This is the start of the stable review cycle for the 5.1.20 release.
There are 371 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.20-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.1.20-rc1
Junxiao Bi <[email protected]>
dm bufio: fix deadlock with loop device
Norbert Manthey <[email protected]>
pstore: Fix double-free in pstore_mkfile() failure path
Josua Mayer <[email protected]>
dt-bindings: allow up to four clocks for orion-mdio
Josua Mayer <[email protected]>
net: mvmdio: allow up to four clocks to be specified for orion-mdio
Tejun Heo <[email protected]>
blkcg: update blkcg_print_stat() to handle larger outputs
Tejun Heo <[email protected]>
blk-iolatency: clear use_delay when io.latency is set to zero
Peng Fan <[email protected]>
clk: imx: imx8mm: correct audio_pll2_clk to audio_pll2_out
Konstantin Khlebnikov <[email protected]>
blk-throttle: fix zero wait time for iops throttled group
Lee, Chiasheng <[email protected]>
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
Matthew Wilcox (Oracle) <[email protected]>
dax: Fix missed wakeup with PMD faults
Szymon Janc <[email protected]>
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
Alexander Shishkin <[email protected]>
intel_th: msu: Fix single mode with disabled IOMMU
liaoweixiong <[email protected]>
mtd: spinand: read returns badly if the last page has bitflips
Xiaolei Li <[email protected]>
mtd: rawnand: mtk: Correct low level time calculation of r/w cycle
Dan Carpenter <[email protected]>
eCryptfs: fix a couple type promotion bugs
Jorge Ramirez-Ortiz <[email protected]>
mmc: sdhci-msm: fix mutex while in spinlock
Nathan Lynch <[email protected]>
powerpc/pseries: Fix oops in hotplug memory notifier
Greg Kurz <[email protected]>
powerpc/pseries: Fix xive=off command line
Alexey Kardashevskiy <[email protected]>
powerpc/powernv: Fix stale iommu table base after VFIO
Greg Kurz <[email protected]>
powerpc/powernv/npu: Fix reference leak
Ravi Bangoria <[email protected]>
powerpc/watchpoint: Restore NV GPRs while returning from exception
Andreas Schwab <[email protected]>
powerpc/mm/32s: fix condition that is always true
Christophe Leroy <[email protected]>
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
Helge Deller <[email protected]>
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
Helge Deller <[email protected]>
parisc: Ensure userspace privilege for ptraced processes in regset functions
Steve Longerbeam <[email protected]>
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
Darrick J. Wong <[email protected]>
xfs: abort unaligned nowait directio early
Nadav Amit <[email protected]>
resource: fix locking in find_next_iomem_res()
Drew Davenport <[email protected]>
include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT architectures
Jan Harkes <[email protected]>
coda: pass the host file in vma->vm_file on mmap
Dan Williams <[email protected]>
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
Aneesh Kumar K.V <[email protected]>
mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
Aaron Armstrong Skomra <[email protected]>
HID: wacom: correct touch resolution x/y typo
Aaron Armstrong Skomra <[email protected]>
HID: wacom: generic: Correct pad syncing
Aaron Armstrong Skomra <[email protected]>
HID: wacom: generic: only switch the mode on devices with LEDs
Danit Goldberg <[email protected]>
IB/mlx5: Report correctly tag matching rendezvous capability
Filipe Manana <[email protected]>
Btrfs: add missing inode version, ctime and mtime updates when punching hole
Filipe Manana <[email protected]>
Btrfs: fix fsync not persisting dentry deletions due to inode evictions
Filipe Manana <[email protected]>
Btrfs: fix data loss after inode eviction, renaming it, and fsync it
Niklas Cassel <[email protected]>
PCI: qcom: Ensure that PERST is asserted for at least 100 ms
Mika Westerberg <[email protected]>
PCI: Do not poll for PME if the device is in D3cold
Dexuan Cui <[email protected]>
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
Alexander Shishkin <[email protected]>
intel_th: pci: Add Ice Lake NNPI support
Bart Van Assche <[email protected]>
RDMA/srp: Accept again source addresses that do not have a port number
Damien Le Moal <[email protected]>
block: Fix potential overflow in blk_report_zones()
Damien Le Moal <[email protected]>
block: Allow mapping of vmalloc-ed buffers
Andres Rodriguez <[email protected]>
drm/edid: parse CEA blocks embedded in DisplayID
Kim Phillips <[email protected]>
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
Kim Phillips <[email protected]>
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
Kan Liang <[email protected]>
perf/x86/intel: Fix spurious NMI on fixed counter
David Rientjes <[email protected]>
x86/boot: Fix memory leak in default_get_smp_config()
Soeren Moch <[email protected]>
rt2x00usb: fix rx queue hang
YueHaibing <[email protected]>
9p/virtio: Add cleanup path in p9_virtio_init
YueHaibing <[email protected]>
9p/xen: Add cleanup path in p9_trans_xen_init
Juergen Gross <[email protected]>
xen/events: fix binding user event channels to cpus
Damien Le Moal <[email protected]>
dm zoned: fix zone state management race
Daniel Jordan <[email protected]>
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
Lyude Paul <[email protected]>
drm/nouveau/i2c: Enable i2c pads & busses during preinit
Linus Walleij <[email protected]>
ARM: dts: gemini: Set DIR-685 SPI CS as active low
Masahiro Yamada <[email protected]>
kconfig: fix missing choice values in auto.conf
Vitor Soares <[email protected]>
i3c: fix i2c and i3c scl rate by bus mode
Radoslaw Burny <[email protected]>
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
Eric W. Biederman <[email protected]>
signal: Correct namespace fixups of si_pid and si_uid
Eric W. Biederman <[email protected]>
signal/usb: Replace kill_pid_info_as_cred with kill_pid_usb_asyncio
Julien Thierry <[email protected]>
arm64: irqflags: Add condition flags to inline asm clobber list
Jon Hunter <[email protected]>
arm64: tegra: Fix AGIC register range
Like Xu <[email protected]>
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
Michael Neuling <[email protected]>
KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
Suraj Jitindar Singh <[email protected]>
KVM: PPC: Book3S HV: Clear pending decrementer exceptions on nested guest entry
Suraj Jitindar Singh <[email protected]>
KVM: PPC: Book3S HV: Signed extend decrementer value if not using large decrementer
Wanpeng Li <[email protected]>
KVM: VMX: check CPUID before allowing read/write of IA32_XSS
Sean Christopherson <[email protected]>
KVM: VMX: Fix handling of #MC that occurs during VM-Entry
Sean Christopherson <[email protected]>
KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
Sean Christopherson <[email protected]>
KVM: nVMX: Don't dump VMCS if virtual APIC page can't be mapped
Sakari Ailus <[email protected]>
media: videobuf2-dma-sg: Prevent size from overflowing
Sakari Ailus <[email protected]>
media: videobuf2-core: Prevent size alignment wrapping buffer size to 0
Ezequiel Garcia <[email protected]>
media: coda: Remove unbalanced and unneeded mutex unlock
Boris Brezillon <[email protected]>
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
Luis Henriques <[email protected]>
ceph: fix end offset in truncate_inode_pages_range call
Takashi Iwai <[email protected]>
ALSA: hda/hdmi - Fix i915 reverse port/pin mapping
Takashi Iwai <[email protected]>
ALSA: hda/hdmi - Remove duplicated define
Hui Wang <[email protected]>
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
Kailang Yang <[email protected]>
ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
Takashi Iwai <[email protected]>
ALSA: hda - Don't resume forcibly i915 HDMI/DP codec
Takashi Iwai <[email protected]>
ALSA: seq: Break too long mutex context in the write loop
Xiao Ni <[email protected]>
raid5-cache: Need to do start() part job after adding journal device
Mark Brown <[email protected]>
ASoC: core: Adapt for debugfs API change
Mark Brown <[email protected]>
ASoC: dapm: Adapt for debugfs API change
Christophe Leroy <[email protected]>
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
Trond Myklebust <[email protected]>
SUNRPC: Ensure the bvecs are reset when we re-encode the RPC request
Trond Myklebust <[email protected]>
pnfs: Fix a problem where we gratuitously start doing I/O through the MDS
Trond Myklebust <[email protected]>
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
Max Kellermann <[email protected]>
Revert "NFS: readdirplus optimization by cache mechanism" (memleak)
Trond Myklebust <[email protected]>
NFSv4: Handle the special Linux file open access mode
Julien Thierry <[email protected]>
arm64: Fix interrupt tracing in the presence of NMIs
Dmitry Osipenko <[email protected]>
opp: Don't use IS_ERR on invalid supplies
Emmanuel Grumbach <[email protected]>
iwlwifi: mvm: clear rfkill_safe_init_done when we start the firmware
Johannes Berg <[email protected]>
iwlwifi: mvm: delay GTK setting in FW in AP mode
Emmanuel Grumbach <[email protected]>
iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices
Emmanuel Grumbach <[email protected]>
iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill
Emmanuel Grumbach <[email protected]>
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
Emmanuel Grumbach <[email protected]>
iwlwifi: pcie: don't service an interrupt that was masked
Oren Givon <[email protected]>
iwlwifi: add support for hr1 RF ID
Jon Hunter <[email protected]>
arm64: tegra: Update Jetson TX1 GPU regulator timings
Krzysztof Kozlowski <[email protected]>
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Krzysztof Kozlowski <[email protected]>
regulator: s2mps11: Fix ERR_PTR dereference on GPIO lookup failure
Hui Wang <[email protected]>
Input: alps - fix a mismatch between a condition check and its comment
Nick Black <[email protected]>
Input: synaptics - whitelist Lenovo T580 SMBus intertouch
Hui Wang <[email protected]>
Input: alps - don't handle ALPS cs19 trackpoint-only device
Grant Hernandez <[email protected]>
Input: gtco - bounds check collection indent level
Coly Li <[email protected]>
bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread
Coly Li <[email protected]>
bcache: fix mistaken sysfs entry for io_error counter
Coly Li <[email protected]>
bcache: ignore read-ahead request failure on backing device
Coly Li <[email protected]>
bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free"
Coly Li <[email protected]>
bcache: Revert "bcache: fix high CPU occupancy during journal"
Coly Li <[email protected]>
Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()"
Aurelien Aptel <[email protected]>
CIFS: fix deadlock in cached root handling
Ronnie Sahlberg <[email protected]>
cifs: flush before set-info if we have writeable handles
Paulo Alcantara (SUSE) <[email protected]>
cifs: Properly handle auto disabling of serverino option
Ronnie Sahlberg <[email protected]>
cifs: fix crash in smb2_compound_op()/smb2_set_next_command()
Ronnie Sahlberg <[email protected]>
cifs: always add credits back for unsolicited PDUs
Wen Yang <[email protected]>
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Cfir Cohen <[email protected]>
crypto: ccp/gcm - use const time tag comparison.
Hook, Gary <[email protected]>
crypto: ccp - memset structure fields to zero before reuse
Christian Lamparter <[email protected]>
crypto: crypto4xx - block ciphers should only accept complete blocks
Christian Lamparter <[email protected]>
crypto: crypto4xx - fix blocksize for cfb and ofb
Christian Lamparter <[email protected]>
crypto: crypto4xx - fix AES CTR blocksize value
Eric Biggers <[email protected]>
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
Elena Petrova <[email protected]>
crypto: arm64/sha2-ce - correct digest for empty data in finup
Elena Petrova <[email protected]>
crypto: arm64/sha1-ce - correct digest for empty data in finup
Hook, Gary <[email protected]>
crypto: ccp - Validate the the error value used to index error messages
Ard Biesheuvel <[email protected]>
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
Eric Biggers <[email protected]>
crypto: ghash - fix unaligned memory access in ghash_setkey()
Finn Thain <[email protected]>
scsi: mac_scsi: Fix pseudo DMA implementation, take 2
Finn Thain <[email protected]>
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
Shivasharan S <[email protected]>
scsi: megaraid_sas: Fix calculation of target ID
Benjamin Block <[email protected]>
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
Benjamin Block <[email protected]>
scsi: zfcp: fix request object use-after-free in send path causing seqno errors
Damien Le Moal <[email protected]>
scsi: sd_zbc: Fix compilation warning
Ming Lei <[email protected]>
scsi: core: Fix race on creating sense cache
Finn Thain <[email protected]>
Revert "scsi: ncr5380: Increase register polling limit"
Finn Thain <[email protected]>
scsi: NCR5380: Handle PDMA failure reliably
Finn Thain <[email protected]>
scsi: NCR5380: Always re-enable reselection interrupt
Juergen Gross <[email protected]>
xen: let alloc_xenballooned_pages() fail if not enough memory free
Denis Efremov <[email protected]>
floppy: fix out-of-bounds read in copy_buffer
Denis Efremov <[email protected]>
floppy: fix invalid pointer dereference in drive_name
Denis Efremov <[email protected]>
floppy: fix out-of-bounds read in next_valid_format
Denis Efremov <[email protected]>
floppy: fix div-by-zero in setup_format_params
Andrii Nakryiko <[email protected]>
libbpf: fix another GCC8 warning for strncpy
Dennis Zhou <[email protected]>
blk-iolatency: fix STS_AGAIN handling
Colin Ian King <[email protected]>
iavf: fix dereference of null rx_buffer pointer
Huazhong Tan <[email protected]>
net: hns3: fix __QUEUE_STATE_STACK_XOFF not cleared issue
Josua Mayer <[email protected]>
net: mvmdio: defer probe of orion-mdio if a clock is not ready
Ilya Maximets <[email protected]>
xdp: fix race on generic receive path
Taehee Yoo <[email protected]>
gtp: fix use-after-free in gtp_newlink()
Taehee Yoo <[email protected]>
gtp: fix use-after-free in gtp_encap_destroy()
Taehee Yoo <[email protected]>
gtp: fix Illegal context switch in RCU read-side critical section.
Taehee Yoo <[email protected]>
gtp: fix suspicious RCU usage
csonsino <[email protected]>
Bluetooth: validate BLE connection interval updates
Taehee Yoo <[email protected]>
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
Dan Carpenter <[email protected]>
Bluetooth: hidp: NUL terminate a string in the compat ioctl
Matias Karhumaa <[email protected]>
Bluetooth: Check state in l2cap_disconnect_rsp
Seeteena Thoufeek <[email protected]>
perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
Shijith Thotton <[email protected]>
genirq: Update irq stats from NMI handlers
Josua Mayer <[email protected]>
Bluetooth: 6lowpan: search for destination address in all peers
João Paulo Rechi Vita <[email protected]>
Bluetooth: Add new 13d3:3501 QCA_ROME device
João Paulo Rechi Vita <[email protected]>
Bluetooth: Add new 13d3:3491 QCA_ROME device
Tomas Bortoli <[email protected]>
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Jian Shen <[email protected]>
net: hns3: enable broadcast promisc mode when initializing VF
Jiri Olsa <[email protected]>
tools: bpftool: Fix json dump crash on powerpc
Wen Yang <[email protected]>
ASoC: audio-graph-card: fix use-after-free in graph_for_each_link
Geert Uytterhoeven <[email protected]>
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Cong Wang <[email protected]>
bonding: validate ip header before check IPPROTO_IGMP
Jiri Benc <[email protected]>
selftests: bpf: fix inlines in test_lwt_seg6local
Leo Yan <[email protected]>
bpf, libbpf, smatch: Fix potential NULL pointer dereference
Andrii Nakryiko <[email protected]>
libbpf: fix GCC8 warning for strncpy
David Howells <[email protected]>
rxrpc: Fix oops in tracepoint
Phong Tran <[email protected]>
net: usb: asix: init MAC address buffers
Guilherme G. Piccoli <[email protected]>
bnx2x: Prevent ptp_task to be rescheduled indefinitely
Taehee Yoo <[email protected]>
vxlan: do not destroy fdb if register_netdevice() is failed
Andi Kleen <[email protected]>
perf stat: Fix group lookup for metric group
Andi Kleen <[email protected]>
perf stat: Don't merge events in the same PMU
Andi Kleen <[email protected]>
perf stat: Fix metrics with --no-merge
Andi Kleen <[email protected]>
perf stat: Make metric event lookup more robust
Rander Wang <[email protected]>
ALSA: hda: Fix a headphone detection issue when using SOF
Michael Chan <[email protected]>
bnxt_en: Fix statistics context reservation logic for RDMA driver.
Michael Chan <[email protected]>
bnxt_en: Disable bus master during PCI shutdown and driver unload.
Shahar S Matityahu <[email protected]>
iwlwifi: dbg: fix debug monitor stop and restart delays
He Zhe <[email protected]>
netfilter: Fix remainder of pseudo-header protocol 0
Baruch Siach <[email protected]>
bpf: fix uapi bpf_prog_info fields alignment
Andrei Otcheretianski <[email protected]>
iwlwifi: mvm: Drop large non sta frames
Dann Frazier <[email protected]>
ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw
Yonglong Liu <[email protected]>
net: hns3: add Asym Pause support to fix autoneg problem
Vedang Patel <[email protected]>
igb: clear out skb->tstamp after reading the txtime
Maxime Chevallier <[email protected]>
net: mvpp2: prs: Don't override the sign bit in SRAM parser shift
Wen Gong <[email protected]>
ath10k: destroy sdio workqueue while remove sdio module
Dundi Raviteja <[email protected]>
ath10k: Fix memory leak in qmi
Yunsheng Lin <[email protected]>
net: hns3: add some error checking in hclge_tm module
Yonglong Liu <[email protected]>
net: hns3: fix a -Wformat-nonliteral compile warning
Coly Li <[email protected]>
bcache: fix potential deadlock in cached_def_free()
Coly Li <[email protected]>
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
Coly Li <[email protected]>
bcache: acquire bch_register_lock later in cached_dev_free()
Coly Li <[email protected]>
bcache: check CACHE_SET_IO_DISABLE bit in bch_journal()
Coly Li <[email protected]>
bcache: check CACHE_SET_IO_DISABLE in allocator code
Eiichi Tsukata <[email protected]>
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
Ahmad Masri <[email protected]>
wil6210: drop old event after wmi_call timeout
Zefir Kurtisi <[email protected]>
ath9k: correctly handle short radar pulses
Arnd Bergmann <[email protected]>
crypto: asymmetric_keys - select CRYPTO_HASH where needed
Arnd Bergmann <[email protected]>
crypto: serpent - mark __serpent_setkey_sbox noinline
Mauro S. M. Rodrigues <[email protected]>
ixgbe: Check DDM existence in transceiver before access
Jianbo Liu <[email protected]>
net/mlx5: Get vport ACL namespace by vport index
Waibel Georg <[email protected]>
gpio: Fix return value mismatch of function gpiod_get_from_of_node()
Ferdinand Blomqvist <[email protected]>
rslib: Fix handling of of caller provided syndrome
Jiong Wang <[email protected]>
bpf: fix BPF_ALU32 | BPF_ARSH on BE arches
Ferdinand Blomqvist <[email protected]>
rslib: Fix decoding of shortened codes
Nathan Chancellor <[email protected]>
xsk: Properly terminate assignment in xskq_produce_flush_desc
Felix Kaechele <[email protected]>
netfilter: ctnetlink: Fix regression in conntrack entry deletion
Marek Szyprowski <[email protected]>
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
Dmitry Osipenko <[email protected]>
clocksource/drivers/tegra: Restore base address before cleanup
Tejun Heo <[email protected]>
libata: don't request sense data on !ZAC ATA devices
Dmitry Osipenko <[email protected]>
clocksource/drivers/tegra: Release all IRQ's on request_irq() error
Amadeusz Sławiński <[email protected]>
ASoC: Intel: hdac_hdmi: Set ops to NULL on remove
Kyle Meyer <[email protected]>
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
Miaoqing Pan <[email protected]>
ath10k: fix PCIE device wake up failed
Miaoqing Pan <[email protected]>
ath10k: fix fw crash by moving chip reset after napi disabled
Claire Chang <[email protected]>
ath10k: add missing error handling
Julian Anastasov <[email protected]>
ipvs: fix tinfo memory leak in start_sync_thread
Lorenzo Bianconi <[email protected]>
mt7601u: fix possible memory leak when the device is disconnected
Masahiro Yamada <[email protected]>
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
Lorenzo Bianconi <[email protected]>
mt7601u: do not schedule rx_tasklet when the device has been disconnected
Ping-Ke Shih <[email protected]>
rtlwifi: rtl8192cu: fix error handle when usb probe failed
Icenowy Zheng <[email protected]>
net: stmmac: sun8i: force select external PHY when no internal one
Hans Verkuil <[email protected]>
media: hdpvr: fix locking and a missing msleep
André Almeida <[email protected]>
media: vimc: cap: check v4l2_fill_pixfmt return value
Philipp Zabel <[email protected]>
media: coda: increment sequence offset for the last returned frame
Marco Felsch <[email protected]>
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
Philipp Zabel <[email protected]>
media: coda: fix mpeg2 sequence number handling
Ard Biesheuvel <[email protected]>
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
Kuninori Morimoto <[email protected]>
ASoC: soc-core: call snd_soc_unbind_card() under mutex_lock;
Robert Jarzmik <[email protected]>
media: mt9m111: fix fw-node refactoring
Nathan Huckleberry <[email protected]>
timer_list: Guard procfs specific code
Miroslav Lichvar <[email protected]>
ntp: Limit TAI-UTC offset
Anders Roxell <[email protected]>
media: i2c: fix warning same module names
Marek Szyprowski <[email protected]>
media: s5p-mfc: Make additional clocks optional
Julian Anastasov <[email protected]>
ipvs: defer hook registration to avoid leaks
Arnd Bergmann <[email protected]>
ipsec: select crypto ciphers for xfrm_algo
Julien Thierry <[email protected]>
arm64: Do not enable IRQs for ct_user_exit
Minwoo Im <[email protected]>
nvme-pci: adjust irq max_vector using num_possible_cpus()
Heiner Litz <[email protected]>
lightnvm: pblk: fix freeing of merged pages
Chaitanya Kulkarni <[email protected]>
nvme-pci: set the errno on ctrl state change error
Minwoo Im <[email protected]>
nvme-pci: properly report state change failure in nvme_reset_work
Anton Eidelman <[email protected]>
nvme: fix possible io failures when removing multipathed ns
Pan Bian <[email protected]>
EDAC/sysfs: Fix memory leak when creating a csrow object
Greg KH <[email protected]>
EDAC/sysfs: Drop device references properly
Tudor Ambarus <[email protected]>
spi: fix ctrl->num_chipselect constraint
Rafael J. Wysocki <[email protected]>
ACPICA: Clear status of GPEs on first direct enable
Dennis Zhou <[email protected]>
blk-iolatency: only account submitted bios
Qian Cai <[email protected]>
x86/cacheinfo: Fix a -Wtype-limits warning
Ilias Apalodimas <[email protected]>
net: netsec: initialize tx ring on ndo_open
Mika Westerberg <[email protected]>
PCI: Add missing link delays required by the PCIe spec
Alexei Starovoitov <[email protected]>
bpf: fix callees pruning callers
Nilkanth Ahirrao <[email protected]>
ASoC: rsnd: fixup mod ID calculation in rsnd_ctu_probe_
Denis Kirjanov <[email protected]>
ipoib: correcly show a VF hardware address
Mitch Williams <[email protected]>
iavf: allow null RX descriptors
Jason Wang <[email protected]>
vhost_net: disable zerocopy by default
Arnaldo Carvalho de Melo <[email protected]>
perf evsel: Make perf_evsel__name() accept a NULL argument
Peter Zijlstra <[email protected]>
x86/atomic: Fix smp_mb__{before,after}_atomic()
Geert Uytterhoeven <[email protected]>
integrity: Fix __integrity_init_keyring() section mismatch
Kan Liang <[email protected]>
perf/x86/intel/uncore: Handle invalid event coding for free-running counter
Jiri Olsa <[email protected]>
perf/x86/intel: Disable check_msr for real HW
Qian Cai <[email protected]>
sched/fair: Fix "runnable_avg_yN_inv" not used warnings
Gao Xiang <[email protected]>
sched/core: Add __sched tag for io_schedule()
Nicolas Dichtel <[email protected]>
xfrm: fix sa selector validation
Tejun Heo <[email protected]>
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
Bob Liu <[email protected]>
block: null_blk: fix race condition for null_del_dev
Yunsheng Lin <[email protected]>
net: hns3: delay ring buffer clearing during reset
Yunsheng Lin <[email protected]>
net: hns3: fix for skb leak when doing selftest
Yunsheng Lin <[email protected]>
net: hns3: fix for dereferencing before null checking
Michal Kalderon <[email protected]>
qed: iWARP - Fix tc for MPA ll2 connection
Aaron Lewis <[email protected]>
x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
Waiman Long <[email protected]>
rcu: Force inlining of rcu_read_lock()
Jerome Brunet <[email protected]>
ASoC: meson: axg-tdm: fix sample clock inversion
Rajneesh Bhardwaj <[email protected]>
x86/cpu: Add Ice Lake NNPI to Intel family
Eric Biggers <[email protected]>
crypto: testmgr - add some more preemption points
Ondrej Mosnacek <[email protected]>
selinux: fix empty write to keycreate file
Marek Szyprowski <[email protected]>
media: s5p-mfc: fix reading min scratch buffer size on MFC v6/v7
Valdis Kletnieks <[email protected]>
bpf: silence warning messages in core
Young Xiao <[email protected]>
media: davinci: vpif_capture: fix memory leak in vpif_probe()
Tony Lindgren <[email protected]>
gpio: omap: Fix lost edge wake-up interrupts
Srinivas Kandagatla <[email protected]>
regmap: fix bulk writes on paged registers
Russell King <[email protected]>
gpio: omap: ensure irq is enabled before wakeup
Russell King <[email protected]>
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
Eric Auger <[email protected]>
iommu: Fix a leak in iommu_insert_resv_region
Kieran Bingham <[email protected]>
media: fdp1: Support M3N and E3 platforms
Oliver Neukum <[email protected]>
media: uvcvideo: Fix access to uninitialized fields on probe error
Xingyu Chen <[email protected]>
irqchip/meson-gpio: Add support for Meson-G12A SoC
Thomas Richter <[email protected]>
perf report: Fix OOM error in TUI mode on s390
Thomas Richter <[email protected]>
perf test 6: Fix missing kvm module load for s390
Mathieu Poirier <[email protected]>
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
Stefano Brivio <[email protected]>
ipset: Fix memory accounting for hash types on resize
Robert Hancock <[email protected]>
net: sfp: add mutex to prevent concurrent state checks
Borislav Petkov <[email protected]>
RAS/CEC: Fix pfn insertion
Julian Wiedmann <[email protected]>
s390/qdio: handle PENDING state for QEBSM devices
Robert Hancock <[email protected]>
net: axienet: Fix race condition causing TX hang
Fabio Estevam <[email protected]>
net: fec: Do not use netdev messages too early
Antoine Tenart <[email protected]>
crypto: inside-secure - do not rely on the hardware last bit for result descriptors
Biao Huang <[email protected]>
net: stmmac: modify default value of tx-frames
Biao Huang <[email protected]>
net: stmmac: dwmac4: fix flow control issue
Jae Hyun Yoo <[email protected]>
media: aspeed: change irq to threaded irq
Jiri Olsa <[email protected]>
perf jvmti: Address gcc string overflow warning for strncpy()
Fabio Estevam <[email protected]>
media: imx7-mipi-csis: Propagate the error if clock enabling fails
Miles Chen <[email protected]>
arm64: mm: make CONFIG_ZONE_DMA32 configurable
Abhishek Goel <[email protected]>
cpupower : frequency-set -r option misses the last cpu in related cpu list
Weihang Li <[email protected]>
net: hns3: set ops to null when unregister ad_dev
Weihang Li <[email protected]>
net: hns3: add a check to pointer in error_detected and slot_reset
Kefeng Wang <[email protected]>
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
Imre Deak <[email protected]>
locking/lockdep: Fix merging of hlocks with non-zero references
Imre Deak <[email protected]>
locking/lockdep: Fix OOO unlock when hlocks need merging
Sven Eckelmann <[email protected]>
batman-adv: Fix duplicated OGMs on NETDEV_UP
David S. Miller <[email protected]>
tua6100: Avoid build warnings.
