tx_power;
__u8 adv_data[HCI_MAX_EXT_AD_LENGTH];
@@ -775,7 +772,7 @@ struct hci_conn_params {
struct hci_conn *conn;
bool explicit_connect;
- DECLARE_BITMAP(flags, __HCI_CONN_NUM_FLAGS);
+ hci_conn_flags_t flags;
u8 privacy_mode;
};
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 45c2dd2e1590..19df3905c5f8 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2153,7 +2153,7 @@ int hci_bdaddr_list_add_with_flags(struct list_head *list, bdaddr_t *bdaddr,
bacpy(&entry->bdaddr, bdaddr);
entry->bdaddr_type = type;
- bitmap_from_u64(entry->flags, flags);
+ entry->flags = flags;
list_add(&entry->list, list);
@@ -2634,7 +2634,7 @@ int hci_register_dev(struct hci_dev *hdev)
* callback.
*/
if (hdev->wakeup)
- set_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, hdev->conn_flags);
+ hdev->conn_flags |= HCI_CONN_FLAG_REMOTE_WAKEUP;
hci_sock_dev_event(hdev, HCI_DEV_REG);
hci_dev_hold(hdev);
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index f4afe482e300..95689982eedb 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -482,7 +482,7 @@ static int add_to_accept_list(struct hci_request *req,
/* During suspend, only wakeable devices can be in accept list */
if (hdev->suspended &&
- !test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, params->flags))
+ !(params->flags & HCI_CONN_FLAG_REMOTE_WAKEUP))
return 0;
*num_entries += 1;
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 6b8d1cd65de4..351c2390164d 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -1637,7 +1637,7 @@ static int hci_le_set_privacy_mode_sync(struct hci_dev *hdev,
* indicates that LL Privacy has been enabled and
* HCI_OP_LE_SET_PRIVACY_MODE is supported.
*/
- if (!test_bit(HCI_CONN_FLAG_DEVICE_PRIVACY, params->flags))
+ if (!(params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY))
return 0;
irk = hci_find_irk_by_addr(hdev, ¶ms->addr, params->addr_type);
@@ -1666,7 +1666,7 @@ static int hci_le_add_accept_list_sync(struct hci_dev *hdev,
/* During suspend, only wakeable devices can be in acceptlist */
if (hdev->suspended &&
- !test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, params->flags))
+ !(params->flags & HCI_CONN_FLAG_REMOTE_WAKEUP))
return 0;
/* Select filter policy to accept all advertising */
@@ -4856,7 +4856,7 @@ static int hci_update_event_filter_sync(struct hci_dev *hdev)
hci_clear_event_filter_sync(hdev);
list_for_each_entry(b, &hdev->accept_list, list) {
- if (!test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, b->flags))
+ if (!(b->flags & HCI_CONN_FLAG_REMOTE_WAKEUP))
continue;
bt_dev_dbg(hdev, "Adding event filters for %pMR", &b->bdaddr);
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 74937a834648..ae758ab1b558 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -4013,10 +4013,11 @@ static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
memcpy(ev.uuid, rpa_resolution_uuid, 16);
ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
+ // Do we need to be atomic with the conn_flags?
if (enabled && privacy_mode_capable(hdev))
- set_bit(HCI_CONN_FLAG_DEVICE_PRIVACY, hdev->conn_flags);
+ hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
else
- clear_bit(HCI_CONN_FLAG_DEVICE_PRIVACY, hdev->conn_flags);
+ hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
&ev, sizeof(ev),
@@ -4435,8 +4436,7 @@ static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
hci_dev_lock(hdev);
- bitmap_to_arr32(&supported_flags, hdev->conn_flags,
- __HCI_CONN_NUM_FLAGS);
+ supported_flags = hdev->conn_flags;
memset(&rp, 0, sizeof(rp));
@@ -4447,8 +4447,7 @@ static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
if (!br_params)
goto done;
- bitmap_to_arr32(¤t_flags, br_params->flags,
- __HCI_CONN_NUM_FLAGS);
+ current_flags = br_params->flags;
} else {
params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
le_addr_type(cp->addr.type));
@@ -4456,8 +4455,7 @@ static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
if (!params)
goto done;
- bitmap_to_arr32(¤t_flags, params->flags,
- __HCI_CONN_NUM_FLAGS);
+ current_flags = params->flags;
}
bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
@@ -4502,8 +4500,8 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
&cp->addr.bdaddr, cp->addr.type,
__le32_to_cpu(current_flags));
- bitmap_to_arr32(&supported_flags, hdev->conn_flags,
- __HCI_CONN_NUM_FLAGS);
+ // We should take hci_dev_lock() early, I think.. conn_flags can change
+ supported_flags = hdev->conn_flags;
if ((supported_flags | current_flags) != supported_flags) {
bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
@@ -4519,7 +4517,7 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
cp->addr.type);
if (br_params) {
- bitmap_from_u64(br_params->flags, current_flags);
+ br_params->flags = current_flags;
status = MGMT_STATUS_SUCCESS;
} else {
bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
@@ -4529,15 +4527,11 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
le_addr_type(cp->addr.type));
if (params) {
- DECLARE_BITMAP(flags, __HCI_CONN_NUM_FLAGS);
-
- bitmap_from_u64(flags, current_flags);
-
/* Devices using RPAs can only be programmed in the
* acceptlist LL Privacy has been enable otherwise they
* cannot mark HCI_CONN_FLAG_REMOTE_WAKEUP.
*/
- if (test_bit(HCI_CONN_FLAG_REMOTE_WAKEUP, flags) &&
+ if ((current_flags & HCI_CONN_FLAG_REMOTE_WAKEUP) &&
!use_ll_privacy(hdev) &&
hci_find_irk_by_addr(hdev, ¶ms->addr,
params->addr_type)) {
@@ -4546,14 +4540,13 @@ static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
goto unlock;
}
- bitmap_from_u64(params->flags, current_flags);
+ params->flags = current_flags;
status = MGMT_STATUS_SUCCESS;
/* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
* has been set.
*/
- if (test_bit(HCI_CONN_FLAG_DEVICE_PRIVACY,
- params->flags))
+ if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
hci_update_passive_scan(hdev);
} else {
bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
@@ -7154,8 +7147,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
addr_type);
if (params)
- bitmap_to_arr32(¤t_flags, params->flags,
- __HCI_CONN_NUM_FLAGS);
+ current_flags = params->flags;
}
err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
@@ -7164,8 +7156,7 @@ static int add_device(struct sock *sk, struct hci_dev *hdev,
added:
device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
- bitmap_to_arr32(&supported_flags, hdev->conn_flags,
- __HCI_CONN_NUM_FLAGS);
+ supported_flags = hdev->conn_flags;
device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
supported_flags, current_flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 154/339] dmaengine: idxd: set DMA_INTERRUPT cap bit
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 153/339] bluetooth: dont use bitmaps for random flag accesses Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 155/339] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Greg Kroah-Hartman
` (186 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ben Walker, Dave Jiang, Vinod Koul,
Sasha Levin
From: Dave Jiang <dave.jiang@intel.com>
[ Upstream commit 4e5a4eb20393b851590b4465f1197a8041c2076b ]
Even though idxd driver has always supported interrupt, it never actually
set the DMA_INTERRUPT cap bit. Rectify this mistake so the interrupt
capability is advertised.
Reported-by: Ben Walker <benjamin.walker@intel.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/164971497859.2201379.17925303210723708961.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/idxd/dma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/dma/idxd/dma.c b/drivers/dma/idxd/dma.c
index bfff59617d04..13e061944db9 100644
--- a/drivers/dma/idxd/dma.c
+++ b/drivers/dma/idxd/dma.c
@@ -193,6 +193,7 @@ int idxd_register_dma_device(struct idxd_device *idxd)
INIT_LIST_HEAD(&dma->channels);
dma->dev = dev;
+ dma_cap_set(DMA_INTERRUPT, dma->cap_mask);
dma_cap_set(DMA_PRIVATE, dma->cap_mask);
dma_cap_set(DMA_COMPLETION_NO_ORDER, dma->cap_mask);
dma->device_release = idxd_dma_release;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 155/339] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 154/339] dmaengine: idxd: set DMA_INTERRUPT cap bit Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 156/339] bootconfig: Make the bootconfig.o as a normal object file Greg Kroah-Hartman
` (185 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gong Yuanjun, Serge Semin,
Thomas Bogendoerfer, Sasha Levin
From: Gong Yuanjun <ruc_gongyuanjun@163.com>
[ Upstream commit 4107fa700f314592850e2c64608f6ede4c077476 ]
Add the missing of_node_put() to release the refcount incremented
by of_find_compatible_node().
Signed-off-by: Gong Yuanjun <ruc_gongyuanjun@163.com>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/kernel/mips-cpc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/kernel/mips-cpc.c b/arch/mips/kernel/mips-cpc.c
index 17aff13cd7ce..3e386f7e1545 100644
--- a/arch/mips/kernel/mips-cpc.c
+++ b/arch/mips/kernel/mips-cpc.c
@@ -28,6 +28,7 @@ phys_addr_t __weak mips_cpc_default_phys_base(void)
cpc_node = of_find_compatible_node(of_root, NULL, "mti,mips-cpc");
if (cpc_node) {
err = of_address_to_resource(cpc_node, 0, &res);
+ of_node_put(cpc_node);
if (!err)
return res.start;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 156/339] bootconfig: Make the bootconfig.o as a normal object file
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 155/339] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 157/339] tracing: Make tp_printk work on syscall tracepoints Greg Kroah-Hartman
` (184 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Padmanabha Srinivasaiah,
Jonathan Corbet, Randy Dunlap, Nick Desaulniers, Sami Tolvanen,
Nathan Chancellor, Linux Kbuild mailing list, Masahiro Yamada,
Masami Hiramatsu, Steven Rostedt (Google),
Sasha Levin
From: Masami Hiramatsu <mhiramat@kernel.org>
[ Upstream commit 6014a23638cdee63a71ef13c51d7c563eb5829ee ]
Since the APIs defined in the bootconfig.o are not individually used,
it is meaningless to build it as library by lib-y. Use obj-y for that.
Link: https://lkml.kernel.org/r/164921225875.1090670.15565363126983098971.stgit@devnote2
Cc: Padmanabha Srinivasaiah <treasure4paddy@gmail.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Sami Tolvanen <samitolvanen@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>
Reported-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/Makefile b/lib/Makefile
index 6b9ffc1bd1ee..08053df16c7c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -279,7 +279,7 @@ $(foreach file, $(libfdt_files), \
$(eval CFLAGS_$(file) = -I $(srctree)/scripts/dtc/libfdt))
lib-$(CONFIG_LIBFDT) += $(libfdt_files)
-lib-$(CONFIG_BOOT_CONFIG) += bootconfig.o
+obj-$(CONFIG_BOOT_CONFIG) += bootconfig.o
obj-$(CONFIG_RBTREE_TEST) += rbtree_test.o
obj-$(CONFIG_INTERVAL_TREE_TEST) += interval_tree_test.o
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 157/339] tracing: Make tp_printk work on syscall tracepoints
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 156/339] bootconfig: Make the bootconfig.o as a normal object file Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 158/339] tracing: Fix sleeping function called from invalid context on RT kernel Greg Kroah-Hartman
` (183 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Xie, Steven Rostedt (Google),
Sasha Levin
From: Jeff Xie <xiehuan09@gmail.com>
[ Upstream commit cb1c45fb68b8a4285ccf750842b1136f26cfe267 ]
Currently the tp_printk option has no effect on syscall tracepoint.
When adding the kernel option parameter tp_printk, then:
echo 1 > /sys/kernel/debug/tracing/events/syscalls/enable
When running any application, no trace information is printed on the
terminal.
Now added printk for syscall tracepoints.
Link: https://lkml.kernel.org/r/20220410145025.681144-1-xiehuan09@gmail.com
Signed-off-by: Jeff Xie <xiehuan09@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_syscalls.c | 35 +++++++++++------------------------
1 file changed, 11 insertions(+), 24 deletions(-)
diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
index f755bde42fd0..b69e207012c9 100644
--- a/kernel/trace/trace_syscalls.c
+++ b/kernel/trace/trace_syscalls.c
@@ -154,7 +154,7 @@ print_syscall_enter(struct trace_iterator *iter, int flags,
goto end;
/* parameter types */
- if (tr->trace_flags & TRACE_ITER_VERBOSE)
+ if (tr && tr->trace_flags & TRACE_ITER_VERBOSE)
trace_seq_printf(s, "%s ", entry->types[i]);
/* parameter values */
@@ -296,9 +296,7 @@ static void ftrace_syscall_enter(void *data, struct pt_regs *regs, long id)
struct trace_event_file *trace_file;
struct syscall_trace_enter *entry;
struct syscall_metadata *sys_data;
- struct ring_buffer_event *event;
- struct trace_buffer *buffer;
- unsigned int trace_ctx;
+ struct trace_event_buffer fbuffer;
unsigned long args[6];
int syscall_nr;
int size;
@@ -321,20 +319,16 @@ static void ftrace_syscall_enter(void *data, struct pt_regs *regs, long id)
size = sizeof(*entry) + sizeof(unsigned long) * sys_data->nb_args;
- trace_ctx = tracing_gen_ctx();
-
- event = trace_event_buffer_lock_reserve(&buffer, trace_file,
- sys_data->enter_event->event.type, size, trace_ctx);
- if (!event)
+ entry = trace_event_buffer_reserve(&fbuffer, trace_file, size);
+ if (!entry)
return;
- entry = ring_buffer_event_data(event);
+ entry = ring_buffer_event_data(fbuffer.event);
entry->nr = syscall_nr;
syscall_get_arguments(current, regs, args);
memcpy(entry->args, args, sizeof(unsigned long) * sys_data->nb_args);
- event_trigger_unlock_commit(trace_file, buffer, event, entry,
- trace_ctx);
+ trace_event_buffer_commit(&fbuffer);
}
static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret)
@@ -343,9 +337,7 @@ static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret)
struct trace_event_file *trace_file;
struct syscall_trace_exit *entry;
struct syscall_metadata *sys_data;
- struct ring_buffer_event *event;
- struct trace_buffer *buffer;
- unsigned int trace_ctx;
+ struct trace_event_buffer fbuffer;
int syscall_nr;
syscall_nr = trace_get_syscall_nr(current, regs);
@@ -364,20 +356,15 @@ static void ftrace_syscall_exit(void *data, struct pt_regs *regs, long ret)
if (!sys_data)
return;
- trace_ctx = tracing_gen_ctx();
-
- event = trace_event_buffer_lock_reserve(&buffer, trace_file,
- sys_data->exit_event->event.type, sizeof(*entry),
- trace_ctx);
- if (!event)
+ entry = trace_event_buffer_reserve(&fbuffer, trace_file, sizeof(*entry));
+ if (!entry)
return;
- entry = ring_buffer_event_data(event);
+ entry = ring_buffer_event_data(fbuffer.event);
entry->nr = syscall_nr;
entry->ret = syscall_get_return_value(current, regs);
- event_trigger_unlock_commit(trace_file, buffer, event, entry,
- trace_ctx);
+ trace_event_buffer_commit(&fbuffer);
}
static int reg_event_syscall_enter(struct trace_event_file *file,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 158/339] tracing: Fix sleeping function called from invalid context on RT kernel
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 157/339] tracing: Make tp_printk work on syscall tracepoints Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 159/339] tracing: Avoid adding tracer option before update_tracer_options Greg Kroah-Hartman
` (182 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jun Miao, Steven Rostedt (Google),
Sasha Levin
From: Jun Miao <jun.miao@intel.com>
[ Upstream commit 12025abdc8539ed9d5014e2d647a3fd1bd3de5cd ]
When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the
cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the
atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,
these locks are replaced with sleepable rt-spinlock, so the stack calltrace will
be triggered.
Fix it by raw_spin_lock_irqsave when PREEMPT_RT and "trace_event=initcall:initcall_start
tp_printk=1" enabled.
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
preempt_count: 2, expected: 0
RCU nest depth: 0, expected: 0
Preemption disabled at:
[<ffffffff8992303e>] try_to_wake_up+0x7e/0xba0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x60/0x8c
dump_stack+0x10/0x12
__might_resched.cold+0x11d/0x155
rt_spin_lock+0x40/0x70
trace_event_buffer_commit+0x2fa/0x4c0
? map_vsyscall+0x93/0x93
trace_event_raw_event_initcall_start+0xbe/0x110
? perf_trace_initcall_finish+0x210/0x210
? probe_sched_wakeup+0x34/0x40
? ttwu_do_wakeup+0xda/0x310
? trace_hardirqs_on+0x35/0x170
? map_vsyscall+0x93/0x93
do_one_initcall+0x217/0x3c0
? trace_event_raw_event_initcall_level+0x170/0x170
? push_cpu_stop+0x400/0x400
? cblist_init_generic+0x241/0x290
kernel_init_freeable+0x1ac/0x347
? _raw_spin_unlock_irq+0x65/0x80
? rest_init+0xf0/0xf0
kernel_init+0x1e/0x150
ret_from_fork+0x22/0x30
</TASK>
Link: https://lkml.kernel.org/r/20220419013910.894370-1-jun.miao@intel.com
Signed-off-by: Jun Miao <jun.miao@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index f6fb04d79eba..8d2b5c5ce5b3 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2837,7 +2837,7 @@ trace_event_buffer_lock_reserve(struct trace_buffer **current_rb,
}
EXPORT_SYMBOL_GPL(trace_event_buffer_lock_reserve);
-static DEFINE_SPINLOCK(tracepoint_iter_lock);
+static DEFINE_RAW_SPINLOCK(tracepoint_iter_lock);
static DEFINE_MUTEX(tracepoint_printk_mutex);
static void output_printk(struct trace_event_buffer *fbuffer)
@@ -2865,14 +2865,14 @@ static void output_printk(struct trace_event_buffer *fbuffer)
event = &fbuffer->trace_file->event_call->event;
- spin_lock_irqsave(&tracepoint_iter_lock, flags);
+ raw_spin_lock_irqsave(&tracepoint_iter_lock, flags);
trace_seq_init(&iter->seq);
iter->ent = fbuffer->entry;
event_call->event.funcs->trace(iter, 0, event);
trace_seq_putc(&iter->seq, 0);
printk("%s", iter->seq.buffer);
- spin_unlock_irqrestore(&tracepoint_iter_lock, flags);
+ raw_spin_unlock_irqrestore(&tracepoint_iter_lock, flags);
}
int tracepoint_printk_sysctl(struct ctl_table *table, int write,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 159/339] tracing: Avoid adding tracer option before update_tracer_options
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 158/339] tracing: Fix sleeping function called from invalid context on RT kernel Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 160/339] i2c: mediatek: Optimize master_xfer() and avoid circular locking Greg Kroah-Hartman
` (181 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Mark-PK Tsai,
Steven Rostedt (Google),
Sasha Levin
From: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
[ Upstream commit ef9188bcc6ca1d8a2ad83e826b548e6820721061 ]
To prepare for support asynchronous tracer_init_tracefs initcall,
avoid calling create_trace_option_files before __update_tracer_options.
Otherwise, create_trace_option_files will show warning because
some tracers in trace_types list are already in tr->topts.
For example, hwlat_tracer call register_tracer in late_initcall,
and global_trace.dir is already created in tracing_init_dentry,
hwlat_tracer will be put into tr->topts.
Then if the __update_tracer_options is executed after hwlat_tracer
registered, create_trace_option_files find that hwlat_tracer is
already in tr->topts.
Link: https://lkml.kernel.org/r/20220426122407.17042-2-mark-pk.tsai@mediatek.com
Link: https://lore.kernel.org/lkml/20220322133339.GA32582@xsang-OptiPlex-9020/
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 8d2b5c5ce5b3..114c31bdf8f9 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6334,12 +6334,18 @@ static void tracing_set_nop(struct trace_array *tr)
tr->current_trace = &nop_trace;
}
+static bool tracer_options_updated;
+
static void add_tracer_options(struct trace_array *tr, struct tracer *t)
{
/* Only enable if the directory has been created already. */
if (!tr->dir)
return;
+ /* Only create trace option files after update_tracer_options finish */
+ if (!tracer_options_updated)
+ return;
+
create_trace_option_files(tr, t);
}
@@ -9178,6 +9184,7 @@ static void __update_tracer_options(struct trace_array *tr)
static void update_tracer_options(struct trace_array *tr)
{
mutex_lock(&trace_types_lock);
+ tracer_options_updated = true;
__update_tracer_options(tr);
mutex_unlock(&trace_types_lock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 160/339] i2c: mediatek: Optimize master_xfer() and avoid circular locking
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 159/339] tracing: Avoid adding tracer option before update_tracer_options Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 161/339] iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() Greg Kroah-Hartman
` (180 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, AngeloGioacchino Del Regno,
Nícolas F . R . A . Prado, Qii Wang, Wolfram Sang,
Sasha Levin
From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ Upstream commit 8b4fc246c3fffde96835b2f6d5d0e2a56c70d8f9 ]
Especially (but not only) during probe, it may happen that multiple
devices are communicating via i2c (or multiple i2c busses) and
sometimes while others are probing asynchronously.
For example, a Cr50 TPM may be filling entropy (or userspace may be
reading random data) while the rt5682 (i2c) codec driver reads/sets
some registers, like while getting/setting a clock's rate, which
happens both during probe and during system operation.
In this driver, the mtk_i2c_transfer() function (which is the i2c
.master_xfer() callback) was granularly managing the clocks by
performing a clk_bulk_prepare_enable() to start them and its inverse.
This is not only creating possible circular locking dependencies in
the some cases (like former explanation), but it's also suboptimal,
as clk_core prepare/unprepare operations are using mutex locking,
which creates a bit of unwanted overhead (for example, i2c trackpads
will call master_xfer() every few milliseconds!).
With this commit, we avoid both the circular locking and additional
overhead by changing how we handle the clocks in this driver:
- Prepare the clocks during probe (and PM resume)
- Enable/disable clocks in mtk_i2c_transfer()
- Unprepare the clocks only for driver removal (and PM suspend)
For the sake of providing a full explanation: during probe, the
clocks are not only prepared but also enabled, as this is needed
for some hardware initialization but, after that, we are disabling
but not unpreparing them, leaving an expected state for the
aforementioned clock handling strategy.
Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Tested-by: Nícolas F. R. A. Prado <nfraprado@collabora.com>
Reviewed-by: Qii Wang <qii.wang@mediatek.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-mt65xx.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/i2c/busses/i2c-mt65xx.c b/drivers/i2c/busses/i2c-mt65xx.c
index f651d3e124d6..bdecb78bfc26 100644
--- a/drivers/i2c/busses/i2c-mt65xx.c
+++ b/drivers/i2c/busses/i2c-mt65xx.c
@@ -1177,7 +1177,7 @@ static int mtk_i2c_transfer(struct i2c_adapter *adap,
int left_num = num;
struct mtk_i2c *i2c = i2c_get_adapdata(adap);
- ret = clk_bulk_prepare_enable(I2C_MT65XX_CLK_MAX, i2c->clocks);
+ ret = clk_bulk_enable(I2C_MT65XX_CLK_MAX, i2c->clocks);
if (ret)
return ret;
@@ -1231,7 +1231,7 @@ static int mtk_i2c_transfer(struct i2c_adapter *adap,
ret = num;
err_exit:
- clk_bulk_disable_unprepare(I2C_MT65XX_CLK_MAX, i2c->clocks);
+ clk_bulk_disable(I2C_MT65XX_CLK_MAX, i2c->clocks);
return ret;
}
@@ -1412,7 +1412,7 @@ static int mtk_i2c_probe(struct platform_device *pdev)
return ret;
}
mtk_i2c_init_hw(i2c);
- clk_bulk_disable_unprepare(I2C_MT65XX_CLK_MAX, i2c->clocks);
+ clk_bulk_disable(I2C_MT65XX_CLK_MAX, i2c->clocks);
ret = devm_request_irq(&pdev->dev, irq, mtk_i2c_irq,
IRQF_NO_SUSPEND | IRQF_TRIGGER_NONE,
@@ -1439,6 +1439,8 @@ static int mtk_i2c_remove(struct platform_device *pdev)
i2c_del_adapter(&i2c->adap);
+ clk_bulk_unprepare(I2C_MT65XX_CLK_MAX, i2c->clocks);
+
return 0;
}
@@ -1448,6 +1450,7 @@ static int mtk_i2c_suspend_noirq(struct device *dev)
struct mtk_i2c *i2c = dev_get_drvdata(dev);
i2c_mark_adapter_suspended(&i2c->adap);
+ clk_bulk_unprepare(I2C_MT65XX_CLK_MAX, i2c->clocks);
return 0;
}
@@ -1465,7 +1468,7 @@ static int mtk_i2c_resume_noirq(struct device *dev)
mtk_i2c_init_hw(i2c);
- clk_bulk_disable_unprepare(I2C_MT65XX_CLK_MAX, i2c->clocks);
+ clk_bulk_disable(I2C_MT65XX_CLK_MAX, i2c->clocks);
i2c_mark_adapter_resumed(&i2c->adap);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 161/339] iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 160/339] i2c: mediatek: Optimize master_xfer() and avoid circular locking Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 162/339] iommu/arm-smmu-v3: check return value after calling platform_get_resource() Greg Kroah-Hartman
` (179 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Will Deacon, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d9ed8af1dee37f181096631fb03729ece98ba816 ]
It will cause null-ptr-deref when using 'res', if platform_get_resource()
returns NULL, so move using 'res' after devm_ioremap_resource() that
will check it to avoid null-ptr-deref.
And use devm_platform_get_and_ioremap_resource() to simplify code.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220425114136.2649310-1-yangyingliang@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/arm/arm-smmu/arm-smmu.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c
index 568cce590ccc..52b71f6aee3f 100644
--- a/drivers/iommu/arm/arm-smmu/arm-smmu.c
+++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c
@@ -2092,11 +2092,10 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
if (err)
return err;
- res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- ioaddr = res->start;
- smmu->base = devm_ioremap_resource(dev, res);
+ smmu->base = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(smmu->base))
return PTR_ERR(smmu->base);
+ ioaddr = res->start;
/*
* The resource size should effectively match the value of SMMU_TOP;
* stash that temporarily until we know PAGESIZE to validate it with.
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 162/339] iommu/arm-smmu-v3: check return value after calling platform_get_resource()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 161/339] iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 163/339] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Greg Kroah-Hartman
` (178 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Will Deacon, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit b131fa8c1d2afd05d0b7598621114674289c2fbb ]
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20220425114525.2651143-1-yangyingliang@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
index 627a3ed5ee8f..88817a3376ef 100644
--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
@@ -3770,6 +3770,8 @@ static int arm_smmu_device_probe(struct platform_device *pdev)
/* Base address */
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!res)
+ return -EINVAL;
if (resource_size(res) < arm_smmu_resource_size(smmu)) {
dev_err(dev, "MMIO region too small (%pr)\n", res);
return -EINVAL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 163/339] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 162/339] iommu/arm-smmu-v3: check return value after calling platform_get_resource() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 164/339] f2fs: avoid infinite loop to flush node pages Greg Kroah-Hartman
` (177 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+763ae12a2ede1d99d4dc,
Dongliang Mu, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Dongliang Mu <mudongliangabcd@gmail.com>
[ Upstream commit dc2f78e2d4cc844a1458653d57ce1b54d4a29f21 ]
Syzbot triggers two WARNs in f2fs_is_valid_blkaddr and
__is_bitmap_valid. For example, in f2fs_is_valid_blkaddr,
if type is DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ,
it invokes WARN_ON if blkaddr is not in the right range.
The call trace is as follows:
f2fs_get_node_info+0x45f/0x1070
read_node_page+0x577/0x1190
__get_node_page.part.0+0x9e/0x10e0
__get_node_page
f2fs_get_node_page+0x109/0x180
do_read_inode
f2fs_iget+0x2a5/0x58b0
f2fs_fill_super+0x3b39/0x7ca0
Fix these two WARNs by replacing WARN_ON with dump_stack.
Reported-by: syzbot+763ae12a2ede1d99d4dc@syzkaller.appspotmail.com
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index 909085a78f9c..71b1e93cbe0c 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -158,7 +158,7 @@ static bool __is_bitmap_valid(struct f2fs_sb_info *sbi, block_t blkaddr,
f2fs_err(sbi, "Inconsistent error blkaddr:%u, sit bitmap:%d",
blkaddr, exist);
set_sbi_flag(sbi, SBI_NEED_FSCK);
- WARN_ON(1);
+ dump_stack();
}
return exist;
}
@@ -196,7 +196,7 @@ bool f2fs_is_valid_blkaddr(struct f2fs_sb_info *sbi,
f2fs_warn(sbi, "access invalid blkaddr:%u",
blkaddr);
set_sbi_flag(sbi, SBI_NEED_FSCK);
- WARN_ON(1);
+ dump_stack();
return false;
} else {
return __is_bitmap_valid(sbi, blkaddr, type);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 164/339] f2fs: avoid infinite loop to flush node pages
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 163/339] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 165/339] i2c: cadence: Increase timeout per message if necessary Greg Kroah-Hartman
` (176 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jaegeuk Kim, Sasha Levin
From: Jaegeuk Kim <jaegeuk@kernel.org>
[ Upstream commit a7b8618aa2f0f926ce85f2486ac835a85c753ca7 ]
xfstests/generic/475 can give EIO all the time which give an infinite loop
to flush node page like below. Let's avoid it.
[16418.518551] Call Trace:
[16418.518553] ? dm_submit_bio+0x48/0x400
[16418.518574] ? submit_bio_checks+0x1ac/0x5a0
[16418.525207] __submit_bio+0x1a9/0x230
[16418.525210] ? kmem_cache_alloc+0x29e/0x3c0
[16418.525223] submit_bio_noacct+0xa8/0x2b0
[16418.525226] submit_bio+0x4d/0x130
[16418.525238] __submit_bio+0x49/0x310 [f2fs]
[16418.525339] ? bio_add_page+0x6a/0x90
[16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs]
[16418.525365] read_node_page+0x125/0x1b0 [f2fs]
[16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs]
[16418.525409] __get_node_page+0x2f/0x60 [f2fs]
[16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs]
[16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30
[16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40
[16418.525467] ? __xa_set_mark+0x57/0x70
[16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]
[16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs]
[16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90
[16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs]
[16418.525545] ? blk_flush_plug_list+0x47/0x100
[16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs]
[16418.525569] do_writepages+0xd5/0x210
[16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0
[16418.525655] filemap_fdatawrite+0x50/0x70
[16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]
[16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs]
[16418.525699] ? ttwu_do_wakeup+0x1c/0x160
[16418.525709] ? ttwu_do_activate+0x6d/0xd0
[16418.525711] ? __wait_for_common+0x11d/0x150
[16418.525715] kill_f2fs_super+0xca/0x100 [f2fs]
[16418.525733] deactivate_locked_super+0x3b/0xb0
[16418.525739] deactivate_super+0x40/0x50
[16418.525741] cleanup_mnt+0x139/0x190
[16418.525747] __cleanup_mnt+0x12/0x20
[16418.525749] task_work_run+0x6d/0xa0
[16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0
[16418.525771] syscall_exit_to_user_mode+0x27/0x50
[16418.525774] do_syscall_64+0x48/0xc0
[16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/checkpoint.c | 8 +-------
fs/f2fs/f2fs.h | 23 +++++++++++++++++++----
fs/f2fs/node.c | 23 ++++++++++++-----------
3 files changed, 32 insertions(+), 22 deletions(-)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index 71b1e93cbe0c..beceac9885c3 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -98,13 +98,7 @@ static struct page *__get_meta_page(struct f2fs_sb_info *sbi, pgoff_t index,
}
if (unlikely(!PageUptodate(page))) {
- if (page->index == sbi->metapage_eio_ofs) {
- if (sbi->metapage_eio_cnt++ == MAX_RETRY_META_PAGE_EIO)
- set_ckpt_flags(sbi, CP_ERROR_FLAG);
- } else {
- sbi->metapage_eio_ofs = page->index;
- sbi->metapage_eio_cnt = 0;
- }
+ f2fs_handle_page_eio(sbi, page->index, META);
f2fs_put_page(page, 1);
return ERR_PTR(-EIO);
}
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 6ec8c6d4711f..9b89f26af1f3 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -578,8 +578,8 @@ enum {
/* maximum retry quota flush count */
#define DEFAULT_RETRY_QUOTA_FLUSH_COUNT 8
-/* maximum retry of EIO'ed meta page */
-#define MAX_RETRY_META_PAGE_EIO 100
+/* maximum retry of EIO'ed page */
+#define MAX_RETRY_PAGE_EIO 100
#define F2FS_LINK_MAX 0xffffffff /* maximum link count per file */
@@ -1614,8 +1614,8 @@ struct f2fs_sb_info {
/* keep migration IO order for LFS mode */
struct f2fs_rwsem io_order_lock;
mempool_t *write_io_dummy; /* Dummy pages */
- pgoff_t metapage_eio_ofs; /* EIO page offset */
- int metapage_eio_cnt; /* EIO count */
+ pgoff_t page_eio_ofs[NR_PAGE_TYPE]; /* EIO page offset */
+ int page_eio_cnt[NR_PAGE_TYPE]; /* EIO count */
/* for checkpoint */
struct f2fs_checkpoint *ckpt; /* raw checkpoint pointer */
@@ -4541,6 +4541,21 @@ static inline void f2fs_io_schedule_timeout(long timeout)
io_schedule_timeout(timeout);
}
+static inline void f2fs_handle_page_eio(struct f2fs_sb_info *sbi, pgoff_t ofs,
+ enum page_type type)
+{
+ if (unlikely(f2fs_cp_error(sbi)))
+ return;
+
+ if (ofs == sbi->page_eio_ofs[type]) {
+ if (sbi->page_eio_cnt[type]++ == MAX_RETRY_PAGE_EIO)
+ set_ckpt_flags(sbi, CP_ERROR_FLAG);
+ } else {
+ sbi->page_eio_ofs[type] = ofs;
+ sbi->page_eio_cnt[type] = 0;
+ }
+}
+
#define EFSBADCRC EBADMSG /* Bad CRC detected */
#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index c45d341dcf6e..a8d0fa2731cb 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1416,8 +1416,7 @@ static struct page *__get_node_page(struct f2fs_sb_info *sbi, pgoff_t nid,
err = read_node_page(page, 0);
if (err < 0) {
- f2fs_put_page(page, 1);
- return ERR_PTR(err);
+ goto out_put_err;
} else if (err == LOCKED_PAGE) {
err = 0;
goto page_hit;
@@ -1443,19 +1442,21 @@ static struct page *__get_node_page(struct f2fs_sb_info *sbi, pgoff_t nid,
goto out_err;
}
page_hit:
- if (unlikely(nid != nid_of_node(page))) {
- f2fs_warn(sbi, "inconsistent node block, nid:%lu, node_footer[nid:%u,ino:%u,ofs:%u,cpver:%llu,blkaddr:%u]",
+ if (likely(nid == nid_of_node(page)))
+ return page;
+
+ f2fs_warn(sbi, "inconsistent node block, nid:%lu, node_footer[nid:%u,ino:%u,ofs:%u,cpver:%llu,blkaddr:%u]",
nid, nid_of_node(page), ino_of_node(page),
ofs_of_node(page), cpver_of_node(page),
next_blkaddr_of_node(page));
- set_sbi_flag(sbi, SBI_NEED_FSCK);
- err = -EINVAL;
+ set_sbi_flag(sbi, SBI_NEED_FSCK);
+ err = -EINVAL;
out_err:
- ClearPageUptodate(page);
- f2fs_put_page(page, 1);
- return ERR_PTR(err);
- }
- return page;
+ ClearPageUptodate(page);
+out_put_err:
+ f2fs_handle_page_eio(sbi, page->index, NODE);
+ f2fs_put_page(page, 1);
+ return ERR_PTR(err);
}
struct page *f2fs_get_node_page(struct f2fs_sb_info *sbi, pgoff_t nid)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 165/339] i2c: cadence: Increase timeout per message if necessary
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 164/339] f2fs: avoid infinite loop to flush node pages Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 166/339] m68knommu: set ZERO_PAGE() to the allocated zeroed page Greg Kroah-Hartman
` (175 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lucas Tanure, Michal Simek,
Wolfram Sang, Sasha Levin
From: Lucas Tanure <tanureal@opensource.cirrus.com>
[ Upstream commit 96789dce043f5bff8b7d62aa28d52a7c59403a84 ]
Timeout as 1 second sets an upper limit on the length
of the transfer executed, but there is no maximum length
of a write or read message set in i2c_adapter_quirks for
this controller.
This upper limit affects devices that require sending
large firmware blobs over I2C.
To remove that limitation, calculate the minimal time
necessary, plus some wiggle room, for every message and
use it instead of the default one second, if more than
one second.
Signed-off-by: Lucas Tanure <tanureal@opensource.cirrus.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-cadence.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c
index 805c77143a0f..b4c1ad19cdae 100644
--- a/drivers/i2c/busses/i2c-cadence.c
+++ b/drivers/i2c/busses/i2c-cadence.c
@@ -760,7 +760,7 @@ static void cdns_i2c_master_reset(struct i2c_adapter *adap)
static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg,
struct i2c_adapter *adap)
{
- unsigned long time_left;
+ unsigned long time_left, msg_timeout;
u32 reg;
id->p_msg = msg;
@@ -785,8 +785,16 @@ static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg,
else
cdns_i2c_msend(id);
+ /* Minimal time to execute this message */
+ msg_timeout = msecs_to_jiffies((1000 * msg->len * BITS_PER_BYTE) / id->i2c_clk);
+ /* Plus some wiggle room */
+ msg_timeout += msecs_to_jiffies(500);
+
+ if (msg_timeout < adap->timeout)
+ msg_timeout = adap->timeout;
+
/* Wait for the signal of completion */
- time_left = wait_for_completion_timeout(&id->xfer_done, adap->timeout);
+ time_left = wait_for_completion_timeout(&id->xfer_done, msg_timeout);
if (time_left == 0) {
cdns_i2c_master_reset(adap);
dev_err(id->adap.dev.parent,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 166/339] m68knommu: set ZERO_PAGE() to the allocated zeroed page
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 165/339] i2c: cadence: Increase timeout per message if necessary Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 167/339] m68knommu: fix undefined reference to `_init_sp Greg Kroah-Hartman
` (174 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hugh Dickens, Greg Ungerer, Sasha Levin
From: Greg Ungerer <gerg@linux-m68k.org>
[ Upstream commit dc068f46217970d9516f16cd37972a01d50dc055 ]
The non-MMU m68k pagetable ZERO_PAGE() macro is being set to the
somewhat non-sensical value of "virt_to_page(0)". The zeroth page
is not in any way guaranteed to be a page full of "0". So the result
is that ZERO_PAGE() will almost certainly contain random values.
We already allocate a real "empty_zero_page" in the mm setup code shared
between MMU m68k and non-MMU m68k. It is just not hooked up to the
ZERO_PAGE() macro for the non-MMU m68k case.
Fix ZERO_PAGE() to use the allocated "empty_zero_page" pointer.
I am not aware of any specific issues caused by the old code.
Link: https://lore.kernel.org/linux-m68k/2a462b23-5b8e-bbf4-ec7d-778434a3b9d7@google.com/T/#t
Reported-by: Hugh Dickens <hughd@google.com>
Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/include/asm/pgtable_no.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/m68k/include/asm/pgtable_no.h b/arch/m68k/include/asm/pgtable_no.h
index 87151d67d91e..bce5ca56c388 100644
--- a/arch/m68k/include/asm/pgtable_no.h
+++ b/arch/m68k/include/asm/pgtable_no.h
@@ -42,7 +42,8 @@ extern void paging_init(void);
* ZERO_PAGE is a global shared page that is always zero: used
* for zero-mapped memory areas etc..
*/
-#define ZERO_PAGE(vaddr) (virt_to_page(0))
+extern void *empty_zero_page;
+#define ZERO_PAGE(vaddr) (virt_to_page(empty_zero_page))
/*
* All 32bit addresses are effectively valid for vmalloc...
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 167/339] m68knommu: fix undefined reference to `_init_sp
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 166/339] m68knommu: set ZERO_PAGE() to the allocated zeroed page Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 168/339] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Kroah-Hartman
` (173 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Geert Uytterhoeven, Greg Ungerer, Sasha Levin
From: Greg Ungerer <gerg@linux-m68k.org>
[ Upstream commit a71b9e66fee47c59b3ec34e652b5c23bc6550794 ]
When configuring a nommu classic m68k system enabling the uboot parameter
passing support (CONFIG_UBOOT) will produce the following compile error:
m68k-linux-ld: arch/m68k/kernel/uboot.o: in function `process_uboot_commandline':
uboot.c:(.init.text+0x32): undefined reference to `_init_sp'
The logic to support this option is only used on ColdFire based platforms
(in its head.S startup code). So make the selection of this option
depend on building for a ColdFire based platform.
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/Kconfig.machine | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/m68k/Kconfig.machine b/arch/m68k/Kconfig.machine
index eeab4f3e6c19..946853a08502 100644
--- a/arch/m68k/Kconfig.machine
+++ b/arch/m68k/Kconfig.machine
@@ -335,6 +335,7 @@ comment "Machine Options"
config UBOOT
bool "Support for U-Boot command line parameters"
+ depends on COLDFIRE
help
If you say Y here kernel will try to collect command
line parameters from the initial u-boot stack.
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 168/339] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 167/339] m68knommu: fix undefined reference to `_init_sp Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 169/339] NFSv4: Dont hold the layoutget locks across multiple RPC calls Greg Kroah-Hartman
` (172 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Radhey Shyam Pandey, Vinod Koul, Sasha Levin
From: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
[ Upstream commit f9a9f43a62a04ec3183fb0da9226c7706eed0115 ]
In zynqmp_dma_alloc/free_chan_resources functions there is a
potential overflow in the below expressions.
dma_alloc_coherent(chan->dev, (2 * chan->desc_size *
ZYNQMP_DMA_NUM_DESCS),
&chan->desc_pool_p, GFP_KERNEL);
dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) *
ZYNQMP_DMA_NUM_DESCS),
chan->desc_pool_v, chan->desc_pool_p);
The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though
this overflow condition is not observed but it is a potential problem
in the case of 32-bit multiplication. Hence fix it by changing the
desc_size data type to size_t.
In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in
dma_alloc_coherent API argument.
Addresses-Coverity: Event overflow_before_widen.
Signed-off-by: Radhey Shyam Pandey <radhey.shyam.pandey@xilinx.com>
Link: https://lore.kernel.org/r/1652166762-18317-2-git-send-email-radhey.shyam.pandey@xilinx.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/dma/xilinx/zynqmp_dma.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c
index 7aa63b652027..3ffa7f37c701 100644
--- a/drivers/dma/xilinx/zynqmp_dma.c
+++ b/drivers/dma/xilinx/zynqmp_dma.c
@@ -229,7 +229,7 @@ struct zynqmp_dma_chan {
bool is_dmacoherent;
struct tasklet_struct tasklet;
bool idle;
- u32 desc_size;
+ size_t desc_size;
bool err;
u32 bus_width;
u32 src_burst_len;
@@ -486,7 +486,8 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan)
}
chan->desc_pool_v = dma_alloc_coherent(chan->dev,
- (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS),
+ (2 * ZYNQMP_DMA_DESC_SIZE(chan) *
+ ZYNQMP_DMA_NUM_DESCS),
&chan->desc_pool_p, GFP_KERNEL);
if (!chan->desc_pool_v)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 169/339] NFSv4: Dont hold the layoutget locks across multiple RPC calls
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 168/339] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 170/339] video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 Greg Kroah-Hartman
` (171 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Anna Schumaker, Sasha Levin
From: Trond Myklebust <trond.myklebust@hammerspace.com>
[ Upstream commit 6949493884fe88500de4af182588e071cf1544ee ]
When doing layoutget as part of the open() compound, we have to be
careful to release the layout locks before we can call any further RPC
calls, such as setattr(). The reason is that those calls could trigger
a recall, which could deadlock.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/nfs4proc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 8c5907287c16..d1eaaeb7f713 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -3098,6 +3098,10 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
}
out:
+ if (opendata->lgp) {
+ nfs4_lgopen_release(opendata->lgp);
+ opendata->lgp = NULL;
+ }
if (!opendata->cancelled)
nfs4_sequence_free_slot(&opendata->o_res.seq_res);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 170/339] video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 169/339] NFSv4: Dont hold the layoutget locks across multiple RPC calls Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 171/339] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Greg Kroah-Hartman
` (170 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Saurabh Sengar, Dexuan Cui,
Helge Deller, Sasha Levin
From: Saurabh Sengar <ssengar@linux.microsoft.com>
[ Upstream commit c4b4d7047f16a8d138ce76da65faefb7165736f2 ]
This patch fixes a bug where GEN1 VMs doesn't allow resolutions greater
than 64 MB size (eg 7680x4320). Unnecessary PCI check limits Gen1 VRAM
to legacy PCI BAR size only (ie 64MB). Thus any, resolution requesting
greater then 64MB (eg 7680x4320) would fail. MMIO region assigning this
memory shouldn't be limited by PCI bar size.
Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/hyperv_fb.c | 19 +------------------
1 file changed, 1 insertion(+), 18 deletions(-)
diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c
index c8e0ea27caf1..58c304a3b7c4 100644
--- a/drivers/video/fbdev/hyperv_fb.c
+++ b/drivers/video/fbdev/hyperv_fb.c
@@ -1009,7 +1009,6 @@ static int hvfb_getmem(struct hv_device *hdev, struct fb_info *info)
struct pci_dev *pdev = NULL;
void __iomem *fb_virt;
int gen2vm = efi_enabled(EFI_BOOT);
- resource_size_t pot_start, pot_end;
phys_addr_t paddr;
int ret;
@@ -1060,23 +1059,7 @@ static int hvfb_getmem(struct hv_device *hdev, struct fb_info *info)
dio_fb_size =
screen_width * screen_height * screen_depth / 8;
- if (gen2vm) {
- pot_start = 0;
- pot_end = -1;
- } else {
- if (!(pci_resource_flags(pdev, 0) & IORESOURCE_MEM) ||
- pci_resource_len(pdev, 0) < screen_fb_size) {
- pr_err("Resource not available or (0x%lx < 0x%lx)\n",
- (unsigned long) pci_resource_len(pdev, 0),
- (unsigned long) screen_fb_size);
- goto err1;
- }
-
- pot_end = pci_resource_end(pdev, 0);
- pot_start = pot_end - screen_fb_size + 1;
- }
-
- ret = vmbus_allocate_mmio(&par->mem, hdev, pot_start, pot_end,
+ ret = vmbus_allocate_mmio(&par->mem, hdev, 0, -1,
screen_fb_size, 0x100000, true);
if (ret != 0) {
pr_err("Unable to allocate framebuffer memory\n");
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 171/339] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 170/339] video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 172/339] RISC-V: use memcpy for kexec_file mode Greg Kroah-Hartman
` (169 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yang Yingliang, Helge Deller, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit d87ad457f7e1b8d2492ca5b1531eb35030a1cc8f ]
In pxa3xx_gcu_probe(), the sequence of error lable is wrong, it will
leads some resource leaked, so adjust the sequence to handle the error
correctly, and if pxa3xx_gcu_add_buffer() fails, pxa3xx_gcu_free_buffers()
need be called.
In pxa3xx_gcu_remove(), add missing clk_disable_unpreprare().
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/pxa3xx-gcu.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/video/fbdev/pxa3xx-gcu.c b/drivers/video/fbdev/pxa3xx-gcu.c
index 350b3139c863..043cc8f9ef1c 100644
--- a/drivers/video/fbdev/pxa3xx-gcu.c
+++ b/drivers/video/fbdev/pxa3xx-gcu.c
@@ -646,6 +646,7 @@ static int pxa3xx_gcu_probe(struct platform_device *pdev)
for (i = 0; i < 8; i++) {
ret = pxa3xx_gcu_add_buffer(dev, priv);
if (ret) {
+ pxa3xx_gcu_free_buffers(dev, priv);
dev_err(dev, "failed to allocate DMA memory\n");
goto err_disable_clk;
}
@@ -662,15 +663,15 @@ static int pxa3xx_gcu_probe(struct platform_device *pdev)
SHARED_SIZE, irq);
return 0;
-err_free_dma:
- dma_free_coherent(dev, SHARED_SIZE,
- priv->shared, priv->shared_phys);
+err_disable_clk:
+ clk_disable_unprepare(priv->clk);
err_misc_deregister:
misc_deregister(&priv->misc_dev);
-err_disable_clk:
- clk_disable_unprepare(priv->clk);
+err_free_dma:
+ dma_free_coherent(dev, SHARED_SIZE,
+ priv->shared, priv->shared_phys);
return ret;
}
@@ -683,6 +684,7 @@ static int pxa3xx_gcu_remove(struct platform_device *pdev)
pxa3xx_gcu_wait_idle(priv);
misc_deregister(&priv->misc_dev);
dma_free_coherent(dev, SHARED_SIZE, priv->shared, priv->shared_phys);
+ clk_disable_unprepare(priv->clk);
pxa3xx_gcu_free_buffers(dev, priv);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 172/339] RISC-V: use memcpy for kexec_file mode
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 171/339] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 173/339] m68knommu: fix undefined reference to `mach_get_rtc_pll Greg Kroah-Hartman
` (168 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liao Chang, Palmer Dabbelt, Sasha Levin
From: Liao Chang <liaochang1@huawei.com>
[ Upstream commit b7fb4d78a6ade6026d9e5cf438c2a46ab962e032 ]
The pointer to buffer loading kernel binaries is in kernel space for
kexec_fil mode, When copy_from_user copies data from pointer to a block
of memory, it checkes that the pointer is in the user space range, on
RISCV-V that is:
static inline bool __access_ok(unsigned long addr, unsigned long size)
{
return size <= TASK_SIZE && addr <= TASK_SIZE - size;
}
and TASK_SIZE is 0x4000000000 for 64-bits, which now causes
copy_from_user to reject the access of the field 'buf' of struct
kexec_segment that is in range [CONFIG_PAGE_OFFSET - VMALLOC_SIZE,
CONFIG_PAGE_OFFSET), is invalid user space pointer.
This patch fixes this issue by skipping access_ok(), use mempcy() instead.
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Link: https://lore.kernel.org/r/20220408100914.150110-3-lizhengyu3@huawei.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/machine_kexec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_kexec.c
index cbef0fc73afa..df8e24559035 100644
--- a/arch/riscv/kernel/machine_kexec.c
+++ b/arch/riscv/kernel/machine_kexec.c
@@ -65,7 +65,9 @@ machine_kexec_prepare(struct kimage *image)
if (image->segment[i].memsz <= sizeof(fdt))
continue;
- if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
+ if (image->file_mode)
+ memcpy(&fdt, image->segment[i].buf, sizeof(fdt));
+ else if (copy_from_user(&fdt, image->segment[i].buf, sizeof(fdt)))
continue;
if (fdt_check_header(&fdt))
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 173/339] m68knommu: fix undefined reference to `mach_get_rtc_pll
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 172/339] RISC-V: use memcpy for kexec_file mode Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 174/339] rtla/Makefile: Properly handle dependencies Greg Kroah-Hartman
` (167 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Geert Uytterhoeven, Arnd Bergmann, Greg Ungerer, Sasha Levin
From: Greg Ungerer <gerg@linux-m68k.org>
[ Upstream commit 1300eec9e51f23c34c4487d2b06f58ca22e1ad3d ]
Configuring for a nommu classic m68k target and enabling the generic rtc
driver (CONFIG_RTC_DRV_GENERIC) will result in the following compile
error:
m68k-linux-ld: arch/m68k/kernel/time.o: in function `rtc_ioctl':
time.c:(.text+0x82): undefined reference to `mach_get_rtc_pll'
m68k-linux-ld: time.c:(.text+0xbc): undefined reference to `mach_set_rtc_pll'
m68k-linux-ld: time.c:(.text+0xf4): undefined reference to `mach_set_rtc_pll'
There are no definitions of "mach_set_rtc_pll" and "mach_get_rtc_pll" in the
nommu code paths. Move these definitions and the associated "mach_hwclk",
so that they are around their use case in time.c. This means they will
always be defined on the builds that require them, and not on those that
cannot use them - such as ColdFire (both with and without MMU enabled).
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Ungerer <gerg@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/m68k/kernel/setup_mm.c | 7 -------
arch/m68k/kernel/setup_no.c | 1 -
arch/m68k/kernel/time.c | 9 +++++++++
3 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/arch/m68k/kernel/setup_mm.c b/arch/m68k/kernel/setup_mm.c
index 8f94feed969c..07317367ead8 100644
--- a/arch/m68k/kernel/setup_mm.c
+++ b/arch/m68k/kernel/setup_mm.c
@@ -87,15 +87,8 @@ void (*mach_sched_init) (void) __initdata = NULL;
void (*mach_init_IRQ) (void) __initdata = NULL;
void (*mach_get_model) (char *model);
void (*mach_get_hardware_list) (struct seq_file *m);
-/* machine dependent timer functions */
-int (*mach_hwclk) (int, struct rtc_time*);
-EXPORT_SYMBOL(mach_hwclk);
unsigned int (*mach_get_ss)(void);
-int (*mach_get_rtc_pll)(struct rtc_pll_info *);
-int (*mach_set_rtc_pll)(struct rtc_pll_info *);
EXPORT_SYMBOL(mach_get_ss);
-EXPORT_SYMBOL(mach_get_rtc_pll);
-EXPORT_SYMBOL(mach_set_rtc_pll);
void (*mach_reset)( void );
void (*mach_halt)( void );
void (*mach_power_off)( void );
diff --git a/arch/m68k/kernel/setup_no.c b/arch/m68k/kernel/setup_no.c
index 5e4104f07a44..19eea73d3c17 100644
--- a/arch/m68k/kernel/setup_no.c
+++ b/arch/m68k/kernel/setup_no.c
@@ -50,7 +50,6 @@ char __initdata command_line[COMMAND_LINE_SIZE];
/* machine dependent timer functions */
void (*mach_sched_init)(void) __initdata = NULL;
-int (*mach_hwclk) (int, struct rtc_time*);
/* machine dependent reboot functions */
void (*mach_reset)(void);
diff --git a/arch/m68k/kernel/time.c b/arch/m68k/kernel/time.c
index 340ffeea0a9d..a97600b2af50 100644
--- a/arch/m68k/kernel/time.c
+++ b/arch/m68k/kernel/time.c
@@ -63,6 +63,15 @@ void timer_heartbeat(void)
#endif /* CONFIG_HEARTBEAT */
#ifdef CONFIG_M68KCLASSIC
+/* machine dependent timer functions */
+int (*mach_hwclk) (int, struct rtc_time*);
+EXPORT_SYMBOL(mach_hwclk);
+
+int (*mach_get_rtc_pll)(struct rtc_pll_info *);
+int (*mach_set_rtc_pll)(struct rtc_pll_info *);
+EXPORT_SYMBOL(mach_get_rtc_pll);
+EXPORT_SYMBOL(mach_set_rtc_pll);
+
#if !IS_BUILTIN(CONFIG_RTC_DRV_GENERIC)
void read_persistent_clock64(struct timespec64 *ts)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 174/339] rtla/Makefile: Properly handle dependencies
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 173/339] m68knommu: fix undefined reference to `mach_get_rtc_pll Greg Kroah-Hartman
@ 2022-06-13 10:09 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 175/339] f2fs: fix to tag gcing flag on page during file defragment Greg Kroah-Hartman
` (166 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:09 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ingo Molnar, Andrew Morton,
Linus Torvalds, Steven Rostedt, Daniel Bristot de Oliveira,
Sasha Levin
From: Daniel Bristot de Oliveira <bristot@kernel.org>
[ Upstream commit fe4d0d5dde457bb5832b866418b5036f4f0c8d13 ]
Linus had a problem compiling RTLA, saying:
"[...] I wish the tracing tools would do a bit more package
checking and helpful error messages too, rather than just
fail with:
fatal error: tracefs.h: No such file or directory"
Which is indeed not a helpful message. Update the Makefile, adding
proper checks for the dependencies, with useful information about
how to resolve possible problems.
For example, the previous error is now reported as:
$ make
********************************************
** NOTICE: libtracefs version 1.3 or higher not found
**
** Consider installing the latest libtracefs from your
** distribution, e.g., 'dnf install libtracefs' on Fedora,
** or from source:
**
** https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/
**
********************************************
These messages are inspired by the ones used on trace-cmd, as suggested
by Stevel Rostedt.
Link: https://lore.kernel.org/r/CAHk-=whxmA86E=csNv76DuxX_wYsg8mW15oUs3XTabu2Yc80yw@mail.gmail.com/
Changes from V1:
- Moved the rst2man check to the install phase (when it is used).
- Removed the procps-ng lib check [1] as it is being removed.
[1] a0f9f8c1030c66305c9b921057c3d483064d5529.1651220820.git.bristot@kernel.org
Link: https://lkml.kernel.org/r/3f1fac776c37e4b67c876a94e5a0e45ed022ff3d.1651238057.git.bristot@kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/tools/rtla/Makefile | 14 ++++++++++++-
tools/tracing/rtla/Makefile | 35 +++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/Documentation/tools/rtla/Makefile b/Documentation/tools/rtla/Makefile
index 9f2b84af1a6c..093af6d7a0e9 100644
--- a/Documentation/tools/rtla/Makefile
+++ b/Documentation/tools/rtla/Makefile
@@ -17,9 +17,21 @@ DOC_MAN1 = $(addprefix $(OUTPUT),$(_DOC_MAN1))
RST2MAN_DEP := $(shell command -v rst2man 2>/dev/null)
RST2MAN_OPTS += --verbose
+TEST_RST2MAN = $(shell sh -c "rst2man --version > /dev/null 2>&1 || echo n")
+
$(OUTPUT)%.1: %.rst
ifndef RST2MAN_DEP
- $(error "rst2man not found, but required to generate man pages")
+ $(info ********************************************)
+ $(info ** NOTICE: rst2man not found)
+ $(info **)
+ $(info ** Consider installing the latest rst2man from your)
+ $(info ** distribution, e.g., 'dnf install python3-docutils' on Fedora,)
+ $(info ** or from source:)
+ $(info **)
+ $(info ** https://docutils.sourceforge.io/docs/dev/repository.html )
+ $(info **)
+ $(info ********************************************)
+ $(error NOTICE: rst2man required to generate man pages)
endif
rst2man $(RST2MAN_OPTS) $< > $@
diff --git a/tools/tracing/rtla/Makefile b/tools/tracing/rtla/Makefile
index 523f0a8c38c2..3822f4ea5f49 100644
--- a/tools/tracing/rtla/Makefile
+++ b/tools/tracing/rtla/Makefile
@@ -58,6 +58,41 @@ else
DOCSRC = $(SRCTREE)/../../../Documentation/tools/rtla/
endif
+LIBTRACEEVENT_MIN_VERSION = 1.5
+LIBTRACEFS_MIN_VERSION = 1.3
+
+TEST_LIBTRACEEVENT = $(shell sh -c "$(PKG_CONFIG) --atleast-version $(LIBTRACEEVENT_MIN_VERSION) libtraceevent > /dev/null 2>&1 || echo n")
+ifeq ("$(TEST_LIBTRACEEVENT)", "n")
+.PHONY: warning_traceevent
+warning_traceevent:
+ @echo "********************************************"
+ @echo "** NOTICE: libtraceevent version $(LIBTRACEEVENT_MIN_VERSION) or higher not found"
+ @echo "**"
+ @echo "** Consider installing the latest libtraceevent from your"
+ @echo "** distribution, e.g., 'dnf install libtraceevent' on Fedora,"
+ @echo "** or from source:"
+ @echo "**"
+ @echo "** https://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git/ "
+ @echo "**"
+ @echo "********************************************"
+endif
+
+TEST_LIBTRACEFS = $(shell sh -c "$(PKG_CONFIG) --atleast-version $(LIBTRACEFS_MIN_VERSION) libtracefs > /dev/null 2>&1 || echo n")
+ifeq ("$(TEST_LIBTRACEFS)", "n")
+.PHONY: warning_tracefs
+warning_tracefs:
+ @echo "********************************************"
+ @echo "** NOTICE: libtracefs version $(LIBTRACEFS_MIN_VERSION) or higher not found"
+ @echo "**"
+ @echo "** Consider installing the latest libtracefs from your"
+ @echo "** distribution, e.g., 'dnf install libtracefs' on Fedora,"
+ @echo "** or from source:"
+ @echo "**"
+ @echo "** https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/ "
+ @echo "**"
+ @echo "********************************************"
+endif
+
.PHONY: all
all: rtla
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 175/339] f2fs: fix to tag gcing flag on page during file defragment
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2022-06-13 10:09 ` [PATCH 5.18 174/339] rtla/Makefile: Properly handle dependencies Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 176/339] xprtrdma: treat all calls not a bcall when bc_serv is NULL Greg Kroah-Hartman
` (165 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <chao@kernel.org>
[ Upstream commit 2d1fe8a86bf5e0663866fd0da83c2af1e1b0e362 ]
In order to garantee migrated data be persisted during checkpoint,
otherwise out-of-order persistency between data and node may cause
data corruption after SPOR.
Signed-off-by: Chao Yu <chao.yu@oppo.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/file.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 176e97b985e6..5d1b97e852e7 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2687,6 +2687,7 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi,
}
set_page_dirty(page);
+ set_page_private_gcing(page);
f2fs_put_page(page, 1);
idx++;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 176/339] xprtrdma: treat all calls not a bcall when bc_serv is NULL
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 175/339] f2fs: fix to tag gcing flag on page during file defragment Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 177/339] drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid Greg Kroah-Hartman
` (164 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kinglong Mee, Chuck Lever,
Anna Schumaker, Sasha Levin
From: Kinglong Mee <kinglongmee@gmail.com>
[ Upstream commit 11270e7ca268e8d61b5d9e5c3a54bd1550642c9c ]
When a rdma server returns a fault format reply, nfs v3 client may
treats it as a bcall when bc service is not exist.
The debug message at rpcrdma_bc_receive_call are,
[56579.837169] RPC: rpcrdma_bc_receive_call: callback XID
00000001, length=20
[56579.837174] RPC: rpcrdma_bc_receive_call: 00 00 00 01 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 04
After that, rpcrdma_bc_receive_call will meets NULL pointer as,
[ 226.057890] BUG: unable to handle kernel NULL pointer dereference at
00000000000000c8
...
[ 226.058704] RIP: 0010:_raw_spin_lock+0xc/0x20
...
[ 226.059732] Call Trace:
[ 226.059878] rpcrdma_bc_receive_call+0x138/0x327 [rpcrdma]
[ 226.060011] __ib_process_cq+0x89/0x170 [ib_core]
[ 226.060092] ib_cq_poll_work+0x26/0x80 [ib_core]
[ 226.060257] process_one_work+0x1a7/0x360
[ 226.060367] ? create_worker+0x1a0/0x1a0
[ 226.060440] worker_thread+0x30/0x390
[ 226.060500] ? create_worker+0x1a0/0x1a0
[ 226.060574] kthread+0x116/0x130
[ 226.060661] ? kthread_flush_work_fn+0x10/0x10
[ 226.060724] ret_from_fork+0x35/0x40
...
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtrdma/rpc_rdma.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/sunrpc/xprtrdma/rpc_rdma.c b/net/sunrpc/xprtrdma/rpc_rdma.c
index 281ddb87ac8d..190a4de239c8 100644
--- a/net/sunrpc/xprtrdma/rpc_rdma.c
+++ b/net/sunrpc/xprtrdma/rpc_rdma.c
@@ -1121,6 +1121,7 @@ static bool
rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep)
#if defined(CONFIG_SUNRPC_BACKCHANNEL)
{
+ struct rpc_xprt *xprt = &r_xprt->rx_xprt;
struct xdr_stream *xdr = &rep->rr_stream;
__be32 *p;
@@ -1144,6 +1145,10 @@ rpcrdma_is_bcall(struct rpcrdma_xprt *r_xprt, struct rpcrdma_rep *rep)
if (*p != cpu_to_be32(RPC_CALL))
return false;
+ /* No bc service. */
+ if (xprt->bc_serv == NULL)
+ return false;
+
/* Now that we are sure this is a backchannel call,
* advance to the RPC header.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 177/339] drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 176/339] xprtrdma: treat all calls not a bcall when bc_serv is NULL Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 178/339] drm/panfrost: Job should reference MMU not file_priv Greg Kroah-Hartman
` (163 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Vasut, Jonas Karlman,
Laurent Pinchart, Lucas Stach, Maxime Ripard, Neil Armstrong,
Robert Foss, Sam Ravnborg, Andrzej Hajda, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit edbc7960bef7fd71ef1e44d0df15b864784b14c8 ]
Handle empty data-lanes = < >; property, which translates to
dsi_lanes = 0 as invalid.
Fixes: ceb515ba29ba6 ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Jonas Karlman <jonas@kwiboo.se>
Cc: Laurent Pinchart <Laurent.pinchart@ideasonboard.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: Marek Vasut <marex@denx.de>
Cc: Maxime Ripard <maxime@cerno.tech>
Cc: Neil Armstrong <narmstrong@baylibre.com>
Cc: Robert Foss <robert.foss@linaro.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Andrzej Hajda <andrzej.hajda@intel.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20220518233844.248504-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
index 19daaddd29a4..3d58110465fe 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
@@ -573,7 +573,7 @@ static int sn65dsi83_parse_dt(struct sn65dsi83 *ctx, enum sn65dsi83_model model)
ctx->host_node = of_graph_get_remote_port_parent(endpoint);
of_node_put(endpoint);
- if (ctx->dsi_lanes < 0 || ctx->dsi_lanes > 4) {
+ if (ctx->dsi_lanes <= 0 || ctx->dsi_lanes > 4) {
ret = -EINVAL;
goto err_put_node;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 178/339] drm/panfrost: Job should reference MMU not file_priv
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 177/339] drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 179/339] powerpc/papr_scm: dont requests stats with 0 sized stats buffer Greg Kroah-Hartman
` (162 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Steven Price, Alyssa Rosenzweig, Sasha Levin
From: Steven Price <steven.price@arm.com>
[ Upstream commit 6e516faf04317db2c46cbec4e3b78b4653a5b109 ]
For a while now it's been allowed for a MMU context to outlive it's
corresponding panfrost_priv, however the job structure still references
panfrost_priv to get hold of the MMU context. If panfrost_priv has been
freed this is a use-after-free which I've been able to trigger resulting
in a splat.
To fix this, drop the reference to panfrost_priv in the job structure
and add a direct reference to the MMU structure which is what's actually
needed.
Fixes: 7fdc48cc63a3 ("drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv")
Signed-off-by: Steven Price <steven.price@arm.com>
Acked-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220519152003.81081-1-steven.price@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panfrost/panfrost_drv.c | 5 +++--
drivers/gpu/drm/panfrost/panfrost_job.c | 6 +++---
drivers/gpu/drm/panfrost/panfrost_job.h | 2 +-
3 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/panfrost/panfrost_drv.c b/drivers/gpu/drm/panfrost/panfrost_drv.c
index 94b6f0a19c83..47780fe597f2 100644
--- a/drivers/gpu/drm/panfrost/panfrost_drv.c
+++ b/drivers/gpu/drm/panfrost/panfrost_drv.c
@@ -233,6 +233,7 @@ static int panfrost_ioctl_submit(struct drm_device *dev, void *data,
struct drm_file *file)
{
struct panfrost_device *pfdev = dev->dev_private;
+ struct panfrost_file_priv *file_priv = file->driver_priv;
struct drm_panfrost_submit *args = data;
struct drm_syncobj *sync_out = NULL;
struct panfrost_job *job;
@@ -262,12 +263,12 @@ static int panfrost_ioctl_submit(struct drm_device *dev, void *data,
job->jc = args->jc;
job->requirements = args->requirements;
job->flush_id = panfrost_gpu_get_latest_flush_id(pfdev);
- job->file_priv = file->driver_priv;
+ job->mmu = file_priv->mmu;
slot = panfrost_job_get_slot(job);
ret = drm_sched_job_init(&job->base,
- &job->file_priv->sched_entity[slot],
+ &file_priv->sched_entity[slot],
NULL);
if (ret)
goto out_put_job;
diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c
index a6925dbb6224..22c2af1a4627 100644
--- a/drivers/gpu/drm/panfrost/panfrost_job.c
+++ b/drivers/gpu/drm/panfrost/panfrost_job.c
@@ -201,7 +201,7 @@ static void panfrost_job_hw_submit(struct panfrost_job *job, int js)
return;
}
- cfg = panfrost_mmu_as_get(pfdev, job->file_priv->mmu);
+ cfg = panfrost_mmu_as_get(pfdev, job->mmu);
job_write(pfdev, JS_HEAD_NEXT_LO(js), lower_32_bits(jc_head));
job_write(pfdev, JS_HEAD_NEXT_HI(js), upper_32_bits(jc_head));
@@ -431,7 +431,7 @@ static void panfrost_job_handle_err(struct panfrost_device *pfdev,
job->jc = 0;
}
- panfrost_mmu_as_put(pfdev, job->file_priv->mmu);
+ panfrost_mmu_as_put(pfdev, job->mmu);
panfrost_devfreq_record_idle(&pfdev->pfdevfreq);
if (signal_fence)
@@ -452,7 +452,7 @@ static void panfrost_job_handle_done(struct panfrost_device *pfdev,
* happen when we receive the DONE interrupt while doing a GPU reset).
