This is the start of the stable review cycle for the 4.19.149 release.
There are 245 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 01 Oct 2020 10:59:03 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.149-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 4.19.149-rc1
Marc Zyngier <[email protected]>
KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
Jiri Slaby <[email protected]>
ata: sata_mv, avoid trigerrable BUG_ON
Jiri Slaby <[email protected]>
ata: make qc_prep return ata_completion_errors
Jiri Slaby <[email protected]>
ata: define AC_ERR_OK
Muchun Song <[email protected]>
kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
Christian Borntraeger <[email protected]>
s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
Gao Xiang <[email protected]>
mm, THP, swap: fix allocating cluster for swapfile by mistake
Masami Hiramatsu <[email protected]>
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
Jan Höppner <[email protected]>
s390/dasd: Fix zero write for FBA devices
Tom Rix <[email protected]>
tracing: fix double free
Tom Lendacky <[email protected]>
KVM: SVM: Add a dedicated INVD intercept routine
Sean Christopherson <[email protected]>
KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
Wei Li <[email protected]>
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
Dmitry Baryshkov <[email protected]>
regmap: fix page selection for noinc reads
Tom Rix <[email protected]>
ALSA: asihpi: fix iounmap in error handler
Yonghong Song <[email protected]>
bpf: Fix a rcu warning for bpffs map pretty-print
Linus Lüssing <[email protected]>
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
Linus Lüssing <[email protected]>
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
Sven Eckelmann <[email protected]>
batman-adv: Add missing include for in_interrupt()
Martin Cerveny <[email protected]>
drm/sun4i: sun8i-csc: Secondary CSC register correction
Dmitry Bogdanov <[email protected]>
net: qed: RDMA personality shouldn't fail VF load
Marek Szyprowski <[email protected]>
drm/vc4/vc4_hdmi: fill ASoC card owner
Daniel Borkmann <[email protected]>
bpf: Fix clobbering of r2 in bpf_gen_ld_abs
Eric Dumazet <[email protected]>
mac802154: tx: fix use-after-free
Linus Lüssing <[email protected]>
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
Jing Xiangfeng <[email protected]>
atm: eni: fix the missed pci_disable_device() for eni_init_one()
Linus Lüssing <[email protected]>
batman-adv: bla: fix type misuse for backbone_gw hash indexing
Maximilian Luz <[email protected]>
mwifiex: Increase AES key storage size to 256 bits
Tianjia Zhang <[email protected]>
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
Tom Rix <[email protected]>
ieee802154/adf7242: check status of adf7242_read_reg
Liu Jian <[email protected]>
ieee802154: fix one possible memleak in ca8210_dev_com_init
Josh Poimboeuf <[email protected]>
objtool: Fix noreturn detection for ignored functions
Hans de Goede <[email protected]>
i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
Dennis Li <[email protected]>
drm/amdkfd: fix a memory leak issue
Sven Schnelle <[email protected]>
lockdep: fix order in trace_hardirqs_off_caller()
Ilya Leoshkevich <[email protected]>
s390/init: add missing __init annotations
Palmer Dabbelt <[email protected]>
RISC-V: Take text_mutex in ftrace_init_nop()
Hans de Goede <[email protected]>
ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
Sylwester Nawrocki <[email protected]>
ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
Sylwester Nawrocki <[email protected]>
ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
Anthony Iliopoulos <[email protected]>
nvme: explicitly update mpath disk capacity on revalidation
Tonghao Zhang <[email protected]>
net: openvswitch: use div_u64() for 64-by-32 divisions
Jin Yao <[email protected]>
perf parse-events: Use strcmp() to compare the PMU name
Hou Tao <[email protected]>
ubi: fastmap: Free unused fastmap anchor peb during detach
Qu Wenruo <[email protected]>
btrfs: qgroup: fix data leak caused by race between writeback and truncate
Zeng Tao <[email protected]>
vfio/pci: fix racy on error and request eventfd ctx
Andy Lutomirski <[email protected]>
selftests/x86/syscall_nt: Clear weird flags after each test
Javed Hasan <[email protected]>
scsi: libfc: Skip additional kref updating work event
Javed Hasan <[email protected]>
scsi: libfc: Handling of extra kref
Sagi Grimberg <[email protected]>
nvme: fix possible deadlock when I/O is blocked
Zhang Xiaoxu <[email protected]>
cifs: Fix double add page to memcg when cifs_readpages
Alex Williamson <[email protected]>
vfio/pci: Clear error and request eventfd ctx after releasing
Thomas Gleixner <[email protected]>
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