Christophe Leroy <[email protected]>
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
Christophe Leroy <[email protected]>
crypto: talitos - properly handle split ICV.
Ioana Ciornei <[email protected]>
net: phy: Check against net_device being NULL
Shailendra Verma <[email protected]>
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
Kefeng Wang <[email protected]>
media: saa7164: fix remove_proc_entry warning
Hans Verkuil <[email protected]>
media: mc-device.c: don't memset __user pointer contents
Arnaldo Carvalho de Melo <[email protected]>
perf annotate TUI browser: Do not use member from variable within its own initialization
Vandana BN <[email protected]>
media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
Eric Biggers <[email protected]>
fscrypt: clean up some BUG_ON()s in block encryption/decryption
sumitg <[email protected]>
media: v4l2-core: fix use-after-free error
Kefeng Wang <[email protected]>
media: vim2m: fix two double-free issues
Anirudh Gupta <[email protected]>
xfrm: Fix xfrm sel prefix length validation
Jeremy Sowden <[email protected]>
af_key: fix leaks in key_pol_get_resp and dump_sp.
Eric W. Biederman <[email protected]>
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
Eric W. Biederman <[email protected]>
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
Michal Kalderon <[email protected]>
qed: Set the doorbell address correctly
Jian Shen <[email protected]>
net: hns3: initialize CPU reverse mapping
Jose Abreu <[email protected]>
net: stmmac: Prevent missing interrupts when running NAPI
Jose Abreu <[email protected]>
net: stmmac: dwmac4/5: Clear unused address entries
Jose Abreu <[email protected]>
net: stmmac: dwmac1000: Clear unused address entries
Horia Geantă <[email protected]>
crypto: caam - avoid S/G table fetching for AEAD zero-length output
Wen Yang <[email protected]>
media: venus: firmware: fix leaked of_node references
Jungo Lin <[email protected]>
media: media_device_enum_links32: clean a reserved field
Kangjie Lu <[email protected]>
media: vpss: fix a potential NULL pointer dereference
Lubomir Rintel <[email protected]>
media: marvell-ccic: fix DMA s/g desc number calculation
Akinobu Mita <[email protected]>
media: ov7740: avoid invalid framesize setting
Christophe Leroy <[email protected]>
crypto: talitos - fix skcipher failure due to wrong output IV
Daniel Gomez <[email protected]>
media: spi: IR LED: add missing of table registration
Oliver Neukum <[email protected]>
media: dvb: usb: fix use after free in dvb_usb_device_exit
Jeremy Sowden <[email protected]>
batman-adv: fix for leaked TVLV handler.
Daniel Baluta <[email protected]>
regmap: debugfs: Fix memory leak in regmap_debugfs_init
Rakesh Pillai <[email protected]>
ath10k: Fix encoding for protected management frames
Anilkumar Kolli <[email protected]>
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
Maya Erez <[email protected]>
wil6210: fix spurious interrupts in 3-msi
Wen Gong <[email protected]>
ath10k: add peer id check in ath10k_peer_find_by_id
Dan Carpenter <[email protected]>
ath6kl: add some bounds checking
Maya Erez <[email protected]>
wil6210: fix missed MISC mbox interrupt
Surabhi Vishnoi <[email protected]>
ath10k: Fix the wrong value of enums for wmi tlv stats id
Tim Schumacher <[email protected]>
ath9k: Check for errors when reading SREV register
Emil Renner Berthing <[email protected]>
spi: rockchip: turn down tx dma bursts
Surabhi Vishnoi <[email protected]>
ath10k: Do not send probe response template for mesh
Gustavo A. R. Silva <[email protected]>
wil6210: fix potential out-of-bounds read
Toke Høiland-Jørgensen <[email protected]>
ath9k: Don't trust TX status TID number when reporting airtime
Pradeep kumar Chitrapu <[email protected]>
ath10k: fix incorrect multicast/broadcast rate setting
Alagu Sankar <[email protected]>
ath10k: htt: don't use txdone_fifo with SDIO
Yingying Tang <[email protected]>
ath10k: Check tx_stats before use it
Sven Van Asbroeck <[email protected]>
dmaengine: imx-sdma: fix use-after-free on probe error path
Maurizio Lombardi <[email protected]>
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
Nathan Chancellor <[email protected]>
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
Kevin Darbyshire-Bryant <[email protected]>
MIPS: fix build on non-linux hosts
Stefan Hellermann <[email protected]>
MIPS: ath79: fix ar933x uart parity mode
-------------
Diffstat:
Documentation/atomic_t.txt | 3 +
.../devicetree/bindings/net/marvell-orion-mdio.txt | 2 +-
Documentation/scheduler/sched-pelt.c | 3 +-
Makefile | 4 +-
arch/arm/boot/dts/gemini-dlink-dir-685.dts | 2 +-
arch/arm64/Kconfig | 3 +-
arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 3 +-
arch/arm64/boot/dts/nvidia/tegra210.dtsi | 2 +-
arch/arm64/crypto/sha1-ce-glue.c | 2 +-
arch/arm64/crypto/sha2-ce-glue.c | 2 +-
arch/arm64/include/asm/irqflags.h | 4 +-
arch/arm64/kernel/acpi.c | 10 +-
arch/arm64/kernel/entry.S | 48 ++-
arch/arm64/kernel/image.h | 6 +-
arch/arm64/kernel/irq.c | 17 +
arch/arm64/mm/init.c | 5 +-
arch/mips/boot/compressed/Makefile | 2 +
arch/mips/boot/compressed/calc_vmlinuz_load_addr.c | 2 +-
arch/mips/include/asm/mach-ath79/ar933x_uart.h | 4 +-
arch/parisc/kernel/ptrace.c | 31 +-
arch/powerpc/include/asm/pgtable.h | 14 +
arch/powerpc/kernel/exceptions-64s.S | 9 +-
arch/powerpc/kernel/prom_init.c | 16 +-
arch/powerpc/kernel/swsusp_32.S | 73 +++-
arch/powerpc/kvm/book3s_hv.c | 13 +-
arch/powerpc/kvm/book3s_hv_tm.c | 6 +-
arch/powerpc/mm/pgtable_32.c | 2 +-
arch/powerpc/platforms/powermac/sleep.S | 68 +++-
arch/powerpc/platforms/powernv/npu-dma.c | 15 +-
arch/powerpc/platforms/powernv/pci-ioda.c | 10 +
arch/powerpc/platforms/pseries/hotplug-memory.c | 3 +
arch/powerpc/sysdev/xive/spapr.c | 52 ++-
arch/x86/events/amd/uncore.c | 15 +-
arch/x86/events/intel/core.c | 16 +-
arch/x86/events/intel/uncore.h | 10 +
arch/x86/events/intel/uncore_snbep.c | 1 +
arch/x86/include/asm/atomic.h | 8 +-
arch/x86/include/asm/atomic64_64.h | 8 +-
arch/x86/include/asm/barrier.h | 4 +-
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/intel-family.h | 1 +
arch/x86/kernel/cpu/cacheinfo.c | 3 +-
arch/x86/kernel/cpu/mkcapflags.sh | 2 +
arch/x86/kernel/mpparse.c | 10 +-
arch/x86/kvm/pmu.c | 4 +-
arch/x86/kvm/vmx/nested.c | 16 +-
arch/x86/kvm/vmx/vmx.c | 30 +-
block/bio.c | 28 +-
block/blk-cgroup.c | 8 +-
block/blk-iolatency.c | 51 +--
block/blk-throttle.c | 9 +-
block/blk-zoned.c | 2 +-
crypto/asymmetric_keys/Kconfig | 3 +
crypto/chacha20poly1305.c | 30 +-
crypto/ghash-generic.c | 8 +-
crypto/serpent_generic.c | 8 +-
crypto/testmgr.c | 6 +
drivers/acpi/acpica/acevents.h | 3 +-
drivers/acpi/acpica/evgpe.c | 8 +-
drivers/acpi/acpica/evgpeblk.c | 2 +-
drivers/acpi/acpica/evxface.c | 2 +-
drivers/acpi/acpica/evxfgpe.c | 2 +-
drivers/ata/libata-eh.c | 8 +-
drivers/base/regmap/regmap-debugfs.c | 2 +
drivers/base/regmap/regmap.c | 2 +
drivers/block/floppy.c | 34 +-
drivers/block/null_blk_main.c | 11 +-
drivers/bluetooth/btusb.c | 2 +
drivers/bluetooth/hci_bcsp.c | 5 +
drivers/clk/imx/clk-imx8mm.c | 6 +-
drivers/clocksource/exynos_mct.c | 4 +-
drivers/clocksource/timer-tegra20.c | 7 +-
drivers/crypto/amcc/crypto4xx_alg.c | 36 +-
drivers/crypto/amcc/crypto4xx_core.c | 24 +-
drivers/crypto/amcc/crypto4xx_core.h | 10 +-
drivers/crypto/amcc/crypto4xx_trng.c | 1 -
drivers/crypto/caam/caamalg.c | 10 +-
drivers/crypto/caam/caamalg_qi.c | 2 +-
drivers/crypto/caam/caamalg_qi2.c | 9 +
drivers/crypto/caam/qi.c | 3 +
drivers/crypto/ccp/ccp-dev.c | 96 +++---
drivers/crypto/ccp/ccp-dev.h | 2 +-
drivers/crypto/ccp/ccp-ops.c | 15 +-
drivers/crypto/inside-secure/safexcel_cipher.c | 24 +-
drivers/crypto/talitos.c | 35 +-
drivers/dma/imx-sdma.c | 48 +--
drivers/edac/edac_mc_sysfs.c | 34 +-
drivers/edac/edac_module.h | 2 +-
drivers/gpio/gpio-omap.c | 29 +-
drivers/gpio/gpiolib.c | 13 +-
drivers/gpu/drm/drm_edid.c | 81 ++++-
drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c | 20 ++
drivers/gpu/ipu-v3/ipu-ic.c | 2 +-
drivers/hid/wacom_sys.c | 3 +
drivers/hid/wacom_wac.c | 19 +-
drivers/hid/wacom_wac.h | 1 +
drivers/hwtracing/intel_th/msu.c | 2 +-
drivers/hwtracing/intel_th/pci.c | 5 +
drivers/i3c/master.c | 51 ++-
drivers/infiniband/hw/mlx5/main.c | 8 +-
drivers/infiniband/ulp/ipoib/ipoib_main.c | 1 +
drivers/infiniband/ulp/srp/ib_srp.c | 21 +-
drivers/input/mouse/alps.c | 32 ++
drivers/input/mouse/synaptics.c | 1 +
drivers/input/tablet/gtco.c | 20 +-
drivers/iommu/iommu.c | 8 +-
drivers/irqchip/irq-gic-v3.c | 7 +
drivers/irqchip/irq-meson-gpio.c | 1 +
drivers/lightnvm/pblk-core.c | 18 +-
drivers/md/bcache/alloc.c | 9 +
drivers/md/bcache/bcache.h | 2 -
drivers/md/bcache/io.c | 12 +
drivers/md/bcache/journal.c | 52 ++-
drivers/md/bcache/super.c | 25 +-
drivers/md/bcache/sysfs.c | 4 +-
drivers/md/bcache/util.h | 2 -
drivers/md/bcache/writeback.c | 5 +
drivers/md/dm-bufio.c | 4 +-
drivers/md/dm-zoned-metadata.c | 24 --
drivers/md/dm-zoned.h | 28 +-
drivers/md/raid5.c | 11 +-
drivers/media/common/videobuf2/videobuf2-core.c | 4 +
drivers/media/common/videobuf2/videobuf2-dma-sg.c | 2 +-
drivers/media/dvb-frontends/tua6100.c | 22 +-
drivers/media/i2c/Makefile | 2 +-
drivers/media/i2c/{adv7511.c => adv7511-v4l2.c} | 5 +
drivers/media/i2c/mt9m111.c | 8 +-
drivers/media/i2c/ov7740.c | 6 +-
drivers/media/media-device.c | 10 +-
drivers/media/pci/saa7164/saa7164-core.c | 33 +-
drivers/media/platform/aspeed-video.c | 5 +-
drivers/media/platform/coda/coda-bit.c | 9 +-
drivers/media/platform/coda/coda-common.c | 2 +
drivers/media/platform/davinci/vpif_capture.c | 16 +-
drivers/media/platform/davinci/vpss.c | 5 +
drivers/media/platform/marvell-ccic/mcam-core.c | 5 +-
drivers/media/platform/qcom/venus/firmware.c | 6 +-
drivers/media/platform/rcar_fdp1.c | 8 +
drivers/media/platform/s5p-mfc/s5p_mfc.c | 3 +-
drivers/media/platform/s5p-mfc/s5p_mfc_pm.c | 5 +
drivers/media/platform/vim2m.c | 6 +-
drivers/media/platform/vimc/vimc-capture.c | 5 +-
drivers/media/radio/wl128x/fmdrv_v4l2.c | 3 +
drivers/media/rc/ir-spi.c | 1 +
drivers/media/usb/dvb-usb/dvb-usb-init.c | 7 +-
drivers/media/usb/hdpvr/hdpvr-video.c | 17 +-
drivers/media/usb/uvc/uvc_ctrl.c | 4 +-
drivers/media/usb/zr364xx/zr364xx.c | 3 +-
drivers/media/v4l2-core/v4l2-ctrls.c | 27 +-
drivers/mmc/host/sdhci-msm.c | 9 +-
drivers/mtd/nand/raw/mtk_nand.c | 24 +-
drivers/mtd/nand/spi/core.c | 2 +-
drivers/net/bonding/bond_main.c | 37 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 5 +-
.../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 4 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 33 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.h | 3 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 20 +-
drivers/net/ethernet/freescale/fec_main.c | 6 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.c | 2 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 146 ++++----
drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 6 +-
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 +-
.../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 7 +
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 6 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 14 +-
drivers/net/ethernet/intel/iavf/iavf_txrx.c | 27 +-
drivers/net/ethernet/intel/igb/igb_main.c | 1 +
drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 3 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 3 +
drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 1 +
drivers/net/ethernet/marvell/mvmdio.c | 7 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 3 +-
drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 +-
drivers/net/ethernet/qlogic/qed/qed_dev.c | 29 +-
drivers/net/ethernet/qlogic/qed/qed_iwarp.c | 2 +
drivers/net/ethernet/qlogic/qed/qed_rdma.c | 2 +-
drivers/net/ethernet/socionext/netsec.c | 32 +-
drivers/net/ethernet/stmicro/stmmac/common.h | 2 +-
drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 5 +
.../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 6 +
drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 20 +-
drivers/net/gtp.c | 36 +-
drivers/net/phy/phy_device.c | 6 +
drivers/net/phy/sfp.c | 6 +-
drivers/net/usb/asix_devices.c | 6 +-
drivers/net/vxlan.c | 37 +-
drivers/net/wireless/ath/ath10k/debugfs_sta.c | 7 +
drivers/net/wireless/ath/ath10k/htt_rx.c | 4 +-
drivers/net/wireless/ath/ath10k/hw.c | 2 +-
drivers/net/wireless/ath/ath10k/mac.c | 14 +-
drivers/net/wireless/ath/ath10k/pci.c | 9 +-
drivers/net/wireless/ath/ath10k/qmi.c | 1 +
drivers/net/wireless/ath/ath10k/sdio.c | 7 +
drivers/net/wireless/ath/ath10k/txrx.c | 3 +
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 +-
drivers/net/wireless/ath/ath10k/wmi.h | 7 +-
drivers/net/wireless/ath/ath6kl/wmi.c | 10 +-
drivers/net/wireless/ath/ath9k/hw.c | 32 +-
drivers/net/wireless/ath/ath9k/recv.c | 6 +-
drivers/net/wireless/ath/ath9k/xmit.c | 7 +-
drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +-
drivers/net/wireless/ath/wil6210/interrupt.c | 67 ++--
drivers/net/wireless/ath/wil6210/txrx.c | 1 +
drivers/net/wireless/ath/wil6210/wmi.c | 13 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 -
drivers/net/wireless/intel/iwlwifi/fw/dbg.h | 6 +-
drivers/net/wireless/intel/iwlwifi/fw/smem.c | 12 +-
drivers/net/wireless/intel/iwlwifi/iwl-csr.h | 1 +
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 53 ++-
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 +
drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 3 +
.../wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 2 +-
.../net/wireless/intel/iwlwifi/pcie/ctxt-info.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 27 ++
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 66 ++--
.../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 9 +
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 8 +-
drivers/net/wireless/mediatek/mt7601u/dma.c | 54 +--
drivers/net/wireless/mediatek/mt7601u/tx.c | 4 +-
drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 12 +-
drivers/net/wireless/realtek/rtlwifi/usb.c | 5 +-
drivers/nvdimm/dax_devs.c | 2 +-
drivers/nvdimm/pfn.h | 1 +
drivers/nvdimm/pfn_devs.c | 18 +-
drivers/nvme/host/core.c | 14 +-
drivers/nvme/host/pci.c | 14 +-
drivers/opp/core.c | 2 +-
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pci-hyperv.c | 15 +-
drivers/pci/pci.c | 36 +-
drivers/pci/pci.h | 1 +
drivers/pci/pcie/portdrv_core.c | 66 ++++
drivers/ras/cec.c | 4 +-
drivers/regulator/da9211-regulator.c | 2 +
drivers/regulator/s2mps11.c | 9 +-
drivers/regulator/s5m8767.c | 4 +-
drivers/regulator/tps65090-regulator.c | 7 +-
drivers/s390/cio/qdio_main.c | 1 +
drivers/s390/scsi/zfcp_fsf.c | 55 ++-
drivers/scsi/NCR5380.c | 18 +-
drivers/scsi/NCR5380.h | 2 +-
drivers/scsi/mac_scsi.c | 375 ++++++++++++---------
drivers/scsi/megaraid/megaraid_sas_base.c | 3 +-
drivers/scsi/scsi_lib.c | 6 +-
drivers/scsi/sd_zbc.c | 2 +-
drivers/spi/spi-rockchip.c | 4 +-
drivers/spi/spi.c | 12 +-
drivers/staging/media/davinci_vpfe/vpfe_video.c | 3 +
drivers/staging/media/imx/imx7-mipi-csis.c | 14 +-
drivers/target/iscsi/iscsi_target_auth.c | 16 +-
drivers/usb/core/devio.c | 48 +--
drivers/usb/core/hub.c | 7 +-
drivers/vhost/net.c | 2 +-
drivers/xen/balloon.c | 16 +-
drivers/xen/events/events_base.c | 12 +-
drivers/xen/evtchn.c | 2 +-
fs/btrfs/file.c | 5 +
fs/btrfs/tree-log.c | 40 ++-
fs/ceph/file.c | 2 +-
fs/cifs/cifs_fs_sb.h | 5 +
fs/cifs/connect.c | 12 +-
fs/cifs/inode.c | 16 +
fs/cifs/misc.c | 1 +
fs/cifs/smb2inode.c | 12 +
fs/cifs/smb2ops.c | 57 +++-
fs/coda/file.c | 70 +++-
fs/crypto/crypto.c | 15 +-
fs/dax.c | 53 +--
fs/ecryptfs/crypto.c | 12 +-
fs/fs-writeback.c | 8 +-
fs/nfs/dir.c | 90 +----
fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 +-
fs/nfs/inode.c | 1 +
fs/nfs/internal.h | 3 +-
fs/nfs/nfs4file.c | 2 +-
fs/nfs/pnfs.c | 2 +-
fs/proc/proc_sysctl.c | 4 +
fs/pstore/inode.c | 13 +-
fs/xfs/xfs_file.c | 6 +-
include/asm-generic/bug.h | 6 +-
include/drm/drm_displayid.h | 10 +
include/linux/blkdev.h | 4 +-
include/linux/cpuhotplug.h | 2 +-
include/linux/mm.h | 5 +
include/linux/rcupdate.h | 2 +-
include/linux/sched/signal.h | 2 +-
include/net/ip_vs.h | 6 +-
include/net/xdp_sock.h | 2 +
include/rdma/ib_verbs.h | 4 +-
include/sound/hda_codec.h | 2 +
include/trace/events/rxrpc.h | 2 +-
include/uapi/linux/bpf.h | 1 +
include/xen/events.h | 3 +-
kernel/bpf/Makefile | 1 +
kernel/bpf/core.c | 4 +-
kernel/bpf/verifier.c | 11 +-
kernel/iomem.c | 2 +-
kernel/irq/chip.c | 4 +
kernel/irq/irqdesc.c | 16 +-
kernel/locking/lockdep.c | 59 ++--
kernel/padata.c | 12 +
kernel/pid_namespace.c | 2 +-
kernel/resource.c | 20 +-
kernel/sched/core.c | 2 +-
kernel/sched/sched-pelt.h | 2 +-
kernel/signal.c | 136 ++++++--
kernel/time/ntp.c | 4 +-
kernel/time/timer_list.c | 36 +-
lib/reed_solomon/decode_rs.c | 18 +-
lib/scatterlist.c | 9 +-
net/9p/trans_virtio.c | 8 +-
net/9p/trans_xen.c | 8 +-
net/batman-adv/bat_iv_ogm.c | 4 +-
net/batman-adv/hard-interface.c | 3 +
net/batman-adv/translation-table.c | 2 +
net/batman-adv/types.h | 3 +
net/bluetooth/6lowpan.c | 14 +-
net/bluetooth/hci_event.c | 5 +
net/bluetooth/hidp/core.c | 2 +-
net/bluetooth/hidp/sock.c | 1 +
net/bluetooth/l2cap_core.c | 15 +-
net/bluetooth/smp.c | 13 +
net/key/af_key.c | 8 +-
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
net/netfilter/ipvs/ip_vs_core.c | 21 +-
net/netfilter/ipvs/ip_vs_ctl.c | 4 -
net/netfilter/ipvs/ip_vs_sync.c | 134 ++++----
net/netfilter/nf_conntrack_netlink.c | 7 +-
net/netfilter/nf_conntrack_proto_icmp.c | 2 +-
net/netfilter/nf_nat_proto.c | 2 +-
net/netfilter/utils.c | 5 +-
net/sunrpc/clnt.c | 3 +-
net/sunrpc/xprt.c | 2 +
net/sunrpc/xprtsock.c | 1 +
net/xdp/xsk.c | 31 +-
net/xdp/xsk_queue.h | 2 +-
net/xfrm/Kconfig | 2 +
net/xfrm/xfrm_user.c | 19 ++
scripts/kconfig/confdata.c | 7 +-
scripts/kconfig/expr.h | 1 +
security/integrity/digsig.c | 5 +-
security/selinux/hooks.c | 11 +-
sound/core/seq/seq_clientmgr.c | 11 +-
sound/hda/hdac_controller.c | 5 +-
sound/pci/hda/hda_codec.c | 8 +-
sound/pci/hda/patch_hdmi.c | 31 +-
sound/pci/hda/patch_realtek.c | 10 +-
sound/soc/codecs/hdac_hdmi.c | 6 +
sound/soc/generic/audio-graph-card.c | 6 +-
sound/soc/meson/axg-tdm.h | 2 +-
sound/soc/sh/rcar/ctu.c | 2 +-
sound/soc/soc-core.c | 20 +-
sound/soc/soc-dapm.c | 18 +-
tools/bpf/bpftool/jit_disasm.c | 11 +-
tools/include/uapi/linux/bpf.h | 1 +
tools/lib/bpf/libbpf.c | 8 +-
tools/lib/bpf/xsk.c | 6 +-
tools/perf/arch/arm/util/cs-etm.c | 127 ++++++-
tools/perf/jvmti/libjvmti.c | 4 +-
tools/perf/perf.h | 2 +-
tools/perf/tests/parse-events.c | 27 ++
.../tests/shell/record+probe_libc_inet_pton.sh | 2 +-
tools/perf/ui/browsers/annotate.c | 5 +-
tools/perf/util/annotate.c | 5 +-
tools/perf/util/evsel.c | 8 +-
tools/perf/util/header.c | 2 +-
tools/perf/util/metricgroup.c | 47 ++-
tools/perf/util/stat-display.c | 3 +-
tools/perf/util/stat-shadow.c | 23 +-
tools/power/cpupower/utils/cpufreq-set.c | 2 +
.../selftests/bpf/progs/test_lwt_seg6local.c | 12 +-
375 files changed, 3753 insertions(+), 1601 deletions(-)
[ Upstream commit e45c48a9a4d20ebc7b639a62c3ef8f4b08007027 ]
This patch adds the necessary intelligence to properly compute the value
of 'old' and 'head' when operating in snapshot mode. That way we can
get the latest information in the AUX buffer and be compatible with the
generic AUX ring buffer mechanic.