*/
job->jc = 0;
- panfrost_mmu_as_put(pfdev, job->file_priv->mmu);
+ panfrost_mmu_as_put(pfdev, job->mmu);
panfrost_devfreq_record_idle(&pfdev->pfdevfreq);
dma_fence_signal_locked(job->done_fence);
diff --git a/drivers/gpu/drm/panfrost/panfrost_job.h b/drivers/gpu/drm/panfrost/panfrost_job.h
index 77e6d0e6f612..8becc1ba0eb9 100644
--- a/drivers/gpu/drm/panfrost/panfrost_job.h
+++ b/drivers/gpu/drm/panfrost/panfrost_job.h
@@ -17,7 +17,7 @@ struct panfrost_job {
struct kref refcount;
struct panfrost_device *pfdev;
- struct panfrost_file_priv *file_priv;
+ struct panfrost_mmu *mmu;
/* Fence to be signaled by IRQ handler when the job is complete. */
struct dma_fence *done_fence;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 179/339] powerpc/papr_scm: dont requests stats with 0 sized stats buffer
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 178/339] drm/panfrost: Job should reference MMU not file_priv Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 180/339] netfilter: nat: really support inet nat without l3 address Greg Kroah-Hartman
` (161 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sachin Sant, Vaibhav Jain,
Michael Ellerman, Sasha Levin
From: Vaibhav Jain <vaibhav@linux.ibm.com>
[ Upstream commit 07bf9431b1590d1cd7a8d62075d0b50b073f0495 ]
Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being
reported with vPMEM when papr_scm probe is being called. The panic is of the
form below and is observed only with following option disabled(profile) for the
said LPAR 'Enable Performance Information Collection' in the HMC:
Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on write at 0x0000001c
Faulting instruction address: 0xc008000001b90844
Oops: Kernel access of bad area, sig: 11 [#1]
<snip>
NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]
LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]
Call Trace:
0xc00000000941bca0 (unreliable)
papr_scm_probe+0x2ac/0x6ec [papr_scm]
platform_probe+0x98/0x150
really_probe+0xfc/0x510
__driver_probe_device+0x17c/0x230
<snip>
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Fatal exception
On investigation looks like this panic was caused due to a 'stat_buffer' of
size==0 being provided to drc_pmem_query_stats() to fetch all performance
stats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called
since the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused
due to missing check for 'p->stat_buffer_len' at the beginning of
papr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support
performance-stats.
Fix this by introducing the check for 'p->stat_buffer_len' at the beginning of
papr_scm_pmu_check_events().
[1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com
Fixes: 0e0946e22f3665d2732 ("powerpc/papr_scm: Fix leaking nvdimm_events_map elements")
Reported-by: Sachin Sant <sachinp@linux.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com>
Tested-by: Sachin Sant <sachinp@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220524112353.1718454-1-vaibhav@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/platforms/pseries/papr_scm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c
index 181b855b3050..82cae08976bc 100644
--- a/arch/powerpc/platforms/pseries/papr_scm.c
+++ b/arch/powerpc/platforms/pseries/papr_scm.c
@@ -465,6 +465,9 @@ static int papr_scm_pmu_check_events(struct papr_scm_priv *p, struct nvdimm_pmu
u32 available_events;
int index, rc = 0;
+ if (!p->stat_buffer_len)
+ return -ENOENT;
+
available_events = (p->stat_buffer_len - sizeof(struct papr_scm_perf_stats))
/ sizeof(struct papr_scm_perf_stat);
if (available_events == 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 180/339] netfilter: nat: really support inet nat without l3 address
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 179/339] powerpc/papr_scm: dont requests stats with 0 sized stats buffer Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 181/339] netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path Greg Kroah-Hartman
` (160 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yi Chen, Florian Westphal,
Pablo Neira Ayuso, Sasha Levin
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 282e5f8fe907dc3f2fbf9f2103b0e62ffc3a68a5 ]
When no l3 address is given, priv->family is set to NFPROTO_INET and
the evaluation function isn't called.
Call it too so l4-only rewrite can work.
Also add a test case for this.
Fixes: a33f387ecd5aa ("netfilter: nft_nat: allow to specify layer 4 protocol NAT only")
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_nat.c | 3 +-
tools/testing/selftests/netfilter/nft_nat.sh | 43 ++++++++++++++++++++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 4394df4bc99b..e5fd6995e4bf 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -335,7 +335,8 @@ static void nft_nat_inet_eval(const struct nft_expr *expr,
{
const struct nft_nat *priv = nft_expr_priv(expr);
- if (priv->family == nft_pf(pkt))
+ if (priv->family == nft_pf(pkt) ||
+ priv->family == NFPROTO_INET)
nft_nat_eval(expr, regs, pkt);
}
diff --git a/tools/testing/selftests/netfilter/nft_nat.sh b/tools/testing/selftests/netfilter/nft_nat.sh
index eb8543b9a5c4..924ecb3f1f73 100755
--- a/tools/testing/selftests/netfilter/nft_nat.sh
+++ b/tools/testing/selftests/netfilter/nft_nat.sh
@@ -374,6 +374,45 @@ EOF
return $lret
}
+test_local_dnat_portonly()
+{
+ local family=$1
+ local daddr=$2
+ local lret=0
+ local sr_s
+ local sr_r
+
+ip netns exec "$ns0" nft -f /dev/stdin <<EOF
+table $family nat {
+ chain output {
+ type nat hook output priority 0; policy accept;
+ meta l4proto tcp dnat to :2000
+
+ }
+}
+EOF
+ if [ $? -ne 0 ]; then
+ if [ $family = "inet" ];then
+ echo "SKIP: inet port test"
+ test_inet_nat=false
+ return
+ fi
+ echo "SKIP: Could not add $family dnat hook"
+ return
+ fi
+
+ echo SERVER-$family | ip netns exec "$ns1" timeout 5 socat -u STDIN TCP-LISTEN:2000 &
+ sc_s=$!
+
+ result=$(ip netns exec "$ns0" timeout 1 socat TCP:$daddr:2000 STDOUT)
+
+ if [ "$result" = "SERVER-inet" ];then
+ echo "PASS: inet port rewrite without l3 address"
+ else
+ echo "ERROR: inet port rewrite"
+ ret=1
+ fi
+}
test_masquerade6()
{
@@ -1148,6 +1187,10 @@ fi
reset_counters
test_local_dnat ip
test_local_dnat6 ip6
+
+reset_counters
+test_local_dnat_portonly inet 10.0.1.99
+
reset_counters
$test_inet_nat && test_local_dnat inet
$test_inet_nat && test_local_dnat6 inet
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 181/339] netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 180/339] netfilter: nat: really support inet nat without l3 address Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 182/339] netfilter: nf_tables: delete flowtable hooks via transaction list Greg Kroah-Hartman
` (159 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit ab5e5c062f67c5ae8cd07f0632ffa62dc0e7d169 ]
Use kfree_rcu(ptr, rcu) variant instead as described by ae089831ff28
("netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant").
Fixes: f9a43007d3f7 ("netfilter: nf_tables: double hook unregistration in netns path")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b6a920813005..a0981e7cb211 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7326,7 +7326,7 @@ static void __nft_unregister_flowtable_net_hooks(struct net *net,
nf_unregister_net_hook(net, &hook->ops);
if (release_netdev) {
list_del(&hook->list);
- kfree_rcu(hook);
+ kfree_rcu(hook, rcu);
}
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 182/339] netfilter: nf_tables: delete flowtable hooks via transaction list
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 181/339] netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 183/339] powerpc/kasan: Force thread size increase with KASAN Greg Kroah-Hartman
` (158 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit b6d9014a3335194590abdd2a2471ef5147a67645 ]
Remove inactive bool field in nft_hook object that was introduced in
abadb2f865d7 ("netfilter: nf_tables: delete devices from flowtable").
Move stale flowtable hooks to transaction list instead.
Deleting twice the same device does not result in ENOENT.
Fixes: abadb2f865d7 ("netfilter: nf_tables: delete devices from flowtable")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/netfilter/nf_tables.h | 1 -
net/netfilter/nf_tables_api.c | 31 ++++++-------------------------
2 files changed, 6 insertions(+), 26 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 20af9d3557b9..279ae0fff7ad 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1090,7 +1090,6 @@ struct nft_stats {
struct nft_hook {
struct list_head list;
- bool inactive;
struct nf_hook_ops ops;
struct rcu_head rcu;
};
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a0981e7cb211..f23c40e6caa6 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1914,7 +1914,6 @@ static struct nft_hook *nft_netdev_hook_alloc(struct net *net,
goto err_hook_dev;
}
hook->ops.dev = dev;
- hook->inactive = false;
return hook;
@@ -7612,6 +7611,7 @@ static int nft_delflowtable_hook(struct nft_ctx *ctx,
{
const struct nlattr * const *nla = ctx->nla;
struct nft_flowtable_hook flowtable_hook;
+ LIST_HEAD(flowtable_del_list);
struct nft_hook *this, *hook;
struct nft_trans *trans;
int err;
@@ -7627,7 +7627,7 @@ static int nft_delflowtable_hook(struct nft_ctx *ctx,
err = -ENOENT;
goto err_flowtable_del_hook;
}
- hook->inactive = true;
+ list_move(&hook->list, &flowtable_del_list);
}
trans = nft_trans_alloc(ctx, NFT_MSG_DELFLOWTABLE,
@@ -7640,6 +7640,7 @@ static int nft_delflowtable_hook(struct nft_ctx *ctx,
nft_trans_flowtable(trans) = flowtable;
nft_trans_flowtable_update(trans) = true;
INIT_LIST_HEAD(&nft_trans_flowtable_hooks(trans));
+ list_splice(&flowtable_del_list, &nft_trans_flowtable_hooks(trans));
nft_flowtable_hook_release(&flowtable_hook);
nft_trans_commit_list_add_tail(ctx->net, trans);
@@ -7647,13 +7648,7 @@ static int nft_delflowtable_hook(struct nft_ctx *ctx,
return 0;
err_flowtable_del_hook:
- list_for_each_entry(this, &flowtable_hook.list, list) {
- hook = nft_hook_list_find(&flowtable->hook_list, this);
- if (!hook)
- break;
-
- hook->inactive = false;
- }
+ list_splice(&flowtable_del_list, &flowtable->hook_list);
nft_flowtable_hook_release(&flowtable_hook);
return err;
@@ -8559,17 +8554,6 @@ void nft_chain_del(struct nft_chain *chain)
list_del_rcu(&chain->list);
}
-static void nft_flowtable_hooks_del(struct nft_flowtable *flowtable,
- struct list_head *hook_list)
-{
- struct nft_hook *hook, *next;
-
- list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) {
- if (hook->inactive)
- list_move(&hook->list, hook_list);
- }
-}
-
static void nf_tables_module_autoload_cleanup(struct net *net)
{
struct nftables_pernet *nft_net = nft_pernet(net);
@@ -8914,8 +8898,6 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
break;
case NFT_MSG_DELFLOWTABLE:
if (nft_trans_flowtable_update(trans)) {
- nft_flowtable_hooks_del(nft_trans_flowtable(trans),
- &nft_trans_flowtable_hooks(trans));
nf_tables_flowtable_notify(&trans->ctx,
nft_trans_flowtable(trans),
&nft_trans_flowtable_hooks(trans),
@@ -8996,7 +8978,6 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
struct nftables_pernet *nft_net = nft_pernet(net);
struct nft_trans *trans, *next;
struct nft_trans_elem *te;
- struct nft_hook *hook;
if (action == NFNL_ABORT_VALIDATE &&
nf_tables_validate(net) < 0)
@@ -9127,8 +9108,8 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
break;
case NFT_MSG_DELFLOWTABLE:
if (nft_trans_flowtable_update(trans)) {
- list_for_each_entry(hook, &nft_trans_flowtable(trans)->hook_list, list)
- hook->inactive = false;
+ list_splice(&nft_trans_flowtable_hooks(trans),
+ &nft_trans_flowtable(trans)->hook_list);
} else {
trans->ctx.table->use++;
nft_clear(trans->ctx.net, nft_trans_flowtable(trans));
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 183/339] powerpc/kasan: Force thread size increase with KASAN
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 182/339] netfilter: nf_tables: delete flowtable hooks via transaction list Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 184/339] NFSD: Fix potential use-after-free in nfsd_file_put() Greg Kroah-Hartman
` (157 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Erhard Furtner, Christophe Leroy,
Michael Ellerman, Sasha Levin
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 3e8635fb2e072672cbc650989ffedf8300ad67fb ]
KASAN causes increased stack usage, which can lead to stack overflows.
The logic in Kconfig to suggest a larger default doesn't work if a user
has CONFIG_EXPERT enabled and has an existing .config with a smaller
value.
Follow the lead of x86 and arm64, and force the thread size to be
increased when KASAN is enabled.
That also has the effect of enlarging the stack for 64-bit KASAN builds,
which is also desirable.
Fixes: edbadaf06710 ("powerpc/kasan: Fix stack overflow by increasing THREAD_SHIFT")
Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
[mpe: Use MIN_THREAD_SHIFT as suggested by Christophe]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220601143114.133524-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Kconfig | 1 -
arch/powerpc/include/asm/thread_info.h | 10 ++++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 174edabb74fa..efb03d8d1f8b 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -771,7 +771,6 @@ config THREAD_SHIFT
range 13 15
default "15" if PPC_256K_PAGES
default "14" if PPC64
- default "14" if KASAN
default "13"
help
Used to define the stack size. The default is almost always what you
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
index 125328d1b980..af58f1ed3952 100644
--- a/arch/powerpc/include/asm/thread_info.h
+++ b/arch/powerpc/include/asm/thread_info.h
@@ -14,10 +14,16 @@
#ifdef __KERNEL__
-#if defined(CONFIG_VMAP_STACK) && CONFIG_THREAD_SHIFT < PAGE_SHIFT
+#ifdef CONFIG_KASAN
+#define MIN_THREAD_SHIFT (CONFIG_THREAD_SHIFT + 1)
+#else
+#define MIN_THREAD_SHIFT CONFIG_THREAD_SHIFT
+#endif
+
+#if defined(CONFIG_VMAP_STACK) && MIN_THREAD_SHIFT < PAGE_SHIFT
#define THREAD_SHIFT PAGE_SHIFT
#else
-#define THREAD_SHIFT CONFIG_THREAD_SHIFT
+#define THREAD_SHIFT MIN_THREAD_SHIFT
#endif
#define THREAD_SIZE (1 << THREAD_SHIFT)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 184/339] NFSD: Fix potential use-after-free in nfsd_file_put()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 183/339] powerpc/kasan: Force thread size increase with KASAN Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 185/339] SUNRPC: Trap RDMA segment overflows Greg Kroah-Hartman
` (156 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Trond Myklebust, Chuck Lever, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit b6c71c66b0ad8f2b59d9bc08c7a5079b110bec01 ]
nfsd_file_put_noref() can free @nf, so don't dereference @nf
immediately upon return from nfsd_file_put_noref().
Suggested-by: Trond Myklebust <trondmy@hammerspace.com>
Fixes: 999397926ab3 ("nfsd: Clean up nfsd_file_put()")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/filecache.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
index 2c1b027774d4..0326bdec5de7 100644
--- a/fs/nfsd/filecache.c
+++ b/fs/nfsd/filecache.c
@@ -306,11 +306,12 @@ nfsd_file_put(struct nfsd_file *nf)
if (test_bit(NFSD_FILE_HASHED, &nf->nf_flags) == 0) {
nfsd_file_flush(nf);
nfsd_file_put_noref(nf);
- } else {
+ } else if (nf->nf_file) {
nfsd_file_put_noref(nf);
- if (nf->nf_file)
- nfsd_file_schedule_laundrette();
- }
+ nfsd_file_schedule_laundrette();
+ } else
+ nfsd_file_put_noref(nf);
+
if (atomic_long_read(&nfsd_filecache_count) >= NFSD_FILE_LRU_LIMIT)
nfsd_file_gc();
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 185/339] SUNRPC: Trap RDMA segment overflows
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 184/339] NFSD: Fix potential use-after-free in nfsd_file_put() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 186/339] netfilter: nf_tables: always initialize flowtable hook list in transaction Greg Kroah-Hartman
` (155 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Chuck Lever, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit f012e95b377c73c0283f009823c633104dedb337 ]
Prevent svc_rdma_build_writes() from walking off the end of a Write
chunk's segment array. Caught with KASAN.
The test that this fix replaces is invalid, and might have been left
over from an earlier prototype of the PCL work.
Fixes: 7a1cbfa18059 ("svcrdma: Use parsed chunk lists to construct RDMA Writes")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xprtrdma/svc_rdma_rw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sunrpc/xprtrdma/svc_rdma_rw.c b/net/sunrpc/xprtrdma/svc_rdma_rw.c
index 5f0155fdefc7..11cf7c646644 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_rw.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_rw.c
@@ -478,10 +478,10 @@ svc_rdma_build_writes(struct svc_rdma_write_info *info,
unsigned int write_len;
u64 offset;
- seg = &info->wi_chunk->ch_segments[info->wi_seg_no];
- if (!seg)
+ if (info->wi_seg_no >= info->wi_chunk->ch_segcount)
goto out_overflow;
+ seg = &info->wi_chunk->ch_segments[info->wi_seg_no];
write_len = min(remaining, seg->rs_length - info->wi_seg_off);
if (!write_len)
goto out_overflow;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 186/339] netfilter: nf_tables: always initialize flowtable hook list in transaction
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 185/339] SUNRPC: Trap RDMA segment overflows Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 187/339] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Greg Kroah-Hartman
` (154 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 2c9e4559773c261900c674a86b8e455911675d71 ]
The hook list is used if nft_trans_flowtable_update(trans) == true. However,
initialize this list for other cases for safety reasons.
Fixes: 78d9f48f7f44 ("netfilter: nf_tables: add devices to existing flowtable")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f23c40e6caa6..e515fa7d1ca2 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -544,6 +544,7 @@ static int nft_trans_flowtable_add(struct nft_ctx *ctx, int msg_type,
if (msg_type == NFT_MSG_NEWFLOWTABLE)
nft_activate_next(ctx->net, flowtable);
+ INIT_LIST_HEAD(&nft_trans_flowtable_hooks(trans));
nft_trans_flowtable(trans) = flowtable;
nft_trans_commit_list_add_tail(ctx->net, trans);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 187/339] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 186/339] netfilter: nf_tables: always initialize flowtable hook list in transaction Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 188/339] netfilter: nf_tables: release new hooks on unsupported flowtable flags Greg Kroah-Hartman
` (153 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Sergey Shtylyov,
Damien Le Moal, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 10d6bdf532902be1d8aa5900b3c03c5671612aa2 ]
of_find_device_by_node() takes reference, we should use put_device()
to release it when not need anymore.
Add missing put_device() to avoid refcount leak.
Fixes: 43f01da0f279 ("MIPS/OCTEON/ata: Convert pata_octeon_cf.c to use device tree.")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/pata_octeon_cf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/ata/pata_octeon_cf.c b/drivers/ata/pata_octeon_cf.c
index 6b5ed3046b44..35608a0cf552 100644
--- a/drivers/ata/pata_octeon_cf.c
+++ b/drivers/ata/pata_octeon_cf.c
@@ -856,12 +856,14 @@ static int octeon_cf_probe(struct platform_device *pdev)
int i;
res_dma = platform_get_resource(dma_dev, IORESOURCE_MEM, 0);
if (!res_dma) {
+ put_device(&dma_dev->dev);
of_node_put(dma_node);
return -EINVAL;
}
cf_port->dma_base = (u64)devm_ioremap(&pdev->dev, res_dma->start,
resource_size(res_dma));
if (!cf_port->dma_base) {
+ put_device(&dma_dev->dev);
of_node_put(dma_node);
return -EINVAL;
}
@@ -871,6 +873,7 @@ static int octeon_cf_probe(struct platform_device *pdev)
irq = i;
irq_handler = octeon_cf_interrupt;
}
+ put_device(&dma_dev->dev);
}
of_node_put(dma_node);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 188/339] netfilter: nf_tables: release new hooks on unsupported flowtable flags
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 187/339] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 189/339] netfilter: nf_tables: memleak flow rule from commit path Greg Kroah-Hartman
` (152 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit c271cc9febaaa1bcbc0842d1ee30466aa6148ea8 ]
Release the list of new hooks that are pending to be registered in case
that unsupported flowtable flags are provided.
Fixes: 78d9f48f7f44 ("netfilter: nf_tables: add devices to existing flowtable")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index e515fa7d1ca2..5c9a53729a28 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7427,11 +7427,15 @@ static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh,
if (nla[NFTA_FLOWTABLE_FLAGS]) {
flags = ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS]));
- if (flags & ~NFT_FLOWTABLE_MASK)
- return -EOPNOTSUPP;
+ if (flags & ~NFT_FLOWTABLE_MASK) {
+ err = -EOPNOTSUPP;
+ goto err_flowtable_update_hook;
+ }
if ((flowtable->data.flags & NFT_FLOWTABLE_HW_OFFLOAD) ^
- (flags & NFT_FLOWTABLE_HW_OFFLOAD))
- return -EOPNOTSUPP;
+ (flags & NFT_FLOWTABLE_HW_OFFLOAD)) {
+ err = -EOPNOTSUPP;
+ goto err_flowtable_update_hook;
+ }
} else {
flags = flowtable->data.flags;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 189/339] netfilter: nf_tables: memleak flow rule from commit path
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 188/339] netfilter: nf_tables: release new hooks on unsupported flowtable flags Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 190/339] netfilter: nf_tables: bail out early if hardware offload is not supported Greg Kroah-Hartman
` (151 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 ]
Abort path release flow rule object, however, commit path does not.
Update code to destroy these objects before releasing the transaction.
Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 5c9a53729a28..bce7da870bce 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8323,6 +8323,9 @@ static void nft_commit_release(struct nft_trans *trans)
nf_tables_chain_destroy(&trans->ctx);
break;
case NFT_MSG_DELRULE:
+ if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
+ nft_flow_rule_destroy(nft_trans_flow_rule(trans));
+
nf_tables_rule_destroy(&trans->ctx, nft_trans_rule(trans));
break;
case NFT_MSG_DELSET:
@@ -8813,6 +8816,9 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
nf_tables_rule_notify(&trans->ctx,
nft_trans_rule(trans),
NFT_MSG_NEWRULE);
+ if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
+ nft_flow_rule_destroy(nft_trans_flow_rule(trans));
+
nft_trans_destroy(trans);
break;
case NFT_MSG_DELRULE:
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 190/339] netfilter: nf_tables: bail out early if hardware offload is not supported
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 189/339] netfilter: nf_tables: memleak flow rule from commit path Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 191/339] amt: fix wrong usage of pskb_may_pull() Greg Kroah-Hartman
` (150 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Pablo Neira Ayuso, Sasha Levin
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ Upstream commit 3a41c64d9c1185a2f3a184015e2a9b78bfc99c71 ]
If user requests for NFT_CHAIN_HW_OFFLOAD, then check if either device
provides the .ndo_setup_tc interface or there is an indirect flow block
that has been registered. Otherwise, bail out early from the preparation
phase. Moreover, validate that family == NFPROTO_NETDEV and hook is
NF_NETDEV_INGRESS.
Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/flow_offload.h | 1 +
include/net/netfilter/nf_tables_offload.h | 2 +-
net/core/flow_offload.c | 6 ++++++
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nf_tables_offload.c | 23 ++++++++++++++++++++++-
5 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index 021778a7e1af..6484095a8c01 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -612,5 +612,6 @@ int flow_indr_dev_setup_offload(struct net_device *dev, struct Qdisc *sch,
enum tc_setup_type type, void *data,
struct flow_block_offload *bo,
void (*cleanup)(struct flow_block_cb *block_cb));
+bool flow_indr_dev_exists(void);
#endif /* _NET_FLOW_OFFLOAD_H */
diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h
index 797147843958..3568b6a2f5f0 100644
--- a/include/net/netfilter/nf_tables_offload.h
+++ b/include/net/netfilter/nf_tables_offload.h
@@ -92,7 +92,7 @@ int nft_flow_rule_offload_commit(struct net *net);
NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
memset(&(__reg)->mask, 0xff, (__reg)->len);
-int nft_chain_offload_priority(struct nft_base_chain *basechain);
+bool nft_chain_offload_support(const struct nft_base_chain *basechain);
int nft_offload_init(void);
void nft_offload_exit(void);
diff --git a/net/core/flow_offload.c b/net/core/flow_offload.c
index 73f68d4625f3..929f6379a279 100644
--- a/net/core/flow_offload.c
+++ b/net/core/flow_offload.c
@@ -595,3 +595,9 @@ int flow_indr_dev_setup_offload(struct net_device *dev, struct Qdisc *sch,
return (bo && list_empty(&bo->cb_list)) ? -EOPNOTSUPP : count;
}
EXPORT_SYMBOL(flow_indr_dev_setup_offload);
+
+bool flow_indr_dev_exists(void)
+{
+ return !list_empty(&flow_block_indr_dev_list);
+}
+EXPORT_SYMBOL(flow_indr_dev_exists);
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index bce7da870bce..81243c834abb 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2166,7 +2166,7 @@ static int nft_basechain_init(struct nft_base_chain *basechain, u8 family,
chain->flags |= NFT_CHAIN_BASE | flags;
basechain->policy = NF_ACCEPT;
if (chain->flags & NFT_CHAIN_HW_OFFLOAD &&
- nft_chain_offload_priority(basechain) < 0)
+ !nft_chain_offload_support(basechain))
return -EOPNOTSUPP;
flow_block_init(&basechain->flow_block);
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 2d36952b1392..910ef881c3b8 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -208,7 +208,7 @@ static int nft_setup_cb_call(enum tc_setup_type type, void *type_data,
return 0;
}
-int nft_chain_offload_priority(struct nft_base_chain *basechain)
+static int nft_chain_offload_priority(const struct nft_base_chain *basechain)
{
if (basechain->ops.priority <= 0 ||
basechain->ops.priority > USHRT_MAX)
@@ -217,6 +217,27 @@ int nft_chain_offload_priority(struct nft_base_chain *basechain)
return 0;
}
+bool nft_chain_offload_support(const struct nft_base_chain *basechain)
+{
+ struct net_device *dev;
+ struct nft_hook *hook;
+
+ if (nft_chain_offload_priority(basechain) < 0)
+ return false;
+
+ list_for_each_entry(hook, &basechain->hook_list, list) {
+ if (hook->ops.pf != NFPROTO_NETDEV ||
+ hook->ops.hooknum != NF_NETDEV_INGRESS)
+ return false;
+
+ dev = hook->ops.dev;
+ if (!dev->netdev_ops->ndo_setup_tc && !flow_indr_dev_exists())
+ return false;
+ }
+
+ return true;
+}
+
static void nft_flow_cls_offload_setup(struct flow_cls_offload *cls_flow,
const struct nft_base_chain *basechain,
const struct nft_rule *rule,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 191/339] amt: fix wrong usage of pskb_may_pull()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 190/339] netfilter: nf_tables: bail out early if hardware offload is not supported Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 192/339] amt: fix possible null-ptr-deref in amt_rcv() Greg Kroah-Hartman
` (149 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jakub Kicinski, Taehee Yoo, Sasha Levin
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit f55a07074fdd38cab8c097ac5bd397d68eff733c ]
It adds missing pskb_may_pull() in amt_update_handler() and
amt_multicast_data_handler().
And it fixes wrong parameter of pskb_may_pull() in
amt_advertisement_handler() and amt_membership_query_handler().
Reported-by: Jakub Kicinski <kuba@kernel.org>
Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/amt.c | 55 +++++++++++++++++++++++++++++++----------------
1 file changed, 37 insertions(+), 18 deletions(-)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index 22d7da749a24..fbb03562cb95 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -2220,8 +2220,7 @@ static bool amt_advertisement_handler(struct amt_dev *amt, struct sk_buff *skb)
struct amt_header_advertisement *amta;
int hdr_size;
- hdr_size = sizeof(*amta) - sizeof(struct amt_header);
-
+ hdr_size = sizeof(*amta) + sizeof(struct udphdr);
if (!pskb_may_pull(skb, hdr_size))
return true;
@@ -2251,19 +2250,27 @@ static bool amt_multicast_data_handler(struct amt_dev *amt, struct sk_buff *skb)
struct ethhdr *eth;
struct iphdr *iph;
+ hdr_size = sizeof(*amtmd) + sizeof(struct udphdr);
+ if (!pskb_may_pull(skb, hdr_size))
+ return true;
+
amtmd = (struct amt_header_mcast_data *)(udp_hdr(skb) + 1);
if (amtmd->reserved || amtmd->version)
return true;
- hdr_size = sizeof(*amtmd) + sizeof(struct udphdr);
if (iptunnel_pull_header(skb, hdr_size, htons(ETH_P_IP), false))
return true;
+
skb_reset_network_header(skb);
skb_push(skb, sizeof(*eth));
skb_reset_mac_header(skb);
skb_pull(skb, sizeof(*eth));
eth = eth_hdr(skb);
+
+ if (!pskb_may_pull(skb, sizeof(*iph)))
+ return true;
iph = ip_hdr(skb);
+
if (iph->version == 4) {
if (!ipv4_is_multicast(iph->daddr))
return true;
@@ -2274,6 +2281,9 @@ static bool amt_multicast_data_handler(struct amt_dev *amt, struct sk_buff *skb)
} else if (iph->version == 6) {
struct ipv6hdr *ip6h;
+ if (!pskb_may_pull(skb, sizeof(*ip6h)))
+ return true;
+
ip6h = ipv6_hdr(skb);
if (!ipv6_addr_is_multicast(&ip6h->daddr))
return true;
@@ -2306,8 +2316,7 @@ static bool amt_membership_query_handler(struct amt_dev *amt,
struct iphdr *iph;
int hdr_size, len;
- hdr_size = sizeof(*amtmq) - sizeof(struct amt_header);
-
+ hdr_size = sizeof(*amtmq) + sizeof(struct udphdr);
if (!pskb_may_pull(skb, hdr_size))
return true;
@@ -2315,22 +2324,27 @@ static bool amt_membership_query_handler(struct amt_dev *amt,
if (amtmq->reserved || amtmq->version)
return true;
- hdr_size = sizeof(*amtmq) + sizeof(struct udphdr) - sizeof(*eth);
+ hdr_size -= sizeof(*eth);
if (iptunnel_pull_header(skb, hdr_size, htons(ETH_P_TEB), false))
return true;
+
oeth = eth_hdr(skb);
skb_reset_mac_header(skb);
skb_pull(skb, sizeof(*eth));
skb_reset_network_header(skb);
eth = eth_hdr(skb);
+ if (!pskb_may_pull(skb, sizeof(*iph)))
+ return true;
+
iph = ip_hdr(skb);
if (iph->version == 4) {
- if (!ipv4_is_multicast(iph->daddr))
- return true;
if (!pskb_may_pull(skb, sizeof(*iph) + AMT_IPHDR_OPTS +
sizeof(*ihv3)))
return true;
+ if (!ipv4_is_multicast(iph->daddr))
+ return true;
+
ihv3 = skb_pull(skb, sizeof(*iph) + AMT_IPHDR_OPTS);
skb_reset_transport_header(skb);
skb_push(skb, sizeof(*iph) + AMT_IPHDR_OPTS);
@@ -2345,15 +2359,17 @@ static bool amt_membership_query_handler(struct amt_dev *amt,
ip_eth_mc_map(iph->daddr, eth->h_dest);
#if IS_ENABLED(CONFIG_IPV6)
} else if (iph->version == 6) {
- struct ipv6hdr *ip6h = ipv6_hdr(skb);
struct mld2_query *mld2q;
+ struct ipv6hdr *ip6h;
- if (!ipv6_addr_is_multicast(&ip6h->daddr))
- return true;
if (!pskb_may_pull(skb, sizeof(*ip6h) + AMT_IP6HDR_OPTS +
sizeof(*mld2q)))
return true;
+ ip6h = ipv6_hdr(skb);
+ if (!ipv6_addr_is_multicast(&ip6h->daddr))
+ return true;
+
mld2q = skb_pull(skb, sizeof(*ip6h) + AMT_IP6HDR_OPTS);
skb_reset_transport_header(skb);
skb_push(skb, sizeof(*ip6h) + AMT_IP6HDR_OPTS);
@@ -2389,23 +2405,23 @@ static bool amt_update_handler(struct amt_dev *amt, struct sk_buff *skb)
{
struct amt_header_membership_update *amtmu;
struct amt_tunnel_list *tunnel;
- struct udphdr *udph;
struct ethhdr *eth;
struct iphdr *iph;
- int len;
+ int len, hdr_size;
iph = ip_hdr(skb);
- udph = udp_hdr(skb);
- if (__iptunnel_pull_header(skb, sizeof(*udph), skb->protocol,
- false, false))
+ hdr_size = sizeof(*amtmu) + sizeof(struct udphdr);
+ if (!pskb_may_pull(skb, hdr_size))
return true;
- amtmu = (struct amt_header_membership_update *)skb->data;
+ amtmu = (struct amt_header_membership_update *)(udp_hdr(skb) + 1);
if (amtmu->reserved || amtmu->version)
return true;
- skb_pull(skb, sizeof(*amtmu));
+ if (iptunnel_pull_header(skb, hdr_size, skb->protocol, false))
+ return true;
+
skb_reset_network_header(skb);
list_for_each_entry_rcu(tunnel, &amt->tunnel_list, list) {
@@ -2426,6 +2442,9 @@ static bool amt_update_handler(struct amt_dev *amt, struct sk_buff *skb)
return true;
report:
+ if (!pskb_may_pull(skb, sizeof(*iph)))
+ return true;
+
iph = ip_hdr(skb);
if (iph->version == 4) {
if (ip_mc_check_igmp(skb)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 192/339] amt: fix possible null-ptr-deref in amt_rcv()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 191/339] amt: fix wrong usage of pskb_may_pull() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 193/339] amt: fix wrong type string definition Greg Kroah-Hartman
` (148 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Dan Carpenter,
Taehee Yoo, Jakub Kicinski, Sasha Levin
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit d16207f92a4a823c48b4ea953ad51f4483456768 ]
When amt interface receives amt message, it tries to obtain amt private
data from sock.
If there is no amt private data, it frees an skb immediately.
After kfree_skb(), it increases the rx_dropped stats.
But in order to use rx_dropped, amt private data is needed.
So, it makes amt_rcv() to do not increase rx_dropped stats when it can
not obtain amt private data.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: 1a1a0e80e005 ("amt: fix possible memory leak in amt_rcv()")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/amt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index fbb03562cb95..2815db7ee2a3 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -2698,7 +2698,8 @@ static int amt_rcv(struct sock *sk, struct sk_buff *skb)
amt = rcu_dereference_sk_user_data(sk);
if (!amt) {
err = true;
- goto drop;
+ kfree_skb(skb);
+ goto out;
}
skb->dev = amt->dev;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 193/339] amt: fix wrong type string definition
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 192/339] amt: fix possible null-ptr-deref in amt_rcv() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 194/339] net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register Greg Kroah-Hartman
` (147 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Taehee Yoo, Jakub Kicinski, Sasha Levin
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit d7970039d87c926bb648982e920cb9851c19f3e1 ]
amt message type definition starts from 1, not 0.
But type_str[] starts from 0.
So, it prints wrong type information.
Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/amt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index 2815db7ee2a3..14fe03dbd9b1 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -51,6 +51,7 @@ static char *status_str[] = {
};
static char *type_str[] = {
+ "", /* Type 0 is not defined */
"AMT_MSG_DISCOVERY",
"AMT_MSG_ADVERTISEMENT",
"AMT_MSG_REQUEST",
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 194/339] net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 193/339] amt: fix wrong type string definition Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 195/339] xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Greg Kroah-Hartman
` (146 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Andrew Lunn,
Jakub Kicinski, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit b8d91399775c55162073bb2aca061ec42e3d4bc1 ]
of_get_child_by_name() returns a node pointer with refcount
incremented, we should use of_node_put() on it when not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: 55954f3bfdac ("net: ethernet: bgmac: move BCMA MDIO Phy code into a separate file")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220603133238.44114-1-linmq006@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c b/drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c
index 086739e4f40a..9b83d5361699 100644
--- a/drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c
+++ b/drivers/net/ethernet/broadcom/bgmac-bcma-mdio.c
@@ -234,6 +234,7 @@ struct mii_bus *bcma_mdio_mii_register(struct bgmac *bgmac)
np = of_get_child_by_name(core->dev.of_node, "mdio");
err = of_mdiobus_register(mii_bus, np);
+ of_node_put(np);
if (err) {
dev_err(&core->dev, "Registration of mii bus failed\n");
goto err_free_bus;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 195/339] xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 194/339] net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 196/339] stmmac: intel: Fix an error handling path in intel_eth_pci_probe() Greg Kroah-Hartman
` (145 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Oleksandr Tyshchenko, Stefano Stabellini, Juergen Gross,
Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit dbac14a5a05ff8e1ce7c0da0e1f520ce39ec62ea ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because none of the in-tree call-sites
(arch/arm/xen/enlighten.c, arch/x86/xen/grant-table.c) is compiled as
modular.
Fixes: 243848fc018c ("xen/grant-table: Move xlated_setup_gnttab_pages to common place")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Link: https://lore.kernel.org/r/20220606045920.4161881-1-masahiroy@kernel.org
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/xlate_mmu.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/xen/xlate_mmu.c b/drivers/xen/xlate_mmu.c
index 34742c6e189e..f17c4c03db30 100644
--- a/drivers/xen/xlate_mmu.c
+++ b/drivers/xen/xlate_mmu.c
@@ -261,7 +261,6 @@ int __init xen_xlate_map_ballooned_pages(xen_pfn_t **gfns, void **virt,
return 0;
}
-EXPORT_SYMBOL_GPL(xen_xlate_map_ballooned_pages);
struct remap_pfn {
struct mm_struct *mm;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 196/339] stmmac: intel: Fix an error handling path in intel_eth_pci_probe()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 195/339] xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 197/339] af_unix: Fix a data-race in unix_dgram_peer_wake_me() Greg Kroah-Hartman
` (144 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe JAILLET, Wong Vee Khee,
Paolo Abeni, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 5e74a4b3ec1816e3bbfd715d46ae29d2508079cb ]
When the managed API is used, there is no need to explicitly call
pci_free_irq_vectors().
This looks to be a left-over from the commit in the Fixes tag. Only the
.remove() function had been updated.
So remove this unused function call and update goto label accordingly.
Fixes: 8accc467758e ("stmmac: intel: use managed PCI function on probe and resume")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Wong Vee Khee <vee.khee.wong@linux.intel.com>
Link: https://lore.kernel.org/r/1ac9b6787b0db83b0095711882c55c77c8ea8da0.1654462241.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c
index 0b0be0898ac5..f6d8109e7edc 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-intel.c
@@ -1072,13 +1072,11 @@ static int intel_eth_pci_probe(struct pci_dev *pdev,
ret = stmmac_dvr_probe(&pdev->dev, plat, &res);
if (ret) {
- goto err_dvr_probe;
+ goto err_alloc_irq;
}
return 0;
-err_dvr_probe:
- pci_free_irq_vectors(pdev);
err_alloc_irq:
clk_disable_unprepare(plat->stmmac_clk);
clk_unregister_fixed_rate(plat->stmmac_clk);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 197/339] af_unix: Fix a data-race in unix_dgram_peer_wake_me().
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 196/339] stmmac: intel: Fix an error handling path in intel_eth_pci_probe() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 198/339] selftests net: fix bpf build error Greg Kroah-Hartman
` (143 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuniyuki Iwashima, Paolo Abeni, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 662a80946ce13633ae90a55379f1346c10f0c432 ]
unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s
lock held and check if its receive queue is full. Here we need to
use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise
KCSAN will report a data-race.
Fixes: 7d267278a9ec ("unix: avoid use-after-free in ep_remove_wait_queue")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20220605232325.11804-1-kuniyu@amazon.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/unix/af_unix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index e71a312faa1e..4aed12e94221 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -490,7 +490,7 @@ static int unix_dgram_peer_wake_me(struct sock *sk, struct sock *other)
* -ECONNREFUSED. Otherwise, if we haven't queued any skbs
* to other and its full, we will hang waiting for POLLOUT.
*/
- if (unix_recvq_full(other) && !sock_flag(other, SOCK_DEAD))
+ if (unix_recvq_full_lockless(other) && !sock_flag(other, SOCK_DEAD))
return 1;
if (connected)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 198/339] selftests net: fix bpf build error
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 197/339] af_unix: Fix a data-race in unix_dgram_peer_wake_me() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 199/339] x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Greg Kroah-Hartman
` (142 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Lina Wang,
Song Liu, Paolo Abeni, Sasha Levin
From: Lina Wang <lina.wang@mediatek.com>
[ Upstream commit cf67838c4422eab826679b076dad99f96152b4de ]
bpf_helpers.h has been moved to tools/lib/bpf since 5.10, so add more
including path.
Fixes: edae34a3ed92 ("selftests net: add UDP GRO fraglist + bpf self-tests")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Lina Wang <lina.wang@mediatek.com>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20220606064517.8175-1-lina.wang@mediatek.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/net/bpf/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/net/bpf/Makefile b/tools/testing/selftests/net/bpf/Makefile
index f91bf14bbee7..8a69c91fcca0 100644
--- a/tools/testing/selftests/net/bpf/Makefile
+++ b/tools/testing/selftests/net/bpf/Makefile
@@ -2,6 +2,7 @@
CLANG ?= clang
CCINCLUDE += -I../../bpf
+CCINCLUDE += -I../../../lib
CCINCLUDE += -I../../../../../usr/include/
TEST_CUSTOM_PROGS = $(OUTPUT)/bpf/nat6to4.o
@@ -10,5 +11,4 @@ all: $(TEST_CUSTOM_PROGS)
$(OUTPUT)/%.o: %.c
$(CLANG) -O2 -target bpf -c $< $(CCINCLUDE) -o $@
-clean:
- rm -f $(TEST_CUSTOM_PROGS)
+EXTRA_CLEAN := $(TEST_CUSTOM_PROGS)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 199/339] x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 198/339] selftests net: fix bpf build error Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 200/339] bpf, arm64: Clear prog->jited_len along prog->jited Greg Kroah-Hartman
` (141 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Beulich, Paolo Bonzini, Sasha Levin
From: Jan Beulich <jbeulich@suse.com>
[ Upstream commit 1df931d95f4dc1c11db1123e85d4e08156e46ef9 ]
As noted (and fixed) a couple of times in the past, "=@cc<cond>" outputs
and clobbering of "cc" don't work well together. The compiler appears to
mean to reject such, but doesn't - in its upstream form - quite manage
to yet for "cc". Furthermore two similar macros don't clobber "cc", and
clobbering "cc" is pointless in asm()-s for x86 anyway - the compiler
always assumes status flags to be clobbered there.
Fixes: 989b5db215a2 ("x86/uaccess: Implement macros for CMPXCHG on user addresses")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Message-Id: <485c0c0b-a3a7-0b7c-5264-7d00c01de032@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/uaccess.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 35f222aa66bf..913e593a3b45 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -439,7 +439,7 @@ do { \
[ptr] "+m" (*_ptr), \
[old] "+a" (__old) \
: [new] ltype (__new) \
- : "memory", "cc"); \
+ : "memory"); \
if (unlikely(__err)) \
goto label; \
if (unlikely(!success)) \
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 200/339] bpf, arm64: Clear prog->jited_len along prog->jited
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 199/339] x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 201/339] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Greg Kroah-Hartman
` (140 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Eric Dumazet,
Daniel Borkmann, Song Liu, Alexei Starovoitov, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 10f3b29c65bb2fe0d47c2945cd0b4087be1c5218 ]
syzbot reported an illegal copy_to_user() attempt
from bpf_prog_get_info_by_fd() [1]
There was no repro yet on this bug, but I think
that commit 0aef499f3172 ("mm/usercopy: Detect vmalloc overruns")
is exposing a prior bug in bpf arm64.
bpf_prog_get_info_by_fd() looks at prog->jited_len
to determine if the JIT image can be copied out to user space.
My theory is that syzbot managed to get a prog where prog->jited_len
has been set to 43, while prog->bpf_func has ben cleared.
It is not clear why copy_to_user(uinsns, NULL, ulen) is triggering
this particular warning.
I thought find_vma_area(NULL) would not find a vm_struct.
As we do not hold vmap_area_lock spinlock, it might be possible
that the found vm_struct was garbage.
[1]
usercopy: Kernel memory exposure attempt detected from vmalloc (offset 792633534417210172, size 43)!
kernel BUG at mm/usercopy.c:101!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 25002 Comm: syz-executor.1 Not tainted 5.18.0-syzkaller-10139-g8291eaafed36 #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : usercopy_abort+0x90/0x94 mm/usercopy.c:101
lr : usercopy_abort+0x90/0x94 mm/usercopy.c:89
sp : ffff80000b773a20
x29: ffff80000b773a30 x28: faff80000b745000 x27: ffff80000b773b48
x26: 0000000000000000 x25: 000000000000002b x24: 0000000000000000
x23: 00000000000000e0 x22: ffff80000b75db67 x21: 0000000000000001
x20: 000000000000002b x19: ffff80000b75db3c x18: 00000000fffffffd
x17: 2820636f6c6c616d x16: 76206d6f72662064 x15: 6574636574656420
x14: 74706d6574746120 x13: 2129333420657a69 x12: 73202c3237313031
x11: 3237313434333533 x10: 3336323937207465 x9 : 657275736f707865
x8 : ffff80000a30c550 x7 : ffff80000b773830 x6 : ffff80000b773830
x5 : 0000000000000000 x4 : ffff00007fbbaa10 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f7ff000028fc0000 x0 : 0000000000000064
Call trace:
usercopy_abort+0x90/0x94 mm/usercopy.c:89
check_heap_object mm/usercopy.c:186 [inline]
__check_object_size mm/usercopy.c:252 [inline]
__check_object_size+0x198/0x36c mm/usercopy.c:214
check_object_size include/linux/thread_info.h:199 [inline]
check_copy_size include/linux/thread_info.h:235 [inline]
copy_to_user include/linux/uaccess.h:159 [inline]
bpf_prog_get_info_by_fd.isra.0+0xf14/0xfdc kernel/bpf/syscall.c:3993
bpf_obj_get_info_by_fd+0x12c/0x510 kernel/bpf/syscall.c:4253
__sys_bpf+0x900/0x2150 kernel/bpf/syscall.c:4956
__do_sys_bpf kernel/bpf/syscall.c:5021 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5019 [inline]
__arm64_sys_bpf+0x28/0x40 kernel/bpf/syscall.c:5019
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142
do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206
el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624
el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581
Code: aa0003e3 d00038c0 91248000 97fff65f (d4210000)
Fixes: db496944fdaa ("bpf: arm64: add JIT support for multi-function programs")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20220531215113.1100754-1-eric.dumazet@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/net/bpf_jit_comp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index fcc675aa1670..c779e604edac 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -1261,6 +1261,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
bpf_jit_binary_free(header);
prog->bpf_func = NULL;
prog->jited = 0;
+ prog->jited_len = 0;
goto out_off;
}
bpf_jit_binary_lock_ro(header);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 201/339] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 200/339] bpf, arm64: Clear prog->jited_len along prog->jited Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 202/339] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Greg Kroah-Hartman
` (139 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Jakub Kicinski, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 0737e018a05e2aa352828c52bdeed3b02cff2930 ]
Every iteration of for_each_available_child_of_node() decrements
the reference count of the previous node.
when breaking early from a for_each_available_child_of_node() loop,
we need to explicitly call of_node_put() on the gphy_fw_np.
Add missing of_node_put() to avoid refcount leak.
Fixes: 14fceff4771e ("net: dsa: Add Lantiq / Intel DSA driver for vrx200")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220605072335.11257-1-linmq006@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/lantiq_gswip.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c
index 12c15da55664..9284373222fa 100644
--- a/drivers/net/dsa/lantiq_gswip.c
+++ b/drivers/net/dsa/lantiq_gswip.c
@@ -2069,8 +2069,10 @@ static int gswip_gphy_fw_list(struct gswip_priv *priv,
for_each_available_child_of_node(gphy_fw_list_np, gphy_fw_np) {
err = gswip_gphy_fw_probe(priv, &priv->gphy_fw[i],
gphy_fw_np, i);
- if (err)
+ if (err) {
+ of_node_put(gphy_fw_np);
goto remove_gphy;
+ }
i++;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 202/339] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 201/339] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 203/339] xsk: Fix handling of invalid descriptors in XSK TX batching API Greg Kroah-Hartman
` (138 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gal Pressman, Tariq Toukan,
Jakub Kicinski, Sasha Levin
From: Gal Pressman <gal@nvidia.com>
[ Upstream commit f5826c8c9d57210a17031af5527056eefdc2b7eb ]
The ioctl EEPROM query wrongly returns success on read failures, fix
that by returning the appropriate error code.
Fixes: 7202da8b7f71 ("ethtool, net/mlx4_en: Cable info, get_module_info/eeprom ethtool support")
Signed-off-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://lore.kernel.org/r/20220606115718.14233-1-tariqt@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
index ed5038d98ef6..6400a827173c 100644
--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
+++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
@@ -2110,7 +2110,7 @@ static int mlx4_en_get_module_eeprom(struct net_device *dev,
en_err(priv,
"mlx4_get_module_info i(%d) offset(%d) bytes_to_read(%d) - FAILED (0x%x)\n",
i, offset, ee->len - i, ret);
- return 0;
+ return ret;
}
i += ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 203/339] xsk: Fix handling of invalid descriptors in XSK TX batching API
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 202/339] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 204/339] drm/amdgpu: fix limiting AV1 to the first instance on VCN3 Greg Kroah-Hartman
` (137 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Maciej Fijalkowski, Daniel Borkmann,
Magnus Karlsson, Sasha Levin
From: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
[ Upstream commit d678cbd2f867a564a3c5b276c454e873f43f02f8 ]
xdpxceiver run on a AF_XDP ZC enabled driver revealed a problem with XSK
Tx batching API. There is a test that checks how invalid Tx descriptors
are handled by AF_XDP. Each valid descriptor is followed by invalid one
on Tx side whereas the Rx side expects only to receive a set of valid
descriptors.
In current xsk_tx_peek_release_desc_batch() function, the amount of
available descriptors is hidden inside xskq_cons_peek_desc_batch(). This
can be problematic in cases where invalid descriptors are present due to
the fact that xskq_cons_peek_desc_batch() returns only a count of valid
descriptors. This means that it is impossible to properly update XSK
ring state when calling xskq_cons_release_n().
To address this issue, pull out the contents of
xskq_cons_peek_desc_batch() so that callers (currently only
xsk_tx_peek_release_desc_batch()) will always be able to update the
state of ring properly, as total count of entries is now available and
use this value as an argument in xskq_cons_release_n(). By
doing so, xskq_cons_peek_desc_batch() can be dropped altogether.
Fixes: 9349eb3a9d2a ("xsk: Introduce batched Tx descriptor interfaces")
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Link: https://lore.kernel.org/bpf/20220607142200.576735-1-maciej.fijalkowski@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/xdp/xsk.c | 5 +++--
net/xdp/xsk_queue.h | 8 --------
2 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 3a9348030e20..d6bcdbfd0fc5 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -373,7 +373,8 @@ u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 max_entries)
goto out;
}
- nb_pkts = xskq_cons_peek_desc_batch(xs->tx, pool, max_entries);
+ max_entries = xskq_cons_nb_entries(xs->tx, max_entries);
+ nb_pkts = xskq_cons_read_desc_batch(xs->tx, pool, max_entries);
if (!nb_pkts) {
xs->tx->queue_empty_descs++;
goto out;
@@ -389,7 +390,7 @@ u32 xsk_tx_peek_release_desc_batch(struct xsk_buff_pool *pool, u32 max_entries)
if (!nb_pkts)
goto out;
- xskq_cons_release_n(xs->tx, nb_pkts);
+ xskq_cons_release_n(xs->tx, max_entries);
__xskq_cons_release(xs->tx);
xs->sk.sk_write_space(&xs->sk);
diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
index 801cda5d1938..64b43f31942f 100644
--- a/net/xdp/xsk_queue.h
+++ b/net/xdp/xsk_queue.h
@@ -282,14 +282,6 @@ static inline bool xskq_cons_peek_desc(struct xsk_queue *q,
return xskq_cons_read_desc(q, desc, pool);
}
-static inline u32 xskq_cons_peek_desc_batch(struct xsk_queue *q, struct xsk_buff_pool *pool,
- u32 max)
-{
- u32 entries = xskq_cons_nb_entries(q, max);
-
- return xskq_cons_read_desc_batch(q, pool, entries);
-}
-
/* To improve performance in the xskq_cons_release functions, only update local state here.
* Reflect this to global state when we get new entries from the ring in
* xskq_cons_get_entries() and whenever Rx or Tx processing are completed in the NAPI loop.
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 204/339] drm/amdgpu: fix limiting AV1 to the first instance on VCN3
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 203/339] xsk: Fix handling of invalid descriptors in XSK TX batching API Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 205/339] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Greg Kroah-Hartman
` (136 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alex Deucher,
Pierre-Eric Pelloux-Prayer, Christian König, Sasha Levin
From: Christian König <christian.koenig@amd.com>
[ Upstream commit 1d2afeb7983081ecf656c2338c7db6fd405c653c ]
The job is not yet initialized here.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2037
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Tested-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Fixes: cdc7893fc93f ("drm/amdgpu: use job and ib structures directly in CS parsers")
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c b/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
index cb5f0a12333f..57a34e775da3 100644
--- a/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
@@ -1821,23 +1821,21 @@ static const struct amdgpu_ring_funcs vcn_v3_0_dec_sw_ring_vm_funcs = {
.emit_reg_write_reg_wait = amdgpu_ring_emit_reg_write_reg_wait_helper,
};
-static int vcn_v3_0_limit_sched(struct amdgpu_cs_parser *p,
- struct amdgpu_job *job)
+static int vcn_v3_0_limit_sched(struct amdgpu_cs_parser *p)
{
struct drm_gpu_scheduler **scheds;
/* The create msg must be in the first IB submitted */
- if (atomic_read(&job->base.entity->fence_seq))
+ if (atomic_read(&p->entity->fence_seq))
return -EINVAL;
scheds = p->adev->gpu_sched[AMDGPU_HW_IP_VCN_DEC]
[AMDGPU_RING_PRIO_DEFAULT].sched;
- drm_sched_entity_modify_sched(job->base.entity, scheds, 1);
+ drm_sched_entity_modify_sched(p->entity, scheds, 1);
return 0;
}
-static int vcn_v3_0_dec_msg(struct amdgpu_cs_parser *p, struct amdgpu_job *job,
- uint64_t addr)
+static int vcn_v3_0_dec_msg(struct amdgpu_cs_parser *p, uint64_t addr)
{
struct ttm_operation_ctx ctx = { false, false };
struct amdgpu_bo_va_mapping *map;
@@ -1908,7 +1906,7 @@ static int vcn_v3_0_dec_msg(struct amdgpu_cs_parser *p, struct amdgpu_job *job,
if (create[0] == 0x7 || create[0] == 0x10 || create[0] == 0x11)
continue;
- r = vcn_v3_0_limit_sched(p, job);
+ r = vcn_v3_0_limit_sched(p);
if (r)
goto out;
}
@@ -1922,7 +1920,7 @@ static int vcn_v3_0_ring_patch_cs_in_place(struct amdgpu_cs_parser *p,
struct amdgpu_job *job,
struct amdgpu_ib *ib)
{
- struct amdgpu_ring *ring = to_amdgpu_ring(job->base.sched);
+ struct amdgpu_ring *ring = to_amdgpu_ring(p->entity->rq->sched);
uint32_t msg_lo = 0, msg_hi = 0;
unsigned i;
int r;
@@ -1941,8 +1939,7 @@ static int vcn_v3_0_ring_patch_cs_in_place(struct amdgpu_cs_parser *p,
msg_hi = val;
} else if (reg == PACKET0(p->adev->vcn.internal.cmd, 0) &&
val == 0) {
- r = vcn_v3_0_dec_msg(p, job,
- ((u64)msg_hi) << 32 | msg_lo);
+ r = vcn_v3_0_dec_msg(p, ((u64)msg_hi) << 32 | msg_lo);
if (r)
return r;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 205/339] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 204/339] drm/amdgpu: fix limiting AV1 to the first instance on VCN3 Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 206/339] net: mdio: unexport __init-annotated mdio_bus_init() Greg Kroah-Hartman
` (135 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chuck Lever, NeilBrown,
J. Bruce Fields, Sasha Levin
From: Chuck Lever <chuck.lever@oracle.com>
[ Upstream commit 6c254bf3b637dd4ef4f78eb78c7447419c0161d7 ]
I found that NFSD's new NFSv3 READDIRPLUS XDR encoder was screwing up
right at the end of the page array. xdr_get_next_encode_buffer() does
not compute the value of xdr->end correctly:
* The check to see if we're on the final available page in xdr->buf
needs to account for the space consumed by @nbytes.
* The new xdr->end value needs to account for the portion of @nbytes
that is to be encoded into the previous buffer.
Fixes: 2825a7f90753 ("nfsd4: allow encoding across page boundaries")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: NeilBrown <neilb@suse.de>
Reviewed-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sunrpc/xdr.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index df194cc07035..b57cf9df4de8 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -979,7 +979,11 @@ static __be32 *xdr_get_next_encode_buffer(struct xdr_stream *xdr,
*/
xdr->p = (void *)p + frag2bytes;
space_left = xdr->buf->buflen - xdr->buf->len;
- xdr->end = (void *)p + min_t(int, space_left, PAGE_SIZE);
+ if (space_left - nbytes >= PAGE_SIZE)
+ xdr->end = (void *)p + PAGE_SIZE;
+ else
+ xdr->end = (void *)p + space_left - frag1bytes;
+
xdr->buf->page_len += frag2bytes;
xdr->buf->len += nbytes;
return p;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 206/339] net: mdio: unexport __init-annotated mdio_bus_init()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 205/339] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 207/339] net: xfrm: unexport __init-annotated xfrm4_protocol_init() Greg Kroah-Hartman
` (134 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Florian Fainelli, Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 35b42dce619701f1300fb8498dae82c9bb1f0263 ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
drivers/net/phy/phy_device.c is never compiled as modular.
(CONFIG_PHYLIB is boolean)
Fixes: 90eff9096c01 ("net: phy: Allow splitting MDIO bus/device support from PHYs")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/mdio_bus.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 58d602985877..8a2dbe849866 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -1046,7 +1046,6 @@ int __init mdio_bus_init(void)
return ret;
}
-EXPORT_SYMBOL_GPL(mdio_bus_init);
#if IS_ENABLED(CONFIG_PHYLIB)
void mdio_bus_exit(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 207/339] net: xfrm: unexport __init-annotated xfrm4_protocol_init()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 206/339] net: mdio: unexport __init-annotated mdio_bus_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 208/339] net: ipv6: unexport __init-annotated seg6_hmac_init() Greg Kroah-Hartman
` (133 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Steffen Klassert, Jakub Kicinski, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 4a388f08d8784af48f352193d2b72aaf167a57a1 ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site,
net/ipv4/xfrm4_policy.c is never compiled as modular.
(CONFIG_XFRM is boolean)
Fixes: 2f32b51b609f ("xfrm: Introduce xfrm_input_afinfo to access the the callbacks properly")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/xfrm4_protocol.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c
index 2fe5860c21d6..b146ce88c5d0 100644
--- a/net/ipv4/xfrm4_protocol.c
+++ b/net/ipv4/xfrm4_protocol.c
@@ -304,4 +304,3 @@ void __init xfrm4_protocol_init(void)
{
xfrm_input_register_afinfo(&xfrm4_input_afinfo);
}
-EXPORT_SYMBOL(xfrm4_protocol_init);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 208/339] net: ipv6: unexport __init-annotated seg6_hmac_init()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 207/339] net: xfrm: unexport __init-annotated xfrm4_protocol_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 209/339] net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules Greg Kroah-Hartman
` (132 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Stephen Rothwell, Masahiro Yamada,
Jakub Kicinski, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 5801f064e35181c71857a80ff18af4dbec3c5f5c ]
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the caller (net/ipv6/seg6.c)
and the callee (net/ipv6/seg6_hmac.c) belong to the same module.
It seems an internal function call in ipv6.ko.
Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support")
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/seg6_hmac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index 29bc4e7c3046..6de01185cc68 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -399,7 +399,6 @@ int __init seg6_hmac_init(void)
{
return seg6_hmac_init_algo();
}
-EXPORT_SYMBOL(seg6_hmac_init);
int __net_init seg6_hmac_net_init(struct net *net)
{
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 209/339] net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 208/339] net: ipv6: unexport __init-annotated seg6_hmac_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 210/339] net/mlx5: Lag, filter non compatible devices Greg Kroah-Hartman
` (131 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Paul Blakey, Oz Shlomo,
Saeed Mahameed, Sasha Levin
From: Paul Blakey <paulb@nvidia.com>
[ Upstream commit 15ef9efa855cf405fadd78272e1e5d04e09a1cf3 ]
CT cleanup assumes that all tc rules were deleted first, and so
is free to delete the CT shared resources (e.g the dr_action
fwd_action which is shared for all tuples). But currently for
uplink, this is happens in reverse, causing the below trace.
CT cleanup is called from:
mlx5e_cleanup_rep_tx()->mlx5e_cleanup_uplink_rep_tx()->
mlx5e_rep_tc_cleanup()->mlx5e_tc_esw_cleanup()->
mlx5_tc_ct_clean()
Only afterwards, tc cleanup is called from:
mlx5e_cleanup_rep_tx()->mlx5e_tc_ht_cleanup()
which would have deleted all the tc ct rules, and so delete
all the offloaded tuples.
Fix this reversing the order of init and on cleanup, which
will result in tc cleanup then ct cleanup.
[ 9443.593347] WARNING: CPU: 2 PID: 206774 at drivers/net/ethernet/mellanox/mlx5/core/steering/dr_action.c:1882 mlx5dr_action_destroy+0x188/0x1a0 [mlx5_core]
[ 9443.593349] Modules linked in: act_ct nf_flow_table rdma_ucm(O) rdma_cm(O) iw_cm(O) ib_ipoib(O) ib_cm(O) ib_umad(O) mlx5_core(O-) mlxfw(O) mlxdevm(O) auxiliary(O) ib_uverbs(O) psample ib_core(O) mlx_compat(O) ip_gre gre ip_tunnel act_vlan bonding geneve esp6_offload esp6 esp4_offload esp4 act_tunnel_key vxlan ip6_udp_tunnel udp_tunnel act_mirred act_skbedit act_gact cls_flower sch_ingress nfnetlink_cttimeout nfnetlink xfrm_user xfrm_algo 8021q garp stp ipmi_devintf mrp ipmi_msghandler llc openvswitch nsh nf_conncount nf_nat mst_pciconf(O) dm_multipath sbsa_gwdt uio_pdrv_genirq uio mlxbf_pmc mlxbf_pka mlx_trio mlx_bootctl(O) bluefield_edac sch_fq_codel ip_tables ipv6 crc_ccitt btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor xor_neon raid6_pq raid1 raid0 crct10dif_ce i2c_mlxbf gpio_mlxbf2 mlxbf_gige aes_neon_bs aes_neon_blk [last unloaded: mlx5_ib]
[ 9443.593419] CPU: 2 PID: 206774 Comm: modprobe Tainted: G O 5.4.0-1023.24.gc14613d-bluefield #1
[ 9443.593422] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS BlueField:143ebaf Jan 11 2022
[ 9443.593424] pstate: 20000005 (nzCv daif -PAN -UAO)
[ 9443.593489] pc : mlx5dr_action_destroy+0x188/0x1a0 [mlx5_core]
[ 9443.593545] lr : mlx5_ct_fs_smfs_destroy+0x24/0x30 [mlx5_core]
[ 9443.593546] sp : ffff8000135dbab0
[ 9443.593548] x29: ffff8000135dbab0 x28: ffff0003a6ab8e80
[ 9443.593550] x27: 0000000000000000 x26: ffff0003e07d7000
[ 9443.593552] x25: ffff800009609de0 x24: ffff000397fb2120
[ 9443.593554] x23: ffff0003975c0000 x22: 0000000000000000
[ 9443.593556] x21: ffff0003975f08c0 x20: ffff800009609de0
[ 9443.593558] x19: ffff0003c8a13380 x18: 0000000000000014
[ 9443.593560] x17: 0000000067f5f125 x16: 000000006529c620
[ 9443.593561] x15: 000000000000000b x14: 0000000000000000
[ 9443.593563] x13: 0000000000000002 x12: 0000000000000001
[ 9443.593565] x11: ffff800011108868 x10: 0000000000000000
[ 9443.593567] x9 : 0000000000000000 x8 : ffff8000117fb270
[ 9443.593569] x7 : ffff0003ebc01288 x6 : 0000000000000000
[ 9443.593571] x5 : ffff800009591ab8 x4 : fffffe000f6d9a20
[ 9443.593572] x3 : 0000000080040001 x2 : fffffe000f6d9a20
[ 9443.593574] x1 : ffff8000095901d8 x0 : 0000000000000025
[ 9443.593577] Call trace:
[ 9443.593634] mlx5dr_action_destroy+0x188/0x1a0 [mlx5_core]
[ 9443.593688] mlx5_ct_fs_smfs_destroy+0x24/0x30 [mlx5_core]
[ 9443.593743] mlx5_tc_ct_clean+0x34/0xa8 [mlx5_core]
[ 9443.593797] mlx5e_tc_esw_cleanup+0x58/0x88 [mlx5_core]
[ 9443.593851] mlx5e_rep_tc_cleanup+0x24/0x30 [mlx5_core]
[ 9443.593905] mlx5e_cleanup_rep_tx+0x6c/0x78 [mlx5_core]
[ 9443.593959] mlx5e_detach_netdev+0x74/0x98 [mlx5_core]
[ 9443.594013] mlx5e_netdev_change_profile+0x70/0x180 [mlx5_core]
[ 9443.594067] mlx5e_netdev_attach_nic_profile+0x34/0x40 [mlx5_core]
[ 9443.594122] mlx5e_vport_rep_unload+0x15c/0x1a8 [mlx5_core]
[ 9443.594177] mlx5_eswitch_unregister_vport_reps+0x228/0x298 [mlx5_core]
[ 9443.594231] mlx5e_rep_remove+0x2c/0x38 [mlx5_core]
[ 9443.594236] auxiliary_bus_remove+0x30/0x50 [auxiliary]
[ 9443.594246] device_release_driver_internal+0x108/0x1d0
[ 9443.594248] driver_detach+0x5c/0xe8
[ 9443.594250] bus_remove_driver+0x64/0xd8
[ 9443.594253] driver_unregister+0x38/0x60
[ 9443.594255] auxiliary_driver_unregister+0x24/0x38 [auxiliary]
[ 9443.594311] mlx5e_rep_cleanup+0x20/0x38 [mlx5_core]
[ 9443.594365] mlx5e_cleanup+0x18/0x30 [mlx5_core]
[ 9443.594419] cleanup+0xc/0x20cc [mlx5_core]
[ 9443.594424] __arm64_sys_delete_module+0x154/0x2b0
[ 9443.594429] el0_svc_common.constprop.0+0xf4/0x200
[ 9443.594432] el0_svc_handler+0x38/0xa8
[ 9443.594435] el0_svc+0x10/0x26c
Fixes: d1a3138f7913 ("net/mlx5e: TC, Move flow hashtable to be per rep")
Signed-off-by: Paul Blakey <paulb@nvidia.com>
Reviewed-by: Oz Shlomo <ozsh@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlx5/core/en_rep.c | 31 ++++++++++---------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
index a464461f1418..52caefdbabb1 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
@@ -937,6 +937,13 @@ static int mlx5e_init_uplink_rep_tx(struct mlx5e_rep_priv *rpriv)
return err;
}
+static void mlx5e_cleanup_uplink_rep_tx(struct mlx5e_rep_priv *rpriv)
+{
+ mlx5e_rep_tc_netdevice_event_unregister(rpriv);
+ mlx5e_rep_bond_cleanup(rpriv);
+ mlx5e_rep_tc_cleanup(rpriv);
+}
+
static int mlx5e_init_rep_tx(struct mlx5e_priv *priv)
{
struct mlx5e_rep_priv *rpriv = priv->ppriv;
@@ -948,42 +955,36 @@ static int mlx5e_init_rep_tx(struct mlx5e_priv *priv)
return err;
}
- err = mlx5e_tc_ht_init(&rpriv->tc_ht);
- if (err)
- goto err_ht_init;
-
if (rpriv->rep->vport == MLX5_VPORT_UPLINK) {
err = mlx5e_init_uplink_rep_tx(rpriv);
if (err)
goto err_init_tx;
}
+ err = mlx5e_tc_ht_init(&rpriv->tc_ht);
+ if (err)
+ goto err_ht_init;
+
return 0;
-err_init_tx:
- mlx5e_tc_ht_cleanup(&rpriv->tc_ht);
err_ht_init:
+ if (rpriv->rep->vport == MLX5_VPORT_UPLINK)
+ mlx5e_cleanup_uplink_rep_tx(rpriv);
+err_init_tx:
mlx5e_destroy_tises(priv);
return err;
}
-static void mlx5e_cleanup_uplink_rep_tx(struct mlx5e_rep_priv *rpriv)
-{
- mlx5e_rep_tc_netdevice_event_unregister(rpriv);
- mlx5e_rep_bond_cleanup(rpriv);
- mlx5e_rep_tc_cleanup(rpriv);
-}
-
static void mlx5e_cleanup_rep_tx(struct mlx5e_priv *priv)
{
struct mlx5e_rep_priv *rpriv = priv->ppriv;
- mlx5e_destroy_tises(priv);
+ mlx5e_tc_ht_cleanup(&rpriv->tc_ht);
if (rpriv->rep->vport == MLX5_VPORT_UPLINK)
mlx5e_cleanup_uplink_rep_tx(rpriv);
- mlx5e_tc_ht_cleanup(&rpriv->tc_ht);
+ mlx5e_destroy_tises(priv);
}
static void mlx5e_rep_enable(struct mlx5e_priv *priv)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 210/339] net/mlx5: Lag, filter non compatible devices
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 209/339] net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 211/339] net/mlx5: Fix mlx5_get_next_dev() peer device matching Greg Kroah-Hartman
` (130 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Bloch, Maor Gottlieb,
Saeed Mahameed, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit bc4c2f2e017949646b43fdcad005a03462d437c6 ]
When search for a peer lag device we can filter based on that
device's capabilities.