Boris Brezillon <[email protected]>
mtd: parser: cmdline: Support MTD names containing one or more colons
Madhuparna Bhowmik <[email protected]>
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
Qian Cai <[email protected]>
mm/swap_state: fix a data race in swapin_nr_pages
Jeff Layton <[email protected]>
ceph: fix potential race in ceph_check_caps
Dinghao Liu <[email protected]>
PCI: tegra: Fix runtime PM imbalance on error
Dinghao Liu <[email protected]>
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
Dinghao Liu <[email protected]>
wlcore: fix runtime pm imbalance in wlcore_regdomain_config
Dinghao Liu <[email protected]>
wlcore: fix runtime pm imbalance in wl1271_tx_work
Dinghao Liu <[email protected]>
ASoC: img-i2s-out: Fix runtime PM imbalance on error
Adrian Hunter <[email protected]>
perf kcore_copy: Fix module map when there are no modules loaded
Ian Rogers <[email protected]>
perf metricgroup: Free metric_events on error
Xie XiuQi <[email protected]>
perf util: Fix memory leak of prefix_if_not_in
Jiri Olsa <[email protected]>
perf stat: Fix duration_time value for higher intervals
Ian Rogers <[email protected]>
perf trace: Fix the selection for architectures to generate the errno name tables
Ian Rogers <[email protected]>
perf evsel: Fix 2 memory leaks
Qian Cai <[email protected]>
vfio/pci: fix memory leaks of eventfd ctx
David Sterba <[email protected]>
btrfs: don't force read-only after error in drop snapshot
Yu Chen <[email protected]>
usb: dwc3: Increase timeout for CmdAct cleared by device controller
Shreyas Joshi <[email protected]>
printk: handle blank console arguments passed in.
Dinghao Liu <[email protected]>
drm/nouveau/dispnv50: fix runtime pm imbalance on error
Dinghao Liu <[email protected]>
drm/nouveau: fix runtime pm imbalance on error
Dinghao Liu <[email protected]>
drm/nouveau/debugfs: fix runtime pm imbalance on error
Alexander Duyck <[email protected]>
e1000: Do not perform reset in reset_task if we are already down
Anshuman Khandual <[email protected]>
arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
Wei Yongjun <[email protected]>
scsi: cxlflash: Fix error return code in cxlflash_probe()
Colin Ian King <[email protected]>
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
Miklos Szeredi <[email protected]>
fuse: don't check refcount after stealing page
Nicholas Piggin <[email protected]>
powerpc/traps: Make unrecoverable NMIs die instead of panic
Takashi Iwai <[email protected]>
ALSA: hda: Fix potential race in unsol event handler
Jonathan Bakker <[email protected]>
tty: serial: samsung: Correct clock selection logic
Tuong Lien <[email protected]>
tipc: fix memory leak in service subscripting
Tang Bin <[email protected]>
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
Sonny Sasaka <[email protected]>
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
Jonathan Bakker <[email protected]>
phy: samsung: s5pv210-usb2: Add delay after reset
Jonathan Bakker <[email protected]>
power: supply: max17040: Correct voltage reading
Ian Rogers <[email protected]>
perf mem2node: Avoid double free related to realloc
Cong Wang <[email protected]>
atm: fix a memory leak of vcc->user_back
Krzysztof Kozlowski <[email protected]>
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
Will Deacon <[email protected]>
arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
Wei Yongjun <[email protected]>
sparc64: vcc: Fix error return code in vcc_probe()
Ivan Safonov <[email protected]>
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
Christophe JAILLET <[email protected]>
scsi: aacraid: Fix error handling paths in aac_probe_one()
Tonghao Zhang <[email protected]>
net: openvswitch: use u64 for meter bucket
Zenghui Yu <[email protected]>
KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
Madhuparna Bhowmik <[email protected]>
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
Douglas Anderson <[email protected]>
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
Stephane Eranian <[email protected]>
perf stat: Force error in fallback on :k events
Steve Rutherford <[email protected]>
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
Raviteja Narayanam <[email protected]>
serial: uartps: Wait for tx_empty in console setup
Nilesh Javali <[email protected]>
scsi: qedi: Fix termination timeouts in session logout
Jaewon Kim <[email protected]>
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
Israel Rukshin <[email protected]>
nvmet-rdma: fix double free of rdma queue
Qian Cai <[email protected]>
mm/vmscan.c: fix data races using kswapd_classzone_idx
Xianting Tian <[email protected]>
mm/filemap.c: clear page error before actual read
Nathan Chancellor <[email protected]>
mm/kmemleak.c: use address-of operator on section symbols