Tester notes:
> Leo, have you had the chance to test/review this one? Suzuki?
Sure. I applied this patch on the perf/core branch (with latest
commit 3e4fbf36c1e3 'perf augmented_raw_syscalls: Move reading
filename to the loop') and passed testing with below steps:
# perf record -e cs_etm/@tmc_etr0/ -S -m,64 --per-thread ./sort &
[1] 19097
Bubble sorting array of 30000 elements
# kill -USR2 19097
# kill -USR2 19097
# kill -USR2 19097
[ perf record: Woken up 4 times to write data ]
[ perf record: Captured and wrote 0.753 MB perf.data ]
Signed-off-by: Mathieu Poirier <[email protected]>
Tested-by: Leo Yan <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Suzuki Poulouse <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
tools/perf/arch/arm/util/cs-etm.c | 127 +++++++++++++++++++++++++++++-
1 file changed, 123 insertions(+), 4 deletions(-)
diff --git a/tools/perf/arch/arm/util/cs-etm.c b/tools/perf/arch/arm/util/cs-etm.c
index 911426721170..0a278bbcaba6 100644
--- a/tools/perf/arch/arm/util/cs-etm.c
+++ b/tools/perf/arch/arm/util/cs-etm.c
@@ -31,6 +31,8 @@ struct cs_etm_recording {
struct auxtrace_record itr;
struct perf_pmu *cs_etm_pmu;
struct perf_evlist *evlist;
+ int wrapped_cnt;
+ bool *wrapped;
bool snapshot_mode;
size_t snapshot_size;
};
@@ -536,16 +538,131 @@ static int cs_etm_info_fill(struct auxtrace_record *itr,
return 0;
}
-static int cs_etm_find_snapshot(struct auxtrace_record *itr __maybe_unused,
+static int cs_etm_alloc_wrapped_array(struct cs_etm_recording *ptr, int idx)
+{
+ bool *wrapped;
+ int cnt = ptr->wrapped_cnt;
+
+ /* Make @ptr->wrapped as big as @idx */
+ while (cnt <= idx)
+ cnt++;
+
+ /*
+ * Free'ed in cs_etm_recording_free(). Using realloc() to avoid
+ * cross compilation problems where the host's system supports
+ * reallocarray() but not the target.
+ */
+ wrapped = realloc(ptr->wrapped, cnt * sizeof(bool));
+ if (!wrapped)
+ return -ENOMEM;
+
+ wrapped[cnt - 1] = false;
+ ptr->wrapped_cnt = cnt;
+ ptr->wrapped = wrapped;
+
+ return 0;
+}
+
+static bool cs_etm_buffer_has_wrapped(unsigned char *buffer,
+ size_t buffer_size, u64 head)
+{
+ u64 i, watermark;
+ u64 *buf = (u64 *)buffer;
+ size_t buf_size = buffer_size;
+
+ /*
+ * We want to look the very last 512 byte (chosen arbitrarily) in
+ * the ring buffer.
+ */
+ watermark = buf_size - 512;
+
+ /*
+ * @head is continuously increasing - if its value is equal or greater
+ * than the size of the ring buffer, it has wrapped around.
+ */
+ if (head >= buffer_size)
+ return true;
+
+ /*
+ * The value of @head is somewhere within the size of the ring buffer.
+ * This can be that there hasn't been enough data to fill the ring
+ * buffer yet or the trace time was so long that @head has numerically
+ * wrapped around. To find we need to check if we have data at the very
+ * end of the ring buffer. We can reliably do this because mmap'ed
+ * pages are zeroed out and there is a fresh mapping with every new
+ * session.
+ */
+
+ /* @head is less than 512 byte from the end of the ring buffer */
+ if (head > watermark)
+ watermark = head;
+
+ /*
+ * Speed things up by using 64 bit transactions (see "u64 *buf" above)
+ */
+ watermark >>= 3;
+ buf_size >>= 3;
+
+ /*
+ * If we find trace data at the end of the ring buffer, @head has
+ * been there and has numerically wrapped around at least once.
+ */
+ for (i = watermark; i < buf_size; i++)
+ if (buf[i])
+ return true;
+
+ return false;
+}
+
+static int cs_etm_find_snapshot(struct auxtrace_record *itr,
int idx, struct auxtrace_mmap *mm,
- unsigned char *data __maybe_unused,
+ unsigned char *data,
u64 *head, u64 *old)
{
+ int err;
+ bool wrapped;
+ struct cs_etm_recording *ptr =
+ container_of(itr, struct cs_etm_recording, itr);
+
+ /*
+ * Allocate memory to keep track of wrapping if this is the first
+ * time we deal with this *mm.
+ */
+ if (idx >= ptr->wrapped_cnt) {
+ err = cs_etm_alloc_wrapped_array(ptr, idx);
+ if (err)
+ return err;
+ }
+
+ /*
+ * Check to see if *head has wrapped around. If it hasn't only the
+ * amount of data between *head and *old is snapshot'ed to avoid
+ * bloating the perf.data file with zeros. But as soon as *head has
+ * wrapped around the entire size of the AUX ring buffer it taken.
+ */
+ wrapped = ptr->wrapped[idx];
+ if (!wrapped && cs_etm_buffer_has_wrapped(data, mm->len, *head)) {
+ wrapped = true;
+ ptr->wrapped[idx] = true;
+ }
+
pr_debug3("%s: mmap index %d old head %zu new head %zu size %zu\n",
__func__, idx, (size_t)*old, (size_t)*head, mm->len);
- *old = *head;
- *head += mm->len;
+ /* No wrap has occurred, we can just use *head and *old. */
+ if (!wrapped)
+ return 0;
+
+ /*
+ * *head has wrapped around - adjust *head and *old to pickup the
+ * entire content of the AUX buffer.
+ */
+ if (*head >= mm->len) {
+ *old = *head - mm->len;
+ } else {
+ *head += mm->len;
+ *old = *head - mm->len;
+ }
return 0;
}
@@ -586,6 +703,8 @@ static void cs_etm_recording_free(struct auxtrace_record *itr)
{
struct cs_etm_recording *ptr =
container_of(itr, struct cs_etm_recording, itr);
+
+ zfree(&ptr->wrapped);
free(ptr);
}
--
2.20.1
[ Upstream commit f9070dc94542093fd516ae4ccea17ef46a4362c5 ]
The locking in force_sig_info is not prepared to deal with a task that
exits or execs (as sighand may change). The is not a locking problem
in force_sig as force_sig is only built to handle synchronous
exceptions.
Further the function force_sig_info changes the signal state if the
signal is ignored, or blocked or if SIGNAL_UNKILLABLE will prevent the
delivery of the signal. The signal SIGKILL can not be ignored and can
not be blocked and SIGNAL_UNKILLABLE won't prevent it from being
delivered.
So using force_sig rather than send_sig for SIGKILL is confusing
and pointless.
Because it won't impact the sending of the signal and and because
using force_sig is wrong, replace force_sig with send_sig.
Cc: Daniel Lezcano <[email protected]>
Cc: Serge Hallyn <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Fixes: cf3f89214ef6 ("pidns: add reboot_pid_ns() to handle the reboot syscall")
Signed-off-by: "Eric W. Biederman" <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
kernel/pid_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index aa6e72fb7c08..098233ebe589 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -325,7 +325,7 @@ int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd)
}
read_lock(&tasklist_lock);
- force_sig(SIGKILL, pid_ns->child_reaper);
+ send_sig(SIGKILL, pid_ns->child_reaper, 1);
read_unlock(&tasklist_lock);
do_exit(0);
--
2.20.1
[ Upstream commit e32d045cd4ba06b59878323e434bad010e78e658 ]
Add the CPUID model number of Ice Lake Neural Network Processor for Deep
Learning Inference (ICL-NNPI) to the Intel family list. Ice Lake NNPI uses
model number 0x9D and this will be documented in a future version of Intel
Software Development Manual.
Signed-off-by: Rajneesh Bhardwaj <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: Borislav Petkov <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Andy Shevchenko <[email protected]>
Cc: "H. Peter Anvin" <[email protected]>
Cc: Kan Liang <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: [email protected]
Cc: Qiuxu Zhuo <[email protected]>
Cc: Srinivas Pandruvada <[email protected]>
Cc: Len Brown <[email protected]>
Cc: Linux PM <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/include/asm/intel-family.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h
index 310118805f57..f60ddd655c78 100644
--- a/arch/x86/include/asm/intel-family.h
+++ b/arch/x86/include/asm/intel-family.h
@@ -56,6 +56,7 @@
#define INTEL_FAM6_ICELAKE_XEON_D 0x6C
#define INTEL_FAM6_ICELAKE_DESKTOP 0x7D
#define INTEL_FAM6_ICELAKE_MOBILE 0x7E
+#define INTEL_FAM6_ICELAKE_NNPI 0x9D
/* "Small Core" Processors (Atom) */
--
2.20.1
[ Upstream commit 8c655784e2cf59cb6140759b8b546d98261d1ad9 ]
With gcc-4.6.3:
WARNING: vmlinux.o(.text.unlikely+0x24c64): Section mismatch in reference from the function __integrity_init_keyring() to the function .init.text:set_platform_trusted_keys()
The function __integrity_init_keyring() references
the function __init set_platform_trusted_keys().
This is often because __integrity_init_keyring lacks a __init
annotation or the annotation of set_platform_trusted_keys is wrong.
Indeed, if the compiler decides not to inline __integrity_init_keyring(),
a warning is issued.
Fix this by adding the missing __init annotation.
Fixes: 9dc92c45177ab70e ("integrity: Define a trusted platform keyring")
Signed-off-by: Geert Uytterhoeven <[email protected]>
Reviewed-by: Nayna Jain <[email protected]>
Reviewed-by: James Morris <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
security/integrity/digsig.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index e19c2eb72c51..37869214c243 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -73,8 +73,9 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
return -EOPNOTSUPP;
}
-static int __integrity_init_keyring(const unsigned int id, key_perm_t perm,
- struct key_restriction *restriction)
+static int __init __integrity_init_keyring(const unsigned int id,
+ key_perm_t perm,
+ struct key_restriction *restriction)
{
const struct cred *cred = current_cred();
int err = 0;
--
2.20.1
[ Upstream commit b2ce5617dad254230551feda3599f2cc68e53ad8 ]
When building with CONFIG_VIDEO_ADV7511 and CONFIG_DRM_I2C_ADV7511
enabled as loadable modules, we see the following warning:
drivers/gpu/drm/bridge/adv7511/adv7511.ko
drivers/media/i2c/adv7511.ko
Rework so that the file is named adv7511-v4l2.c.
Signed-off-by: Anders Roxell <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/i2c/Makefile | 2 +-
drivers/media/i2c/{adv7511.c => adv7511-v4l2.c} | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
rename drivers/media/i2c/{adv7511.c => adv7511-v4l2.c} (99%)
diff --git a/drivers/media/i2c/Makefile b/drivers/media/i2c/Makefile
index a64fca82e0c4..55a3a2dee2de 100644
--- a/drivers/media/i2c/Makefile
+++ b/drivers/media/i2c/Makefile
@@ -35,7 +35,7 @@ obj-$(CONFIG_VIDEO_ADV748X) += adv748x/
obj-$(CONFIG_VIDEO_ADV7604) += adv7604.o
obj-$(CONFIG_VIDEO_ADV7842) += adv7842.o
obj-$(CONFIG_VIDEO_AD9389B) += ad9389b.o
-obj-$(CONFIG_VIDEO_ADV7511) += adv7511.o
+obj-$(CONFIG_VIDEO_ADV7511) += adv7511-v4l2.o
obj-$(CONFIG_VIDEO_VPX3220) += vpx3220.o
obj-$(CONFIG_VIDEO_VS6624) += vs6624.o
obj-$(CONFIG_VIDEO_BT819) += bt819.o
diff --git a/drivers/media/i2c/adv7511.c b/drivers/media/i2c/adv7511-v4l2.c
similarity index 99%
rename from drivers/media/i2c/adv7511.c
rename to drivers/media/i2c/adv7511-v4l2.c
index cec5ebb1c9e6..2ad6bdf1a9fc 100644
--- a/drivers/media/i2c/adv7511.c
+++ b/drivers/media/i2c/adv7511-v4l2.c
@@ -5,6 +5,11 @@
* Copyright 2013 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
*/
+/*
+ * This file is named adv7511-v4l2.c so it doesn't conflict with the Analog
+ * Device ADV7511 (config fragment CONFIG_DRM_I2C_ADV7511).
+ */
+
#include <linux/kernel.h>
#include <linux/module.h>
--
2.20.1
[ Upstream commit 56d159a4ec6d8da7313aac6fcbb95d8fffe689ba ]
Sequence number handling assumed that the BIT processor frame number
starts counting at 1, but this is not true for the MPEG-2 decoder,
which starts at 0. Fix the sequence counter offset detection to handle
this.
Signed-off-by: Philipp Zabel <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/platform/coda/coda-bit.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index eaa86737fa04..5eb93ac060d5 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -1743,6 +1743,7 @@ static int __coda_start_decoding(struct coda_ctx *ctx)
v4l2_err(&dev->v4l2_dev, "CODA_COMMAND_SEQ_INIT timeout\n");
return ret;
}
+ ctx->sequence_offset = ~0U;
ctx->initialized = 1;
/* Update kfifo out pointer from coda bitstream read pointer */
@@ -2155,7 +2156,9 @@ static void coda_finish_decode(struct coda_ctx *ctx)
v4l2_err(&dev->v4l2_dev,
"decoded frame index out of range: %d\n", decoded_idx);
} else {
- val = coda_read(dev, CODA_RET_DEC_PIC_FRAME_NUM) - 1;
+ val = coda_read(dev, CODA_RET_DEC_PIC_FRAME_NUM);
+ if (ctx->sequence_offset == -1)
+ ctx->sequence_offset = val;
val -= ctx->sequence_offset;
spin_lock(&ctx->buffer_meta_lock);
if (!list_empty(&ctx->buffer_meta_list)) {
--
2.20.1
[ Upstream commit f3775f89852d167990b0d718587774cf00d22ac2 ]
coda_encoder_cmd() is racy, as the last scheduled picture run worker can
still be in-flight while the ENC_CMD_STOP command is issued. Depending
on the exact timing the sequence numbers might already be changed, but
the last buffer might not have been put on the destination queue yet.
In this case the current implementation would prematurely wake the
destination queue with last_buffer_dequeued=true, causing userspace to
call streamoff before the last buffer is handled.
Close this race window by synchronizing with the pic_run_worker before
doing the sequence check.
Signed-off-by: Marco Felsch <[email protected]>
[[email protected]: switch to flush_work, reword commit message]
Signed-off-by: Lucas Stach <[email protected]>
Signed-off-by: Philipp Zabel <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/platform/coda/coda-common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c
index fa0b22fb7991..9bf2116ffc76 100644
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -1007,6 +1007,8 @@ static int coda_encoder_cmd(struct file *file, void *fh,
/* Set the stream-end flag on this context */
ctx->bit_stream_param |= CODA_BIT_STREAM_END_FLAG;
+ flush_work(&ctx->pic_run_work);
+
/* If there is no buffer in flight, wake up */
if (!ctx->streamon_out || ctx->qsequence == ctx->osequence) {
dst_vq = v4l2_m2m_get_vq(ctx->fh.m2m_ctx,
--
2.20.1
[ Upstream commit 44758bafa53602f2581a6857bb20b55d4d8ad5b2 ]
ACPI GPEs (other than the EC one) can be enabled in two situations.
First, the GPEs with existing _Lxx and _Exx methods are enabled
implicitly by ACPICA during system initialization. Second, the
GPEs without these methods (like GPEs listed by _PRW objects for
wakeup devices) need to be enabled directly by the code that is
going to use them (e.g. ACPI power management or device drivers).
In the former case, if the status of a given GPE is set to start
with, its handler method (either _Lxx or _Exx) needs to be invoked
to take care of the events (possibly) signaled before the GPE was
enabled. In the latter case, however, the first caller of
acpi_enable_gpe() for a given GPE should not be expected to care
about any events that might be signaled through it earlier. In
that case, it is better to clear the status of the GPE before
enabling it, to prevent stale events from triggering unwanted
actions (like spurious system resume, for example).
For this reason, modify acpi_ev_add_gpe_reference() to take an
additional boolean argument indicating whether or not the GPE
status needs to be cleared when its reference counter changes from
zero to one and make acpi_enable_gpe() pass TRUE to it through
that new argument.
Fixes: 18996f2db918 ("ACPICA: Events: Stop unconditionally clearing ACPI IRQs during suspend/resume")
Reported-by: Furquan Shaikh <[email protected]>
Tested-by: Furquan Shaikh <[email protected]>
Tested-by: Mika Westerberg <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/acpi/acpica/acevents.h | 3 ++-
drivers/acpi/acpica/evgpe.c | 8 +++++++-
drivers/acpi/acpica/evgpeblk.c | 2 +-
drivers/acpi/acpica/evxface.c | 2 +-
drivers/acpi/acpica/evxfgpe.c | 2 +-
5 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/acpica/acevents.h b/drivers/acpi/acpica/acevents.h
index 831660179662..c8652f91054e 100644
--- a/drivers/acpi/acpica/acevents.h
+++ b/drivers/acpi/acpica/acevents.h
@@ -69,7 +69,8 @@ acpi_status
acpi_ev_mask_gpe(struct acpi_gpe_event_info *gpe_event_info, u8 is_masked);
acpi_status
-acpi_ev_add_gpe_reference(struct acpi_gpe_event_info *gpe_event_info);
+acpi_ev_add_gpe_reference(struct acpi_gpe_event_info *gpe_event_info,
+ u8 clear_on_enable);
acpi_status
acpi_ev_remove_gpe_reference(struct acpi_gpe_event_info *gpe_event_info);
diff --git a/drivers/acpi/acpica/evgpe.c b/drivers/acpi/acpica/evgpe.c
index 62d3aa74277b..344feba29063 100644
--- a/drivers/acpi/acpica/evgpe.c
+++ b/drivers/acpi/acpica/evgpe.c
@@ -146,6 +146,7 @@ acpi_ev_mask_gpe(struct acpi_gpe_event_info *gpe_event_info, u8 is_masked)
* FUNCTION: acpi_ev_add_gpe_reference
*
* PARAMETERS: gpe_event_info - Add a reference to this GPE
+ * clear_on_enable - Clear GPE status before enabling it
*
* RETURN: Status
*
@@ -155,7 +156,8 @@ acpi_ev_mask_gpe(struct acpi_gpe_event_info *gpe_event_info, u8 is_masked)
******************************************************************************/
acpi_status
-acpi_ev_add_gpe_reference(struct acpi_gpe_event_info *gpe_event_info)
+acpi_ev_add_gpe_reference(struct acpi_gpe_event_info *gpe_event_info,
+ u8 clear_on_enable)
{
acpi_status status = AE_OK;
@@ -170,6 +172,10 @@ acpi_ev_add_gpe_reference(struct acpi_gpe_event_info *gpe_event_info)
/* Enable on first reference */
+ if (clear_on_enable) {
+ (void)acpi_hw_clear_gpe(gpe_event_info);
+ }
+
status = acpi_ev_update_gpe_enable_mask(gpe_event_info);
if (ACPI_SUCCESS(status)) {
status = acpi_ev_enable_gpe(gpe_event_info);
diff --git a/drivers/acpi/acpica/evgpeblk.c b/drivers/acpi/acpica/evgpeblk.c
index 328d1d6123ad..fb15e9e2373b 100644
--- a/drivers/acpi/acpica/evgpeblk.c
+++ b/drivers/acpi/acpica/evgpeblk.c
@@ -453,7 +453,7 @@ acpi_ev_initialize_gpe_block(struct acpi_gpe_xrupt_info *gpe_xrupt_info,
continue;
}
- status = acpi_ev_add_gpe_reference(gpe_event_info);
+ status = acpi_ev_add_gpe_reference(gpe_event_info, FALSE);
if (ACPI_FAILURE(status)) {
ACPI_EXCEPTION((AE_INFO, status,
"Could not enable GPE 0x%02X",
diff --git a/drivers/acpi/acpica/evxface.c b/drivers/acpi/acpica/evxface.c
index 3df00eb6621b..279ef0557aa3 100644
--- a/drivers/acpi/acpica/evxface.c
+++ b/drivers/acpi/acpica/evxface.c
@@ -971,7 +971,7 @@ acpi_remove_gpe_handler(acpi_handle gpe_device,
ACPI_GPE_DISPATCH_METHOD) ||
(ACPI_GPE_DISPATCH_TYPE(handler->original_flags) ==
ACPI_GPE_DISPATCH_NOTIFY)) && handler->originally_enabled) {
- (void)acpi_ev_add_gpe_reference(gpe_event_info);
+ (void)acpi_ev_add_gpe_reference(gpe_event_info, FALSE);
if (ACPI_GPE_IS_POLLING_NEEDED(gpe_event_info)) {
/* Poll edge triggered GPEs to handle existing events */
diff --git a/drivers/acpi/acpica/evxfgpe.c b/drivers/acpi/acpica/evxfgpe.c
index 30a083902f52..710488ec59e9 100644
--- a/drivers/acpi/acpica/evxfgpe.c
+++ b/drivers/acpi/acpica/evxfgpe.c
@@ -108,7 +108,7 @@ acpi_status acpi_enable_gpe(acpi_handle gpe_device, u32 gpe_number)
if (gpe_event_info) {
if (ACPI_GPE_DISPATCH_TYPE(gpe_event_info->flags) !=
ACPI_GPE_DISPATCH_NONE) {
- status = acpi_ev_add_gpe_reference(gpe_event_info);
+ status = acpi_ev_add_gpe_reference(gpe_event_info, TRUE);
if (ACPI_SUCCESS(status) &&
ACPI_GPE_IS_POLLING_NEEDED(gpe_event_info)) {
--
2.20.1
[ Upstream commit 9f94c7f947e919c343b30f080285af53d0fa9902 ]
Attempting to profile 1024 or more CPUs with perf causes two errors:
perf record -a
[ perf record: Woken up X times to write data ]
way too many cpu caches..
[ perf record: Captured and wrote X MB perf.data (X samples) ]
perf report -C 1024
Error: failed to set cpu bitmap
Requested CPU 1024 too large. Consider raising MAX_NR_CPUS
Increasing MAX_NR_CPUS from 1024 to 2048 and redefining MAX_CACHES as
MAX_NR_CPUS * 4 returns normal functionality to perf:
perf record -a
[ perf record: Woken up X times to write data ]
[ perf record: Captured and wrote X MB perf.data (X samples) ]
perf report -C 1024
...
Signed-off-by: Kyle Meyer <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Namhyung Kim <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
tools/perf/perf.h | 2 +-
tools/perf/util/header.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/perf/perf.h b/tools/perf/perf.h
index c59743def8d3..b86ecc7afdd7 100644
--- a/tools/perf/perf.h
+++ b/tools/perf/perf.h
@@ -26,7 +26,7 @@ static inline unsigned long long rdclock(void)
}
#ifndef MAX_NR_CPUS
-#define MAX_NR_CPUS 1024
+#define MAX_NR_CPUS 2048
#endif
extern const char *input_name;
diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index 682e3d524d3c..df608cfaa03c 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -1100,7 +1100,7 @@ static int build_caches(struct cpu_cache_level caches[], u32 size, u32 *cntp)
return 0;
}
-#define MAX_CACHES 2000
+#define MAX_CACHES (MAX_NR_CPUS * 4)
static int write_cache(struct feat_fd *ff,
struct perf_evlist *evlist __maybe_unused)
--
2.20.1
[ Upstream commit fc9babc2574691d3bbf0428f007b22261fed55c6 ]
We're adjusting the timer's base for each per-CPU timer to point to the
actual start of the timer since device-tree defines a compound registers
range that includes all of the timers. In this case the original base
need to be restore before calling iounmap to unmap the proper address.
Signed-off-by: Dmitry Osipenko <[email protected]>
Acked-by: Jon Hunter <[email protected]>
Acked-by: Thierry Reding <[email protected]>
Signed-off-by: Daniel Lezcano <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/clocksource/timer-tegra20.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clocksource/timer-tegra20.c b/drivers/clocksource/timer-tegra20.c
index cc18bb135a17..84adfff59fb0 100644
--- a/drivers/clocksource/timer-tegra20.c
+++ b/drivers/clocksource/timer-tegra20.c
@@ -341,6 +341,8 @@ static int __init tegra_init_timer(struct device_node *np)
irq_dispose_mapping(cpu_to->clkevt.irq);
}
}
+
+ to->of_base.base = timer_reg_base;
out:
timer_of_cleanup(to);
return ret;
--
2.20.1
From: Elena Petrova <[email protected]>
commit 1d4aaf16defa86d2665ae7db0259d6cb07e2091f upstream.
The sha1-ce finup implementation for ARM64 produces wrong digest
for empty input (len=0). Expected: da39a3ee..., result: 67452301...
(initial value of SHA internal state). The error is in sha1_ce_finup:
for empty data `finalize` will be 1, so the code is relying on
sha1_ce_transform to make the final round. However, in
sha1_base_do_update, the block function will not be called when
len == 0.
Fix it by setting finalize to 0 if data is empty.