Downstream patch will be less strict when filtering compatible devices
and remove the limitation where we require exact MLX5_MAX_PORTS and
change it to a range.
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/dev.c | 48 +++++++++++++++----
.../net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 ++---
.../ethernet/mellanox/mlx5/core/mlx5_core.h | 1 +
3 files changed, 47 insertions(+), 14 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/dev.c b/drivers/net/ethernet/mellanox/mlx5/core/dev.c
index ba6dad97e308..3e750b827a19 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/dev.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/dev.c
@@ -555,12 +555,9 @@ static u32 mlx5_gen_pci_id(const struct mlx5_core_dev *dev)
PCI_SLOT(dev->pdev->devfn));
}
-static int next_phys_dev(struct device *dev, const void *data)
+static int _next_phys_dev(struct mlx5_core_dev *mdev,
+ const struct mlx5_core_dev *curr)
{
- struct mlx5_adev *madev = container_of(dev, struct mlx5_adev, adev.dev);
- struct mlx5_core_dev *mdev = madev->mdev;
- const struct mlx5_core_dev *curr = data;
-
if (!mlx5_core_is_pf(mdev))
return 0;
@@ -574,8 +571,29 @@ static int next_phys_dev(struct device *dev, const void *data)
return 1;
}
-/* Must be called with intf_mutex held */
-struct mlx5_core_dev *mlx5_get_next_phys_dev(struct mlx5_core_dev *dev)
+static int next_phys_dev(struct device *dev, const void *data)
+{
+ struct mlx5_adev *madev = container_of(dev, struct mlx5_adev, adev.dev);
+ struct mlx5_core_dev *mdev = madev->mdev;
+
+ return _next_phys_dev(mdev, data);
+}
+
+static int next_phys_dev_lag(struct device *dev, const void *data)
+{
+ struct mlx5_adev *madev = container_of(dev, struct mlx5_adev, adev.dev);
+ struct mlx5_core_dev *mdev = madev->mdev;
+
+ if (!MLX5_CAP_GEN(mdev, vport_group_manager) ||
+ !MLX5_CAP_GEN(mdev, lag_master) ||
+ MLX5_CAP_GEN(mdev, num_lag_ports) != MLX5_MAX_PORTS)
+ return 0;
+
+ return _next_phys_dev(mdev, data);
+}
+
+static struct mlx5_core_dev *mlx5_get_next_dev(struct mlx5_core_dev *dev,
+ int (*match)(struct device *dev, const void *data))
{
struct auxiliary_device *adev;
struct mlx5_adev *madev;
@@ -583,7 +601,7 @@ struct mlx5_core_dev *mlx5_get_next_phys_dev(struct mlx5_core_dev *dev)
if (!mlx5_core_is_pf(dev))
return NULL;
- adev = auxiliary_find_device(NULL, dev, &next_phys_dev);
+ adev = auxiliary_find_device(NULL, dev, match);
if (!adev)
return NULL;
@@ -592,6 +610,20 @@ struct mlx5_core_dev *mlx5_get_next_phys_dev(struct mlx5_core_dev *dev)
return madev->mdev;
}
+/* Must be called with intf_mutex held */
+struct mlx5_core_dev *mlx5_get_next_phys_dev(struct mlx5_core_dev *dev)
+{
+ lockdep_assert_held(&mlx5_intf_mutex);
+ return mlx5_get_next_dev(dev, &next_phys_dev);
+}
+
+/* Must be called with intf_mutex held */
+struct mlx5_core_dev *mlx5_get_next_phys_dev_lag(struct mlx5_core_dev *dev)
+{
+ lockdep_assert_held(&mlx5_intf_mutex);
+ return mlx5_get_next_dev(dev, &next_phys_dev_lag);
+}
+
void mlx5_dev_list_lock(void)
{
mutex_lock(&mlx5_intf_mutex);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c b/drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c
index 6cad3b72c133..a8b98242edb1 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c
@@ -924,12 +924,7 @@ static int __mlx5_lag_dev_add_mdev(struct mlx5_core_dev *dev)
struct mlx5_lag *ldev = NULL;
struct mlx5_core_dev *tmp_dev;
- if (!MLX5_CAP_GEN(dev, vport_group_manager) ||
- !MLX5_CAP_GEN(dev, lag_master) ||
- MLX5_CAP_GEN(dev, num_lag_ports) != MLX5_MAX_PORTS)
- return 0;
-
- tmp_dev = mlx5_get_next_phys_dev(dev);
+ tmp_dev = mlx5_get_next_phys_dev_lag(dev);
if (tmp_dev)
ldev = tmp_dev->priv.lag;
@@ -974,6 +969,11 @@ void mlx5_lag_add_mdev(struct mlx5_core_dev *dev)
{
int err;
+ if (!MLX5_CAP_GEN(dev, vport_group_manager) ||
+ !MLX5_CAP_GEN(dev, lag_master) ||
+ MLX5_CAP_GEN(dev, num_lag_ports) != MLX5_MAX_PORTS)
+ return;
+
recheck:
mlx5_dev_list_lock();
err = __mlx5_lag_dev_add_mdev(dev);
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
index 9026be1d6223..484cb1e4fc7f 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
@@ -210,6 +210,7 @@ void mlx5_detach_device(struct mlx5_core_dev *dev);
int mlx5_register_device(struct mlx5_core_dev *dev);
void mlx5_unregister_device(struct mlx5_core_dev *dev);
struct mlx5_core_dev *mlx5_get_next_phys_dev(struct mlx5_core_dev *dev);
+struct mlx5_core_dev *mlx5_get_next_phys_dev_lag(struct mlx5_core_dev *dev);
void mlx5_dev_list_lock(void);
void mlx5_dev_list_unlock(void);
int mlx5_dev_list_trylock(void);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 211/339] net/mlx5: Fix mlx5_get_next_dev() peer device matching
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 210/339] net/mlx5: Lag, filter non compatible devices Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 212/339] net/mlx5: Rearm the FW tracer after each tracer event Greg Kroah-Hartman
` (129 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Lobakin, Maher Sanalla,
Saeed Mahameed, Leon Romanovsky, Mark Bloch, Sasha Levin
From: Saeed Mahameed <saeedm@nvidia.com>
[ Upstream commit 1c5de097bea31760c3f0467ac0c84ba0dc3525d5 ]
In some use-cases, mlx5 instances will need to search for their peer
device (the other port on the same HCA). For that, mlx5 device matching
mechanism relied on auxiliary_find_device() to search, and used a bad matching
callback function.
This approach has two issues:
1) next_phys_dev() the matching function, assumed all devices are
of the type mlx5_adev (mlx5 auxiliary device) which is wrong and
could lead to crashes, this worked for a while, since only lately
other drivers started registering auxiliary devices.
2) using the auxiliary class bus (auxiliary_find_device) to search for
mlx5_core_dev devices, who are actually PCIe device instances, is wrong.
This works since mlx5_core always has at least one mlx5_adev instance
hanging around in the aux bus.
As suggested by others we can fix 1. by comparing device names prefixes
if they have the string "mlx5_core" in them, which is not a best practice !
but even with that fixed, still 2. needs fixing, we are trying to
match pcie device peers so we should look in the right bus (pci bus),
hence this fix.
The fix:
1) search the pci bus for mlx5 peer devices, instead of the aux bus
2) to validated devices are the same type "mlx5_core_dev" compare if
they have the same driver, which is bulletproof.
This wouldn't have worked with the aux bus since the various mlx5 aux
device types don't share the same driver, even if they share the same device
wrapper struct (mlx5_adev) "which helped to find the parent device"
Fixes: a925b5e309c9 ("net/mlx5: Register mlx5 devices to auxiliary virtual bus")
Reported-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reported-by: Maher Sanalla <msanalla@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maher Sanalla <msanalla@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/dev.c | 34 +++++++++++++------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/dev.c b/drivers/net/ethernet/mellanox/mlx5/core/dev.c
index 3e750b827a19..c5d7bf662784 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/dev.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/dev.c
@@ -571,18 +571,32 @@ static int _next_phys_dev(struct mlx5_core_dev *mdev,
return 1;
}
+static void *pci_get_other_drvdata(struct device *this, struct device *other)
+{
+ if (this->driver != other->driver)
+ return NULL;
+
+ return pci_get_drvdata(to_pci_dev(other));
+}
+
static int next_phys_dev(struct device *dev, const void *data)
{
- struct mlx5_adev *madev = container_of(dev, struct mlx5_adev, adev.dev);
- struct mlx5_core_dev *mdev = madev->mdev;
+ struct mlx5_core_dev *mdev, *this = (struct mlx5_core_dev *)data;
+
+ mdev = pci_get_other_drvdata(this->device, dev);
+ if (!mdev)
+ return 0;
return _next_phys_dev(mdev, data);
}
static int next_phys_dev_lag(struct device *dev, const void *data)
{
- struct mlx5_adev *madev = container_of(dev, struct mlx5_adev, adev.dev);
- struct mlx5_core_dev *mdev = madev->mdev;
+ struct mlx5_core_dev *mdev, *this = (struct mlx5_core_dev *)data;
+
+ mdev = pci_get_other_drvdata(this->device, dev);
+ if (!mdev)
+ return 0;
if (!MLX5_CAP_GEN(mdev, vport_group_manager) ||
!MLX5_CAP_GEN(mdev, lag_master) ||
@@ -595,19 +609,17 @@ static int next_phys_dev_lag(struct device *dev, const void *data)
static struct mlx5_core_dev *mlx5_get_next_dev(struct mlx5_core_dev *dev,
int (*match)(struct device *dev, const void *data))
{
- struct auxiliary_device *adev;
- struct mlx5_adev *madev;
+ struct device *next;
if (!mlx5_core_is_pf(dev))
return NULL;
- adev = auxiliary_find_device(NULL, dev, match);
- if (!adev)
+ next = bus_find_device(&pci_bus_type, NULL, dev, match);
+ if (!next)
return NULL;
- madev = container_of(adev, struct mlx5_adev, adev);
- put_device(&adev->dev);
- return madev->mdev;
+ put_device(next);
+ return pci_get_drvdata(to_pci_dev(next));
}
/* Must be called with intf_mutex held */
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 212/339] net/mlx5: Rearm the FW tracer after each tracer event
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 211/339] net/mlx5: Fix mlx5_get_next_dev() peer device matching Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 213/339] net/mlx5: fs, fail conflicting actions Greg Kroah-Hartman
` (128 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Feras Daoud, Roy Novich,
Moshe Shemesh, Saeed Mahameed, Sasha Levin
From: Feras Daoud <ferasda@nvidia.com>
[ Upstream commit 8bf94e6414c9481bfa28269022688ab445d0081d ]
The current design does not arm the tracer if traces are available before
the tracer string database is fully loaded, leading to an unfunctional tracer.
This fix will rearm the tracer every time the FW triggers tracer event
regardless of the tracer strings database status.
Fixes: c71ad41ccb0c ("net/mlx5: FW tracer, events handling")
Signed-off-by: Feras Daoud <ferasda@nvidia.com>
Signed-off-by: Roy Novich <royno@nvidia.com>
Reviewed-by: Moshe Shemesh <moshe@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
index eae9aa9c0811..978a2bb8e122 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
@@ -675,6 +675,9 @@ static void mlx5_fw_tracer_handle_traces(struct work_struct *work)
if (!tracer->owner)
return;
+ if (unlikely(!tracer->str_db.loaded))
+ goto arm;
+
block_count = tracer->buff.size / TRACER_BLOCK_SIZE_BYTE;
start_offset = tracer->buff.consumer_index * TRACER_BLOCK_SIZE_BYTE;
@@ -732,6 +735,7 @@ static void mlx5_fw_tracer_handle_traces(struct work_struct *work)
&tmp_trace_block[TRACES_PER_BLOCK - 1]);
}
+arm:
mlx5_fw_tracer_arm(dev);
}
@@ -1136,8 +1140,7 @@ static int fw_tracer_event(struct notifier_block *nb, unsigned long action, void
queue_work(tracer->work_queue, &tracer->ownership_change_work);
break;
case MLX5_TRACER_SUBTYPE_TRACES_AVAILABLE:
- if (likely(tracer->str_db.loaded))
- queue_work(tracer->work_queue, &tracer->handle_traces_work);
+ queue_work(tracer->work_queue, &tracer->handle_traces_work);
break;
default:
mlx5_core_dbg(dev, "FWTracer: Event with unrecognized subtype: sub_type %d\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 213/339] net/mlx5: fs, fail conflicting actions
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 212/339] net/mlx5: Rearm the FW tracer after each tracer event Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 214/339] ip_gre: test csum_start instead of transport header Greg Kroah-Hartman
` (127 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mark Bloch, Maor Gottlieb,
Saeed Mahameed, Sasha Levin
From: Mark Bloch <mbloch@nvidia.com>
[ Upstream commit 8fa5e7b20e01042b14f8cd684d2da9b638460c74 ]
When combining two steering rules into one check
not only do they share the same actions but those
actions are also the same. This resolves an issue where
when creating two different rules with the same match
the actions are overwritten and one of the rules is deleted
a FW syndrome can be seen in dmesg.
mlx5_core 0000:03:00.0: mlx5_cmd_check:819:(pid 2105): DEALLOC_MODIFY_HEADER_CONTEXT(0x941) op_mod(0x0) failed, status bad resource state(0x9), syndrome (0x1ab444)
Fixes: 0d235c3fabb7 ("net/mlx5: Add hash table to search FTEs in a flow-group")
Signed-off-by: Mark Bloch <mbloch@nvidia.com>
Reviewed-by: Maor Gottlieb <maorg@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/mellanox/mlx5/core/fs_core.c | 35 +++++++++++++++++--
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
index ab184e154eea..beedaf5b03ee 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
@@ -1560,9 +1560,22 @@ static struct mlx5_flow_rule *find_flow_rule(struct fs_fte *fte,
return NULL;
}
-static bool check_conflicting_actions(u32 action1, u32 action2)
+static bool check_conflicting_actions_vlan(const struct mlx5_fs_vlan *vlan0,
+ const struct mlx5_fs_vlan *vlan1)
{
- u32 xored_actions = action1 ^ action2;
+ return vlan0->ethtype != vlan1->ethtype ||
+ vlan0->vid != vlan1->vid ||
+ vlan0->prio != vlan1->prio;
+}
+
+static bool check_conflicting_actions(const struct mlx5_flow_act *act1,
+ const struct mlx5_flow_act *act2)
+{
+ u32 action1 = act1->action;
+ u32 action2 = act2->action;
+ u32 xored_actions;
+
+ xored_actions = action1 ^ action2;
/* if one rule only wants to count, it's ok */
if (action1 == MLX5_FLOW_CONTEXT_ACTION_COUNT ||
@@ -1579,6 +1592,22 @@ static bool check_conflicting_actions(u32 action1, u32 action2)
MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2))
return true;
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT &&
+ act1->pkt_reformat != act2->pkt_reformat)
+ return true;
+
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR &&
+ act1->modify_hdr != act2->modify_hdr)
+ return true;
+
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH &&
+ check_conflicting_actions_vlan(&act1->vlan[0], &act2->vlan[0]))
+ return true;
+
+ if (action1 & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2 &&
+ check_conflicting_actions_vlan(&act1->vlan[1], &act2->vlan[1]))
+ return true;
+
return false;
}
@@ -1586,7 +1615,7 @@ static int check_conflicting_ftes(struct fs_fte *fte,
const struct mlx5_flow_context *flow_context,
const struct mlx5_flow_act *flow_act)
{
- if (check_conflicting_actions(flow_act->action, fte->action.action)) {
+ if (check_conflicting_actions(flow_act, &fte->action)) {
mlx5_core_warn(get_dev(&fte->node),
"Found two FTEs with conflicting actions\n");
return -EEXIST;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 214/339] ip_gre: test csum_start instead of transport header
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 213/339] net/mlx5: fs, fail conflicting actions Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 215/339] net: altera: Fix refcount leak in altera_tse_mdio_create Greg Kroah-Hartman
` (126 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot, Willem de Bruijn,
Eric Dumazet, Alexander Duyck, Jakub Kicinski, Sasha Levin
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 8d21e9963bec1aad2280cdd034c8993033ef2948 ]
GRE with TUNNEL_CSUM will apply local checksum offload on
CHECKSUM_PARTIAL packets.
ipgre_xmit must validate csum_start after an optional skb_pull,
else lco_csum may trigger an overflow. The original check was
if (csum && skb_checksum_start(skb) < skb->data)
return -EINVAL;
This had false positives when skb_checksum_start is undefined:
when ip_summed is not CHECKSUM_PARTIAL. A discussed refinement
was straightforward
if (csum && skb->ip_summed == CHECKSUM_PARTIAL &&
skb_checksum_start(skb) < skb->data)
return -EINVAL;
But was eventually revised more thoroughly:
- restrict the check to the only branch where needed, in an
uncommon GRE path that uses header_ops and calls skb_pull.
- test skb_transport_header, which is set along with csum_start
in skb_partial_csum_set in the normal header_ops datapath.
Turns out skbs can arrive in this branch without the transport
header set, e.g., through BPF redirection.
Revise the check back to check csum_start directly, and only if
CHECKSUM_PARTIAL. Do leave the check in the updated location.
Check field regardless of whether TUNNEL_CSUM is configured.
Link: https://lore.kernel.org/netdev/YS+h%2FtqCJJiQei+W@shredder/
Link: https://lore.kernel.org/all/20210902193447.94039-2-willemdebruijn.kernel@gmail.com/T/#u
Fixes: 8a0ed250f911 ("ip_gre: validate csum_start only on pull")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Alexander Duyck <alexanderduyck@fb.com>
Link: https://lore.kernel.org/r/20220606132107.3582565-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_gre.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index aacee9dd771b..bc8dfdf1c48a 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -629,21 +629,20 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
}
if (dev->header_ops) {
- const int pull_len = tunnel->hlen + sizeof(struct iphdr);
-
if (skb_cow_head(skb, 0))
goto free_skb;
tnl_params = (const struct iphdr *)skb->data;
- if (pull_len > skb_transport_offset(skb))
- goto free_skb;
-
/* Pull skb since ip_tunnel_xmit() needs skb->data pointing
* to gre header.
*/
- skb_pull(skb, pull_len);
+ skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
skb_reset_mac_header(skb);
+
+ if (skb->ip_summed == CHECKSUM_PARTIAL &&
+ skb_checksum_start(skb) < skb->data)
+ goto free_skb;
} else {
if (skb_cow_head(skb, dev->needed_headroom))
goto free_skb;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 215/339] net: altera: Fix refcount leak in altera_tse_mdio_create
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 214/339] ip_gre: test csum_start instead of transport header Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 216/339] net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete Greg Kroah-Hartman
` (125 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Miaoqian Lin, Jakub Kicinski, Sasha Levin
From: Miaoqian Lin <linmq006@gmail.com>
[ Upstream commit 11ec18b1d8d92b9df307d31950dcba0b3dd7283c ]
Every iteration of for_each_child_of_node() decrements
the reference count of the previous node.
When break from a for_each_child_of_node() loop,
we need to explicitly call of_node_put() on the child node when
not need anymore.
Add missing of_node_put() to avoid refcount leak.
Fixes: bbd2190ce96d ("Altera TSE: Add main and header file for Altera Ethernet Driver")
Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Link: https://lore.kernel.org/r/20220607041144.7553-1-linmq006@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/altera/altera_tse_main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/altera/altera_tse_main.c b/drivers/net/ethernet/altera/altera_tse_main.c
index a3816264c35c..8c5828582c21 100644
--- a/drivers/net/ethernet/altera/altera_tse_main.c
+++ b/drivers/net/ethernet/altera/altera_tse_main.c
@@ -163,7 +163,8 @@ static int altera_tse_mdio_create(struct net_device *dev, unsigned int id)
mdio = mdiobus_alloc();
if (mdio == NULL) {
netdev_err(dev, "Error allocating MDIO bus\n");
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto put_node;
}
mdio->name = ALTERA_TSE_RESOURCE_NAME;
@@ -180,6 +181,7 @@ static int altera_tse_mdio_create(struct net_device *dev, unsigned int id)
mdio->id);
goto out_free_mdio;
}
+ of_node_put(mdio_node);
if (netif_msg_drv(priv))
netdev_info(dev, "MDIO bus %s: created\n", mdio->id);
@@ -189,6 +191,8 @@ static int altera_tse_mdio_create(struct net_device *dev, unsigned int id)
out_free_mdio:
mdiobus_free(mdio);
mdio = NULL;
+put_node:
+ of_node_put(mdio_node);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 216/339] net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 215/339] net: altera: Fix refcount leak in altera_tse_mdio_create Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 217/339] net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY Greg Kroah-Hartman
` (124 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Behún,
Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Marek Behún <kabel@kernel.org>
[ Upstream commit 47e96930d6e6106d5252e85b868d3c7e29296de0 ]
Commit ede359d8843a ("net: dsa: mv88e6xxx: Link in pcs_get_state() if AN
is bypassed") added the ability to link if AN was bypassed, and added
filling of state->an_complete field, but set it to true if AN was
enabled in BMCR, not when AN was reported complete in BMSR.
This was done because for some reason, when I wanted to use BMSR value
to infer an_complete, I was looking at BMSR_ANEGCAPABLE bit (which was
always 1), instead of BMSR_ANEGCOMPLETE bit.
Use BMSR_ANEGCOMPLETE for filling state->an_complete.
Fixes: ede359d8843a ("net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed")
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/mv88e6xxx/serdes.c | 27 +++++++++++----------------
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/drivers/net/dsa/mv88e6xxx/serdes.c b/drivers/net/dsa/mv88e6xxx/serdes.c
index 7b37d45bc9fb..1a19c5284f2c 100644
--- a/drivers/net/dsa/mv88e6xxx/serdes.c
+++ b/drivers/net/dsa/mv88e6xxx/serdes.c
@@ -50,22 +50,17 @@ static int mv88e6390_serdes_write(struct mv88e6xxx_chip *chip,
}
static int mv88e6xxx_serdes_pcs_get_state(struct mv88e6xxx_chip *chip,
- u16 ctrl, u16 status, u16 lpa,
+ u16 bmsr, u16 lpa, u16 status,
struct phylink_link_state *state)
{
state->link = !!(status & MV88E6390_SGMII_PHY_STATUS_LINK);
+ state->an_complete = !!(bmsr & BMSR_ANEGCOMPLETE);
if (status & MV88E6390_SGMII_PHY_STATUS_SPD_DPL_VALID) {
/* The Spped and Duplex Resolved register is 1 if AN is enabled
* and complete, or if AN is disabled. So with disabled AN we
- * still get here on link up. But we want to set an_complete
- * only if AN was enabled, thus we look at BMCR_ANENABLE.
- * (According to 802.3-2008 section 22.2.4.2.10, we should be
- * able to get this same value from BMSR_ANEGCAPABLE, but tests
- * show that these Marvell PHYs don't conform to this part of
- * the specificaion - BMSR_ANEGCAPABLE is simply always 1.)
+ * still get here on link up.
*/
- state->an_complete = !!(ctrl & BMCR_ANENABLE);
state->duplex = status &
MV88E6390_SGMII_PHY_STATUS_DUPLEX_FULL ?
DUPLEX_FULL : DUPLEX_HALF;
@@ -191,12 +186,12 @@ int mv88e6352_serdes_pcs_config(struct mv88e6xxx_chip *chip, int port,
int mv88e6352_serdes_pcs_get_state(struct mv88e6xxx_chip *chip, int port,
int lane, struct phylink_link_state *state)
{
- u16 lpa, status, ctrl;
+ u16 bmsr, lpa, status;
int err;
- err = mv88e6352_serdes_read(chip, MII_BMCR, &ctrl);
+ err = mv88e6352_serdes_read(chip, MII_BMSR, &bmsr);
if (err) {
- dev_err(chip->dev, "can't read Serdes PHY control: %d\n", err);
+ dev_err(chip->dev, "can't read Serdes BMSR: %d\n", err);
return err;
}
@@ -212,7 +207,7 @@ int mv88e6352_serdes_pcs_get_state(struct mv88e6xxx_chip *chip, int port,
return err;
}
- return mv88e6xxx_serdes_pcs_get_state(chip, ctrl, status, lpa, state);
+ return mv88e6xxx_serdes_pcs_get_state(chip, bmsr, lpa, status, state);
}
int mv88e6352_serdes_pcs_an_restart(struct mv88e6xxx_chip *chip, int port,
@@ -918,13 +913,13 @@ int mv88e6390_serdes_pcs_config(struct mv88e6xxx_chip *chip, int port,
static int mv88e6390_serdes_pcs_get_state_sgmii(struct mv88e6xxx_chip *chip,
int port, int lane, struct phylink_link_state *state)
{
- u16 lpa, status, ctrl;
+ u16 bmsr, lpa, status;
int err;
err = mv88e6390_serdes_read(chip, lane, MDIO_MMD_PHYXS,
- MV88E6390_SGMII_BMCR, &ctrl);
+ MV88E6390_SGMII_BMSR, &bmsr);
if (err) {
- dev_err(chip->dev, "can't read Serdes PHY control: %d\n", err);
+ dev_err(chip->dev, "can't read Serdes PHY BMSR: %d\n", err);
return err;
}
@@ -942,7 +937,7 @@ static int mv88e6390_serdes_pcs_get_state_sgmii(struct mv88e6xxx_chip *chip,
return err;
}
- return mv88e6xxx_serdes_pcs_get_state(chip, ctrl, status, lpa, state);
+ return mv88e6xxx_serdes_pcs_get_state(chip, bmsr, lpa, status, state);
}
static int mv88e6390_serdes_pcs_get_state_10g(struct mv88e6xxx_chip *chip,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 217/339] net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 216/339] net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 218/339] tcp: use alloc_large_system_hash() to allocate table_perturb Greg Kroah-Hartman
` (123 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alvin Šipraga,
Russell King (Oracle),
Jakub Kicinski, Sasha Levin
From: Alvin Šipraga <alsi@bang-olufsen.dk>
[ Upstream commit 487994ff75880569d32504d7e70da8b3328e0693 ]
Since commit a18e6521a7d9 ("net: phylink: handle NA interface mode in
phylink_fwnode_phy_connect()"), phylib defaults to GMII when no phy-mode
or phy-connection-type property is specified in a DSA port node of the
device tree. The same commit caused a regression in rtl8365mb whereby
phylink would fail to connect, because the driver did not advertise
support for GMII for ports with internal PHY.
It should be noted that the aforementioned regression is not because the
blamed commit was incorrect: on the contrary, the blamed commit is
correcting the previous behaviour whereby unspecified phy-mode would
cause the internal interface mode to be PHY_INTERFACE_MODE_NA. The
rtl8365mb driver only worked by accident before because it _did_
advertise support for PHY_INTERFACE_MODE_NA, despite NA being reserved
for internal use by phylink. With one mistake fixed, the other was
exposed.
Commit a5dba0f207e5 ("net: dsa: rtl8365mb: add GMII as user port mode")
then introduced implicit support for GMII mode on ports with internal
PHY to allow a PHY connection for device trees where the phy-mode is not
explicitly set to "internal". At this point everything was working OK
again.
Subsequently, commit 6ff6064605e9 ("net: dsa: realtek: convert to
phylink_generic_validate()") broke this behaviour again by discarding
the usage of rtl8365mb_phy_mode_supported() - where this GMII support
was indicated - while switching to the new .phylink_get_caps API.
With the new API, rtl8365mb_phy_mode_supported() is no longer needed.
Remove it altogether and add back the GMII capability - this time to
rtl8365mb_phylink_get_caps() - so that the above default behaviour works
for ports with internal PHY again.
Fixes: 6ff6064605e9 ("net: dsa: realtek: convert to phylink_generic_validate()")
Signed-off-by: Alvin Šipraga <alsi@bang-olufsen.dk>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/20220607184624.417641-1-alvin@pqrs.dk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/realtek/rtl8365mb.c | 38 +++++++----------------------
1 file changed, 9 insertions(+), 29 deletions(-)
diff --git a/drivers/net/dsa/realtek/rtl8365mb.c b/drivers/net/dsa/realtek/rtl8365mb.c
index 3d70e8a77ecf..907c743370e3 100644
--- a/drivers/net/dsa/realtek/rtl8365mb.c
+++ b/drivers/net/dsa/realtek/rtl8365mb.c
@@ -955,35 +955,21 @@ static int rtl8365mb_ext_config_forcemode(struct realtek_priv *priv, int port,
return 0;
}
-static bool rtl8365mb_phy_mode_supported(struct dsa_switch *ds, int port,
- phy_interface_t interface)
-{
- int ext_int;
-
- ext_int = rtl8365mb_extint_port_map[port];
-
- if (ext_int < 0 &&
- (interface == PHY_INTERFACE_MODE_NA ||
- interface == PHY_INTERFACE_MODE_INTERNAL ||
- interface == PHY_INTERFACE_MODE_GMII))
- /* Internal PHY */
- return true;
- else if ((ext_int >= 1) &&
- phy_interface_mode_is_rgmii(interface))
- /* Extension MAC */
- return true;
-
- return false;
-}
-
static void rtl8365mb_phylink_get_caps(struct dsa_switch *ds, int port,
struct phylink_config *config)
{
- if (dsa_is_user_port(ds, port))
+ if (dsa_is_user_port(ds, port)) {
__set_bit(PHY_INTERFACE_MODE_INTERNAL,
config->supported_interfaces);
- else if (dsa_is_cpu_port(ds, port))
+
+ /* GMII is the default interface mode for phylib, so
+ * we have to support it for ports with integrated PHY.
+ */
+ __set_bit(PHY_INTERFACE_MODE_GMII,
+ config->supported_interfaces);
+ } else if (dsa_is_cpu_port(ds, port)) {
phy_interface_set_rgmii(config->supported_interfaces);
+ }
config->mac_capabilities = MAC_SYM_PAUSE | MAC_ASYM_PAUSE |
MAC_10 | MAC_100 | MAC_1000FD;
@@ -996,12 +982,6 @@ static void rtl8365mb_phylink_mac_config(struct dsa_switch *ds, int port,
struct realtek_priv *priv = ds->priv;
int ret;
- if (!rtl8365mb_phy_mode_supported(ds, port, state->interface)) {
- dev_err(priv->dev, "phy mode %s is unsupported on port %d\n",
- phy_modes(state->interface), port);
- return;
- }
-
if (mode != MLO_AN_PHY && mode != MLO_AN_FIXED) {
dev_err(priv->dev,
"port %d supports only conventional PHY or fixed-link\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 218/339] tcp: use alloc_large_system_hash() to allocate table_perturb
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 217/339] net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 219/339] drm: imx: fix compiler warning with gcc-12 Greg Kroah-Hartman
` (122 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Muchun Song, Eric Dumazet,
Jakub Kicinski, Sasha Levin
From: Muchun Song <songmuchun@bytedance.com>
[ Upstream commit e67b72b90b7e19a4be4d9c29f3feea6f58ab43f8 ]
In our server, there may be no high order (>= 6) memory since we reserve
lots of HugeTLB pages when booting. Then the system panic. So use
alloc_large_system_hash() to allocate table_perturb.
Fixes: e9261476184b ("tcp: dynamically allocate the perturb table used by source ports")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220607070214.94443-1-songmuchun@bytedance.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/inet_hashtables.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index a5d57fa679ca..55654e335d43 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -917,10 +917,12 @@ void __init inet_hashinfo2_init(struct inet_hashinfo *h, const char *name,
init_hashinfo_lhash2(h);
/* this one is used for source ports of outgoing connections */
- table_perturb = kmalloc_array(INET_TABLE_PERTURB_SIZE,
- sizeof(*table_perturb), GFP_KERNEL);
- if (!table_perturb)
- panic("TCP: failed to alloc table_perturb");
+ table_perturb = alloc_large_system_hash("Table-perturb",
+ sizeof(*table_perturb),
+ INET_TABLE_PERTURB_SIZE,
+ 0, 0, NULL, NULL,
+ INET_TABLE_PERTURB_SIZE,
+ INET_TABLE_PERTURB_SIZE);
}
int inet_hashinfo2_init_mod(struct inet_hashinfo *h)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 219/339] drm: imx: fix compiler warning with gcc-12
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 218/339] tcp: use alloc_large_system_hash() to allocate table_perturb Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 220/339] nfp: flower: restructure flow-key for gre+vlan combination Greg Kroah-Hartman
` (121 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Philipp Zabel, Linus Torvalds, Sasha Levin
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit 7aefd8b53815274f3ef398d370a3c9b27dd9f00c ]
Gcc-12 correctly warned about this code using a non-NULL pointer as a
truth value:
drivers/gpu/drm/imx/ipuv3-crtc.c: In function ‘ipu_crtc_disable_planes’:
drivers/gpu/drm/imx/ipuv3-crtc.c:72:21: error: the comparison will always evaluate as ‘true’ for the address of ‘plane’ will never be NULL [-Werror=address]
72 | if (&ipu_crtc->plane[1] && plane == &ipu_crtc->plane[1]->base)
| ^
due to the extraneous '&' address-of operator.
Philipp Zabel points out that The mistake had no adverse effect since
the following condition doesn't actually dereference the NULL pointer,
but the intent of the code was obviously to check for it, not to take
the address of the member.
Fixes: eb8c88808c83 ("drm/imx: add deferred plane disabling")
Acked-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3-crtc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/imx/ipuv3-crtc.c b/drivers/gpu/drm/imx/ipuv3-crtc.c
index 9c8829f945b2..f7863d6dea80 100644
--- a/drivers/gpu/drm/imx/ipuv3-crtc.c
+++ b/drivers/gpu/drm/imx/ipuv3-crtc.c
@@ -69,7 +69,7 @@ static void ipu_crtc_disable_planes(struct ipu_crtc *ipu_crtc,
drm_atomic_crtc_state_for_each_plane(plane, old_crtc_state) {
if (plane == &ipu_crtc->plane[0]->base)
disable_full = true;
- if (&ipu_crtc->plane[1] && plane == &ipu_crtc->plane[1]->base)
+ if (ipu_crtc->plane[1] && plane == &ipu_crtc->plane[1]->base)
disable_partial = true;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 220/339] nfp: flower: restructure flow-key for gre+vlan combination
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 219/339] drm: imx: fix compiler warning with gcc-12 Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 221/339] net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev Greg Kroah-Hartman
` (120 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Etienne van der Linde, Louis Peens,
Yinjun Zhang, Simon Horman, Jakub Kicinski, Sasha Levin
From: Etienne van der Linde <etienne.vanderlinde@corigine.com>
[ Upstream commit a0b843340dae704e17c1ddfad0f85c583c36757f ]
Swap around the GRE and VLAN parts in the flow-key offloaded by
the driver to fit in with other tunnel types and the firmware.
Without this change used cases with GRE+VLAN on the outer header
does not get offloaded as the flow-key mismatches what the
firmware expect.
Fixes: 0d630f58989a ("nfp: flower: add support to offload QinQ match")
Fixes: 5a2b93041646 ("nfp: flower-ct: compile match sections of flow_payload")
Signed-off-by: Etienne van der Linde <etienne.vanderlinde@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/netronome/nfp/flower/conntrack.c | 32 +++++++++----------
.../net/ethernet/netronome/nfp/flower/match.c | 16 +++++-----
2 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
index bfd7d1c35076..7e9fcc16286e 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
@@ -442,6 +442,11 @@ nfp_fl_calc_key_layers_sz(struct nfp_fl_key_ls in_key_ls, uint16_t *map)
key_size += sizeof(struct nfp_flower_ipv6);
}
+ if (in_key_ls.key_layer_two & NFP_FLOWER_LAYER2_QINQ) {
+ map[FLOW_PAY_QINQ] = key_size;
+ key_size += sizeof(struct nfp_flower_vlan);
+ }
+
if (in_key_ls.key_layer_two & NFP_FLOWER_LAYER2_GRE) {
map[FLOW_PAY_GRE] = key_size;
if (in_key_ls.key_layer_two & NFP_FLOWER_LAYER2_TUN_IPV6)
@@ -450,11 +455,6 @@ nfp_fl_calc_key_layers_sz(struct nfp_fl_key_ls in_key_ls, uint16_t *map)
key_size += sizeof(struct nfp_flower_ipv4_gre_tun);
}
- if (in_key_ls.key_layer_two & NFP_FLOWER_LAYER2_QINQ) {
- map[FLOW_PAY_QINQ] = key_size;
- key_size += sizeof(struct nfp_flower_vlan);
- }
-
if ((in_key_ls.key_layer & NFP_FLOWER_LAYER_VXLAN) ||
(in_key_ls.key_layer_two & NFP_FLOWER_LAYER2_GENEVE)) {
map[FLOW_PAY_UDP_TUN] = key_size;
@@ -693,6 +693,17 @@ static int nfp_fl_ct_add_offload(struct nfp_fl_nft_tc_merge *m_entry)
}
}
+ if (NFP_FLOWER_LAYER2_QINQ & key_layer.key_layer_two) {
+ offset = key_map[FLOW_PAY_QINQ];
+ key = kdata + offset;
+ msk = mdata + offset;
+ for (i = 0; i < _CT_TYPE_MAX; i++) {
+ nfp_flower_compile_vlan((struct nfp_flower_vlan *)key,
+ (struct nfp_flower_vlan *)msk,
+ rules[i]);
+ }
+ }
+
if (key_layer.key_layer_two & NFP_FLOWER_LAYER2_GRE) {
offset = key_map[FLOW_PAY_GRE];
key = kdata + offset;
@@ -733,17 +744,6 @@ static int nfp_fl_ct_add_offload(struct nfp_fl_nft_tc_merge *m_entry)
}
}
- if (NFP_FLOWER_LAYER2_QINQ & key_layer.key_layer_two) {
- offset = key_map[FLOW_PAY_QINQ];
- key = kdata + offset;
- msk = mdata + offset;
- for (i = 0; i < _CT_TYPE_MAX; i++) {
- nfp_flower_compile_vlan((struct nfp_flower_vlan *)key,
- (struct nfp_flower_vlan *)msk,
- rules[i]);
- }
- }
-
if (key_layer.key_layer & NFP_FLOWER_LAYER_VXLAN ||
key_layer.key_layer_two & NFP_FLOWER_LAYER2_GENEVE) {
offset = key_map[FLOW_PAY_UDP_TUN];
diff --git a/drivers/net/ethernet/netronome/nfp/flower/match.c b/drivers/net/ethernet/netronome/nfp/flower/match.c
index 9d86eea4dc16..fb8bd2135c63 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/match.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/match.c
@@ -602,6 +602,14 @@ int nfp_flower_compile_flow_match(struct nfp_app *app,
msk += sizeof(struct nfp_flower_ipv6);
}
+ if (NFP_FLOWER_LAYER2_QINQ & key_ls->key_layer_two) {
+ nfp_flower_compile_vlan((struct nfp_flower_vlan *)ext,
+ (struct nfp_flower_vlan *)msk,
+ rule);
+ ext += sizeof(struct nfp_flower_vlan);
+ msk += sizeof(struct nfp_flower_vlan);
+ }
+
if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_GRE) {
if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_TUN_IPV6) {
struct nfp_flower_ipv6_gre_tun *gre_match;
@@ -637,14 +645,6 @@ int nfp_flower_compile_flow_match(struct nfp_app *app,
}
}
- if (NFP_FLOWER_LAYER2_QINQ & key_ls->key_layer_two) {
- nfp_flower_compile_vlan((struct nfp_flower_vlan *)ext,
- (struct nfp_flower_vlan *)msk,
- rule);
- ext += sizeof(struct nfp_flower_vlan);
- msk += sizeof(struct nfp_flower_vlan);
- }
-
if (key_ls->key_layer & NFP_FLOWER_LAYER_VXLAN ||
key_ls->key_layer_two & NFP_FLOWER_LAYER2_GENEVE) {
if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_TUN_IPV6) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 221/339] net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 220/339] nfp: flower: restructure flow-key for gre+vlan combination Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 222/339] iov_iter: Fix iter_xarray_get_pages{,_alloc}() Greg Kroah-Hartman
` (119 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Anton Makarov, Andrea Mayer,
David Ahern, Jakub Kicinski, Sasha Levin
From: Andrea Mayer <andrea.mayer@uniroma2.it>
[ Upstream commit a3bd2102e464202b58d57390a538d96f57ffc361 ]
Commit 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif
reset for port devices") adds a new entry (flowi_l3mdev) in the common
flow struct used for indicating the l3mdev index for later rule and
table matching.
The l3mdev_update_flow() has been adapted to properly set the
flowi_l3mdev based on the flowi_oif/flowi_iif. In fact, when a valid
flowi_iif is supplied to the l3mdev_update_flow(), this function can
update the flowi_l3mdev entry only if it has not yet been set (i.e., the
flowi_l3mdev entry is equal to 0).
The SRv6 End.DT6 behavior in VRF mode leverages a VRF device in order to
force the routing lookup into the associated routing table. This routing
operation is performed by seg6_lookup_any_nextop() preparing a flowi6
data structure used by ip6_route_input_lookup() which, in turn,
(indirectly) invokes l3mdev_update_flow().
However, seg6_lookup_any_nexthop() does not initialize the new
flowi_l3mdev entry which is filled with random garbage data. This
prevents l3mdev_update_flow() from properly updating the flowi_l3mdev
with the VRF index, and thus SRv6 End.DT6 (VRF mode)/DT46 behaviors are
broken.
This patch correctly initializes the flowi6 instance allocated and used
by seg6_lookup_any_nexhtop(). Specifically, the entire flowi6 instance
is wiped out: in case new entries are added to flowi/flowi6 (as happened
with the flowi_l3mdev entry), we should no longer have incorrectly
initialized values. As a result of this operation, the value of
flowi_l3mdev is also set to 0.
The proposed fix can be tested easily. Starting from the commit
referenced in the Fixes, selftests [1],[2] indicate that the SRv6
End.DT6 (VRF mode)/DT46 behaviors no longer work correctly. By applying
this patch, those behaviors are back to work properly again.
[1] - tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh
[2] - tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh
Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices")
Reported-by: Anton Makarov <am@3a-alliance.com>
Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20220608091917.20345-1-andrea.mayer@uniroma2.it
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/seg6_local.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c
index 9fbe243a0e81..98a34287439c 100644
--- a/net/ipv6/seg6_local.c
+++ b/net/ipv6/seg6_local.c
@@ -218,6 +218,7 @@ seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
struct flowi6 fl6;
int dev_flags = 0;
+ memset(&fl6, 0, sizeof(fl6));
fl6.flowi6_iif = skb->dev->ifindex;
fl6.daddr = nhaddr ? *nhaddr : hdr->daddr;
fl6.saddr = hdr->saddr;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 222/339] iov_iter: Fix iter_xarray_get_pages{,_alloc}()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 221/339] net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 223/339] iio: dummy: iio_simple_dummy: check the return value of kstrdup() Greg Kroah-Hartman
` (118 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeff Layton, David Howells,
Alexander Viro, Dominique Martinet, Mike Marshall, Gao Xiang,
linux-afs, v9fs-developer, devel, linux-erofs, linux-cachefs,
linux-fsdevel, Sasha Levin
From: David Howells <dhowells@redhat.com>
[ Upstream commit 6c77676645ad42993e0a8bdb8dafa517851a352a ]
The maths at the end of iter_xarray_get_pages() to calculate the actual
size doesn't work under some circumstances, such as when it's been asked to
extract a partial single page. Various terms of the equation cancel out
and you end up with actual == offset. The same issue exists in
iter_xarray_get_pages_alloc().
Fix these to just use min() to select the lesser amount from between the
amount of page content transcribed into the buffer, minus the offset, and
the size limit specified.
This doesn't appear to have caused a problem yet upstream because network
filesystems aren't getting the pages from an xarray iterator, but rather
passing it directly to the socket, which just iterates over it. Cachefiles
*does* do DIO from one to/from ext4/xfs/btrfs/etc. but it always asks for
whole pages to be written or read.
Fixes: 7ff5062079ef ("iov_iter: Add ITER_XARRAY")
Reported-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Alexander Viro <viro@zeniv.linux.org.uk>
cc: Dominique Martinet <asmadeus@codewreck.org>
cc: Mike Marshall <hubcap@omnibond.com>
cc: Gao Xiang <xiang@kernel.org>
cc: linux-afs@lists.infradead.org
cc: v9fs-developer@lists.sourceforge.net
cc: devel@lists.orangefs.org
cc: linux-erofs@lists.ozlabs.org
cc: linux-cachefs@redhat.com
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/iov_iter.c | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 6dd5330f7a99..dda6d5f481c1 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1434,7 +1434,7 @@ static ssize_t iter_xarray_get_pages(struct iov_iter *i,
{
unsigned nr, offset;
pgoff_t index, count;
- size_t size = maxsize, actual;
+ size_t size = maxsize;
loff_t pos;
if (!size || !maxpages)
@@ -1461,13 +1461,7 @@ static ssize_t iter_xarray_get_pages(struct iov_iter *i,
if (nr == 0)
return 0;
- actual = PAGE_SIZE * nr;
- actual -= offset;
- if (nr == count && size > 0) {
- unsigned last_offset = (nr > 1) ? 0 : offset;
- actual -= PAGE_SIZE - (last_offset + size);
- }
- return actual;
+ return min(nr * PAGE_SIZE - offset, maxsize);
}
/* must be done on non-empty ITER_IOVEC one */
@@ -1602,7 +1596,7 @@ static ssize_t iter_xarray_get_pages_alloc(struct iov_iter *i,
struct page **p;
unsigned nr, offset;
pgoff_t index, count;
- size_t size = maxsize, actual;
+ size_t size = maxsize;
loff_t pos;
if (!size)
@@ -1631,13 +1625,7 @@ static ssize_t iter_xarray_get_pages_alloc(struct iov_iter *i,
if (nr == 0)
return 0;
- actual = PAGE_SIZE * nr;
- actual -= offset;
- if (nr == count && size > 0) {
- unsigned last_offset = (nr > 1) ? 0 : offset;
- actual -= PAGE_SIZE - (last_offset + size);
- }
- return actual;
+ return min(nr * PAGE_SIZE - offset, maxsize);
}
ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 223/339] iio: dummy: iio_simple_dummy: check the return value of kstrdup()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 222/339] iov_iter: Fix iter_xarray_get_pages{,_alloc}() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 224/339] staging: rtl8712: fix a potential memory leak in r871xu_drv_init() Greg Kroah-Hartman
` (117 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiaoke Wang, Jonathan Cameron, Sasha Levin
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit ba93642188a6fed754bf7447f638bc410e05a929 ]
kstrdup() is also a memory allocation-related function, it returns NULL
when some memory errors happen. So it is better to check the return
value of it so to catch the memory error in time. Besides, there should
have a kfree() to clear up the allocation if we get a failure later in
this function to prevent memory leak.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_C920CFCC33B9CC1C63141FE1334A39FF8508@qq.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/dummy/iio_simple_dummy.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/iio/dummy/iio_simple_dummy.c b/drivers/iio/dummy/iio_simple_dummy.c
index c0b7ef900735..c24f609c2ade 100644
--- a/drivers/iio/dummy/iio_simple_dummy.c
+++ b/drivers/iio/dummy/iio_simple_dummy.c
@@ -575,10 +575,9 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
*/
swd = kzalloc(sizeof(*swd), GFP_KERNEL);
- if (!swd) {
- ret = -ENOMEM;
- goto error_kzalloc;
- }
+ if (!swd)
+ return ERR_PTR(-ENOMEM);
+
/*
* Allocate an IIO device.
*
@@ -590,7 +589,7 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
indio_dev = iio_device_alloc(parent, sizeof(*st));
if (!indio_dev) {
ret = -ENOMEM;
- goto error_ret;
+ goto error_free_swd;
}
st = iio_priv(indio_dev);
@@ -616,6 +615,10 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
* indio_dev->name = spi_get_device_id(spi)->name;
*/
indio_dev->name = kstrdup(name, GFP_KERNEL);
+ if (!indio_dev->name) {
+ ret = -ENOMEM;
+ goto error_free_device;
+ }
/* Provide description of available channels */
indio_dev->channels = iio_dummy_channels;
@@ -632,7 +635,7 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
ret = iio_simple_dummy_events_register(indio_dev);
if (ret < 0)
- goto error_free_device;
+ goto error_free_name;
ret = iio_simple_dummy_configure_buffer(indio_dev);
if (ret < 0)
@@ -649,11 +652,12 @@ static struct iio_sw_device *iio_dummy_probe(const char *name)
iio_simple_dummy_unconfigure_buffer(indio_dev);
error_unregister_events:
iio_simple_dummy_events_unregister(indio_dev);
+error_free_name:
+ kfree(indio_dev->name);
error_free_device:
iio_device_free(indio_dev);
-error_ret:
+error_free_swd:
kfree(swd);
-error_kzalloc:
return ERR_PTR(ret);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 224/339] staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 223/339] iio: dummy: iio_simple_dummy: check the return value of kstrdup() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 225/339] iio: st_sensors: Add a local lock for protecting odr Greg Kroah-Hartman
` (116 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Xiaoke Wang, Sasha Levin
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit 7288ff561de650d4139fab80e9cb0da9b5b32434 ]
In r871xu_drv_init(), if r8712_init_drv_sw() fails, then the memory
allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not
properly released as there is no action will be performed by
r8712_usb_dvobj_deinit().
To properly release it, we should call r8712_free_io_queue() in
r8712_usb_dvobj_deinit().
Besides, in r871xu_dev_remove(), r8712_usb_dvobj_deinit() will be called
by r871x_dev_unload() under condition `padapter->bup` and
r8712_free_io_queue() is called by r8712_free_drv_sw().
However, r8712_usb_dvobj_deinit() does not rely on `padapter->bup` and
calling r8712_free_io_queue() in r8712_free_drv_sw() is negative for
better understading the code.
So I move r8712_usb_dvobj_deinit() into r871xu_dev_remove(), and remove
r8712_free_io_queue() from r8712_free_drv_sw().
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_B8048C592777830380A23A7C4409F9DF1305@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8712/os_intfs.c | 1 -
drivers/staging/rtl8712/usb_intf.c | 6 +++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/rtl8712/os_intfs.c b/drivers/staging/rtl8712/os_intfs.c
index d15d52c0d1a7..003e97205124 100644
--- a/drivers/staging/rtl8712/os_intfs.c
+++ b/drivers/staging/rtl8712/os_intfs.c
@@ -332,7 +332,6 @@ void r8712_free_drv_sw(struct _adapter *padapter)
r8712_free_evt_priv(&padapter->evtpriv);
r8712_DeInitSwLeds(padapter);
r8712_free_mlme_priv(&padapter->mlmepriv);
- r8712_free_io_queue(padapter);
_free_xmit_priv(&padapter->xmitpriv);
_r8712_free_sta_priv(&padapter->stapriv);
_r8712_free_recv_priv(&padapter->recvpriv);
diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c
index ee4c61f85a07..56450ede9f23 100644
--- a/drivers/staging/rtl8712/usb_intf.c
+++ b/drivers/staging/rtl8712/usb_intf.c
@@ -265,6 +265,7 @@ static uint r8712_usb_dvobj_init(struct _adapter *padapter)
static void r8712_usb_dvobj_deinit(struct _adapter *padapter)
{
+ r8712_free_io_queue(padapter);
}
void rtl871x_intf_stop(struct _adapter *padapter)
@@ -302,9 +303,6 @@ void r871x_dev_unload(struct _adapter *padapter)
rtl8712_hal_deinit(padapter);
}
- /*s6.*/
- if (padapter->dvobj_deinit)
- padapter->dvobj_deinit(padapter);
padapter->bup = false;
}
}
@@ -607,6 +605,8 @@ static void r871xu_dev_remove(struct usb_interface *pusb_intf)
/* Stop driver mlme relation timer */
r8712_stop_drv_timers(padapter);
r871x_dev_unload(padapter);
+ if (padapter->dvobj_deinit)
+ padapter->dvobj_deinit(padapter);
r8712_free_drv_sw(padapter);
free_netdev(pnetdev);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 225/339] iio: st_sensors: Add a local lock for protecting odr
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 224/339] staging: rtl8712: fix a potential memory leak in r871xu_drv_init() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 226/339] lkdtm/usercopy: Expand size of "out of frame" object Greg Kroah-Hartman
` (115 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jonathan Cameron, Denis Ciocca,
Miquel Raynal, Jonathan Cameron, Sasha Levin
From: Miquel Raynal <miquel.raynal@bootlin.com>
[ Upstream commit 474010127e2505fc463236470908e1ff5ddb3578 ]
Right now the (framework) mlock lock is (ab)used for multiple purposes:
1- protecting concurrent accesses over the odr local cache
2- avoid changing samplig frequency whilst buffer is running
Let's start by handling situation #1 with a local lock.
Suggested-by: Jonathan Cameron <jic23@kernel.org>
Cc: Denis Ciocca <denis.ciocca@st.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/r/20220207143840.707510-7-miquel.raynal@bootlin.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../iio/common/st_sensors/st_sensors_core.c | 24 ++++++++++++++-----
include/linux/iio/common/st_sensors.h | 3 +++
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c
index fa9bcdf0d190..b92de90a125c 100644
--- a/drivers/iio/common/st_sensors/st_sensors_core.c
+++ b/drivers/iio/common/st_sensors/st_sensors_core.c
@@ -71,16 +71,18 @@ static int st_sensors_match_odr(struct st_sensor_settings *sensor_settings,
int st_sensors_set_odr(struct iio_dev *indio_dev, unsigned int odr)
{
- int err;
+ int err = 0;
struct st_sensor_odr_avl odr_out = {0, 0};
struct st_sensor_data *sdata = iio_priv(indio_dev);
+ mutex_lock(&sdata->odr_lock);
+
if (!sdata->sensor_settings->odr.mask)
- return 0;
+ goto unlock_mutex;
err = st_sensors_match_odr(sdata->sensor_settings, odr, &odr_out);
if (err < 0)
- goto st_sensors_match_odr_error;
+ goto unlock_mutex;
if ((sdata->sensor_settings->odr.addr ==
sdata->sensor_settings->pw.addr) &&
@@ -103,7 +105,9 @@ int st_sensors_set_odr(struct iio_dev *indio_dev, unsigned int odr)
if (err >= 0)
sdata->odr = odr_out.hz;
-st_sensors_match_odr_error:
+unlock_mutex:
+ mutex_unlock(&sdata->odr_lock);
+
return err;
}
EXPORT_SYMBOL_NS(st_sensors_set_odr, IIO_ST_SENSORS);
@@ -361,6 +365,8 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev,
struct st_sensors_platform_data *of_pdata;
int err = 0;
+ mutex_init(&sdata->odr_lock);
+
/* If OF/DT pdata exists, it will take precedence of anything else */
of_pdata = st_sensors_dev_probe(indio_dev->dev.parent, pdata);
if (IS_ERR(of_pdata))
@@ -554,18 +560,24 @@ int st_sensors_read_info_raw(struct iio_dev *indio_dev,
err = -EBUSY;
goto out;
} else {
+ mutex_lock(&sdata->odr_lock);
err = st_sensors_set_enable(indio_dev, true);
- if (err < 0)
+ if (err < 0) {
+ mutex_unlock(&sdata->odr_lock);
goto out;
+ }
msleep((sdata->sensor_settings->bootime * 1000) / sdata->odr);
err = st_sensors_read_axis_data(indio_dev, ch, val);
- if (err < 0)
+ if (err < 0) {
+ mutex_unlock(&sdata->odr_lock);
goto out;
+ }
*val = *val >> ch->scan_type.shift;
err = st_sensors_set_enable(indio_dev, false);
+ mutex_unlock(&sdata->odr_lock);
}
out:
mutex_unlock(&indio_dev->mlock);
diff --git a/include/linux/iio/common/st_sensors.h b/include/linux/iio/common/st_sensors.h
index 22f67845cdd3..db4a1b260348 100644
--- a/include/linux/iio/common/st_sensors.h
+++ b/include/linux/iio/common/st_sensors.h
@@ -237,6 +237,7 @@ struct st_sensor_settings {
* @hw_irq_trigger: if we're using the hardware interrupt on the sensor.
* @hw_timestamp: Latest timestamp from the interrupt handler, when in use.
* @buffer_data: Data used by buffer part.
+ * @odr_lock: Local lock for preventing concurrent ODR accesses/changes
*/
struct st_sensor_data {
struct iio_trigger *trig;
@@ -261,6 +262,8 @@ struct st_sensor_data {
s64 hw_timestamp;
char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned;
+
+ struct mutex odr_lock;
};
#ifdef CONFIG_IIO_BUFFER
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 226/339] lkdtm/usercopy: Expand size of "out of frame" object
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 225/339] iio: st_sensors: Add a local lock for protecting odr Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 227/339] drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Greg Kroah-Hartman
` (114 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Muhammad Usama Anjum, Arnd Bergmann,
Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit f387e86d3a74407bdd9c5815820ac9d060962840 ]
To be sufficiently out of range for the usercopy test to see the lifetime
mismatch, expand the size of the "bad" buffer, which will let it be
beyond current_stack_pointer regardless of stack growth direction.
Paired with the recent addition of stack depth checking under
CONFIG_HARDENED_USERCOPY=y, this will correctly start tripping again.
Reported-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Link: https://lore.kernel.org/lkml/762faf1b-0443-5ddf-4430-44a20cf2ec4d@collabora.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/lkdtm/usercopy.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c
index 9161ce7ed47a..3fead5efe523 100644
--- a/drivers/misc/lkdtm/usercopy.c
+++ b/drivers/misc/lkdtm/usercopy.c
@@ -30,12 +30,12 @@ static const unsigned char test_text[] = "This is a test.\n";
*/
static noinline unsigned char *trick_compiler(unsigned char *stack)
{
- return stack + 0;
+ return stack + unconst;
}
static noinline unsigned char *do_usercopy_stack_callee(int value)
{
- unsigned char buf[32];
+ unsigned char buf[128];
int i;
/* Exercise stack to avoid everything living in registers. */
@@ -43,7 +43,12 @@ static noinline unsigned char *do_usercopy_stack_callee(int value)
buf[i] = value & 0xff;
}
- return trick_compiler(buf);
+ /*
+ * Put the target buffer in the middle of stack allocation
+ * so that we don't step on future stack users regardless
+ * of stack growth direction.
+ */
+ return trick_compiler(&buf[(128/2)-32]);
}
static noinline void do_usercopy_stack(bool to_user, bool bad_frame)
@@ -66,6 +71,12 @@ static noinline void do_usercopy_stack(bool to_user, bool bad_frame)
bad_stack -= sizeof(unsigned long);
}
+#ifdef ARCH_HAS_CURRENT_STACK_POINTER
+ pr_info("stack : %px\n", (void *)current_stack_pointer);
+#endif
+ pr_info("good_stack: %px-%px\n", good_stack, good_stack + sizeof(good_stack));
+ pr_info("bad_stack : %px-%px\n", bad_stack, bad_stack + sizeof(good_stack));
+
user_addr = vm_mmap(NULL, 0, PAGE_SIZE,
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_ANONYMOUS | MAP_PRIVATE, 0);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 227/339] drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 226/339] lkdtm/usercopy: Expand size of "out of frame" object Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 228/339] drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() Greg Kroah-Hartman
` (113 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit cc7ad0d77b51c872d629bcd98aea463a3c4109e7 ]
There is a deadlock in rtw_surveydone_event_callback(),
which is shown below:
(Thread 1) | (Thread 2)
| _set_timer()
rtw_surveydone_event_callback()| mod_timer()
spin_lock_bh() //(1) | (wait a time)
... | rtw_scan_timeout_handler()
del_timer_sync() | spin_lock_bh() //(2)
(wait timer to stop) | ...
We hold pmlmepriv->lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need pmlmepriv->lock in position (2) of thread 2.
As a result, rtw_surveydone_event_callback() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_bh(), which could let timer handler to obtain
the needed lock. What`s more, we change spin_lock_bh() in
rtw_scan_timeout_handler() to spin_lock_irq(). Otherwise,
spin_lock_bh() will also cause deadlock() in timer handler.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220409061836.60529-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_mlme.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme.c b/drivers/staging/rtl8723bs/core/rtw_mlme.c
index ed2d3b7d44d9..62f140985e3f 100644
--- a/drivers/staging/rtl8723bs/core/rtw_mlme.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme.c
@@ -751,7 +751,9 @@ void rtw_surveydone_event_callback(struct adapter *adapter, u8 *pbuf)
}
if (check_fwstate(pmlmepriv, _FW_UNDER_SURVEY)) {
+ spin_unlock_bh(&pmlmepriv->lock);
del_timer_sync(&pmlmepriv->scan_to_timer);
+ spin_lock_bh(&pmlmepriv->lock);
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
}
@@ -1586,11 +1588,11 @@ void rtw_scan_timeout_handler(struct timer_list *t)
mlmepriv.scan_to_timer);
struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
- spin_lock_bh(&pmlmepriv->lock);
+ spin_lock_irq(&pmlmepriv->lock);
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
- spin_unlock_bh(&pmlmepriv->lock);
+ spin_unlock_irq(&pmlmepriv->lock);
rtw_indicate_scan_done(adapter, true);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 228/339] drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 227/339] drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 229/339] drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle Greg Kroah-Hartman
` (112 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc ]
There is a deadlock in rtw_joinbss_event_prehandle(), which is shown
below:
(Thread 1) | (Thread 2)
| _set_timer()
rtw_joinbss_event_prehandle()| mod_timer()
spin_lock_bh() //(1) | (wait a time)
... | _rtw_join_timeout_handler()
del_timer_sync() | spin_lock_bh() //(2)
(wait timer to stop) | ...
We hold pmlmepriv->lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need pmlmepriv->lock in position (2) of thread 2.
As a result, rtw_joinbss_event_prehandle() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_bh(), which could let timer handler to obtain
the needed lock. What`s more, we change spin_lock_bh() to
spin_lock_irq() in _rtw_join_timeout_handler() in order to
prevent deadlock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220409064953.67420-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_mlme.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme.c b/drivers/staging/rtl8723bs/core/rtw_mlme.c
index 62f140985e3f..24d6af886f72 100644
--- a/drivers/staging/rtl8723bs/core/rtw_mlme.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme.c
@@ -1240,8 +1240,10 @@ void rtw_joinbss_event_prehandle(struct adapter *adapter, u8 *pbuf)
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
+ spin_unlock_bh(&pmlmepriv->lock);
/* s5. Cancel assoc_timer */
del_timer_sync(&pmlmepriv->assoc_timer);
+ spin_lock_bh(&pmlmepriv->lock);
} else {
spin_unlock_bh(&(pmlmepriv->scanned_queue.lock));
}
@@ -1547,7 +1549,7 @@ void _rtw_join_timeout_handler(struct timer_list *t)
if (adapter->bDriverStopped || adapter->bSurpriseRemoved)
return;
- spin_lock_bh(&pmlmepriv->lock);
+ spin_lock_irq(&pmlmepriv->lock);
if (rtw_to_roam(adapter) > 0) { /* join timeout caused by roaming */
while (1) {
@@ -1575,7 +1577,7 @@ void _rtw_join_timeout_handler(struct timer_list *t)
}
- spin_unlock_bh(&pmlmepriv->lock);
+ spin_unlock_irq(&pmlmepriv->lock);
}
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 229/339] drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 228/339] drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 230/339] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Greg Kroah-Hartman
` (111 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 0fcddf9c7c10202946d5b19409efbdff744fba88 ]
There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below:
(Thread 1) | (Thread 2)
| _set_timer()
rtw_joinbss_event_prehandle()| mod_timer()
spin_lock_bh() //(1) | (wait a time)
... | rtw_join_timeout_handler()
| _rtw_join_timeout_handler()
del_timer_sync() | spin_lock_bh() //(2)
(wait timer to stop) | ...
We hold pmlmepriv->lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need pmlmepriv->lock in position (2) of thread 2.
As a result, rtw_joinbss_event_prehandle() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_bh(), which could let timer handler to obtain
the needed lock. What`s more, we change spin_lock_bh() to
spin_lock_irq() in _rtw_join_timeout_handler() in order to
prevent deadlock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220409072135.74248-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/r8188eu/core/rtw_mlme.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/r8188eu/core/rtw_mlme.c b/drivers/staging/r8188eu/core/rtw_mlme.c
index 6f0bff186477..76cf6a69bf0f 100644
--- a/drivers/staging/r8188eu/core/rtw_mlme.c
+++ b/drivers/staging/r8188eu/core/rtw_mlme.c
@@ -1071,8 +1071,10 @@ void rtw_joinbss_event_prehandle(struct adapter *adapter, u8 *pbuf)
rtw_indicate_connect(adapter);
}
+ spin_unlock_bh(&pmlmepriv->lock);
/* s5. Cancel assoc_timer */
del_timer_sync(&pmlmepriv->assoc_timer);
+ spin_lock_bh(&pmlmepriv->lock);
} else {
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
goto ignore_joinbss_callback;
@@ -1310,7 +1312,7 @@ void _rtw_join_timeout_handler (struct adapter *adapter)
if (adapter->bDriverStopped || adapter->bSurpriseRemoved)
return;
- spin_lock_bh(&pmlmepriv->lock);
+ spin_lock_irq(&pmlmepriv->lock);
if (rtw_to_roaming(adapter) > 0) { /* join timeout caused by roaming */
while (1) {
@@ -1329,7 +1331,7 @@ void _rtw_join_timeout_handler (struct adapter *adapter)
rtw_indicate_disconnect(adapter);
free_scanqueue(pmlmepriv);/* */
}
- spin_unlock_bh(&pmlmepriv->lock);
+ spin_unlock_irq(&pmlmepriv->lock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 230/339] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 229/339] drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 231/339] tty: Fix a possible resource leak in icom_probe Greg Kroah-Hartman
` (110 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Zheyu Ma, Sasha Levin
From: Zheyu Ma <zheyuma97@gmail.com>
[ Upstream commit 689ca31c542687709ba21ec2195c1fbce34fd029 ]
When the driver fails at alloc_hdlcdev(), and then we remove the driver
module, we will get the following splat:
[ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI
[ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17]
[ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0
[ 25.077709] Call Trace:
[ 25.077924] <TASK>
[ 25.078108] unregister_hdlc_device+0x16/0x30
[ 25.078481] slgt_cleanup+0x157/0x9f0 [synclink_gt]
Fix this by checking whether the 'info->netdev' is a null pointer first.