Trond Myklebust <[email protected]>
NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
Stuart Hayes <[email protected]>
PCI: pciehp: Fix MSI interrupt race
Andreas Steinmetz <[email protected]>
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
Liu Song <[email protected]>
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
Mikel Rychliski <[email protected]>
PCI: Use ioremap(), not phys_to_virt() for platform ROM
Chuck Lever <[email protected]>
svcrdma: Fix leak of transport addresses
Christophe JAILLET <[email protected]>
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
Don Brace <[email protected]>
scsi: hpsa: correct race condition in offload enabled
Zhu Yanjun <[email protected]>
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
Israel Rukshin <[email protected]>
nvme: Fix controller creation races with teardown flow
John Meneghini <[email protected]>
nvme-multipath: do not reset on unknown status
Gabriel Ravier <[email protected]>
tools: gpio-hammer: Avoid potential overflow in main
Pratik Rajesh Sampat <[email protected]>
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
Christophe JAILLET <[email protected]>
perf cpumap: Fix snprintf overflow check
Vignesh Raghavendra <[email protected]>
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
Peter Ujfalusi <[email protected]>
serial: 8250_omap: Fix sleeping function called from invalid context during probe
Vignesh Raghavendra <[email protected]>
serial: 8250_port: Don't service RX FIFO if throttled
Ian Rogers <[email protected]>
perf parse-events: Fix 3 use after frees found with clang ASAN
Niklas Söderlund <[email protected]>
thermal: rcar_thermal: Handle probe error gracefully
Nathan Chancellor <[email protected]>
tracing: Use address-of operator on section symbols
Jordan Crouse <[email protected]>
drm/msm/a5xx: Always set an OPP supported hardware value
Pavel Machek <[email protected]>
drm/msm: fix leaks if initialization fails
Gustavo Romero <[email protected]>
KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones
Jason Gunthorpe <[email protected]>
RDMA/cm: Remove a race freeing timewait_info
Trond Myklebust <[email protected]>
nfsd: Don't add locks to closed or closing open stateids
Alexandre Belloni <[email protected]>
rtc: ds1374: fix possible race condition
Alexandre Belloni <[email protected]>
rtc: sa1100: fix possible race condition
Stefan Berger <[email protected]>
tpm: ibmvtpm: Wait for buffer to be set before proceeding
Dmitry Monakhov <[email protected]>
ext4: mark block bitmap corrupted when found instead of BUGON
Darrick J. Wong <[email protected]>
xfs: mark dir corrupt when lookup-by-hash fails
Darrick J. Wong <[email protected]>
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
Colin Ian King <[email protected]>
media: tda10071: fix unsigned sign extension overflow
Howard Chung <[email protected]>
Bluetooth: L2CAP: handle l2cap config request during open state
Sagar Biradar <[email protected]>
scsi: aacraid: Disabling TM path and only processing IOP reset
Wen Gong <[email protected]>
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
Rodrigo Siqueira <[email protected]>
drm/amd/display: Stop if retimer is not available
John Clements <[email protected]>
drm/amdgpu: increase atombios cmd timeout
Kirill A. Shutemov <[email protected]>
mm: avoid data corruption on CoW fault into PFN-mapped VMA
John Garry <[email protected]>
perf jevents: Fix leak of mapfile memory
Qiujun Huang <[email protected]>
ext4: fix a data race at inode->i_disksize
Wen Yang <[email protected]>
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
Alain Michaud <[email protected]>
Bluetooth: guard against controllers sending zero'd events
Takashi Iwai <[email protected]>
media: go7007: Fix URB type for interrupt handling
John Garry <[email protected]>
bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal
Qian Cai <[email protected]>
random: fix data races at timer_rand_state
James Morse <[email protected]>
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
Aric Cyr <[email protected]>
drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
Dmitry Osipenko <[email protected]>
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
Amelie Delaunay <[email protected]>
dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
Thomas Gleixner <[email protected]>
bpf: Remove recursion prevention from rcu free callback
Dave Hansen <[email protected]>
x86/pkeys: Add check for pkey "overflow"
Dan Carpenter <[email protected]>
media: staging/imx: Missing assignment in imx_media_capture_device_register()
Amelie Delaunay <[email protected]>
dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
Paolo Bonzini <[email protected]>
KVM: x86: fix incorrect comparison in trace event