Fixes: 07eb54d306f4 ("crypto: arm64/sha1-ce - move SHA-1 ARMv8 implementation to base layer")
Cc: [email protected]
Signed-off-by: Elena Petrova <[email protected]>
Reviewed-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm64/crypto/sha1-ce-glue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/crypto/sha1-ce-glue.c
+++ b/arch/arm64/crypto/sha1-ce-glue.c
@@ -54,7 +54,7 @@ static int sha1_ce_finup(struct shash_de
unsigned int len, u8 *out)
{
struct sha1_ce_state *sctx = shash_desc_ctx(desc);
- bool finalize = !sctx->sst.count && !(len % SHA1_BLOCK_SIZE);
+ bool finalize = !sctx->sst.count && !(len % SHA1_BLOCK_SIZE) && len;
if (!may_use_simd())
return crypto_sha1_finup(desc, data, len, out);
From: Eric Biggers <[email protected]>
commit 5c6bc4dfa515738149998bb0db2481a4fdead979 upstream.
Changing ghash_mod_init() to be subsys_initcall made it start running
before the alignment fault handler has been installed on ARM. In kernel
builds where the keys in the ghash test vectors happened to be
misaligned in the kernel image, this exposed the longstanding bug that
ghash_setkey() is incorrectly casting the key buffer (which can have any
alignment) to be128 for passing to gf128mul_init_4k_lle().
Fix this by memcpy()ing the key to a temporary buffer.
Don't fix it by setting an alignmask on the algorithm instead because
that would unnecessarily force alignment of the data too.
Fixes: 2cdc6899a88e ("crypto: ghash - Add GHASH digest algorithm for GCM")
Reported-by: Peter Robinson <[email protected]>
Cc: [email protected]
Signed-off-by: Eric Biggers <[email protected]>
Tested-by: Peter Robinson <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
crypto/ghash-generic.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -34,6 +34,7 @@ static int ghash_setkey(struct crypto_sh
const u8 *key, unsigned int keylen)
{
struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+ be128 k;
if (keylen != GHASH_BLOCK_SIZE) {
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
@@ -42,7 +43,12 @@ static int ghash_setkey(struct crypto_sh
if (ctx->gf128)
gf128mul_free_4k(ctx->gf128);
- ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
+
+ BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
+ memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
+ ctx->gf128 = gf128mul_init_4k_lle(&k);
+ memzero_explicit(&k, GHASH_BLOCK_SIZE);
+
if (!ctx->gf128)
return -ENOMEM;
[ Upstream commit c09cb1293523dd786ae54a12fd88001542cba2f6 ]
The NMI handlers handle_percpu_devid_fasteoi_nmi() and handle_fasteoi_nmi()
do not update the interrupt counts. Due to that the NMI interrupt count
does not show up correctly in /proc/interrupts.
Add the statistics and treat the NMI handlers in the same way as per cpu
interrupts and prevent them from updating irq_desc::tot_count as this might
be corrupted due to concurrency.
[ tglx: Massaged changelog ]
Fixes: 2dcf1fbcad35 ("genirq: Provide NMI handlers")
Signed-off-by: Shijith Thotton <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
kernel/irq/chip.c | 4 ++++
kernel/irq/irqdesc.c | 8 +++++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
index 04fe4f989bd8..bfac4d6761b3 100644
--- a/kernel/irq/chip.c
+++ b/kernel/irq/chip.c
@@ -754,6 +754,8 @@ void handle_fasteoi_nmi(struct irq_desc *desc)
unsigned int irq = irq_desc_get_irq(desc);
irqreturn_t res;
+ __kstat_incr_irqs_this_cpu(desc);
+
trace_irq_handler_entry(irq, action);
/*
* NMIs cannot be shared, there is only one action.
@@ -968,6 +970,8 @@ void handle_percpu_devid_fasteoi_nmi(struct irq_desc *desc)
unsigned int irq = irq_desc_get_irq(desc);
irqreturn_t res;
+ __kstat_incr_irqs_this_cpu(desc);
+
trace_irq_handler_entry(irq, action);
res = action->handler(irq, raw_cpu_ptr(action->percpu_dev_id));
trace_irq_handler_exit(irq, action, res);
diff --git a/kernel/irq/irqdesc.c b/kernel/irq/irqdesc.c
index 9f8a709337cf..8a93df71673d 100644
--- a/kernel/irq/irqdesc.c
+++ b/kernel/irq/irqdesc.c
@@ -945,6 +945,11 @@ unsigned int kstat_irqs_cpu(unsigned int irq, int cpu)
*per_cpu_ptr(desc->kstat_irqs, cpu) : 0;
}
+static bool irq_is_nmi(struct irq_desc *desc)
+{
+ return desc->istate & IRQS_NMI;
+}
+
/**
* kstat_irqs - Get the statistics for an interrupt
* @irq: The interrupt number
@@ -962,7 +967,8 @@ unsigned int kstat_irqs(unsigned int irq)
if (!desc || !desc->kstat_irqs)
return 0;
if (!irq_settings_is_per_cpu_devid(desc) &&
- !irq_settings_is_per_cpu(desc))
+ !irq_settings_is_per_cpu(desc) &&
+ !irq_is_nmi(desc))
return desc->tot_count;
for_each_possible_cpu(cpu)
--
2.20.1
[ Upstream commit e198987e7dd7d3645a53875151cd6f8fc425b706 ]
gtp_encap_enable_socket() and gtp_encap_destroy() are not protected
by rcu_read_lock(). and it's not safe to write sk->sk_user_data.
This patch make these functions to use lock_sock() instead of
rcu_dereference_sk_user_data().
Test commands:
gtp-link add gtp1
Splat looks like:
[ 83.238315] =============================
[ 83.239127] WARNING: suspicious RCU usage
[ 83.239702] 5.2.0-rc6+ #49 Not tainted
[ 83.240268] -----------------------------
[ 83.241205] drivers/net/gtp.c:799 suspicious rcu_dereference_check() usage!
[ 83.243828]
[ 83.243828] other info that might help us debug this:
[ 83.243828]
[ 83.246325]
[ 83.246325] rcu_scheduler_active = 2, debug_locks = 1
[ 83.247314] 1 lock held by gtp-link/1008:
[ 83.248523] #0: 0000000017772c7f (rtnl_mutex){+.+.}, at: __rtnl_newlink+0x5f5/0x11b0
[ 83.251503]
[ 83.251503] stack backtrace:
[ 83.252173] CPU: 0 PID: 1008 Comm: gtp-link Not tainted 5.2.0-rc6+ #49
[ 83.253271] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 83.254562] Call Trace:
[ 83.254995] dump_stack+0x7c/0xbb
[ 83.255567] gtp_encap_enable_socket+0x2df/0x360 [gtp]
[ 83.256415] ? gtp_find_dev+0x1a0/0x1a0 [gtp]
[ 83.257161] ? memset+0x1f/0x40
[ 83.257843] gtp_newlink+0x90/0xa21 [gtp]
[ 83.258497] ? __netlink_ns_capable+0xc3/0xf0
[ 83.259260] __rtnl_newlink+0xb9f/0x11b0
[ 83.260022] ? rtnl_link_unregister+0x230/0x230
[ ... ]
Fixes: 1e3a3abd8b28 ("gtp: make GTP sockets in gtp_newlink optional")
Signed-off-by: Taehee Yoo <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/gtp.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
index 83488f2bf7a0..f45a806b6c06 100644
--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c
@@ -293,12 +293,14 @@ static void gtp_encap_destroy(struct sock *sk)
{
struct gtp_dev *gtp;
- gtp = rcu_dereference_sk_user_data(sk);
+ lock_sock(sk);
+ gtp = sk->sk_user_data;
if (gtp) {
udp_sk(sk)->encap_type = 0;
rcu_assign_sk_user_data(sk, NULL);
sock_put(sk);
}
+ release_sock(sk);
}
static void gtp_encap_disable_sock(struct sock *sk)
@@ -800,7 +802,8 @@ static struct sock *gtp_encap_enable_socket(int fd, int type,
goto out_sock;
}
- if (rcu_dereference_sk_user_data(sock->sk)) {
+ lock_sock(sock->sk);
+ if (sock->sk->sk_user_data) {
sk = ERR_PTR(-EBUSY);
goto out_sock;
}
@@ -816,6 +819,7 @@ static struct sock *gtp_encap_enable_socket(int fd, int type,
setup_udp_tunnel_sock(sock_net(sock->sk), sock, &tuncfg);
out_sock:
+ release_sock(sock->sk);
sockfd_put(sock);
return sk;
}
--
2.20.1
From: Benjamin Block <[email protected]>
commit 106d45f350c7cac876844dc685845cba4ffdb70b upstream.
When tracing instances where we open and close WKA ports, we also pass the
request-ID of the respective FSF command.
But after successfully sending the FSF command we must not use the
request-object anymore, as this might result in an use-after-free (see
"zfcp: fix request object use-after-free in send path causing seqno
errors" ).
To fix this add a new variable that caches the request-ID before sending
the request. This won't change during the hand-off to the FCP channel,
and so it's safe to trace this cached request-ID later, instead of using
the request object.
Signed-off-by: Benjamin Block <[email protected]>
Fixes: d27a7cb91960 ("zfcp: trace on request for open and close of WKA port")
Cc: <[email protected]> #2.6.38+
Reviewed-by: Steffen Maier <[email protected]>
Reviewed-by: Jens Remus <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/s390/scsi/zfcp_fsf.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/s390/scsi/zfcp_fsf.c
+++ b/drivers/s390/scsi/zfcp_fsf.c
@@ -1627,6 +1627,7 @@ int zfcp_fsf_open_wka_port(struct zfcp_f
{
struct zfcp_qdio *qdio = wka_port->adapter->qdio;
struct zfcp_fsf_req *req;
+ unsigned long req_id = 0;
int retval = -EIO;
spin_lock_irq(&qdio->req_q_lock);
@@ -1649,6 +1650,8 @@ int zfcp_fsf_open_wka_port(struct zfcp_f
hton24(req->qtcb->bottom.support.d_id, wka_port->d_id);
req->data = wka_port;
+ req_id = req->req_id;
+
zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
retval = zfcp_fsf_req_send(req);
if (retval)
@@ -1657,7 +1660,7 @@ int zfcp_fsf_open_wka_port(struct zfcp_f
out:
spin_unlock_irq(&qdio->req_q_lock);
if (!retval)
- zfcp_dbf_rec_run_wka("fsowp_1", wka_port, req->req_id);
+ zfcp_dbf_rec_run_wka("fsowp_1", wka_port, req_id);
return retval;
}
@@ -1683,6 +1686,7 @@ int zfcp_fsf_close_wka_port(struct zfcp_
{
struct zfcp_qdio *qdio = wka_port->adapter->qdio;
struct zfcp_fsf_req *req;
+ unsigned long req_id = 0;
int retval = -EIO;
spin_lock_irq(&qdio->req_q_lock);
@@ -1705,6 +1709,8 @@ int zfcp_fsf_close_wka_port(struct zfcp_
req->data = wka_port;
req->qtcb->header.port_handle = wka_port->handle;
+ req_id = req->req_id;
+
zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT);
retval = zfcp_fsf_req_send(req);
if (retval)
@@ -1713,7 +1719,7 @@ int zfcp_fsf_close_wka_port(struct zfcp_
out:
spin_unlock_irq(&qdio->req_q_lock);
if (!retval)
- zfcp_dbf_rec_run_wka("fscwp_1", wka_port, req->req_id);
+ zfcp_dbf_rec_run_wka("fscwp_1", wka_port, req_id);
return retval;
}
[ Upstream commit bff5a556c149804de29347a88a884d25e4e4e3a2 ]
'probe libc's inet_pton & backtrace it with ping' testcase sometimes
fails on powerpc because distro ping binary does not have symbol
information and thus it prints "[unknown]" function name in the
backtrace.
Accept "[unknown]" as valid function name for powerpc as well.
# perf test -v "probe libc's inet_pton & backtrace it with ping"
Before:
59: probe libc's inet_pton & backtrace it with ping :
--- start ---
test child forked, pid 79695
ping 79718 [077] 96483.787025: probe_libc:inet_pton: (7fff83a754c8)
7fff83a754c8 __GI___inet_pton+0x8 (/usr/lib64/power9/libc-2.28.so)
7fff83a2b7a0 gaih_inet.constprop.7+0x1020
(/usr/lib64/power9/libc-2.28.so)
7fff83a2c170 getaddrinfo+0x160 (/usr/lib64/power9/libc-2.28.so)
1171830f4 [unknown] (/usr/bin/ping)
FAIL: expected backtrace entry
".*\+0x[[:xdigit:]]+[[:space:]]\(.*/bin/ping.*\)$"
got "1171830f4 [unknown] (/usr/bin/ping)"
test child finished with -1
---- end ----
probe libc's inet_pton & backtrace it with ping: FAILED!
After:
59: probe libc's inet_pton & backtrace it with ping :
--- start ---
test child forked, pid 79085
ping 79108 [045] 96400.214177: probe_libc:inet_pton: (7fffbb9654c8)
7fffbb9654c8 __GI___inet_pton+0x8 (/usr/lib64/power9/libc-2.28.so)
7fffbb91b7a0 gaih_inet.constprop.7+0x1020
(/usr/lib64/power9/libc-2.28.so)
7fffbb91c170 getaddrinfo+0x160 (/usr/lib64/power9/libc-2.28.so)
132e830f4 [unknown] (/usr/bin/ping)
test child finished with 0
---- end ----
probe libc's inet_pton & backtrace it with ping: Ok
Signed-off-by: Seeteena Thoufeek <[email protected]>
Reviewed-by: Kim Phillips <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Hendrik Brueckner <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Michael Petlan <[email protected]>
Cc: Namhyung Kim <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Sandipan Das <[email protected]>
Fixes: 1632936480a5 ("perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo")
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
tools/perf/tests/shell/record+probe_libc_inet_pton.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/tests/shell/record+probe_libc_inet_pton.sh b/tools/perf/tests/shell/record+probe_libc_inet_pton.sh
index 61c9f8fc6fa1..58a99a292930 100755
--- a/tools/perf/tests/shell/record+probe_libc_inet_pton.sh
+++ b/tools/perf/tests/shell/record+probe_libc_inet_pton.sh
@@ -44,7 +44,7 @@ trace_libc_inet_pton_backtrace() {
eventattr='max-stack=4'
echo "gaih_inet.*\+0x[[:xdigit:]]+[[:space:]]\($libc\)$" >> $expected
echo "getaddrinfo\+0x[[:xdigit:]]+[[:space:]]\($libc\)$" >> $expected
- echo ".*\+0x[[:xdigit:]]+[[:space:]]\(.*/bin/ping.*\)$" >> $expected
+ echo ".*(\+0x[[:xdigit:]]+|\[unknown\])[[:space:]]\(.*/bin/ping.*\)$" >> $expected
;;
*)
eventattr='max-stack=3'
--
2.20.1
From: Hook, Gary <[email protected]>
commit 52393d617af7b554f03531e6756facf2ea687d2e upstream.
The error code read from the queue status register is only 6 bits wide,
but we need to verify its value is within range before indexing the error
messages.
Fixes: 81422badb3907 ("crypto: ccp - Make syslog errors human-readable")
Cc: <[email protected]>
Reported-by: Cfir Cohen <[email protected]>
Signed-off-by: Gary R Hook <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/crypto/ccp/ccp-dev.c | 96 ++++++++++++++++++++++---------------------
drivers/crypto/ccp/ccp-dev.h | 2
2 files changed, 52 insertions(+), 46 deletions(-)
--- a/drivers/crypto/ccp/ccp-dev.c
+++ b/drivers/crypto/ccp/ccp-dev.c
@@ -35,56 +35,62 @@ struct ccp_tasklet_data {
};
/* Human-readable error strings */
+#define CCP_MAX_ERROR_CODE 64
static char *ccp_error_codes[] = {
"",
- "ERR 01: ILLEGAL_ENGINE",
- "ERR 02: ILLEGAL_KEY_ID",
- "ERR 03: ILLEGAL_FUNCTION_TYPE",
- "ERR 04: ILLEGAL_FUNCTION_MODE",
- "ERR 05: ILLEGAL_FUNCTION_ENCRYPT",
- "ERR 06: ILLEGAL_FUNCTION_SIZE",
- "ERR 07: Zlib_MISSING_INIT_EOM",
- "ERR 08: ILLEGAL_FUNCTION_RSVD",
- "ERR 09: ILLEGAL_BUFFER_LENGTH",
- "ERR 10: VLSB_FAULT",
- "ERR 11: ILLEGAL_MEM_ADDR",
- "ERR 12: ILLEGAL_MEM_SEL",
- "ERR 13: ILLEGAL_CONTEXT_ID",
- "ERR 14: ILLEGAL_KEY_ADDR",
- "ERR 15: 0xF Reserved",
- "ERR 16: Zlib_ILLEGAL_MULTI_QUEUE",
- "ERR 17: Zlib_ILLEGAL_JOBID_CHANGE",
- "ERR 18: CMD_TIMEOUT",
- "ERR 19: IDMA0_AXI_SLVERR",
- "ERR 20: IDMA0_AXI_DECERR",
- "ERR 21: 0x15 Reserved",
- "ERR 22: IDMA1_AXI_SLAVE_FAULT",
- "ERR 23: IDMA1_AIXI_DECERR",
- "ERR 24: 0x18 Reserved",
- "ERR 25: ZLIBVHB_AXI_SLVERR",
- "ERR 26: ZLIBVHB_AXI_DECERR",
- "ERR 27: 0x1B Reserved",
- "ERR 27: ZLIB_UNEXPECTED_EOM",
- "ERR 27: ZLIB_EXTRA_DATA",
- "ERR 30: ZLIB_BTYPE",
- "ERR 31: ZLIB_UNDEFINED_SYMBOL",
- "ERR 32: ZLIB_UNDEFINED_DISTANCE_S",
- "ERR 33: ZLIB_CODE_LENGTH_SYMBOL",
- "ERR 34: ZLIB _VHB_ILLEGAL_FETCH",
- "ERR 35: ZLIB_UNCOMPRESSED_LEN",
- "ERR 36: ZLIB_LIMIT_REACHED",
- "ERR 37: ZLIB_CHECKSUM_MISMATCH0",
- "ERR 38: ODMA0_AXI_SLVERR",
- "ERR 39: ODMA0_AXI_DECERR",
- "ERR 40: 0x28 Reserved",
- "ERR 41: ODMA1_AXI_SLVERR",
- "ERR 42: ODMA1_AXI_DECERR",
- "ERR 43: LSB_PARITY_ERR",
+ "ILLEGAL_ENGINE",
+ "ILLEGAL_KEY_ID",
+ "ILLEGAL_FUNCTION_TYPE",
+ "ILLEGAL_FUNCTION_MODE",
+ "ILLEGAL_FUNCTION_ENCRYPT",
+ "ILLEGAL_FUNCTION_SIZE",
+ "Zlib_MISSING_INIT_EOM",
+ "ILLEGAL_FUNCTION_RSVD",
+ "ILLEGAL_BUFFER_LENGTH",
+ "VLSB_FAULT",
+ "ILLEGAL_MEM_ADDR",
+ "ILLEGAL_MEM_SEL",
+ "ILLEGAL_CONTEXT_ID",
+ "ILLEGAL_KEY_ADDR",
+ "0xF Reserved",
+ "Zlib_ILLEGAL_MULTI_QUEUE",
+ "Zlib_ILLEGAL_JOBID_CHANGE",
+ "CMD_TIMEOUT",
+ "IDMA0_AXI_SLVERR",
+ "IDMA0_AXI_DECERR",
+ "0x15 Reserved",
+ "IDMA1_AXI_SLAVE_FAULT",
+ "IDMA1_AIXI_DECERR",
+ "0x18 Reserved",
+ "ZLIBVHB_AXI_SLVERR",
+ "ZLIBVHB_AXI_DECERR",
+ "0x1B Reserved",
+ "ZLIB_UNEXPECTED_EOM",
+ "ZLIB_EXTRA_DATA",
+ "ZLIB_BTYPE",
+ "ZLIB_UNDEFINED_SYMBOL",
+ "ZLIB_UNDEFINED_DISTANCE_S",
+ "ZLIB_CODE_LENGTH_SYMBOL",
+ "ZLIB _VHB_ILLEGAL_FETCH",
+ "ZLIB_UNCOMPRESSED_LEN",
+ "ZLIB_LIMIT_REACHED",
+ "ZLIB_CHECKSUM_MISMATCH0",
+ "ODMA0_AXI_SLVERR",
+ "ODMA0_AXI_DECERR",
+ "0x28 Reserved",
+ "ODMA1_AXI_SLVERR",
+ "ODMA1_AXI_DECERR",
};
-void ccp_log_error(struct ccp_device *d, int e)
+void ccp_log_error(struct ccp_device *d, unsigned int e)
{
- dev_err(d->dev, "CCP error: %s (0x%x)\n", ccp_error_codes[e], e);
+ if (WARN_ON(e >= CCP_MAX_ERROR_CODE))
+ return;
+
+ if (e < ARRAY_SIZE(ccp_error_codes))
+ dev_err(d->dev, "CCP error %d: %s\n", e, ccp_error_codes[e]);
+ else
+ dev_err(d->dev, "CCP error %d: Unknown Error\n", e);
}
/* List of CCPs, CCP count, read-write access lock, and access functions
--- a/drivers/crypto/ccp/ccp-dev.h
+++ b/drivers/crypto/ccp/ccp-dev.h
@@ -632,7 +632,7 @@ struct ccp5_desc {
void ccp_add_device(struct ccp_device *ccp);
void ccp_del_device(struct ccp_device *ccp);
-extern void ccp_log_error(struct ccp_device *, int);
+extern void ccp_log_error(struct ccp_device *, unsigned int);
struct ccp_device *ccp_alloc_struct(struct sp_device *sp);
bool ccp_queues_suspended(struct ccp_device *ccp);
[ Upstream commit 3f167e1921865b379a9becf03828e7202c7b4917 ]
ipv4_pdp_add() is called in RCU read-side critical section.
So GFP_KERNEL should not be used in the function.
This patch make ipv4_pdp_add() to use GFP_ATOMIC instead of GFP_KERNEL.
Test commands:
gtp-link add gtp1 &
gtp-tunnel add gtp1 v1 100 200 1.1.1.1 2.2.2.2
Splat looks like:
[ 130.618881] =============================
[ 130.626382] WARNING: suspicious RCU usage
[ 130.626994] 5.2.0-rc6+ #50 Not tainted
[ 130.627622] -----------------------------
[ 130.628223] ./include/linux/rcupdate.h:266 Illegal context switch in RCU read-side critical section!
[ 130.629684]
[ 130.629684] other info that might help us debug this:
[ 130.629684]
[ 130.631022]
[ 130.631022] rcu_scheduler_active = 2, debug_locks = 1
[ 130.632136] 4 locks held by gtp-tunnel/1025:
[ 130.632925] #0: 000000002b93c8b7 (cb_lock){++++}, at: genl_rcv+0x15/0x40
[ 130.634159] #1: 00000000f17bc999 (genl_mutex){+.+.}, at: genl_rcv_msg+0xfb/0x130
[ 130.635487] #2: 00000000c644ed8e (rtnl_mutex){+.+.}, at: gtp_genl_new_pdp+0x18c/0x1150 [gtp]
[ 130.636936] #3: 0000000007a1cde7 (rcu_read_lock){....}, at: gtp_genl_new_pdp+0x187/0x1150 [gtp]
[ 130.638348]
[ 130.638348] stack backtrace:
[ 130.639062] CPU: 1 PID: 1025 Comm: gtp-tunnel Not tainted 5.2.0-rc6+ #50
[ 130.641318] Call Trace:
[ 130.641707] dump_stack+0x7c/0xbb
[ 130.642252] ___might_sleep+0x2c0/0x3b0
[ 130.642862] kmem_cache_alloc_trace+0x1cd/0x2b0
[ 130.643591] gtp_genl_new_pdp+0x6c5/0x1150 [gtp]
[ 130.644371] genl_family_rcv_msg+0x63a/0x1030
[ 130.645074] ? mutex_lock_io_nested+0x1090/0x1090
[ 130.645845] ? genl_unregister_family+0x630/0x630
[ 130.646592] ? debug_show_all_locks+0x2d0/0x2d0
[ 130.647293] ? check_flags.part.40+0x440/0x440
[ 130.648099] genl_rcv_msg+0xa3/0x130
[ ... ]
Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/gtp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
index f45a806b6c06..6f1ad7ccaea6 100644
--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c
@@ -958,7 +958,7 @@ static int ipv4_pdp_add(struct gtp_dev *gtp, struct sock *sk,
}
- pctx = kmalloc(sizeof(struct pdp_ctx), GFP_KERNEL);
+ pctx = kmalloc(sizeof(*pctx), GFP_ATOMIC);
if (pctx == NULL)
return -ENOMEM;
--
2.20.1
From: Takashi Iwai <[email protected]>
commit ede34f397ddb063b145b9e7d79c6026f819ded13 upstream.
The fix for the racy writes and ioctls to sequencer widened the
application of client->ioctl_mutex to the whole write loop. Although
it does unlock/relock for the lengthy operation like the event dup,
the loop keeps the ioctl_mutex for the whole time in other
situations. This may take quite long time if the user-space would
give a huge buffer, and this is a likely cause of some weird behavior
spotted by syzcaller fuzzer.
This patch puts a simple workaround, just adding a mutex break in the
loop when a large number of events have been processed. This
shouldn't hit any performance drop because the threshold is set high
enough for usual operations.