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Link: https://lore.kernel.org/r/20220410114814.3920474-1-zheyuma97@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/synclink_gt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c
index 25c558e65ece..9bc2a9265277 100644
--- a/drivers/tty/synclink_gt.c
+++ b/drivers/tty/synclink_gt.c
@@ -1746,6 +1746,8 @@ static int hdlcdev_init(struct slgt_info *info)
*/
static void hdlcdev_exit(struct slgt_info *info)
{
+ if (!info->netdev)
+ return;
unregister_hdlc_device(info->netdev);
free_netdev(info->netdev);
info->netdev = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 231/339] tty: Fix a possible resource leak in icom_probe
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 230/339] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 232/339] thunderbolt: Use different lane for second DisplayPort tunnel Greg Kroah-Hartman
` (109 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiri Slaby, Huang Guobin, Sasha Levin
From: Huang Guobin <huangguobin4@huawei.com>
[ Upstream commit ee157a79e7c82b01ae4c25de0ac75899801f322c ]
When pci_read_config_dword failed, call pci_release_regions() and
pci_disable_device() to recycle the resource previously allocated.
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Huang Guobin <huangguobin4@huawei.com>
Link: https://lore.kernel.org/r/20220331091005.3290753-1-huangguobin4@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/icom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/serial/icom.c b/drivers/tty/serial/icom.c
index 03a2fe9f4c9a..02b375ba2f07 100644
--- a/drivers/tty/serial/icom.c
+++ b/drivers/tty/serial/icom.c
@@ -1501,7 +1501,7 @@ static int icom_probe(struct pci_dev *dev,
retval = pci_read_config_dword(dev, PCI_COMMAND, &command_reg);
if (retval) {
dev_err(&dev->dev, "PCI Config read FAILED\n");
- return retval;
+ goto probe_exit0;
}
pci_write_config_dword(dev, PCI_COMMAND,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 232/339] thunderbolt: Use different lane for second DisplayPort tunnel
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 231/339] tty: Fix a possible resource leak in icom_probe Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 233/339] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Greg Kroah-Hartman
` (108 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brad Campbell, Mika Westerberg, Sasha Levin
From: Mika Westerberg <mika.westerberg@linux.intel.com>
[ Upstream commit 9d2d0a5cf0ca063f417681cc33e767ce52615286 ]
Brad reported that on Apple hardware with Light Ridge or Falcon Ridge
controller, plugging in a chain of Thunderbolt displays (Light Ridge
based controllers) causes all kinds of tearing and flickering. The
reason for this is that on Thunderbolt 1 hardware there is no lane
bonding so we have two independent 10 Gb/s lanes, and currently Linux
tunnels both displays through the lane 1. This makes the displays to
share the 10 Gb/s bandwidth which may not be enough for higher
resolutions.
For this reason make the second tunnel go through the lane 0 instead.
This seems to match what the macOS connection manager is also doing.
Reported-by: Brad Campbell <lists2009@fnarfbargle.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Tested-by: Brad Campbell <lists2009@fnarfbargle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/tb.c | 19 +++++++++++++++++--
drivers/thunderbolt/test.c | 16 ++++++++--------
drivers/thunderbolt/tunnel.c | 11 ++++++-----
drivers/thunderbolt/tunnel.h | 4 ++--
4 files changed, 33 insertions(+), 17 deletions(-)
diff --git a/drivers/thunderbolt/tb.c b/drivers/thunderbolt/tb.c
index 9beb47b31c75..44d04b651a8b 100644
--- a/drivers/thunderbolt/tb.c
+++ b/drivers/thunderbolt/tb.c
@@ -867,7 +867,7 @@ static struct tb_port *tb_find_dp_out(struct tb *tb, struct tb_port *in)
static void tb_tunnel_dp(struct tb *tb)
{
- int available_up, available_down, ret;
+ int available_up, available_down, ret, link_nr;
struct tb_cm *tcm = tb_priv(tb);
struct tb_port *port, *in, *out;
struct tb_tunnel *tunnel;
@@ -912,6 +912,20 @@ static void tb_tunnel_dp(struct tb *tb)
return;
}
+ /*
+ * This is only applicable to links that are not bonded (so
+ * when Thunderbolt 1 hardware is involved somewhere in the
+ * topology). For these try to share the DP bandwidth between
+ * the two lanes.
+ */
+ link_nr = 1;
+ list_for_each_entry(tunnel, &tcm->tunnel_list, list) {
+ if (tb_tunnel_is_dp(tunnel)) {
+ link_nr = 0;
+ break;
+ }
+ }
+
/*
* DP stream needs the domain to be active so runtime resume
* both ends of the tunnel.
@@ -943,7 +957,8 @@ static void tb_tunnel_dp(struct tb *tb)
tb_dbg(tb, "available bandwidth for new DP tunnel %u/%u Mb/s\n",
available_up, available_down);
- tunnel = tb_tunnel_alloc_dp(tb, in, out, available_up, available_down);
+ tunnel = tb_tunnel_alloc_dp(tb, in, out, link_nr, available_up,
+ available_down);
if (!tunnel) {
tb_port_dbg(out, "could not allocate DP tunnel\n");
goto err_reclaim;
diff --git a/drivers/thunderbolt/test.c b/drivers/thunderbolt/test.c
index 1f69bab236ee..66b6e665e96f 100644
--- a/drivers/thunderbolt/test.c
+++ b/drivers/thunderbolt/test.c
@@ -1348,7 +1348,7 @@ static void tb_test_tunnel_dp(struct kunit *test)
in = &host->ports[5];
out = &dev->ports[13];
- tunnel = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ tunnel = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, tunnel != NULL);
KUNIT_EXPECT_EQ(test, tunnel->type, TB_TUNNEL_DP);
KUNIT_EXPECT_PTR_EQ(test, tunnel->src_port, in);
@@ -1394,7 +1394,7 @@ static void tb_test_tunnel_dp_chain(struct kunit *test)
in = &host->ports[5];
out = &dev4->ports[14];
- tunnel = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ tunnel = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, tunnel != NULL);
KUNIT_EXPECT_EQ(test, tunnel->type, TB_TUNNEL_DP);
KUNIT_EXPECT_PTR_EQ(test, tunnel->src_port, in);
@@ -1444,7 +1444,7 @@ static void tb_test_tunnel_dp_tree(struct kunit *test)
in = &dev2->ports[13];
out = &dev5->ports[13];
- tunnel = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ tunnel = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, tunnel != NULL);
KUNIT_EXPECT_EQ(test, tunnel->type, TB_TUNNEL_DP);
KUNIT_EXPECT_PTR_EQ(test, tunnel->src_port, in);
@@ -1509,7 +1509,7 @@ static void tb_test_tunnel_dp_max_length(struct kunit *test)
in = &dev6->ports[13];
out = &dev12->ports[13];
- tunnel = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ tunnel = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, tunnel != NULL);
KUNIT_EXPECT_EQ(test, tunnel->type, TB_TUNNEL_DP);
KUNIT_EXPECT_PTR_EQ(test, tunnel->src_port, in);
@@ -1627,7 +1627,7 @@ static void tb_test_tunnel_port_on_path(struct kunit *test)
in = &dev2->ports[13];
out = &dev5->ports[13];
- dp_tunnel = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ dp_tunnel = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, dp_tunnel != NULL);
KUNIT_EXPECT_TRUE(test, tb_tunnel_port_on_path(dp_tunnel, in));
@@ -2009,7 +2009,7 @@ static void tb_test_credit_alloc_dp(struct kunit *test)
in = &host->ports[5];
out = &dev->ports[14];
- tunnel = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ tunnel = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, tunnel != NULL);
KUNIT_ASSERT_EQ(test, tunnel->npaths, (size_t)3);
@@ -2245,7 +2245,7 @@ static struct tb_tunnel *TB_TEST_DP_TUNNEL1(struct kunit *test,
in = &host->ports[5];
out = &dev->ports[13];
- dp_tunnel1 = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ dp_tunnel1 = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, dp_tunnel1 != NULL);
KUNIT_ASSERT_EQ(test, dp_tunnel1->npaths, (size_t)3);
@@ -2282,7 +2282,7 @@ static struct tb_tunnel *TB_TEST_DP_TUNNEL2(struct kunit *test,
in = &host->ports[6];
out = &dev->ports[14];
- dp_tunnel2 = tb_tunnel_alloc_dp(NULL, in, out, 0, 0);
+ dp_tunnel2 = tb_tunnel_alloc_dp(NULL, in, out, 1, 0, 0);
KUNIT_ASSERT_TRUE(test, dp_tunnel2 != NULL);
KUNIT_ASSERT_EQ(test, dp_tunnel2->npaths, (size_t)3);
diff --git a/drivers/thunderbolt/tunnel.c b/drivers/thunderbolt/tunnel.c
index 118742ec93ed..8ccd70920b6a 100644
--- a/drivers/thunderbolt/tunnel.c
+++ b/drivers/thunderbolt/tunnel.c
@@ -858,6 +858,7 @@ struct tb_tunnel *tb_tunnel_discover_dp(struct tb *tb, struct tb_port *in,
* @tb: Pointer to the domain structure
* @in: DP in adapter port
* @out: DP out adapter port
+ * @link_nr: Preferred lane adapter when the link is not bonded
* @max_up: Maximum available upstream bandwidth for the DP tunnel (%0
* if not limited)
* @max_down: Maximum available downstream bandwidth for the DP tunnel
@@ -869,8 +870,8 @@ struct tb_tunnel *tb_tunnel_discover_dp(struct tb *tb, struct tb_port *in,
* Return: Returns a tb_tunnel on success or NULL on failure.
*/
struct tb_tunnel *tb_tunnel_alloc_dp(struct tb *tb, struct tb_port *in,
- struct tb_port *out, int max_up,
- int max_down)
+ struct tb_port *out, int link_nr,
+ int max_up, int max_down)
{
struct tb_tunnel *tunnel;
struct tb_path **paths;
@@ -894,21 +895,21 @@ struct tb_tunnel *tb_tunnel_alloc_dp(struct tb *tb, struct tb_port *in,
paths = tunnel->paths;
path = tb_path_alloc(tb, in, TB_DP_VIDEO_HOPID, out, TB_DP_VIDEO_HOPID,
- 1, "Video");
+ link_nr, "Video");
if (!path)
goto err_free;
tb_dp_init_video_path(path);
paths[TB_DP_VIDEO_PATH_OUT] = path;
path = tb_path_alloc(tb, in, TB_DP_AUX_TX_HOPID, out,
- TB_DP_AUX_TX_HOPID, 1, "AUX TX");
+ TB_DP_AUX_TX_HOPID, link_nr, "AUX TX");
if (!path)
goto err_free;
tb_dp_init_aux_path(path);
paths[TB_DP_AUX_PATH_OUT] = path;
path = tb_path_alloc(tb, out, TB_DP_AUX_RX_HOPID, in,
- TB_DP_AUX_RX_HOPID, 1, "AUX RX");
+ TB_DP_AUX_RX_HOPID, link_nr, "AUX RX");
if (!path)
goto err_free;
tb_dp_init_aux_path(path);
diff --git a/drivers/thunderbolt/tunnel.h b/drivers/thunderbolt/tunnel.h
index 03e56076b5bc..bb4d1f1d6d0b 100644
--- a/drivers/thunderbolt/tunnel.h
+++ b/drivers/thunderbolt/tunnel.h
@@ -71,8 +71,8 @@ struct tb_tunnel *tb_tunnel_alloc_pci(struct tb *tb, struct tb_port *up,
struct tb_tunnel *tb_tunnel_discover_dp(struct tb *tb, struct tb_port *in,
bool alloc_hopid);
struct tb_tunnel *tb_tunnel_alloc_dp(struct tb *tb, struct tb_port *in,
- struct tb_port *out, int max_up,
- int max_down);
+ struct tb_port *out, int link_nr,
+ int max_up, int max_down);
struct tb_tunnel *tb_tunnel_alloc_dma(struct tb *tb, struct tb_port *nhi,
struct tb_port *dst, int transmit_path,
int transmit_ring, int receive_path,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 233/339] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 232/339] thunderbolt: Use different lane for second DisplayPort tunnel Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 234/339] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Greg Kroah-Hartman
` (107 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 806c7b53414934ba2a39449b31fd1a038e500273 ]
There is a deadlock in ieee80211_beacons_stop(), which is shown below:
(Thread 1) | (Thread 2)
| ieee80211_send_beacon()
ieee80211_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | ieee80211_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, ieee80211_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417135407.109536-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
index 1a43979939a8..79f3fbe25556 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c
@@ -528,9 +528,9 @@ static void ieee80211_beacons_stop(struct ieee80211_device *ieee)
spin_lock_irqsave(&ieee->beacon_lock, flags);
ieee->beacon_txing = 0;
- del_timer_sync(&ieee->beacon_timer);
spin_unlock_irqrestore(&ieee->beacon_lock, flags);
+ del_timer_sync(&ieee->beacon_timer);
}
void ieee80211_stop_send_beacons(struct ieee80211_device *ieee)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 234/339] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 233/339] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Greg Kroah-Hartman
@ 2022-06-13 10:10 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 235/339] USB: host: isp116x: check return value after calling platform_get_resource() Greg Kroah-Hartman
` (106 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:10 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 9b6bdbd9337de3917945847bde262a34a87a6303 ]
There is a deadlock in rtllib_beacons_stop(), which is shown
below:
(Thread 1) | (Thread 2)
| rtllib_send_beacon()
rtllib_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | rtllib_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, rtllib_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417141641.124388-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib_softmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8192e/rtllib_softmac.c b/drivers/staging/rtl8192e/rtllib_softmac.c
index 4b6c2295a3cf..b5a38f0a8d79 100644
--- a/drivers/staging/rtl8192e/rtllib_softmac.c
+++ b/drivers/staging/rtl8192e/rtllib_softmac.c
@@ -651,9 +651,9 @@ static void rtllib_beacons_stop(struct rtllib_device *ieee)
spin_lock_irqsave(&ieee->beacon_lock, flags);
ieee->beacon_txing = 0;
- del_timer_sync(&ieee->beacon_timer);
spin_unlock_irqrestore(&ieee->beacon_lock, flags);
+ del_timer_sync(&ieee->beacon_timer);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 235/339] USB: host: isp116x: check return value after calling platform_get_resource()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2022-06-13 10:10 ` [PATCH 5.18 234/339] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 236/339] drivers: tty: serial: Fix deadlock in sa1100_set_termios() Greg Kroah-Hartman
` (105 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Zhen Ni, Sasha Levin
From: Zhen Ni <nizhen@uniontech.com>
[ Upstream commit 134a3408c2d3f7e23eb0e4556e0a2d9f36c2614e ]
It will cause null-ptr-deref if platform_get_resource() returns NULL,
we need check the return value.
Signed-off-by: Zhen Ni <nizhen@uniontech.com>
Link: https://lore.kernel.org/r/20220302033716.31272-1-nizhen@uniontech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/isp116x-hcd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/host/isp116x-hcd.c b/drivers/usb/host/isp116x-hcd.c
index 8835f6bd528e..8c7f0991c21b 100644
--- a/drivers/usb/host/isp116x-hcd.c
+++ b/drivers/usb/host/isp116x-hcd.c
@@ -1541,10 +1541,12 @@ static int isp116x_remove(struct platform_device *pdev)
iounmap(isp116x->data_reg);
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
- release_mem_region(res->start, 2);
+ if (res)
+ release_mem_region(res->start, 2);
iounmap(isp116x->addr_reg);
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
- release_mem_region(res->start, 2);
+ if (res)
+ release_mem_region(res->start, 2);
usb_put_hcd(hcd);
return 0;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 236/339] drivers: tty: serial: Fix deadlock in sa1100_set_termios()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 235/339] USB: host: isp116x: check return value after calling platform_get_resource() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 237/339] drivers: usb: host: Fix deadlock in oxu_bus_suspend() Greg Kroah-Hartman
` (104 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 62b2caef400c1738b6d22f636c628d9f85cd4c4c ]
There is a deadlock in sa1100_set_termios(), which is shown
below:
(Thread 1) | (Thread 2)
| sa1100_enable_ms()
sa1100_set_termios() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | sa1100_timeout()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold sport->port.lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need sport->port.lock in position (2) of thread 2. As a result,
sa1100_set_termios() will block forever.
This patch moves del_timer_sync() before spin_lock_irqsave()
in order to prevent the deadlock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417111626.7802-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/sa1100.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/sa1100.c b/drivers/tty/serial/sa1100.c
index 5fe6cccfc1ae..e64e42a19d1a 100644
--- a/drivers/tty/serial/sa1100.c
+++ b/drivers/tty/serial/sa1100.c
@@ -446,6 +446,8 @@ sa1100_set_termios(struct uart_port *port, struct ktermios *termios,
baud = uart_get_baud_rate(port, termios, old, 0, port->uartclk/16);
quot = uart_get_divisor(port, baud);
+ del_timer_sync(&sport->timer);
+
spin_lock_irqsave(&sport->port.lock, flags);
sport->port.read_status_mask &= UTSR0_TO_SM(UTSR0_TFS);
@@ -476,8 +478,6 @@ sa1100_set_termios(struct uart_port *port, struct ktermios *termios,
UTSR1_TO_SM(UTSR1_ROR);
}
- del_timer_sync(&sport->timer);
-
/*
* Update the per-port timeout.
*/
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 237/339] drivers: usb: host: Fix deadlock in oxu_bus_suspend()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 236/339] drivers: tty: serial: Fix deadlock in sa1100_set_termios() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 238/339] USB: hcd-pci: Fully suspend across freeze/thaw cycle Greg Kroah-Hartman
` (103 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Duoming Zhou, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 4d378f2ae58138d4c55684e1d274e7dd94aa6524 ]
There is a deadlock in oxu_bus_suspend(), which is shown below:
(Thread 1) | (Thread 2)
| timer_action()
oxu_bus_suspend() | mod_timer()
spin_lock_irq() //(1) | (wait a time)
... | oxu_watchdog()
del_timer_sync() | spin_lock_irq() //(2)
(wait timer to stop) | ...
We hold oxu->lock in position (1) of thread 1, and use
del_timer_sync() to wait timer to stop, but timer handler
also need oxu->lock in position (2) of thread 2. As a result,
oxu_bus_suspend() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irq(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417120305.64577-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/oxu210hp-hcd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/host/oxu210hp-hcd.c b/drivers/usb/host/oxu210hp-hcd.c
index b741670525e3..ee403df33093 100644
--- a/drivers/usb/host/oxu210hp-hcd.c
+++ b/drivers/usb/host/oxu210hp-hcd.c
@@ -3909,8 +3909,10 @@ static int oxu_bus_suspend(struct usb_hcd *hcd)
}
}
+ spin_unlock_irq(&oxu->lock);
/* turn off now-idle HC */
del_timer_sync(&oxu->watchdog);
+ spin_lock_irq(&oxu->lock);
ehci_halt(oxu);
hcd->state = HC_STATE_SUSPENDED;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 238/339] USB: hcd-pci: Fully suspend across freeze/thaw cycle
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 237/339] drivers: usb: host: Fix deadlock in oxu_bus_suspend() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 239/339] char: xillybus: fix a refcount leak in cleanup_dev() Greg Kroah-Hartman
` (102 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alan Stern, Evan Green, Sasha Levin
From: Evan Green <evgreen@chromium.org>
[ Upstream commit 63acaa8e9c65dc34dc249440216f8e977f5d2748 ]
The documentation for the freeze() method says that it "should quiesce
the device so that it doesn't generate IRQs or DMA". The unspoken
consequence of not doing this is that MSIs aimed at non-boot CPUs may
get fully lost if they're sent during the period where the target CPU is
offline.
The current callbacks for USB HCD do not fully quiesce interrupts,
specifically on XHCI. Change to use the full suspend/resume flow for
freeze/thaw to ensure interrupts are fully quiesced. This fixes issues
where USB devices fail to thaw during hibernation because XHCI misses
its interrupt and cannot recover.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Evan Green <evgreen@chromium.org>
Link: https://lore.kernel.org/r/20220421103751.v3.2.I8226c7fdae88329ef70957b96a39b346c69a914e@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/core/hcd-pci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/core/hcd-pci.c b/drivers/usb/core/hcd-pci.c
index 8176bc81a635..ae5e6d572376 100644
--- a/drivers/usb/core/hcd-pci.c
+++ b/drivers/usb/core/hcd-pci.c
@@ -616,10 +616,10 @@ const struct dev_pm_ops usb_hcd_pci_pm_ops = {
.suspend_noirq = hcd_pci_suspend_noirq,
.resume_noirq = hcd_pci_resume_noirq,
.resume = hcd_pci_resume,
- .freeze = check_root_hub_suspended,
+ .freeze = hcd_pci_suspend,
.freeze_noirq = check_root_hub_suspended,
.thaw_noirq = NULL,
- .thaw = NULL,
+ .thaw = hcd_pci_resume,
.poweroff = hcd_pci_suspend,
.poweroff_noirq = hcd_pci_suspend_noirq,
.restore_noirq = hcd_pci_resume_noirq,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 239/339] char: xillybus: fix a refcount leak in cleanup_dev()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 238/339] USB: hcd-pci: Fully suspend across freeze/thaw cycle Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 240/339] sysrq: do not omit current cpu when showing backtrace of all active CPUs Greg Kroah-Hartman
` (101 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Eli Billauer, Hangyu Hua, Sasha Levin
From: Hangyu Hua <hbh25y@gmail.com>
[ Upstream commit b67d19662fdee275c479d21853bc1239600a798f ]
usb_get_dev is called in xillyusb_probe. So it is better to call
usb_put_dev before xdev is released.
Acked-by: Eli Billauer <eli.billauer@gmail.com>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220406075703.23464-1-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/xillybus/xillyusb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/xillybus/xillyusb.c b/drivers/char/xillybus/xillyusb.c
index dc3551796e5e..39bcbfd908b4 100644
--- a/drivers/char/xillybus/xillyusb.c
+++ b/drivers/char/xillybus/xillyusb.c
@@ -549,6 +549,7 @@ static void cleanup_dev(struct kref *kref)
if (xdev->workq)
destroy_workqueue(xdev->workq);
+ usb_put_dev(xdev->udev);
kfree(xdev->channels); /* Argument may be NULL, and that's fine */
kfree(xdev);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 240/339] sysrq: do not omit current cpu when showing backtrace of all active CPUs
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 239/339] char: xillybus: fix a refcount leak in cleanup_dev() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 241/339] usb: dwc2: gadget: dont reset gadgets driver->bus Greg Kroah-Hartman
` (100 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Changbin Du, Sasha Levin
From: Changbin Du <changbin.du@gmail.com>
[ Upstream commit 5390e7f46b9d5546d45a83e6463bc656678b1d0e ]
The backtrace of current CPU also should be printed as it is active. This
change add stack trace for current CPU and print a hint for idle CPU for
the generic workqueue based printing. (x86 already does this)
Now it looks like below:
[ 279.401567] sysrq: Show backtrace of all active CPUs
[ 279.407234] sysrq: CPU5:
[ 279.407505] Call Trace:
[ 279.408789] [<ffffffff8000606c>] dump_backtrace+0x2c/0x3a
[ 279.411698] [<ffffffff800060ac>] show_stack+0x32/0x3e
[ 279.411809] [<ffffffff80542258>] sysrq_handle_showallcpus+0x4c/0xc6
[ 279.411929] [<ffffffff80542f16>] __handle_sysrq+0x106/0x26c
[ 279.412034] [<ffffffff805436a8>] write_sysrq_trigger+0x64/0x74
[ 279.412139] [<ffffffff8029cd48>] proc_reg_write+0x8e/0xe2
[ 279.412252] [<ffffffff8021a8f8>] vfs_write+0x90/0x2be
[ 279.412362] [<ffffffff8021acd2>] ksys_write+0xa6/0xce
[ 279.412467] [<ffffffff8021ad24>] sys_write+0x2a/0x38
[ 279.412689] [<ffffffff80003ff8>] ret_from_syscall+0x0/0x2
[ 279.417173] sysrq: CPU6: backtrace skipped as idling
[ 279.417185] sysrq: CPU4: backtrace skipped as idling
[ 279.417187] sysrq: CPU0: backtrace skipped as idling
[ 279.417181] sysrq: CPU7: backtrace skipped as idling
[ 279.417190] sysrq: CPU1: backtrace skipped as idling
[ 279.417193] sysrq: CPU3: backtrace skipped as idling
[ 279.417219] sysrq: CPU2:
[ 279.419179] Call Trace:
[ 279.419440] [<ffffffff8000606c>] dump_backtrace+0x2c/0x3a
[ 279.419782] [<ffffffff800060ac>] show_stack+0x32/0x3e
[ 279.420015] [<ffffffff80542b30>] showacpu+0x5c/0x96
[ 279.420317] [<ffffffff800ba71c>] flush_smp_call_function_queue+0xd6/0x218
[ 279.420569] [<ffffffff800bb438>] generic_smp_call_function_single_interrupt+0x14/0x1c
[ 279.420798] [<ffffffff800079ae>] handle_IPI+0xaa/0x13a
[ 279.421024] [<ffffffff804dcb92>] riscv_intc_irq+0x56/0x70
[ 279.421274] [<ffffffff80a05b70>] generic_handle_arch_irq+0x6a/0xfa
[ 279.421518] [<ffffffff80004006>] ret_from_exception+0x0/0x10
[ 279.421750] [<ffffffff80096492>] rcu_idle_enter+0x16/0x1e
Signed-off-by: Changbin Du <changbin.du@gmail.com>
Link: https://lore.kernel.org/r/20220117154300.2808-1-changbin.du@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/sysrq.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
index bbfd004449b5..34cfdda4aff5 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
@@ -232,8 +232,10 @@ static void showacpu(void *dummy)
unsigned long flags;
/* Idle CPUs have no interesting backtrace. */
- if (idle_cpu(smp_processor_id()))
+ if (idle_cpu(smp_processor_id())) {
+ pr_info("CPU%d: backtrace skipped as idling\n", smp_processor_id());
return;
+ }
raw_spin_lock_irqsave(&show_lock, flags);
pr_info("CPU%d:\n", smp_processor_id());
@@ -260,10 +262,13 @@ static void sysrq_handle_showallcpus(int key)
if (in_hardirq())
regs = get_irq_regs();
- if (regs) {
- pr_info("CPU%d:\n", smp_processor_id());
+
+ pr_info("CPU%d:\n", smp_processor_id());
+ if (regs)
show_regs(regs);
- }
+ else
+ show_stack(NULL, NULL, KERN_INFO);
+
schedule_work(&sysrq_showallcpus);
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 241/339] usb: dwc2: gadget: dont reset gadgets driver->bus
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 240/339] sysrq: do not omit current cpu when showing backtrace of all active CPUs Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 242/339] usb: dwc3: host: Stop setting the ACPI companion Greg Kroah-Hartman
` (99 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Sasha Levin
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit 3120aac6d0ecd9accf56894aeac0e265f74d3d5a ]
UDC driver should not touch gadget's driver internals, especially it
should not reset driver->bus. This wasn't harmful so far, but since
commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget
subsystem got it's own bus and messing with ->bus triggers the
following NULL pointer dereference:
dwc2 12480000.hsotg: bound driver g_ether
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in: ...
CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862
Hardware name: Samsung Exynos (Flattened Device Tree)
PC is at module_add_driver+0x44/0xe8
LR is at sysfs_do_create_link_sd+0x84/0xe0
...
Process modprobe (pid: 620, stack limit = 0x(ptrval))
...
module_add_driver from bus_add_driver+0xf4/0x1e4
bus_add_driver from driver_register+0x78/0x10c
driver_register from usb_gadget_register_driver_owner+0x40/0xb4
usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0
do_one_initcall from do_init_module+0x44/0x1c8
do_init_module from load_module+0x19b8/0x1b9c
load_module from sys_finit_module+0xdc/0xfc
sys_finit_module from ret_fast_syscall+0x0/0x54
Exception stack(0xf1771fa8 to 0xf1771ff0)
...
dwc2 12480000.hsotg: new device is high-speed
---[ end trace 0000000000000000 ]---
Fix this by removing driver->bus entry reset.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20220505104618.22729-1-m.szyprowski@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc2/gadget.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c
index eee3504397e6..fe2a58c75861 100644
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -4544,7 +4544,6 @@ static int dwc2_hsotg_udc_start(struct usb_gadget *gadget,
WARN_ON(hsotg->driver);
- driver->driver.bus = NULL;
hsotg->driver = driver;
hsotg->gadget.dev.of_node = hsotg->dev->of_node;
hsotg->gadget.speed = USB_SPEED_UNKNOWN;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 242/339] usb: dwc3: host: Stop setting the ACPI companion
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 241/339] usb: dwc2: gadget: dont reset gadgets driver->bus Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 243/339] usb: dwc3: gadget: Only End Transfer for ep0 data phase Greg Kroah-Hartman
` (98 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Heikki Krogerus, Sasha Levin
From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
[ Upstream commit 7fd069d65da2e20b1caec3b7bcf9dfbe28c04bb2 ]
It is no longer needed. The sysdev pointer is now used when
assigning the ACPI companions to the xHCI ports and USB
devices.
Assigning the ACPI companion here resulted in the
fwnode->secondary pointer to be replaced also for the parent
dwc3 device since the primary fwnode (the ACPI companion)
was shared. That was unintentional and it created potential
side effects like resource leaks.
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20220428111056.3558-3-heikki.krogerus@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/host.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/usb/dwc3/host.c b/drivers/usb/dwc3/host.c
index eda871973d6c..f56c30cf151e 100644
--- a/drivers/usb/dwc3/host.c
+++ b/drivers/usb/dwc3/host.c
@@ -7,7 +7,6 @@
* Authors: Felipe Balbi <balbi@ti.com>,
*/
-#include <linux/acpi.h>
#include <linux/irq.h>
#include <linux/of.h>
#include <linux/platform_device.h>
@@ -83,7 +82,6 @@ int dwc3_host_init(struct dwc3 *dwc)
}
xhci->dev.parent = dwc->dev;
- ACPI_COMPANION_SET(&xhci->dev, ACPI_COMPANION(dwc->dev));
dwc->xhci = xhci;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 243/339] usb: dwc3: gadget: Only End Transfer for ep0 data phase
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 242/339] usb: dwc3: host: Stop setting the ACPI companion Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 244/339] soundwire: qcom: adjust autoenumeration timeout Greg Kroah-Hartman
` (97 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Thinh Nguyen, Sasha Levin
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
[ Upstream commit ace17b6ee4f92ab0375d12a1b42494f8590a96b6 ]
The driver shouldn't be able to issue End Transfer to the control
endpoint at anytime. Typically we should only do so in error cases such
as invalid/unexpected direction of Data Phase as described in the
control transfer flow of the programming guide. It _may_ end started
data phase during controller deinitialization from soft disconnect or
driver removal. However, that should not happen because the driver
should be maintained in EP0_SETUP_PHASE during driver tear-down. On
soft-connect, the controller should be reset from a soft-reset and there
should be no issue starting the control endpoint.
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/3c6643678863a26702e4115e9e19d7d94a30d49c.1650593829.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/gadget.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 6936d8ce8981..bf2eaa09d73c 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -3685,6 +3685,17 @@ static void dwc3_reset_gadget(struct dwc3 *dwc)
void dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force,
bool interrupt)
{
+ struct dwc3 *dwc = dep->dwc;
+
+ /*
+ * Only issue End Transfer command to the control endpoint of a started
+ * Data Phase. Typically we should only do so in error cases such as
+ * invalid/unexpected direction as described in the control transfer
+ * flow of the programming guide.
+ */
+ if (dep->number <= 1 && dwc->ep0state != EP0_DATA_PHASE)
+ return;
+
if (!(dep->flags & DWC3_EP_TRANSFER_STARTED) ||
(dep->flags & DWC3_EP_DELAY_STOP) ||
(dep->flags & DWC3_EP_END_TRANSFER_PENDING))
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 244/339] soundwire: qcom: adjust autoenumeration timeout
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 243/339] usb: dwc3: gadget: Only End Transfer for ep0 data phase Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 245/339] misc: rtsx: set NULL intfdata when probe fails Greg Kroah-Hartman
` (96 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Srinivasa Rao Mandadapu,
Srinivas Kandagatla, Vinod Koul, Sasha Levin
From: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[ Upstream commit 74da272400b46f2e898f115d1b1cd60828766919 ]
Currently timeout for autoenumeration during probe and bus reset is set to
2 secs which is really a big value. This can have an adverse effect on
boot time if the slave device is not ready/reset.
This was the case with wcd938x which was not reset yet but we spent 2
secs waiting in the soundwire controller probe. Reduce this time to
1/10 of Hz which should be good enough time to finish autoenumeration
if any slaves are available on the bus.
Reported-by: Srinivasa Rao Mandadapu <quic_srivasam@quicinc.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20220506084705.18525-1-srinivas.kandagatla@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/qcom.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soundwire/qcom.c b/drivers/soundwire/qcom.c
index b38525b35bec..7b8ef45abee4 100644
--- a/drivers/soundwire/qcom.c
+++ b/drivers/soundwire/qcom.c
@@ -105,7 +105,7 @@
#define SWRM_SPECIAL_CMD_ID 0xF
#define MAX_FREQ_NUM 1
-#define TIMEOUT_MS (2 * HZ)
+#define TIMEOUT_MS 100
#define QCOM_SWRM_MAX_RD_LEN 0x1
#define QCOM_SDW_MAX_PORTS 14
#define DEFAULT_CLK_FREQ 9600000
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 245/339] misc: rtsx: set NULL intfdata when probe fails
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 244/339] soundwire: qcom: adjust autoenumeration timeout Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 246/339] extcon: Fix extcon_get_extcon_dev() error handling Greg Kroah-Hartman
` (95 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shuah Khan, Sasha Levin
From: Shuah Khan <skhan@linuxfoundation.org>
[ Upstream commit f861d36e021e1ac4a0a2a1f6411d623809975d63 ]
rtsx_usb_probe() doesn't call usb_set_intfdata() to null out the
interface pointer when probe fails. This leaves a stale pointer.
Noticed the missing usb_set_intfdata() while debugging an unrelated
invalid DMA mapping problem.
Fix it with a call to usb_set_intfdata(..., NULL).
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Link: https://lore.kernel.org/r/20220429210913.46804-1-skhan@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/cardreader/rtsx_usb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c
index 59eda55d92a3..1ef9b61077c4 100644
--- a/drivers/misc/cardreader/rtsx_usb.c
+++ b/drivers/misc/cardreader/rtsx_usb.c
@@ -667,6 +667,7 @@ static int rtsx_usb_probe(struct usb_interface *intf,
return 0;
out_init_fail:
+ usb_set_intfdata(ucr->pusb_intf, NULL);
usb_free_coherent(ucr->pusb_dev, IOBUF_SIZE, ucr->iobuf,
ucr->iobuf_dma);
return ret;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 246/339] extcon: Fix extcon_get_extcon_dev() error handling
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 245/339] misc: rtsx: set NULL intfdata when probe fails Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 247/339] extcon: Modify extcon device to be created after driver data is set Greg Kroah-Hartman
` (94 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dan Carpenter, Hans de Goede,
Heikki Krogerus, Guenter Roeck, Sebastian Reichel, Chanwoo Choi,
Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 58e4a2d27d3255e4e8c507fdc13734dccc9fc4c7 ]
The extcon_get_extcon_dev() function returns error pointers on error,
NULL when it's a -EPROBE_DEFER defer situation, and ERR_PTR(-ENODEV)
when the CONFIG_EXTCON option is disabled. This is very complicated for
the callers to handle and a number of them had bugs that would lead to
an Oops.
In real life, there are two things which prevented crashes. First,
error pointers would only be returned if there was bug in the caller
where they passed a NULL "extcon_name" and none of them do that.
Second, only two out of the eight drivers will build when CONFIG_EXTCON
is disabled.
The normal way to write this would be to return -EPROBE_DEFER directly
when appropriate and return NULL when CONFIG_EXTCON is disabled. Then
the error handling is simple and just looks like:
dev->edev = extcon_get_extcon_dev(acpi_dev_name(adev));
if (IS_ERR(dev->edev))
return PTR_ERR(dev->edev);
For the two drivers which can build with CONFIG_EXTCON disabled, then
extcon_get_extcon_dev() will now return NULL which is not treated as an
error and the probe will continue successfully. Those two drivers are
"typec_fusb302" and "max8997-battery". In the original code, the
typec_fusb302 driver had an 800ms hang in tcpm_get_current_limit() but
now that function is a no-op. For the max8997-battery driver everything
should continue working as is.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon-axp288.c | 4 ++--
drivers/extcon/extcon.c | 4 +++-
drivers/power/supply/axp288_charger.c | 17 ++++++++++-------
drivers/power/supply/charger-manager.c | 7 ++-----
drivers/power/supply/max8997_charger.c | 8 ++++----
drivers/usb/dwc3/drd.c | 9 ++-------
drivers/usb/phy/phy-omap-otg.c | 4 ++--
drivers/usb/typec/tcpm/fusb302.c | 4 ++--
include/linux/extcon.h | 2 +-
9 files changed, 28 insertions(+), 31 deletions(-)
diff --git a/drivers/extcon/extcon-axp288.c b/drivers/extcon/extcon-axp288.c
index 7c6d5857ff25..180be768c215 100644
--- a/drivers/extcon/extcon-axp288.c
+++ b/drivers/extcon/extcon-axp288.c
@@ -394,8 +394,8 @@ static int axp288_extcon_probe(struct platform_device *pdev)
if (adev) {
info->id_extcon = extcon_get_extcon_dev(acpi_dev_name(adev));
put_device(&adev->dev);
- if (!info->id_extcon)
- return -EPROBE_DEFER;
+ if (IS_ERR(info->id_extcon))
+ return PTR_ERR(info->id_extcon);
dev_info(dev, "controlling USB role\n");
} else {
diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index a09e704fd0fa..adb957470c65 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -851,6 +851,8 @@ EXPORT_SYMBOL_GPL(extcon_set_property_capability);
* @extcon_name: the extcon name provided with extcon_dev_register()
*
* Return the pointer of extcon device if success or ERR_PTR(err) if fail.
+ * NOTE: This function returns -EPROBE_DEFER so it may only be called from
+ * probe() functions.
*/
struct extcon_dev *extcon_get_extcon_dev(const char *extcon_name)
{
@@ -864,7 +866,7 @@ struct extcon_dev *extcon_get_extcon_dev(const char *extcon_name)
if (!strcmp(sd->name, extcon_name))
goto out;
}
- sd = NULL;
+ sd = ERR_PTR(-EPROBE_DEFER);
out:
mutex_unlock(&extcon_dev_list_lock);
return sd;
diff --git a/drivers/power/supply/axp288_charger.c b/drivers/power/supply/axp288_charger.c
index 19746e658a6a..15219ed43ce9 100644
--- a/drivers/power/supply/axp288_charger.c
+++ b/drivers/power/supply/axp288_charger.c
@@ -865,17 +865,20 @@ static int axp288_charger_probe(struct platform_device *pdev)
info->regmap_irqc = axp20x->regmap_irqc;
info->cable.edev = extcon_get_extcon_dev(AXP288_EXTCON_DEV_NAME);
- if (info->cable.edev == NULL) {
- dev_dbg(dev, "%s is not ready, probe deferred\n",
- AXP288_EXTCON_DEV_NAME);
- return -EPROBE_DEFER;
+ if (IS_ERR(info->cable.edev)) {
+ dev_err_probe(dev, PTR_ERR(info->cable.edev),
+ "extcon_get_extcon_dev(%s) failed\n",
+ AXP288_EXTCON_DEV_NAME);
+ return PTR_ERR(info->cable.edev);
}
if (acpi_dev_present(USB_HOST_EXTCON_HID, NULL, -1)) {
info->otg.cable = extcon_get_extcon_dev(USB_HOST_EXTCON_NAME);
- if (info->otg.cable == NULL) {
- dev_dbg(dev, "EXTCON_USB_HOST is not ready, probe deferred\n");
- return -EPROBE_DEFER;
+ if (IS_ERR(info->otg.cable)) {
+ dev_err_probe(dev, PTR_ERR(info->otg.cable),
+ "extcon_get_extcon_dev(%s) failed\n",
+ USB_HOST_EXTCON_NAME);
+ return PTR_ERR(info->otg.cable);
}
dev_info(dev, "Using " USB_HOST_EXTCON_HID " extcon for usb-id\n");
}
diff --git a/drivers/power/supply/charger-manager.c b/drivers/power/supply/charger-manager.c
index d67edb760c94..92db79400a6a 100644
--- a/drivers/power/supply/charger-manager.c
+++ b/drivers/power/supply/charger-manager.c
@@ -985,13 +985,10 @@ static int charger_extcon_init(struct charger_manager *cm,
cable->nb.notifier_call = charger_extcon_notifier;
cable->extcon_dev = extcon_get_extcon_dev(cable->extcon_name);
- if (IS_ERR_OR_NULL(cable->extcon_dev)) {
+ if (IS_ERR(cable->extcon_dev)) {
pr_err("Cannot find extcon_dev for %s (cable: %s)\n",
cable->extcon_name, cable->name);
- if (cable->extcon_dev == NULL)
- return -EPROBE_DEFER;
- else
- return PTR_ERR(cable->extcon_dev);
+ return PTR_ERR(cable->extcon_dev);
}
for (i = 0; i < ARRAY_SIZE(extcon_mapping); i++) {
diff --git a/drivers/power/supply/max8997_charger.c b/drivers/power/supply/max8997_charger.c
index 127c73b0b3bd..1ec3535a257d 100644
--- a/drivers/power/supply/max8997_charger.c
+++ b/drivers/power/supply/max8997_charger.c
@@ -242,10 +242,10 @@ static int max8997_battery_probe(struct platform_device *pdev)
dev_info(&pdev->dev, "couldn't get charger regulator\n");
}
charger->edev = extcon_get_extcon_dev("max8997-muic");
- if (IS_ERR_OR_NULL(charger->edev)) {
- if (!charger->edev)
- return -EPROBE_DEFER;
- dev_info(charger->dev, "couldn't get extcon device\n");
+ if (IS_ERR(charger->edev)) {
+ dev_err_probe(charger->dev, PTR_ERR(charger->edev),
+ "couldn't get extcon device: max8997-muic\n");
+ return PTR_ERR(charger->edev);
}
if (!IS_ERR(charger->reg) && !IS_ERR_OR_NULL(charger->edev)) {
diff --git a/drivers/usb/dwc3/drd.c b/drivers/usb/dwc3/drd.c
index 8cad9e7d3368..4982edd13047 100644
--- a/drivers/usb/dwc3/drd.c
+++ b/drivers/usb/dwc3/drd.c
@@ -455,13 +455,8 @@ static struct extcon_dev *dwc3_get_extcon(struct dwc3 *dwc)
* This device property is for kernel internal use only and
* is expected to be set by the glue code.
*/
- if (device_property_read_string(dev, "linux,extcon-name", &name) == 0) {
- edev = extcon_get_extcon_dev(name);
- if (!edev)
- return ERR_PTR(-EPROBE_DEFER);
-
- return edev;
- }
+ if (device_property_read_string(dev, "linux,extcon-name", &name) == 0)
+ return extcon_get_extcon_dev(name);
/*
* Try to get an extcon device from the USB PHY controller's "port"
diff --git a/drivers/usb/phy/phy-omap-otg.c b/drivers/usb/phy/phy-omap-otg.c
index ee0863c6553e..6e6ef8c0bc7e 100644
--- a/drivers/usb/phy/phy-omap-otg.c
+++ b/drivers/usb/phy/phy-omap-otg.c
@@ -95,8 +95,8 @@ static int omap_otg_probe(struct platform_device *pdev)
return -ENODEV;
extcon = extcon_get_extcon_dev(config->extcon);
- if (!extcon)
- return -EPROBE_DEFER;
+ if (IS_ERR(extcon))
+ return PTR_ERR(extcon);
otg_dev = devm_kzalloc(&pdev->dev, sizeof(*otg_dev), GFP_KERNEL);
if (!otg_dev)
diff --git a/drivers/usb/typec/tcpm/fusb302.c b/drivers/usb/typec/tcpm/fusb302.c
index 72f9001b0792..96c55eaf3f80 100644
--- a/drivers/usb/typec/tcpm/fusb302.c
+++ b/drivers/usb/typec/tcpm/fusb302.c
@@ -1708,8 +1708,8 @@ static int fusb302_probe(struct i2c_client *client,
*/
if (device_property_read_string(dev, "linux,extcon-name", &name) == 0) {
chip->extcon = extcon_get_extcon_dev(name);
- if (!chip->extcon)
- return -EPROBE_DEFER;
+ if (IS_ERR(chip->extcon))
+ return PTR_ERR(chip->extcon);
}
chip->vbus = devm_regulator_get(chip->dev, "vbus");
diff --git a/include/linux/extcon.h b/include/linux/extcon.h
index 0c19010da77f..685401d94d39 100644
--- a/include/linux/extcon.h
+++ b/include/linux/extcon.h
@@ -296,7 +296,7 @@ static inline void devm_extcon_unregister_notifier_all(struct device *dev,
static inline struct extcon_dev *extcon_get_extcon_dev(const char *extcon_name)
{
- return ERR_PTR(-ENODEV);
+ return NULL;
}
static inline struct extcon_dev *extcon_find_edev_by_node(struct device_node *node)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 247/339] extcon: Modify extcon device to be created after driver data is set
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 246/339] extcon: Fix extcon_get_extcon_dev() error handling Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 248/339] clocksource/drivers/sp804: Avoid error on multiple instances Greg Kroah-Hartman
` (93 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, bumwoo lee, Chanwoo Choi, Sasha Levin
From: bumwoo lee <bw365.lee@samsung.com>
[ Upstream commit 5dcc2afe716d69f5112ce035cb14f007461ff189 ]
Currently, someone can invoke the sysfs such as state_show()
intermittently before dev_set_drvdata() is done.
And it can be a cause of kernel Oops because of edev is Null at that time.
So modified the driver registration to after setting drviver data.
- Oops's backtrace.
Backtrace:
[<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show)
[<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show)
[<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show)
[<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read)
[<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read)
[<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read)
[<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read)
[<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read)
[<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read)
[<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)
Signed-off-by: bumwoo lee <bw365.lee@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index adb957470c65..97e35c32bfa5 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -1220,19 +1220,14 @@ int extcon_dev_register(struct extcon_dev *edev)
edev->dev.type = &edev->extcon_dev_type;
}
- ret = device_register(&edev->dev);
- if (ret) {
- put_device(&edev->dev);
- goto err_dev;
- }
-
spin_lock_init(&edev->lock);
- edev->nh = devm_kcalloc(&edev->dev, edev->max_supported,
- sizeof(*edev->nh), GFP_KERNEL);
- if (!edev->nh) {
- ret = -ENOMEM;
- device_unregister(&edev->dev);
- goto err_dev;
+ if (edev->max_supported) {
+ edev->nh = kcalloc(edev->max_supported, sizeof(*edev->nh),
+ GFP_KERNEL);
+ if (!edev->nh) {
+ ret = -ENOMEM;
+ goto err_alloc_nh;
+ }
}
for (index = 0; index < edev->max_supported; index++)
@@ -1243,6 +1238,12 @@ int extcon_dev_register(struct extcon_dev *edev)
dev_set_drvdata(&edev->dev, edev);
edev->state = 0;
+ ret = device_register(&edev->dev);
+ if (ret) {
+ put_device(&edev->dev);
+ goto err_dev;
+ }
+
mutex_lock(&extcon_dev_list_lock);
list_add(&edev->entry, &extcon_dev_list);
mutex_unlock(&extcon_dev_list_lock);
@@ -1250,6 +1251,9 @@ int extcon_dev_register(struct extcon_dev *edev)
return 0;
err_dev:
+ if (edev->max_supported)
+ kfree(edev->nh);
+err_alloc_nh:
if (edev->max_supported)
kfree(edev->extcon_dev_type.groups);
err_alloc_groups:
@@ -1310,6 +1314,7 @@ void extcon_dev_unregister(struct extcon_dev *edev)
if (edev->max_supported) {
kfree(edev->extcon_dev_type.groups);
kfree(edev->cables);
+ kfree(edev->nh);
}
put_device(&edev->dev);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 248/339] clocksource/drivers/sp804: Avoid error on multiple instances
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 247/339] extcon: Modify extcon device to be created after driver data is set Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 249/339] staging: rtl8712: fix uninit-value in usb_read8() and friends Greg Kroah-Hartman
` (92 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Andre Przywara, Robin Murphy,
Daniel Lezcano, Sasha Levin
From: Andre Przywara <andre.przywara@arm.com>
[ Upstream commit a98399cbc1e05f7b977419f03905501d566cf54e ]
When a machine sports more than one SP804 timer instance, we only bring
up the first one, since multiple timers of the same kind are not useful
to Linux. As this is intentional behaviour, we should not return an
error message, as we do today:
===============
[ 0.000800] Failed to initialize '/bus@8000000/motherboard-bus@8000000/iofpga-bus@300000000/timer@120000': -22
===============
Replace the -EINVAL return with a debug message and return 0 instead.
Also we do not reach the init function anymore if the DT node is
disabled (as this is now handled by OF_DECLARE), so remove the explicit
check for that case.
This fixes a long standing bogus error when booting ARM's fastmodels.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20220506162522.3675399-1-andre.przywara@arm.com
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-sp804.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/clocksource/timer-sp804.c b/drivers/clocksource/timer-sp804.c
index 401d592e85f5..e6a87f4af2b5 100644
--- a/drivers/clocksource/timer-sp804.c
+++ b/drivers/clocksource/timer-sp804.c
@@ -259,6 +259,11 @@ static int __init sp804_of_init(struct device_node *np, struct sp804_timer *time
struct clk *clk1, *clk2;
const char *name = of_get_property(np, "compatible", NULL);
+ if (initialized) {
+ pr_debug("%pOF: skipping further SP804 timer device\n", np);
+ return 0;
+ }
+
base = of_iomap(np, 0);
if (!base)
return -ENXIO;
@@ -270,11 +275,6 @@ static int __init sp804_of_init(struct device_node *np, struct sp804_timer *time
writel(0, timer1_base + timer->ctrl);
writel(0, timer2_base + timer->ctrl);
- if (initialized || !of_device_is_available(np)) {
- ret = -EINVAL;
- goto err;
- }
-
clk1 = of_clk_get(np, 0);
if (IS_ERR(clk1))
clk1 = NULL;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 249/339] staging: rtl8712: fix uninit-value in usb_read8() and friends
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 248/339] clocksource/drivers/sp804: Avoid error on multiple instances Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 250/339] staging: rtl8712: fix uninit-value in r871xu_drv_init() Greg Kroah-Hartman
` (91 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6f5ecd144854c0d8580b,
Dan Carpenter, Wang Cheng, Sasha Levin
From: Wang Cheng <wanngchenng@gmail.com>
[ Upstream commit d1b57669732d09da7e13ef86d058dab0cd57f6e0 ]
When r8712_usbctrl_vendorreq() returns negative, 'data' in
usb_read{8,16,32} will not be initialized.
BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]
BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725
string_nocheck lib/vsprintf.c:643 [inline]
string+0x4ec/0x6f0 lib/vsprintf.c:725
vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
va_format lib/vsprintf.c:1704 [inline]
pointer+0x18e6/0x1f70 lib/vsprintf.c:2443
vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810
vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604
dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615
__dev_printk+0x3be/0x440 drivers/base/core.c:4627
_dev_info+0x1ea/0x22f drivers/base/core.c:4673
r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x6c7/0x1350 drivers/base/dd.c:621
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x6c7/0x1350 drivers/base/dd.c:621
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5363 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]
port_event drivers/usb/core/hub.c:5665 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289
worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436
kthread+0x3c7/0x500 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
Local variable data created at:
usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33
r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29
KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
Reported-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Tested-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wang Cheng <wanngchenng@gmail.com>
Link: https://lore.kernel.org/r/b9b7a6ee02c02aa28054f5cf16129977775f3cd9.1652618244.git.wanngchenng@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8712/usb_ops.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/rtl8712/usb_ops.c b/drivers/staging/rtl8712/usb_ops.c
index e64845e6adf3..af9966d03979 100644
--- a/drivers/staging/rtl8712/usb_ops.c
+++ b/drivers/staging/rtl8712/usb_ops.c
@@ -29,7 +29,8 @@ static u8 usb_read8(struct intf_hdl *intfhdl, u32 addr)
u16 wvalue;
u16 index;
u16 len;
- __le32 data;
+ int status;
+ __le32 data = 0;
struct intf_priv *intfpriv = intfhdl->pintfpriv;
request = 0x05;
@@ -37,8 +38,10 @@ static u8 usb_read8(struct intf_hdl *intfhdl, u32 addr)
index = 0;
wvalue = (u16)(addr & 0x0000ffff);
len = 1;
- r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index, &data, len,
- requesttype);
+ status = r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index,
+ &data, len, requesttype);
+ if (status < 0)
+ return 0;
return (u8)(le32_to_cpu(data) & 0x0ff);
}
@@ -49,7 +52,8 @@ static u16 usb_read16(struct intf_hdl *intfhdl, u32 addr)
u16 wvalue;
u16 index;
u16 len;
- __le32 data;
+ int status;
+ __le32 data = 0;
struct intf_priv *intfpriv = intfhdl->pintfpriv;
request = 0x05;
@@ -57,8 +61,10 @@ static u16 usb_read16(struct intf_hdl *intfhdl, u32 addr)
index = 0;
wvalue = (u16)(addr & 0x0000ffff);
len = 2;
- r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index, &data, len,
- requesttype);
+ status = r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index,
+ &data, len, requesttype);
+ if (status < 0)
+ return 0;
return (u16)(le32_to_cpu(data) & 0xffff);
}
@@ -69,7 +75,8 @@ static u32 usb_read32(struct intf_hdl *intfhdl, u32 addr)
u16 wvalue;
u16 index;
u16 len;
- __le32 data;
+ int status;
+ __le32 data = 0;
struct intf_priv *intfpriv = intfhdl->pintfpriv;
request = 0x05;
@@ -77,8 +84,10 @@ static u32 usb_read32(struct intf_hdl *intfhdl, u32 addr)
index = 0;
wvalue = (u16)(addr & 0x0000ffff);
len = 4;
- r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index, &data, len,
- requesttype);
+ status = r8712_usbctrl_vendorreq(intfpriv, request, wvalue, index,
+ &data, len, requesttype);
+ if (status < 0)
+ return 0;
return le32_to_cpu(data);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 250/339] staging: rtl8712: fix uninit-value in r871xu_drv_init()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 249/339] staging: rtl8712: fix uninit-value in usb_read8() and friends Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 251/339] serial: msm_serial: disable interrupts in __msm_console_write() Greg Kroah-Hartman
` (90 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+6f5ecd144854c0d8580b,
Dan Carpenter, Wang Cheng, Sasha Levin
From: Wang Cheng <wanngchenng@gmail.com>
[ Upstream commit 0458e5428e5e959d201a40ffe71d762a79ecedc4 ]
When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
'mac[6]' will not be initialized.
BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
kthread+0x3c7/0x500 kernel/kthread.c:377
ret_from_fork+0x1f/0x30
Local variable mac created at:
r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
Reported-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Tested-by: <syzbot+6f5ecd144854c0d8580b@syzkaller.appspotmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wang Cheng <wanngchenng@gmail.com>
Link: https://lore.kernel.org/r/14c3886173dfa4597f0704547c414cfdbcd11d16.1652618244.git.wanngchenng@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8712/usb_intf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c
index 56450ede9f23..1ff3e2658e77 100644
--- a/drivers/staging/rtl8712/usb_intf.c
+++ b/drivers/staging/rtl8712/usb_intf.c
@@ -536,13 +536,13 @@ static int r871xu_drv_init(struct usb_interface *pusb_intf,
} else {
AutoloadFail = false;
}
- if (((mac[0] == 0xff) && (mac[1] == 0xff) &&
+ if ((!AutoloadFail) ||
+ ((mac[0] == 0xff) && (mac[1] == 0xff) &&
(mac[2] == 0xff) && (mac[3] == 0xff) &&
(mac[4] == 0xff) && (mac[5] == 0xff)) ||
((mac[0] == 0x00) && (mac[1] == 0x00) &&
(mac[2] == 0x00) && (mac[3] == 0x00) &&
- (mac[4] == 0x00) && (mac[5] == 0x00)) ||
- (!AutoloadFail)) {
+ (mac[4] == 0x00) && (mac[5] == 0x00))) {
mac[0] = 0x00;
mac[1] = 0xe0;
mac[2] = 0x4c;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 251/339] serial: msm_serial: disable interrupts in __msm_console_write()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 250/339] staging: rtl8712: fix uninit-value in r871xu_drv_init() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 252/339] kernfs: Separate kernfs_pr_cont_buf and rename_lock Greg Kroah-Hartman
` (89 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marek Szyprowski, Petr Mladek,
John Ogness, Sasha Levin
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit aabdbb1b7a5819e18c403334a31fb0cc2c06ad41 ]
__msm_console_write() assumes that interrupts are disabled, but
with threaded console printers it is possible that the write()
callback of the console is called with interrupts enabled.
Explicitly disable interrupts using local_irq_save() to preserve
the assumed context.
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Link: https://lore.kernel.org/r/20220506213324.470461-1-john.ogness@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/msm_serial.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
index 23c94b927776..e676ec761f18 100644
--- a/drivers/tty/serial/msm_serial.c
+++ b/drivers/tty/serial/msm_serial.c
@@ -1599,6 +1599,7 @@ static inline struct uart_port *msm_get_port_from_line(unsigned int line)
static void __msm_console_write(struct uart_port *port, const char *s,
unsigned int count, bool is_uartdm)
{
+ unsigned long flags;
int i;
int num_newlines = 0;
bool replaced = false;
@@ -1616,6 +1617,8 @@ static void __msm_console_write(struct uart_port *port, const char *s,
num_newlines++;
count += num_newlines;
+ local_irq_save(flags);
+
if (port->sysrq)
locked = 0;
else if (oops_in_progress)
@@ -1661,6 +1664,8 @@ static void __msm_console_write(struct uart_port *port, const char *s,
if (locked)
spin_unlock(&port->lock);
+
+ local_irq_restore(flags);
}
static void msm_console_write(struct console *co, const char *s,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 252/339] kernfs: Separate kernfs_pr_cont_buf and rename_lock.
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 251/339] serial: msm_serial: disable interrupts in __msm_console_write() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 253/339] watchdog: wdat_wdt: Stop watchdog when rebooting the system Greg Kroah-Hartman
` (88 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tejun Heo, Hao Luo, Sasha Levin
From: Hao Luo <haoluo@google.com>
[ Upstream commit 1a702dc88e150487c9c173a249b3d236498b9183 ]
Previously the protection of kernfs_pr_cont_buf was piggy backed by
rename_lock, which means that pr_cont() needs to be protected under
rename_lock. This can cause potential circular lock dependencies.
If there is an OOM, we have the following call hierarchy:
-> cpuset_print_current_mems_allowed()
-> pr_cont_cgroup_name()
-> pr_cont_kernfs_name()
pr_cont_kernfs_name() will grab rename_lock and call printk. So we have
the following lock dependencies:
kernfs_rename_lock -> console_sem
Sometimes, printk does a wakeup before releasing console_sem, which has
the dependence chain:
console_sem -> p->pi_lock -> rq->lock
Now, imagine one wants to read cgroup_name under rq->lock, for example,
printing cgroup_name in a tracepoint in the scheduler code. They will
be holding rq->lock and take rename_lock:
rq->lock -> kernfs_rename_lock
Now they will deadlock.
A prevention to this circular lock dependency is to separate the
protection of pr_cont_buf from rename_lock. In principle, rename_lock
is to protect the integrity of cgroup name when copying to buf. Once
pr_cont_buf has got its content, rename_lock can be dropped. So it's
safe to drop rename_lock after kernfs_name_locked (and
kernfs_path_from_node_locked) and rely on a dedicated pr_cont_lock
to protect pr_cont_buf.
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Hao Luo <haoluo@google.com>
Link: https://lore.kernel.org/r/20220516190951.3144144-1-haoluo@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/kernfs/dir.c | 31 +++++++++++++++++++------------
1 file changed, 19 insertions(+), 12 deletions(-)
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index e205fde7163a..6eca72cfa1f2 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -18,7 +18,15 @@
#include "kernfs-internal.h"
static DEFINE_SPINLOCK(kernfs_rename_lock); /* kn->parent and ->name */
-static char kernfs_pr_cont_buf[PATH_MAX]; /* protected by rename_lock */
+/*
+ * Don't use rename_lock to piggy back on pr_cont_buf. We don't want to
+ * call pr_cont() while holding rename_lock. Because sometimes pr_cont()
+ * will perform wakeups when releasing console_sem. Holding rename_lock
+ * will introduce deadlock if the scheduler reads the kernfs_name in the
+ * wakeup path.
+ */
+static DEFINE_SPINLOCK(kernfs_pr_cont_lock);
+static char kernfs_pr_cont_buf[PATH_MAX]; /* protected by pr_cont_lock */
static DEFINE_SPINLOCK(kernfs_idr_lock); /* root->ino_idr */
#define rb_to_kn(X) rb_entry((X), struct kernfs_node, rb)
@@ -229,12 +237,12 @@ void pr_cont_kernfs_name(struct kernfs_node *kn)
{
unsigned long flags;
- spin_lock_irqsave(&kernfs_rename_lock, flags);
+ spin_lock_irqsave(&kernfs_pr_cont_lock, flags);
- kernfs_name_locked(kn, kernfs_pr_cont_buf, sizeof(kernfs_pr_cont_buf));
+ kernfs_name(kn, kernfs_pr_cont_buf, sizeof(kernfs_pr_cont_buf));
pr_cont("%s", kernfs_pr_cont_buf);
- spin_unlock_irqrestore(&kernfs_rename_lock, flags);
+ spin_unlock_irqrestore(&kernfs_pr_cont_lock, flags);
}
/**
@@ -248,10 +256,10 @@ void pr_cont_kernfs_path(struct kernfs_node *kn)
unsigned long flags;
int sz;
- spin_lock_irqsave(&kernfs_rename_lock, flags);
+ spin_lock_irqsave(&kernfs_pr_cont_lock, flags);
- sz = kernfs_path_from_node_locked(kn, NULL, kernfs_pr_cont_buf,
- sizeof(kernfs_pr_cont_buf));
+ sz = kernfs_path_from_node(kn, NULL, kernfs_pr_cont_buf,
+ sizeof(kernfs_pr_cont_buf));
if (sz < 0) {
pr_cont("(error)");
goto out;
@@ -265,7 +273,7 @@ void pr_cont_kernfs_path(struct kernfs_node *kn)
pr_cont("%s", kernfs_pr_cont_buf);
out:
- spin_unlock_irqrestore(&kernfs_rename_lock, flags);
+ spin_unlock_irqrestore(&kernfs_pr_cont_lock, flags);
}
/**
@@ -823,13 +831,12 @@ static struct kernfs_node *kernfs_walk_ns(struct kernfs_node *parent,
lockdep_assert_held_read(&kernfs_root(parent)->kernfs_rwsem);
- /* grab kernfs_rename_lock to piggy back on kernfs_pr_cont_buf */
- spin_lock_irq(&kernfs_rename_lock);
+ spin_lock_irq(&kernfs_pr_cont_lock);
len = strlcpy(kernfs_pr_cont_buf, path, sizeof(kernfs_pr_cont_buf));
if (len >= sizeof(kernfs_pr_cont_buf)) {
- spin_unlock_irq(&kernfs_rename_lock);
+ spin_unlock_irq(&kernfs_pr_cont_lock);
return NULL;
}
@@ -841,7 +848,7 @@ static struct kernfs_node *kernfs_walk_ns(struct kernfs_node *parent,
parent = kernfs_find_ns(parent, name, ns);
}
- spin_unlock_irq(&kernfs_rename_lock);
+ spin_unlock_irq(&kernfs_pr_cont_lock);
return parent;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 253/339] watchdog: wdat_wdt: Stop watchdog when rebooting the system
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 252/339] kernfs: Separate kernfs_pr_cont_buf and rename_lock Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 254/339] ksmbd: smbd: fix connection dropped issue Greg Kroah-Hartman
` (87 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Xinpeng, Guenter Roeck,
Wim Van Sebroeck, Sasha Levin
From: Liu Xinpeng <liuxp11@chinatelecom.cn>
[ Upstream commit 27fdf84510a1374748904db43f6755f912736d92 ]
Executing reboot command several times on the machine "Dell
PowerEdge R740", UEFI security detection stopped machine
with the following prompt:
UEFI0082: The system was reset due to a timeout from the watchdog
timer. Check the System Event Log (SEL) or crash dumps from
Operating Sysstem to identify the source that triggered the
watchdog timer reset. Update the firmware or driver for the
identified device.
iDRAC has warning event: "The watchdog timer reset the system".
This patch fixes this issue by adding the reboot notifier.
Signed-off-by: Liu Xinpeng <liuxp11@chinatelecom.cn>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/1650984810-6247-3-git-send-email-liuxp11@chinatelecom.cn
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/watchdog/wdat_wdt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/watchdog/wdat_wdt.c b/drivers/watchdog/wdat_wdt.c
index 195c8c004b69..4fac8148a8e6 100644
--- a/drivers/watchdog/wdat_wdt.c
+++ b/drivers/watchdog/wdat_wdt.c
@@ -462,6 +462,7 @@ static int wdat_wdt_probe(struct platform_device *pdev)
return ret;
watchdog_set_nowayout(&wdat->wdd, nowayout);
+ watchdog_stop_on_reboot(&wdat->wdd);
return devm_watchdog_register_device(dev, &wdat->wdd);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 254/339] ksmbd: smbd: fix connection dropped issue
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 253/339] watchdog: wdat_wdt: Stop watchdog when rebooting the system Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 255/339] md: protect md_unregister_thread from reentrancy Greg Kroah-Hartman
` (86 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yufan Chen, Hyunchul Lee,
Namjae Jeon, Steve French, Sasha Levin
From: Hyunchul Lee <hyc.lee@gmail.com>
[ Upstream commit 5366afc4065075a4456941fbd51c33604d631ee5 ]
When there are bursty connection requests,
RDMA connection event handler is deferred and
Negotiation requests are received even if
connection status is NEW.
To handle it, set the status to CONNECTED
if Negotiation requests are received.
Reported-by: Yufan Chen <wiz.chen@gmail.com>
Signed-off-by: Hyunchul Lee <hyc.lee@gmail.com>
Tested-by: Yufan Chen <wiz.chen@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ksmbd/transport_rdma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ksmbd/transport_rdma.c b/fs/ksmbd/transport_rdma.c
index e646d79554b8..3f5d13571694 100644
--- a/fs/ksmbd/transport_rdma.c
+++ b/fs/ksmbd/transport_rdma.c
@@ -569,6 +569,7 @@ static void recv_done(struct ib_cq *cq, struct ib_wc *wc)
}
t->negotiation_requested = true;
t->full_packet_received = true;
+ t->status = SMB_DIRECT_CS_CONNECTED;
enqueue_reassembly(t, recvmsg, 0);
wake_up_interruptible(&t->wait_status);
break;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 255/339] md: protect md_unregister_thread from reentrancy
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 254/339] ksmbd: smbd: fix connection dropped issue Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 256/339] ASoC: SOF: amd: Fixed Build error Greg Kroah-Hartman
` (85 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Donald Buczek, Guoqing Jiang,
Song Liu, Sasha Levin
From: Guoqing Jiang <guoqing.jiang@cloud.ionos.com>
[ Upstream commit 1e267742283a4b5a8ca65755c44166be27e9aa0f ]
Generally, the md_unregister_thread is called with reconfig_mutex, but
raid_message in dm-raid doesn't hold reconfig_mutex to unregister thread,
so md_unregister_thread can be called simulitaneously from two call sites
in theory.
Then after previous commit which remove the protection of reconfig_mutex
for md_unregister_thread completely, the potential issue could be worse
than before.
Let's take pers_lock at the beginning of function to ensure reentrancy.
Reported-by: Donald Buczek <buczek@molgen.mpg.de>
Signed-off-by: Guoqing Jiang <guoqing.jiang@linux.dev>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 066f792b374e..f79cab8c7700 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -7960,17 +7960,22 @@ EXPORT_SYMBOL(md_register_thread);
void md_unregister_thread(struct md_thread **threadp)
{
- struct md_thread *thread = *threadp;
- if (!thread)
- return;
- pr_debug("interrupting MD-thread pid %d\n", task_pid_nr(thread->tsk));
- /* Locking ensures that mddev_unlock does not wake_up a
+ struct md_thread *thread;
+
+ /*
+ * Locking ensures that mddev_unlock does not wake_up a
* non-existent thread
*/
spin_lock(&pers_lock);
+ thread = *threadp;
+ if (!thread) {
+ spin_unlock(&pers_lock);
+ return;
+ }
*threadp = NULL;
spin_unlock(&pers_lock);
+ pr_debug("interrupting MD-thread pid %d\n", task_pid_nr(thread->tsk));
kthread_stop(thread->tsk);
kfree(thread);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 256/339] ASoC: SOF: amd: Fixed Build error
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 255/339] md: protect md_unregister_thread from reentrancy Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 257/339] scsi: myrb: Fix up null pointer access on myrb_cleanup() Greg Kroah-Hartman
` (84 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Syed Saba Kareem,
Mark Brown, Sasha Levin
From: Syed Saba kareem <ssabakar@amd.com>
[ Upstream commit 803a1f7272797faa15a7879cdc70f9adaf3fdcba ]
Add linux/module.h in acp-pci.c to solve the below dependency
All error/warnings (new ones prefixed by >>):
>> sound/soc/amd/acp/acp-pci.c:148:1: warning: data definition has no type or storage class
148 | MODULE_DEVICE_TABLE(pci, acp_pci_ids);
| ^~~~~~~~~~~~~~~~~~~
>> sound/soc/amd/acp/acp-pci.c:148:1: error: type defaults to 'int' in declaration of 'MODULE_DEVICE_TABLE' [-Werror=implicit-int]
...
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Syed Saba Kareem<ssabakar@amd.com>
Link: https://lore.kernel.org/r/20220523112956.3087604-1-ssabakar@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/acp/acp-pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/amd/acp/acp-pci.c b/sound/soc/amd/acp/acp-pci.c
index 340e39d7f420..c893963ee2d0 100644
--- a/sound/soc/amd/acp/acp-pci.c
+++ b/sound/soc/amd/acp/acp-pci.c
@@ -16,6 +16,7 @@
#include <linux/pci.h>
#include <linux/platform_device.h>
#include <linux/pm_runtime.h>
+#include <linux/module.h>
#include "amd.h"
#include "../mach-config.h"
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 257/339] scsi: myrb: Fix up null pointer access on myrb_cleanup()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 256/339] ASoC: SOF: amd: Fixed Build error Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 258/339] ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM Greg Kroah-Hartman
` (83 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Zheyu Ma, Hannes Reinecke,
Martin K. Petersen, Sasha Levin
From: Hannes Reinecke <hare@suse.de>
[ Upstream commit f9f0a46141e2e39bedb4779c88380d1b5f018c14 ]
When myrb_probe() fails the callback might not be set, so we need to
validate the 'disable_intr' callback in myrb_cleanup() to not cause a null
pointer exception. And while at it do not call myrb_cleanup() if we cannot
enable the PCI device at all.
Link: https://lore.kernel.org/r/20220523120244.99515-1-hare@suse.de
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Tested-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/myrb.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/myrb.c b/drivers/scsi/myrb.c
index 71585528e8db..e885c1dbf61f 100644
--- a/drivers/scsi/myrb.c
+++ b/drivers/scsi/myrb.c
@@ -1239,7 +1239,8 @@ static void myrb_cleanup(struct myrb_hba *cb)
myrb_unmap(cb);
if (cb->mmio_base) {
- cb->disable_intr(cb->io_base);
+ if (cb->disable_intr)
+ cb->disable_intr(cb->io_base);
iounmap(cb->mmio_base);
}
if (cb->irq)
@@ -3413,9 +3414,13 @@ static struct myrb_hba *myrb_detect(struct pci_dev *pdev,
mutex_init(&cb->dcmd_mutex);
mutex_init(&cb->dma_mutex);
cb->pdev = pdev;
+ cb->host = shost;
- if (pci_enable_device(pdev))
- goto failure;
+ if (pci_enable_device(pdev)) {
+ dev_err(&pdev->dev, "Failed to enable PCI device\n");
+ scsi_host_put(shost);
+ return NULL;
+ }
if (privdata->hw_init == DAC960_PD_hw_init ||
privdata->hw_init == DAC960_P_hw_init) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 258/339] ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 257/339] scsi: myrb: Fix up null pointer access on myrb_cleanup() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 259/339] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Greg Kroah-Hartman
` (82 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oder Chiou, Sameer Pujar, Mark Brown,
Sasha Levin
From: Oder Chiou <oder_chiou@realtek.com>
[ Upstream commit 832296804bc7171730884e78c761c29f6d258e13 ]
The pin "Platform Clock" was only used by the Intel Byt CR platform. In the
others, the error log will be informed. The patch will set the flag to
avoid the pin "Platform Clock" manipulated by the other platforms.
Signed-off-by: Oder Chiou <oder_chiou@realtek.com>
Reported-by: Sameer Pujar <spujar@nvidia.com>
Link: https://lore.kernel.org/r/20220516103055.20003-1-oder_chiou@realtek.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5640.c | 11 +++++++++--
sound/soc/codecs/rt5640.h | 2 ++
sound/soc/intel/boards/bytcr_rt5640.c | 2 ++
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/rt5640.c b/sound/soc/codecs/rt5640.c
index 30c2e7cb7ed2..3559d9ecfa07 100644
--- a/sound/soc/codecs/rt5640.c
+++ b/sound/soc/codecs/rt5640.c
@@ -2094,12 +2094,14 @@ EXPORT_SYMBOL_GPL(rt5640_sel_asrc_clk_src);
void rt5640_enable_micbias1_for_ovcd(struct snd_soc_component *component)
{
struct snd_soc_dapm_context *dapm = snd_soc_component_get_dapm(component);
+ struct rt5640_priv *rt5640 = snd_soc_component_get_drvdata(component);
snd_soc_dapm_mutex_lock(dapm);
snd_soc_dapm_force_enable_pin_unlocked(dapm, "LDO2");
snd_soc_dapm_force_enable_pin_unlocked(dapm, "MICBIAS1");
/* OVCD is unreliable when used with RCCLK as sysclk-source */
- snd_soc_dapm_force_enable_pin_unlocked(dapm, "Platform Clock");
+ if (rt5640->use_platform_clock)
+ snd_soc_dapm_force_enable_pin_unlocked(dapm, "Platform Clock");
snd_soc_dapm_sync_unlocked(dapm);
snd_soc_dapm_mutex_unlock(dapm);
}
@@ -2108,9 +2110,11 @@ EXPORT_SYMBOL_GPL(rt5640_enable_micbias1_for_ovcd);
void rt5640_disable_micbias1_for_ovcd(struct snd_soc_component *component)
{
struct snd_soc_dapm_context *dapm = snd_soc_component_get_dapm(component);
+ struct rt5640_priv *rt5640 = snd_soc_component_get_drvdata(component);
snd_soc_dapm_mutex_lock(dapm);
- snd_soc_dapm_disable_pin_unlocked(dapm, "Platform Clock");
+ if (rt5640->use_platform_clock)
+ snd_soc_dapm_disable_pin_unlocked(dapm, "Platform Clock");
snd_soc_dapm_disable_pin_unlocked(dapm, "MICBIAS1");
snd_soc_dapm_disable_pin_unlocked(dapm, "LDO2");
snd_soc_dapm_sync_unlocked(dapm);
@@ -2535,6 +2539,9 @@ static void rt5640_enable_jack_detect(struct snd_soc_component *component,
rt5640->jd_gpio_irq_requested = true;
}
+ if (jack_data && jack_data->use_platform_clock)
+ rt5640->use_platform_clock = jack_data->use_platform_clock;
+
ret = request_irq(rt5640->irq, rt5640_irq,
IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
"rt5640", rt5640);
diff --git a/sound/soc/codecs/rt5640.h b/sound/soc/codecs/rt5640.h
index 9e49b9a0ccaa..505c93514051 100644
--- a/sound/soc/codecs/rt5640.h
+++ b/sound/soc/codecs/rt5640.h
@@ -2155,11 +2155,13 @@ struct rt5640_priv {
bool jd_inverted;
unsigned int ovcd_th;
unsigned int ovcd_sf;
+ bool use_platform_clock;
};
struct rt5640_set_jack_data {
int codec_irq_override;
struct gpio_desc *jd_gpio;
+ bool use_platform_clock;
};
int rt5640_dmic_enable(struct snd_soc_component *component,
diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c
index f81ae742faa7..75ec4a9322bb 100644
--- a/sound/soc/intel/boards/bytcr_rt5640.c
+++ b/sound/soc/intel/boards/bytcr_rt5640.c
@@ -1191,12 +1191,14 @@ static int byt_rt5640_init(struct snd_soc_pcm_runtime *runtime)
{
struct snd_soc_card *card = runtime->card;
struct byt_rt5640_private *priv = snd_soc_card_get_drvdata(card);
+ struct rt5640_set_jack_data *jack_data = &priv->jack_data;
struct snd_soc_component *component = asoc_rtd_to_codec(runtime, 0)->component;
const struct snd_soc_dapm_route *custom_map = NULL;
int num_routes = 0;
int ret;
card->dapm.idle_bias_off = true;
+ jack_data->use_platform_clock = true;
/* Start with RC clk for jack-detect (we disable MCLK below) */
if (byt_rt5640_quirk & BYT_RT5640_MCLK_EN)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 259/339] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 258/339] ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 260/339] ceph: allow ceph.dir.rctime xattr to be updatable Greg Kroah-Hartman
` (81 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michal Kubecek, Steffen Klassert,
Sasha Levin
From: Michal Kubecek <mkubecek@suse.cz>
[ Upstream commit 9c90c9b3e50e16d03c7f87d63e9db373974781e0 ]
This reverts commit 4dc2a5a8f6754492180741facf2a8787f2c415d7.
A non-zero return value from pfkey_broadcast() does not necessarily mean
an error occurred as this function returns -ESRCH when no registered
listener received the message. In particular, a call with
BROADCAST_PROMISC_ONLY flag and null one_sk argument can never return
zero so that this commit in fact prevents processing any PF_KEY message.
One visible effect is that racoon daemon fails to find encryption
algorithms like aes and refuses to start.
Excluding -ESRCH return value would fix this but it's not obvious that
we really want to bail out here and most other callers of
pfkey_broadcast() also ignore the return value. Also, as pointed out by
Steffen Klassert, PF_KEY is kind of deprecated and newer userspace code
should use netlink instead so that we should only disturb the code for
really important fixes.
v2: add a comment explaining why is the return value ignored
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/key/af_key.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 339d95df19d3..d93bde657359 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2826,10 +2826,12 @@ static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb
void *ext_hdrs[SADB_EXT_MAX];
int err;
- err = pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
- BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
- if (err)
- return err;
+ /* Non-zero return value of pfkey_broadcast() does not always signal
+ * an error and even on an actual error we may still want to process
+ * the message so rather ignore the return value.
+ */
+ pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
+ BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
memset(ext_hdrs, 0, sizeof(ext_hdrs));
err = parse_exthdrs(skb, hdr, ext_hdrs);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 260/339] ceph: allow ceph.dir.rctime xattr to be updatable
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 259/339] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 261/339] ceph: flush the mdlog for filesystem sync Greg Kroah-Hartman
` (80 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Venky Shankar, Xiubo Li,
Ilya Dryomov, Sasha Levin
From: Venky Shankar <vshankar@redhat.com>
[ Upstream commit d7a2dc523085f8b8c60548ceedc696934aefeb0e ]
`rctime' has been a pain point in cephfs due to its buggy
nature - inconsistent values reported and those sorts.
Fixing rctime is non-trivial needing an overall redesign
of the entire nested statistics infrastructure.
As a workaround, PR
http://github.com/ceph/ceph/pull/37938
allows this extended attribute to be manually set. This allows
users to "fixup" inconsistent rctime values. While this sounds
messy, its probably the wisest approach allowing users/scripts
to workaround buggy rctime values.
The above PR enables Ceph MDS to allow manually setting
rctime extended attribute with the corresponding user-land
changes. We may as well allow the same to be done via kclient
for parity.
Signed-off-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/xattr.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index afec84088471..8c2dc2c762a4 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -366,6 +366,14 @@ static ssize_t ceph_vxattrcb_auth_mds(struct ceph_inode_info *ci,
}
#define XATTR_RSTAT_FIELD(_type, _name) \
XATTR_NAME_CEPH(_type, _name, VXATTR_FLAG_RSTAT)
+#define XATTR_RSTAT_FIELD_UPDATABLE(_type, _name) \
+ { \
+ .name = CEPH_XATTR_NAME(_type, _name), \
+ .name_size = sizeof (CEPH_XATTR_NAME(_type, _name)), \
+ .getxattr_cb = ceph_vxattrcb_ ## _type ## _ ## _name, \
+ .exists_cb = NULL, \
+ .flags = VXATTR_FLAG_RSTAT, \
+ }
#define XATTR_LAYOUT_FIELD(_type, _name, _field) \
{ \
.name = CEPH_XATTR_NAME2(_type, _name, _field), \
@@ -404,7 +412,7 @@ static struct ceph_vxattr ceph_dir_vxattrs[] = {
XATTR_RSTAT_FIELD(dir, rsubdirs),
XATTR_RSTAT_FIELD(dir, rsnaps),
XATTR_RSTAT_FIELD(dir, rbytes),
- XATTR_RSTAT_FIELD(dir, rctime),
+ XATTR_RSTAT_FIELD_UPDATABLE(dir, rctime),
{
.name = "ceph.dir.pin",
.name_size = sizeof("ceph.dir.pin"),
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 261/339] ceph: flush the mdlog for filesystem sync
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 260/339] ceph: allow ceph.dir.rctime xattr to be updatable Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 262/339] ceph: fix possible deadlock when holding Fwb to get inline_data Greg Kroah-Hartman
` (79 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiubo Li, Jeff Layton, Ilya Dryomov,
Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 1b2ba3c5616e17ff951359e25c658a1c3f146f1e ]
Before waiting for a request's safe reply, we will send the mdlog flush
request to the relevant MDS. And this will also flush the mdlog for all
the other unsafe requests in the same session, so we can record the last
session and no need to flush mdlog again in the next loop. But there
still have cases that it may send the mdlog flush requst twice or more,
but that should be not often.
Rename wait_unsafe_requests() to
flush_mdlog_and_wait_mdsc_unsafe_requests() to make it more
descriptive.
[xiubli: fold in MDS request refcount leak fix from Jeff]
URL: https://tracker.ceph.com/issues/55284
URL: https://tracker.ceph.com/issues/55411
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/mds_client.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 1bd3e1bb0fdf..8c249511344d 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -4700,15 +4700,17 @@ void ceph_mdsc_pre_umount(struct ceph_mds_client *mdsc)
}
/*
- * wait for all write mds requests to flush.
+ * flush the mdlog and wait for all write mds requests to flush.
*/
-static void wait_unsafe_requests(struct ceph_mds_client *mdsc, u64 want_tid)
+static void flush_mdlog_and_wait_mdsc_unsafe_requests(struct ceph_mds_client *mdsc,
+ u64 want_tid)
{
struct ceph_mds_request *req = NULL, *nextreq;
+ struct ceph_mds_session *last_session = NULL;
struct rb_node *n;
mutex_lock(&mdsc->mutex);
- dout("wait_unsafe_requests want %lld\n", want_tid);
+ dout("%s want %lld\n", __func__, want_tid);
restart:
req = __get_oldest_req(mdsc);
while (req && req->r_tid <= want_tid) {
@@ -4720,14 +4722,32 @@ static void wait_unsafe_requests(struct ceph_mds_client *mdsc, u64 want_tid)
nextreq = NULL;
if (req->r_op != CEPH_MDS_OP_SETFILELOCK &&
(req->r_op & CEPH_MDS_OP_WRITE)) {
+ struct ceph_mds_session *s = req->r_session;
+
+ if (!s) {
+ req = nextreq;
+ continue;
+ }
+
/* write op */
ceph_mdsc_get_request(req);
if (nextreq)
ceph_mdsc_get_request(nextreq);
+ s = ceph_get_mds_session(s);
mutex_unlock(&mdsc->mutex);
- dout("wait_unsafe_requests wait on %llu (want %llu)\n",
+
+ /* send flush mdlog request to MDS */
+ if (last_session != s) {
+ send_flush_mdlog(s);
+ ceph_put_mds_session(last_session);
+ last_session = s;
+ } else {
+ ceph_put_mds_session(s);
+ }
+ dout("%s wait on %llu (want %llu)\n", __func__,
req->r_tid, want_tid);
wait_for_completion(&req->r_safe_completion);
+
mutex_lock(&mdsc->mutex);
ceph_mdsc_put_request(req);
if (!nextreq)
@@ -4742,7 +4762,8 @@ static void wait_unsafe_requests(struct ceph_mds_client *mdsc, u64 want_tid)
req = nextreq;
}
mutex_unlock(&mdsc->mutex);
- dout("wait_unsafe_requests done\n");
+ ceph_put_mds_session(last_session);
+ dout("%s done\n", __func__);
}
void ceph_mdsc_sync(struct ceph_mds_client *mdsc)
@@ -4771,7 +4792,7 @@ void ceph_mdsc_sync(struct ceph_mds_client *mdsc)
dout("sync want tid %lld flush_seq %lld\n",
want_tid, want_flush);
- wait_unsafe_requests(mdsc, want_tid);
+ flush_mdlog_and_wait_mdsc_unsafe_requests(mdsc, want_tid);
wait_caps_flush(mdsc, want_flush);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 262/339] ceph: fix possible deadlock when holding Fwb to get inline_data
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 261/339] ceph: flush the mdlog for filesystem sync Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 263/339] net, neigh: Set lower cap for neigh_managed_work rearming Greg Kroah-Hartman
` (78 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xiubo Li, Jeff Layton, Ilya Dryomov,
Sasha Levin
From: Xiubo Li <xiubli@redhat.com>
[ Upstream commit 825978fd6a0defc3c29d8a38b6cea76a0938d21e ]
1, mount with wsync.
2, create a file with O_RDWR, and the request was sent to mds.0:
ceph_atomic_open()-->
ceph_mdsc_do_request(openc)
finish_open(file, dentry, ceph_open)-->
ceph_open()-->
ceph_init_file()-->
ceph_init_file_info()-->
ceph_uninline_data()-->
{
...
if (inline_version == 1 || /* initial version, no data */
inline_version == CEPH_INLINE_NONE)
goto out_unlock;
...
}
The inline_version will be 1, which is the initial version for the
new create file. And here the ci->i_inline_version will keep with 1,
it's buggy.
3, buffer write to the file immediately:
ceph_write_iter()-->
ceph_get_caps(file, need=Fw, want=Fb, ...);
generic_perform_write()-->
a_ops->write_begin()-->
ceph_write_begin()-->
netfs_write_begin()-->
netfs_begin_read()-->
netfs_rreq_submit_slice()-->
netfs_read_from_server()-->
rreq->netfs_ops->issue_read()-->
ceph_netfs_issue_read()-->
{
...
if (ci->i_inline_version != CEPH_INLINE_NONE &&
ceph_netfs_issue_op_inline(subreq))
return;
...
}
ceph_put_cap_refs(ci, Fwb);
The ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to
mds.1.
4, then the mds.1 will request the rd lock for CInode::filelock from
the auth mds.0, the mds.0 will do the CInode::filelock state transation
from excl --> sync, but it need to revoke the Fxwb caps back from the
clients.
While the kernel client has aleady held the Fwb caps and waiting for
the getattr(Fsr).
It's deadlock!
URL: https://tracker.ceph.com/issues/55377
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ceph/addr.c | 33 +++++++++++++++++++--------------
1 file changed, 19 insertions(+), 14 deletions(-)
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index b6edcf89a429..adef10a6e5c7 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -1644,7 +1644,7 @@ int ceph_uninline_data(struct file *file)
struct inode *inode = file_inode(file);
struct ceph_inode_info *ci = ceph_inode(inode);
struct ceph_fs_client *fsc = ceph_inode_to_client(inode);
- struct ceph_osd_request *req;
+ struct ceph_osd_request *req = NULL;
struct ceph_cap_flush *prealloc_cf;
struct folio *folio = NULL;
u64 inline_version = CEPH_INLINE_NONE;
@@ -1652,10 +1652,23 @@ int ceph_uninline_data(struct file *file)
int err = 0;
u64 len;
+ spin_lock(&ci->i_ceph_lock);
+ inline_version = ci->i_inline_version;
+ spin_unlock(&ci->i_ceph_lock);
+
+ dout("uninline_data %p %llx.%llx inline_version %llu\n",
+ inode, ceph_vinop(inode), inline_version);
+
+ if (inline_version == CEPH_INLINE_NONE)
+ return 0;
+
prealloc_cf = ceph_alloc_cap_flush();
if (!prealloc_cf)
return -ENOMEM;
+ if (inline_version == 1) /* initial version, no data */
+ goto out_uninline;
+
folio = read_mapping_folio(inode->i_mapping, 0, file);
if (IS_ERR(folio)) {
err = PTR_ERR(folio);
@@ -1664,17 +1677,6 @@ int ceph_uninline_data(struct file *file)
folio_lock(folio);
- spin_lock(&ci->i_ceph_lock);
- inline_version = ci->i_inline_version;
- spin_unlock(&ci->i_ceph_lock);
-
- dout("uninline_data %p %llx.%llx inline_version %llu\n",
- inode, ceph_vinop(inode), inline_version);
-
- if (inline_version == 1 || /* initial version, no data */
- inline_version == CEPH_INLINE_NONE)
- goto out_unlock;
-
len = i_size_read(inode);
if (len > folio_size(folio))
len = folio_size(folio);
@@ -1739,6 +1741,7 @@ int ceph_uninline_data(struct file *file)
ceph_update_write_metrics(&fsc->mdsc->metric, req->r_start_latency,
req->r_end_latency, len, err);
+out_uninline:
if (!err) {
int dirty;
@@ -1757,8 +1760,10 @@ int ceph_uninline_data(struct file *file)
if (err == -ECANCELED)
err = 0;
out_unlock:
- folio_unlock(folio);
- folio_put(folio);
+ if (folio) {
+ folio_unlock(folio);
+ folio_put(folio);
+ }
out:
ceph_free_cap_flush(prealloc_cf);
dout("uninline_data %p %llx.%llx inline_version %llu = %d\n",
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 263/339] net, neigh: Set lower cap for neigh_managed_work rearming
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 262/339] ceph: fix possible deadlock when holding Fwb to get inline_data Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 264/339] drm/amd/display: Check if modulo is 0 before dividing Greg Kroah-Hartman
` (77 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yuwei Wang, Daniel Borkmann,
Nikolay Aleksandrov, Jakub Kicinski, Sasha Levin
From: Daniel Borkmann <daniel@iogearbox.net>
[ Upstream commit ed6cd6a17896561b9f51ab4c0d9bbb29e762b597 ]
Yuwei reported that plain reuse of DELAY_PROBE_TIME to rearm work queue
in neigh_managed_work is problematic if user explicitly configures the
DELAY_PROBE_TIME to 0 for a neighbor table. Such misconfig can then hog
CPU to 100% processing the system work queue. Instead, set lower interval
bound to HZ which is totally sufficient. Yuwei is additionally looking
into making the interval separately configurable from DELAY_PROBE_TIME.
Reported-by: Yuwei Wang <wangyuweihx@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/netdev/797c3c53-ce1b-9f60-e253-cda615788f4a@iogearbox.net
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/3b8c5aa906c52c3a8c995d1b2e8ccf650ea7c716.1653432794.git.daniel@iogearbox.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index f64ebd050f6c..fd69133dc7c5 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1579,7 +1579,7 @@ static void neigh_managed_work(struct work_struct *work)
list_for_each_entry(neigh, &tbl->managed_list, managed_list)
neigh_event_send_probe(neigh, NULL, false);
queue_delayed_work(system_power_efficient_wq, &tbl->managed_work,
- NEIGH_VAR(&tbl->parms, DELAY_PROBE_TIME));
+ max(NEIGH_VAR(&tbl->parms, DELAY_PROBE_TIME), HZ));
write_unlock_bh(&tbl->lock);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 264/339] drm/amd/display: Check if modulo is 0 before dividing.
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 263/339] net, neigh: Set lower cap for neigh_managed_work rearming Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 265/339] drm/amd/display: Check zero planes for OTG disable W/A on clock change Greg Kroah-Hartman
` (76 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Leung, Qingqing Zhuo,
David Galiffi, Daniel Wheeler, Alex Deucher, Sasha Levin
From: David Galiffi <David.Galiffi@amd.com>
[ Upstream commit 49947b906a6bd9668eaf4f9cf691973c25c26955 ]
[How & Why]
If a value of 0 is read, then this will cause a divide-by-0 panic.
Reviewed-by: Martin Leung <Martin.Leung@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: David Galiffi <David.Galiffi@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
index cc5128e67daf..8e9a7409c17a 100644
--- a/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
+++ b/drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c
@@ -1105,9 +1105,12 @@ static bool get_pixel_clk_frequency_100hz(
* not be programmed equal to DPREFCLK
*/
modulo_hz = REG_READ(MODULO[inst]);
- *pixel_clk_khz = div_u64((uint64_t)clock_hz*
- clock_source->ctx->dc->clk_mgr->dprefclk_khz*10,
- modulo_hz);
+ if (modulo_hz)
+ *pixel_clk_khz = div_u64((uint64_t)clock_hz*
+ clock_source->ctx->dc->clk_mgr->dprefclk_khz*10,
+ modulo_hz);
+ else
+ *pixel_clk_khz = 0;
} else {
/* NOTE: There is agreement with VBIOS here that MODULO is
* programmed equal to DPREFCLK, in which case PHASE will be
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 265/339] drm/amd/display: Check zero planes for OTG disable W/A on clock change
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 264/339] drm/amd/display: Check if modulo is 0 before dividing Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 266/339] drm/radeon: fix a possible null pointer dereference Greg Kroah-Hartman
` (75 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dmytro Laktyushkin, Qingqing Zhuo,
Nicholas Kazlauskas, Daniel Wheeler, Alex Deucher, Sasha Levin
From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
[ Upstream commit 66a197203794339b028eedfa880bff9367fce783 ]
[Why]
A display clock change hang can occur when switching between DIO and HPO
enabled modes during the optimize_bandwidth in dc_commit_state_no_check
call.
This happens when going from 4k120 8bpc 420 to 4k144 10bpc 444.
Display clock in the DIO case is 1200MHz, but pixel rate is 600MHz
because the pixel format is 420.
Display clock in the HPO case is less (800MHz?) because of ODM combine
which results in a smaller divider.
The DIO is still active in prepare but not active in the optimize which
results in the hang occuring.
During this change there are no planes on the stream so it's safe to
apply the workaround, but dpms_off = false and signal type is not
virtual.
[How]
Check for plane_count == 0, no planes on the stream.
It's easiest to check pipe->plane_state == NULL as an equivalent check
rather than trying to search for the stream status in the context
associated with the stream, so let's do that.
The primary, non MPO pipe should not have a NULL plane state.
Reviewed-by: Dmytro Laktyushkin <Dmytro.Laktyushkin@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 3 ++-
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c
index 8be4c1970628..3bf2ab2ff7f8 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c
@@ -91,7 +91,8 @@ static void dcn315_disable_otg_wa(struct clk_mgr *clk_mgr_base, bool disable)
if (pipe->top_pipe || pipe->prev_odm_pipe)
continue;
- if (pipe->stream && (pipe->stream->dpms_off || dc_is_virtual_signal(pipe->stream->signal))) {
+ if (pipe->stream && (pipe->stream->dpms_off || pipe->plane_state == NULL ||
+ dc_is_virtual_signal(pipe->stream->signal))) {
if (disable)
pipe->stream_res.tg->funcs->immediate_disable_crtc(pipe->stream_res.tg);
else
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c
index 3121dd2d2a91..fc3af81ed6c6 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c
@@ -122,7 +122,8 @@ static void dcn316_disable_otg_wa(struct clk_mgr *clk_mgr_base, bool disable)
if (pipe->top_pipe || pipe->prev_odm_pipe)
continue;
- if (pipe->stream && (pipe->stream->dpms_off || dc_is_virtual_signal(pipe->stream->signal))) {
+ if (pipe->stream && (pipe->stream->dpms_off || pipe->plane_state == NULL ||
+ dc_is_virtual_signal(pipe->stream->signal))) {
if (disable)
pipe->stream_res.tg->funcs->immediate_disable_crtc(pipe->stream_res.tg);
else
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 266/339] drm/radeon: fix a possible null pointer dereference
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 265/339] drm/amd/display: Check zero planes for OTG disable W/A on clock change Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 267/339] drm/amd/pm: fix a potential gpu_metrics_table memory leak Greg Kroah-Hartman
` (74 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gong Yuanjun, Alex Deucher, Sasha Levin
From: Gong Yuanjun <ruc_gongyuanjun@163.com>
[ Upstream commit a2b28708b645c5632dc93669ab06e97874c8244f ]
In radeon_fp_native_mode(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference
on failure of drm_mode_duplicate(). Add a check to avoid npd.
The failure status of drm_cvt_mode() on the other path is checked too.
Signed-off-by: Gong Yuanjun <ruc_gongyuanjun@163.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/radeon_connectors.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
index 0cb1345c6ba4..fabe4f4ca124 100644
--- a/drivers/gpu/drm/radeon/radeon_connectors.c
+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -473,6 +473,8 @@ static struct drm_display_mode *radeon_fp_native_mode(struct drm_encoder *encode
native_mode->vdisplay != 0 &&
native_mode->clock != 0) {
mode = drm_mode_duplicate(dev, native_mode);
+ if (!mode)
+ return NULL;
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
drm_mode_set_name(mode);
@@ -487,6 +489,8 @@ static struct drm_display_mode *radeon_fp_native_mode(struct drm_encoder *encode
* simpler.
*/
mode = drm_cvt_mode(dev, native_mode->hdisplay, native_mode->vdisplay, 60, true, false, false);
+ if (!mode)
+ return NULL;
mode->type = DRM_MODE_TYPE_PREFERRED | DRM_MODE_TYPE_DRIVER;
DRM_DEBUG_KMS("Adding cvt approximation of native panel mode %s\n", mode->name);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 267/339] drm/amd/pm: fix a potential gpu_metrics_table memory leak
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 266/339] drm/radeon: fix a possible null pointer dereference Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 268/339] drm/amd/pm: Fix missing thermal throttler status Greg Kroah-Hartman
` (73 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Gong Yuanjun, Alex Deucher, Sasha Levin
From: Gong Yuanjun <ruc_gongyuanjun@163.com>
[ Upstream commit d2f4460a3d9502513419f06cc376c7ade49d5753 ]
gpu_metrics_table is allocated in yellow_carp_init_smc_tables() but
not freed in yellow_carp_fini_smc_tables().
Signed-off-by: Gong Yuanjun <ruc_gongyuanjun@163.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c
index 87257b1b028f..feff4f8c927c 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/yellow_carp_ppt.c
@@ -190,6 +190,9 @@ static int yellow_carp_fini_smc_tables(struct smu_context *smu)
kfree(smu_table->watermarks_table);
smu_table->watermarks_table = NULL;
+ kfree(smu_table->gpu_metrics_table);
+ smu_table->gpu_metrics_table = NULL;
+
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 268/339] drm/amd/pm: Fix missing thermal throttler status
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 267/339] drm/amd/pm: fix a potential gpu_metrics_table memory leak Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 269/339] drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13 Greg Kroah-Hartman
` (72 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Lijo Lazar, Yang Wang, Alex Deucher,
Sasha Levin
From: Lijo Lazar <lijo.lazar@amd.com>
[ Upstream commit b0f4d663fce6a4232d3c20ce820f919111b1c60b ]
On aldebaran, when thermal throttling happens due to excessive GPU
temperature, the reason for throttling event is missed in warning
message. This patch fixes it.
Signed-off-by: Lijo Lazar <lijo.lazar@amd.com>
Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c
index cd81f848d45a..7f998f24af81 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c
@@ -1664,6 +1664,7 @@ static const struct throttling_logging_label {
uint32_t feature_mask;
const char *label;
} logging_label[] = {
+ {(1U << THROTTLER_TEMP_GPU_BIT), "GPU"},
{(1U << THROTTLER_TEMP_MEM_BIT), "HBM"},
{(1U << THROTTLER_TEMP_VR_GFX_BIT), "VR of GFX rail"},
{(1U << THROTTLER_TEMP_VR_MEM_BIT), "VR of HBM rail"},
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 269/339] drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 268/339] drm/amd/pm: Fix missing thermal throttler status Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 270/339] um: line: Use separate IRQs per line Greg Kroah-Hartman
` (71 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Evan Quan, Alex Deucher, Sasha Levin
From: Evan Quan <evan.quan@amd.com>
[ Upstream commit 396beb91a9eb86cbfa404e4220cca8f3ada70777 ]
Correct the metrics version used for SMU 11.0.11/12/13.
Fixes misreported GPU metrics (e.g., fan speed, etc.) depending
on which version of SMU firmware is loaded.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1925
Signed-off-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 57 ++++++++++++++-----
1 file changed, 44 insertions(+), 13 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
index 38f04836c82f..7a1e225fb823 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
@@ -586,12 +586,28 @@ static int sienna_cichlid_get_smu_metrics_data(struct smu_context *smu,
uint16_t average_gfx_activity;
int ret = 0;
- if ((smu->adev->ip_versions[MP1_HWIP][0] == IP_VERSION(11, 0, 7)) &&
- (smu->smc_fw_version >= 0x3A4900))
- use_metrics_v3 = true;
- else if ((smu->adev->ip_versions[MP1_HWIP][0] == IP_VERSION(11, 0, 7)) &&
- (smu->smc_fw_version >= 0x3A4300))
- use_metrics_v2 = true;
+ switch (smu->adev->ip_versions[MP1_HWIP][0]) {
+ case IP_VERSION(11, 0, 7):
+ if (smu->smc_fw_version >= 0x3A4900)
+ use_metrics_v3 = true;
+ else if (smu->smc_fw_version >= 0x3A4300)
+ use_metrics_v2 = true;
+ break;
+ case IP_VERSION(11, 0, 11):
+ if (smu->smc_fw_version >= 0x412D00)
+ use_metrics_v2 = true;
+ break;
+ case IP_VERSION(11, 0, 12):
+ if (smu->smc_fw_version >= 0x3B2300)
+ use_metrics_v2 = true;
+ break;
+ case IP_VERSION(11, 0, 13):
+ if (smu->smc_fw_version >= 0x491100)
+ use_metrics_v2 = true;
+ break;
+ default:
+ break;
+ }
ret = smu_cmn_get_metrics_table(smu,
NULL,
@@ -3701,13 +3717,28 @@ static ssize_t sienna_cichlid_get_gpu_metrics(struct smu_context *smu,
uint16_t average_gfx_activity;
int ret = 0;
- if ((adev->ip_versions[MP1_HWIP][0] == IP_VERSION(11, 0, 7)) &&
- (smu->smc_fw_version >= 0x3A4900))
- use_metrics_v3 = true;
- else if ((adev->ip_versions[MP1_HWIP][0] == IP_VERSION(11, 0, 7)) &&
- (smu->smc_fw_version >= 0x3A4300))
- use_metrics_v2 = true;
-
+ switch (smu->adev->ip_versions[MP1_HWIP][0]) {
+ case IP_VERSION(11, 0, 7):
+ if (smu->smc_fw_version >= 0x3A4900)
+ use_metrics_v3 = true;
+ else if (smu->smc_fw_version >= 0x3A4300)
+ use_metrics_v2 = true;
+ break;
+ case IP_VERSION(11, 0, 11):
+ if (smu->smc_fw_version >= 0x412D00)
+ use_metrics_v2 = true;
+ break;
+ case IP_VERSION(11, 0, 12):
+ if (smu->smc_fw_version >= 0x3B2300)
+ use_metrics_v2 = true;
+ break;
+ case IP_VERSION(11, 0, 13):
+ if (smu->smc_fw_version >= 0x491100)
+ use_metrics_v2 = true;
+ break;
+ default:
+ break;
+ }
ret = smu_cmn_get_metrics_table(smu,
&metrics_external,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 270/339] um: line: Use separate IRQs per line
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 269/339] drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13 Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 271/339] modpost: fix undefined behavior of is_arm_mapping_symbol() Greg Kroah-Hartman
` (70 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jouni Malinen, Johannes Berg,
anton ivanov, Richard Weinberger, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit d5a9597d6916a76663085db984cb8fe97f0a5c56 ]
Today, all possible serial lines (ssl*=) as well as all
possible consoles (con*=) each share a single interrupt
(with a fixed number) with others of the same type.
Now, if you have two lines, say ssl0 and ssl1, and one
of them is connected to an fd you cannot read (e.g. a
file), but the other gets a read interrupt, then both
of them get the interrupt since it's shared. Then, the
read() call will return EOF, since it's a file being
written and there's nothing to read (at least not at
the current offset, at the end).
Unfortunately, this is treated as a read error, and we
close this line, losing all the possible output.
It might be possible to work around this and make the
IRQ sharing work, however, now that we have dynamically
allocated IRQs that are easy to use, simply use that to
achieve separating between the events; then there's no
interrupt for that line and we never attempt the read
in the first place, thus not closing the line.
This manifested itself in the wifi hostap/hwsim tests
where the parallel script communicates via one serial
console and the kernel messages go to another (a file)
and sending data on the communication console caused
the kernel messages to stop flowing into the file.
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Acked-By: anton ivanov <anton.ivanov@cambridgegreys.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/um/drivers/chan_kern.c | 10 +++++-----
arch/um/drivers/line.c | 22 +++++++++++++---------
arch/um/drivers/line.h | 4 ++--
arch/um/drivers/ssl.c | 2 --
arch/um/drivers/stdio_console.c | 2 --
arch/um/include/asm/irq.h | 22 +++++++++-------------
6 files changed, 29 insertions(+), 33 deletions(-)
diff --git a/arch/um/drivers/chan_kern.c b/arch/um/drivers/chan_kern.c
index 62997055c454..26a702a06515 100644
--- a/arch/um/drivers/chan_kern.c
+++ b/arch/um/drivers/chan_kern.c
@@ -133,7 +133,7 @@ static void line_timer_cb(struct work_struct *work)
struct line *line = container_of(work, struct line, task.work);
if (!line->throttled)
- chan_interrupt(line, line->driver->read_irq);
+ chan_interrupt(line, line->read_irq);
}
int enable_chan(struct line *line)
@@ -195,9 +195,9 @@ void free_irqs(void)
chan = list_entry(ele, struct chan, free_list);
if (chan->input && chan->enabled)
- um_free_irq(chan->line->driver->read_irq, chan);
+ um_free_irq(chan->line->read_irq, chan);
if (chan->output && chan->enabled)
- um_free_irq(chan->line->driver->write_irq, chan);
+ um_free_irq(chan->line->write_irq, chan);
chan->enabled = 0;
}
}
@@ -215,9 +215,9 @@ static void close_one_chan(struct chan *chan, int delay_free_irq)
spin_unlock_irqrestore(&irqs_to_free_lock, flags);
} else {
if (chan->input && chan->enabled)
- um_free_irq(chan->line->driver->read_irq, chan);
+ um_free_irq(chan->line->read_irq, chan);
if (chan->output && chan->enabled)
- um_free_irq(chan->line->driver->write_irq, chan);
+ um_free_irq(chan->line->write_irq, chan);
chan->enabled = 0;
}
if (chan->ops->close != NULL)
diff --git a/arch/um/drivers/line.c b/arch/um/drivers/line.c
index 8febf95da96e..02b0befd6763 100644
--- a/arch/um/drivers/line.c
+++ b/arch/um/drivers/line.c
@@ -139,7 +139,7 @@ static int flush_buffer(struct line *line)
count = line->buffer + LINE_BUFSIZE - line->head;
n = write_chan(line->chan_out, line->head, count,
- line->driver->write_irq);
+ line->write_irq);
if (n < 0)
return n;
if (n == count) {
@@ -156,7 +156,7 @@ static int flush_buffer(struct line *line)
count = line->tail - line->head;
n = write_chan(line->chan_out, line->head, count,
- line->driver->write_irq);
+ line->write_irq);
if (n < 0)
return n;
@@ -195,7 +195,7 @@ int line_write(struct tty_struct *tty, const unsigned char *buf, int len)
ret = buffer_data(line, buf, len);
else {
n = write_chan(line->chan_out, buf, len,
- line->driver->write_irq);
+ line->write_irq);
if (n < 0) {
ret = n;
goto out_up;
@@ -215,7 +215,7 @@ void line_throttle(struct tty_struct *tty)
{
struct line *line = tty->driver_data;
- deactivate_chan(line->chan_in, line->driver->read_irq);
+ deactivate_chan(line->chan_in, line->read_irq);
line->throttled = 1;
}
@@ -224,7 +224,7 @@ void line_unthrottle(struct tty_struct *tty)
struct line *line = tty->driver_data;
line->throttled = 0;
- chan_interrupt(line, line->driver->read_irq);
+ chan_interrupt(line, line->read_irq);
}
static irqreturn_t line_write_interrupt(int irq, void *data)
@@ -260,19 +260,23 @@ int line_setup_irq(int fd, int input, int output, struct line *line, void *data)
int err;
if (input) {
- err = um_request_irq(driver->read_irq, fd, IRQ_READ,
- line_interrupt, IRQF_SHARED,
+ err = um_request_irq(UM_IRQ_ALLOC, fd, IRQ_READ,
+ line_interrupt, 0,
driver->read_irq_name, data);
if (err < 0)
return err;
+
+ line->read_irq = err;
}
if (output) {
- err = um_request_irq(driver->write_irq, fd, IRQ_WRITE,
- line_write_interrupt, IRQF_SHARED,
+ err = um_request_irq(UM_IRQ_ALLOC, fd, IRQ_WRITE,
+ line_write_interrupt, 0,
driver->write_irq_name, data);
if (err < 0)
return err;
+
+ line->write_irq = err;
}
return 0;
diff --git a/arch/um/drivers/line.h b/arch/um/drivers/line.h
index bdb16b96e76f..f15be75a3bf3 100644
--- a/arch/um/drivers/line.h
+++ b/arch/um/drivers/line.h
@@ -23,9 +23,7 @@ struct line_driver {
const short minor_start;
const short type;
const short subtype;
- const int read_irq;
const char *read_irq_name;
- const int write_irq;
const char *write_irq_name;
struct mc_device mc;
struct tty_driver *driver;
@@ -35,6 +33,8 @@ struct line {
struct tty_port port;
int valid;
+ int read_irq, write_irq;
+
char *init_str;
struct list_head chan_list;
struct chan *chan_in, *chan_out;
diff --git a/arch/um/drivers/ssl.c b/arch/um/drivers/ssl.c
index 41eae2e8fb65..8514966778d5 100644
--- a/arch/um/drivers/ssl.c
+++ b/arch/um/drivers/ssl.c
@@ -47,9 +47,7 @@ static struct line_driver driver = {
.minor_start = 64,
.type = TTY_DRIVER_TYPE_SERIAL,
.subtype = 0,
- .read_irq = SSL_IRQ,
.read_irq_name = "ssl",
- .write_irq = SSL_WRITE_IRQ,
.write_irq_name = "ssl-write",
.mc = {
.list = LIST_HEAD_INIT(driver.mc.list),
diff --git a/arch/um/drivers/stdio_console.c b/arch/um/drivers/stdio_console.c
index e8b762f4d8c2..489d5a746ed3 100644
--- a/arch/um/drivers/stdio_console.c
+++ b/arch/um/drivers/stdio_console.c
@@ -53,9 +53,7 @@ static struct line_driver driver = {
.minor_start = 0,
.type = TTY_DRIVER_TYPE_CONSOLE,
.subtype = SYSTEM_TYPE_CONSOLE,
- .read_irq = CONSOLE_IRQ,
.read_irq_name = "console",
- .write_irq = CONSOLE_WRITE_IRQ,
.write_irq_name = "console-write",
.mc = {
.list = LIST_HEAD_INIT(driver.mc.list),
diff --git a/arch/um/include/asm/irq.h b/arch/um/include/asm/irq.h
index e187c789369d..749dfe8512e8 100644
--- a/arch/um/include/asm/irq.h
+++ b/arch/um/include/asm/irq.h
@@ -4,19 +4,15 @@
#define TIMER_IRQ 0
#define UMN_IRQ 1
-#define CONSOLE_IRQ 2
-#define CONSOLE_WRITE_IRQ 3
-#define UBD_IRQ 4
-#define UM_ETH_IRQ 5
-#define SSL_IRQ 6
-#define SSL_WRITE_IRQ 7
-#define ACCEPT_IRQ 8
-#define MCONSOLE_IRQ 9
-#define WINCH_IRQ 10
-#define SIGIO_WRITE_IRQ 11
-#define TELNETD_IRQ 12
-#define XTERM_IRQ 13
-#define RANDOM_IRQ 14
+#define UBD_IRQ 2
+#define UM_ETH_IRQ 3
+#define ACCEPT_IRQ 4
+#define MCONSOLE_IRQ 5
+#define WINCH_IRQ 6
+#define SIGIO_WRITE_IRQ 7
+#define TELNETD_IRQ 8
+#define XTERM_IRQ 9
+#define RANDOM_IRQ 10
#ifdef CONFIG_UML_NET_VECTOR
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 271/339] modpost: fix undefined behavior of is_arm_mapping_symbol()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 270/339] um: line: Use separate IRQs per line Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 272/339] objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn Greg Kroah-Hartman
` (69 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Masahiro Yamada, Nick Desaulniers,
Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit d6b732666a1bae0df3c3ae06925043bba34502b1 ]
The return value of is_arm_mapping_symbol() is unpredictable when "$"
is passed in.
strchr(3) says:
The strchr() and strrchr() functions return a pointer to the matched
character or NULL if the character is not found. The terminating null
byte is considered part of the string, so that if c is specified as
'\0', these functions return a pointer to the terminator.
When str[1] is '\0', strchr("axtd", str[1]) is not NULL, and str[2] is
referenced (i.e. buffer overrun).
Test code
---------
char str1[] = "abc";
char str2[] = "ab";
strcpy(str1, "$");
strcpy(str2, "$");
printf("test1: %d\n", is_arm_mapping_symbol(str1));
printf("test2: %d\n", is_arm_mapping_symbol(str2));
Result
------
test1: 0
test2: 1
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index d81019db9da4..b28344fd7408 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1267,7 +1267,8 @@ static int secref_whitelist(const struct sectioncheck *mismatch,
static inline int is_arm_mapping_symbol(const char *str)
{
- return str[0] == '$' && strchr("axtd", str[1])
+ return str[0] == '$' &&
+ (str[1] == 'a' || str[1] == 'd' || str[1] == 't' || str[1] == 'x')
&& (str[2] == '\0' || str[2] == '.');
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 272/339] objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 271/339] modpost: fix undefined behavior of is_arm_mapping_symbol() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 273/339] x86/cpu: Elide KCSAN for cpu_has() and friends Greg Kroah-Hartman
` (68 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Peter Zijlstra (Intel),
Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 385bd430c011a8cb8278e61c32d602d11e06f414 ]
fs/ntfs3/ntfs3.prelink.o: warning: objtool: ni_read_frame() falls through to next function ni_readpage_cmpr.cold()
That is in fact:
000000000000124a <ni_read_frame.cold>:
124a: 44 89 e0 mov %r12d,%eax
124d: 0f b6 55 98 movzbl -0x68(%rbp),%edx
1251: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 1254: R_X86_64_32S .data+0x1380
1258: 48 89 c6 mov %rax,%rsi
125b: e8 00 00 00 00 call 1260 <ni_read_frame.cold+0x16> 125c: R_X86_64_PLT32 __ubsan_handle_shift_out_of_bounds-0x4
1260: 48 8d 7d cc lea -0x34(%rbp),%rdi
1264: e8 00 00 00 00 call 1269 <ni_read_frame.cold+0x1f> 1265: R_X86_64_PLT32 __tsan_read4-0x4
1269: 8b 45 cc mov -0x34(%rbp),%eax
126c: e9 00 00 00 00 jmp 1271 <ni_read_frame.cold+0x27> 126d: R_X86_64_PC32 .text+0x19109
1271: 48 8b 75 a0 mov -0x60(%rbp),%rsi
1275: 48 63 d0 movslq %eax,%rdx
1278: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 127b: R_X86_64_32S .data+0x13a0
127f: 89 45 88 mov %eax,-0x78(%rbp)
1282: e8 00 00 00 00 call 1287 <ni_read_frame.cold+0x3d> 1283: R_X86_64_PLT32 __ubsan_handle_shift_out_of_bounds-0x4
1287: 8b 45 88 mov -0x78(%rbp),%eax
128a: e9 00 00 00 00 jmp 128f <ni_read_frame.cold+0x45> 128b: R_X86_64_PC32 .text+0x19098
128f: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 1292: R_X86_64_32S .data+0x11f0
1296: e8 00 00 00 00 call 129b <ni_readpage_cmpr.cold> 1297: R_X86_64_PLT32 __ubsan_handle_builtin_unreachable-0x4
000000000000129b <ni_readpage_cmpr.cold>:
Tell objtool that __ubsan_handle_builtin_unreachable() is a noreturn.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20220502091514.GB479834@worktop.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/objtool/check.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 8a0971a620f0..f66e4ac0af94 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -185,7 +185,8 @@ static bool __dead_end_function(struct objtool_file *file, struct symbol *func,
"do_group_exit",
"stop_this_cpu",
"__invalid_creds",
- "cpu_startup_entry",
+ "cpu_startup_entry",
+ "__ubsan_handle_builtin_unreachable",
};
if (!func)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 273/339] x86/cpu: Elide KCSAN for cpu_has() and friends
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 272/339] objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 274/339] jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds Greg Kroah-Hartman
` (67 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Peter Zijlstra (Intel),
Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit a6a5eb269f6f3a2fe392f725a8d9052190c731e2 ]
As x86 uses the <asm-generic/bitops/instrumented-*.h> headers, the
regular forms of all bitops are instrumented with explicit calls to
KASAN and KCSAN checks. As these are explicit calls, these are not
suppressed by the noinstr function attribute.
This can result in calls to those check functions in noinstr code, which
objtool warns about:
vmlinux.o: warning: objtool: enter_from_user_mode+0x24: call to __kcsan_check_access() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode+0x28: call to __kcsan_check_access() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_enter_from_user_mode_prepare+0x24: call to __kcsan_check_access() leaves .noinstr.text section
vmlinux.o: warning: objtool: irqentry_enter_from_user_mode+0x24: call to __kcsan_check_access() leaves .noinstr.text section
Prevent this by using the arch_*() bitops, which are the underlying
bitops without explciit instrumentation.
[null: Changelog]
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20220502111216.290518605@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/cpufeature.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 1261842d006c..49a3b122279e 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -51,7 +51,7 @@ extern const char * const x86_power_flags[32];
extern const char * const x86_bug_flags[NBUGINTS*32];
#define test_cpu_cap(c, bit) \
- test_bit(bit, (unsigned long *)((c)->x86_capability))
+ arch_test_bit(bit, (unsigned long *)((c)->x86_capability))
/*
* There are 32 bits/features in each mask word. The high bits
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 274/339] jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 273/339] x86/cpu: Elide KCSAN for cpu_has() and friends Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 275/339] nbd: call genl_unregister_family() first in nbd_cleanup() Greg Kroah-Hartman
` (66 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot,
Peter Zijlstra (Intel),
Sasha Levin
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 656d054e0a15ec327bd82801ccd58201e59f6896 ]
When building x86_64 with JUMP_LABEL=n it's possible for
instrumentation to sneak into noinstr:
vmlinux.o: warning: objtool: exit_to_user_mode+0x14: call to static_key_count.constprop.0() leaves .noinstr.text section
vmlinux.o: warning: objtool: syscall_exit_to_user_mode+0x2d: call to static_key_count.constprop.0() leaves .noinstr.text section
vmlinux.o: warning: objtool: irqentry_exit_to_user_mode+0x1b: call to static_key_count.constprop.0() leaves .noinstr.text section
Switch to arch_ prefixed atomic to avoid the explicit instrumentation.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/jump_label.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h
index 107751cc047b..bf1eef337a07 100644
--- a/include/linux/jump_label.h
+++ b/include/linux/jump_label.h
@@ -256,9 +256,9 @@ extern void static_key_disable_cpuslocked(struct static_key *key);
#include <linux/atomic.h>
#include <linux/bug.h>
-static inline int static_key_count(struct static_key *key)
+static __always_inline int static_key_count(struct static_key *key)
{
- return atomic_read(&key->enabled);
+ return arch_atomic_read(&key->enabled);
}
static __always_inline void jump_label_init(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 275/339] nbd: call genl_unregister_family() first in nbd_cleanup()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 274/339] jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 276/339] nbd: fix race between nbd_alloc_config() and module removal Greg Kroah-Hartman
` (65 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Yu Kuai, Josef Bacik,
Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 06c4da89c24e7023ea448cadf8e9daf06a0aae6e ]
Otherwise there may be race between module removal and the handling of
netlink command, which can lead to the oops as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000098
Oops: 0002 [#1] SMP PTI
CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:down_write+0x1a/0x50
Call Trace:
start_creating+0x89/0x130
debugfs_create_dir+0x1b/0x130
nbd_start_device+0x13d/0x390 [nbd]
nbd_genl_connect+0x42f/0x748 [nbd]
genl_family_rcv_msg_doit.isra.0+0xec/0x150
genl_rcv_msg+0xe5/0x1e0
netlink_rcv_skb+0x55/0x100
genl_rcv+0x29/0x40
netlink_unicast+0x1a8/0x250
netlink_sendmsg+0x21b/0x430
____sys_sendmsg+0x2a4/0x2d0
___sys_sendmsg+0x81/0xc0
__sys_sendmsg+0x62/0xb0
__x64_sys_sendmsg+0x1f/0x30
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae
Modules linked in: nbd(E-)
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-2-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index c860a9930855..b564942be5a3 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -2545,6 +2545,12 @@ static void __exit nbd_cleanup(void)
struct nbd_device *nbd;
LIST_HEAD(del_list);
+ /*
+ * Unregister netlink interface prior to waiting
+ * for the completion of netlink commands.
+ */
+ genl_unregister_family(&nbd_genl_family);
+
nbd_dbg_close();
mutex_lock(&nbd_index_mutex);
@@ -2563,7 +2569,6 @@ static void __exit nbd_cleanup(void)
destroy_workqueue(nbd_del_wq);
idr_destroy(&nbd_index_idr);
- genl_unregister_family(&nbd_genl_family);
unregister_blkdev(NBD_MAJOR, "nbd");
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 276/339] nbd: fix race between nbd_alloc_config() and module removal
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 275/339] nbd: call genl_unregister_family() first in nbd_cleanup() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 277/339] nbd: fix io hung while disconnecting device Greg Kroah-Hartman
` (64 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Hou Tao, Yu Kuai, Josef Bacik,
Jens Axboe, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit c55b2b983b0fa012942c3eb16384b2b722caa810 ]
When nbd module is being removing, nbd_alloc_config() may be
called concurrently by nbd_genl_connect(), although try_module_get()
will return false, but nbd_alloc_config() doesn't handle it.
The race may lead to the leak of nbd_config and its related
resources (e.g, recv_workq) and oops in nbd_read_stat() due
to the unload of nbd module as shown below:
BUG: kernel NULL pointer dereference, address: 0000000000000040
Oops: 0000 [#1] SMP PTI
CPU: 5 PID: 13840 Comm: kworker/u17:33 Not tainted 5.14.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: knbd16-recv recv_work [nbd]
RIP: 0010:nbd_read_stat.cold+0x130/0x1a4 [nbd]
Call Trace:
recv_work+0x3b/0xb0 [nbd]
process_one_work+0x1ed/0x390
worker_thread+0x4a/0x3d0
kthread+0x12a/0x150
ret_from_fork+0x22/0x30
Fixing it by checking the return value of try_module_get()
in nbd_alloc_config(). As nbd_alloc_config() may return ERR_PTR(-ENODEV),
assign nbd->config only when nbd_alloc_config() succeeds to ensure
the value of nbd->config is binary (valid or NULL).
Also adding a debug message to check the reference counter
of nbd_config during module removal.
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-3-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index b564942be5a3..87b5f6e3c60f 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1533,15 +1533,20 @@ static struct nbd_config *nbd_alloc_config(void)
{
struct nbd_config *config;
+ if (!try_module_get(THIS_MODULE))
+ return ERR_PTR(-ENODEV);
+
config = kzalloc(sizeof(struct nbd_config), GFP_NOFS);
- if (!config)
- return NULL;
+ if (!config) {
+ module_put(THIS_MODULE);
+ return ERR_PTR(-ENOMEM);
+ }
+
atomic_set(&config->recv_threads, 0);
init_waitqueue_head(&config->recv_wq);
init_waitqueue_head(&config->conn_wait);
config->blksize_bits = NBD_DEF_BLKSIZE_BITS;
atomic_set(&config->live_connections, 0);
- try_module_get(THIS_MODULE);
return config;
}
@@ -1568,12 +1573,13 @@ static int nbd_open(struct block_device *bdev, fmode_t mode)
mutex_unlock(&nbd->config_lock);
goto out;
}
- config = nbd->config = nbd_alloc_config();
- if (!config) {
- ret = -ENOMEM;
+ config = nbd_alloc_config();
+ if (IS_ERR(config)) {
+ ret = PTR_ERR(config);
mutex_unlock(&nbd->config_lock);
goto out;
}
+ nbd->config = config;
refcount_set(&nbd->config_refs, 1);
refcount_inc(&nbd->refs);
mutex_unlock(&nbd->config_lock);
@@ -1981,13 +1987,14 @@ static int nbd_genl_connect(struct sk_buff *skb, struct genl_info *info)
nbd_put(nbd);
return -EINVAL;
}
- config = nbd->config = nbd_alloc_config();
- if (!nbd->config) {
+ config = nbd_alloc_config();
+ if (IS_ERR(config)) {
mutex_unlock(&nbd->config_lock);
nbd_put(nbd);
printk(KERN_ERR "nbd: couldn't allocate config\n");
- return -ENOMEM;
+ return PTR_ERR(config);
}
+ nbd->config = config;
refcount_set(&nbd->config_refs, 1);
set_bit(NBD_RT_BOUND, &config->runtime_flags);
@@ -2560,6 +2567,9 @@ static void __exit nbd_cleanup(void)
while (!list_empty(&del_list)) {
nbd = list_first_entry(&del_list, struct nbd_device, list);
list_del_init(&nbd->list);
+ if (refcount_read(&nbd->config_refs))
+ printk(KERN_ERR "nbd: possibly leaking nbd_config (ref %d)\n",
+ refcount_read(&nbd->config_refs));
if (refcount_read(&nbd->refs) != 1)
printk(KERN_ERR "nbd: possibly leaking a device\n");
nbd_put(nbd);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 277/339] nbd: fix io hung while disconnecting device
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 276/339] nbd: fix race between nbd_alloc_config() and module removal Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 278/339] Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" Greg Kroah-Hartman
` (63 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Yu Kuai, Josef Bacik, Jens Axboe,
Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 09dadb5985023e27d4740ebd17e6fea4640110e5 ]
In our tests, "qemu-nbd" triggers a io hung:
INFO: task qemu-nbd:11445 blocked for more than 368 seconds.
Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000
Call Trace:
<TASK>
__schedule+0x480/0x1050
? _raw_spin_lock_irqsave+0x3e/0xb0
schedule+0x9c/0x1b0
blk_mq_freeze_queue_wait+0x9d/0xf0
? ipi_rseq+0x70/0x70
blk_mq_freeze_queue+0x2b/0x40
nbd_add_socket+0x6b/0x270 [nbd]
nbd_ioctl+0x383/0x510 [nbd]
blkdev_ioctl+0x18e/0x3e0
__x64_sys_ioctl+0xac/0x120
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd8ff706577
RSP: 002b:00007fd8fcdfebf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 00007fd8ff706577
RDX: 000000000000000d RSI: 000000000000ab00 RDI: 000000000000000f
RBP: 000000000000000f R08: 000000000000fbe8 R09: 000055fe497c62b0
R10: 00000002aff20000 R11: 0000000000000246 R12: 000000000000006d
R13: 0000000000000000 R14: 00007ffe82dc5e70 R15: 00007fd8fcdff9c0
"qemu-ndb -d" will call ioctl 'NBD_DISCONNECT' first, however, following
message was found:
block nbd0: Send disconnect failed -32
Which indicate that something is wrong with the server. Then,
"qemu-nbd -d" will call ioctl 'NBD_CLEAR_SOCK', however ioctl can't clear
requests after commit 2516ab1543fd("nbd: only clear the queue on device
teardown"). And in the meantime, request can't complete through timeout
because nbd_xmit_timeout() will always return 'BLK_EH_RESET_TIMER', which
means such request will never be completed in this situation.
Now that the flag 'NBD_CMD_INFLIGHT' can make sure requests won't
complete multiple times, switch back to call nbd_clear_sock() in
nbd_clear_sock_ioctl(), so that inflight requests can be cleared.
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Link: https://lore.kernel.org/r/20220521073749.3146892-5-yukuai3@huawei.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 87b5f6e3c60f..ee5adca0ba7b 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1434,7 +1434,7 @@ static int nbd_start_device_ioctl(struct nbd_device *nbd, struct block_device *b
static void nbd_clear_sock_ioctl(struct nbd_device *nbd,
struct block_device *bdev)
{
- sock_shutdown(nbd);
+ nbd_clear_sock(nbd);
__invalidate_device(bdev, true);
nbd_bdev_reset(bdev);
if (test_and_clear_bit(NBD_RT_HAS_CONFIG_REF,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 278/339] Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 277/339] nbd: fix io hung while disconnecting device Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 279/339] Revert "PCI: brcmstb: Add control of subdevice voltage regulators" Greg Kroah-Hartman
` (62 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cyril Brulebois, Bjorn Helgaas, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 7894025c783ca36394d3afe49c8cfb4c830b82fe ]
This reverts commit 11ed8b8624b8085f706864b4addcd304b1e4fc38.
This is part of a revert of the following commits:
11ed8b8624b8 ("PCI: brcmstb: Do not turn off WOL regulators on suspend")
93e41f3fca3d ("PCI: brcmstb: Add control of subdevice voltage regulators")
67211aadcb4b ("PCI: brcmstb: Add mechanism to turn on subdev regulators")
830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup() into two funcs")
Cyril reported that 830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup()
into two funcs"), which appeared in v5.17-rc1, broke booting on the
Raspberry Pi Compute Module 4. Apparently 830aa6f29f07 panics with an
Asynchronous SError Interrupt, and after further commits here is a black
screen on HDMI and no output on the serial console.
This does not seem to affect the Raspberry Pi 4 B.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215925
Link: https://lore.kernel.org/r/20220511201856.808690-2-helgaas@kernel.org
Reported-by: Cyril Brulebois <kibi@debian.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-brcmstb.c | 53 +++++----------------------
1 file changed, 9 insertions(+), 44 deletions(-)
diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c
index 375c0c40bbf8..3edd63735948 100644
--- a/drivers/pci/controller/pcie-brcmstb.c
+++ b/drivers/pci/controller/pcie-brcmstb.c
@@ -333,7 +333,6 @@ struct brcm_pcie {
void (*bridge_sw_init_set)(struct brcm_pcie *pcie, u32 val);
bool refusal_mode;
struct subdev_regulators *sr;
- bool ep_wakeup_capable;
};
static inline bool is_bmips(const struct brcm_pcie *pcie)
@@ -1351,21 +1350,9 @@ static void brcm_pcie_turn_off(struct brcm_pcie *pcie)
pcie->bridge_sw_init_set(pcie, 1);
}
-static int pci_dev_may_wakeup(struct pci_dev *dev, void *data)
-{
- bool *ret = data;
-
- if (device_may_wakeup(&dev->dev)) {
- *ret = true;
- dev_info(&dev->dev, "disable cancelled for wake-up device\n");
- }
- return (int) *ret;
-}
-
static int brcm_pcie_suspend(struct device *dev)
{
struct brcm_pcie *pcie = dev_get_drvdata(dev);
- struct pci_host_bridge *bridge = pci_host_bridge_from_priv(pcie);
int ret;
brcm_pcie_turn_off(pcie);
@@ -1384,22 +1371,11 @@ static int brcm_pcie_suspend(struct device *dev)
}
if (pcie->sr) {
- /*
- * Now turn off the regulators, but if at least one
- * downstream device is enabled as a wake-up source, do not
- * turn off regulators.
- */
- pcie->ep_wakeup_capable = false;
- pci_walk_bus(bridge->bus, pci_dev_may_wakeup,
- &pcie->ep_wakeup_capable);
- if (!pcie->ep_wakeup_capable) {
- ret = regulator_bulk_disable(pcie->sr->num_supplies,
- pcie->sr->supplies);
- if (ret) {
- dev_err(dev, "Could not turn off regulators\n");
- reset_control_reset(pcie->rescal);
- return ret;
- }
+ ret = regulator_bulk_disable(pcie->sr->num_supplies, pcie->sr->supplies);
+ if (ret) {
+ dev_err(dev, "Could not turn off regulators\n");
+ reset_control_reset(pcie->rescal);
+ return ret;
}
}
clk_disable_unprepare(pcie->clk);
@@ -1420,21 +1396,10 @@ static int brcm_pcie_resume(struct device *dev)
return ret;
if (pcie->sr) {
- if (pcie->ep_wakeup_capable) {
- /*
- * We are resuming from a suspend. In the suspend we
- * did not disable the power supplies, so there is
- * no need to enable them (and falsely increase their
- * usage count).
- */
- pcie->ep_wakeup_capable = false;
- } else {
- ret = regulator_bulk_enable(pcie->sr->num_supplies,
- pcie->sr->supplies);
- if (ret) {
- dev_err(dev, "Could not turn on regulators\n");
- goto err_disable_clk;
- }
+ ret = regulator_bulk_enable(pcie->sr->num_supplies, pcie->sr->supplies);
+ if (ret) {
+ dev_err(dev, "Could not turn on regulators\n");
+ goto err_disable_clk;
}
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 279/339] Revert "PCI: brcmstb: Add control of subdevice voltage regulators"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 278/339] Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 280/339] Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" Greg Kroah-Hartman
` (61 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cyril Brulebois, Bjorn Helgaas, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 212942609d83b591f5a2f2691df122d13aa3a87d ]
This reverts commit 93e41f3fca3d4a0f927b784012338c37f80a8a80.
This is part of a revert of the following commits:
11ed8b8624b8 ("PCI: brcmstb: Do not turn off WOL regulators on suspend")
93e41f3fca3d ("PCI: brcmstb: Add control of subdevice voltage regulators")
67211aadcb4b ("PCI: brcmstb: Add mechanism to turn on subdev regulators")
830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup() into two funcs")
Cyril reported that 830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup()
into two funcs"), which appeared in v5.17-rc1, broke booting on the
Raspberry Pi Compute Module 4. Apparently 830aa6f29f07 panics with an
Asynchronous SError Interrupt, and after further commits here is a black
screen on HDMI and no output on the serial console.
This does not seem to affect the Raspberry Pi 4 B.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215925
Link: https://lore.kernel.org/r/20220511201856.808690-3-helgaas@kernel.org
Reported-by: Cyril Brulebois <kibi@debian.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-brcmstb.c | 83 ++-------------------------
1 file changed, 5 insertions(+), 78 deletions(-)
diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c
index 3edd63735948..fd464d38fecb 100644
--- a/drivers/pci/controller/pcie-brcmstb.c
+++ b/drivers/pci/controller/pcie-brcmstb.c
@@ -196,8 +196,6 @@ static inline void brcm_pcie_bridge_sw_init_set_generic(struct brcm_pcie *pcie,
static inline void brcm_pcie_perst_set_4908(struct brcm_pcie *pcie, u32 val);
static inline void brcm_pcie_perst_set_7278(struct brcm_pcie *pcie, u32 val);
static inline void brcm_pcie_perst_set_generic(struct brcm_pcie *pcie, u32 val);
-static int brcm_pcie_linkup(struct brcm_pcie *pcie);
-static int brcm_pcie_add_bus(struct pci_bus *bus);
enum {
RGR1_SW_INIT_1,
@@ -331,8 +329,6 @@ struct brcm_pcie {
u32 hw_rev;
void (*perst_set)(struct brcm_pcie *pcie, u32 val);
void (*bridge_sw_init_set)(struct brcm_pcie *pcie, u32 val);
- bool refusal_mode;
- struct subdev_regulators *sr;
};
static inline bool is_bmips(const struct brcm_pcie *pcie)
@@ -501,34 +497,6 @@ static int pci_subdev_regulators_add_bus(struct pci_bus *bus)
return 0;
}
-static int brcm_pcie_add_bus(struct pci_bus *bus)
-{
- struct device *dev = &bus->dev;
- struct brcm_pcie *pcie = (struct brcm_pcie *) bus->sysdata;
- int ret;
-
- if (!dev->of_node || !bus->parent || !pci_is_root_bus(bus->parent))
- return 0;
-
- ret = pci_subdev_regulators_add_bus(bus);
- if (ret)
- return ret;
-
- /* Grab the regulators for suspend/resume */
- pcie->sr = bus->dev.driver_data;
-
- /*
- * If we have failed linkup there is no point to return an error as
- * currently it will cause a WARNING() from pci_alloc_child_bus().