Fixes: 7bd800915677 ("ALSA: seq: More protection for concurrent write and ioctl races")
Reported-by: [email protected]
Reported-by: [email protected]
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/core/seq/seq_clientmgr.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/sound/core/seq/seq_clientmgr.c
+++ b/sound/core/seq/seq_clientmgr.c
@@ -1004,7 +1004,7 @@ static ssize_t snd_seq_write(struct file
{
struct snd_seq_client *client = file->private_data;
int written = 0, len;
- int err;
+ int err, handled;
struct snd_seq_event event;
if (!(snd_seq_file_flags(file) & SNDRV_SEQ_LFLG_OUTPUT))
@@ -1017,6 +1017,8 @@ static ssize_t snd_seq_write(struct file
if (!client->accept_output || client->pool == NULL)
return -ENXIO;
+ repeat:
+ handled = 0;
/* allocate the pool now if the pool is not allocated yet */
mutex_lock(&client->ioctl_mutex);
if (client->pool->size > 0 && !snd_seq_write_pool_allocated(client)) {
@@ -1076,12 +1078,19 @@ static ssize_t snd_seq_write(struct file
0, 0, &client->ioctl_mutex);
if (err < 0)
break;
+ handled++;
__skip_event:
/* Update pointers and counts */
count -= len;
buf += len;
written += len;
+
+ /* let's have a coffee break if too many events are queued */
+ if (++handled >= 200) {
+ mutex_unlock(&client->ioctl_mutex);
+ goto repeat;
+ }
}
out:
[ Upstream commit 881cec4f6b4da78e54b73c046a60f39315964c7d ]
Without the QCA ROME setup routine this adapter fails to establish a SCO
connection.
T: Bus=01 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#= 2 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=13d3 ProdID=3501 Rev=00.01
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#=0x0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#=0x1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
Signed-off-by: João Paulo Rechi Vita <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/bluetooth/btusb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 0e2c86da6479..4c9f11766e82 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -281,6 +281,7 @@ static const struct usb_device_id blacklist_table[] = {
{ USB_DEVICE(0x04ca, 0x301a), .driver_info = BTUSB_QCA_ROME },
{ USB_DEVICE(0x13d3, 0x3491), .driver_info = BTUSB_QCA_ROME },
{ USB_DEVICE(0x13d3, 0x3496), .driver_info = BTUSB_QCA_ROME },
+ { USB_DEVICE(0x13d3, 0x3501), .driver_info = BTUSB_QCA_ROME },
/* Broadcom BCM2035 */
{ USB_DEVICE(0x0a5c, 0x2009), .driver_info = BTUSB_BCM92035 },
--
2.20.1
From: Ronnie Sahlberg <[email protected]>
commit 3e2725796cbdfe4efc7eb7b27cacaeac2ddad1a5 upstream.
not just if CONFIG_CIFS_DEBUG2 is enabled.
Signed-off-by: Ronnie Sahlberg <[email protected]>
Reviewed-by: Pavel Shilovsky <[email protected]>
CC: Stable <[email protected]>
Signed-off-by: Steve French <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/cifs/connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -1221,11 +1221,11 @@ next_pdu:
atomic_read(&midCount));
cifs_dump_mem("Received Data is: ", bufs[i],
HEADER_SIZE(server));
+ smb2_add_credits_from_hdr(bufs[i], server);
#ifdef CONFIG_CIFS_DEBUG2
if (server->ops->dump_detail)
server->ops->dump_detail(bufs[i],
server);
- smb2_add_credits_from_hdr(bufs[i], server);
cifs_dump_mids(server);
#endif /* CIFS_DEBUG2 */
}
From: Alexander Shishkin <[email protected]>
commit 4aa5aed2b6f267592705a526f57518a5d715b769 upstream.
This adds Ice Lake NNPI support to the Intel(R) Trace Hub.
Signed-off-by: Alexander Shishkin <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Cc: stable <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/hwtracing/intel_th/pci.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/hwtracing/intel_th/pci.c
+++ b/drivers/hwtracing/intel_th/pci.c
@@ -170,6 +170,11 @@ static const struct pci_device_id intel_
PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x02a6),
.driver_data = (kernel_ulong_t)&intel_th_2x,
},
+ {
+ /* Ice Lake NNPI */
+ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x45c5),
+ .driver_data = (kernel_ulong_t)&intel_th_2x,
+ },
{ 0 },
};
From: Bart Van Assche <[email protected]>
commit bcef5b7215681250c4bf8961dfe15e9e4fef97d0 upstream.
The function srp_parse_in() is used both for parsing source address
specifications and for target address specifications. Target addresses
must have a port number. Having to specify a port number for source
addresses is inconvenient. Make sure that srp_parse_in() supports again
parsing addresses with no port number.
Cc: <[email protected]>
Fixes: c62adb7def71 ("IB/srp: Fix IPv6 address parsing")
Signed-off-by: Bart Van Assche <[email protected]>
Signed-off-by: Jason Gunthorpe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/infiniband/ulp/srp/ib_srp.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -3481,13 +3481,14 @@ static const match_table_t srp_opt_token
* @net: [in] Network namespace.
* @sa: [out] Address family, IP address and port number.
* @addr_port_str: [in] IP address and port number.
+ * @has_port: [out] Whether or not @addr_port_str includes a port number.
*
* Parse the following address formats:
* - IPv4: <ip_address>:<port>, e.g. 1.2.3.4:5.
* - IPv6: \[<ipv6_address>\]:<port>, e.g. [1::2:3%4]:5.
*/
static int srp_parse_in(struct net *net, struct sockaddr_storage *sa,
- const char *addr_port_str)
+ const char *addr_port_str, bool *has_port)
{
char *addr_end, *addr = kstrdup(addr_port_str, GFP_KERNEL);
char *port_str;
@@ -3496,9 +3497,12 @@ static int srp_parse_in(struct net *net,
if (!addr)
return -ENOMEM;
port_str = strrchr(addr, ':');
- if (!port_str)
- return -EINVAL;
- *port_str++ = '\0';
+ if (port_str && strchr(port_str, ']'))
+ port_str = NULL;
+ if (port_str)
+ *port_str++ = '\0';
+ if (has_port)
+ *has_port = port_str != NULL;
ret = inet_pton_with_scope(net, AF_INET, addr, port_str, sa);
if (ret && addr[0]) {
addr_end = addr + strlen(addr) - 1;
@@ -3520,6 +3524,7 @@ static int srp_parse_options(struct net
char *p;
substring_t args[MAX_OPT_ARGS];
unsigned long long ull;
+ bool has_port;
int opt_mask = 0;
int token;
int ret = -EINVAL;
@@ -3618,7 +3623,8 @@ static int srp_parse_options(struct net
ret = -ENOMEM;
goto out;
}
- ret = srp_parse_in(net, &target->rdma_cm.src.ss, p);
+ ret = srp_parse_in(net, &target->rdma_cm.src.ss, p,
+ NULL);
if (ret < 0) {
pr_warn("bad source parameter '%s'\n", p);
kfree(p);
@@ -3634,7 +3640,10 @@ static int srp_parse_options(struct net
ret = -ENOMEM;
goto out;
}
- ret = srp_parse_in(net, &target->rdma_cm.dst.ss, p);
+ ret = srp_parse_in(net, &target->rdma_cm.dst.ss, p,
+ &has_port);
+ if (!has_port)
+ ret = -EINVAL;
if (ret < 0) {
pr_warn("bad dest parameter '%s'\n", p);
kfree(p);
From: Szymon Janc <[email protected]>
commit 1d87b88ba26eabd4745e158ecfd87c93a9b51dc2 upstream.
Microsoft Surface Precision Mouse provides bogus identity address when
pairing. It connects with Static Random address but provides Public
Address in SMP Identity Address Information PDU. Address has same
value but type is different. Workaround this by dropping IRK if ID
address discrepancy is detected.
> HCI Event: LE Meta Event (0x3e) plen 19
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 75
Role: Master (0x00)
Peer address type: Random (0x01)
Peer address: E0:52:33:93:3B:21 (Static)
Connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x00
....
> ACL Data RX: Handle 75 flags 0x02 dlen 12
SMP: Identity Address Information (0x09) len 7
Address type: Public (0x00)
Address: E0:52:33:93:3B:21
Signed-off-by: Szymon Janc <[email protected]>
Tested-by: Maarten Fonville <[email protected]>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199461
Cc: [email protected]
Signed-off-by: Marcel Holtmann <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/bluetooth/smp.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2580,6 +2580,19 @@ static int smp_cmd_ident_addr_info(struc
goto distribute;
}
+ /* Drop IRK if peer is using identity address during pairing but is
+ * providing different address as identity information.
+ *
+ * Microsoft Surface Precision Mouse is known to have this bug.
+ */
+ if (hci_is_identity_address(&hcon->dst, hcon->dst_type) &&
+ (bacmp(&info->bdaddr, &hcon->dst) ||
+ info->addr_type != hcon->dst_type)) {
+ bt_dev_err(hcon->hdev,
+ "ignoring IRK with invalid identity address");
+ goto distribute;
+ }
+
bacpy(&smp->id_addr, &info->bdaddr);
smp->id_addr_type = info->addr_type;
From: Steve Longerbeam <[email protected]>
commit 3d1f62c686acdedf5ed9642b763f3808d6a47d1e upstream.
The saturation bit was being set at bit 9 in the second 32-bit word
of the TPMEM CSC. This isn't correct, the saturation bit is bit 42,
which is bit 10 of the second word.
Fixes: 1aa8ea0d2bd5d ("gpu: ipu-v3: Add Image Converter unit")
Signed-off-by: Steve Longerbeam <[email protected]>
Reviewed-by: Philipp Zabel <[email protected]>
Cc: [email protected]
Signed-off-by: Philipp Zabel <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/ipu-v3/ipu-ic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/ipu-v3/ipu-ic.c
+++ b/drivers/gpu/ipu-v3/ipu-ic.c
@@ -257,7 +257,7 @@ static int init_csc(struct ipu_ic *ic,
writel(param, base++);
param = ((a[0] & 0x1fe0) >> 5) | (params->scale << 8) |
- (params->sat << 9);
+ (params->sat << 10);
writel(param, base++);
param = ((a[1] & 0x1f) << 27) | ((c[0][1] & 0x1ff) << 18) |
From: Damien Le Moal <[email protected]>
commit 113ab72ed4794c193509a97d7c6d32a6886e1682 upstream.
For large values of the number of zones reported and/or large zone
sizes, the sector increment calculated with
blk_queue_zone_sectors(q) * n
in blk_report_zones() loop can overflow the unsigned int type used for
the calculation as both "n" and blk_queue_zone_sectors() value are
unsigned int. E.g. for a device with 256 MB zones (524288 sectors),
overflow happens with 8192 or more zones reported.
Changing the return type of blk_queue_zone_sectors() to sector_t, fixes
this problem and avoids overflow problem for all other callers of this
helper too. The same change is also applied to the bdev_zone_sectors()
helper.
Fixes: e76239a3748c ("block: add a report_zones method")
Cc: [email protected]
Signed-off-by: Damien Le Moal <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
block/blk-zoned.c | 2 +-
include/linux/blkdev.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/block/blk-zoned.c
+++ b/block/blk-zoned.c
@@ -69,7 +69,7 @@ EXPORT_SYMBOL_GPL(__blk_req_zone_write_u
static inline unsigned int __blkdev_nr_zones(struct request_queue *q,
sector_t nr_sectors)
{
- unsigned long zone_sectors = blk_queue_zone_sectors(q);
+ sector_t zone_sectors = blk_queue_zone_sectors(q);
return (nr_sectors + zone_sectors - 1) >> ilog2(zone_sectors);
}
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
@@ -662,7 +662,7 @@ static inline bool blk_queue_is_zoned(st
}
}
-static inline unsigned int blk_queue_zone_sectors(struct request_queue *q)
+static inline sector_t blk_queue_zone_sectors(struct request_queue *q)
{
return blk_queue_is_zoned(q) ? q->limits.chunk_sectors : 0;
}
@@ -1400,7 +1400,7 @@ static inline bool bdev_is_zoned(struct
return false;
}
-static inline unsigned int bdev_zone_sectors(struct block_device *bdev)
+static inline sector_t bdev_zone_sectors(struct block_device *bdev)
{
struct request_queue *q = bdev_get_queue(bdev);
From: Krzysztof Kozlowski <[email protected]>
commit 16da0eb5ab6ef2dd1d33431199126e63db9997cc upstream.
On S2MPS11 device, the buck7 and buck8 regulator voltages start at 750
mV, not 600 mV. Using wrong minimal value caused shifting of these
regulator values by 150 mV (e.g. buck7 usually configured to v1.35 V was
reported as 1.2 V).
On most of the boards these regulators are left in default state so this
was only affecting reported voltage. However if any driver wanted to
change them, then effectively it would set voltage 150 mV higher than
intended.
Cc: <[email protected]>
Fixes: cb74685ecb39 ("regulator: s2mps11: Add samsung s2mps11 regulator driver")
Signed-off-by: Krzysztof Kozlowski <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/regulator/s2mps11.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/regulator/s2mps11.c
+++ b/drivers/regulator/s2mps11.c
@@ -372,8 +372,8 @@ static const struct regulator_desc s2mps
regulator_desc_s2mps11_buck1_4(4),
regulator_desc_s2mps11_buck5,
regulator_desc_s2mps11_buck67810(6, MIN_600_MV, STEP_6_25_MV),
- regulator_desc_s2mps11_buck67810(7, MIN_600_MV, STEP_12_5_MV),
- regulator_desc_s2mps11_buck67810(8, MIN_600_MV, STEP_12_5_MV),
+ regulator_desc_s2mps11_buck67810(7, MIN_750_MV, STEP_12_5_MV),
+ regulator_desc_s2mps11_buck67810(8, MIN_750_MV, STEP_12_5_MV),
regulator_desc_s2mps11_buck9,
regulator_desc_s2mps11_buck67810(10, MIN_750_MV, STEP_12_5_MV),
};
From: Krzysztof Kozlowski <[email protected]>
commit 70ca117b02f3b1c8830fe95e4e3dea2937038e11 upstream.
If devm_gpiod_get_from_of_node() call returns ERR_PTR, it is assigned
into an array of GPIO descriptors and used later because such error is
not treated as critical thus it is not propagated back to the probe
function.
All code later expects that such GPIO descriptor is either a NULL or
proper value. This later might lead to dereference of ERR_PTR.
Only devices with S2MPS14 flavor are affected (other do not control
regulators with GPIOs).
Fixes: 1c984942f0a4 ("regulator: s2mps11: Pass descriptor instead of GPIO number")
Cc: <[email protected]>
Signed-off-by: Krzysztof Kozlowski <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/regulator/s2mps11.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/regulator/s2mps11.c
+++ b/drivers/regulator/s2mps11.c
@@ -826,6 +826,7 @@ static void s2mps14_pmic_dt_parse_ext_co
else if (IS_ERR(gpio[reg])) {
dev_err(&pdev->dev, "Failed to get control GPIO for %d/%s\n",
reg, rdata[reg].name);
+ gpio[reg] = NULL;
continue;
}
if (gpio[reg])
From: Finn Thain <[email protected]>
commit f9dfed1c785734b95b08d67600e05d2092508ab0 upstream.
A PDMA error is handled in the core driver by setting the device's 'borken'
flag and aborting the command. Unfortunately, do_abort() is not
dependable. Perform a SCSI bus reset instead, to make sure that the command
fails and gets retried.
Cc: Michael Schmitz <[email protected]>
Cc: [email protected] # v4.20+
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Finn Thain <[email protected]>
Tested-by: Stan Johnson <[email protected]>
Tested-by: Michael Schmitz <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/scsi/NCR5380.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/scsi/NCR5380.c
+++ b/drivers/scsi/NCR5380.c
@@ -1762,10 +1762,8 @@ static void NCR5380_information_transfer
scmd_printk(KERN_INFO, cmd,
"switching to slow handshake\n");
cmd->device->borken = 1;
- sink = 1;
- do_abort(instance);
- cmd->result = DID_ERROR << 16;
- /* XXX - need to source or sink data here, as appropriate */
+ do_reset(instance);
+ bus_reset_cleanup(instance);
}
} else {
/* Transfer a small chunk so that the
[ Upstream commit d77b1ad8e87dc5a6cd0d9158b097a4817946ca3b ]
The current logic assumes that the RDMA driver uses one statistics
context adjacent to the ones used by the network driver. This
assumption is not true and the statistics context used by the
RDMA driver is tied to its MSIX base vector. This wrong assumption
can cause RDMA driver failure after changing ethtool rings on the
network side. Fix the statistics reservation logic accordingly.
Fixes: 780baad44f0f ("bnxt_en: Reserve 1 stat_ctx for RDMA driver.")
Signed-off-by: Michael Chan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index bf1fd513fa02..09557bf49bb0 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -5481,7 +5481,16 @@ static int bnxt_cp_rings_in_use(struct bnxt *bp)
static int bnxt_get_func_stat_ctxs(struct bnxt *bp)
{
- return bp->cp_nr_rings + bnxt_get_ulp_stat_ctxs(bp);
+ int ulp_stat = bnxt_get_ulp_stat_ctxs(bp);
+ int cp = bp->cp_nr_rings;
+
+ if (!ulp_stat)
+ return cp;
+
+ if (bnxt_nq_rings_in_use(bp) > cp + bnxt_get_ulp_msix_num(bp))
+ return bnxt_get_ulp_msix_base(bp) + ulp_stat;
+
+ return cp + ulp_stat;
}
static bool bnxt_need_reserve_rings(struct bnxt *bp)
@@ -7373,11 +7382,7 @@ unsigned int bnxt_get_avail_cp_rings_for_en(struct bnxt *bp)
unsigned int bnxt_get_avail_stat_ctxs_for_en(struct bnxt *bp)
{
- unsigned int stat;
-
- stat = bnxt_get_max_func_stat_ctxs(bp) - bnxt_get_ulp_stat_ctxs(bp);
- stat -= bp->cp_nr_rings;
- return stat;
+ return bnxt_get_max_func_stat_ctxs(bp) - bnxt_get_func_stat_ctxs(bp);
}
int bnxt_get_avail_msix(struct bnxt *bp, int num)
--
2.20.1
[ Upstream commit ef4d6a8556b637ad27c8c2a2cff1dda3da38e9a9 ]
Check if the syndrome provided by the caller is zero, and act
accordingly.
Signed-off-by: Ferdinand Blomqvist <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
lib/reed_solomon/decode_rs.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/lib/reed_solomon/decode_rs.c b/lib/reed_solomon/decode_rs.c
index 3313bf944ff1..121beb2f0930 100644
--- a/lib/reed_solomon/decode_rs.c
+++ b/lib/reed_solomon/decode_rs.c
@@ -42,8 +42,18 @@
BUG_ON(pad < 0 || pad >= nn);
/* Does the caller provide the syndrome ? */
- if (s != NULL)
- goto decode;
+ if (s != NULL) {
+ for (i = 0; i < nroots; i++) {
+ /* The syndrome is in index form,
+ * so nn represents zero
+ */
+ if (s[i] != nn)
+ goto decode;
+ }
+
+ /* syndrome is zero, no errors to correct */
+ return 0;
+ }
/* form the syndromes; i.e., evaluate data(x) at roots of
* g(x) */
--
2.20.1
[ Upstream commit 3a30964a2eef6aabd3ab18b979ea0eacf1147731 ]
The driver may not be able to disable the ring through firmware
when downing the netdev during reset process, which may cause
hardware accessing freed buffer problem.
This patch delays the ring buffer clearing to reset uninit
process because hardware will not access the ring buffer after
hardware reset is completed.
Fixes: bb6b94a896d4 ("net: hns3: Add reset interface implementation in client")
Signed-off-by: Yunsheng Lin <[email protected]>
Signed-off-by: Peng Li <[email protected]>
Signed-off-by: Huazhong Tan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
.../net/ethernet/hisilicon/hns3/hns3_enet.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 6afdd376bc03..7e7c10513d2c 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -28,7 +28,7 @@
#define hns3_tx_bd_count(S) DIV_ROUND_UP(S, HNS3_MAX_BD_SIZE)
static void hns3_clear_all_ring(struct hnae3_handle *h);
-static void hns3_force_clear_all_rx_ring(struct hnae3_handle *h);
+static void hns3_force_clear_all_ring(struct hnae3_handle *h);
static void hns3_remove_hw_addr(struct net_device *netdev);
static const char hns3_driver_name[] = "hns3";
@@ -484,7 +484,12 @@ static void hns3_nic_net_down(struct net_device *netdev)
/* free irq resources */
hns3_nic_uninit_irq(priv);
- hns3_clear_all_ring(priv->ae_handle);
+ /* delay ring buffer clearing to hns3_reset_notify_uninit_enet
+ * during reset process, because driver may not be able
+ * to disable the ring through firmware when downing the netdev.
+ */
+ if (!hns3_nic_resetting(netdev))
+ hns3_clear_all_ring(priv->ae_handle);
}
static int hns3_nic_net_stop(struct net_device *netdev)
@@ -3737,7 +3742,7 @@ static void hns3_client_uninit(struct hnae3_handle *handle, bool reset)
hns3_del_all_fd_rules(netdev, true);
- hns3_force_clear_all_rx_ring(handle);
+ hns3_force_clear_all_ring(handle);
hns3_uninit_phy(netdev);
@@ -3909,7 +3914,7 @@ static void hns3_force_clear_rx_ring(struct hns3_enet_ring *ring)
}
}
-static void hns3_force_clear_all_rx_ring(struct hnae3_handle *h)
+static void hns3_force_clear_all_ring(struct hnae3_handle *h)
{
struct net_device *ndev = h->kinfo.netdev;
struct hns3_nic_priv *priv = netdev_priv(ndev);
@@ -3917,6 +3922,9 @@ static void hns3_force_clear_all_rx_ring(struct hnae3_handle *h)
u32 i;
for (i = 0; i < h->kinfo.num_tqps; i++) {
+ ring = priv->ring_data[i].ring;
+ hns3_clear_tx_ring(ring);
+
ring = priv->ring_data[i + h->kinfo.num_tqps].ring;
hns3_force_clear_rx_ring(ring);
}
@@ -4145,7 +4153,8 @@ static int hns3_reset_notify_uninit_enet(struct hnae3_handle *handle)
return 0;
}
- hns3_force_clear_all_rx_ring(handle);
+ hns3_clear_all_ring(handle);
+ hns3_force_clear_all_ring(handle);
hns3_nic_uninit_vector_data(priv);
--
2.20.1
[ Upstream commit 7a3916706e858ad0bc3b5629c68168e1449de26a ]
Release all requested IRQ's on the request error to properly clean up
allocated resources.
Signed-off-by: Dmitry Osipenko <[email protected]>
Acked-By: Peter De Schrijver <[email protected]>
Signed-off-by: Daniel Lezcano <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/clocksource/timer-tegra20.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/clocksource/timer-tegra20.c b/drivers/clocksource/timer-tegra20.c
index fdb3d795a409..cc18bb135a17 100644
--- a/drivers/clocksource/timer-tegra20.c
+++ b/drivers/clocksource/timer-tegra20.c
@@ -310,7 +310,7 @@ static int __init tegra_init_timer(struct device_node *np)
pr_err("%s: can't map IRQ for CPU%d\n",
__func__, cpu);
ret = -EINVAL;
- goto out;
+ goto out_irq;
}
irq_set_status_flags(cpu_to->clkevt.irq, IRQ_NOAUTOEN);
@@ -320,7 +320,8 @@ static int __init tegra_init_timer(struct device_node *np)
if (ret) {
pr_err("%s: cannot setup irq %d for CPU%d\n",
__func__, cpu_to->clkevt.irq, cpu);
- ret = -EINVAL;
+ irq_dispose_mapping(cpu_to->clkevt.irq);
+ cpu_to->clkevt.irq = 0;
goto out_irq;
}
}
--
2.20.1
stable-rc/linux-5.1.y boot: 137 boots: 2 failed, 134 passed with 1 offline (v5.1.19-372-g7da17d99564d)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-5.1.y/kernel/v5.1.19-372-g7da17d99564d/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-5.1.y/kernel/v5.1.19-372-g7da17d99564d/
Tree: stable-rc
Branch: linux-5.1.y
Git Describe: v5.1.19-372-g7da17d99564d
Git Commit: 7da17d99564d84f797e66a578ec5fb34f43fa58f
Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 79 unique boards, 27 SoC families, 17 builds out of 209
Boot Failures Detected:
arm:
multi_v7_defconfig:
gcc-8:
bcm4708-smartrg-sr400ac: 1 failed lab
arm64:
defconfig:
gcc-8:
meson-gxl-s905x-nexbox-a95x: 1 failed lab
Offline Platforms:
arm64:
defconfig:
gcc-8
meson-gxbb-odroidc2: 1 offline lab
---
For more info write to <[email protected]>
On Wed, Jul 24, 2019 at 09:15:52PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.20-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
Hello,
Compiled and booted. No regressions on x86_64.
THX,
Jiunn
On Thu, 25 Jul 2019 at 01:14, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.20-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Summary
------------------------------------------------------------------------
kernel: 5.1.20-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-5.1.y
git commit: 21e90543f836d29dae6ec06215a6e52419913d7b
git describe: v5.1.19-372-g21e90543f836
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.1-oe/build/v5.1.19-372-g21e90543f836
No regressions (compared to build v5.1.19)
No fixes (compared to build v5.1.19)
Ran 22773 total tests in the following environments and test suites.
Environments
--------------
- dragonboard-410c
- hi6220-hikey
- i386
- juno-r2
- qemu_arm
- qemu_arm64
- qemu_i386
- qemu_x86_64
- x15
- x86
Test Suites
-----------
* build
* install-android-platform-tools-r2600
* kselftest
* libgpiod
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-cve-tests
* ltp-dio-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-mm-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-sched-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-timers-tests
* network-basic-tests
* perf
* spectre-meltdown-checker-test
* v4l2-compliance
* ltp-open-posix-tests
* kvm-unit-tests
* kselftest-vsyscall-mode-native
* kselftest-vsyscall-mode-none
--
Linaro LKFT
https://lkft.linaro.org
[ Upstream commit 64f883cd98c6d43013fb0cea788b63e50ebc068c ]
If vpif_probe() fails on v4l2_device_register() and vpif_probe_complete(),
then memory allocated at initialize_vpif() for global vpif_obj.dev[i]
become unreleased.
The patch adds deallocation of vpif_obj.dev[i] on the error path.