- * We return 0 and turn on the "refusal_mode" so that any further
- * accesses to the pci_dev just get 0xffffffff
- */
- if (brcm_pcie_linkup(pcie) != 0)
- pcie->refusal_mode = true;
-
- return 0;
-}
-
static void pci_subdev_regulators_remove_bus(struct pci_bus *bus)
{
struct device *dev = &bus->dev;
@@ -857,18 +825,6 @@ static void __iomem *brcm_pcie_map_conf(struct pci_bus *bus, unsigned int devfn,
/* Accesses to the RC go right to the RC registers if slot==0 */
if (pci_is_root_bus(bus))
return PCI_SLOT(devfn) ? NULL : base + where;
- if (pcie->refusal_mode) {
- /*
- * At this point we do not have link. There will be a CPU
- * abort -- a quirk with this controller --if Linux tries
- * to read any config-space registers besides those
- * targeting the host bridge. To prevent this we hijack
- * the address to point to a safe access that will return
- * 0xffffffff.
- */
- writel(0xffffffff, base + PCIE_MISC_RC_BAR2_CONFIG_HI);
- return base + PCIE_MISC_RC_BAR2_CONFIG_HI + (where & 0x3);
- }
/* For devices, write to the config space index register */
idx = PCIE_ECAM_OFFSET(bus->number, devfn, 0);
@@ -897,7 +853,7 @@ static struct pci_ops brcm_pcie_ops = {
.map_bus = brcm_pcie_map_conf,
.read = pci_generic_config_read,
.write = pci_generic_config_write,
- .add_bus = brcm_pcie_add_bus,
+ .add_bus = pci_subdev_regulators_add_bus,
.remove_bus = pci_subdev_regulators_remove_bus,
};
@@ -1370,14 +1326,6 @@ static int brcm_pcie_suspend(struct device *dev)
return ret;
}
- if (pcie->sr) {
- ret = regulator_bulk_disable(pcie->sr->num_supplies, pcie->sr->supplies);
- if (ret) {
- dev_err(dev, "Could not turn off regulators\n");
- reset_control_reset(pcie->rescal);
- return ret;
- }
- }
clk_disable_unprepare(pcie->clk);
return 0;
@@ -1395,17 +1343,9 @@ static int brcm_pcie_resume(struct device *dev)
if (ret)
return ret;
- if (pcie->sr) {
- ret = regulator_bulk_enable(pcie->sr->num_supplies, pcie->sr->supplies);
- if (ret) {
- dev_err(dev, "Could not turn on regulators\n");
- goto err_disable_clk;
- }
- }
-
ret = reset_control_reset(pcie->rescal);
if (ret)
- goto err_regulator;
+ goto err_disable_clk;
ret = brcm_phy_start(pcie);
if (ret)
@@ -1437,9 +1377,6 @@ static int brcm_pcie_resume(struct device *dev)
err_reset:
reset_control_rearm(pcie->rescal);
-err_regulator:
- if (pcie->sr)
- regulator_bulk_disable(pcie->sr->num_supplies, pcie->sr->supplies);
err_disable_clk:
clk_disable_unprepare(pcie->clk);
return ret;
@@ -1571,17 +1508,7 @@ static int brcm_pcie_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, pcie);
- ret = pci_host_probe(bridge);
- if (!ret && !brcm_pcie_link_up(pcie))
- ret = -ENODEV;
-
- if (ret) {
- brcm_pcie_remove(pdev);
- return ret;
- }
-
- return 0;
-
+ return pci_host_probe(bridge);
fail:
__brcm_pcie_remove(pcie);
return ret;
@@ -1590,8 +1517,8 @@ static int brcm_pcie_probe(struct platform_device *pdev)
MODULE_DEVICE_TABLE(of, brcm_pcie_match);
static const struct dev_pm_ops brcm_pcie_pm_ops = {
- .suspend_noirq = brcm_pcie_suspend,
- .resume_noirq = brcm_pcie_resume,
+ .suspend = brcm_pcie_suspend,
+ .resume = brcm_pcie_resume,
};
static struct platform_driver brcm_pcie_driver = {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 280/339] Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 279/339] Revert "PCI: brcmstb: Add control of subdevice voltage regulators" Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 281/339] Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" Greg Kroah-Hartman
` (60 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cyril Brulebois, Bjorn Helgaas, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit 420be2f7ebe60c9ba3e332f5290017cd168e2bf8 ]
This reverts commit 67211aadcb4b968d0fdc57bc27240fa71500c2d4.
This is part of a revert of the following commits:
11ed8b8624b8 ("PCI: brcmstb: Do not turn off WOL regulators on suspend")
93e41f3fca3d ("PCI: brcmstb: Add control of subdevice voltage regulators")
67211aadcb4b ("PCI: brcmstb: Add mechanism to turn on subdev regulators")
830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup() into two funcs")
Cyril reported that 830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup()
into two funcs"), which appeared in v5.17-rc1, broke booting on the
Raspberry Pi Compute Module 4. Apparently 830aa6f29f07 panics with an
Asynchronous SError Interrupt, and after further commits here is a black
screen on HDMI and no output on the serial console.
This does not seem to affect the Raspberry Pi 4 B.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215925
Link: https://lore.kernel.org/r/20220511201856.808690-4-helgaas@kernel.org
Reported-by: Cyril Brulebois <kibi@debian.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-brcmstb.c | 76 ---------------------------
1 file changed, 76 deletions(-)
diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c
index fd464d38fecb..0e8346114a8d 100644
--- a/drivers/pci/controller/pcie-brcmstb.c
+++ b/drivers/pci/controller/pcie-brcmstb.c
@@ -24,7 +24,6 @@
#include <linux/pci.h>
#include <linux/pci-ecam.h>
#include <linux/printk.h>
-#include <linux/regulator/consumer.h>
#include <linux/reset.h>
#include <linux/sizes.h>
#include <linux/slab.h>
@@ -284,14 +283,6 @@ static const struct pcie_cfg_data bcm2711_cfg = {
.bridge_sw_init_set = brcm_pcie_bridge_sw_init_set_generic,
};
-struct subdev_regulators {
- unsigned int num_supplies;
- struct regulator_bulk_data supplies[];
-};
-
-static int pci_subdev_regulators_add_bus(struct pci_bus *bus);
-static void pci_subdev_regulators_remove_bus(struct pci_bus *bus);
-
struct brcm_msi {
struct device *dev;
void __iomem *base;
@@ -445,71 +436,6 @@ static int brcm_pcie_set_ssc(struct brcm_pcie *pcie)
return ssc && pll ? 0 : -EIO;
}
-static void *alloc_subdev_regulators(struct device *dev)
-{
- static const char * const supplies[] = {
- "vpcie3v3",
- "vpcie3v3aux",
- "vpcie12v",
- };
- const size_t size = sizeof(struct subdev_regulators)
- + sizeof(struct regulator_bulk_data) * ARRAY_SIZE(supplies);
- struct subdev_regulators *sr;
- int i;
-
- sr = devm_kzalloc(dev, size, GFP_KERNEL);
- if (sr) {
- sr->num_supplies = ARRAY_SIZE(supplies);
- for (i = 0; i < ARRAY_SIZE(supplies); i++)
- sr->supplies[i].supply = supplies[i];
- }
-
- return sr;
-}
-
-static int pci_subdev_regulators_add_bus(struct pci_bus *bus)
-{
- struct device *dev = &bus->dev;
- struct subdev_regulators *sr;
- int ret;
-
- if (!dev->of_node || !bus->parent || !pci_is_root_bus(bus->parent))
- return 0;
-
- if (dev->driver_data)
- dev_err(dev, "dev.driver_data unexpectedly non-NULL\n");
-
- sr = alloc_subdev_regulators(dev);
- if (!sr)
- return -ENOMEM;
-
- dev->driver_data = sr;
- ret = regulator_bulk_get(dev, sr->num_supplies, sr->supplies);
- if (ret)
- return ret;
-
- ret = regulator_bulk_enable(sr->num_supplies, sr->supplies);
- if (ret) {
- dev_err(dev, "failed to enable regulators for downstream device\n");
- return ret;
- }
-
- return 0;
-}
-
-static void pci_subdev_regulators_remove_bus(struct pci_bus *bus)
-{
- struct device *dev = &bus->dev;
- struct subdev_regulators *sr = dev->driver_data;
-
- if (!sr || !bus->parent || !pci_is_root_bus(bus->parent))
- return;
-
- if (regulator_bulk_disable(sr->num_supplies, sr->supplies))
- dev_err(dev, "failed to disable regulators for downstream device\n");
- dev->driver_data = NULL;
-}
-
/* Limits operation to a specific generation (1, 2, or 3) */
static void brcm_pcie_set_gen(struct brcm_pcie *pcie, int gen)
{
@@ -853,8 +779,6 @@ static struct pci_ops brcm_pcie_ops = {
.map_bus = brcm_pcie_map_conf,
.read = pci_generic_config_read,
.write = pci_generic_config_write,
- .add_bus = pci_subdev_regulators_add_bus,
- .remove_bus = pci_subdev_regulators_remove_bus,
};
static struct pci_ops brcm_pcie_ops32 = {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 281/339] Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs"
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 280/339] Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 282/339] cifs: fix potential deadlock in direct reclaim Greg Kroah-Hartman
` (59 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cyril Brulebois, Bjorn Helgaas, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit f4fd559de3434c44bed1d2912bd0c75cfa42898b ]
This reverts commit 830aa6f29f07a4e2f1a947dfa72b3ccddb46dd21.
This is part of a revert of the following commits:
11ed8b8624b8 ("PCI: brcmstb: Do not turn off WOL regulators on suspend")
93e41f3fca3d ("PCI: brcmstb: Add control of subdevice voltage regulators")
67211aadcb4b ("PCI: brcmstb: Add mechanism to turn on subdev regulators")
830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup() into two funcs")
Cyril reported that 830aa6f29f07 ("PCI: brcmstb: Split brcm_pcie_setup()
into two funcs"), which appeared in v5.17-rc1, broke booting on the
Raspberry Pi Compute Module 4. Apparently 830aa6f29f07 panics with an
Asynchronous SError Interrupt, and after further commits here is a black
screen on HDMI and no output on the serial console.
This does not seem to affect the Raspberry Pi 4 B.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215925
Link: https://lore.kernel.org/r/20220511201856.808690-5-helgaas@kernel.org
Reported-by: Cyril Brulebois <kibi@debian.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pcie-brcmstb.c | 65 +++++++++++----------------
1 file changed, 26 insertions(+), 39 deletions(-)
diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c
index 0e8346114a8d..e61058e13818 100644
--- a/drivers/pci/controller/pcie-brcmstb.c
+++ b/drivers/pci/controller/pcie-brcmstb.c
@@ -926,9 +926,16 @@ static inline int brcm_pcie_get_rc_bar2_size_and_offset(struct brcm_pcie *pcie,
static int brcm_pcie_setup(struct brcm_pcie *pcie)
{
+ struct pci_host_bridge *bridge = pci_host_bridge_from_priv(pcie);
u64 rc_bar2_offset, rc_bar2_size;
void __iomem *base = pcie->base;
- int ret, memc;
+ struct device *dev = pcie->dev;
+ struct resource_entry *entry;
+ bool ssc_good = false;
+ struct resource *res;
+ int num_out_wins = 0;
+ u16 nlw, cls, lnksta;
+ int i, ret, memc;
u32 tmp, burst, aspm_support;
/* Reset the bridge */
@@ -1018,40 +1025,6 @@ static int brcm_pcie_setup(struct brcm_pcie *pcie)
if (pcie->gen)
brcm_pcie_set_gen(pcie, pcie->gen);
- /* Don't advertise L0s capability if 'aspm-no-l0s' */
- aspm_support = PCIE_LINK_STATE_L1;
- if (!of_property_read_bool(pcie->np, "aspm-no-l0s"))
- aspm_support |= PCIE_LINK_STATE_L0S;
- tmp = readl(base + PCIE_RC_CFG_PRIV1_LINK_CAPABILITY);
- u32p_replace_bits(&tmp, aspm_support,
- PCIE_RC_CFG_PRIV1_LINK_CAPABILITY_ASPM_SUPPORT_MASK);
- writel(tmp, base + PCIE_RC_CFG_PRIV1_LINK_CAPABILITY);
-
- /*
- * For config space accesses on the RC, show the right class for
- * a PCIe-PCIe bridge (the default setting is to be EP mode).
- */
- tmp = readl(base + PCIE_RC_CFG_PRIV1_ID_VAL3);
- u32p_replace_bits(&tmp, 0x060400,
- PCIE_RC_CFG_PRIV1_ID_VAL3_CLASS_CODE_MASK);
- writel(tmp, base + PCIE_RC_CFG_PRIV1_ID_VAL3);
-
- return 0;
-}
-
-static int brcm_pcie_linkup(struct brcm_pcie *pcie)
-{
- struct pci_host_bridge *bridge = pci_host_bridge_from_priv(pcie);
- struct device *dev = pcie->dev;
- void __iomem *base = pcie->base;
- struct resource_entry *entry;
- struct resource *res;
- int num_out_wins = 0;
- u16 nlw, cls, lnksta;
- bool ssc_good = false;
- u32 tmp;
- int ret, i;
-
/* Unassert the fundamental reset */
pcie->perst_set(pcie, 0);
@@ -1102,6 +1075,24 @@ static int brcm_pcie_linkup(struct brcm_pcie *pcie)
num_out_wins++;
}
+ /* Don't advertise L0s capability if 'aspm-no-l0s' */
+ aspm_support = PCIE_LINK_STATE_L1;
+ if (!of_property_read_bool(pcie->np, "aspm-no-l0s"))
+ aspm_support |= PCIE_LINK_STATE_L0S;
+ tmp = readl(base + PCIE_RC_CFG_PRIV1_LINK_CAPABILITY);
+ u32p_replace_bits(&tmp, aspm_support,
+ PCIE_RC_CFG_PRIV1_LINK_CAPABILITY_ASPM_SUPPORT_MASK);
+ writel(tmp, base + PCIE_RC_CFG_PRIV1_LINK_CAPABILITY);
+
+ /*
+ * For config space accesses on the RC, show the right class for
+ * a PCIe-PCIe bridge (the default setting is to be EP mode).
+ */
+ tmp = readl(base + PCIE_RC_CFG_PRIV1_ID_VAL3);
+ u32p_replace_bits(&tmp, 0x060400,
+ PCIE_RC_CFG_PRIV1_ID_VAL3_CLASS_CODE_MASK);
+ writel(tmp, base + PCIE_RC_CFG_PRIV1_ID_VAL3);
+
if (pcie->ssc) {
ret = brcm_pcie_set_ssc(pcie);
if (ret == 0)
@@ -1290,10 +1281,6 @@ static int brcm_pcie_resume(struct device *dev)
if (ret)
goto err_reset;
- ret = brcm_pcie_linkup(pcie);
- if (ret)
- goto err_reset;
-
if (pcie->msi)
brcm_msi_set_regs(pcie->msi);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 282/339] cifs: fix potential deadlock in direct reclaim
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 281/339] Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 283/339] s390/gmap: voluntarily schedule during key setting Greg Kroah-Hartman
` (58 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shyam Prasad N, Lars Persson,
Ronnie Sahlberg, Enzo Matsumiya, Vincent Whitchurch,
Steve French, Sasha Levin
From: Vincent Whitchurch <vincent.whitchurch@axis.com>
[ Upstream commit cc391b694ff085f62f133e6b8f864d43a8e69dfd ]
The srv_mutex is used during writeback so cifs should ensure that
allocations done when that mutex is held are done with GFP_NOFS, to
avoid having direct reclaim ending up waiting for the same mutex and
causing a deadlock. This is detected by lockdep with the splat below:
======================================================
WARNING: possible circular locking dependency detected
5.18.0 #70 Not tainted
------------------------------------------------------
kswapd0/49 is trying to acquire lock:
ffff8880195782e0 (&tcp_ses->srv_mutex){+.+.}-{3:3}, at: compound_send_recv
but task is already holding lock:
ffffffffa98e66c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (fs_reclaim){+.+.}-{0:0}:
fs_reclaim_acquire
kmem_cache_alloc_trace
__request_module
crypto_alg_mod_lookup
crypto_alloc_tfm_node
crypto_alloc_shash
cifs_alloc_hash
smb311_crypto_shash_allocate
smb311_update_preauth_hash
compound_send_recv
cifs_send_recv
SMB2_negotiate
smb2_negotiate
cifs_negotiate_protocol
cifs_get_smb_ses
cifs_mount
cifs_smb3_do_mount
smb3_get_tree
vfs_get_tree
path_mount
__x64_sys_mount
do_syscall_64
entry_SYSCALL_64_after_hwframe
-> #0 (&tcp_ses->srv_mutex){+.+.}-{3:3}:
__lock_acquire
lock_acquire
__mutex_lock
mutex_lock_nested
compound_send_recv
cifs_send_recv
SMB2_write
smb2_sync_write
cifs_write
cifs_writepage_locked
cifs_writepage
shrink_page_list
shrink_lruvec
shrink_node
balance_pgdat
kswapd
kthread
ret_from_fork
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
lock(&tcp_ses->srv_mutex);
lock(fs_reclaim);
lock(&tcp_ses->srv_mutex);
*** DEADLOCK ***
1 lock held by kswapd0/49:
#0: ffffffffa98e66c0 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat
stack backtrace:
CPU: 2 PID: 49 Comm: kswapd0 Not tainted 5.18.0 #70
Call Trace:
<TASK>
dump_stack_lvl
dump_stack
print_circular_bug.cold
check_noncircular
__lock_acquire
lock_acquire
__mutex_lock
mutex_lock_nested
compound_send_recv
cifs_send_recv
SMB2_write
smb2_sync_write
cifs_write
cifs_writepage_locked
cifs_writepage
shrink_page_list
shrink_lruvec
shrink_node
balance_pgdat
kswapd
kthread
ret_from_fork
</TASK>
Fix this by using the memalloc_nofs_save/restore APIs around the places
where the srv_mutex is held. Do this in a wrapper function for the
lock/unlock of the srv_mutex, and rename the srv_mutex to avoid missing
call sites in the conversion.
Note that there is another lockdep warning involving internal crypto
locks, which was masked by this problem and is visible after this fix,
see the discussion in this thread:
https://lore.kernel.org/all/20220523123755.GA13668@axis.com/
Link: https://lore.kernel.org/r/CANT5p=rqcYfYMVHirqvdnnca4Mo+JQSw5Qu12v=kPfpk5yhhmg@mail.gmail.com/
Reported-by: Shyam Prasad N <nspmangalore@gmail.com>
Suggested-by: Lars Persson <larper@axis.com>
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/cifs_swn.c | 4 ++--
fs/cifs/cifsencrypt.c | 8 ++++----
fs/cifs/cifsglob.h | 20 +++++++++++++++++++-
fs/cifs/connect.c | 26 +++++++++++++-------------
fs/cifs/dfs_cache.c | 4 ++--
fs/cifs/sess.c | 6 +++---
fs/cifs/smb1ops.c | 6 +++---
fs/cifs/smb2pdu.c | 6 +++---
fs/cifs/smbdirect.c | 4 ++--
fs/cifs/transport.c | 40 ++++++++++++++++++++--------------------
10 files changed, 71 insertions(+), 53 deletions(-)
diff --git a/fs/cifs/cifs_swn.c b/fs/cifs/cifs_swn.c
index 180c234c2f46..1e4c7cc5287f 100644
--- a/fs/cifs/cifs_swn.c
+++ b/fs/cifs/cifs_swn.c
@@ -465,7 +465,7 @@ static int cifs_swn_reconnect(struct cifs_tcon *tcon, struct sockaddr_storage *a
int ret = 0;
/* Store the reconnect address */
- mutex_lock(&tcon->ses->server->srv_mutex);
+ cifs_server_lock(tcon->ses->server);
if (cifs_sockaddr_equal(&tcon->ses->server->dstaddr, addr))
goto unlock;
@@ -501,7 +501,7 @@ static int cifs_swn_reconnect(struct cifs_tcon *tcon, struct sockaddr_storage *a
cifs_signal_cifsd_for_reconnect(tcon->ses->server, false);
unlock:
- mutex_unlock(&tcon->ses->server->srv_mutex);
+ cifs_server_unlock(tcon->ses->server);
return ret;
}
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index 0912d8bbbac1..663cb9db4908 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -236,9 +236,9 @@ int cifs_verify_signature(struct smb_rqst *rqst,
cpu_to_le32(expected_sequence_number);
cifs_pdu->Signature.Sequence.Reserved = 0;
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
rc = cifs_calc_signature(rqst, server, what_we_think_sig_should_be);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
if (rc)
return rc;
@@ -626,7 +626,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
memcpy(ses->auth_key.response + baselen, tiblob, tilen);
- mutex_lock(&ses->server->srv_mutex);
+ cifs_server_lock(ses->server);
rc = cifs_alloc_hash("hmac(md5)",
&ses->server->secmech.hmacmd5,
@@ -678,7 +678,7 @@ setup_ntlmv2_rsp(struct cifs_ses *ses, const struct nls_table *nls_cp)
cifs_dbg(VFS, "%s: Could not generate md5 hash\n", __func__);
unlock:
- mutex_unlock(&ses->server->srv_mutex);
+ cifs_server_unlock(ses->server);
setup_ntlmv2_rsp_ret:
kfree(tiblob);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index 5024b6792dab..e7503c1131a3 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -16,6 +16,7 @@
#include <linux/mempool.h>
#include <linux/workqueue.h>
#include <linux/utsname.h>
+#include <linux/sched/mm.h>
#include <linux/netfs.h>
#include "cifs_fs_sb.h"
#include "cifsacl.h"
@@ -621,7 +622,8 @@ struct TCP_Server_Info {
unsigned int in_flight; /* number of requests on the wire to server */
unsigned int max_in_flight; /* max number of requests that were on wire */
spinlock_t req_lock; /* protect the two values above */
- struct mutex srv_mutex;
+ struct mutex _srv_mutex;
+ unsigned int nofs_flag;
struct task_struct *tsk;
char server_GUID[16];
__u16 sec_mode;
@@ -736,6 +738,22 @@ struct TCP_Server_Info {
#endif
};
+static inline void cifs_server_lock(struct TCP_Server_Info *server)
+{
+ unsigned int nofs_flag = memalloc_nofs_save();
+
+ mutex_lock(&server->_srv_mutex);
+ server->nofs_flag = nofs_flag;
+}
+
+static inline void cifs_server_unlock(struct TCP_Server_Info *server)
+{
+ unsigned int nofs_flag = server->nofs_flag;
+
+ mutex_unlock(&server->_srv_mutex);
+ memalloc_nofs_restore(nofs_flag);
+}
+
struct cifs_credits {
unsigned int value;
unsigned int instance;
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index aa2d4c49e2a5..4a0b44052c35 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -148,7 +148,7 @@ static void cifs_resolve_server(struct work_struct *work)
struct TCP_Server_Info *server = container_of(work,
struct TCP_Server_Info, resolve.work);
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
/*
* Resolve the hostname again to make sure that IP address is up-to-date.
@@ -159,7 +159,7 @@ static void cifs_resolve_server(struct work_struct *work)
__func__, rc);
}
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
}
/*
@@ -267,7 +267,7 @@ cifs_abort_connection(struct TCP_Server_Info *server)
/* do not want to be sending data on a socket we are freeing */
cifs_dbg(FYI, "%s: tearing down socket\n", __func__);
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
if (server->ssocket) {
cifs_dbg(FYI, "State: 0x%x Flags: 0x%lx\n", server->ssocket->state,
server->ssocket->flags);
@@ -296,7 +296,7 @@ cifs_abort_connection(struct TCP_Server_Info *server)
mid->mid_flags |= MID_DELETED;
}
spin_unlock(&GlobalMid_Lock);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
cifs_dbg(FYI, "%s: issuing mid callbacks\n", __func__);
list_for_each_entry_safe(mid, nmid, &retry_list, qhead) {
@@ -306,9 +306,9 @@ cifs_abort_connection(struct TCP_Server_Info *server)
}
if (cifs_rdma_enabled(server)) {
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
smbd_destroy(server);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
}
}
@@ -359,7 +359,7 @@ static int __cifs_reconnect(struct TCP_Server_Info *server,
do {
try_to_freeze();
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
if (!cifs_swn_set_server_dstaddr(server)) {
/* resolve the hostname again to make sure that IP address is up-to-date */
@@ -372,7 +372,7 @@ static int __cifs_reconnect(struct TCP_Server_Info *server,
else
rc = generic_ip_connect(server);
if (rc) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
msleep(3000);
} else {
@@ -383,7 +383,7 @@ static int __cifs_reconnect(struct TCP_Server_Info *server,
server->tcpStatus = CifsNeedNegotiate;
spin_unlock(&cifs_tcp_ses_lock);
cifs_swn_reset_server_dstaddr(server);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
}
} while (server->tcpStatus == CifsNeedReconnect);
@@ -488,12 +488,12 @@ static int reconnect_dfs_server(struct TCP_Server_Info *server)
do {
try_to_freeze();
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
rc = reconnect_target_unlocked(server, &tl, &target_hint);
if (rc) {
/* Failed to reconnect socket */
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
cifs_dbg(FYI, "%s: reconnect error %d\n", __func__, rc);
msleep(3000);
continue;
@@ -510,7 +510,7 @@ static int reconnect_dfs_server(struct TCP_Server_Info *server)
server->tcpStatus = CifsNeedNegotiate;
spin_unlock(&cifs_tcp_ses_lock);
cifs_swn_reset_server_dstaddr(server);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
mod_delayed_work(cifsiod_wq, &server->reconnect, 0);
} while (server->tcpStatus == CifsNeedReconnect);
@@ -1565,7 +1565,7 @@ cifs_get_tcp_session(struct smb3_fs_context *ctx,
init_waitqueue_head(&tcp_ses->response_q);
init_waitqueue_head(&tcp_ses->request_q);
INIT_LIST_HEAD(&tcp_ses->pending_mid_q);
- mutex_init(&tcp_ses->srv_mutex);
+ mutex_init(&tcp_ses->_srv_mutex);
memcpy(tcp_ses->workstation_RFC1001_name,
ctx->source_rfc1001_name, RFC1001_NAME_LEN_WITH_NULL);
memcpy(tcp_ses->server_RFC1001_name,
diff --git a/fs/cifs/dfs_cache.c b/fs/cifs/dfs_cache.c
index c5dd6f7305bd..aa7d00b5b3e7 100644
--- a/fs/cifs/dfs_cache.c
+++ b/fs/cifs/dfs_cache.c
@@ -1327,9 +1327,9 @@ static bool target_share_equal(struct TCP_Server_Info *server, const char *s1, c
cifs_dbg(VFS, "%s: failed to convert address \'%s\'. skip address matching.\n",
__func__, ip);
} else {
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
match = cifs_match_ipaddr((struct sockaddr *)&server->dstaddr, &sa);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
}
kfree(ip);
diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c
index 1a0995bb5d90..20f3abc40267 100644
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -1093,14 +1093,14 @@ sess_establish_session(struct sess_data *sess_data)
struct cifs_ses *ses = sess_data->ses;
struct TCP_Server_Info *server = sess_data->server;
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
if (!server->session_estab) {
if (server->sign) {
server->session_key.response =
kmemdup(ses->auth_key.response,
ses->auth_key.len, GFP_KERNEL);
if (!server->session_key.response) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
return -ENOMEM;
}
server->session_key.len =
@@ -1109,7 +1109,7 @@ sess_establish_session(struct sess_data *sess_data)
server->sequence_number = 0x2;
server->session_estab = true;
}
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
cifs_dbg(FYI, "CIFS session established successfully\n");
return 0;
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
index c71c9a44bef4..2e20ee4dab7b 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
@@ -38,10 +38,10 @@ send_nt_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
in_buf->WordCount = 0;
put_bcc(0, in_buf);
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
rc = cifs_sign_smb(in_buf, server, &mid->sequence_number);
if (rc) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
return rc;
}
@@ -55,7 +55,7 @@ send_nt_cancel(struct TCP_Server_Info *server, struct smb_rqst *rqst,
if (rc < 0)
server->sequence_number--;
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
cifs_dbg(FYI, "issued NT_CANCEL for mid %u, rc = %d\n",
get_mid(in_buf), rc);
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
index f5321a3500f3..cf10b93fb41a 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -1369,13 +1369,13 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
struct cifs_ses *ses = sess_data->ses;
struct TCP_Server_Info *server = sess_data->server;
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
if (server->ops->generate_signingkey) {
rc = server->ops->generate_signingkey(ses, server);
if (rc) {
cifs_dbg(FYI,
"SMB3 session key generation failed\n");
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
return rc;
}
}
@@ -1383,7 +1383,7 @@ SMB2_sess_establish_session(struct SMB2_sess_data *sess_data)
server->sequence_number = 0x2;
server->session_estab = true;
}
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
cifs_dbg(FYI, "SMB2/3 session established successfully\n");
return rc;
diff --git a/fs/cifs/smbdirect.c b/fs/cifs/smbdirect.c
index 31ef64eb7fbb..35829d2a0918 100644
--- a/fs/cifs/smbdirect.c
+++ b/fs/cifs/smbdirect.c
@@ -1382,9 +1382,9 @@ void smbd_destroy(struct TCP_Server_Info *server)
log_rdma_event(INFO, "freeing mr list\n");
wake_up_interruptible_all(&info->wait_mr);
while (atomic_read(&info->mr_used_count)) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
msleep(1000);
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
}
destroy_mr_list(info);
diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c
index c667e6ddfe2f..71750cf7bf55 100644
--- a/fs/cifs/transport.c
+++ b/fs/cifs/transport.c
@@ -822,7 +822,7 @@ cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
} else
instance = exist_credits->instance;
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
/*
* We can't use credits obtained from the previous session to send this
@@ -830,14 +830,14 @@ cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
* return -EAGAIN in such cases to let callers handle it.
*/
if (instance != server->reconnect_instance) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
add_credits_and_wake_if(server, &credits, optype);
return -EAGAIN;
}
mid = server->ops->setup_async_request(server, rqst);
if (IS_ERR(mid)) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
add_credits_and_wake_if(server, &credits, optype);
return PTR_ERR(mid);
}
@@ -868,7 +868,7 @@ cifs_call_async(struct TCP_Server_Info *server, struct smb_rqst *rqst,
cifs_delete_mid(mid);
}
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
if (rc == 0)
return 0;
@@ -1109,7 +1109,7 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
* of smb data.
*/
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
/*
* All the parts of the compound chain belong obtained credits from the
@@ -1119,7 +1119,7 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
* handle it.
*/
if (instance != server->reconnect_instance) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
for (j = 0; j < num_rqst; j++)
add_credits(server, &credits[j], optype);
return -EAGAIN;
@@ -1131,7 +1131,7 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
revert_current_mid(server, i);
for (j = 0; j < i; j++)
cifs_delete_mid(midQ[j]);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
/* Update # of requests on wire to server */
for (j = 0; j < num_rqst; j++)
@@ -1163,7 +1163,7 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
server->sequence_number -= 2;
}
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
/*
* If sending failed for some reason or it is an oplock break that we
@@ -1190,9 +1190,9 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
if ((ses->status == CifsNew) || (optype & CIFS_NEG_OP) || (optype & CIFS_SESS_OP)) {
spin_unlock(&cifs_tcp_ses_lock);
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
smb311_update_preauth_hash(ses, server, rqst[0].rq_iov, rqst[0].rq_nvec);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
spin_lock(&cifs_tcp_ses_lock);
}
@@ -1266,9 +1266,9 @@ compound_send_recv(const unsigned int xid, struct cifs_ses *ses,
.iov_len = resp_iov[0].iov_len
};
spin_unlock(&cifs_tcp_ses_lock);
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
smb311_update_preauth_hash(ses, server, &iov, 1);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
spin_lock(&cifs_tcp_ses_lock);
}
spin_unlock(&cifs_tcp_ses_lock);
@@ -1385,11 +1385,11 @@ SendReceive(const unsigned int xid, struct cifs_ses *ses,
and avoid races inside tcp sendmsg code that could cause corruption
of smb data */
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
rc = allocate_mid(ses, in_buf, &midQ);
if (rc) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
/* Update # of requests on wire to server */
add_credits(server, &credits, 0);
return rc;
@@ -1397,7 +1397,7 @@ SendReceive(const unsigned int xid, struct cifs_ses *ses,
rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
if (rc) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
goto out;
}
@@ -1411,7 +1411,7 @@ SendReceive(const unsigned int xid, struct cifs_ses *ses,
if (rc < 0)
server->sequence_number -= 2;
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
if (rc < 0)
goto out;
@@ -1530,18 +1530,18 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
and avoid races inside tcp sendmsg code that could cause corruption
of smb data */
- mutex_lock(&server->srv_mutex);
+ cifs_server_lock(server);
rc = allocate_mid(ses, in_buf, &midQ);
if (rc) {
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
return rc;
}
rc = cifs_sign_smb(in_buf, server, &midQ->sequence_number);
if (rc) {
cifs_delete_mid(midQ);
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
return rc;
}
@@ -1554,7 +1554,7 @@ SendReceiveBlockingLock(const unsigned int xid, struct cifs_tcon *tcon,
if (rc < 0)
server->sequence_number -= 2;
- mutex_unlock(&server->srv_mutex);
+ cifs_server_unlock(server);
if (rc < 0) {
cifs_delete_mid(midQ);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 283/339] s390/gmap: voluntarily schedule during key setting
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 282/339] cifs: fix potential deadlock in direct reclaim Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 284/339] cifs: version operations for smb20 unneeded when legacy support disabled Greg Kroah-Hartman
` (57 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christian Borntraeger,
Alexander Gordeev, Claudio Imbrenda, Heiko Carstens, Sasha Levin
From: Christian Borntraeger <borntraeger@linux.ibm.com>
[ Upstream commit 6d5946274df1fff539a7eece458a43be733d1db8 ]
With large and many guest with storage keys it is possible to create
large latencies or stalls during initial key setting:
rcu: INFO: rcu_sched self-detected stall on CPU
rcu: 18-....: (2099 ticks this GP) idle=54e/1/0x4000000000000002 softirq=35598716/35598716 fqs=998
(t=2100 jiffies g=155867385 q=20879)
Task dump for CPU 18:
CPU 1/KVM R running task 0 1030947 256019 0x06000004
Call Trace:
sched_show_task
rcu_dump_cpu_stacks
rcu_sched_clock_irq
update_process_times
tick_sched_handle
tick_sched_timer
__hrtimer_run_queues
hrtimer_interrupt
do_IRQ
ext_int_handler
ptep_zap_key
The mmap lock is held during the page walking but since this is a
semaphore scheduling is still possible. Same for the kvm srcu.
To minimize overhead do this on every segment table entry or large page.
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Link: https://lore.kernel.org/r/20220530092706.11637-2-borntraeger@linux.ibm.com
Signed-off-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/mm/gmap.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/arch/s390/mm/gmap.c b/arch/s390/mm/gmap.c
index 1ac73917a8d3..b8ae4a4aa2ba 100644
--- a/arch/s390/mm/gmap.c
+++ b/arch/s390/mm/gmap.c
@@ -2608,6 +2608,18 @@ static int __s390_enable_skey_pte(pte_t *pte, unsigned long addr,
return 0;
}
+/*
+ * Give a chance to schedule after setting a key to 256 pages.
+ * We only hold the mm lock, which is a rwsem and the kvm srcu.
+ * Both can sleep.
+ */
+static int __s390_enable_skey_pmd(pmd_t *pmd, unsigned long addr,
+ unsigned long next, struct mm_walk *walk)
+{
+ cond_resched();
+ return 0;
+}
+
static int __s390_enable_skey_hugetlb(pte_t *pte, unsigned long addr,
unsigned long hmask, unsigned long next,
struct mm_walk *walk)
@@ -2630,12 +2642,14 @@ static int __s390_enable_skey_hugetlb(pte_t *pte, unsigned long addr,
end = start + HPAGE_SIZE - 1;
__storage_key_init_range(start, end);
set_bit(PG_arch_1, &page->flags);
+ cond_resched();
return 0;
}
static const struct mm_walk_ops enable_skey_walk_ops = {
.hugetlb_entry = __s390_enable_skey_hugetlb,
.pte_entry = __s390_enable_skey_pte,
+ .pmd_entry = __s390_enable_skey_pmd,
};
int s390_enable_skey(void)
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 284/339] cifs: version operations for smb20 unneeded when legacy support disabled
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 283/339] s390/gmap: voluntarily schedule during key setting Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 285/339] drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate Greg Kroah-Hartman
` (56 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ronnie Sahlberg, Steve French, Sasha Levin
From: Steve French <stfrench@microsoft.com>
[ Upstream commit 7ef93ffccd55fb0ba000ed16ef6a81cd7dee07b5 ]
We should not be including unused smb20 specific code when legacy
support is disabled (CONFIG_CIFS_ALLOW_INSECURE_LEGACY turned
off). For example smb2_operations and smb2_values aren't used
in that case. Over time we can move more and more SMB1/CIFS and SMB2.0
code into the insecure legacy ifdefs
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/cifs/cifsglob.h | 4 +++-
fs/cifs/smb2ops.c | 7 ++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index e7503c1131a3..a6cade2aebd9 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -1929,11 +1929,13 @@ extern mempool_t *cifs_mid_poolp;
/* Operations for different SMB versions */
#define SMB1_VERSION_STRING "1.0"
+#define SMB20_VERSION_STRING "2.0"
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
extern struct smb_version_operations smb1_operations;
extern struct smb_version_values smb1_values;
-#define SMB20_VERSION_STRING "2.0"
extern struct smb_version_operations smb20_operations;
extern struct smb_version_values smb20_values;
+#endif /* CIFS_ALLOW_INSECURE_LEGACY */
#define SMB21_VERSION_STRING "2.1"
extern struct smb_version_operations smb21_operations;
extern struct smb_version_values smb21_values;
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index 861291662c95..6e26edbffc48 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -4326,11 +4326,13 @@ smb3_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
}
}
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
static bool
smb2_is_read_op(__u32 oplock)
{
return oplock == SMB2_OPLOCK_LEVEL_II;
}
+#endif /* CIFS_ALLOW_INSECURE_LEGACY */
static bool
smb21_is_read_op(__u32 oplock)
@@ -5429,7 +5431,7 @@ smb2_make_node(unsigned int xid, struct inode *inode,
return rc;
}
-
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
struct smb_version_operations smb20_operations = {
.compare_fids = smb2_compare_fids,
.setup_request = smb2_setup_request,
@@ -5528,6 +5530,7 @@ struct smb_version_operations smb20_operations = {
.is_status_io_timeout = smb2_is_status_io_timeout,
.is_network_name_deleted = smb2_is_network_name_deleted,
};
+#endif /* CIFS_ALLOW_INSECURE_LEGACY */
struct smb_version_operations smb21_operations = {
.compare_fids = smb2_compare_fids,
@@ -5859,6 +5862,7 @@ struct smb_version_operations smb311_operations = {
.is_network_name_deleted = smb2_is_network_name_deleted,
};
+#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
struct smb_version_values smb20_values = {
.version_string = SMB20_VERSION_STRING,
.protocol_id = SMB20_PROT_ID,
@@ -5879,6 +5883,7 @@ struct smb_version_values smb20_values = {
.signing_required = SMB2_NEGOTIATE_SIGNING_REQUIRED,
.create_lease_size = sizeof(struct create_lease),
};
+#endif /* ALLOW_INSECURE_LEGACY */
struct smb_version_values smb21_values = {
.version_string = SMB21_VERSION_STRING,
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 285/339] drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 284/339] cifs: version operations for smb20 unneeded when legacy support disabled Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 286/339] nodemask: Fix return values to be unsigned Greg Kroah-Hartman
` (55 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Alexander Gordeev, Andy Shevchenko,
Christian Borntraeger, Claudio Imbrenda, David Hildenbrand,
Heiko Carstens, Janosch Frank, Rasmus Villemoes, Sven Schnelle,
Vasily Gorbik, Yury Norov, Sasha Levin
From: Yury Norov <yury.norov@gmail.com>
[ Upstream commit 525d6515604eb1373ce5e6372a6b6640953b2d6a ]
The smu_v1X_0_set_allowed_mask() uses bitmap_copy() to convert
bitmap to 32-bit array. This may be wrong due to endiannes issues.
Fix it by switching to bitmap_{from,to}_arr32.
CC: Alexander Gordeev <agordeev@linux.ibm.com>
CC: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
CC: Christian Borntraeger <borntraeger@linux.ibm.com>
CC: Claudio Imbrenda <imbrenda@linux.ibm.com>
CC: David Hildenbrand <david@redhat.com>
CC: Heiko Carstens <hca@linux.ibm.com>
CC: Janosch Frank <frankja@linux.ibm.com>
CC: Rasmus Villemoes <linux@rasmusvillemoes.dk>
CC: Sven Schnelle <svens@linux.ibm.com>
CC: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c
index b87f550af26b..5f8809f6990d 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c
@@ -781,7 +781,7 @@ int smu_v11_0_set_allowed_mask(struct smu_context *smu)
goto failed;
}
- bitmap_copy((unsigned long *)feature_mask, feature->allowed, 64);
+ bitmap_to_arr32(feature_mask, feature->allowed, 64);
ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_SetAllowedFeaturesMaskHigh,
feature_mask[1], NULL);
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c
index cf09e30bdfe0..747430ce6394 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c
@@ -730,7 +730,7 @@ int smu_v13_0_set_allowed_mask(struct smu_context *smu)
feature->feature_num < 64)
return -EINVAL;
- bitmap_copy((unsigned long *)feature_mask, feature->allowed, 64);
+ bitmap_to_arr32(feature_mask, feature->allowed, 64);
ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_SetAllowedFeaturesMaskHigh,
feature_mask[1], NULL);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 286/339] nodemask: Fix return values to be unsigned
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 285/339] drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 287/339] scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() Greg Kroah-Hartman
` (54 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Christophe de Dinechin,
Alexey Dobriyan, Yury Norov, Andy Shevchenko, Rasmus Villemoes,
Andrew Morton, Zhen Lei, Kees Cook, Sasha Levin
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 0dfe54071d7c828a02917b595456bfde1afdddc9 ]
The nodemask routines had mixed return values that provided potentially
signed return values that could never happen. This was leading to the
compiler getting confusing about the range of possible return values
(it was thinking things could be negative where they could not be). Fix
all the nodemask routines that should be returning unsigned
(or bool) values. Silences:
mm/swapfile.c: In function ‘setup_swap_info’:
mm/swapfile.c:2291:47: error: array subscript -1 is below array bounds of ‘struct plist_node[]’ [-Werror=array-bounds]
2291 | p->avail_lists[i].prio = 1;
| ~~~~~~~~~~~~~~^~~
In file included from mm/swapfile.c:16:
./include/linux/swap.h:292:27: note: while referencing ‘avail_lists’
292 | struct plist_node avail_lists[]; /*
| ^~~~~~~~~~~
Reported-by: Christophe de Dinechin <dinechin@redhat.com>
Link: https://lore.kernel.org/lkml/20220414150855.2407137-3-dinechin@redhat.com/
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Yury Norov <yury.norov@gmail.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Yury Norov <yury.norov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/nodemask.h | 38 +++++++++++++++++++-------------------
lib/nodemask.c | 4 ++--
2 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/include/linux/nodemask.h b/include/linux/nodemask.h
index c6199dbe2591..0f233b76c9ce 100644
--- a/include/linux/nodemask.h
+++ b/include/linux/nodemask.h
@@ -42,11 +42,11 @@
* void nodes_shift_right(dst, src, n) Shift right
* void nodes_shift_left(dst, src, n) Shift left
*
- * int first_node(mask) Number lowest set bit, or MAX_NUMNODES
- * int next_node(node, mask) Next node past 'node', or MAX_NUMNODES
- * int next_node_in(node, mask) Next node past 'node', or wrap to first,
+ * unsigned int first_node(mask) Number lowest set bit, or MAX_NUMNODES
+ * unsigend int next_node(node, mask) Next node past 'node', or MAX_NUMNODES
+ * unsigned int next_node_in(node, mask) Next node past 'node', or wrap to first,
* or MAX_NUMNODES
- * int first_unset_node(mask) First node not set in mask, or
+ * unsigned int first_unset_node(mask) First node not set in mask, or
* MAX_NUMNODES
*
* nodemask_t nodemask_of_node(node) Return nodemask with bit 'node' set
@@ -153,7 +153,7 @@ static inline void __nodes_clear(nodemask_t *dstp, unsigned int nbits)
#define node_test_and_set(node, nodemask) \
__node_test_and_set((node), &(nodemask))
-static inline int __node_test_and_set(int node, nodemask_t *addr)
+static inline bool __node_test_and_set(int node, nodemask_t *addr)
{
return test_and_set_bit(node, addr->bits);
}
@@ -200,7 +200,7 @@ static inline void __nodes_complement(nodemask_t *dstp,
#define nodes_equal(src1, src2) \
__nodes_equal(&(src1), &(src2), MAX_NUMNODES)
-static inline int __nodes_equal(const nodemask_t *src1p,
+static inline bool __nodes_equal(const nodemask_t *src1p,
const nodemask_t *src2p, unsigned int nbits)
{
return bitmap_equal(src1p->bits, src2p->bits, nbits);
@@ -208,7 +208,7 @@ static inline int __nodes_equal(const nodemask_t *src1p,
#define nodes_intersects(src1, src2) \
__nodes_intersects(&(src1), &(src2), MAX_NUMNODES)
-static inline int __nodes_intersects(const nodemask_t *src1p,
+static inline bool __nodes_intersects(const nodemask_t *src1p,
const nodemask_t *src2p, unsigned int nbits)
{
return bitmap_intersects(src1p->bits, src2p->bits, nbits);
@@ -216,20 +216,20 @@ static inline int __nodes_intersects(const nodemask_t *src1p,
#define nodes_subset(src1, src2) \
__nodes_subset(&(src1), &(src2), MAX_NUMNODES)
-static inline int __nodes_subset(const nodemask_t *src1p,
+static inline bool __nodes_subset(const nodemask_t *src1p,
const nodemask_t *src2p, unsigned int nbits)
{
return bitmap_subset(src1p->bits, src2p->bits, nbits);
}
#define nodes_empty(src) __nodes_empty(&(src), MAX_NUMNODES)
-static inline int __nodes_empty(const nodemask_t *srcp, unsigned int nbits)
+static inline bool __nodes_empty(const nodemask_t *srcp, unsigned int nbits)
{
return bitmap_empty(srcp->bits, nbits);
}
#define nodes_full(nodemask) __nodes_full(&(nodemask), MAX_NUMNODES)
-static inline int __nodes_full(const nodemask_t *srcp, unsigned int nbits)
+static inline bool __nodes_full(const nodemask_t *srcp, unsigned int nbits)
{
return bitmap_full(srcp->bits, nbits);
}
@@ -260,15 +260,15 @@ static inline void __nodes_shift_left(nodemask_t *dstp,
> MAX_NUMNODES, then the silly min_ts could be dropped. */
#define first_node(src) __first_node(&(src))
-static inline int __first_node(const nodemask_t *srcp)
+static inline unsigned int __first_node(const nodemask_t *srcp)
{
- return min_t(int, MAX_NUMNODES, find_first_bit(srcp->bits, MAX_NUMNODES));
+ return min_t(unsigned int, MAX_NUMNODES, find_first_bit(srcp->bits, MAX_NUMNODES));
}
#define next_node(n, src) __next_node((n), &(src))
-static inline int __next_node(int n, const nodemask_t *srcp)
+static inline unsigned int __next_node(int n, const nodemask_t *srcp)
{
- return min_t(int,MAX_NUMNODES,find_next_bit(srcp->bits, MAX_NUMNODES, n+1));
+ return min_t(unsigned int, MAX_NUMNODES, find_next_bit(srcp->bits, MAX_NUMNODES, n+1));
}
/*
@@ -276,7 +276,7 @@ static inline int __next_node(int n, const nodemask_t *srcp)
* the first node in src if needed. Returns MAX_NUMNODES if src is empty.
*/
#define next_node_in(n, src) __next_node_in((n), &(src))
-int __next_node_in(int node, const nodemask_t *srcp);
+unsigned int __next_node_in(int node, const nodemask_t *srcp);
static inline void init_nodemask_of_node(nodemask_t *mask, int node)
{
@@ -296,9 +296,9 @@ static inline void init_nodemask_of_node(nodemask_t *mask, int node)
})
#define first_unset_node(mask) __first_unset_node(&(mask))
-static inline int __first_unset_node(const nodemask_t *maskp)
+static inline unsigned int __first_unset_node(const nodemask_t *maskp)
{
- return min_t(int,MAX_NUMNODES,
+ return min_t(unsigned int, MAX_NUMNODES,
find_first_zero_bit(maskp->bits, MAX_NUMNODES));
}
@@ -435,11 +435,11 @@ static inline int num_node_state(enum node_states state)
#define first_online_node first_node(node_states[N_ONLINE])
#define first_memory_node first_node(node_states[N_MEMORY])
-static inline int next_online_node(int nid)
+static inline unsigned int next_online_node(int nid)
{
return next_node(nid, node_states[N_ONLINE]);
}
-static inline int next_memory_node(int nid)
+static inline unsigned int next_memory_node(int nid)
{
return next_node(nid, node_states[N_MEMORY]);
}
diff --git a/lib/nodemask.c b/lib/nodemask.c
index 3aa454c54c0d..e22647f5181b 100644
--- a/lib/nodemask.c
+++ b/lib/nodemask.c
@@ -3,9 +3,9 @@
#include <linux/module.h>
#include <linux/random.h>
-int __next_node_in(int node, const nodemask_t *srcp)
+unsigned int __next_node_in(int node, const nodemask_t *srcp)
{
- int ret = __next_node(node, srcp);
+ unsigned int ret = __next_node(node, srcp);
if (ret == MAX_NUMNODES)
ret = __first_node(srcp);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 287/339] scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 286/339] nodemask: Fix return values to be unsigned Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 288/339] vringh: Fix loop descriptors check in the indirect cases Greg Kroah-Hartman
` (53 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart,
Martin K. Petersen, Sasha Levin
From: James Smart <jsmart2021@gmail.com>
[ Upstream commit 44ba9786b67345dc4e5eabe537c9ef2bfd889888 ]
A previous commit assumed all XMIT_SEQ64_WQEs are prepped with the correct
BDE type in word 0-2. However, lpfc_ct_reject_event() routine was missed
and is still filling out the incorrect BDE type.
Fix lpfc_ct_reject_event() routine so that type BUFF_TYPE_BDE_64 is set
instead of BUFF_TYPE_BLP_64.
Link: https://lore.kernel.org/r/20220603174329.63777-2-jsmart2021@gmail.com
Fixes: 596fc8adb171 ("scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()")
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_ct.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/lpfc/lpfc_ct.c b/drivers/scsi/lpfc/lpfc_ct.c
index 4b024aa03c1b..87124fd65272 100644
--- a/drivers/scsi/lpfc/lpfc_ct.c
+++ b/drivers/scsi/lpfc/lpfc_ct.c
@@ -197,7 +197,7 @@ lpfc_ct_reject_event(struct lpfc_nodelist *ndlp,
memset(bpl, 0, sizeof(struct ulp_bde64));
bpl->addrHigh = le32_to_cpu(putPaddrHigh(mp->phys));
bpl->addrLow = le32_to_cpu(putPaddrLow(mp->phys));
- bpl->tus.f.bdeFlags = BUFF_TYPE_BLP_64;
+ bpl->tus.f.bdeFlags = BUFF_TYPE_BDE_64;
bpl->tus.f.bdeSize = (LPFC_CT_PREAMBLE - 4);
bpl->tus.w = le32_to_cpu(bpl->tus.w);
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 288/339] vringh: Fix loop descriptors check in the indirect cases
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 287/339] scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 289/339] platform/x86: barco-p50-gpio: Add check for platform_driver_register Greg Kroah-Hartman
` (52 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Xie Yongji, Fam Zheng,
Michael S. Tsirkin, Jason Wang, Sasha Levin
From: Xie Yongji <xieyongji@bytedance.com>
[ Upstream commit dbd29e0752286af74243cf891accf472b2f3edd8 ]
We should use size of descriptor chain to test loop condition
in the indirect case. And another statistical count is also introduced
for indirect descriptors to avoid conflict with the statistical count
of direct descriptors.
Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.")
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Signed-off-by: Fam Zheng <fam.zheng@bytedance.com>
Message-Id: <20220505100910.137-1-xieyongji@bytedance.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vhost/vringh.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 14e2043d7685..eab55accf381 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -292,7 +292,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
int (*copy)(const struct vringh *vrh,
void *dst, const void *src, size_t len))
{
- int err, count = 0, up_next, desc_max;
+ int err, count = 0, indirect_count = 0, up_next, desc_max;
struct vring_desc desc, *descs;
struct vringh_range range = { -1ULL, 0 }, slowrange;
bool slow = false;
@@ -349,7 +349,12 @@ __vringh_iov(struct vringh *vrh, u16 i,
continue;
}
- if (count++ == vrh->vring.num) {
+ if (up_next == -1)
+ count++;
+ else
+ indirect_count++;
+
+ if (count > vrh->vring.num || indirect_count > desc_max) {
vringh_bad("Descriptor loop in %p", descs);
err = -ELOOP;
goto fail;
@@ -411,6 +416,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
i = return_from_indirect(vrh, &up_next,
&descs, &desc_max);
slow = false;
+ indirect_count = 0;
} else
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 289/339] platform/x86: barco-p50-gpio: Add check for platform_driver_register
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 288/339] vringh: Fix loop descriptors check in the indirect cases Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 290/339] scripts/gdb: change kernel config dumping method Greg Kroah-Hartman
` (51 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jiasheng Jiang, Peter Korsgaard,
Hans de Goede, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 011881b80ebe773914b59905bce0f5e0ef93e7ba ]
As platform_driver_register() could fail, it should be better
to deal with the return value in order to maintain the code
consisitency.
Fixes: 86af1d02d458 ("platform/x86: Support for EC-connected GPIOs for identify LED/button on Barco P50 board")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Acked-by: Peter Korsgaard <peter.korsgaard@barco.com>
Link: https://lore.kernel.org/r/20220526090345.1444172-1-jiasheng@iscas.ac.cn
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/barco-p50-gpio.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/platform/x86/barco-p50-gpio.c b/drivers/platform/x86/barco-p50-gpio.c
index 05534287bc26..8dd672339485 100644
--- a/drivers/platform/x86/barco-p50-gpio.c
+++ b/drivers/platform/x86/barco-p50-gpio.c
@@ -405,11 +405,14 @@ MODULE_DEVICE_TABLE(dmi, dmi_ids);
static int __init p50_module_init(void)
{
struct resource res = DEFINE_RES_IO(P50_GPIO_IO_PORT_BASE, P50_PORT_CMD + 1);
+ int ret;
if (!dmi_first_match(dmi_ids))
return -ENODEV;
- platform_driver_register(&p50_gpio_driver);
+ ret = platform_driver_register(&p50_gpio_driver);
+ if (ret)
+ return ret;
gpio_pdev = platform_device_register_simple(DRIVER_NAME, PLATFORM_DEVID_NONE, &res, 1);
if (IS_ERR(gpio_pdev)) {
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 290/339] scripts/gdb: change kernel config dumping method
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 289/339] platform/x86: barco-p50-gpio: Add check for platform_driver_register Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 291/339] platform/x86: hp-wmi: Resolve WMI query failures on some devices Greg Kroah-Hartman
` (50 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kuan-Ying Lee, Masahiro Yamada, Sasha Levin
From: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
[ Upstream commit 1f7a6cf6b07c74a17343c2559cd5f5018a245961 ]
MAGIC_START("IKCFG_ST") and MAGIC_END("IKCFG_ED") are moved out
from the kernel_config_data variable.
Thus, we parse kernel_config_data directly instead of considering
offset of MAGIC_START and MAGIC_END.
Fixes: 13610aa908dc ("kernel/configs: use .incbin directive to embed config_data.gz")
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/gdb/linux/config.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/gdb/linux/config.py b/scripts/gdb/linux/config.py
index 90e1565b1967..8843ab3cbadd 100644
--- a/scripts/gdb/linux/config.py
+++ b/scripts/gdb/linux/config.py
@@ -24,9 +24,9 @@ class LxConfigDump(gdb.Command):
filename = arg
try:
- py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
- py_config_size = gdb.parse_and_eval(
- "sizeof(kernel_config_data) - 1 - 8 * 2")
+ py_config_ptr = gdb.parse_and_eval("&kernel_config_data")
+ py_config_ptr_end = gdb.parse_and_eval("&kernel_config_data_end")
+ py_config_size = py_config_ptr_end - py_config_ptr
except gdb.error as e:
raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 291/339] platform/x86: hp-wmi: Resolve WMI query failures on some devices
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 290/339] scripts/gdb: change kernel config dumping method Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 292/339] platform/x86: hp-wmi: Use zero insize parameter only when supported Greg Kroah-Hartman
` (49 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jorge Lopez, Andy Shevchenko,
Hans de Goede, Sasha Levin
From: Jorge Lopez <jorge.lopez2@hp.com>
[ Upstream commit dc6a6ab58379f25bf991d8e4a13b001ed806e881 ]
WMI queries fail on some devices where the ACPI method HWMC
unconditionally attempts to create Fields beyond the buffer
if the buffer is too small, this breaks essential features
such as power profiles:
CreateByteField (Arg1, 0x10, D008)
CreateByteField (Arg1, 0x11, D009)
CreateByteField (Arg1, 0x12, D010)
CreateDWordField (Arg1, 0x10, D032)
CreateField (Arg1, 0x80, 0x0400, D128)
In cases where args->data had zero length, ACPI BIOS Error
(bug): AE_AML_BUFFER_LIMIT, Field [D008] at bit
offset/length 128/8 exceeds size of target Buffer (128 bits)
(20211217/dsopcode-198) was obtained.
ACPI BIOS Error (bug): AE_AML_BUFFER_LIMIT, Field [D009] at bit
offset/length 136/8 exceeds size of target Buffer (136bits)
(20211217/dsopcode-198)
The original code created a buffer size of 128 bytes regardless if
the WMI call required a smaller buffer or not. This particular
behavior occurs in older BIOS and reproduced in OMEN laptops. Newer
BIOS handles buffer sizes properly and meets the latest specification
requirements. This is the reason why testing with a dynamically
allocated buffer did not uncover any failures with the test systems at
hand.
This patch was tested on several OMEN, Elite, and Zbooks. It was
confirmed the patch resolves HPWMI_FAN GET/SET calls in an OMEN
Laptop 15-ek0xxx. No problems were reported when testing on several Elite
and Zbooks notebooks.
Fixes: 4b4967cbd268 ("platform/x86: hp-wmi: Changing bios_args.data to be dynamically allocated")
Signed-off-by: Jorge Lopez <jorge.lopez2@hp.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20220608212923.8585-2-jorge.lopez2@hp.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp-wmi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/hp-wmi.c b/drivers/platform/x86/hp-wmi.c
index 0e9a25b56e0e..d3540dd62d06 100644
--- a/drivers/platform/x86/hp-wmi.c
+++ b/drivers/platform/x86/hp-wmi.c
@@ -290,14 +290,16 @@ static int hp_wmi_perform_query(int query, enum hp_wmi_command command,
struct bios_return *bios_return;
union acpi_object *obj = NULL;
struct bios_args *args = NULL;
- int mid, actual_outsize, ret;
+ int mid, actual_insize, actual_outsize;
size_t bios_args_size;
+ int ret;
mid = encode_outsize_for_pvsz(outsize);
if (WARN_ON(mid < 0))
return mid;
- bios_args_size = struct_size(args, data, insize);
+ actual_insize = max(insize, 128);
+ bios_args_size = struct_size(args, data, actual_insize);
args = kmalloc(bios_args_size, GFP_KERNEL);
if (!args)
return -ENOMEM;
--
2.35.1
^ permalink raw reply related [flat|nested] 343+ messages in thread
* [PATCH 5.18 292/339] platform/x86: hp-wmi: Use zero insize parameter only when supported
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 291/339] platform/x86: hp-wmi: Resolve WMI query failures on some devices Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 293/339] ALSA: usb-audio: Skip generic sync EP parse for secondary EP Greg Kroah-Hartman
` (48 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Bedant Patnaik, Jorge Lopez,
Hans de Goede, Sasha Levin
From: Bedant Patnaik <bedant.patnaik@gmail.com>
[ Upstream commit 65f936f3535950d2643eac5bf34a735a0e428cdd ]
commit be9d73e64957 ("platform/x86: hp-wmi: Fix 0x05 error code reported by
several WMI calls") and commit 12b19f14a21a ("platform/x86: hp-wmi: Fix
hp_wmi_read_int() reporting error (0x05)") cause ACPI BIOS Error (bug):
Attempt to CreateField of length zero (20211217/dsopcode-133) because of
the ACPI method HWMC, which unconditionally creates a Field of
size (insize*8) bits:
CreateField (Arg1, 0x80, (Local5 * 0x08), DAIN)
In cases where args->insize = 0, the Field size is 0, resulting in
an error.
Fix this by using zero insize only if 0x5 error code is returned
Tested on Omen 15 AMD (2020) board ID: 8786.
Fixes: be9d73e64957 ("platform/x86: hp-wmi: Fix 0x05 error code reported by several WMI calls")
Signed-off-by: Bedant Patnaik <bedant.patnaik@gmail.com>
Tested-by: Jorge Lopez <jorge.lopez2@hp.com>
Link: https://lore.kernel.org/r/41be46743d21c78741232a47bbb5f1cdbcc3d21e.camel@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/hp-wmi.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/drivers/platform/x86/hp-wmi.c
+++ b/drivers/platform/x86/hp-wmi.c
@@ -38,6 +38,7 @@ MODULE_ALIAS("wmi:5FB7F034-2C63-45e9-BE9
#define HPWMI_EVENT_GUID "95F24279-4D7B-4334-9387-ACCDC67EF61C"
#define HPWMI_BIOS_GUID "5FB7F034-2C63-45e9-BE91-3D44E2C707E4"
#define HP_OMEN_EC_THERMAL_PROFILE_OFFSET 0x95
+#define zero_if_sup(tmp) (zero_insize_support?0:sizeof(tmp)) // use when zero insize is required
/* DMI board names of devices that should use the omen specific path for
* thermal profiles.
@@ -220,6 +221,7 @@ static struct input_dev *hp_wmi_input_de
static struct platform_device *hp_wmi_platform_dev;
static struct platform_profile_handler platform_profile_handler;
static bool platform_profile_support;
+static bool zero_insize_support;
static struct rfkill *wifi_rfkill;
static struct rfkill *bluetooth_rfkill;
@@ -376,7 +378,7 @@ static int hp_wmi_read_int(int query)
int val = 0, ret;
ret = hp_wmi_perform_query(query, HPWMI_READ, &val,
- 0, sizeof(val));
+ zero_if_sup(val), sizeof(val));
if (ret)
return ret < 0 ? ret : -EINVAL;
@@ -412,7 +414,8 @@ static int hp_wmi_get_tablet_mode(void)
return -ENODEV;
ret = hp_wmi_perform_query(HPWMI_SYSTEM_DEVICE_MODE, HPWMI_READ,
- system_device_mode, 0, sizeof(system_device_mode));
+ system_device_mode, zero_if_sup(system_device_mode),
+ sizeof(system_device_mode));
if (ret < 0)
return ret;
@@ -499,7 +502,7 @@ static int hp_wmi_fan_speed_max_get(void
int val = 0, ret;
ret = hp_wmi_perform_query(HPWMI_FAN_SPEED_MAX_GET_QUERY, HPWMI_GM,
- &val, 0, sizeof(val));
+ &val, zero_if_sup(val), sizeof(val));
if (ret)
return ret < 0 ? ret : -EINVAL;
@@ -511,7 +514,7 @@ static int __init hp_wmi_bios_2008_later
{
int state = 0;
int ret = hp_wmi_perform_query(HPWMI_FEATURE_QUERY, HPWMI_READ, &state,
- 0, sizeof(state));
+ zero_if_sup(state), sizeof(state));
if (!ret)
return 1;
@@ -522,7 +525,7 @@ static int __init hp_wmi_bios_2009_later
{
u8 state[128];
int ret = hp_wmi_perform_query(HPWMI_FEATURE2_QUERY, HPWMI_READ, &state,
- 0, sizeof(state));
+ zero_if_sup(state), sizeof(state));
if (!ret)
return 1;
@@ -600,7 +603,7 @@ static int hp_wmi_rfkill2_refresh(void)
int err, i;
err = hp_wmi_perform_query(HPWMI_WIRELESS2_QUERY, HPWMI_READ, &state,
- 0, sizeof(state));
+ zero_if_sup(state), sizeof(state));
if (err)
return err;
@@ -1002,7 +1005,7 @@ static int __init hp_wmi_rfkill2_setup(s
int err, i;
err = hp_wmi_perform_query(HPWMI_WIRELESS2_QUERY, HPWMI_READ, &state,
- 0, sizeof(state));
+ zero_if_sup(state), sizeof(state));
if (err)
return err < 0 ? err : -EINVAL;
@@ -1477,11 +1480,15 @@ static int __init hp_wmi_init(void)
{
int event_capable = wmi_has_guid(HPWMI_EVENT_GUID);
int bios_capable = wmi_has_guid(HPWMI_BIOS_GUID);
- int err;
+ int err, tmp = 0;
if (!bios_capable && !event_capable)
return -ENODEV;
+ if (hp_wmi_perform_query(HPWMI_HARDWARE_QUERY, HPWMI_READ, &tmp,
+ sizeof(tmp), sizeof(tmp)) == HPWMI_RET_INVALID_PARAMETERS)
+ zero_insize_support = true;
+
if (event_capable) {
err = hp_wmi_input_setup();
if (err)
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 293/339] ALSA: usb-audio: Skip generic sync EP parse for secondary EP
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 292/339] platform/x86: hp-wmi: Use zero insize parameter only when supported Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 294/339] ALSA: usb-audio: Set up (implicit) sync for Saffire 6 Greg Kroah-Hartman
` (47 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, André Kapelrud
From: Takashi Iwai <tiwai@suse.de>
commit efb75df105e82f076a85b9f2d81410428bcb55fc upstream.
When ep_idx is already non-zero, it means usually a capture stream
that is set up explicity by a fixed-format quirk, and applying the
check for generic (non-implicit-fb) sync EPs might hit incorrectly,
resulting in a bogus sync endpoint for the capture stream.
This patch adds a check for the ep_idx and skip if it's a secondary
endpoint. It's a part of the fixes for regressions on Saffire 6.
Fixes: 7b0efea4baf0 ("ALSA: usb-audio: Add missing ep_idx in fixed EP quirks")
Reported-and-tested-by: André Kapelrud <a.kapelrud@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220606160910.6926-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/pcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -304,7 +304,7 @@ int snd_usb_audioformat_set_sync_ep(stru
* Generic sync EP handling
*/
- if (altsd->bNumEndpoints < 2)
+ if (fmt->ep_idx > 0 || altsd->bNumEndpoints < 2)
return 0;
is_playback = !(get_endpoint(alts, 0)->bEndpointAddress & USB_DIR_IN);
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 294/339] ALSA: usb-audio: Set up (implicit) sync for Saffire 6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 293/339] ALSA: usb-audio: Skip generic sync EP parse for secondary EP Greg Kroah-Hartman
@ 2022-06-13 10:11 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 295/339] ALSA: hda/conexant - Fix loopback issue with CX20632 Greg Kroah-Hartman
` (46 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:11 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Takashi Iwai, André Kapelrud
From: Takashi Iwai <tiwai@suse.de>
commit e0469d6581aecb0e34e2ec64f39f88e6985cc52f upstream.
Focusrite Saffire 6 has fixed audioformat quirks with multiple
endpoints assigned to a single altsetting. Unfortunately the generic
parser couldn't detect the sync endpoint correctly as the implicit
sync due to the missing EP attribute bits. In the former kernels, it
used to work somehow casually, but it's been broken for a while after
the large code change in 5.11.
This patch cures the regression by the following:
- Allow the static quirk table to provide the sync EP information;
we just need to fill the fields and let the generic parser skipping
parsing if sync_ep is already set.
- Add the sync endpoint information to the entry for Saffire 6.