Signed-off-by: Young Xiao <[email protected]>
Acked-by: Lad, Prabhakar <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/platform/davinci/vpif_capture.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/media/platform/davinci/vpif_capture.c
index 6216b7ac6875..a20cb6fff2ec 100644
--- a/drivers/media/platform/davinci/vpif_capture.c
+++ b/drivers/media/platform/davinci/vpif_capture.c
@@ -1384,6 +1384,14 @@ static int initialize_vpif(void)
return err;
}
+static inline void free_vpif_objs(void)
+{
+ int i;
+
+ for (i = 0; i < VPIF_CAPTURE_MAX_DEVICES; i++)
+ kfree(vpif_obj.dev[i]);
+}
+
static int vpif_async_bound(struct v4l2_async_notifier *notifier,
struct v4l2_subdev *subdev,
struct v4l2_async_subdev *asd)
@@ -1653,7 +1661,7 @@ static __init int vpif_probe(struct platform_device *pdev)
err = v4l2_device_register(vpif_dev, &vpif_obj.v4l2_dev);
if (err) {
v4l2_err(vpif_dev->driver, "Error registering v4l2 device\n");
- goto cleanup;
+ goto vpif_free;
}
while ((res = platform_get_resource(pdev, IORESOURCE_IRQ, res_idx))) {
@@ -1700,7 +1708,9 @@ static __init int vpif_probe(struct platform_device *pdev)
"registered sub device %s\n",
subdevdata->name);
}
- vpif_probe_complete();
+ err = vpif_probe_complete();
+ if (err)
+ goto probe_subdev_out;
} else {
vpif_obj.notifier.ops = &vpif_async_ops;
err = v4l2_async_notifier_register(&vpif_obj.v4l2_dev,
@@ -1719,6 +1729,8 @@ static __init int vpif_probe(struct platform_device *pdev)
kfree(vpif_obj.sd);
vpif_unregister:
v4l2_device_unregister(&vpif_obj.v4l2_dev);
+vpif_free:
+ free_vpif_objs();
cleanup:
v4l2_async_notifier_cleanup(&vpif_obj.notifier);
--
2.20.1
From: Kan Liang <[email protected]>
commit e4557c1a46b0d32746bd309e1941914b5a6912b4 upstream.
If a user first sample a PEBS event on a fixed counter, then sample a
non-PEBS event on the same fixed counter on Icelake, it will trigger
spurious NMI. For example:
perf record -e 'cycles:p' -a
perf record -e 'cycles' -a
The error message for spurious NMI:
[June 21 15:38] Uhhuh. NMI received for unknown reason 30 on CPU 2.
[ +0.000000] Do you have a strange power saving mode enabled?
[ +0.000000] Dazed and confused, but trying to continue
The bug was introduced by the following commit:
commit 6f55967ad9d9 ("perf/x86/intel: Fix race in intel_pmu_disable_event()")
The commit moves the intel_pmu_pebs_disable() after intel_pmu_disable_fixed(),
which returns immediately. The related bit of PEBS_ENABLE MSR will never be
cleared for the fixed counter. Then a non-PEBS event runs on the fixed counter,
but the bit on PEBS_ENABLE is still set, which triggers spurious NMIs.
Check and disable PEBS for fixed counters after intel_pmu_disable_fixed().
Reported-by: Yi, Ammy <[email protected]>
Signed-off-by: Kan Liang <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Acked-by: Jiri Olsa <[email protected]>
Cc: <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Stephane Eranian <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Vince Weaver <[email protected]>
Fixes: 6f55967ad9d9 ("perf/x86/intel: Fix race in intel_pmu_disable_event()")
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/events/intel/core.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -2092,12 +2092,10 @@ static void intel_pmu_disable_event(stru
cpuc->intel_ctrl_host_mask &= ~(1ull << hwc->idx);
cpuc->intel_cp_status &= ~(1ull << hwc->idx);
- if (unlikely(hwc->config_base == MSR_ARCH_PERFMON_FIXED_CTR_CTRL)) {
+ if (unlikely(hwc->config_base == MSR_ARCH_PERFMON_FIXED_CTR_CTRL))
intel_pmu_disable_fixed(hwc);
- return;
- }
-
- x86_pmu_disable_event(event);
+ else
+ x86_pmu_disable_event(event);
/*
* Needs to be called after x86_pmu_disable_event,
From: Hook, Gary <[email protected]>
commit 20e833dc36355ed642d00067641a679c618303fa upstream.
The AES GCM function reuses an 'op' data structure, which members
contain values that must be cleared for each (re)use.
This fix resolves a crypto self-test failure:
alg: aead: gcm-aes-ccp encryption test failed (wrong result) on test vector 2, cfg="two even aligned splits"
Fixes: 36cf515b9bbe ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Cc: <[email protected]>
Signed-off-by: Gary R Hook <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/crypto/ccp/ccp-ops.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/drivers/crypto/ccp/ccp-ops.c
+++ b/drivers/crypto/ccp/ccp-ops.c
@@ -625,6 +625,7 @@ static int ccp_run_aes_gcm_cmd(struct cc
unsigned long long *final;
unsigned int dm_offset;
+ unsigned int jobid;
unsigned int ilen;
bool in_place = true; /* Default value */
int ret;
@@ -663,9 +664,11 @@ static int ccp_run_aes_gcm_cmd(struct cc
p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen);
}
+ jobid = CCP_NEW_JOBID(cmd_q->ccp);
+
memset(&op, 0, sizeof(op));
op.cmd_q = cmd_q;
- op.jobid = CCP_NEW_JOBID(cmd_q->ccp);
+ op.jobid = jobid;
op.sb_key = cmd_q->sb_key; /* Pre-allocated */
op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */
op.init = 1;
@@ -816,6 +819,13 @@ static int ccp_run_aes_gcm_cmd(struct cc
final[0] = cpu_to_be64(aes->aad_len * 8);
final[1] = cpu_to_be64(ilen * 8);
+ memset(&op, 0, sizeof(op));
+ op.cmd_q = cmd_q;
+ op.jobid = jobid;
+ op.sb_key = cmd_q->sb_key; /* Pre-allocated */
+ op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */
+ op.init = 1;
+ op.u.aes.type = aes->type;
op.u.aes.mode = CCP_AES_MODE_GHASH;
op.u.aes.action = CCP_AES_GHASHFINAL;
op.src.type = CCP_MEMTYPE_SYSTEM;
From: Christian Lamparter <[email protected]>
commit 0f7a81374060828280fcfdfbaa162cb559017f9f upstream.
The hardware automatically zero pads incomplete block ciphers
blocks without raising any errors. This is a screw-up. This
was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that
sent a incomplete blocks and expect them to fail.
This fixes:
cbc-aes-ppc4xx encryption unexpectedly succeeded on test vector
"random: len=2409 klen=32"; expected_error=-22, cfg="random:
may_sleep use_digest src_divs=[96.90%@+2295, 2.34%@+4066,
0.32%@alignmask+12, 0.34%@+4087, 0.9%@alignmask+1787, 0.1%@+3767]
iv_offset=6"
ecb-aes-ppc4xx encryption unexpectedly succeeded on test vector
"random: len=1011 klen=32"; expected_error=-22, cfg="random:
may_sleep use_digest src_divs=[100.0%@alignmask+20]
dst_divs=[3.12%@+3001, 96.88%@+4070]"
Cc: Eric Biggers <[email protected]>
Cc: [email protected] [4.19, 5.0 and 5.1]
Signed-off-by: Christian Lamparter <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/crypto/amcc/crypto4xx_alg.c | 36 ++++++++++++++++++++++++-----------
drivers/crypto/amcc/crypto4xx_core.c | 16 +++++++--------
drivers/crypto/amcc/crypto4xx_core.h | 10 +++++----
3 files changed, 39 insertions(+), 23 deletions(-)
--- a/drivers/crypto/amcc/crypto4xx_alg.c
+++ b/drivers/crypto/amcc/crypto4xx_alg.c
@@ -76,12 +76,16 @@ static void set_dynamic_sa_command_1(str
}
static inline int crypto4xx_crypt(struct skcipher_request *req,
- const unsigned int ivlen, bool decrypt)
+ const unsigned int ivlen, bool decrypt,
+ bool check_blocksize)
{
struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
__le32 iv[AES_IV_SIZE];
+ if (check_blocksize && !IS_ALIGNED(req->cryptlen, AES_BLOCK_SIZE))
+ return -EINVAL;
+
if (ivlen)
crypto4xx_memcpy_to_le32(iv, req->iv, ivlen);
@@ -90,24 +94,34 @@ static inline int crypto4xx_crypt(struct
ctx->sa_len, 0, NULL);
}
-int crypto4xx_encrypt_noiv(struct skcipher_request *req)
+int crypto4xx_encrypt_noiv_block(struct skcipher_request *req)
+{
+ return crypto4xx_crypt(req, 0, false, true);
+}
+
+int crypto4xx_encrypt_iv_stream(struct skcipher_request *req)
+{
+ return crypto4xx_crypt(req, AES_IV_SIZE, false, false);
+}
+
+int crypto4xx_decrypt_noiv_block(struct skcipher_request *req)
{
- return crypto4xx_crypt(req, 0, false);
+ return crypto4xx_crypt(req, 0, true, true);
}
-int crypto4xx_encrypt_iv(struct skcipher_request *req)
+int crypto4xx_decrypt_iv_stream(struct skcipher_request *req)
{
- return crypto4xx_crypt(req, AES_IV_SIZE, false);
+ return crypto4xx_crypt(req, AES_IV_SIZE, true, false);
}
-int crypto4xx_decrypt_noiv(struct skcipher_request *req)
+int crypto4xx_encrypt_iv_block(struct skcipher_request *req)
{
- return crypto4xx_crypt(req, 0, true);
+ return crypto4xx_crypt(req, AES_IV_SIZE, false, true);
}
-int crypto4xx_decrypt_iv(struct skcipher_request *req)
+int crypto4xx_decrypt_iv_block(struct skcipher_request *req)
{
- return crypto4xx_crypt(req, AES_IV_SIZE, true);
+ return crypto4xx_crypt(req, AES_IV_SIZE, true, true);
}
/**
@@ -278,8 +292,8 @@ crypto4xx_ctr_crypt(struct skcipher_requ
return ret;
}
- return encrypt ? crypto4xx_encrypt_iv(req)
- : crypto4xx_decrypt_iv(req);
+ return encrypt ? crypto4xx_encrypt_iv_stream(req)
+ : crypto4xx_decrypt_iv_stream(req);
}
static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx,
--- a/drivers/crypto/amcc/crypto4xx_core.c
+++ b/drivers/crypto/amcc/crypto4xx_core.c
@@ -1226,8 +1226,8 @@ static struct crypto4xx_alg_common crypt
.max_keysize = AES_MAX_KEY_SIZE,
.ivsize = AES_IV_SIZE,
.setkey = crypto4xx_setkey_aes_cbc,
- .encrypt = crypto4xx_encrypt_iv,
- .decrypt = crypto4xx_decrypt_iv,
+ .encrypt = crypto4xx_encrypt_iv_block,
+ .decrypt = crypto4xx_decrypt_iv_block,
.init = crypto4xx_sk_init,
.exit = crypto4xx_sk_exit,
} },
@@ -1246,8 +1246,8 @@ static struct crypto4xx_alg_common crypt
.max_keysize = AES_MAX_KEY_SIZE,
.ivsize = AES_IV_SIZE,
.setkey = crypto4xx_setkey_aes_cfb,
- .encrypt = crypto4xx_encrypt_iv,
- .decrypt = crypto4xx_decrypt_iv,
+ .encrypt = crypto4xx_encrypt_iv_stream,
+ .decrypt = crypto4xx_decrypt_iv_stream,
.init = crypto4xx_sk_init,
.exit = crypto4xx_sk_exit,
} },
@@ -1306,8 +1306,8 @@ static struct crypto4xx_alg_common crypt
.min_keysize = AES_MIN_KEY_SIZE,
.max_keysize = AES_MAX_KEY_SIZE,
.setkey = crypto4xx_setkey_aes_ecb,
- .encrypt = crypto4xx_encrypt_noiv,
- .decrypt = crypto4xx_decrypt_noiv,
+ .encrypt = crypto4xx_encrypt_noiv_block,
+ .decrypt = crypto4xx_decrypt_noiv_block,
.init = crypto4xx_sk_init,
.exit = crypto4xx_sk_exit,
} },
@@ -1326,8 +1326,8 @@ static struct crypto4xx_alg_common crypt
.max_keysize = AES_MAX_KEY_SIZE,
.ivsize = AES_IV_SIZE,
.setkey = crypto4xx_setkey_aes_ofb,
- .encrypt = crypto4xx_encrypt_iv,
- .decrypt = crypto4xx_decrypt_iv,
+ .encrypt = crypto4xx_encrypt_iv_stream,
+ .decrypt = crypto4xx_decrypt_iv_stream,
.init = crypto4xx_sk_init,
.exit = crypto4xx_sk_exit,
} },
--- a/drivers/crypto/amcc/crypto4xx_core.h
+++ b/drivers/crypto/amcc/crypto4xx_core.h
@@ -183,10 +183,12 @@ int crypto4xx_setkey_rfc3686(struct cryp
const u8 *key, unsigned int keylen);
int crypto4xx_encrypt_ctr(struct skcipher_request *req);
int crypto4xx_decrypt_ctr(struct skcipher_request *req);
-int crypto4xx_encrypt_iv(struct skcipher_request *req);
-int crypto4xx_decrypt_iv(struct skcipher_request *req);
-int crypto4xx_encrypt_noiv(struct skcipher_request *req);
-int crypto4xx_decrypt_noiv(struct skcipher_request *req);
+int crypto4xx_encrypt_iv_stream(struct skcipher_request *req);
+int crypto4xx_decrypt_iv_stream(struct skcipher_request *req);
+int crypto4xx_encrypt_iv_block(struct skcipher_request *req);
+int crypto4xx_decrypt_iv_block(struct skcipher_request *req);
+int crypto4xx_encrypt_noiv_block(struct skcipher_request *req);
+int crypto4xx_decrypt_noiv_block(struct skcipher_request *req);
int crypto4xx_rfc3686_encrypt(struct skcipher_request *req);
int crypto4xx_rfc3686_decrypt(struct skcipher_request *req);
int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);
From: Johannes Berg <[email protected]>
commit c56e00a3feaee2b46b7d33875fb7f52efd30241f upstream.
In AP (and IBSS) mode, we can only set GTKs to firmware after we have
sent down the multicast station, but this we can only do after we've
enabled beaconing, etc.
However, during rfkill exit, hostapd will configure the keys before
starting the AP, and cfg80211/mac80211 accept it happily.
On earlier devices, this didn't bother us as GTK TX wasn't really
handled in firmware, we just put the key material into the TX cmd
and thus it only mattered when we actually transmitted a frame.
On newer devices, however, the firmware needs to track all of this
and that doesn't work if we add the key before the (multicast) sta
it belongs to.
To fix this, keep a list of keys to add during AP enable, and call
the function there.
Cc: [email protected]
Signed-off-by: Johannes Berg <[email protected]>
Signed-off-by: Luca Coelho <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 53 +++++++++++++++++++++-
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 +
2 files changed, 54 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -207,6 +207,12 @@ static const struct cfg80211_pmsr_capabi
},
};
+static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
+ enum set_key_cmd cmd,
+ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta,
+ struct ieee80211_key_conf *key);
+
void iwl_mvm_ref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type)
{
if (!iwl_mvm_is_d0i3_supported(mvm))
@@ -2535,7 +2541,7 @@ static int iwl_mvm_start_ap_ibss(struct
{
struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
- int ret;
+ int ret, i;
/*
* iwl_mvm_mac_ctxt_add() might read directly from the device
@@ -2609,6 +2615,20 @@ static int iwl_mvm_start_ap_ibss(struct
/* must be set before quota calculations */
mvmvif->ap_ibss_active = true;
+ /* send all the early keys to the device now */
+ for (i = 0; i < ARRAY_SIZE(mvmvif->ap_early_keys); i++) {
+ struct ieee80211_key_conf *key = mvmvif->ap_early_keys[i];
+
+ if (!key)
+ continue;
+
+ mvmvif->ap_early_keys[i] = NULL;
+
+ ret = iwl_mvm_mac_set_key(hw, SET_KEY, vif, NULL, key);
+ if (ret)
+ goto out_quota_failed;
+ }
+
if (vif->type == NL80211_IFTYPE_AP && !vif->p2p) {
iwl_mvm_vif_set_low_latency(mvmvif, true,
LOW_LATENCY_VIF_TYPE);
@@ -3378,11 +3398,12 @@ static int iwl_mvm_mac_set_key(struct ie
struct ieee80211_sta *sta,
struct ieee80211_key_conf *key)
{
+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
struct iwl_mvm_sta *mvmsta;
struct iwl_mvm_key_pn *ptk_pn;
int keyidx = key->keyidx;
- int ret;
+ int ret, i;
u8 key_offset;
if (iwlwifi_mod_params.swcrypto) {
@@ -3455,6 +3476,22 @@ static int iwl_mvm_mac_set_key(struct ie
key->hw_key_idx = STA_KEY_IDX_INVALID;
break;
}
+
+ if (!mvmvif->ap_ibss_active) {
+ for (i = 0;
+ i < ARRAY_SIZE(mvmvif->ap_early_keys);
+ i++) {
+ if (!mvmvif->ap_early_keys[i]) {
+ mvmvif->ap_early_keys[i] = key;
+ break;
+ }
+ }
+
+ if (i >= ARRAY_SIZE(mvmvif->ap_early_keys))
+ ret = -ENOSPC;
+
+ break;
+ }
}
/* During FW restart, in order to restore the state as it was,
@@ -3523,6 +3560,18 @@ static int iwl_mvm_mac_set_key(struct ie
break;
case DISABLE_KEY:
+ ret = -ENOENT;
+ for (i = 0; i < ARRAY_SIZE(mvmvif->ap_early_keys); i++) {
+ if (mvmvif->ap_early_keys[i] == key) {
+ mvmvif->ap_early_keys[i] = NULL;
+ ret = 0;
+ }
+ }
+
+ /* found in pending list - don't do anything else */
+ if (ret == 0)
+ break;
+
if (key->hw_key_idx == STA_KEY_IDX_INVALID) {
ret = 0;
break;
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
@@ -498,6 +498,9 @@ struct iwl_mvm_vif {
netdev_features_t features;
struct iwl_probe_resp_data __rcu *probe_resp_data;
+
+ /* we can only have 2 GTK + 2 IGTK active at a time */
+ struct ieee80211_key_conf *ap_early_keys[4];
};
static inline struct iwl_mvm_vif *
From: Luis Henriques <[email protected]>
commit d31d07b97a5e76f41e00eb81dcca740e84aa7782 upstream.
Commit e450f4d1a5d6 ("ceph: pass inclusive lend parameter to
filemap_write_and_wait_range()") fixed the end offset parameter used to
call filemap_write_and_wait_range and invalidate_inode_pages2_range.
Unfortunately it missed truncate_inode_pages_range, introducing a
regression that is easily detected by xfstest generic/130.
The problem is that when doing direct IO it is possible that an extra page
is truncated from the page cache when the end offset is page aligned.
This can cause data loss if that page hasn't been sync'ed to the OSDs.
While there, change code to use PAGE_ALIGN macro instead.
Cc: [email protected]
Fixes: e450f4d1a5d6 ("ceph: pass inclusive lend parameter to filemap_write_and_wait_range()")
Signed-off-by: Luis Henriques <[email protected]>
Reviewed-by: Jeff Layton <[email protected]>
Signed-off-by: Ilya Dryomov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/ceph/file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1006,7 +1006,7 @@ ceph_direct_read_write(struct kiocb *ioc
* may block.
*/
truncate_inode_pages_range(inode->i_mapping, pos,
- (pos+len) | (PAGE_SIZE - 1));
+ PAGE_ALIGN(pos + len) - 1);
req->r_mtime = mtime;
}
From: Lyude Paul <[email protected]>
commit 7cb95eeea6706c790571042a06782e378b2561ea upstream.
It turns out that while disabling i2c bus access from software when the
GPU is suspended was a step in the right direction with:
commit 342406e4fbba ("drm/nouveau/i2c: Disable i2c bus access after
->fini()")
We also ended up accidentally breaking the vbios init scripts on some
older Tesla GPUs, as apparently said scripts can actually use the i2c
bus. Since these scripts are executed before initializing any
subdevices, we end up failing to acquire access to the i2c bus which has
left a number of cards with their fan controllers uninitialized. Luckily
this doesn't break hardware - it just means the fan gets stuck at 100%.
This also means that we've always been using our i2c busses before
initializing them during the init scripts for older GPUs, we just didn't
notice it until we started preventing them from being used until init.
It's pretty impressive this never caused us any issues before!
So, fix this by initializing our i2c pad and busses during subdev
pre-init. We skip initializing aux busses during pre-init, as those are
guaranteed to only ever be used by nouveau for DP aux transactions.
Signed-off-by: Lyude Paul <[email protected]>
Tested-by: Marc Meledandri <[email protected]>
Fixes: 342406e4fbba ("drm/nouveau/i2c: Disable i2c bus access after ->fini()")
Cc: [email protected]
Signed-off-by: Ben Skeggs <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c
@@ -185,6 +185,25 @@ nvkm_i2c_fini(struct nvkm_subdev *subdev
}
static int
+nvkm_i2c_preinit(struct nvkm_subdev *subdev)
+{
+ struct nvkm_i2c *i2c = nvkm_i2c(subdev);
+ struct nvkm_i2c_bus *bus;
+ struct nvkm_i2c_pad *pad;
+
+ /*
+ * We init our i2c busses as early as possible, since they may be
+ * needed by the vbios init scripts on some cards
+ */
+ list_for_each_entry(pad, &i2c->pad, head)
+ nvkm_i2c_pad_init(pad);
+ list_for_each_entry(bus, &i2c->bus, head)
+ nvkm_i2c_bus_init(bus);
+
+ return 0;
+}
+
+static int
nvkm_i2c_init(struct nvkm_subdev *subdev)
{
struct nvkm_i2c *i2c = nvkm_i2c(subdev);
@@ -238,6 +257,7 @@ nvkm_i2c_dtor(struct nvkm_subdev *subdev
static const struct nvkm_subdev_func
nvkm_i2c = {
.dtor = nvkm_i2c_dtor,
+ .preinit = nvkm_i2c_preinit,
.init = nvkm_i2c_init,
.fini = nvkm_i2c_fini,
.intr = nvkm_i2c_intr,
From: Vitor Soares <[email protected]>
commit ecc8fb54bd443bf69996d9d5ddb8d90a50f14936 upstream.
Currently the I3C framework limits SCL frequency to FM speed when
dealing with a mixed slow bus, even if all I2C devices are FM+ capable.
The core was also not accounting for I3C speed limitations when
operating in mixed slow mode and was erroneously using FM+ speed as the
max I2C speed when operating in mixed fast mode.
Fixes: 3a379bbcea0a ("i3c: Add core I3C infrastructure")
Signed-off-by: Vitor Soares <[email protected]>
Cc: Boris Brezillon <[email protected]>
Cc: <[email protected]>
Cc: <[email protected]>
Signed-off-by: Boris Brezillon <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/i3c/master.c | 51 ++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 38 insertions(+), 13 deletions(-)
--- a/drivers/i3c/master.c
+++ b/drivers/i3c/master.c
@@ -91,6 +91,12 @@ void i3c_bus_normaluse_unlock(struct i3c
up_read(&bus->lock);
}
+static struct i3c_master_controller *
+i3c_bus_to_i3c_master(struct i3c_bus *i3cbus)
+{
+ return container_of(i3cbus, struct i3c_master_controller, bus);
+}
+
static struct i3c_master_controller *dev_to_i3cmaster(struct device *dev)
{
return container_of(dev, struct i3c_master_controller, dev);
@@ -565,20 +571,38 @@ static const struct device_type i3c_mast
.groups = i3c_masterdev_groups,
};
-int i3c_bus_set_mode(struct i3c_bus *i3cbus, enum i3c_bus_mode mode)
+int i3c_bus_set_mode(struct i3c_bus *i3cbus, enum i3c_bus_mode mode,
+ unsigned long max_i2c_scl_rate)
{
- i3cbus->mode = mode;
+ struct i3c_master_controller *master = i3c_bus_to_i3c_master(i3cbus);
- if (!i3cbus->scl_rate.i3c)
- i3cbus->scl_rate.i3c = I3C_BUS_TYP_I3C_SCL_RATE;
+ i3cbus->mode = mode;
- if (!i3cbus->scl_rate.i2c) {
- if (i3cbus->mode == I3C_BUS_MODE_MIXED_SLOW)
- i3cbus->scl_rate.i2c = I3C_BUS_I2C_FM_SCL_RATE;
- else
- i3cbus->scl_rate.i2c = I3C_BUS_I2C_FM_PLUS_SCL_RATE;
+ switch (i3cbus->mode) {
+ case I3C_BUS_MODE_PURE:
+ if (!i3cbus->scl_rate.i3c)
+ i3cbus->scl_rate.i3c = I3C_BUS_TYP_I3C_SCL_RATE;
+ break;
+ case I3C_BUS_MODE_MIXED_FAST:
+ if (!i3cbus->scl_rate.i3c)
+ i3cbus->scl_rate.i3c = I3C_BUS_TYP_I3C_SCL_RATE;
+ if (!i3cbus->scl_rate.i2c)
+ i3cbus->scl_rate.i2c = max_i2c_scl_rate;
+ break;
+ case I3C_BUS_MODE_MIXED_SLOW:
+ if (!i3cbus->scl_rate.i2c)
+ i3cbus->scl_rate.i2c = max_i2c_scl_rate;
+ if (!i3cbus->scl_rate.i3c ||
+ i3cbus->scl_rate.i3c > i3cbus->scl_rate.i2c)
+ i3cbus->scl_rate.i3c = i3cbus->scl_rate.i2c;
+ break;
+ default:
+ return -EINVAL;
}
+ dev_dbg(&master->dev, "i2c-scl = %ld Hz i3c-scl = %ld Hz\n",
+ i3cbus->scl_rate.i2c, i3cbus->scl_rate.i3c);
+
/*
* I3C/I2C frequency may have been overridden, check that user-provided
* values are not exceeding max possible frequency.