Fixes: 7b0efea4baf0 ("ALSA: usb-audio: Add missing ep_idx in fixed EP quirks")
Reported-and-tested-by: André Kapelrud <a.kapelrud@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220606160910.6926-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/usb/pcm.c | 3 +++
sound/usb/quirks-table.h | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -291,6 +291,9 @@ int snd_usb_audioformat_set_sync_ep(stru
bool is_playback;
int err;
+ if (fmt->sync_ep)
+ return 0; /* already set up */
+
alts = snd_usb_get_host_interface(chip, fmt->iface, fmt->altsetting);
if (!alts)
return 0;
--- a/sound/usb/quirks-table.h
+++ b/sound/usb/quirks-table.h
@@ -2658,7 +2658,12 @@ YAMAHA_DEVICE(0x7010, "UB99"),
.nr_rates = 2,
.rate_table = (unsigned int[]) {
44100, 48000
- }
+ },
+ .sync_ep = 0x82,
+ .sync_iface = 0,
+ .sync_altsetting = 1,
+ .sync_ep_idx = 1,
+ .implicit_fb = 1,
}
},
{
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 295/339] ALSA: hda/conexant - Fix loopback issue with CX20632
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2022-06-13 10:11 ` [PATCH 5.18 294/339] ALSA: usb-audio: Set up (implicit) sync for Saffire 6 Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 296/339] ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 Greg Kroah-Hartman
` (45 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, huangwenhui, Takashi Iwai
From: huangwenhui <huangwenhuia@uniontech.com>
commit d5ea7544c32ba27c2c5826248e4ff58bd50a2518 upstream.
On a machine with CX20632, Alsamixer doesn't have 'Loopback
Mixing' and 'Line'.
Signed-off-by: huangwenhui <huangwenhuia@uniontech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220607065631.10708-1-huangwenhuia@uniontech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_conexant.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -1052,6 +1052,13 @@ static int patch_conexant_auto(struct hd
snd_hda_pick_fixup(codec, cxt5051_fixup_models,
cxt5051_fixups, cxt_fixups);
break;
+ case 0x14f15098:
+ codec->pin_amp_workaround = 1;
+ spec->gen.mixer_nid = 0x22;
+ spec->gen.add_stereo_mix_input = HDA_HINT_STEREO_MIX_AUTO;
+ snd_hda_pick_fixup(codec, cxt5066_fixup_models,
+ cxt5066_fixups, cxt_fixups);
+ break;
case 0x14f150f2:
codec->power_save_node = 1;
fallthrough;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 296/339] ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 295/339] ALSA: hda/conexant - Fix loopback issue with CX20632 Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 297/339] ALSA: hda/realtek: Add quirk for HP Dev One Greg Kroah-Hartman
` (44 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Cameron Berkenpas, Takashi Iwai, Songine
From: Cameron Berkenpas <cam@neo-zeon.de>
commit 85743a847caeab696dafc4ce1a7e1e2b7e29a0f6 upstream.
Enables the ALC287_FIXUP_YOGA7_14ITL_SPEAKERS quirk for the Lenovo
Yoga DuetITL 2021 laptop to fix speaker output.
[ re-sorted in the SSID order by tiwai ]
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208555
Signed-off-by: Cameron Berkenpas <cam@neo-zeon.de>
Co-authored-by: Songine <donglingluoying@gmail.com>
Cc: stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220606002329.215330-1-cam@neo-zeon.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9310,6 +9310,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x17aa, 0x3176, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC),
SND_PCI_QUIRK(0x17aa, 0x3178, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC),
SND_PCI_QUIRK(0x17aa, 0x31af, "ThinkCentre Station", ALC623_FIXUP_LENOVO_THINKSTATION_P340),
+ SND_PCI_QUIRK(0x17aa, 0x3802, "Lenovo Yoga DuetITL 2021", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS),
SND_PCI_QUIRK(0x17aa, 0x3813, "Legion 7i 15IMHG05", ALC287_FIXUP_LEGION_15IMHG05_SPEAKERS),
SND_PCI_QUIRK(0x17aa, 0x3818, "Lenovo C940", ALC298_FIXUP_LENOVO_SPK_VOLUME),
SND_PCI_QUIRK(0x17aa, 0x3819, "Lenovo 13s Gen2 ITL", ALC287_FIXUP_13S_GEN2_SPEAKERS),
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 297/339] ALSA: hda/realtek: Add quirk for HP Dev One
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 296/339] ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 298/339] cifs: return errors during session setup during reconnects Greg Kroah-Hartman
` (43 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jeremy Soller, Tim Crawford, Takashi Iwai
From: Jeremy Soller <jeremy@system76.com>
commit 5f3d696eea916693b2d4ed7e62794653fcdd6ec0 upstream.
Enables the audio mute LEDs and limits the mic boost to avoid picking up
noise.
Signed-off-by: Jeremy Soller <jeremy@system76.com>
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220608140111.23170-1-tcrawford@system76.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9111,6 +9111,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x89c3, "Zbook Studio G9", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x89c6, "Zbook Fury 17 G9", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x89ca, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
+ SND_PCI_QUIRK(0x103c, 0x8a78, "HP Dev One", ALC285_FIXUP_HP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC),
SND_PCI_QUIRK(0x1043, 0x103f, "ASUS TX300", ALC282_FIXUP_ASUS_TX300),
SND_PCI_QUIRK(0x1043, 0x106d, "Asus K53BE", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 298/339] cifs: return errors during session setup during reconnects
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 297/339] ALSA: hda/realtek: Add quirk for HP Dev One Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 299/339] cifs: fix reconnect on smb3 mount types Greg Kroah-Hartman
` (42 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shyam Prasad N, Enzo Matsumiya, Steve French
From: Shyam Prasad N <sprasad@microsoft.com>
commit 8ea21823aa584b55ba4b861307093b78054b0c1b upstream.
During reconnects, we check the return value from
cifs_negotiate_protocol, and have handlers for both success
and failures. But if that passes, and cifs_setup_session
returns any errors other than -EACCES, we do not handle
that. This fix adds a handler for that, so that we don't
go ahead and try a tree_connect on a failed session.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/smb2pdu.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
@@ -288,6 +288,9 @@ smb2_reconnect(__le16 smb2_command, stru
mutex_unlock(&ses->session_mutex);
rc = -EHOSTDOWN;
goto failed;
+ } else if (rc) {
+ mutex_unlock(&ses->session_mutex);
+ goto out;
}
} else {
mutex_unlock(&ses->session_mutex);
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 299/339] cifs: fix reconnect on smb3 mount types
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 298/339] cifs: return errors during session setup during reconnects Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 300/339] cifs: populate empty hostnames for extra channels Greg Kroah-Hartman
` (41 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Satadru Pramanik,
Paulo Alcantara (SUSE),
Steve French
From: Paulo Alcantara <pc@cjr.nz>
commit c36ee7dab7749f7be21f7a72392744490b2a9a2b upstream.
cifs.ko defines two file system types: cifs & smb3, and
__cifs_get_super() was not including smb3 file system type when
looking up superblocks, therefore failing to reconnect tcons in
cifs_tree_connect().
Fix this by calling iterate_supers_type() on both file system types.
Link: https://lore.kernel.org/r/CAFrh3J9soC36+BVuwHB=g9z_KB5Og2+p2_W+BBoBOZveErz14w@mail.gmail.com
Cc: stable@vger.kernel.org
Tested-by: Satadru Pramanik <satadru@gmail.com>
Reported-by: Satadru Pramanik <satadru@gmail.com>
Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/cifsfs.c | 2 +-
fs/cifs/cifsfs.h | 2 +-
fs/cifs/misc.c | 27 ++++++++++++++++-----------
3 files changed, 18 insertions(+), 13 deletions(-)
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -1084,7 +1084,7 @@ struct file_system_type cifs_fs_type = {
};
MODULE_ALIAS_FS("cifs");
-static struct file_system_type smb3_fs_type = {
+struct file_system_type smb3_fs_type = {
.owner = THIS_MODULE,
.name = "smb3",
.init_fs_context = smb3_init_fs_context,
--- a/fs/cifs/cifsfs.h
+++ b/fs/cifs/cifsfs.h
@@ -38,7 +38,7 @@ static inline unsigned long cifs_get_tim
return (unsigned long) dentry->d_fsdata;
}
-extern struct file_system_type cifs_fs_type;
+extern struct file_system_type cifs_fs_type, smb3_fs_type;
extern const struct address_space_operations cifs_addr_ops;
extern const struct address_space_operations cifs_addr_ops_smallbuf;
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -1209,18 +1209,23 @@ static struct super_block *__cifs_get_su
.data = data,
.sb = NULL,
};
+ struct file_system_type **fs_type = (struct file_system_type *[]) {
+ &cifs_fs_type, &smb3_fs_type, NULL,
+ };
- iterate_supers_type(&cifs_fs_type, f, &sd);
-
- if (!sd.sb)
- return ERR_PTR(-EINVAL);
- /*
- * Grab an active reference in order to prevent automounts (DFS links)
- * of expiring and then freeing up our cifs superblock pointer while
- * we're doing failover.
- */
- cifs_sb_active(sd.sb);
- return sd.sb;
+ for (; *fs_type; fs_type++) {
+ iterate_supers_type(*fs_type, f, &sd);
+ if (sd.sb) {
+ /*
+ * Grab an active reference in order to prevent automounts (DFS links)
+ * of expiring and then freeing up our cifs superblock pointer while
+ * we're doing failover.
+ */
+ cifs_sb_active(sd.sb);
+ return sd.sb;
+ }
+ }
+ return ERR_PTR(-EINVAL);
}
static void __cifs_put_super(struct super_block *sb)
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 300/339] cifs: populate empty hostnames for extra channels
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 299/339] cifs: fix reconnect on smb3 mount types Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 301/339] scsi: sd: Fix interpretation of VPD B9h length Greg Kroah-Hartman
` (40 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Shyam Prasad N, Steve French
From: Shyam Prasad N <sprasad@microsoft.com>
commit 4c14d7043fede258957d7b01da0cad2d9fe3a205 upstream.
Currently, the secondary channels of a multichannel session
also get hostname populated based on the info in primary channel.
However, this will end up with a wrong resolution of hostname to
IP address during reconnect.
This change fixes this by not populating hostname info for all
secondary channels.
Fixes: 5112d80c162f ("cifs: populate server_hostname for extra channels")
Cc: stable@vger.kernel.org
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/cifs/connect.c | 4 ++++
fs/cifs/sess.c | 5 ++++-
2 files changed, 8 insertions(+), 1 deletion(-)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -97,6 +97,10 @@ static int reconn_set_ipaddr_from_hostna
if (!server->hostname)
return -EINVAL;
+ /* if server hostname isn't populated, there's nothing to do here */
+ if (server->hostname[0] == '\0')
+ return 0;
+
len = strlen(server->hostname) + 3;
unc = kmalloc(len, GFP_KERNEL);
--- a/fs/cifs/sess.c
+++ b/fs/cifs/sess.c
@@ -274,7 +274,10 @@ cifs_ses_add_channel(struct cifs_sb_info
/* Auth */
ctx.domainauto = ses->domainAuto;
ctx.domainname = ses->domainName;
- ctx.server_hostname = ses->server->hostname;
+
+ /* no hostname for extra channels */
+ ctx.server_hostname = "";
+
ctx.username = ses->user_name;
ctx.password = ses->password;
ctx.sectype = ses->sectype;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 301/339] scsi: sd: Fix interpretation of VPD B9h length
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 300/339] cifs: populate empty hostnames for extra channels Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 302/339] scsi: lpfc: Resolve some cleanup issues following abort path refactoring Greg Kroah-Hartman
` (39 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Michael English, Muhammad Ahmad,
Damien Le Moal, Hannes Reinecke, Tyler Erickson,
Christoph Hellwig, Martin K. Petersen
From: Tyler Erickson <tyler.erickson@seagate.com>
commit f92de9d110429e39929a49240d823251c2fe903e upstream.
Fixing the interpretation of the length of the B9h VPD page (Concurrent
Positioning Ranges). Adding 4 is necessary as the first 4 bytes of the page
is the header with page number and length information. Adding 3 was likely
a misinterpretation of the SBC-5 specification which sets all offsets
starting at zero.
This fixes the error in dmesg:
[ 9.014456] sd 1:0:0:0: [sda] Invalid Concurrent Positioning Ranges VPD page
Link: https://lore.kernel.org/r/20220602225113.10218-4-tyler.erickson@seagate.com
Fixes: e815d36548f0 ("scsi: sd: add concurrent positioning ranges support")
Cc: stable@vger.kernel.org
Tested-by: Michael English <michael.english@seagate.com>
Reviewed-by: Muhammad Ahmad <muhammad.ahmad@seagate.com>
Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Tyler Erickson <tyler.erickson@seagate.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3067,7 +3067,7 @@ static void sd_read_cpr(struct scsi_disk
goto out;
/* We must have at least a 64B header and one 32B range descriptor */
- vpd_len = get_unaligned_be16(&buffer[2]) + 3;
+ vpd_len = get_unaligned_be16(&buffer[2]) + 4;
if (vpd_len > buf_len || vpd_len < 64 + 32 || (vpd_len & 31)) {
sd_printk(KERN_ERR, sdkp,
"Invalid Concurrent Positioning Ranges VPD page\n");
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 302/339] scsi: lpfc: Resolve some cleanup issues following abort path refactoring
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 301/339] scsi: sd: Fix interpretation of VPD B9h length Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 303/339] scsi: lpfc: Resolve some cleanup issues following SLI " Greg Kroah-Hartman
` (38 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart, Martin K. Petersen
From: James Smart <jsmart2021@gmail.com>
commit 24e1f056677eefe834d5dcf61905cce857ca4b19 upstream.
Refactoring and consolidation of abort paths:
- lpfc_sli4_abort_fcp_cmpl() and lpfc_sli_abort_fcp_cmpl() are combined
into a single generic lpfc_sli_abort_fcp_cmpl() routine. Thus, remove
extraneous lpfc_sli4_abort_fcp_cmpl() prototype declaration.
- lpfc_nvme_abort_fcreq_cmpl() abort completion routine is called with a
mismatched argument type. This may result in misleading log message
content. Update to the correct argument type of lpfc_iocbq instead of
lpfc_wcqe_complete. The lpfc_wcqe_complete should be derived from the
lpfc_iocbq structure.
Link: https://lore.kernel.org/r/20220603174329.63777-3-jsmart2021@gmail.com
Fixes: 31a59f75702f ("scsi: lpfc: SLI path split: Refactor Abort paths")
Cc: <stable@vger.kernel.org> # v5.18
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_crtn.h | 4 +---
drivers/scsi/lpfc/lpfc_nvme.c | 6 ++++--
2 files changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/scsi/lpfc/lpfc_crtn.h
+++ b/drivers/scsi/lpfc/lpfc_crtn.h
@@ -418,8 +418,6 @@ int lpfc_sli_issue_iocb_wait(struct lpfc
uint32_t);
void lpfc_sli_abort_fcp_cmpl(struct lpfc_hba *, struct lpfc_iocbq *,
struct lpfc_iocbq *);
-void lpfc_sli4_abort_fcp_cmpl(struct lpfc_hba *h, struct lpfc_iocbq *i,
- struct lpfc_wcqe_complete *w);
void lpfc_sli_free_hbq(struct lpfc_hba *, struct hbq_dmabuf *);
@@ -627,7 +625,7 @@ void lpfc_nvmet_invalidate_host(struct l
struct lpfc_nodelist *ndlp);
void lpfc_nvme_abort_fcreq_cmpl(struct lpfc_hba *phba,
struct lpfc_iocbq *cmdiocb,
- struct lpfc_wcqe_complete *abts_cmpl);
+ struct lpfc_iocbq *rspiocb);
void lpfc_create_multixri_pools(struct lpfc_hba *phba);
void lpfc_create_destroy_pools(struct lpfc_hba *phba);
void lpfc_move_xri_pvt_to_pbl(struct lpfc_hba *phba, u32 hwqid);
--- a/drivers/scsi/lpfc/lpfc_nvme.c
+++ b/drivers/scsi/lpfc/lpfc_nvme.c
@@ -1741,7 +1741,7 @@ lpfc_nvme_fcp_io_submit(struct nvme_fc_l
* lpfc_nvme_abort_fcreq_cmpl - Complete an NVME FCP abort request.
* @phba: Pointer to HBA context object
* @cmdiocb: Pointer to command iocb object.
- * @abts_cmpl: Pointer to wcqe complete object.
+ * @rspiocb: Pointer to response iocb object.
*
* This is the callback function for any NVME FCP IO that was aborted.
*
@@ -1750,8 +1750,10 @@ lpfc_nvme_fcp_io_submit(struct nvme_fc_l
**/
void
lpfc_nvme_abort_fcreq_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
- struct lpfc_wcqe_complete *abts_cmpl)
+ struct lpfc_iocbq *rspiocb)
{
+ struct lpfc_wcqe_complete *abts_cmpl = &rspiocb->wcqe_cmpl;
+
lpfc_printf_log(phba, KERN_INFO, LOG_NVME,
"6145 ABORT_XRI_CN completing on rpi x%x "
"original iotag x%x, abort cmd iotag x%x "
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 303/339] scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 302/339] scsi: lpfc: Resolve some cleanup issues following abort path refactoring Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 304/339] scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Greg Kroah-Hartman
` (37 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart, Martin K. Petersen
From: James Smart <jsmart2021@gmail.com>
commit e27f05147bff21408c1b8410ad8e90cd286e7952 upstream.
Following refactoring and consolidation in SLI processing, fix up some
minor issues related to SLI path:
- Correct the setting of LPFC_EXCHANGE_BUSY flag in response IOCB.
- Fix some typographical errors.
- Fix duplicate log messages.
Link: https://lore.kernel.org/r/20220603174329.63777-4-jsmart2021@gmail.com
Fixes: 1b64aa9eae28 ("scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4")
Cc: <stable@vger.kernel.org> # v5.18
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_init.c | 2 +-
drivers/scsi/lpfc/lpfc_sli.c | 25 ++++++++++++-------------
2 files changed, 13 insertions(+), 14 deletions(-)
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -12063,7 +12063,7 @@ lpfc_sli_enable_msi(struct lpfc_hba *phb
rc = pci_enable_msi(phba->pcidev);
if (!rc)
lpfc_printf_log(phba, KERN_INFO, LOG_INIT,
- "0462 PCI enable MSI mode success.\n");
+ "0012 PCI enable MSI mode success.\n");
else {
lpfc_printf_log(phba, KERN_INFO, LOG_INIT,
"0471 PCI enable MSI mode failed (%d)\n", rc);
--- a/drivers/scsi/lpfc/lpfc_sli.c
+++ b/drivers/scsi/lpfc/lpfc_sli.c
@@ -1930,7 +1930,7 @@ lpfc_issue_cmf_sync_wqe(struct lpfc_hba
sync_buf = __lpfc_sli_get_iocbq(phba);
if (!sync_buf) {
lpfc_printf_log(phba, KERN_ERR, LOG_CGN_MGMT,
- "6213 No available WQEs for CMF_SYNC_WQE\n");
+ "6244 No available WQEs for CMF_SYNC_WQE\n");
ret_val = ENOMEM;
goto out_unlock;
}
@@ -3816,7 +3816,7 @@ lpfc_sli_process_sol_iocb(struct lpfc_hb
set_job_ulpword4(cmdiocbp,
IOERR_ABORT_REQUESTED);
/*
- * For SLI4, irsiocb contains
+ * For SLI4, irspiocb contains
* NO_XRI in sli_xritag, it
* shall not affect releasing
* sgl (xri) process.
@@ -3834,7 +3834,7 @@ lpfc_sli_process_sol_iocb(struct lpfc_hb
}
}
}
- (cmdiocbp->cmd_cmpl) (phba, cmdiocbp, saveq);
+ cmdiocbp->cmd_cmpl(phba, cmdiocbp, saveq);
} else
lpfc_sli_release_iocbq(phba, cmdiocbp);
} else {
@@ -4074,8 +4074,7 @@ lpfc_sli_handle_fast_ring_event(struct l
cmdiocbq->cmd_flag &= ~LPFC_DRIVER_ABORTED;
if (cmdiocbq->cmd_cmpl) {
spin_unlock_irqrestore(&phba->hbalock, iflag);
- (cmdiocbq->cmd_cmpl)(phba, cmdiocbq,
- &rspiocbq);
+ cmdiocbq->cmd_cmpl(phba, cmdiocbq, &rspiocbq);
spin_lock_irqsave(&phba->hbalock, iflag);
}
break;
@@ -10304,7 +10303,7 @@ __lpfc_sli_issue_iocb_s3(struct lpfc_hba
* @flag: Flag indicating if this command can be put into txq.
*
* __lpfc_sli_issue_fcp_io_s3 is wrapper function to invoke lockless func to
- * send an iocb command to an HBA with SLI-4 interface spec.
+ * send an iocb command to an HBA with SLI-3 interface spec.
*
* This function takes the hbalock before invoking the lockless version.
* The function will return success after it successfully submit the wqe to
@@ -12741,7 +12740,7 @@ lpfc_sli_wake_iocb_wait(struct lpfc_hba
cmdiocbq->cmd_cmpl = cmdiocbq->wait_cmd_cmpl;
cmdiocbq->wait_cmd_cmpl = NULL;
if (cmdiocbq->cmd_cmpl)
- (cmdiocbq->cmd_cmpl)(phba, cmdiocbq, NULL);
+ cmdiocbq->cmd_cmpl(phba, cmdiocbq, NULL);
else
lpfc_sli_release_iocbq(phba, cmdiocbq);
return;
@@ -12755,9 +12754,9 @@ lpfc_sli_wake_iocb_wait(struct lpfc_hba
/* Set the exchange busy flag for task management commands */
if ((cmdiocbq->cmd_flag & LPFC_IO_FCP) &&
- !(cmdiocbq->cmd_flag & LPFC_IO_LIBDFC)) {
+ !(cmdiocbq->cmd_flag & LPFC_IO_LIBDFC)) {
lpfc_cmd = container_of(cmdiocbq, struct lpfc_io_buf,
- cur_iocbq);
+ cur_iocbq);
if (rspiocbq && (rspiocbq->cmd_flag & LPFC_EXCHANGE_BUSY))
lpfc_cmd->flags |= LPFC_SBUF_XBUSY;
else
@@ -13897,7 +13896,7 @@ void lpfc_sli4_els_xri_abort_event_proc(
* @irspiocbq: Pointer to work-queue completion queue entry.
*
* This routine handles an ELS work-queue completion event and construct
- * a pseudo response ELS IODBQ from the SLI4 ELS WCQE for the common
+ * a pseudo response ELS IOCBQ from the SLI4 ELS WCQE for the common
* discovery engine to handle.
*
* Return: Pointer to the receive IOCBQ, NULL otherwise.
@@ -13941,7 +13940,7 @@ lpfc_sli4_els_preprocess_rspiocbq(struct
if (bf_get(lpfc_wcqe_c_xb, wcqe)) {
spin_lock_irqsave(&phba->hbalock, iflags);
- cmdiocbq->cmd_flag |= LPFC_EXCHANGE_BUSY;
+ irspiocbq->cmd_flag |= LPFC_EXCHANGE_BUSY;
spin_unlock_irqrestore(&phba->hbalock, iflags);
}
@@ -14800,7 +14799,7 @@ lpfc_sli4_fp_handle_fcp_wcqe(struct lpfc
/* Pass the cmd_iocb and the wcqe to the upper layer */
memcpy(&cmdiocbq->wcqe_cmpl, wcqe,
sizeof(struct lpfc_wcqe_complete));
- (cmdiocbq->cmd_cmpl)(phba, cmdiocbq, cmdiocbq);
+ cmdiocbq->cmd_cmpl(phba, cmdiocbq, cmdiocbq);
} else {
lpfc_printf_log(phba, KERN_WARNING, LOG_SLI,
"0375 FCP cmdiocb not callback function "
@@ -18963,7 +18962,7 @@ lpfc_sli4_send_seq_to_ulp(struct lpfc_vp
/* Free iocb created in lpfc_prep_seq */
list_for_each_entry_safe(curr_iocb, next_iocb,
- &iocbq->list, list) {
+ &iocbq->list, list) {
list_del_init(&curr_iocb->list);
lpfc_sli_release_iocbq(phba, curr_iocb);
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 304/339] scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 303/339] scsi: lpfc: Resolve some cleanup issues following SLI " Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 305/339] KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots() Greg Kroah-Hartman
` (36 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Justin Tee, James Smart, Martin K. Petersen
From: James Smart <jsmart2021@gmail.com>
commit 6f808bd78e8296b4ded813b7182988d57e1f6176 upstream.
Calls to starget_to_rport() may return NULL. Add check for NULL rport
before dereference.
Link: https://lore.kernel.org/r/20220603174329.63777-5-jsmart2021@gmail.com
Fixes: bb21fc9911ee ("scsi: lpfc: Use fc_block_rport()")
Cc: <stable@vger.kernel.org> # v5.18
Co-developed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_scsi.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -6316,6 +6316,9 @@ lpfc_device_reset_handler(struct scsi_cm
int status;
u32 logit = LOG_FCP;
+ if (!rport)
+ return FAILED;
+
rdata = rport->dd_data;
if (!rdata || !rdata->pnode) {
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
@@ -6394,6 +6397,9 @@ lpfc_target_reset_handler(struct scsi_cm
unsigned long flags;
DECLARE_WAIT_QUEUE_HEAD_ONSTACK(waitq);
+ if (!rport)
+ return FAILED;
+
rdata = rport->dd_data;
if (!rdata || !rdata->pnode) {
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 305/339] KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 304/339] scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 306/339] KVM: SVM: fix tsc scaling cache logic Greg Kroah-Hartman
` (35 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Shaoqin Huang, Sean Christopherson,
Paolo Bonzini
From: Shaoqin Huang <shaoqin.huang@intel.com>
commit cf4a8693d97a51dccf5a1557248d12d6d8be4b9e upstream.
When freeing obsolete previous roots, check prev_roots as intended, not
the current root.
Signed-off-by: Shaoqin Huang <shaoqin.huang@intel.com>
Fixes: 527d5cd7eece ("KVM: x86/mmu: Zap only obsolete roots if a root shadow page is zapped")
Message-Id: <20220607005905.2933378-1-shaoqin.huang@intel.com>
Cc: stable@vger.kernel.org
Reviewed-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/mmu/mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -5168,7 +5168,7 @@ static void __kvm_mmu_free_obsolete_root
roots_to_free |= KVM_MMU_ROOT_CURRENT;
for (i = 0; i < KVM_MMU_NUM_PREV_ROOTS; i++) {
- if (is_obsolete_root(kvm, mmu->root.hpa))
+ if (is_obsolete_root(kvm, mmu->prev_roots[i].hpa))
roots_to_free |= KVM_MMU_ROOT_PREVIOUS(i);
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 306/339] KVM: SVM: fix tsc scaling cache logic
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 305/339] KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots() Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 307/339] filemap: Cache the value of vm_flags Greg Kroah-Hartman
` (34 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Maxim Levitsky, Paolo Bonzini
From: Maxim Levitsky <mlevitsk@redhat.com>
commit 11d39e8cc43e1c6737af19ca9372e590061b5ad2 upstream.
SVM uses a per-cpu variable to cache the current value of the
tsc scaling multiplier msr on each cpu.
Commit 1ab9287add5e2
("KVM: X86: Add vendor callbacks for writing the TSC multiplier")
broke this caching logic.
Refactor the code so that all TSC scaling multiplier writes go through
a single function which checks and updates the cache.
This fixes the following scenario:
1. A CPU runs a guest with some tsc scaling ratio.
2. New guest with different tsc scaling ratio starts on this CPU
and terminates almost immediately.
This ensures that the short running guest had set the tsc scaling ratio just
once when it was set via KVM_SET_TSC_KHZ. Due to the bug,
the per-cpu cache is not updated.
3. The original guest continues to run, it doesn't restore the msr
value back to its own value, because the cache matches,
and thus continues to run with a wrong tsc scaling ratio.
Fixes: 1ab9287add5e2 ("KVM: X86: Add vendor callbacks for writing the TSC multiplier")
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20220606181149.103072-1-mlevitsk@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/nested.c | 4 ++--
arch/x86/kvm/svm/svm.c | 32 ++++++++++++++++++++------------
arch/x86/kvm/svm/svm.h | 2 +-
3 files changed, 23 insertions(+), 15 deletions(-)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -896,7 +896,7 @@ int nested_svm_vmexit(struct vcpu_svm *s
if (svm->tsc_ratio_msr != kvm_default_tsc_scaling_ratio) {
WARN_ON(!svm->tsc_scaling_enabled);
vcpu->arch.tsc_scaling_ratio = vcpu->arch.l1_tsc_scaling_ratio;
- svm_write_tsc_multiplier(vcpu, vcpu->arch.tsc_scaling_ratio);
+ __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
}
svm->nested.ctl.nested_cr3 = 0;
@@ -1293,7 +1293,7 @@ void nested_svm_update_tsc_ratio_msr(str
vcpu->arch.tsc_scaling_ratio =
kvm_calc_nested_tsc_multiplier(vcpu->arch.l1_tsc_scaling_ratio,
svm->tsc_ratio_msr);
- svm_write_tsc_multiplier(vcpu, vcpu->arch.tsc_scaling_ratio);
+ __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
}
/* Inverse operation of nested_copy_vmcb_control_to_cache(). asid is copied too. */
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -463,11 +463,24 @@ static int has_svm(void)
return 1;
}
+void __svm_write_tsc_multiplier(u64 multiplier)
+{
+ preempt_disable();
+
+ if (multiplier == __this_cpu_read(current_tsc_ratio))
+ goto out;
+
+ wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
+ __this_cpu_write(current_tsc_ratio, multiplier);
+out:
+ preempt_enable();
+}
+
static void svm_hardware_disable(void)
{
/* Make sure we clean up behind us */
if (tsc_scaling)
- wrmsrl(MSR_AMD64_TSC_RATIO, SVM_TSC_RATIO_DEFAULT);
+ __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
cpu_svm_disable();
@@ -513,8 +526,7 @@ static int svm_hardware_enable(void)
* Set the default value, even if we don't use TSC scaling
* to avoid having stale value in the msr
*/
- wrmsrl(MSR_AMD64_TSC_RATIO, SVM_TSC_RATIO_DEFAULT);
- __this_cpu_write(current_tsc_ratio, SVM_TSC_RATIO_DEFAULT);
+ __svm_write_tsc_multiplier(SVM_TSC_RATIO_DEFAULT);
}
@@ -915,11 +927,12 @@ static void svm_write_tsc_offset(struct
vmcb_mark_dirty(svm->vmcb, VMCB_INTERCEPTS);
}
-void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
+static void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier)
{
- wrmsrl(MSR_AMD64_TSC_RATIO, multiplier);
+ __svm_write_tsc_multiplier(multiplier);
}
+
/* Evaluate instruction intercepts that depend on guest CPUID features. */
static void svm_recalc_instruction_intercepts(struct kvm_vcpu *vcpu,
struct vcpu_svm *svm)
@@ -1276,13 +1289,8 @@ static void svm_prepare_switch_to_guest(
sev_es_prepare_switch_to_guest(hostsa);
}
- if (tsc_scaling) {
- u64 tsc_ratio = vcpu->arch.tsc_scaling_ratio;
- if (tsc_ratio != __this_cpu_read(current_tsc_ratio)) {
- __this_cpu_write(current_tsc_ratio, tsc_ratio);
- wrmsrl(MSR_AMD64_TSC_RATIO, tsc_ratio);
- }
- }
+ if (tsc_scaling)
+ __svm_write_tsc_multiplier(vcpu->arch.tsc_scaling_ratio);
if (likely(tsc_aux_uret_slot >= 0))
kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull);
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -558,7 +558,7 @@ int nested_svm_check_exception(struct vc
bool has_error_code, u32 error_code);
int nested_svm_exit_special(struct vcpu_svm *svm);
void nested_svm_update_tsc_ratio_msr(struct kvm_vcpu *vcpu);
-void svm_write_tsc_multiplier(struct kvm_vcpu *vcpu, u64 multiplier);
+void __svm_write_tsc_multiplier(u64 multiplier);
void nested_copy_vmcb_control_to_cache(struct vcpu_svm *svm,
struct vmcb_control_area *control);
void nested_copy_vmcb_save_to_cache(struct vcpu_svm *svm,
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 307/339] filemap: Cache the value of vm_flags
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 306/339] KVM: SVM: fix tsc scaling cache logic Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 308/339] KEYS: trusted: tpm2: Fix migratable logic Greg Kroah-Hartman
` (33 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+5b96d55e5b54924c77ad,
Matthew Wilcox (Oracle)
From: Matthew Wilcox (Oracle) <willy@infradead.org>
commit dcfa24ba68991ab69a48254a18377b45180ae664 upstream.
After we have unlocked the mmap_lock for I/O, the file is pinned, but
the VMA is not. Checking this flag after that can be a use-after-free.
It's not a terribly interesting use-after-free as it can only read one
bit, and it's used to decide whether to read 2MB or 4MB. But it
upsets the automated tools and it's generally bad practice anyway,
so let's fix it.
Reported-by: syzbot+5b96d55e5b54924c77ad@syzkaller.appspotmail.com
Fixes: 4687fdbb805a ("mm/filemap: Support VM_HUGEPAGE for file mappings")
Cc: stable@vger.kernel.org
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/filemap.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2991,11 +2991,12 @@ static struct file *do_sync_mmap_readahe
struct address_space *mapping = file->f_mapping;
DEFINE_READAHEAD(ractl, file, ra, mapping, vmf->pgoff);
struct file *fpin = NULL;
+ unsigned long vm_flags = vmf->vma->vm_flags;
unsigned int mmap_miss;
#ifdef CONFIG_TRANSPARENT_HUGEPAGE
/* Use the readahead code, even if readahead is disabled */
- if (vmf->vma->vm_flags & VM_HUGEPAGE) {
+ if (vm_flags & VM_HUGEPAGE) {
fpin = maybe_unlock_mmap_for_io(vmf, fpin);
ractl._index &= ~((unsigned long)HPAGE_PMD_NR - 1);
ra->size = HPAGE_PMD_NR;
@@ -3003,7 +3004,7 @@ static struct file *do_sync_mmap_readahe
* Fetch two PMD folios, so we get the chance to actually
* readahead, unless we've been told not to.
*/
- if (!(vmf->vma->vm_flags & VM_RAND_READ))
+ if (!(vm_flags & VM_RAND_READ))
ra->size *= 2;
ra->async_size = HPAGE_PMD_NR;
page_cache_ra_order(&ractl, ra, HPAGE_PMD_ORDER);
@@ -3012,12 +3013,12 @@ static struct file *do_sync_mmap_readahe
#endif
/* If we don't want any read-ahead, don't bother */
- if (vmf->vma->vm_flags & VM_RAND_READ)
+ if (vm_flags & VM_RAND_READ)
return fpin;
if (!ra->ra_pages)
return fpin;
- if (vmf->vma->vm_flags & VM_SEQ_READ) {
+ if (vm_flags & VM_SEQ_READ) {
fpin = maybe_unlock_mmap_for_io(vmf, fpin);
page_cache_sync_ra(&ractl, ra->ra_pages);
return fpin;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 308/339] KEYS: trusted: tpm2: Fix migratable logic
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 307/339] filemap: Cache the value of vm_flags Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 309/339] libata: fix reading concurrent positioning ranges log Greg Kroah-Hartman
` (32 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, David Safford, Ahmad Fatoum, Jarkko Sakkinen
From: David Safford <david.safford@gmail.com>
commit dda5384313a40ecbaafd8a9a80f47483255e4c4d upstream.
When creating (sealing) a new trusted key, migratable
trusted keys have the FIXED_TPM and FIXED_PARENT attributes
set, and non-migratable keys don't. This is backwards, and
also causes creation to fail when creating a migratable key
under a migratable parent. (The TPM thinks you are trying to
seal a non-migratable blob under a migratable parent.)
The following simple patch fixes the logic, and has been
tested for all four combinations of migratable and non-migratable
trusted keys and parent storage keys. With this logic, you will
get a proper failure if you try to create a non-migratable
trusted key under a migratable parent storage key, and all other
combinations work correctly.
Cc: stable@vger.kernel.org # v5.13+
Fixes: e5fb5d2c5a03 ("security: keys: trusted: Make sealed key properly interoperable")
Signed-off-by: David Safford <david.safford@gmail.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/keys/trusted-keys/trusted_tpm2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -283,8 +283,8 @@ int tpm2_seal_trusted(struct tpm_chip *c
/* key properties */
flags = 0;
flags |= options->policydigest_len ? 0 : TPM2_OA_USER_WITH_AUTH;
- flags |= payload->migratable ? (TPM2_OA_FIXED_TPM |
- TPM2_OA_FIXED_PARENT) : 0;
+ flags |= payload->migratable ? 0 : (TPM2_OA_FIXED_TPM |
+ TPM2_OA_FIXED_PARENT);
tpm_buf_append_u32(&buf, flags);
/* policy */
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 309/339] libata: fix reading concurrent positioning ranges log
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 308/339] KEYS: trusted: tpm2: Fix migratable logic Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 310/339] libata: fix translation of concurrent positioning ranges Greg Kroah-Hartman
` (31 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tyler Erickson, Muhammad Ahmad,
Michael English, Damien Le Moal
From: Tyler Erickson <tyler.erickson@seagate.com>
commit c745dfc541e78428ba3986f1d17fe1dfdaca8184 upstream.
The concurrent positioning ranges log is not a fixed size and may depend
on how many ranges are supported by the device. This patch uses the size
reported in the GPL directory to determine the number of pages supported
by the device before attempting to read this log page.
This resolves this error from the dmesg output:
ata6.00: Read log 0x47 page 0x00 failed, Emask 0x1
Cc: stable@vger.kernel.org
Fixes: fe22e1c2f705 ("libata: support concurrent positioning ranges log")
Signed-off-by: Tyler Erickson <tyler.erickson@seagate.com>
Reviewed-by: Muhammad Ahmad <muhammad.ahmad@seagate.com>
Tested-by: Michael English <michael.english@seagate.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -2003,16 +2003,16 @@ retry:
return err_mask;
}
-static bool ata_log_supported(struct ata_device *dev, u8 log)
+static int ata_log_supported(struct ata_device *dev, u8 log)
{
struct ata_port *ap = dev->link->ap;
if (dev->horkage & ATA_HORKAGE_NO_LOG_DIR)
- return false;
+ return 0;
if (ata_read_log_page(dev, ATA_LOG_DIRECTORY, 0, ap->sector_buf, 1))
- return false;
- return get_unaligned_le16(&ap->sector_buf[log * 2]) ? true : false;
+ return 0;
+ return get_unaligned_le16(&ap->sector_buf[log * 2]);
}
static bool ata_identify_page_supported(struct ata_device *dev, u8 page)
@@ -2448,15 +2448,20 @@ static void ata_dev_config_cpr(struct at
struct ata_cpr_log *cpr_log = NULL;
u8 *desc, *buf = NULL;
- if (ata_id_major_version(dev->id) < 11 ||
- !ata_log_supported(dev, ATA_LOG_CONCURRENT_POSITIONING_RANGES))
+ if (ata_id_major_version(dev->id) < 11)
+ goto out;
+
+ buf_len = ata_log_supported(dev, ATA_LOG_CONCURRENT_POSITIONING_RANGES);
+ if (buf_len == 0)
goto out;
/*
* Read the concurrent positioning ranges log (0x47). We can have at
- * most 255 32B range descriptors plus a 64B header.
+ * most 255 32B range descriptors plus a 64B header. This log varies in
+ * size, so use the size reported in the GPL directory. Reading beyond
+ * the supported length will result in an error.
*/
- buf_len = (64 + 255 * 32 + 511) & ~511;
+ buf_len <<= 9;
buf = kzalloc(buf_len, GFP_KERNEL);
if (!buf)
goto out;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 310/339] libata: fix translation of concurrent positioning ranges
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 309/339] libata: fix reading concurrent positioning ranges log Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 311/339] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Greg Kroah-Hartman
` (30 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tyler Erickson, Muhammad Ahmad,
Michael English, Hannes Reinecke, Damien Le Moal
From: Tyler Erickson <tyler.erickson@seagate.com>
commit 6d11acd452fd885ef6ace184c9c70bc863a8c72f upstream.
Fixing the page length in the SCSI translation for the concurrent
positioning ranges VPD page. It was writing starting in offset 3
rather than offset 2 where the MSB is supposed to start for
the VPD page length.
Cc: stable@vger.kernel.org
Fixes: fe22e1c2f705 ("libata: support concurrent positioning ranges log")
Signed-off-by: Tyler Erickson <tyler.erickson@seagate.com>
Reviewed-by: Muhammad Ahmad <muhammad.ahmad@seagate.com>
Tested-by: Michael English <michael.english@seagate.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-scsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -2101,7 +2101,7 @@ static unsigned int ata_scsiop_inq_b9(st
/* SCSI Concurrent Positioning Ranges VPD page: SBC-5 rev 1 or later */
rbuf[1] = 0xb9;
- put_unaligned_be16(64 + (int)cpr_log->nr_cpr * 32 - 4, &rbuf[3]);
+ put_unaligned_be16(64 + (int)cpr_log->nr_cpr * 32 - 4, &rbuf[2]);
for (i = 0; i < cpr_log->nr_cpr; i++, desc += 32) {
desc[0] = cpr_log->cpr[i].num;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 311/339] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 310/339] libata: fix translation of concurrent positioning ranges Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 312/339] mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend Greg Kroah-Hartman
` (29 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sergey Shtylyov, Damien Le Moal
From: Sergey Shtylyov <s.shtylyov@omp.ru>
commit 72aad489f992871e908ff6d9055b26c6366fb864 upstream.
The {dma|pio}_mode sysfs files are incorrectly documented as having a
list of the supported DMA/PIO transfer modes, while the corresponding
fields of the *struct* ata_device hold the transfer mode IDs, not masks.
To match these docs, the {dma|pio}_mode (and even xfer_mode!) sysfs
files are handled by the ata_bitfield_name_match() macro which leads to
reading such kind of nonsense from them:
$ cat /sys/class/ata_device/dev3.0/pio_mode
XFER_UDMA_7, XFER_UDMA_6, XFER_UDMA_5, XFER_UDMA_4, XFER_MW_DMA_4,
XFER_PIO_6, XFER_PIO_5, XFER_PIO_4, XFER_PIO_3, XFER_PIO_2, XFER_PIO_1,
XFER_PIO_0
Using the correct ata_bitfield_name_search() macro fixes that:
$ cat /sys/class/ata_device/dev3.0/pio_mode
XFER_PIO_4
While fixing the file documentation, somewhat reword the {dma|pio}_mode
file doc and add a note about being mostly useful for PATA devices to
the xfer_mode file doc...
Fixes: d9027470b886 ("[libata] Add ATA transport class")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/ABI/testing/sysfs-ata | 11 ++++++-----
drivers/ata/libata-transport.c | 2 +-
2 files changed, 7 insertions(+), 6 deletions(-)
--- a/Documentation/ABI/testing/sysfs-ata
+++ b/Documentation/ABI/testing/sysfs-ata
@@ -107,13 +107,14 @@ Description:
described in ATA8 7.16 and 7.17. Only valid if
the device is not a PM.
- pio_mode: (RO) Transfer modes supported by the device when
- in PIO mode. Mostly used by PATA device.
+ pio_mode: (RO) PIO transfer mode used by the device.
+ Mostly used by PATA devices.
- xfer_mode: (RO) Current transfer mode
+ xfer_mode: (RO) Current transfer mode. Mostly used by
+ PATA devices.
- dma_mode: (RO) Transfer modes supported by the device when
- in DMA mode. Mostly used by PATA device.
+ dma_mode: (RO) DMA transfer mode used by the device.
+ Mostly used by PATA devices.
class: (RO) Device class. Can be "ata" for disk,
"atapi" for packet device, "pmp" for PM, or
--- a/drivers/ata/libata-transport.c
+++ b/drivers/ata/libata-transport.c
@@ -196,7 +196,7 @@ static struct {
{ XFER_PIO_0, "XFER_PIO_0" },
{ XFER_PIO_SLOW, "XFER_PIO_SLOW" }
};
-ata_bitfield_name_match(xfer,ata_xfer_names)
+ata_bitfield_name_search(xfer, ata_xfer_names)
/*
* ATA Port attributes
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 312/339] mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 311/339] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 313/339] mmc: block: Fix CQE recovery reset success Greg Kroah-Hartman
` (28 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Ben Chuang, Ulf Hansson
From: Ben Chuang <benchuanggli@gmail.com>
commit 291e7d52d19f114cad6cbf802f3f19ef12a011f8 upstream.
When the system resumes from suspend (S3 or S4), the power mode is
MMC_POWER_OFF. In this status, gl9763e_runtime_resume() should not enable
PLL. Add a condition to this function to enable PLL only when the power
mode is MMC_POWER_ON.
Fixes: d607667bb8fa (mmc: sdhci-pci-gli: Add runtime PM for GL9763E)
Signed-off-by: Ben Chuang <benchuanggli@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220520114242.150235-1-benchuanggli@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pci-gli.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/mmc/host/sdhci-pci-gli.c
+++ b/drivers/mmc/host/sdhci-pci-gli.c
@@ -972,6 +972,9 @@ static int gl9763e_runtime_resume(struct
struct sdhci_host *host = slot->host;
u16 clock;
+ if (host->mmc->ios.power_mode != MMC_POWER_ON)
+ return 0;
+
clock = sdhci_readw(host, SDHCI_CLOCK_CONTROL);
clock |= SDHCI_CLOCK_PLL_EN;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 313/339] mmc: block: Fix CQE recovery reset success
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 312/339] mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 314/339] net: phy: dp83867: retrigger SGMII AN when link change Greg Kroah-Hartman
` (27 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Adrian Hunter, Ulf Hansson
From: Adrian Hunter <adrian.hunter@intel.com>
commit a051246b786af7e4a9d9219cc7038a6e8a411531 upstream.
The intention of the use of mmc_blk_reset_success() in
mmc_blk_cqe_recovery() was to prevent repeated resets when retrying and
getting the same error. However, that may not be the case - any amount
of time and I/O may pass before another recovery is needed, in which
case there would be no reason to deny it the opportunity to recover via
a reset if necessary. CQE recovery is expected seldom and failure to
recover (if the clear tasks command fails), even more seldom, so it is
better to allow the reset always, which can be done by calling
mmc_blk_reset_success() always.
Fixes: 1e8e55b67030c6 ("mmc: block: Add CQE support")
Cc: stable@vger.kernel.org
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Link: https://lore.kernel.org/r/20220531171922.76080-1-adrian.hunter@intel.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -1482,8 +1482,7 @@ void mmc_blk_cqe_recovery(struct mmc_que
err = mmc_cqe_recovery(host);
if (err)
mmc_blk_reset(mq->blkdata, host, MMC_BLK_CQE_RECOVERY);
- else
- mmc_blk_reset_success(mq->blkdata, MMC_BLK_CQE_RECOVERY);
+ mmc_blk_reset_success(mq->blkdata, MMC_BLK_CQE_RECOVERY);
pr_debug("%s: CQE recovery done\n", mmc_hostname(host));
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 314/339] net: phy: dp83867: retrigger SGMII AN when link change
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 313/339] mmc: block: Fix CQE recovery reset success Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 315/339] net: openvswitch: fix misuse of the cached connection on tuple changes Greg Kroah-Hartman
` (26 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sit, Michael Wei Hong, Voon Weifeng,
Tan Tee Min, Andrew Lunn, Jakub Kicinski, Sit
From: Tan Tee Min <tee.min.tan@linux.intel.com>
commit c76acfb7e19dcc3a0964e0563770b1d11b8d4540 upstream.
There is a limitation in TI DP83867 PHY device where SGMII AN is only
triggered once after the device is booted up. Even after the PHY TPI is
down and up again, SGMII AN is not triggered and hence no new in-band
message from PHY to MAC side SGMII.
This could cause an issue during power up, when PHY is up prior to MAC.
At this condition, once MAC side SGMII is up, MAC side SGMII wouldn`t
receive new in-band message from TI PHY with correct link status, speed
and duplex info.
As suggested by TI, implemented a SW solution here to retrigger SGMII
Auto-Neg whenever there is a link change.
v2: Add Fixes tag in commit message.
Fixes: 2a10154abcb7 ("net: phy: dp83867: Add TI dp83867 phy")
Cc: <stable@vger.kernel.org> # 5.4.x
Signed-off-by: Sit, Michael Wei Hong <michael.wei.hong.sit@intel.com>
Reviewed-by: Voon Weifeng <weifeng.voon@intel.com>
Signed-off-by: Tan Tee Min <tee.min.tan@linux.intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220526090347.128742-1-tee.min.tan@linux.intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/phy/dp83867.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
--- a/drivers/net/phy/dp83867.c
+++ b/drivers/net/phy/dp83867.c
@@ -137,6 +137,7 @@
#define DP83867_DOWNSHIFT_2_COUNT 2
#define DP83867_DOWNSHIFT_4_COUNT 4
#define DP83867_DOWNSHIFT_8_COUNT 8
+#define DP83867_SGMII_AUTONEG_EN BIT(7)
/* CFG3 bits */
#define DP83867_CFG3_INT_OE BIT(7)
@@ -855,6 +856,32 @@ static int dp83867_phy_reset(struct phy_
DP83867_PHYCR_FORCE_LINK_GOOD, 0);
}
+static void dp83867_link_change_notify(struct phy_device *phydev)
+{
+ /* There is a limitation in DP83867 PHY device where SGMII AN is
+ * only triggered once after the device is booted up. Even after the
+ * PHY TPI is down and up again, SGMII AN is not triggered and
+ * hence no new in-band message from PHY to MAC side SGMII.
+ * This could cause an issue during power up, when PHY is up prior
+ * to MAC. At this condition, once MAC side SGMII is up, MAC side
+ * SGMII wouldn`t receive new in-band message from TI PHY with
+ * correct link status, speed and duplex info.
+ * Thus, implemented a SW solution here to retrigger SGMII Auto-Neg
+ * whenever there is a link change.
+ */
+ if (phydev->interface == PHY_INTERFACE_MODE_SGMII) {
+ int val = 0;
+
+ val = phy_clear_bits(phydev, DP83867_CFG2,
+ DP83867_SGMII_AUTONEG_EN);
+ if (val < 0)
+ return;
+
+ phy_set_bits(phydev, DP83867_CFG2,
+ DP83867_SGMII_AUTONEG_EN);
+ }
+}
+
static struct phy_driver dp83867_driver[] = {
{
.phy_id = DP83867_PHY_ID,
@@ -879,6 +906,8 @@ static struct phy_driver dp83867_driver[
.suspend = genphy_suspend,
.resume = genphy_resume,
+
+ .link_change_notify = dp83867_link_change_notify,
},
};
module_phy_driver(dp83867_driver);
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 315/339] net: openvswitch: fix misuse of the cached connection on tuple changes
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 314/339] net: phy: dp83867: retrigger SGMII AN when link change Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 316/339] writeback: Fix inode->i_io_list not be protected by inode->i_lock error Greg Kroah-Hartman
` (25 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Frode Nordahl, Ilya Maximets, Jakub Kicinski
From: Ilya Maximets <i.maximets@ovn.org>
commit 2061ecfdf2350994e5b61c43e50e98a7a70e95ee upstream.
If packet headers changed, the cached nfct is no longer relevant
for the packet and attempt to re-use it leads to the incorrect packet
classification.
This issue is causing broken connectivity in OpenStack deployments
with OVS/OVN due to hairpin traffic being unexpectedly dropped.
The setup has datapath flows with several conntrack actions and tuple
changes between them:
actions:ct(commit,zone=8,mark=0/0x1,nat(src)),
set(eth(src=00:00:00:00:00:01,dst=00:00:00:00:00:06)),
set(ipv4(src=172.18.2.10,dst=192.168.100.6,ttl=62)),
ct(zone=8),recirc(0x4)
After the first ct() action the packet headers are almost fully
re-written. The next ct() tries to re-use the existing nfct entry
and marks the packet as invalid, so it gets dropped later in the
pipeline.
Clearing the cached conntrack entry whenever packet tuple is changed
to avoid the issue.
The flow key should not be cleared though, because we should still
be able to match on the ct_state if the recirculation happens after
the tuple change but before the next ct() action.
Cc: stable@vger.kernel.org
Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
Reported-by: Frode Nordahl <frode.nordahl@canonical.com>
Link: https://mail.openvswitch.org/pipermail/ovs-discuss/2022-May/051829.html
Link: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1967856
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Link: https://lore.kernel.org/r/20220606221140.488984-1-i.maximets@ovn.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/openvswitch/actions.c | 6 ++++++
net/openvswitch/conntrack.c | 4 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -373,6 +373,7 @@ static void set_ip_addr(struct sk_buff *
update_ip_l4_checksum(skb, nh, *addr, new_addr);
csum_replace4(&nh->check, *addr, new_addr);
skb_clear_hash(skb);
+ ovs_ct_clear(skb, NULL);
*addr = new_addr;
}
@@ -420,6 +421,7 @@ static void set_ipv6_addr(struct sk_buff
update_ipv6_checksum(skb, l4_proto, addr, new_addr);
skb_clear_hash(skb);
+ ovs_ct_clear(skb, NULL);
memcpy(addr, new_addr, sizeof(__be32[4]));
}
@@ -660,6 +662,7 @@ static int set_nsh(struct sk_buff *skb,
static void set_tp_port(struct sk_buff *skb, __be16 *port,
__be16 new_port, __sum16 *check)
{
+ ovs_ct_clear(skb, NULL);
inet_proto_csum_replace2(check, skb, *port, new_port, false);
*port = new_port;
}
@@ -699,6 +702,7 @@ static int set_udp(struct sk_buff *skb,
uh->dest = dst;
flow_key->tp.src = src;
flow_key->tp.dst = dst;
+ ovs_ct_clear(skb, NULL);
}
skb_clear_hash(skb);
@@ -761,6 +765,8 @@ static int set_sctp(struct sk_buff *skb,
sh->checksum = old_csum ^ old_correct_csum ^ new_csum;
skb_clear_hash(skb);
+ ovs_ct_clear(skb, NULL);
+
flow_key->tp.src = sh->source;
flow_key->tp.dst = sh->dest;
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -1342,7 +1342,9 @@ int ovs_ct_clear(struct sk_buff *skb, st
nf_ct_put(ct);
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
- ovs_ct_fill_key(skb, key, false);
+
+ if (key)
+ ovs_ct_fill_key(skb, key, false);
return 0;
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 316/339] writeback: Fix inode->i_io_list not be protected by inode->i_lock error
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 315/339] net: openvswitch: fix misuse of the cached connection on tuple changes Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 317/339] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
` (24 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jchao Sun, Jan Kara
From: Jchao Sun <sunjunchao2870@gmail.com>
commit 10e14073107dd0b6d97d9516a02845a8e501c2c9 upstream.
Commit b35250c0816c ("writeback: Protect inode->i_io_list with
inode->i_lock") made inode->i_io_list not only protected by
wb->list_lock but also inode->i_lock, but inode_io_list_move_locked()
was missed. Add lock there and also update comment describing
things protected by inode->i_lock. This also fixes a race where
__mark_inode_dirty() could move inode under flush worker's hands
and thus sync(2) could miss writing some inodes.
Fixes: b35250c0816c ("writeback: Protect inode->i_io_list with inode->i_lock")
Link: https://lore.kernel.org/r/20220524150540.12552-1-sunjunchao2870@gmail.com
CC: stable@vger.kernel.org
Signed-off-by: Jchao Sun <sunjunchao2870@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fs-writeback.c | 37 ++++++++++++++++++++++++++++---------
fs/inode.c | 2 +-
2 files changed, 29 insertions(+), 10 deletions(-)
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -120,6 +120,7 @@ static bool inode_io_list_move_locked(st
struct list_head *head)
{
assert_spin_locked(&wb->list_lock);
+ assert_spin_locked(&inode->i_lock);
list_move(&inode->i_io_list, head);
@@ -1365,9 +1366,9 @@ static int move_expired_inodes(struct li
inode = wb_inode(delaying_queue->prev);
if (inode_dirtied_after(inode, dirtied_before))
break;
+ spin_lock(&inode->i_lock);
list_move(&inode->i_io_list, &tmp);
moved++;
- spin_lock(&inode->i_lock);
inode->i_state |= I_SYNC_QUEUED;
spin_unlock(&inode->i_lock);
if (sb_is_blkdev_sb(inode->i_sb))
@@ -1383,7 +1384,12 @@ static int move_expired_inodes(struct li
goto out;
}
- /* Move inodes from one superblock together */
+ /*
+ * Although inode's i_io_list is moved from 'tmp' to 'dispatch_queue',
+ * we don't take inode->i_lock here because it is just a pointless overhead.
+ * Inode is already marked as I_SYNC_QUEUED so writeback list handling is
+ * fully under our control.
+ */
while (!list_empty(&tmp)) {
sb = wb_inode(tmp.prev)->i_sb;
list_for_each_prev_safe(pos, node, &tmp) {
@@ -1826,8 +1832,8 @@ static long writeback_sb_inodes(struct s
* We'll have another go at writing back this inode
* when we completed a full scan of b_io.
*/
- spin_unlock(&inode->i_lock);
requeue_io(inode, wb);
+ spin_unlock(&inode->i_lock);
trace_writeback_sb_inodes_requeue(inode);
continue;
}
@@ -2358,6 +2364,7 @@ void __mark_inode_dirty(struct inode *in
{
struct super_block *sb = inode->i_sb;
int dirtytime = 0;
+ struct bdi_writeback *wb = NULL;
trace_writeback_mark_inode_dirty(inode, flags);
@@ -2410,13 +2417,24 @@ void __mark_inode_dirty(struct inode *in
inode->i_state |= flags;
/*
+ * Grab inode's wb early because it requires dropping i_lock and we
+ * need to make sure following checks happen atomically with dirty
+ * list handling so that we don't move inodes under flush worker's
+ * hands.
+ */
+ if (!was_dirty) {
+ wb = locked_inode_to_wb_and_lock_list(inode);
+ spin_lock(&inode->i_lock);
+ }
+
+ /*
* If the inode is queued for writeback by flush worker, just
* update its dirty state. Once the flush worker is done with
* the inode it will place it on the appropriate superblock
* list, based upon its state.
*/
if (inode->i_state & I_SYNC_QUEUED)
- goto out_unlock_inode;
+ goto out_unlock;
/*
* Only add valid (hashed) inodes to the superblock's
@@ -2424,22 +2442,19 @@ void __mark_inode_dirty(struct inode *in
*/
if (!S_ISBLK(inode->i_mode)) {
if (inode_unhashed(inode))
- goto out_unlock_inode;
+ goto out_unlock;
}
if (inode->i_state & I_FREEING)
- goto out_unlock_inode;
+ goto out_unlock;
/*
* If the inode was already on b_dirty/b_io/b_more_io, don't
* reposition it (that would break b_dirty time-ordering).
*/
if (!was_dirty) {
- struct bdi_writeback *wb;
struct list_head *dirty_list;
bool wakeup_bdi = false;
- wb = locked_inode_to_wb_and_lock_list(inode);
-
inode->dirtied_when = jiffies;
if (dirtytime)
inode->dirtied_time_when = jiffies;
@@ -2453,6 +2468,7 @@ void __mark_inode_dirty(struct inode *in
dirty_list);
spin_unlock(&wb->list_lock);
+ spin_unlock(&inode->i_lock);
trace_writeback_dirty_inode_enqueue(inode);
/*
@@ -2467,6 +2483,9 @@ void __mark_inode_dirty(struct inode *in
return;
}
}
+out_unlock:
+ if (wb)
+ spin_unlock(&wb->list_lock);
out_unlock_inode:
spin_unlock(&inode->i_lock);
}
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -27,7 +27,7 @@
* Inode locking rules:
*
* inode->i_lock protects:
- * inode->i_state, inode->i_hash, __iget()
+ * inode->i_state, inode->i_hash, __iget(), inode->i_io_list
* Inode LRU list locks protect:
* inode->i_sb->s_inode_lru, inode->i_lru
* inode->i_sb->s_inode_list_lock protects:
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 317/339] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 316/339] writeback: Fix inode->i_io_list not be protected by inode->i_lock error Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 318/339] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Greg Kroah-Hartman
` (23 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Faltesek, Guenter Roeck,
Krzysztof Kozlowski, Jakub Kicinski
From: Martin Faltesek <mfaltesek@google.com>
commit 77e5fe8f176a525523ae091d6fd0fbb8834c156d upstream.
The first validation check for EVT_TRANSACTION has two different checks
tied together with logical AND. One is a check for minimum packet length,
and the other is for a valid aid_tag. If either condition is true (fails),
then an error should be triggered. The fix is to change && to ||.
Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
Cc: stable@vger.kernel.org
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/st21nfca/se.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -315,7 +315,7 @@ int st21nfca_connectivity_event_received
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 &&
+ if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 318/339] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 317/339] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 319/339] nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION Greg Kroah-Hartman
` (22 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Faltesek, Guenter Roeck,
Krzysztof Kozlowski, Jakub Kicinski
From: Martin Faltesek <mfaltesek@google.com>
commit 996419e0594abb311fb958553809f24f38e7abbe upstream.
Error paths do not free previously allocated memory. Add devm_kfree() to
those failure paths.
Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
Fixes: 4fbcc1a4cb20 ("nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION")
Cc: stable@vger.kernel.org
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/st21nfca/se.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -326,22 +326,29 @@ int st21nfca_connectivity_event_received
transaction->aid_len = skb->data[1];
/* Checking if the length of the AID is valid */
- if (transaction->aid_len > sizeof(transaction->aid))
+ if (transaction->aid_len > sizeof(transaction->aid)) {
+ devm_kfree(dev, transaction);
return -EINVAL;
+ }
memcpy(transaction->aid, &skb->data[2],
transaction->aid_len);
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG)
+ NFC_EVT_TRANSACTION_PARAMS_TAG) {
+ devm_kfree(dev, transaction);
return -EPROTO;
+ }
transaction->params_len = skb->data[transaction->aid_len + 3];
/* Total size is allocated (skb->len - 2) minus fixed array members */
- if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction)))
+ if (transaction->params_len > ((skb->len - 2) -
+ sizeof(struct nfc_evt_transaction))) {
+ devm_kfree(dev, transaction);
return -EINVAL;
+ }
memcpy(transaction->params, skb->data +
transaction->aid_len + 4, transaction->params_len);
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 319/339] nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 318/339] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 320/339] ixgbe: fix bcast packets Rx on VF after promisc removal Greg Kroah-Hartman
` (21 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Martin Faltesek, Guenter Roeck,
Krzysztof Kozlowski, Jakub Kicinski
From: Martin Faltesek <mfaltesek@google.com>
commit f2e19b36593caed4c977c2f55aeba7408aeb2132 upstream.
The transaction buffer is allocated by using the size of the packet buf,
and subtracting two which seem intended to remove the two tags which are
not present in the target structure. This calculation leads to under
counting memory because of differences between the packet contents and the
target structure. The aid_len field is a u8 in the packet, but a u32 in
the structure, resulting in at least 3 bytes always being under counted.
Further, the aid data is a variable length field in the packet, but fixed
in the structure, so if this field is less than the max, the difference is
added to the under counting.
The last validation check for transaction->params_len is also incorrect
since it employs the same accounting error.
To fix, perform validation checks progressively to safely reach the
next field, to determine the size of both buffers and verify both tags.
Once all validation checks pass, allocate the buffer and copy the data.
This eliminates freeing memory on the error path, as those checks are
moved ahead of memory allocation.
Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support")
Fixes: 4fbcc1a4cb20 ("nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION")
Cc: stable@vger.kernel.org
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/nfc/st21nfca/se.c | 62 +++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 31 deletions(-)
--- a/drivers/nfc/st21nfca/se.c
+++ b/drivers/nfc/st21nfca/se.c
@@ -300,6 +300,8 @@ int st21nfca_connectivity_event_received
int r = 0;
struct device *dev = &hdev->ndev->dev;
struct nfc_evt_transaction *transaction;
+ u32 aid_len;
+ u8 params_len;
pr_debug("connectivity gate event: %x\n", event);
@@ -308,50 +310,48 @@ int st21nfca_connectivity_event_received
r = nfc_se_connectivity(hdev->ndev, host);
break;
case ST21NFCA_EVT_TRANSACTION:
- /*
- * According to specification etsi 102 622
+ /* According to specification etsi 102 622
* 11.2.2.4 EVT_TRANSACTION Table 52
* Description Tag Length
* AID 81 5 to 16
* PARAMETERS 82 0 to 255
+ *
+ * The key differences are aid storage length is variably sized
+ * in the packet, but fixed in nfc_evt_transaction, and that the aid_len
+ * is u8 in the packet, but u32 in the structure, and the tags in
+ * the packet are not included in nfc_evt_transaction.
+ *
+ * size in bytes: 1 1 5-16 1 1 0-255
+ * offset: 0 1 2 aid_len + 2 aid_len + 3 aid_len + 4
+ * member name: aid_tag(M) aid_len aid params_tag(M) params_len params
+ * example: 0x81 5-16 X 0x82 0-255 X
*/
- if (skb->len < NFC_MIN_AID_LENGTH + 2 ||
- skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
+ if (skb->len < 2 || skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG)
return -EPROTO;
- transaction = devm_kzalloc(dev, skb->len - 2, GFP_KERNEL);
- if (!transaction)
- return -ENOMEM;
+ aid_len = skb->data[1];
+
+ if (skb->len < aid_len + 4 || aid_len > sizeof(transaction->aid))
+ return -EPROTO;
- transaction->aid_len = skb->data[1];
+ params_len = skb->data[aid_len + 3];
- /* Checking if the length of the AID is valid */
- if (transaction->aid_len > sizeof(transaction->aid)) {
- devm_kfree(dev, transaction);
- return -EINVAL;
- }
-
- memcpy(transaction->aid, &skb->data[2],
- transaction->aid_len);
-
- /* Check next byte is PARAMETERS tag (82) */
- if (skb->data[transaction->aid_len + 2] !=
- NFC_EVT_TRANSACTION_PARAMS_TAG) {
- devm_kfree(dev, transaction);
+ /* Verify PARAMETERS tag is (82), and final check that there is enough
+ * space in the packet to read everything.
+ */
+ if ((skb->data[aid_len + 2] != NFC_EVT_TRANSACTION_PARAMS_TAG) ||
+ (skb->len < aid_len + 4 + params_len))
return -EPROTO;
- }
- transaction->params_len = skb->data[transaction->aid_len + 3];
+ transaction = devm_kzalloc(dev, sizeof(*transaction) + params_len, GFP_KERNEL);
+ if (!transaction)
+ return -ENOMEM;
- /* Total size is allocated (skb->len - 2) minus fixed array members */
- if (transaction->params_len > ((skb->len - 2) -
- sizeof(struct nfc_evt_transaction))) {
- devm_kfree(dev, transaction);
- return -EINVAL;
- }
+ transaction->aid_len = aid_len;
+ transaction->params_len = params_len;
- memcpy(transaction->params, skb->data +
- transaction->aid_len + 4, transaction->params_len);
+ memcpy(transaction->aid, &skb->data[2], aid_len);
+ memcpy(transaction->params, &skb->data[aid_len + 4], params_len);
r = nfc_se_transaction(hdev->ndev, host, transaction);
break;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 320/339] ixgbe: fix bcast packets Rx on VF after promisc removal
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 319/339] nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 321/339] ixgbe: fix unexpected VLAN Rx in promisc mode on VF Greg Kroah-Hartman
` (20 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dichtel, Olivier Matz,
Konrad Jankowski, Tony Nguyen
From: Olivier Matz <olivier.matz@6wind.com>
commit 803e9895ea2b0fe80bc85980ae2d7a7e44037914 upstream.
After a VF requested to remove the promiscuous flag on an interface, the
broadcast packets are not received anymore. This breaks some protocols
like ARP.
In ixgbe_update_vf_xcast_mode(), we should keep the IXGBE_VMOLR_BAM
bit (Broadcast Accept) on promiscuous removal.
This flag is already set by default in ixgbe_set_vmolr() on VF reset.
Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode")
Cc: stable@vger.kernel.org
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1184,9 +1184,9 @@ static int ixgbe_update_vf_xcast_mode(st
switch (xcast_mode) {
case IXGBEVF_XCAST_MODE_NONE:
- disable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE |
+ disable = IXGBE_VMOLR_ROMPE |
IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
- enable = 0;
+ enable = IXGBE_VMOLR_BAM;
break;
case IXGBEVF_XCAST_MODE_MULTI:
disable = IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 321/339] ixgbe: fix unexpected VLAN Rx in promisc mode on VF
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 320/339] ixgbe: fix bcast packets Rx on VF after promisc removal Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 322/339] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Greg Kroah-Hartman
` (19 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Nicolas Dichtel, Olivier Matz,
Konrad Jankowski, Tony Nguyen
From: Olivier Matz <olivier.matz@6wind.com>
commit 7bb0fb7c63df95d6027dc50d6af3bc3bbbc25483 upstream.
When the promiscuous mode is enabled on a VF, the IXGBE_VMOLR_VPE
bit (VLAN Promiscuous Enable) is set. This means that the VF will
receive packets whose VLAN is not the same than the VLAN of the VF.
For instance, in this situation:
┌────────┐ ┌────────┐ ┌────────┐
│ │ │ │ │ │
│ │ │ │ │ │
│ VF0├────┤VF1 VF2├────┤VF3 │
│ │ │ │ │ │
└────────┘ └────────┘ └────────┘
VM1 VM2 VM3
vf 0: vlan 1000
vf 1: vlan 1000
vf 2: vlan 1001
vf 3: vlan 1001
If we tcpdump on VF3, we see all the packets, even those transmitted
on vlan 1000.
This behavior prevents to bridge VF1 and VF2 in VM2, because it will
create a loop: packets transmitted on VF1 will be received by VF2 and
vice-versa, and bridged again through the software bridge.
This patch remove the activation of VLAN Promiscuous when a VF enables
the promiscuous mode. However, the IXGBE_VMOLR_UPE bit (Unicast
Promiscuous) is kept, so that a VF receives all packets that has the
same VLAN, whatever the destination MAC address.
Fixes: 8443c1a4b192 ("ixgbe, ixgbevf: Add new mbox API xcast mode")
Cc: stable@vger.kernel.org
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c
@@ -1208,9 +1208,9 @@ static int ixgbe_update_vf_xcast_mode(st
return -EPERM;
}
- disable = 0;
+ disable = IXGBE_VMOLR_VPE;
enable = IXGBE_VMOLR_BAM | IXGBE_VMOLR_ROMPE |
- IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE | IXGBE_VMOLR_VPE;
+ IXGBE_VMOLR_MPE | IXGBE_VMOLR_UPE;
break;
default:
return -EOPNOTSUPP;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 322/339] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 321/339] ixgbe: fix unexpected VLAN Rx in promisc mode on VF Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 323/339] vduse: Fix NULL pointer dereference on sysfs access Greg Kroah-Hartman
` (18 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Mathias Nyman, Dmitry Torokhov
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit c42e65664390be7c1ef3838cd84956d3a2739d60 upstream.
The bcm5974 driver does the allocation and dma mapping of the usb urb
data buffer, but driver does not set the URB_NO_TRANSFER_DMA_MAP flag
to let usb core know the buffer is already mapped.
usb core tries to map the already mapped buffer, causing a warning:
"xhci_hcd 0000:00:14.0: rejecting DMA map of vmalloc memory"
Fix this by setting the URB_NO_TRANSFER_DMA_MAP, letting usb core
know buffer is already mapped by bcm5974 driver
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215890
Link: https://lore.kernel.org/r/20220606113636.588955-1-mathias.nyman@linux.intel.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/bcm5974.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/input/mouse/bcm5974.c
+++ b/drivers/input/mouse/bcm5974.c
@@ -942,17 +942,22 @@ static int bcm5974_probe(struct usb_inte
if (!dev->tp_data)
goto err_free_bt_buffer;
- if (dev->bt_urb)
+ if (dev->bt_urb) {
usb_fill_int_urb(dev->bt_urb, udev,
usb_rcvintpipe(udev, cfg->bt_ep),
dev->bt_data, dev->cfg.bt_datalen,
bcm5974_irq_button, dev, 1);
+ dev->bt_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+ }
+
usb_fill_int_urb(dev->tp_urb, udev,
usb_rcvintpipe(udev, cfg->tp_ep),
dev->tp_data, dev->cfg.tp_datalen,
bcm5974_irq_trackpad, dev, 1);
+ dev->tp_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
+
/* create bcm5974 device */
usb_make_path(udev, dev->phys, sizeof(dev->phys));
strlcat(dev->phys, "/input0", sizeof(dev->phys));
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 323/339] vduse: Fix NULL pointer dereference on sysfs access
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 322/339] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 324/339] cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE Greg Kroah-Hartman
` (17 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, kernel test robot, Xie Yongji,
Michael S. Tsirkin
From: Xie Yongji <xieyongji@bytedance.com>
commit b27ee76c74dc831d6e092eaebc2dfc9c0beed1c9 upstream.
The control device has no drvdata. So we will get a
NULL pointer dereference when accessing control
device's msg_timeout attribute via sysfs:
[ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8
[ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271)
[ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094)
[ 132.870215][ T3644] sysfs_kf_seq_show (fs/sysfs/file.c:59)
[ 132.871164][ T3644] ? device_remove_bin_file (drivers/base/core.c:2088)
[ 132.872082][ T3644] kernfs_seq_show (fs/kernfs/file.c:164)
[ 132.872838][ T3644] seq_read_iter (fs/seq_file.c:230)
[ 132.873578][ T3644] ? __vmalloc_area_node (mm/vmalloc.c:3041)
[ 132.874532][ T3644] kernfs_fop_read_iter (fs/kernfs/file.c:238)
[ 132.875513][ T3644] __kernel_read (fs/read_write.c:440 (discriminator 1))
[ 132.876319][ T3644] kernel_read (fs/read_write.c:459)
[ 132.877129][ T3644] kernel_read_file (fs/kernel_read_file.c:94)
[ 132.877978][ T3644] kernel_read_file_from_fd (include/linux/file.h:45 fs/kernel_read_file.c:186)
[ 132.879019][ T3644] __do_sys_finit_module (kernel/module.c:4207)
[ 132.879930][ T3644] __ia32_sys_finit_module (kernel/module.c:4189)
[ 132.880930][ T3644] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132)
[ 132.881847][ T3644] entry_INT80_compat (arch/x86/entry/entry_64_compat.S:419)
To fix it, don't create the unneeded attribute for
control device anymore.
Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace")
Reported-by: kernel test robot <oliver.sang@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Message-Id: <20220426073656.229-1-xieyongji@bytedance.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vdpa/vdpa_user/vduse_dev.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/vdpa/vdpa_user/vduse_dev.c
+++ b/drivers/vdpa/vdpa_user/vduse_dev.c
@@ -1344,9 +1344,9 @@ static int vduse_create_dev(struct vduse
dev->minor = ret;
dev->msg_timeout = VDUSE_MSG_DEFAULT_TIMEOUT;
- dev->dev = device_create(vduse_class, NULL,
- MKDEV(MAJOR(vduse_major), dev->minor),
- dev, "%s", config->name);
+ dev->dev = device_create_with_groups(vduse_class, NULL,
+ MKDEV(MAJOR(vduse_major), dev->minor),
+ dev, vduse_dev_groups, "%s", config->name);
if (IS_ERR(dev->dev)) {
ret = PTR_ERR(dev->dev);
goto err_dev;
@@ -1595,7 +1595,6 @@ static int vduse_init(void)
return PTR_ERR(vduse_class);
vduse_class->devnode = vduse_devnode;
- vduse_class->dev_groups = vduse_dev_groups;
ret = alloc_chrdev_region(&vduse_major, 0, VDUSE_DEV_MAX, "vduse");
if (ret)
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 324/339] cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 323/339] vduse: Fix NULL pointer dereference on sysfs access Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 325/339] mm/huge_memory: Fix xarray node memory leak Greg Kroah-Hartman
` (16 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Peter Zijlstra (Intel), Rafael J. Wysocki
From: Peter Zijlstra <peterz@infradead.org>
commit 32d4fd5751eadbe1823a37eb38df85ec5c8e6207 upstream.
Commit c227233ad64c ("intel_idle: enable interrupts before C1 on
Xeons") wrecked intel_idle in two ways:
- must not have tracing in idle functions
- must return with IRQs disabled
Additionally, it added a branch for no good reason.
Fixes: c227233ad64c ("intel_idle: enable interrupts before C1 on Xeons")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
[ rjw: Moved the intel_idle() kerneldoc comment next to the function ]
Cc: 5.16+ <stable@vger.kernel.org> # 5.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/idle/intel_idle.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
--- a/drivers/idle/intel_idle.c
+++ b/drivers/idle/intel_idle.c
@@ -115,6 +115,18 @@ static unsigned int mwait_substates __in
#define flg2MWAIT(flags) (((flags) >> 24) & 0xFF)
#define MWAIT2flg(eax) ((eax & 0xFF) << 24)
+static __always_inline int __intel_idle(struct cpuidle_device *dev,
+ struct cpuidle_driver *drv, int index)
+{
+ struct cpuidle_state *state = &drv->states[index];
+ unsigned long eax = flg2MWAIT(state->flags);
+ unsigned long ecx = 1; /* break on interrupt flag */
+
+ mwait_idle_with_hints(eax, ecx);
+
+ return index;
+}
+
/**
* intel_idle - Ask the processor to enter the given idle state.
* @dev: cpuidle device of the target CPU.
@@ -132,16 +144,19 @@ static unsigned int mwait_substates __in
static __cpuidle int intel_idle(struct cpuidle_device *dev,
struct cpuidle_driver *drv, int index)
{
- struct cpuidle_state *state = &drv->states[index];
- unsigned long eax = flg2MWAIT(state->flags);
- unsigned long ecx = 1; /* break on interrupt flag */
+ return __intel_idle(dev, drv, index);
+}
- if (state->flags & CPUIDLE_FLAG_IRQ_ENABLE)
- local_irq_enable();
+static __cpuidle int intel_idle_irq(struct cpuidle_device *dev,
+ struct cpuidle_driver *drv, int index)
+{
+ int ret;
- mwait_idle_with_hints(eax, ecx);
+ raw_local_irq_enable();
+ ret = __intel_idle(dev, drv, index);
+ raw_local_irq_disable();
- return index;
+ return ret;
}
/**
@@ -1668,6 +1683,9 @@ static void __init intel_idle_init_cstat
/* Structure copy. */
drv->states[drv->state_count] = cpuidle_state_table[cstate];
+ if (cpuidle_state_table[cstate].flags & CPUIDLE_FLAG_IRQ_ENABLE)
+ drv->states[drv->state_count].enter = intel_idle_irq;
+
if ((disabled_states_mask & BIT(drv->state_count)) ||
((icpu->use_acpi || force_use_acpi) &&
intel_idle_off_by_default(mwait_hint) &&
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 325/339] mm/huge_memory: Fix xarray node memory leak
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 324/339] cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 326/339] powerpc: Dont select HAVE_IRQ_EXIT_ON_IRQ_STACK Greg Kroah-Hartman
` (15 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, syzbot+9e27a75a8c24f3fe75c1,
Matthew Wilcox (Oracle)
From: Matthew Wilcox (Oracle) <willy@infradead.org>
commit 69a37a8ba1b408a1c7616494aa7018e4b3844cbe upstream.
If xas_split_alloc() fails to allocate the necessary nodes to complete the
xarray entry split, it sets the xa_state to -ENOMEM, which xas_nomem()
then interprets as "Please allocate more memory", not as "Please free
any unnecessary memory" (which was the intended outcome). It's confusing
to use xas_nomem() to free memory in this context, so call xas_destroy()
instead.
Reported-by: syzbot+9e27a75a8c24f3fe75c1@syzkaller.appspotmail.com
Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache")
Cc: stable@vger.kernel.org
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/xarray.h | 1 +
lib/xarray.c | 5 +++--
mm/huge_memory.c | 3 +--
3 files changed, 5 insertions(+), 4 deletions(-)
--- a/include/linux/xarray.h
+++ b/include/linux/xarray.h
@@ -1508,6 +1508,7 @@ void *xas_find_marked(struct xa_state *,
void xas_init_marks(const struct xa_state *);
bool xas_nomem(struct xa_state *, gfp_t);
+void xas_destroy(struct xa_state *);
void xas_pause(struct xa_state *);
void xas_create_range(struct xa_state *);
--- a/lib/xarray.c
+++ b/lib/xarray.c
@@ -264,9 +264,10 @@ static void xa_node_free(struct xa_node
* xas_destroy() - Free any resources allocated during the XArray operation.
* @xas: XArray operation state.
*
- * This function is now internal-only.
+ * Most users will not need to call this function; it is called for you
+ * by xas_nomem().
*/
-static void xas_destroy(struct xa_state *xas)
+void xas_destroy(struct xa_state *xas)
{
struct xa_node *next, *node = xas->xa_alloc;
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2622,8 +2622,7 @@ out_unlock:
if (mapping)
i_mmap_unlock_read(mapping);
out:
- /* Free any memory we didn't use */
- xas_nomem(&xas, 0);
+ xas_destroy(&xas);
count_vm_event(!ret ? THP_SPLIT_PAGE : THP_SPLIT_PAGE_FAILED);
return ret;
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 326/339] powerpc: Dont select HAVE_IRQ_EXIT_ON_IRQ_STACK
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 325/339] mm/huge_memory: Fix xarray node memory leak Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 327/339] drm/amdkfd:Fix fw version for 10.3.6 Greg Kroah-Hartman
` (14 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 1346d00e1bdfd4067f92bc14e8a6131a01de4190 upstream.
The HAVE_IRQ_EXIT_ON_IRQ_STACK option tells generic code that irq_exit()
is called while still running on the hard irq stack (hardirq_ctx[] in
the powerpc code).
Selecting the option means the generic code will *not* switch to the
softirq stack before running softirqs, because the code is already
running on the (mostly empty) hard irq stack.
But since commit 1b1b6a6f4cc0 ("powerpc: handle irq_enter/irq_exit in
interrupt handler wrappers"), irq_exit() is now called on the regular task
stack, not the hard irq stack.
That's because previously irq_exit() was called in __do_irq() which is
run on the hard irq stack, but now it is called in
interrupt_async_exit_prepare() which is called from do_irq() constructed
by the wrapper macro, which is after the switch back to the task stack.
So drop HAVE_IRQ_EXIT_ON_IRQ_STACK from the Kconfig. This will mean an
extra stack switch when processing some interrupts, but should
significantly reduce the likelihood of stack overflow.
It also means the softirq stack will be used for running softirqs from
other interrupts that don't use the hard irq stack, eg. timer interrupts.
Fixes: 1b1b6a6f4cc0 ("powerpc: handle irq_enter/irq_exit in interrupt handler wrappers")
Cc: stable@vger.kernel.org # v5.12+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220525032639.1947280-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/Kconfig | 1 -
1 file changed, 1 deletion(-)
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -218,7 +218,6 @@ config PPC
select HAVE_HARDLOCKUP_DETECTOR_PERF if PERF_EVENTS && HAVE_PERF_EVENTS_NMI && !HAVE_HARDLOCKUP_DETECTOR_ARCH
select HAVE_HW_BREAKPOINT if PERF_EVENTS && (PPC_BOOK3S || PPC_8xx)
select HAVE_IOREMAP_PROT
- select HAVE_IRQ_EXIT_ON_IRQ_STACK
select HAVE_IRQ_TIME_ACCOUNTING
select HAVE_KERNEL_GZIP
select HAVE_KERNEL_LZMA if DEFAULT_UIMAGE
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 327/339] drm/amdkfd:Fix fw version for 10.3.6
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 326/339] powerpc: Dont select HAVE_IRQ_EXIT_ON_IRQ_STACK Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 328/339] drm/bridge: analogix_dp: Support PSR-exit to disable transition Greg Kroah-Hartman
` (13 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jesse Zhang, Alex Deucher,
Mario Limonciello, Felix Kuehling
From: Jesse Zhang <Jesse.Zhang@amd.com>
commit a956a11ee669d069047525c8ec897b4c21a9cda1 upstream.
fix fw error when loading fw for 10.3.6
Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 5.18.x
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c
@@ -156,7 +156,9 @@ static void kfd_device_info_init(struct
if (gc_version < IP_VERSION(11, 0, 0)) {
/* Navi2x+, Navi1x+ */
- if (gc_version >= IP_VERSION(10, 3, 0))
+ if (gc_version == IP_VERSION(10, 3, 6))
+ kfd->device_info.no_atomic_fw_version = 14;
+ else if (gc_version >= IP_VERSION(10, 3, 0))
kfd->device_info.no_atomic_fw_version = 92;
else if (gc_version >= IP_VERSION(10, 1, 1))
kfd->device_info.no_atomic_fw_version = 145;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 328/339] drm/bridge: analogix_dp: Support PSR-exit to disable transition
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 327/339] drm/amdkfd:Fix fw version for 10.3.6 Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 329/339] drm/atomic: Force bridge self-refresh-exit on CRTC switch Greg Kroah-Hartman
` (12 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Brian Norris, Sean Paul, Douglas Anderson
From: Brian Norris <briannorris@chromium.org>
commit ca871659ec1606d33b1e76de8d4cf924cf627e34 upstream.
Most eDP panel functions only work correctly when the panel is not in
self-refresh. In particular, analogix_dp_bridge_disable() tends to hit
AUX channel errors if the panel is in self-refresh.
Given the above, it appears that so far, this driver assumes that we are
never in self-refresh when it comes time to fully disable the bridge.
Prior to commit 846c7dfc1193 ("drm/atomic: Try to preserve the crtc
enabled state in drm_atomic_remove_fb, v2."), this tended to be true,
because we would automatically disable the pipe when framebuffers were
removed, and so we'd typically disable the bridge shortly after the last
display activity.
However, that is not guaranteed: an idle (self-refresh) display pipe may
be disabled, e.g., when switching CRTCs. We need to exit PSR first.
Stable notes: this is definitely a bugfix, and the bug has likely
existed in some form for quite a while. It may predate the "PSR helpers"
refactor, but the code looked very different before that, and it's
probably not worth rewriting the fix.
Cc: <stable@vger.kernel.org>
Fixes: 6c836d965bad ("drm/rockchip: Use the helpers for PSR")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220228122522.v2.1.I161904be17ba14526f78536ccd78b85818449b51@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 42 +++++++++++++++++++--
1 file changed, 38 insertions(+), 4 deletions(-)
--- a/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
+++ b/drivers/gpu/drm/bridge/analogix/analogix_dp_core.c
@@ -1269,6 +1269,25 @@ static int analogix_dp_bridge_attach(str
}
static
+struct drm_crtc *analogix_dp_get_old_crtc(struct analogix_dp_device *dp,
+ struct drm_atomic_state *state)
+{
+ struct drm_encoder *encoder = dp->encoder;
+ struct drm_connector *connector;
+ struct drm_connector_state *conn_state;
+
+ connector = drm_atomic_get_old_connector_for_encoder(state, encoder);
+ if (!connector)
+ return NULL;
+
+ conn_state = drm_atomic_get_old_connector_state(state, connector);
+ if (!conn_state)
+ return NULL;
+
+ return conn_state->crtc;
+}
+
+static
struct drm_crtc *analogix_dp_get_new_crtc(struct analogix_dp_device *dp,
struct drm_atomic_state *state)
{
@@ -1448,14 +1467,16 @@ analogix_dp_bridge_atomic_disable(struct
{
struct drm_atomic_state *old_state = old_bridge_state->base.state;
struct analogix_dp_device *dp = bridge->driver_private;
- struct drm_crtc *crtc;
+ struct drm_crtc *old_crtc, *new_crtc;
+ struct drm_crtc_state *old_crtc_state = NULL;
struct drm_crtc_state *new_crtc_state = NULL;
+ int ret;
- crtc = analogix_dp_get_new_crtc(dp, old_state);
- if (!crtc)
+ new_crtc = analogix_dp_get_new_crtc(dp, old_state);
+ if (!new_crtc)
goto out;
- new_crtc_state = drm_atomic_get_new_crtc_state(old_state, crtc);
+ new_crtc_state = drm_atomic_get_new_crtc_state(old_state, new_crtc);
if (!new_crtc_state)
goto out;
@@ -1464,6 +1485,19 @@ analogix_dp_bridge_atomic_disable(struct
return;
out:
+ old_crtc = analogix_dp_get_old_crtc(dp, old_state);
+ if (old_crtc) {
+ old_crtc_state = drm_atomic_get_old_crtc_state(old_state,
+ old_crtc);
+
+ /* When moving from PSR to fully disabled, exit PSR first. */
+ if (old_crtc_state && old_crtc_state->self_refresh_active) {
+ ret = analogix_dp_disable_psr(dp);
+ if (ret)
+ DRM_ERROR("Failed to disable psr (%d)\n", ret);
+ }
+ }
+
analogix_dp_bridge_disable(bridge);
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 329/339] drm/atomic: Force bridge self-refresh-exit on CRTC switch
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 328/339] drm/bridge: analogix_dp: Support PSR-exit to disable transition Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 330/339] drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit Greg Kroah-Hartman
` (11 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Liu Ying, Brian Norris, Sean Paul,
Douglas Anderson
From: Brian Norris <briannorris@chromium.org>
commit e54a4424925a27ed94dff046db3ce5caf4b1e748 upstream.
It's possible to change which CRTC is in use for a given
connector/encoder/bridge while we're in self-refresh without fully
disabling the connector/encoder/bridge along the way. This can confuse
the bridge encoder/bridge, because
(a) it needs to track the SR state (trying to perform "active"
operations while the panel is still in SR can be Bad(TM)); and
(b) it tracks the SR state via the CRTC state (and after the switch, the
previous SR state is lost).
Thus, we need to either somehow carry the self-refresh state over to the
new CRTC, or else force an encoder/bridge self-refresh transition during
such a switch.
I choose the latter, so we disable the encoder (and exit PSR) before
attaching it to the new CRTC (where we can continue to assume a clean
(non-self-refresh) state).
This fixes PSR issues seen on Rockchip RK3399 systems with
drivers/gpu/drm/bridge/analogix/analogix_dp_core.c.
Change in v2:
- Drop "->enable" condition; this could possibly be "->active" to
reflect the intended hardware state, but it also is a little
over-specific. We want to make a transition through "disabled" any
time we're exiting PSR at the same time as a CRTC switch.
(Thanks Liu Ying)
Cc: Liu Ying <victor.liu@oss.nxp.com>
Cc: <stable@vger.kernel.org>
Fixes: 1452c25b0e60 ("drm: Add helpers to kick off self refresh mode in drivers")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20220228122522.v2.2.Ic15a2ef69c540aee8732703103e2cff51fb9c399@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_atomic_helper.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -1011,9 +1011,19 @@ crtc_needs_disable(struct drm_crtc_state
return drm_atomic_crtc_effectively_active(old_state);
/*
- * We need to run through the crtc_funcs->disable() function if the CRTC
- * is currently on, if it's transitioning to self refresh mode, or if
- * it's in self refresh mode and needs to be fully disabled.
+ * We need to disable bridge(s) and CRTC if we're transitioning out of
+ * self-refresh and changing CRTCs at the same time, because the
+ * bridge tracks self-refresh status via CRTC state.
+ */
+ if (old_state->self_refresh_active &&
+ old_state->crtc != new_state->crtc)
+ return true;
+
+ /*
+ * We also need to run through the crtc_funcs->disable() function if
+ * the CRTC is currently on, if it's transitioning to self refresh
+ * mode, or if it's in self refresh mode and needs to be fully
+ * disabled.
*/
return old_state->active ||
(old_state->self_refresh_active && !new_state->active) ||
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 330/339] drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 329/339] drm/atomic: Force bridge self-refresh-exit on CRTC switch Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 331/339] drm/amd/display: remove stale config guards Greg Kroah-Hartman
` (10 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Mohammad Zafar Ziya,
Christian König, Lijo Lazar, Alex Deucher
From: Mohammad Zafar Ziya <Mohammadzafar.ziya@amd.com>
commit 578eb31776df57c81307fb3f96ef0781332c3c7c upstream.
Add jpeg vmid update under IB submit
Signed-off-by: Mohammad Zafar Ziya <Mohammadzafar.ziya@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 6 +++++-
drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c
@@ -535,6 +535,10 @@ void jpeg_v2_0_dec_ring_emit_ib(struct a
{
unsigned vmid = AMDGPU_JOB_GET_VMID(job);
+ amdgpu_ring_write(ring, PACKETJ(mmUVD_JPEG_IH_CTRL_INTERNAL_OFFSET,
+ 0, 0, PACKETJ_TYPE0));
+ amdgpu_ring_write(ring, (vmid << JPEG_IH_CTRL__IH_VMID__SHIFT));
+
amdgpu_ring_write(ring, PACKETJ(mmUVD_LMI_JRBC_IB_VMID_INTERNAL_OFFSET,
0, 0, PACKETJ_TYPE0));
amdgpu_ring_write(ring, (vmid | (vmid << 4)));
@@ -768,7 +772,7 @@ static const struct amdgpu_ring_funcs jp
8 + /* jpeg_v2_0_dec_ring_emit_vm_flush */
18 + 18 + /* jpeg_v2_0_dec_ring_emit_fence x2 vm fence */
8 + 16,
- .emit_ib_size = 22, /* jpeg_v2_0_dec_ring_emit_ib */
+ .emit_ib_size = 24, /* jpeg_v2_0_dec_ring_emit_ib */
.emit_ib = jpeg_v2_0_dec_ring_emit_ib,
.emit_fence = jpeg_v2_0_dec_ring_emit_fence,
.emit_vm_flush = jpeg_v2_0_dec_ring_emit_vm_flush,
--- a/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h
+++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h
@@ -41,6 +41,7 @@
#define mmUVD_JRBC_RB_REF_DATA_INTERNAL_OFFSET 0x4084
#define mmUVD_JRBC_STATUS_INTERNAL_OFFSET 0x4089
#define mmUVD_JPEG_PITCH_INTERNAL_OFFSET 0x401f
+#define mmUVD_JPEG_IH_CTRL_INTERNAL_OFFSET 0x4149
#define JRBC_DEC_EXTERNAL_REG_WRITE_ADDR 0x18000
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 331/339] drm/amd/display: remove stale config guards
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 330/339] drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 332/339] drm/amdgpu: update VCN codec support for Yellow Carp Greg Kroah-Hartman
` (9 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aurabindo Pillai, Alex Deucher
From: Aurabindo Pillai <aurabindo.pillai@amd.com>
commit fd843d03418ead2bba369159bb19b60e9d4b7b1e upstream.
This code should be executed.
Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 2 --
drivers/gpu/drm/amd/display/dc/dml/dml_wrapper.c | 2 --
2 files changed, 4 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c
@@ -41,9 +41,7 @@
#include "dc_dmub_srv.h"
-#if defined (CONFIG_DRM_AMD_DC_DP2_0)
#include "dc_link_dp.h"
-#endif
#define TO_CLK_MGR_DCN315(clk_mgr)\
container_of(clk_mgr, struct clk_mgr_dcn315, base)
--- a/drivers/gpu/drm/amd/display/dc/dml/dml_wrapper.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/dml_wrapper.c
@@ -1284,10 +1284,8 @@ static bool is_dtbclk_required(struct dc
for (i = 0; i < dc->res_pool->pipe_count; i++) {
if (!context->res_ctx.pipe_ctx[i].stream)
continue;
-#if defined (CONFIG_DRM_AMD_DC_DP2_0)
if (is_dp_128b_132b_signal(&context->res_ctx.pipe_ctx[i]))
return true;
-#endif
}
return false;
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 332/339] drm/amdgpu: update VCN codec support for Yellow Carp
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 331/339] drm/amd/display: remove stale config guards Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 333/339] virtio-rng: make device ready before making request Greg Kroah-Hartman
` (8 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Leo Liu, Alex Deucher
From: Alex Deucher <alexander.deucher@amd.com>
commit 97e50305542f384741a5b45699aba349fe9fca73 upstream.
Supports AV1. Mesa already has support for this and
doesn't rely on the kernel caps for yellow carp, so
this was already working from an application perspective.
Fixes: 554398174d98 ("amdgpu/nv.c - Added video codec support for Yellow Carp")
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2002
Reviewed-by: Leo Liu <leo.liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/nv.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/amd/amdgpu/nv.c
+++ b/drivers/gpu/drm/amd/amdgpu/nv.c
@@ -170,6 +170,7 @@ static const struct amdgpu_video_codec_i
{codec_info_build(AMDGPU_INFO_VIDEO_CAPS_CODEC_IDX_HEVC, 8192, 4352, 186)},
{codec_info_build(AMDGPU_INFO_VIDEO_CAPS_CODEC_IDX_VP9, 8192, 4352, 0)},
{codec_info_build(AMDGPU_INFO_VIDEO_CAPS_CODEC_IDX_JPEG, 4096, 4096, 0)},
+ {codec_info_build(AMDGPU_INFO_VIDEO_CAPS_CODEC_IDX_AV1, 8192, 4352, 0)},
};
static const struct amdgpu_video_codecs yc_video_codecs_decode = {
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 333/339] virtio-rng: make device ready before making request
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 332/339] drm/amdgpu: update VCN codec support for Yellow Carp Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 334/339] powerpc/32: Fix overread/overwrite of thread_struct via ptrace Greg Kroah-Hartman
` (7 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jason Wang, Michael S. Tsirkin,
Laurent Vivier, syzbot+5b59d6d459306a556f54
From: Jason Wang <jasowang@redhat.com>
commit 228432551bd8783211e494ab35f42a4344580502 upstream.
Current virtio-rng does a entropy request before DRIVER_OK, this
violates the spec:
virtio spec requires that all drivers set DRIVER_OK
before using devices.
Further, kernel will ignore the interrupt after commit
8b4ec69d7e09 ("virtio: harden vring IRQ").
Fixing this by making device ready before the request.
Cc: stable@vger.kernel.org
Fixes: 8b4ec69d7e09 ("virtio: harden vring IRQ")
Fixes: f7f510ec1957 ("virtio: An entropy device, as suggested by hpa.")
Reported-and-tested-by: syzbot+5b59d6d459306a556f54@syzkaller.appspotmail.com
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220608061422.38437-1-jasowang@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hw_random/virtio-rng.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/char/hw_random/virtio-rng.c
+++ b/drivers/char/hw_random/virtio-rng.c
@@ -159,6 +159,8 @@ static int probe_common(struct virtio_de
goto err_find;
}
+ virtio_device_ready(vdev);
+
/* we always have a pending entropy request */
request_entropy(vi);
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 334/339] powerpc/32: Fix overread/overwrite of thread_struct via ptrace
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 333/339] virtio-rng: make device ready before making request Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 335/339] random: avoid checking crng_ready() twice in random_init() Greg Kroah-Hartman
` (6 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Ariel Miculas, Christophe Leroy,
Michael Ellerman
From: Michael Ellerman <mpe@ellerman.id.au>
commit 8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 upstream.
The ptrace PEEKUSR/POKEUSR (aka PEEKUSER/POKEUSER) API allows a process
to read/write registers of another process.
To get/set a register, the API takes an index into an imaginary address
space called the "USER area", where the registers of the process are
laid out in some fashion.
The kernel then maps that index to a particular register in its own data
structures and gets/sets the value.
The API only allows a single machine-word to be read/written at a time.
So 4 bytes on 32-bit kernels and 8 bytes on 64-bit kernels.
The way floating point registers (FPRs) are addressed is somewhat
complicated, because double precision float values are 64-bit even on
32-bit CPUs. That means on 32-bit kernels each FPR occupies two
word-sized locations in the USER area. On 64-bit kernels each FPR
occupies one word-sized location in the USER area.
Internally the kernel stores the FPRs in an array of u64s, or if VSX is
enabled, an array of pairs of u64s where one half of each pair stores
the FPR. Which half of the pair stores the FPR depends on the kernel's
endianness.
To handle the different layouts of the FPRs depending on VSX/no-VSX and
big/little endian, the TS_FPR() macro was introduced.
Unfortunately the TS_FPR() macro does not take into account the fact
that the addressing of each FPR differs between 32-bit and 64-bit
kernels. It just takes the index into the "USER area" passed from
userspace and indexes into the fp_state.fpr array.
On 32-bit there are 64 indexes that address FPRs, but only 32 entries in
the fp_state.fpr array, meaning the user can read/write 256 bytes past
the end of the array. Because the fp_state sits in the middle of the
thread_struct there are various fields than can be overwritten,
including some pointers. As such it may be exploitable.
It has also been observed to cause systems to hang or otherwise
misbehave when using gdbserver, and is probably the root cause of this
report which could not be easily reproduced:
https://lore.kernel.org/linuxppc-dev/dc38afe9-6b78-f3f5-666b-986939e40fc6@keymile.com/
Rather than trying to make the TS_FPR() macro even more complicated to
fix the bug, or add more macros, instead add a special-case for 32-bit
kernels. This is more obvious and hopefully avoids a similar bug
happening again in future.
Note that because 32-bit kernels never have VSX enabled the code doesn't
need to consider TS_FPRWIDTH/OFFSET at all. Add a BUILD_BUG_ON() to
ensure that 32-bit && VSX is never enabled.
Fixes: 87fec0514f61 ("powerpc: PTRACE_PEEKUSR/PTRACE_POKEUSER of FPR registers in little endian builds")
Cc: stable@vger.kernel.org # v3.13+
Reported-by: Ariel Miculas <ariel.miculas@belden.com>
Tested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220609133245.573565-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/ptrace/ptrace-fpu.c | 20 ++++++++++++++------
arch/powerpc/kernel/ptrace/ptrace.c | 3 +++
2 files changed, 17 insertions(+), 6 deletions(-)
--- a/arch/powerpc/kernel/ptrace/ptrace-fpu.c
+++ b/arch/powerpc/kernel/ptrace/ptrace-fpu.c
@@ -17,9 +17,13 @@ int ptrace_get_fpr(struct task_struct *c
#ifdef CONFIG_PPC_FPU_REGS
flush_fp_to_thread(child);
- if (fpidx < (PT_FPSCR - PT_FPR0))
- memcpy(data, &child->thread.TS_FPR(fpidx), sizeof(long));
- else
+ if (fpidx < (PT_FPSCR - PT_FPR0)) {
+ if (IS_ENABLED(CONFIG_PPC32))
+ // On 32-bit the index we are passed refers to 32-bit words
+ *data = ((u32 *)child->thread.fp_state.fpr)[fpidx];
+ else
+ memcpy(data, &child->thread.TS_FPR(fpidx), sizeof(long));
+ } else
*data = child->thread.fp_state.fpscr;
#else
*data = 0;
@@ -39,9 +43,13 @@ int ptrace_put_fpr(struct task_struct *c
#ifdef CONFIG_PPC_FPU_REGS
flush_fp_to_thread(child);
- if (fpidx < (PT_FPSCR - PT_FPR0))
- memcpy(&child->thread.TS_FPR(fpidx), &data, sizeof(long));
- else
+ if (fpidx < (PT_FPSCR - PT_FPR0)) {
+ if (IS_ENABLED(CONFIG_PPC32))
+ // On 32-bit the index we are passed refers to 32-bit words
+ ((u32 *)child->thread.fp_state.fpr)[fpidx] = data;
+ else
+ memcpy(&child->thread.TS_FPR(fpidx), &data, sizeof(long));
+ } else
child->thread.fp_state.fpscr = data;
#endif
--- a/arch/powerpc/kernel/ptrace/ptrace.c
+++ b/arch/powerpc/kernel/ptrace/ptrace.c
@@ -450,4 +450,7 @@ void __init pt_regs_check(void)
#else
BUILD_BUG_ON(IS_ENABLED(CONFIG_HAVE_FUNCTION_DESCRIPTORS));
#endif
+
+ // ptrace_get/put_fpr() rely on PPC32 and VSX being incompatible
+ BUILD_BUG_ON(IS_ENABLED(CONFIG_PPC32) && IS_ENABLED(CONFIG_VSX));
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 335/339] random: avoid checking crng_ready() twice in random_init()
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 334/339] powerpc/32: Fix overread/overwrite of thread_struct via ptrace Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 336/339] random: mark bootloader randomness code as __init Greg Kroah-Hartman
` (5 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Dominik Brodowski, Jason A. Donenfeld
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
commit 9b29b6b20376ab64e1b043df6301d8a92378e631 upstream.
The current flow expands to:
if (crng_ready())
...
else if (...)
if (!crng_ready())
...
The second crng_ready() call is redundant, but can't so easily be
optimized out by the compiler.
This commit simplifies that to:
if (crng_ready()
...
else if (...)
...
Fixes: 560181c27b58 ("random: move initialization functions out of hot pages")
Cc: stable@vger.kernel.org
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -842,7 +842,7 @@ int __init random_init(const char *comma
if (crng_ready())
crng_reseed();
else if (trust_cpu)
- credit_init_bits(arch_bytes * 8);
+ _credit_init_bits(arch_bytes * 8);
return 0;
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 336/339] random: mark bootloader randomness code as __init
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 335/339] random: avoid checking crng_ready() twice in random_init() Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 337/339] random: account for arch randomness in bits Greg Kroah-Hartman
` (4 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
commit 39e0f991a62ed5efabd20711a7b6e7da92603170 upstream.
add_bootloader_randomness() and the variables it touches are only used
during __init and not after, so mark these as __init. At the same time,
unexport this, since it's only called by other __init code that's
built-in.
Cc: stable@vger.kernel.org
Fixes: 428826f5358c ("fdt: add support for rng-seed")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 7 +++----
include/linux/random.h | 2 +-
2 files changed, 4 insertions(+), 5 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -793,8 +793,8 @@ static void __cold _credit_init_bits(siz
*
**********************************************************************/
-static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);
-static bool trust_bootloader __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER);
+static bool trust_cpu __initdata = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);
+static bool trust_bootloader __initdata = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER);
static int __init parse_trust_cpu(char *arg)
{
return kstrtobool(arg, &trust_cpu);
@@ -890,13 +890,12 @@ EXPORT_SYMBOL_GPL(add_hwgenerator_random
* Handle random seed passed by bootloader, and credit it if
* CONFIG_RANDOM_TRUST_BOOTLOADER is set.
*/
-void __cold add_bootloader_randomness(const void *buf, size_t len)
+void __init add_bootloader_randomness(const void *buf, size_t len)
{
mix_pool_bytes(buf, len);
if (trust_bootloader)
credit_init_bits(len * 8);
}
-EXPORT_SYMBOL_GPL(add_bootloader_randomness);
#if IS_ENABLED(CONFIG_VMGENID)
static BLOCKING_NOTIFIER_HEAD(vmfork_chain);
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -13,7 +13,7 @@
struct notifier_block;
void add_device_randomness(const void *buf, size_t len);
-void add_bootloader_randomness(const void *buf, size_t len);
+void __init add_bootloader_randomness(const void *buf, size_t len);
void add_input_randomness(unsigned int type, unsigned int code,
unsigned int value) __latent_entropy;
void add_interrupt_randomness(int irq) __latent_entropy;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 337/339] random: account for arch randomness in bits
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 336/339] random: mark bootloader randomness code as __init Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 338/339] md/raid0: Ignore RAID0 layout if the second zone has only one device Greg Kroah-Hartman
` (3 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Jason A. Donenfeld
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
commit 77fc95f8c0dc9e1f8e620ec14d2fb65028fb7adc upstream.
Rather than accounting in bytes and multiplying (shifting), we can just
account in bits and avoid the shift. The main motivation for this is
there are other patches in flux that expand this code a bit, and
avoiding the duplication of "* 8" everywhere makes things a bit clearer.
Cc: stable@vger.kernel.org
Fixes: 12e45a2a6308 ("random: credit architectural init the exact amount")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/random.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -817,7 +817,7 @@ early_param("random.trust_bootloader", p
int __init random_init(const char *command_line)
{
ktime_t now = ktime_get_real();
- unsigned int i, arch_bytes;
+ unsigned int i, arch_bits;
unsigned long entropy;
#if defined(LATENT_ENTROPY_PLUGIN)
@@ -825,12 +825,12 @@ int __init random_init(const char *comma
_mix_pool_bytes(compiletime_seed, sizeof(compiletime_seed));
#endif
- for (i = 0, arch_bytes = BLAKE2S_BLOCK_SIZE;
+ for (i = 0, arch_bits = BLAKE2S_BLOCK_SIZE * 8;
i < BLAKE2S_BLOCK_SIZE; i += sizeof(entropy)) {
if (!arch_get_random_seed_long_early(&entropy) &&
!arch_get_random_long_early(&entropy)) {
entropy = random_get_entropy();
- arch_bytes -= sizeof(entropy);
+ arch_bits -= sizeof(entropy) * 8;
}
_mix_pool_bytes(&entropy, sizeof(entropy));
}
@@ -842,7 +842,7 @@ int __init random_init(const char *comma
if (crng_ready())
crng_reseed();
else if (trust_cpu)
- _credit_init_bits(arch_bytes * 8);
+ _credit_init_bits(arch_bits);
return 0;
}
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 338/339] md/raid0: Ignore RAID0 layout if the second zone has only one device
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 337/339] random: account for arch randomness in bits Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 339/339] zonefs: fix handling of explicit_open option on mount Greg Kroah-Hartman
` (2 subsequent siblings)
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, NeilBrown, Pascal Hambourg, Song Liu
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
commit ea23994edc4169bd90d7a9b5908c6ccefd82fa40 upstream.
The RAID0 layout is irrelevant if all members have the same size so the
array has only one zone. It is *also* irrelevant if the array has two
zones and the second zone has only one device, for example if the array
has two members of different sizes.
So in that case it makes sense to allow assembly even when the layout is
undefined, like what is done when the array has only one zone.
Reviewed-by: NeilBrown <neilb@suse.de>
Signed-off-by: Pascal Hambourg <pascal@plouf.fr.eu.org>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid0.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -128,21 +128,6 @@ static int create_strip_zones(struct mdd
pr_debug("md/raid0:%s: FINAL %d zones\n",
mdname(mddev), conf->nr_strip_zones);
- if (conf->nr_strip_zones == 1) {
- conf->layout = RAID0_ORIG_LAYOUT;
- } else if (mddev->layout == RAID0_ORIG_LAYOUT ||
- mddev->layout == RAID0_ALT_MULTIZONE_LAYOUT) {
- conf->layout = mddev->layout;
- } else if (default_layout == RAID0_ORIG_LAYOUT ||
- default_layout == RAID0_ALT_MULTIZONE_LAYOUT) {
- conf->layout = default_layout;
- } else {
- pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n",
- mdname(mddev));
- pr_err("md/raid0: please set raid0.default_layout to 1 or 2\n");
- err = -ENOTSUPP;
- goto abort;
- }
/*
* now since we have the hard sector sizes, we can make sure
* chunk size is a multiple of that sector size
@@ -273,6 +258,22 @@ static int create_strip_zones(struct mdd
(unsigned long long)smallest->sectors);
}
+ if (conf->nr_strip_zones == 1 || conf->strip_zone[1].nb_dev == 1) {
+ conf->layout = RAID0_ORIG_LAYOUT;
+ } else if (mddev->layout == RAID0_ORIG_LAYOUT ||
+ mddev->layout == RAID0_ALT_MULTIZONE_LAYOUT) {
+ conf->layout = mddev->layout;
+ } else if (default_layout == RAID0_ORIG_LAYOUT ||
+ default_layout == RAID0_ALT_MULTIZONE_LAYOUT) {
+ conf->layout = default_layout;
+ } else {
+ pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n",
+ mdname(mddev));
+ pr_err("md/raid0: please set raid0.default_layout to 1 or 2\n");
+ err = -EOPNOTSUPP;
+ goto abort;
+ }
+
pr_debug("md/raid0:%s: done.\n", mdname(mddev));
*private_conf = conf;
^ permalink raw reply [flat|nested] 343+ messages in thread
* [PATCH 5.18 339/339] zonefs: fix handling of explicit_open option on mount
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 338/339] md/raid0: Ignore RAID0 layout if the second zone has only one device Greg Kroah-Hartman
@ 2022-06-13 10:12 ` Greg Kroah-Hartman
2022-06-13 22:55 ` [PATCH 5.18 000/339] 5.18.4-rc1 review Zan Aziz
2022-06-14 7:23 ` Bagas Sanjaya
340 siblings, 0 replies; 343+ messages in thread
From: Greg Kroah-Hartman @ 2022-06-13 10:12 UTC (permalink / raw)
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Damien Le Moal, Christoph Hellwig,
Johannes Thumshirn
From: Damien Le Moal <damien.lemoal@opensource.wdc.com>
commit a2a513be7139b279f1b5b2cee59c6c4950c34346 upstream.
Ignoring the explicit_open mount option on mount for devices that do not
have a limit on the number of open zones must be done after the mount
options are parsed and set in s_mount_opts. Move the check to ignore
the explicit_open option after the call to zonefs_parse_options() in
zonefs_fill_super().
Fixes: b5c00e975779 ("zonefs: open/close zone on file open/close")
Cc: <stable@vger.kernel.org>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/zonefs/super.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/fs/zonefs/super.c
+++ b/fs/zonefs/super.c
@@ -1690,11 +1690,6 @@ static int zonefs_fill_super(struct supe
sbi->s_mount_opts = ZONEFS_MNTOPT_ERRORS_RO;
sbi->s_max_open_zones = bdev_max_open_zones(sb->s_bdev);
atomic_set(&sbi->s_open_zones, 0);
- if (!sbi->s_max_open_zones &&
- sbi->s_mount_opts & ZONEFS_MNTOPT_EXPLICIT_OPEN) {
- zonefs_info(sb, "No open zones limit. Ignoring explicit_open mount option\n");
- sbi->s_mount_opts &= ~ZONEFS_MNTOPT_EXPLICIT_OPEN;
- }
ret = zonefs_read_super(sb);
if (ret)
@@ -1713,6 +1708,12 @@ static int zonefs_fill_super(struct supe
zonefs_info(sb, "Mounting %u zones",
blkdev_nr_zones(sb->s_bdev->bd_disk));
+ if (!sbi->s_max_open_zones &&
+ sbi->s_mount_opts & ZONEFS_MNTOPT_EXPLICIT_OPEN) {
+ zonefs_info(sb, "No open zones limit. Ignoring explicit_open mount option\n");
+ sbi->s_mount_opts &= ~ZONEFS_MNTOPT_EXPLICIT_OPEN;
+ }
+
/* Create root directory inode */
ret = -ENOMEM;
inode = new_inode(sb);
^ permalink raw reply [flat|nested] 343+ messages in thread
* Re: [PATCH 5.18 000/339] 5.18.4-rc1 review
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2022-06-13 10:12 ` [PATCH 5.18 339/339] zonefs: fix handling of explicit_open option on mount Greg Kroah-Hartman
@ 2022-06-13 22:55 ` Zan Aziz
2022-06-14 7:23 ` Bagas Sanjaya
340 siblings, 0 replies; 343+ messages in thread
From: Zan Aziz @ 2022-06-13 22:55 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Mon, Jun 13, 2022 at 10:15 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 5.18.4 release.
> There are 339 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 15 Jun 2022 09:47:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.18.4-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.18.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Hi Greg,
Compiled and booted on my test system Lenovo P50s: Intel Core i7
No emergency and critical messages in the dmesg
./perf bench sched all
# Running sched/messaging benchmark...
# 20 sender and receiver processes per group
# 10 groups == 400 processes run
Total time: 0.444 [sec]
# Running sched/pipe benchmark...
# Executed 1000000 pipe operations between two processes
Total time: 7.007 [sec]
7.007223 usecs/op
142709 ops/sec
Tested-by: Zan Aziz <zanaziz313@gmail.com>
Thanks
-Zan
^ permalink raw reply [flat|nested] 343+ messages in thread
* Re: [PATCH 5.18 000/339] 5.18.4-rc1 review
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2022-06-13 22:55 ` [PATCH 5.18 000/339] 5.18.4-rc1 review Zan Aziz
@ 2022-06-14 7:23 ` Bagas Sanjaya
340 siblings, 0 replies; 343+ messages in thread
From: Bagas Sanjaya @ 2022-06-14 7:23 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: linux-kernel, stable, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee,
slade
On Mon, Jun 13, 2022 at 12:07:05PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.18.4 release.
> There are 339 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
Successfully cross-compiled for arm (multi_v7_defconfig, GCC 12.1.0,
ARMv7 with neon FPU) and arm64 (bcm2711_defconfig, GCC 12.1.0).
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
--
An old man doll... just what I always wanted! - Clara
^ permalink raw reply [flat|nested] 343+ messages in thread
* Re: [PATCH 5.18 000/339] 5.18.4-rc1 review
@ 2022-06-13 18:24 Ronald Warsow
0 siblings, 0 replies; 343+ messages in thread
From: Ronald Warsow @ 2022-06-13 18:24 UTC (permalink / raw)
To: linux-kernel; +Cc: stable
hallo Greg
5.18.4-rc1
compiles (not without warnings), boots and runs here on x86_64
(Intel i5-11400, Fedora 36)
Tested-by: Ronald Warsow <rwarsow@gmx.de
Thanks
Ronald
^ permalink raw reply [flat|nested] 343+ messages in thread
end of thread, other threads:[~2022-06-14 7:23 UTC | newest]
Thread overview: 343+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-13 10:07 [PATCH 5.18 000/339] 5.18.4-rc1 review Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 001/339] pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 002/339] staging: greybus: codecs: fix type confusion of list iterator variable Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 003/339] iio: adc: ad7124: Remove shift from scan_type Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 004/339] soundwire: qcom: fix an error message in swrm_wait_for_frame_gen_enabled() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 005/339] remoteproc: mediatek: Fix side effect of mt8195 sram power on Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 006/339] remoteproc: mtk_scp: Fix a potential double free Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 007/339] lkdtm/bugs: Check for the NULL pointer after calling kmalloc Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 008/339] lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 009/339] tty: goldfish: Use tty_port_destroy() to destroy port Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 010/339] tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 011/339] tty: n_tty: Restore EOF push handling behavior Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 012/339] serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 013/339] tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 014/339] remoteproc: imx_rproc: Ignore create mem entry for resource table Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 015/339] phy: rockchip-inno-usb2: Fix muxed interrupt support Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 016/339] staging: r8188eu: fix struct rt_firmware_hdr Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 017/339] usb: usbip: fix a refcount leak in stub_probe() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 018/339] usb: usbip: add missing device lock on tweak configuration cmd Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 019/339] USB: storage: karma: fix rio_karma_init return Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 020/339] usb: musb: Fix missing of_node_put() in omap2430_probe Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 021/339] staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 022/339] pwm: lp3943: Fix duty calculation in case period was clamped Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 023/339] pwm: raspberrypi-poe: Fix endianness in firmware struct Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 024/339] rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 025/339] usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 026/339] usb: dwc3: pci: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 027/339] scripts/get_abi: Fix wrong script file name in the help message Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 028/339] misc: fastrpc: fix an incorrect NULL check on list iterator Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 029/339] firmware: stratix10-svc: fix a missing " Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 030/339] usb: typec: mux: Check dev_set_name() return value Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 031/339] rpmsg: virtio: Fix possible double free in rpmsg_probe() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 032/339] rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 033/339] rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 034/339] iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 035/339] iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 036/339] iio: adc: sc27xx: fix read big scale voltage not right Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 037/339] iio: adc: sc27xx: Fine tune the scale calibration values Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 038/339] rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 039/339] misc/pvpanic: Convert regular spinlock into trylock on panic path Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 040/339] phy: qcom-qmp: fix pipe-clock imbalance on power-on failure Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 041/339] power: supply: core: Initialize struct to zero Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 042/339] power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 043/339] power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 044/339] power: supply: ab8500_fg: Allocate wq in probe Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 045/339] serial: sifive: Report actual baud base rather than fixed 115200 Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 046/339] export: fix string handling of namespace in EXPORT_SYMBOL_NS Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 047/339] watchdog: rzg2l_wdt: Fix 32bit overflow issue Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 048/339] watchdog: rzg2l_wdt: Fix Runtime PM usage Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 049/339] watchdog: rzg2l_wdt: Fix BUG: Invalid wait context Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 050/339] watchdog: rzg2l_wdt: Fix reset control imbalance Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 051/339] soundwire: intel: prevent pm_runtime resume prior to system suspend Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 052/339] soundwire: qcom: return error when pm_runtime_get_sync fails Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 053/339] coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier Greg Kroah-Hartman
2022-06-13 10:07 ` [PATCH 5.18 054/339] ksmbd: fix reference count leak in smb_check_perm_dacl() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 055/339] extcon: ptn5150: Add queue work sync before driver release Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 056/339] dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive to mt819x Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 057/339] soc: rockchip: Fix refcount leak in rockchip_grf_init Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 058/339] clocksource/drivers/riscv: Events are stopped during CPU suspend Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 059/339] ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 060/339] rtc: mt6397: check return value after calling platform_get_resource() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 061/339] rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 062/339] staging: r8188eu: add check for kzalloc Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 063/339] serial: meson: acquire port->lock in startup() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 064/339] Revert "serial: 8250_mtk: Make sure to select the right FEATURE_SEL" Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 065/339] serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 066/339] serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 067/339] serial: uartlite: Fix BRKINT clearing Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 068/339] serial: digicolor-usart: Dont allow CS5-6 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 069/339] serial: rda-uart: " Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 070/339] serial: txx9: " Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 071/339] serial: sh-sci: " Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 072/339] serial: sifive: Sanitize CSIZE and c_iflag Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 073/339] serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 074/339] serial: stm32-usart: Correct CSIZE, bits, and parity Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 075/339] firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 076/339] bus: ti-sysc: Fix warnings for unbind for serial Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 077/339] driver: base: fix UAF when driver_attach failed Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 078/339] driver core: fix deadlock in __device_attach Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 079/339] watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 080/339] watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 081/339] blk-mq: dont touch ->tagset in blk_mq_get_sq_hctx Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 082/339] ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 083/339] scsi: sd: Dont call blk_cleanup_disk() in sd_probe() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 084/339] clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 085/339] s390/crypto: fix scatterwalk_unmap() callers in AES-GCM Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 086/339] amt: fix return value of amt_update_handler() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 087/339] amt: fix possible memory leak in amt_rcv() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 088/339] net: ethernet: ti: am65-cpsw: Fix fwnode passed to phylink_create() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 089/339] net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 090/339] spi: fsi: Fix spurious timeout Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 091/339] drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 092/339] net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 093/339] net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 094/339] net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 095/339] net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 096/339] net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 097/339] modpost: fix removing numeric suffixes Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 098/339] block, loop: support partitions without scanning Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 099/339] ep93xx: clock: Do not return the address of the freed memory Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 100/339] jffs2: fix memory leak in jffs2_do_fill_super Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 101/339] ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 102/339] ubi: ubi_create_volume: Fix use-after-free when volume creation failed Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 103/339] selftests/bpf: fix stacktrace_build_id with missing kprobe/urandom_read Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 104/339] bpf: Fix probe read error in ___bpf_prog_run() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 105/339] block: take destination bvec offsets into account in bio_copy_data_iter Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 106/339] nbd: dont clear NBD_CMD_INFLIGHT flag if request is not completed Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 107/339] nbd: fix possible overflow on first_minor in nbd_dev_add() Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 108/339] riscv: read-only pages should not be writable Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 109/339] net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 110/339] tcp: add accessors to read/set tp->snd_cwnd Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 111/339] nfp: only report pause frame configuration for physical device Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 112/339] block: use bio_queue_enter instead of blk_queue_enter in bio_poll Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 113/339] bonding: NS target should accept link local address Greg Kroah-Hartman
2022-06-13 10:08 ` [PATCH 5.18 114/339] sfc: fix considering that all channels have TX queues Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 115/339] sfc: fix wrong tx channel offset with efx_separate_tx_channels Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 116/339] block: make bioset_exit() fully resilient against being called twice Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 117/339] sched/autogroup: Fix sysctl move Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 118/339] blk-mq: do not update io_ticks with passthrough requests Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 119/339] net: phy: at803x: disable WOL at probe Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 120/339] bonding: show NS IPv6 targets in proc master info Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 121/339] erofs: fix backmost member of z_erofs_decompress_frontend Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 122/339] vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 123/339] virtio: pci: Fix an error handling path in vp_modern_probe() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 124/339] net/mlx5: Dont use already freed action pointer Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 125/339] net/mlx5e: TC NIC mode, fix tc chains miss table Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 126/339] net/mlx5: CT: Fix header-rewrite re-use for tupels Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 127/339] net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 128/339] net/mlx5: correct ECE offset in query qp output Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 129/339] net/mlx5e: Update netdev features after changing XDP state Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 130/339] net: sched: add barrier to fix packet stuck problem for lockless qdisc Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 131/339] tcp: tcp_rtx_synack() can be called from process context Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 132/339] vdpa: ifcvf: set pci driver data in probe Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 133/339] bonding: guard ns_targets by CONFIG_IPV6 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 134/339] octeontx2-af: fix error code in is_valid_offset() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 135/339] s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 136/339] regulator: mt6315-regulator: fix invalid allowed mode Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 137/339] net: ping6: Fix ping -6 with interface name Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 138/339] net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 139/339] gpio: pca953x: use the correct register address to do regcache sync Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 140/339] afs: Fix infinite loop found by xfstest generic/676 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 141/339] drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 142/339] scsi: sd: Fix potential NULL pointer dereference Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 143/339] ax25: Fix ax25 session cleanup problems Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 144/339] nfp: remove padding in nfp_nfdk_tx_desc Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 145/339] tipc: check attribute length for bearer name Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 146/339] driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 147/339] perf evsel: Fixes topdown events in a weak group for the hybrid platform Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 148/339] perf parse-events: Move slots event for the hybrid platform too Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 149/339] perf record: Support sample-read topdown metric group for hybrid platforms Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 150/339] perf c2c: Fix sorting in percent_rmt_hitm_cmp() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 151/339] Bluetooth: MGMT: Add conditions for setting HCI_CONN_FLAG_REMOTE_WAKEUP Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 152/339] Bluetooth: hci_sync: Fix attempting to suspend with unfiltered passive scan Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 153/339] bluetooth: dont use bitmaps for random flag accesses Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 154/339] dmaengine: idxd: set DMA_INTERRUPT cap bit Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 155/339] mips: cpc: Fix refcount leak in mips_cpc_default_phys_base Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 156/339] bootconfig: Make the bootconfig.o as a normal object file Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 157/339] tracing: Make tp_printk work on syscall tracepoints Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 158/339] tracing: Fix sleeping function called from invalid context on RT kernel Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 159/339] tracing: Avoid adding tracer option before update_tracer_options Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 160/339] i2c: mediatek: Optimize master_xfer() and avoid circular locking Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 161/339] iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 162/339] iommu/arm-smmu-v3: check return value after calling platform_get_resource() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 163/339] f2fs: remove WARN_ON in f2fs_is_valid_blkaddr Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 164/339] f2fs: avoid infinite loop to flush node pages Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 165/339] i2c: cadence: Increase timeout per message if necessary Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 166/339] m68knommu: set ZERO_PAGE() to the allocated zeroed page Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 167/339] m68knommu: fix undefined reference to `_init_sp Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 168/339] dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 169/339] NFSv4: Dont hold the layoutget locks across multiple RPC calls Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 170/339] video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1 Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 171/339] video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 172/339] RISC-V: use memcpy for kexec_file mode Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 173/339] m68knommu: fix undefined reference to `mach_get_rtc_pll Greg Kroah-Hartman
2022-06-13 10:09 ` [PATCH 5.18 174/339] rtla/Makefile: Properly handle dependencies Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 175/339] f2fs: fix to tag gcing flag on page during file defragment Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 176/339] xprtrdma: treat all calls not a bcall when bc_serv is NULL Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 177/339] drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 178/339] drm/panfrost: Job should reference MMU not file_priv Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 179/339] powerpc/papr_scm: dont requests stats with 0 sized stats buffer Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 180/339] netfilter: nat: really support inet nat without l3 address Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 181/339] netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 182/339] netfilter: nf_tables: delete flowtable hooks via transaction list Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 183/339] powerpc/kasan: Force thread size increase with KASAN Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 184/339] NFSD: Fix potential use-after-free in nfsd_file_put() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 185/339] SUNRPC: Trap RDMA segment overflows Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 186/339] netfilter: nf_tables: always initialize flowtable hook list in transaction Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 187/339] ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 188/339] netfilter: nf_tables: release new hooks on unsupported flowtable flags Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 189/339] netfilter: nf_tables: memleak flow rule from commit path Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 190/339] netfilter: nf_tables: bail out early if hardware offload is not supported Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 191/339] amt: fix wrong usage of pskb_may_pull() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 192/339] amt: fix possible null-ptr-deref in amt_rcv() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 193/339] amt: fix wrong type string definition Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 194/339] net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 195/339] xen: unexport __init-annotated xen_xlate_map_ballooned_pages() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 196/339] stmmac: intel: Fix an error handling path in intel_eth_pci_probe() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 197/339] af_unix: Fix a data-race in unix_dgram_peer_wake_me() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 198/339] selftests net: fix bpf build error Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 199/339] x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 200/339] bpf, arm64: Clear prog->jited_len along prog->jited Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 201/339] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 202/339] net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 203/339] xsk: Fix handling of invalid descriptors in XSK TX batching API Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 204/339] drm/amdgpu: fix limiting AV1 to the first instance on VCN3 Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 205/339] SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 206/339] net: mdio: unexport __init-annotated mdio_bus_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 207/339] net: xfrm: unexport __init-annotated xfrm4_protocol_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 208/339] net: ipv6: unexport __init-annotated seg6_hmac_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 209/339] net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 210/339] net/mlx5: Lag, filter non compatible devices Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 211/339] net/mlx5: Fix mlx5_get_next_dev() peer device matching Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 212/339] net/mlx5: Rearm the FW tracer after each tracer event Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 213/339] net/mlx5: fs, fail conflicting actions Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 214/339] ip_gre: test csum_start instead of transport header Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 215/339] net: altera: Fix refcount leak in altera_tse_mdio_create Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 216/339] net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 217/339] net: dsa: realtek: rtl8365mb: fix GMII caps for ports with internal PHY Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 218/339] tcp: use alloc_large_system_hash() to allocate table_perturb Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 219/339] drm: imx: fix compiler warning with gcc-12 Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 220/339] nfp: flower: restructure flow-key for gre+vlan combination Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 221/339] net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 222/339] iov_iter: Fix iter_xarray_get_pages{,_alloc}() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 223/339] iio: dummy: iio_simple_dummy: check the return value of kstrdup() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 224/339] staging: rtl8712: fix a potential memory leak in r871xu_drv_init() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 225/339] iio: st_sensors: Add a local lock for protecting odr Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 226/339] lkdtm/usercopy: Expand size of "out of frame" object Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 227/339] drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 228/339] drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 229/339] drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 230/339] tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 231/339] tty: Fix a possible resource leak in icom_probe Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 232/339] thunderbolt: Use different lane for second DisplayPort tunnel Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 233/339] drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() Greg Kroah-Hartman
2022-06-13 10:10 ` [PATCH 5.18 234/339] drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 235/339] USB: host: isp116x: check return value after calling platform_get_resource() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 236/339] drivers: tty: serial: Fix deadlock in sa1100_set_termios() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 237/339] drivers: usb: host: Fix deadlock in oxu_bus_suspend() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 238/339] USB: hcd-pci: Fully suspend across freeze/thaw cycle Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 239/339] char: xillybus: fix a refcount leak in cleanup_dev() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 240/339] sysrq: do not omit current cpu when showing backtrace of all active CPUs Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 241/339] usb: dwc2: gadget: dont reset gadgets driver->bus Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 242/339] usb: dwc3: host: Stop setting the ACPI companion Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 243/339] usb: dwc3: gadget: Only End Transfer for ep0 data phase Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 244/339] soundwire: qcom: adjust autoenumeration timeout Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 245/339] misc: rtsx: set NULL intfdata when probe fails Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 246/339] extcon: Fix extcon_get_extcon_dev() error handling Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 247/339] extcon: Modify extcon device to be created after driver data is set Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 248/339] clocksource/drivers/sp804: Avoid error on multiple instances Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 249/339] staging: rtl8712: fix uninit-value in usb_read8() and friends Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 250/339] staging: rtl8712: fix uninit-value in r871xu_drv_init() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 251/339] serial: msm_serial: disable interrupts in __msm_console_write() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 252/339] kernfs: Separate kernfs_pr_cont_buf and rename_lock Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 253/339] watchdog: wdat_wdt: Stop watchdog when rebooting the system Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 254/339] ksmbd: smbd: fix connection dropped issue Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 255/339] md: protect md_unregister_thread from reentrancy Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 256/339] ASoC: SOF: amd: Fixed Build error Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 257/339] scsi: myrb: Fix up null pointer access on myrb_cleanup() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 258/339] ASoC: rt5640: Do not manipulate pin "Platform Clock" if the "Platform Clock" is not in the DAPM Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 259/339] Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 260/339] ceph: allow ceph.dir.rctime xattr to be updatable Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 261/339] ceph: flush the mdlog for filesystem sync Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 262/339] ceph: fix possible deadlock when holding Fwb to get inline_data Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 263/339] net, neigh: Set lower cap for neigh_managed_work rearming Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 264/339] drm/amd/display: Check if modulo is 0 before dividing Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 265/339] drm/amd/display: Check zero planes for OTG disable W/A on clock change Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 266/339] drm/radeon: fix a possible null pointer dereference Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 267/339] drm/amd/pm: fix a potential gpu_metrics_table memory leak Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 268/339] drm/amd/pm: Fix missing thermal throttler status Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 269/339] drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13 Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 270/339] um: line: Use separate IRQs per line Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 271/339] modpost: fix undefined behavior of is_arm_mapping_symbol() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 272/339] objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 273/339] x86/cpu: Elide KCSAN for cpu_has() and friends Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 274/339] jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 275/339] nbd: call genl_unregister_family() first in nbd_cleanup() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 276/339] nbd: fix race between nbd_alloc_config() and module removal Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 277/339] nbd: fix io hung while disconnecting device Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 278/339] Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend" Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 279/339] Revert "PCI: brcmstb: Add control of subdevice voltage regulators" Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 280/339] Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators" Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 281/339] Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs" Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 282/339] cifs: fix potential deadlock in direct reclaim Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 283/339] s390/gmap: voluntarily schedule during key setting Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 284/339] cifs: version operations for smb20 unneeded when legacy support disabled Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 285/339] drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 286/339] nodemask: Fix return values to be unsigned Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 287/339] scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 288/339] vringh: Fix loop descriptors check in the indirect cases Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 289/339] platform/x86: barco-p50-gpio: Add check for platform_driver_register Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 290/339] scripts/gdb: change kernel config dumping method Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 291/339] platform/x86: hp-wmi: Resolve WMI query failures on some devices Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 292/339] platform/x86: hp-wmi: Use zero insize parameter only when supported Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 293/339] ALSA: usb-audio: Skip generic sync EP parse for secondary EP Greg Kroah-Hartman
2022-06-13 10:11 ` [PATCH 5.18 294/339] ALSA: usb-audio: Set up (implicit) sync for Saffire 6 Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 295/339] ALSA: hda/conexant - Fix loopback issue with CX20632 Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 296/339] ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 297/339] ALSA: hda/realtek: Add quirk for HP Dev One Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 298/339] cifs: return errors during session setup during reconnects Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 299/339] cifs: fix reconnect on smb3 mount types Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 300/339] cifs: populate empty hostnames for extra channels Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 301/339] scsi: sd: Fix interpretation of VPD B9h length Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 302/339] scsi: lpfc: Resolve some cleanup issues following abort path refactoring Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 303/339] scsi: lpfc: Resolve some cleanup issues following SLI " Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 304/339] scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 305/339] KVM: x86/mmu: Check every prev_roots in __kvm_mmu_free_obsolete_roots() Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 306/339] KVM: SVM: fix tsc scaling cache logic Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 307/339] filemap: Cache the value of vm_flags Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 308/339] KEYS: trusted: tpm2: Fix migratable logic Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 309/339] libata: fix reading concurrent positioning ranges log Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 310/339] libata: fix translation of concurrent positioning ranges Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 311/339] ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 312/339] mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system resumes from suspend Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 313/339] mmc: block: Fix CQE recovery reset success Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 314/339] net: phy: dp83867: retrigger SGMII AN when link change Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 315/339] net: openvswitch: fix misuse of the cached connection on tuple changes Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 316/339] writeback: Fix inode->i_io_list not be protected by inode->i_lock error Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 317/339] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 318/339] nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 319/339] nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 320/339] ixgbe: fix bcast packets Rx on VF after promisc removal Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 321/339] ixgbe: fix unexpected VLAN Rx in promisc mode on VF Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 322/339] Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 323/339] vduse: Fix NULL pointer dereference on sysfs access Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 324/339] cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 325/339] mm/huge_memory: Fix xarray node memory leak Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 326/339] powerpc: Dont select HAVE_IRQ_EXIT_ON_IRQ_STACK Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 327/339] drm/amdkfd:Fix fw version for 10.3.6 Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 328/339] drm/bridge: analogix_dp: Support PSR-exit to disable transition Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 329/339] drm/atomic: Force bridge self-refresh-exit on CRTC switch Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 330/339] drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 331/339] drm/amd/display: remove stale config guards Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 332/339] drm/amdgpu: update VCN codec support for Yellow Carp Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 333/339] virtio-rng: make device ready before making request Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 334/339] powerpc/32: Fix overread/overwrite of thread_struct via ptrace Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 335/339] random: avoid checking crng_ready() twice in random_init() Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 336/339] random: mark bootloader randomness code as __init Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 337/339] random: account for arch randomness in bits Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 338/339] md/raid0: Ignore RAID0 layout if the second zone has only one device Greg Kroah-Hartman
2022-06-13 10:12 ` [PATCH 5.18 339/339] zonefs: fix handling of explicit_open option on mount Greg Kroah-Hartman
2022-06-13 22:55 ` [PATCH 5.18 000/339] 5.18.4-rc1 review Zan Aziz
2022-06-14 7:23 ` Bagas Sanjaya
2022-06-13 18:24 Ronald Warsow
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).