@@ -1966,9 +1990,6 @@ of_i3c_master_add_i2c_boardinfo(struct i
/* LVR is encoded in reg[2]. */
boardinfo->lvr = reg[2];
- if (boardinfo->lvr & I3C_LVR_I2C_FM_MODE)
- master->bus.scl_rate.i2c = I3C_BUS_I2C_FM_SCL_RATE;
-
list_add_tail(&boardinfo->node, &master->boardinfo.i2c);
of_node_get(node);
@@ -2417,6 +2438,7 @@ int i3c_master_register(struct i3c_maste
const struct i3c_master_controller_ops *ops,
bool secondary)
{
+ unsigned long i2c_scl_rate = I3C_BUS_I2C_FM_PLUS_SCL_RATE;
struct i3c_bus *i3cbus = i3c_master_get_bus(master);
enum i3c_bus_mode mode = I3C_BUS_MODE_PURE;
struct i2c_dev_boardinfo *i2cbi;
@@ -2466,9 +2488,12 @@ int i3c_master_register(struct i3c_maste
ret = -EINVAL;
goto err_put_dev;
}
+
+ if (i2cbi->lvr & I3C_LVR_I2C_FM_MODE)
+ i2c_scl_rate = I3C_BUS_I2C_FM_SCL_RATE;
}
- ret = i3c_bus_set_mode(i3cbus, mode);
+ ret = i3c_bus_set_mode(i3cbus, mode, i2c_scl_rate);
if (ret)
goto err_put_dev;
From: David Rientjes <[email protected]>
commit e74bd96989dd42a51a73eddb4a5510a6f5e42ac3 upstream.
When default_get_smp_config() is called with early == 1 and mpf->feature1
is non-zero, mpf is leaked because the return path does not do
early_memunmap().
Fix this and share a common exit routine.
Fixes: 5997efb96756 ("x86/boot: Use memremap() to map the MPF and MPC data")
Reported-by: Cfir Cohen <[email protected]>
Signed-off-by: David Rientjes <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: [email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/kernel/mpparse.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/arch/x86/kernel/mpparse.c
+++ b/arch/x86/kernel/mpparse.c
@@ -546,17 +546,15 @@ void __init default_get_smp_config(unsig
* local APIC has default address
*/
mp_lapic_addr = APIC_DEFAULT_PHYS_BASE;
- return;
+ goto out;
}
pr_info("Default MP configuration #%d\n", mpf->feature1);
construct_default_ISA_mptable(mpf->feature1);
} else if (mpf->physptr) {
- if (check_physptr(mpf, early)) {
- early_memunmap(mpf, sizeof(*mpf));
- return;
- }
+ if (check_physptr(mpf, early))
+ goto out;
} else
BUG();
@@ -565,7 +563,7 @@ void __init default_get_smp_config(unsig
/*
* Only use the first configuration found.
*/
-
+out:
early_memunmap(mpf, sizeof(*mpf));
}
From: Linus Walleij <[email protected]>
commit f90b8fda3a9d72a9422ea80ae95843697f94ea4a upstream.
The SPI to the display on the DIR-685 is active low, we were
just saved by the SPI library enforcing active low on everything
before, so set it as active low to avoid ambiguity.
Link: https://lore.kernel.org/r/[email protected]
Cc: [email protected]
Signed-off-by: Linus Walleij <[email protected]>
Signed-off-by: Olof Johansson <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/arm/boot/dts/gemini-dlink-dir-685.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm/boot/dts/gemini-dlink-dir-685.dts
+++ b/arch/arm/boot/dts/gemini-dlink-dir-685.dts
@@ -64,7 +64,7 @@
gpio-sck = <&gpio1 5 GPIO_ACTIVE_HIGH>;
gpio-miso = <&gpio1 8 GPIO_ACTIVE_HIGH>;
gpio-mosi = <&gpio1 7 GPIO_ACTIVE_HIGH>;
- cs-gpios = <&gpio0 20 GPIO_ACTIVE_HIGH>;
+ cs-gpios = <&gpio0 20 GPIO_ACTIVE_LOW>;
num-chipselects = <1>;
panel: display@0 {
From: YueHaibing <[email protected]>
commit d4548543fc4ece56c6f04b8586f435fb4fd84c20 upstream.
KASAN report this:
BUG: unable to handle kernel paging request at ffffffffa0097000
PGD 3870067 P4D 3870067 PUD 3871063 PMD 2326e2067 PTE 0
Oops: 0000 [#1
CPU: 0 PID: 5340 Comm: modprobe Not tainted 5.1.0-rc7+ #25
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
RIP: 0010:__list_add_valid+0x10/0x70
Code: c3 48 8b 06 55 48 89 e5 5d 48 39 07 0f 94 c0 0f b6 c0 c3 90 90 90 90 90 90 90 55 48 89 d0 48 8b 52 08 48 89 e5 48 39 f2 75 19 <48> 8b 32 48 39 f0 75 3a
RSP: 0018:ffffc90000e23c68 EFLAGS: 00010246
RAX: ffffffffa00ad000 RBX: ffffffffa009d000 RCX: 0000000000000000
RDX: ffffffffa0097000 RSI: ffffffffa0097000 RDI: ffffffffa009d000
RBP: ffffc90000e23c68 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0097000
R13: ffff888231797180 R14: 0000000000000000 R15: ffffc90000e23e78
FS: 00007fb215285540(0000) GS:ffff888237a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa0097000 CR3: 000000022f144000 CR4: 00000000000006f0
Call Trace:
v9fs_register_trans+0x2f/0x60 [9pnet
? 0xffffffffa0087000
p9_virtio_init+0x25/0x1000 [9pnet_virtio
do_one_initcall+0x6c/0x3cc
? kmem_cache_alloc_trace+0x248/0x3b0
do_init_module+0x5b/0x1f1
load_module+0x1db1/0x2690
? m_show+0x1d0/0x1d0
__do_sys_finit_module+0xc5/0xd0
__x64_sys_finit_module+0x15/0x20
do_syscall_64+0x6b/0x1d0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb214d8e839
Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
RSP: 002b:00007ffc96554278 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 000055e67eed2aa0 RCX: 00007fb214d8e839
RDX: 0000000000000000 RSI: 000055e67ce95c2e RDI: 0000000000000003
RBP: 000055e67ce95c2e R08: 0000000000000000 R09: 000055e67eed2aa0
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
R13: 000055e67eeda500 R14: 0000000000040000 R15: 000055e67eed2aa0
Modules linked in: 9pnet_virtio(+) 9pnet gre rfkill vmw_vsock_virtio_transport_common vsock [last unloaded: 9pnet_virtio
CR2: ffffffffa0097000
---[ end trace 4a52bb13ff07b761
If register_virtio_driver() fails in p9_virtio_init,
we should call v9fs_unregister_trans() to do cleanup.
Link: http://lkml.kernel.org/r/[email protected]
Cc: [email protected]
Reported-by: Hulk Robot <[email protected]>
Fixes: b530cc794024 ("9p: add virtio transport")
Signed-off-by: YueHaibing <[email protected]>
Signed-off-by: Dominique Martinet <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/9p/trans_virtio.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -782,10 +782,16 @@ static struct p9_trans_module p9_virtio_
/* The standard init function */
static int __init p9_virtio_init(void)
{
+ int rc;
+
INIT_LIST_HEAD(&virtio_chan_list);
v9fs_register_trans(&p9_virtio_trans);
- return register_virtio_driver(&p9_virtio_drv);
+ rc = register_virtio_driver(&p9_virtio_drv);
+ if (rc)
+ v9fs_unregister_trans(&p9_virtio_trans);
+
+ return rc;
}
static void __exit p9_virtio_cleanup(void)
From: Filipe Manana <[email protected]>
commit 803f0f64d17769071d7287d9e3e3b79a3e1ae937 upstream.
In order to avoid searches on a log tree when unlinking an inode, we check
if the inode being unlinked was logged in the current transaction, as well
as the inode of its parent directory. When any of the inodes are logged,
we proceed to delete directory items and inode reference items from the
log, to ensure that if a subsequent fsync of only the inode being unlinked
or only of the parent directory when the other is not fsync'ed as well,
does not result in the entry still existing after a power failure.
That check however is not reliable when one of the inodes involved (the
one being unlinked or its parent directory's inode) is evicted, since the
logged_trans field is transient, that is, it is not stored on disk, so it
is lost when the inode is evicted and loaded into memory again (which is
set to zero on load). As a consequence the checks currently being done by
btrfs_del_dir_entries_in_log() and btrfs_del_inode_ref_in_log() always
return true if the inode was evicted before, regardless of the inode
having been logged or not before (and in the current transaction), this
results in the dentry being unlinked still existing after a log replay
if after the unlink operation only one of the inodes involved is fsync'ed.
Example:
$ mkfs.btrfs -f /dev/sdb
$ mount /dev/sdb /mnt
$ mkdir /mnt/dir
$ touch /mnt/dir/foo
$ xfs_io -c fsync /mnt/dir/foo
# Keep an open file descriptor on our directory while we evict inodes.
# We just want to evict the file's inode, the directory's inode must not
# be evicted.
$ ( cd /mnt/dir; while true; do :; done ) &
$ pid=$!
# Wait a bit to give time to background process to chdir to our test
# directory.
$ sleep 0.5
# Trigger eviction of the file's inode.
$ echo 2 > /proc/sys/vm/drop_caches
# Unlink our file and fsync the parent directory. After a power failure
# we don't expect to see the file anymore, since we fsync'ed the parent
# directory.
$ rm -f $SCRATCH_MNT/dir/foo
$ xfs_io -c fsync /mnt/dir
<power failure>
$ mount /dev/sdb /mnt
$ ls /mnt/dir
foo
$
--> file still there, unlink not persisted despite explicit fsync on dir
Fix this by checking if the inode has the full_sync bit set in its runtime
flags as well, since that bit is set everytime an inode is loaded from
disk, or for other less common cases such as after a shrinking truncate
or failure to allocate extent maps for holes, and gets cleared after the
first fsync. Also consider the inode as possibly logged only if it was
last modified in the current transaction (besides having the full_fsync
flag set).
Fixes: 3a5f1d458ad161 ("Btrfs: Optimize btree walking while logging inodes")
CC: [email protected] # 4.4+
Signed-off-by: Filipe Manana <[email protected]>
Signed-off-by: David Sterba <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/btrfs/tree-log.c | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3309,6 +3309,30 @@ int btrfs_free_log_root_tree(struct btrf
}
/*
+ * Check if an inode was logged in the current transaction. We can't always rely
+ * on an inode's logged_trans value, because it's an in-memory only field and
+ * therefore not persisted. This means that its value is lost if the inode gets
+ * evicted and loaded again from disk (in which case it has a value of 0, and
+ * certainly it is smaller then any possible transaction ID), when that happens
+ * the full_sync flag is set in the inode's runtime flags, so on that case we
+ * assume eviction happened and ignore the logged_trans value, assuming the
+ * worst case, that the inode was logged before in the current transaction.
+ */
+static bool inode_logged(struct btrfs_trans_handle *trans,
+ struct btrfs_inode *inode)
+{
+ if (inode->logged_trans == trans->transid)
+ return true;
+
+ if (inode->last_trans == trans->transid &&
+ test_bit(BTRFS_INODE_NEEDS_FULL_SYNC, &inode->runtime_flags) &&
+ !test_bit(BTRFS_FS_LOG_RECOVERING, &trans->fs_info->flags))
+ return true;
+
+ return false;
+}
+
+/*
* If both a file and directory are logged, and unlinks or renames are
* mixed in, we have a few interesting corners:
*
@@ -3342,7 +3366,7 @@ int btrfs_del_dir_entries_in_log(struct
int bytes_del = 0;
u64 dir_ino = btrfs_ino(dir);
- if (dir->logged_trans < trans->transid)
+ if (!inode_logged(trans, dir))
return 0;
ret = join_running_log_trans(root);
@@ -3447,7 +3471,7 @@ int btrfs_del_inode_ref_in_log(struct bt
u64 index;
int ret;
- if (inode->logged_trans < trans->transid)
+ if (!inode_logged(trans, inode))
return 0;
ret = join_running_log_trans(root);
From: Aaron Armstrong Skomra <[email protected]>
commit d8e9806005f28bbb49899dab2068e3359e22ba35 upstream.
Currently, the driver will attempt to set the mode on all
devices with a center button, but some devices with a center
button lack LEDs, and attempting to set the LEDs on devices
without LEDs results in the kernel error message of the form:
"leds input8::wacom-0.1: Setting an LED's brightness failed (-32)"
This is because the generic codepath erroneously assumes that the
BUTTON_CENTER usage indicates that the device has LEDs, the
previously ignored TOUCH_RING_SETTING usage is a more accurate
indication of the existence of LEDs on the device.
Fixes: 10c55cacb8b2 ("HID: wacom: generic: support LEDs")
Cc: <[email protected]> # v4.11+
Signed-off-by: Aaron Armstrong Skomra <[email protected]>
Reviewed-by: Jason Gerecke <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/hid/wacom_sys.c | 3 +++
drivers/hid/wacom_wac.c | 2 --
drivers/hid/wacom_wac.h | 1 +
3 files changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -307,6 +307,9 @@ static void wacom_feature_mapping(struct
wacom_hid_usage_quirk(hdev, field, usage);
switch (equivalent_usage) {
+ case WACOM_HID_WD_TOUCH_RING_SETTING:
+ wacom->generic_has_leds = true;
+ break;
case HID_DG_CONTACTMAX:
/* leave touch_max as is if predefined */
if (!features->touch_max) {
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -1930,8 +1930,6 @@ static void wacom_wac_pad_usage_mapping(
features->device_type |= WACOM_DEVICETYPE_PAD;
break;
case WACOM_HID_WD_BUTTONCENTER:
- wacom->generic_has_leds = true;
- /* fall through */
case WACOM_HID_WD_BUTTONHOME:
case WACOM_HID_WD_BUTTONUP:
case WACOM_HID_WD_BUTTONDOWN:
--- a/drivers/hid/wacom_wac.h
+++ b/drivers/hid/wacom_wac.h
@@ -145,6 +145,7 @@
#define WACOM_HID_WD_OFFSETBOTTOM (WACOM_HID_UP_WACOMDIGITIZER | 0x0d33)
#define WACOM_HID_WD_DATAMODE (WACOM_HID_UP_WACOMDIGITIZER | 0x1002)
#define WACOM_HID_WD_DIGITIZERINFO (WACOM_HID_UP_WACOMDIGITIZER | 0x1013)
+#define WACOM_HID_WD_TOUCH_RING_SETTING (WACOM_HID_UP_WACOMDIGITIZER | 0x1032)
#define WACOM_HID_UP_G9 0xff090000
#define WACOM_HID_G9_PEN (WACOM_HID_UP_G9 | 0x02)
#define WACOM_HID_G9_TOUCHSCREEN (WACOM_HID_UP_G9 | 0x11)
From: Wanpeng Li <[email protected]>
commit 4d763b168e9c5c366b05812c7bba7662e5ea3669 upstream.
Raise #GP when guest read/write IA32_XSS, but the CPUID bits
say that it shouldn't exist.
Fixes: 203000993de5 (kvm: vmx: add MSR logic for XSAVES)
Reported-by: Xiaoyao Li <[email protected]>
Reported-by: Tao Xu <[email protected]>
Cc: Paolo Bonzini <[email protected]>
Cc: Radim Krčmář <[email protected]>
Cc: [email protected]
Signed-off-by: Wanpeng Li <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/kvm/vmx/vmx.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -1718,7 +1718,10 @@ static int vmx_get_msr(struct kvm_vcpu *
return vmx_get_vmx_msr(&vmx->nested.msrs, msr_info->index,
&msr_info->data);
case MSR_IA32_XSS:
- if (!vmx_xsaves_supported())
+ if (!vmx_xsaves_supported() ||
+ (!msr_info->host_initiated &&
+ !(guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) &&
+ guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))))
return 1;
msr_info->data = vcpu->arch.ia32_xss;
break;
@@ -1929,7 +1932,10 @@ static int vmx_set_msr(struct kvm_vcpu *
return 1;
return vmx_set_vmx_msr(vcpu, msr_index, data);
case MSR_IA32_XSS:
- if (!vmx_xsaves_supported())
+ if (!vmx_xsaves_supported() ||
+ (!msr_info->host_initiated &&
+ !(guest_cpuid_has(vcpu, X86_FEATURE_XSAVE) &&
+ guest_cpuid_has(vcpu, X86_FEATURE_XSAVES))))
return 1;
/*
* The only supported bit as of Skylake is bit 8, but
From: Aaron Armstrong Skomra <[email protected]>
commit d4b8efeb46d99a5d02e7f88ac4eaccbe49370770 upstream.
Only sync the pad once per report, not once per collection.
Also avoid syncing the pad on battery reports.
Fixes: f8b6a74719b5 ("HID: wacom: generic: Support multiple tools per report")
Cc: <[email protected]> # v4.17+
Signed-off-by: Aaron Armstrong Skomra <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/hid/wacom_wac.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2121,14 +2121,12 @@ static void wacom_wac_pad_report(struct
bool active = wacom_wac->hid_data.inrange_state != 0;
/* report prox for expresskey events */
- if ((wacom_equivalent_usage(field->physical) == HID_DG_TABLETFUNCTIONKEY) &&
- wacom_wac->hid_data.pad_input_event_flag) {
+ if (wacom_wac->hid_data.pad_input_event_flag) {
input_event(input, EV_ABS, ABS_MISC, active ? PAD_DEVICE_ID : 0);
input_sync(input);
if (!active)
wacom_wac->hid_data.pad_input_event_flag = false;
}
-
}
static void wacom_wac_pen_usage_mapping(struct hid_device *hdev,
@@ -2704,9 +2702,7 @@ static int wacom_wac_collection(struct h
if (report->type != HID_INPUT_REPORT)
return -1;
- if (WACOM_PAD_FIELD(field) && wacom->wacom_wac.pad_input)
- wacom_wac_pad_report(hdev, report, field);
- else if (WACOM_PEN_FIELD(field) && wacom->wacom_wac.pen_input)
+ if (WACOM_PEN_FIELD(field) && wacom->wacom_wac.pen_input)
wacom_wac_pen_report(hdev, report);
else if (WACOM_FINGER_FIELD(field) && wacom->wacom_wac.touch_input)
wacom_wac_finger_report(hdev, report);
@@ -2720,7 +2716,7 @@ void wacom_wac_report(struct hid_device
struct wacom_wac *wacom_wac = &wacom->wacom_wac;
struct hid_field *field;
bool pad_in_hid_field = false, pen_in_hid_field = false,
- finger_in_hid_field = false;
+ finger_in_hid_field = false, true_pad = false;
int r;
int prev_collection = -1;
@@ -2736,6 +2732,8 @@ void wacom_wac_report(struct hid_device
pen_in_hid_field = true;
if (WACOM_FINGER_FIELD(field))
finger_in_hid_field = true;
+ if (wacom_equivalent_usage(field->physical) == HID_DG_TABLETFUNCTIONKEY)
+ true_pad = true;
}
wacom_wac_battery_pre_report(hdev, report);
@@ -2759,6 +2757,9 @@ void wacom_wac_report(struct hid_device
}
wacom_wac_battery_report(hdev, report);
+
+ if (true_pad && wacom->wacom_wac.pad_input)
+ wacom_wac_pad_report(hdev, report, field);
}
static int wacom_bpt_touch(struct wacom_wac *wacom)
From: Michael Neuling <[email protected]>
commit 3fefd1cd95df04da67c83c1cb93b663f04b3324f upstream.
When emulating tsr, treclaim and trechkpt, we incorrectly set CR0. The
code currently sets:
CR0 <- 00 || MSR[TS]
but according to the ISA it should be:
CR0 <- 0 || MSR[TS] || 0
This fixes the bit shift to put the bits in the correct location.
This is a data integrity issue as CR0 is corrupted.
Fixes: 4bb3c7a0208f ("KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9")
Cc: [email protected] # v4.17+
Tested-by: Suraj Jitindar Singh <[email protected]>
Signed-off-by: Michael Neuling <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/powerpc/kvm/book3s_hv_tm.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/powerpc/kvm/book3s_hv_tm.c
+++ b/arch/powerpc/kvm/book3s_hv_tm.c
@@ -131,7 +131,7 @@ int kvmhv_p9_tm_emulation(struct kvm_vcp
}
/* Set CR0 to indicate previous transactional state */
vcpu->arch.regs.ccr = (vcpu->arch.regs.ccr & 0x0fffffff) |
- (((msr & MSR_TS_MASK) >> MSR_TS_S_LG) << 28);
+ (((msr & MSR_TS_MASK) >> MSR_TS_S_LG) << 29);
/* L=1 => tresume, L=0 => tsuspend */
if (instr & (1 << 21)) {
if (MSR_TM_SUSPENDED(msr))
@@ -175,7 +175,7 @@ int kvmhv_p9_tm_emulation(struct kvm_vcp
/* Set CR0 to indicate previous transactional state */
vcpu->arch.regs.ccr = (vcpu->arch.regs.ccr & 0x0fffffff) |
- (((msr & MSR_TS_MASK) >> MSR_TS_S_LG) << 28);
+ (((msr & MSR_TS_MASK) >> MSR_TS_S_LG) << 29);
vcpu->arch.shregs.msr &= ~MSR_TS_MASK;
return RESUME_GUEST;
@@ -205,7 +205,7 @@ int kvmhv_p9_tm_emulation(struct kvm_vcp
/* Set CR0 to indicate previous transactional state */
vcpu->arch.regs.ccr = (vcpu->arch.regs.ccr & 0x0fffffff) |
- (((msr & MSR_TS_MASK) >> MSR_TS_S_LG) << 28);
+ (((msr & MSR_TS_MASK) >> MSR_TS_S_LG) << 29);
vcpu->arch.shregs.msr = msr | MSR_TS_S;
return RESUME_GUEST;
}
From: Like Xu <[email protected]>
commit 6fc3977ccc5d3c22e851f2dce2d3ce2a0a843842 upstream.
If a perf_event creation fails due to any reason of the host perf
subsystem, it has no chance to log the corresponding event for guest
which may cause abnormal sampling data in guest result. In debug mode,
this message helps to understand the state of vPMC and we may not
limit the number of occurrences but not in a spamming style.
Suggested-by: Joe Perches <[email protected]>
Signed-off-by: Like Xu <[email protected]>
Cc: [email protected]
Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/kvm/pmu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/pmu.c
+++ b/arch/x86/kvm/pmu.c
@@ -131,8 +131,8 @@ static void pmc_reprogram_counter(struct
intr ? kvm_perf_overflow_intr :
kvm_perf_overflow, pmc);
if (IS_ERR(event)) {
- printk_once("kvm_pmu: event creation failed %ld\n",
- PTR_ERR(event));
+ pr_debug_ratelimited("kvm_pmu: event creation failed %ld for pmc->idx = %d\n",
+ PTR_ERR(event), pmc->idx);
return;
}
From: Konstantin Khlebnikov <[email protected]>
commit 3a10f999ffd464d01c5a05592a15470a3c4bbc36 upstream.
After commit 991f61fe7e1d ("Blk-throttle: reduce tail io latency when
iops limit is enforced") wait time could be zero even if group is
throttled and cannot issue requests right now. As a result
throtl_select_dispatch() turns into busy-loop under irq-safe queue
spinlock.
Fix is simple: always round up target time to the next throttle slice.
Fixes: 991f61fe7e1d ("Blk-throttle: reduce tail io latency when iops limit is enforced")
Signed-off-by: Konstantin Khlebnikov <[email protected]>
Cc: [email protected] # v4.19+
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
block/blk-throttle.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
--- a/block/blk-throttle.c
+++ b/block/blk-throttle.c
@@ -881,13 +881,10 @@ static bool tg_with_in_iops_limit(struct
unsigned long jiffy_elapsed, jiffy_wait, jiffy_elapsed_rnd;
u64 tmp;
- jiffy_elapsed = jiffy_elapsed_rnd = jiffies - tg->slice_start[rw];
+ jiffy_elapsed = jiffies - tg->slice_start[rw];
- /* Slice has just started. Consider one slice interval */
- if (!jiffy_elapsed)
- jiffy_elapsed_rnd = tg->td->throtl_slice;
-
- jiffy_elapsed_rnd = roundup(jiffy_elapsed_rnd, tg->td->throtl_slice);
+ /* Round up to the next throttle slice, wait time must be nonzero */
+ jiffy_elapsed_rnd = roundup(jiffy_elapsed + 1, tg->td->throtl_slice);
/*
* jiffy_elapsed_rnd should not be a big value as minimum iops can be
From: Nathan Lynch <[email protected]>
commit 0aa82c482ab2ece530a6f44897b63b274bb43c8e upstream.
During post-migration device tree updates, we can oops in
pseries_update_drconf_memory() if the source device tree has an
ibm,dynamic-memory-v2 property and the destination has a
ibm,dynamic_memory (v1) property. The notifier processes an "update"
for the ibm,dynamic-memory property but it's really an add in this
scenario. So make sure the old property object is there before
dereferencing it.
Fixes: 2b31e3aec1db ("powerpc/drmem: Add support for ibm, dynamic-memory-v2 property")
Cc: [email protected] # v4.16+
Signed-off-by: Nathan Lynch <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/powerpc/platforms/pseries/hotplug-memory.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/powerpc/platforms/pseries/hotplug-memory.c
+++ b/arch/powerpc/platforms/pseries/hotplug-memory.c
@@ -980,6 +980,9 @@ static int pseries_update_drconf_memory(
if (!memblock_size)
return -EINVAL;
+ if (!pr->old_prop)
+ return 0;
+
p = (__be32 *) pr->old_prop->value;
if (!p)
return -EINVAL;
From: Helge Deller <[email protected]>
commit 34c32fc603311a72cb558e5e337555434f64c27b upstream.
On parisc the privilege level of a process is stored in the lowest two bits of
the instruction pointers (IAOQ0 and IAOQ1). On Linux we use privilege level 0
for the kernel and privilege level 3 for user-space. So userspace should not be
allowed to modify IAOQ0 or IAOQ1 of a ptraced process to change it's privilege
level to e.g. 0 to try to gain kernel privileges.
This patch prevents such modifications in the regset support functions by
always setting the two lowest bits to one (which relates to privilege level 3
for user-space) if IAOQ0 or IAOQ1 are modified via ptrace regset calls.
Link: https://bugs.gentoo.org/481768
Cc: <[email protected]> # v4.7+
Tested-by: Rolf Eike Beer <[email protected]>
Signed-off-by: Helge Deller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/parisc/kernel/ptrace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/parisc/kernel/ptrace.c
+++ b/arch/parisc/kernel/ptrace.c
@@ -496,7 +496,8 @@ static void set_reg(struct pt_regs *regs
return;
case RI(iaoq[0]):
case RI(iaoq[1]):
- regs->iaoq[num - RI(iaoq[0])] = val;
+ /* set 2 lowest bits to ensure userspace privilege: */
+ regs->iaoq[num - RI(iaoq[0])] = val | 3;
return;
case RI(sar): regs->sar = val;
return;
From: Tejun Heo <[email protected]>
commit 5de0073fcd50cc1f150895a7bb04d3cf8067b1d7 upstream.
If use_delay was non-zero when the latency target of a cgroup was set
to zero, it will stay stuck until io.latency is enabled on the cgroup
again. This keeps readahead disabled for the cgroup impacting
performance negatively.
Signed-off-by: Tejun Heo <[email protected]>
Cc: Josef Bacik <[email protected]>
Fixes: d70675121546 ("block: introduce blk-iolatency io controller")
Cc: [email protected] # v4.19+
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
block/blk-iolatency.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/block/blk-iolatency.c
+++ b/block/blk-iolatency.c
@@ -758,8 +758,10 @@ static int iolatency_set_min_lat_nsec(st
if (!oldval && val)
return 1;
- if (oldval && !val)
+ if (oldval && !val) {
+ blkcg_clear_delay(blkg);
return -1;
+ }
return 0;
}
From: Tejun Heo <[email protected]>
commit f539da82f2158916e154d206054e0efd5df7ab61 upstream.
Depending on the number of devices, blkcg stats can go over the
default seqfile buf size. seqfile normally retries with a larger
buffer but since the ->pd_stat() addition, blkcg_print_stat() doesn't
tell seqfile that overflow has happened and the output gets printed
truncated. Fix it by calling seq_commit() w/ -1 on possible
overflows.
Signed-off-by: Tejun Heo <[email protected]>
Fixes: 903d23f0a354 ("blk-cgroup: allow controllers to output their own stats")
Cc: [email protected] # v4.19+
Cc: Josef Bacik <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
block/blk-cgroup.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -1005,8 +1005,12 @@ static int blkcg_print_stat(struct seq_f
}
next:
if (has_stats) {
- off += scnprintf(buf+off, size-off, "\n");
- seq_commit(sf, off);
+ if (off < size - 1) {
+ off += scnprintf(buf+off, size-off, "\n");
+ seq_commit(sf, off);
+ } else {
+ seq_commit(sf, -1);
+ }
}
}
From: Matthew Wilcox (Oracle) <[email protected]>
commit 23c84eb7837514e16d79ed6d849b13745e0ce688 upstream.
RocksDB can hang indefinitely when using a DAX file. This is due to
a bug in the XArray conversion when handling a PMD fault and finding a
PTE entry. We use the wrong index in the hash and end up waiting on
the wrong waitqueue.
There's actually no need to wait; if we find a PTE entry while looking
for a PMD entry, we can return immediately as we know we should fall
back to a PTE fault (which may not conflict with the lock held).
We reuse the XA_RETRY_ENTRY to signal a conflicting entry was found.
This value can never be found in an XArray while holding its lock, so
it does not create an ambiguity.
Cc: <[email protected]>
Link: http://lkml.kernel.org/r/CAPcyv4hwHpX-MkUEqxwdTj7wCCZCN4RV-L4jsnuwLGyL_UEG4A@mail.gmail.com
Fixes: b15cd800682f ("dax: Convert page fault handlers to XArray")
Signed-off-by: Matthew Wilcox (Oracle) <[email protected]>
Tested-by: Dan Williams <[email protected]>
Reported-by: Robert Barror <[email protected]>
Reported-by: Seema Pandit <[email protected]>
Reviewed-by: Jan Kara <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/dax.c | 53 +++++++++++++++++++++++++++++++++--------------------
1 file changed, 33 insertions(+), 20 deletions(-)
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -132,6 +132,15 @@ static int dax_is_empty_entry(void *entr
}
/*
+ * true if the entry that was found is of a smaller order than the entry
+ * we were looking for
+ */
+static bool dax_is_conflict(void *entry)
+{
+ return entry == XA_RETRY_ENTRY;
+}
+
+/*
* DAX page cache entry locking
*/
struct exceptional_entry_key {
@@ -203,11 +212,13 @@ static void dax_wake_entry(struct xa_sta
* Look up entry in page cache, wait for it to become unlocked if it
* is a DAX entry and return it. The caller must subsequently call
* put_unlocked_entry() if it did not lock the entry or dax_unlock_entry()
- * if it did.
+ * if it did. The entry returned may have a larger order than @order.
+ * If @order is larger than the order of the entry found in i_pages, this
+ * function returns a dax_is_conflict entry.
*
* Must be called with the i_pages lock held.
*/
-static void *get_unlocked_entry(struct xa_state *xas)
+static void *get_unlocked_entry(struct xa_state *xas, unsigned int order)
{
void *entry;
struct wait_exceptional_entry_queue ewait;
@@ -218,6 +229,8 @@ static void *get_unlocked_entry(struct x
for (;;) {
entry = xas_find_conflict(xas);
+ if (dax_entry_order(entry) < order)
+ return XA_RETRY_ENTRY;
if (!entry || WARN_ON_ONCE(!xa_is_value(entry)) ||
!dax_is_locked(entry))
return entry;
@@ -262,7 +275,7 @@ static void wait_entry_unlocked(struct x
static void put_unlocked_entry(struct xa_state *xas, void *entry)
{
/* If we were the only waiter woken, wake the next one */
- if (entry)
+ if (entry && dax_is_conflict(entry))
dax_wake_entry(xas, entry, false);
}
@@ -469,7 +482,7 @@ void dax_unlock_page(struct page *page,
* overlap with xarray value entries.
*/
static void *grab_mapping_entry(struct xa_state *xas,
- struct address_space *mapping, unsigned long size_flag)
+ struct address_space *mapping, unsigned int order)
{
unsigned long index = xas->xa_index;
bool pmd_downgrade = false; /* splitting PMD entry into PTE entries? */
@@ -477,20 +490,17 @@ static void *grab_mapping_entry(struct x
retry:
xas_lock_irq(xas);
- entry = get_unlocked_entry(xas);
+ entry = get_unlocked_entry(xas, order);
if (entry) {
+ if (dax_is_conflict(entry))
+ goto fallback;
if (!xa_is_value(entry)) {
xas_set_err(xas, EIO);
goto out_unlock;
}
- if (size_flag & DAX_PMD) {
- if (dax_is_pte_entry(entry)) {
- put_unlocked_entry(xas, entry);
- goto fallback;
- }
- } else { /* trying to grab a PTE entry */
+ if (order == 0) {
if (dax_is_pmd_entry(entry) &&
(dax_is_zero_entry(entry) ||
dax_is_empty_entry(entry))) {
@@ -531,7 +541,11 @@ retry:
if (entry) {
dax_lock_entry(xas, entry);
} else {
- entry = dax_make_entry(pfn_to_pfn_t(0), size_flag | DAX_EMPTY);
+ unsigned long flags = DAX_EMPTY;
+
+ if (order > 0)
+ flags |= DAX_PMD;
+ entry = dax_make_entry(pfn_to_pfn_t(0), flags);
dax_lock_entry(xas, entry);
if (xas_error(xas))
goto out_unlock;
@@ -602,7 +616,7 @@ struct page *dax_layout_busy_page(struct
if (WARN_ON_ONCE(!xa_is_value(entry)))
continue;
if (unlikely(dax_is_locked(entry)))
- entry = get_unlocked_entry(&xas);
+ entry = get_unlocked_entry(&xas, 0);
if (entry)
page = dax_busy_page(entry);
put_unlocked_entry(&xas, entry);
@@ -629,7 +643,7 @@ static int __dax_invalidate_entry(struct
void *entry;
xas_lock_irq(&xas);
- entry = get_unlocked_entry(&xas);
+ entry = get_unlocked_entry(&xas, 0);
if (!entry || WARN_ON_ONCE(!xa_is_value(entry)))
goto out;
if (!trunc &&
@@ -856,7 +870,7 @@ static int dax_writeback_one(struct xa_s
if (unlikely(dax_is_locked(entry))) {
void *old_entry = entry;
- entry = get_unlocked_entry(xas);
+ entry = get_unlocked_entry(xas, 0);
/* Entry got punched out / reallocated? */
if (!entry || WARN_ON_ONCE(!xa_is_value(entry)))
@@ -1517,7 +1531,7 @@ static vm_fault_t dax_iomap_pmd_fault(st
* entry is already in the array, for instance), it will return
* VM_FAULT_FALLBACK.
*/
- entry = grab_mapping_entry(&xas, mapping, DAX_PMD);
+ entry = grab_mapping_entry(&xas, mapping, PMD_ORDER);
if (xa_is_internal(entry)) {
result = xa_to_internal(entry);
goto fallback;
@@ -1666,11 +1680,10 @@ dax_insert_pfn_mkwrite(struct vm_fault *
vm_fault_t ret;
xas_lock_irq(&xas);
- entry = get_unlocked_entry(&xas);
+ entry = get_unlocked_entry(&xas, order);
/* Did we race with someone splitting entry or so? */
- if (!entry ||
- (order == 0 && !dax_is_pte_entry(entry)) ||
- (order == PMD_ORDER && !dax_is_pmd_entry(entry))) {
+ if (!entry || dax_is_conflict(entry) ||
+ (order == 0 && !dax_is_pte_entry(entry))) {
put_unlocked_entry(&xas, entry);
xas_unlock_irq(&xas);
trace_dax_insert_pfn_mkwrite_no_entry(mapping->host, vmf,
From: Emmanuel Grumbach <[email protected]>
commit 940225628652b340b2bfe99f42f3d2db9fd9ce6c upstream.
Otherwise it'll stay set forever which is clearly buggy.
Cc: [email protected]
Signed-off-by: Emmanuel Grumbach <[email protected]>
Signed-off-by: Luca Coelho <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -419,6 +419,8 @@ static int iwl_run_unified_mvm_ucode(str
lockdep_assert_held(&mvm->mutex);
+ mvm->rfkill_safe_init_done = false;
+
iwl_init_notification_wait(&mvm->notif_wait,
&init_wait,
init_complete,
@@ -537,8 +539,7 @@ int iwl_run_init_mvm_ucode(struct iwl_mv
lockdep_assert_held(&mvm->mutex);
- if (WARN_ON_ONCE(mvm->rfkill_safe_init_done))
- return 0;
+ mvm->rfkill_safe_init_done = false;
iwl_init_notification_wait(&mvm->notif_wait,
&calib_wait,
@@ -1108,10 +1109,13 @@ static int iwl_mvm_load_rt_fw(struct iwl
iwl_fw_dbg_apply_point(&mvm->fwrt, IWL_FW_INI_APPLY_EARLY);
+ mvm->rfkill_safe_init_done = false;
ret = iwl_mvm_load_ucode_wait_alive(mvm, IWL_UCODE_REGULAR);
if (ret)
return ret;
+ mvm->rfkill_safe_init_done = true;
+
iwl_fw_dbg_apply_point(&mvm->fwrt, IWL_FW_INI_APPLY_AFTER_ALIVE);
return iwl_init_paging(&mvm->fwrt, mvm->fwrt.cur_fw_img);
From: Ming Lei <[email protected]>
commit f9b0530fa02e0c73f31a49ef743e8f44eb8e32cc upstream.
When scsi_init_sense_cache(host) is called concurrently from different
hosts, each code path may find that no cache has been created and
allocate a new one. The lack of locking can lead to potentially
overriding a cache allocated by a different host.
Fix the issue by moving 'mutex_lock(&scsi_sense_cache_mutex)' before
scsi_select_sense_cache().
Fixes: 0a6ac4ee7c21 ("scsi: respect unchecked_isa_dma for blk-mq")
Cc: Stable <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Cc: Hannes Reinecke <[email protected]>
Cc: Ewan D. Milne <[email protected]>
Signed-off-by: Ming Lei <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/scsi/scsi_lib.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -71,11 +71,11 @@ int scsi_init_sense_cache(struct Scsi_Ho
struct kmem_cache *cache;
int ret = 0;
+ mutex_lock(&scsi_sense_cache_mutex);
cache = scsi_select_sense_cache(shost->unchecked_isa_dma);
if (cache)
- return 0;
+ goto exit;
- mutex_lock(&scsi_sense_cache_mutex);
if (shost->unchecked_isa_dma) {
scsi_sense_isadma_cache =
kmem_cache_create("scsi_sense_cache(DMA)",
@@ -91,7 +91,7 @@ int scsi_init_sense_cache(struct Scsi_Ho
if (!scsi_sense_cache)
ret = -ENOMEM;
}
-
+ exit:
mutex_unlock(&scsi_sense_cache_mutex);
return ret;
}
[ Upstream commit 8ec3ede559956f8ad58db7b57d25ac724bab69e9 ]
The Header Parser allows identifying various fields in the packet
headers, used for various kind of filtering and classification
steps.
This is a re-entrant process, where the offset in the packet header
depends on the previous lookup results. This offset is represented in
the SRAM results of the TCAM, as a shift to be operated.
This shift can be negative in some cases, such as in IPv6 parsing.
This commit prevents overriding the sign bit when setting the shift
value, which could cause instabilities when parsing IPv6 flows.
Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375 network unit")
Suggested-by: Alan Winkowski <[email protected]>
Signed-off-by: Maxime Chevallier <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c
index ae2240074d8e..5692c6087bbb 100644
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c
@@ -312,7 +312,8 @@ static void mvpp2_prs_sram_shift_set(struct mvpp2_prs_entry *pe, int shift,
}
/* Set value */
- pe->sram[MVPP2_BIT_TO_WORD(MVPP2_PRS_SRAM_SHIFT_OFFS)] = shift & MVPP2_PRS_SRAM_SHIFT_MASK;
+ pe->sram[MVPP2_BIT_TO_WORD(MVPP2_PRS_SRAM_SHIFT_OFFS)] |=
+ shift & MVPP2_PRS_SRAM_SHIFT_MASK;
/* Reset and set operation */
mvpp2_prs_sram_bits_clear(pe, MVPP2_PRS_SRAM_OP_SEL_SHIFT_OFFS,
--
2.20.1
[ Upstream commit bc53d3d777f81385c1bb08b07bd1c06450ecc2c1 ]
Without 'set -e', shell scripts continue running even after any
error occurs. The missed 'set -e' is a typical bug in shell scripting.
For example, when a disk space shortage occurs while this script is
running, it actually ends up with generating a truncated capflags.c.
Yet, mkcapflags.sh continues running and exits with 0. So, the build
system assumes it has succeeded.
It will not be re-generated in the next invocation of Make since its
timestamp is newer than that of any of the source files.
Add 'set -e' so that any error in this script is caught and propagated
to the build system.
Since 9c2af1c7377a ("kbuild: add .DELETE_ON_ERROR special target"),
make automatically deletes the target on any failure. So, the broken
capflags.c will be deleted automatically.
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Cc: "H. Peter Anvin" <[email protected]>
Cc: Borislav Petkov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/kernel/cpu/mkcapflags.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kernel/cpu/mkcapflags.sh b/arch/x86/kernel/cpu/mkcapflags.sh
index d0dfb892c72f..aed45b8895d5 100644
--- a/arch/x86/kernel/cpu/mkcapflags.sh
+++ b/arch/x86/kernel/cpu/mkcapflags.sh
@@ -4,6 +4,8 @@
# Generate the x86_cap/bug_flags[] arrays from include/asm/cpufeatures.h
#
+set -e
+
IN=$1
OUT=$2
--
2.20.1
[ Upstream commit 77ae46e11df5c96bb4582633851f838f5d954df4 ]
v4l2_fill_pixfmt() returns -EINVAL if the pixelformat used as parameter is
invalid or if the user is trying to use a multiplanar format with the
singleplanar API. Currently, the vimc_cap_try_fmt_vid_cap() returns such
value, but vimc_cap_s_fmt_vid_cap() is ignoring it. Fix that and returns
an error value if vimc_cap_try_fmt_vid_cap() has failed.
Signed-off-by: André Almeida <[email protected]>
Suggested-by: Helen Koike <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/platform/vimc/vimc-capture.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/vimc/vimc-capture.c b/drivers/media/platform/vimc/vimc-capture.c
index ea869631a3f6..bbc16072ec16 100644
--- a/drivers/media/platform/vimc/vimc-capture.c
+++ b/drivers/media/platform/vimc/vimc-capture.c
@@ -130,12 +130,15 @@ static int vimc_cap_s_fmt_vid_cap(struct file *file, void *priv,
struct v4l2_format *f)
{
struct vimc_cap_device *vcap = video_drvdata(file);
+ int ret;
/* Do not change the format while stream is on */
if (vb2_is_busy(&vcap->queue))
return -EBUSY;
- vimc_cap_try_fmt_vid_cap(file, priv, f);
+ ret = vimc_cap_try_fmt_vid_cap(file, priv, f);
+ if (ret)
+ return ret;
dev_dbg(vcap->dev, "%s: format update: "
"old:%dx%d (0x%x, %d, %d, %d, %d) "
--
2.20.1
[ Upstream commit 8a07aa4e9b7b0222129c07afff81634a884b2866 ]
Debugging a OOM error using the TUI interface revealed this issue
on s390:
[tmricht@m83lp54 perf]$ cat /proc/kallsyms |sort
....
00000001119b7158 B radix_tree_node_cachep
00000001119b8000 B __bss_stop
00000001119b8000 B _end
000003ff80002850 t autofs_mount [autofs4]
000003ff80002868 t autofs_show_options [autofs4]
000003ff80002a98 t autofs_evict_inode [autofs4]
....
There is a huge gap between the last kernel symbol
__bss_stop/_end and the first kernel module symbol
autofs_mount (from autofs4 module).
After reading the kernel symbol table via functions:
dso__load()
+--> dso__load_kernel_sym()
+--> dso__load_kallsyms()
+--> __dso_load_kallsyms()
+--> symbols__fixup_end()
the symbol __bss_stop has a start address of 1119b8000 and
an end address of 3ff80002850, as can be seen by this debug statement:
symbols__fixup_end __bss_stop start:0x1119b8000 end:0x3ff80002850
The size of symbol __bss_stop is 0x3fe6e64a850 bytes!
It is the last kernel symbol and fills up the space until
the first kernel module symbol.
This size kills the TUI interface when executing the following
code:
process_sample_event()
hist_entry_iter__add()
hist_iter__report_callback()
hist_entry__inc_addr_samples()
symbol__inc_addr_samples(symbol = __bss_stop)
symbol__cycles_hist()
annotated_source__alloc_histograms(...,
symbol__size(sym),
...)
This function allocates memory to save sample histograms.
The symbol_size() marco is defined as sym->end - sym->start, which
results in above value of 0x3fe6e64a850 bytes and
the call to calloc() in annotated_source__alloc_histograms() fails.
The histgram memory allocation might fail, make this failure
no-fatal and continue processing.
Output before:
[tmricht@m83lp54 perf]$ ./perf --debug stderr=1 report -vvvvv \
-i ~/slow.data 2>/tmp/2
[tmricht@m83lp54 perf]$ tail -5 /tmp/2
__symbol__inc_addr_samples(875): ENOMEM! sym->name=__bss_stop,
start=0x1119b8000, addr=0x2aa0005eb08, end=0x3ff80002850,
func: 0
problem adding hist entry, skipping event
0x938b8 [0x8]: failed to process type: 68 [Cannot allocate memory]
[tmricht@m83lp54 perf]$
Output after:
[tmricht@m83lp54 perf]$ ./perf --debug stderr=1 report -vvvvv \
-i ~/slow.data 2>/tmp/2
[tmricht@m83lp54 perf]$ tail -5 /tmp/2
symbol__inc_addr_samples map:0x1597830 start:0x110730000 end:0x3ff80002850
symbol__hists notes->src:0x2aa2a70 nr_hists:1
symbol__inc_addr_samples sym:unlink_anon_vmas src:0x2aa2a70
__symbol__inc_addr_samples: addr=0x11094c69e
0x11094c670 unlink_anon_vmas: period++ [addr: 0x11094c69e, 0x2e, evidx=0]
=> nr_samples: 1, period: 526008
[tmricht@m83lp54 perf]$
There is no error about failed memory allocation and the TUI interface
shows all entries.
Signed-off-by: Thomas Richter <[email protected]>
Reviewed-by: Hendrik Brueckner <[email protected]>
Cc: Heiko Carstens <[email protected]>
Cc: Hendrik Brueckner <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
tools/perf/util/annotate.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index 09762985c713..0c43c5a0d9d9 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -932,9 +932,8 @@ static int symbol__inc_addr_samples(struct symbol *sym, struct map *map,
if (sym == NULL)
return 0;
src = symbol__hists(sym, evsel->evlist->nr_entries);
- if (src == NULL)
- return -ENOMEM;
- return __symbol__inc_addr_samples(sym, map, src, evsel->idx, addr, sample);
+ return (src) ? __symbol__inc_addr_samples(sym, map, src, evsel->idx,
+ addr, sample) : 0;
}
static int symbol__account_cycles(u64 addr, u64 start,
--
2.20.1
On 24/07/2019 20:15, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.20-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests are passing for Tegra ...
Test results for stable-v5.1:
12 builds: 12 pass, 0 fail
22 boots: 22 pass, 0 fail
32 tests: 32 pass, 0 fail
Linux version: 5.1.20-rc1-g21e90543f836
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Cheers
Jon
--
nvpublic
On 7/24/19 1:15 PM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.20-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
[ Upstream commit e08f0761234def47961d3252eac09ccedfe4c6a0 ]
In case ioremap fails, the fix returns -ENOMEM to avoid NULL
pointer dereference.
Signed-off-by: Kangjie Lu <[email protected]>
Acked-by: Lad, Prabhakar <[email protected]>
Reviewed-by: Mukesh Ojha <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/platform/davinci/vpss.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/platform/davinci/vpss.c b/drivers/media/platform/davinci/vpss.c
index 19cf6853411e..89a86c19579b 100644
--- a/drivers/media/platform/davinci/vpss.c
+++ b/drivers/media/platform/davinci/vpss.c
@@ -518,6 +518,11 @@ static int __init vpss_init(void)
return -EBUSY;
oper_cfg.vpss_regs_base2 = ioremap(VPSS_CLK_CTRL, 4);
+ if (unlikely(!oper_cfg.vpss_regs_base2)) {
+ release_mem_region(VPSS_CLK_CTRL, 4);
+ return -ENOMEM;
+ }
+
writel(VPSS_CLK_CTRL_VENCCLKEN |
VPSS_CLK_CTRL_DACCLKEN, oper_cfg.vpss_regs_base2);
--
2.20.1
On Wed, Jul 24, 2019 at 09:15:52PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
Building powerpc:defconfig ... failed
Building powerpc:allmodconfig ... failed
arch/powerpc/kernel/prom_init.c: In function ‘early_cmdline_parse’:
arch/powerpc/kernel/prom_init.c:689:8: error: implicit declaration of function ‘prom_strstr’
plus several qemu tests failing to build for the same reason.
Guenter
On Thu, Jul 25, 2019 at 09:33:29AM -0700, Guenter Roeck wrote:
> On Wed, Jul 24, 2019 at 09:15:52PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.1.20 release.
> > There are 371 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> > Anything received after that time might be too late.
> >
>
> Building powerpc:defconfig ... failed
> Building powerpc:allmodconfig ... failed
>
> arch/powerpc/kernel/prom_init.c: In function ‘early_cmdline_parse’:
> arch/powerpc/kernel/prom_init.c:689:8: error: implicit declaration of function ‘prom_strstr’
>
> plus several qemu tests failing to build for the same reason.
Found it, it's a powerpc patch. I've now dropped it and am pushing out
a -rc2 right now with that patch removed.
thanks,
greg k-h
On Wed, Jul 24, 2019 at 09:15:52PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
For v5.1.19-370-gfb6ea525ffcf:
Build results:
total: 159 pass: 159 fail: 0
Qemu test results:
total: 364 pass: 364 fail: 0
Guenter
On Wed, Jul 24, 2019 at 09:15:52PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.1.20 release.
> There are 371 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.1.20-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Compiled and booted with no regressions on my system.
Cheers,
Kelsey
On Thu, Jul 25, 2019 at 03:19:00PM -0700, Guenter Roeck wrote:
> On Wed, Jul 24, 2019 at 09:15:52PM +0200, Greg Kroah-Hartman wrote:
> > This is the start of the stable review cycle for the 5.1.20 release.
> > There are 371 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Fri 26 Jul 2019 07:13:35 PM UTC.
> > Anything received after that time might be too late.
> >
>
> For v5.1.19-370-gfb6ea525ffcf:
>
> Build results:
> total: 159 pass: 159 fail: 0
> Qemu test results:
> total: 364 pass: 364 fail: 0
Wonderful, glad it is all now working. Thanks for testing all of these
and letting me know.
greg k-h
Built and booted on my x86_64 test system. No dmesg regressions.
Thank you
Bharath