Bart Van Assche <[email protected]>
RDMA/rxe: Fix configuration of atomic queue pair attributes
Thomas Richter <[email protected]>
perf test: Fix test trace+probe_vfs_getname.sh on s390
Takashi Iwai <[email protected]>
ALSA: usb-audio: Don't create a mixer element with bogus volume range
Felix Fietkau <[email protected]>
mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
Ayush Sawal <[email protected]>
crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test
Dinh Nguyen <[email protected]>
clk: stratix10: use do_div() for 64-bit calculation
Wen Yang <[email protected]>
drm/omap: fix possible object reference leak
James Smart <[email protected]>
scsi: lpfc: Fix coverity errors in fmdi attribute handling
James Smart <[email protected]>
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
Vasily Averin <[email protected]>
selinux: sel_avc_get_stat_idx should increase position index
Steve Grubb <[email protected]>
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
Qian Cai <[email protected]>
skbuff: fix a data race in skb_queue_len()
Mohan Kumar <[email protected]>
ALSA: hda: Clear RIRB status before reading WP
Zhuang Yanying <[email protected]>
KVM: fix overflow of zero page refcount with ksm running
Hillf Danton <[email protected]>
Bluetooth: prefetch channel before killing sock
Steven Price <[email protected]>
mm: pagewalk: fix termination condition in walk_pte_range()
Vasily Averin <[email protected]>
mm/swapfile.c: swap_next should increase position index
Manish Mandlik <[email protected]>
Bluetooth: Fix refcount use-after-free issue
Doug Smythies <[email protected]>
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
Sven Schnelle <[email protected]>
selftests/ftrace: fix glob selftest
Jeff Layton <[email protected]>
ceph: ensure we have a new cap before continuing in fill_inode
Mert Dirik <[email protected]>
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
Vincent Whitchurch <[email protected]>
ARM: 8948/1: Prevent OOB access in stacktrace
Josef Bacik <[email protected]>
tracing: Set kernel_stack's caller size properly
Maxim Mikityanskiy <[email protected]>
Bluetooth: btrtl: Use kvmalloc for FW allocations
Oliver O'Halloran <[email protected]>
powerpc/eeh: Only dump stack once if an MMIO loop is detected
Thomas Richter <[email protected]>
s390/cpum_sf: Use kzalloc and minor changes
Matthias Fend <[email protected]>
dmaengine: zynqmp_dma: fix burst length configuration
Bart Van Assche <[email protected]>
scsi: ufs: Fix a race condition in the tracing code
Bart Van Assche <[email protected]>
scsi: ufs: Make ufshcd_add_command_trace() easier to read
Rafael J. Wysocki <[email protected]>
ACPI: EC: Reference count query handlers under lock
Kevin Kou <[email protected]>
sctp: move trace_sctp_probe_path into sctp_outq_sack
Nikhil Devshatwar <[email protected]>
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
Marco Elver <[email protected]>
seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
Vasily Averin <[email protected]>
ipv6_route_seq_next should increase position index
Vasily Averin <[email protected]>
rt_cpu_seq_next should increase position index
Vasily Averin <[email protected]>
neigh_stat_seq_next() should increase position index
Darrick J. Wong <[email protected]>
xfs: fix log reservation overflows when allocating large rt extents
Miaohe Lin <[email protected]>
KVM: arm/arm64: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy()
Joe Perches <[email protected]>
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
Tzung-Bi Shih <[email protected]>
ASoC: max98090: remove msleep in PLL unlocked workaround
Pavel Shilovsky <[email protected]>
CIFS: Properly process SMB3 lease breaks
Kusanagi Kouichi <[email protected]>
debugfs: Fix !DEBUG_FS debugfs_create_automount
peter chang <[email protected]>
scsi: pm80xx: Cleanup command when a reset times out
Bob Peterson <[email protected]>
gfs2: clean up iopen glock mess in gfs2_create_inode
Bradley Bolen <[email protected]>
mmc: core: Fix size overflow for mmc partitions
Sascha Hauer <[email protected]>
ubi: Fix producing anchor PEBs
Christophe JAILLET <[email protected]>
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
Brian Foster <[email protected]>
xfs: fix attr leaf header freemap.size underflow
Al Viro <[email protected]>
fix dget_parent() fastpath race
Pan Bian <[email protected]>
RDMA/i40iw: Fix potential use after free
Pan Bian <[email protected]>
RDMA/qedr: Fix potential use after free
Satendra Singh Thakur <[email protected]>
dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails
Guoju Fang <[email protected]>
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
Divya Indi <[email protected]>
tracing: Adding NULL checks for trace_array descriptor pointer
Ivan Lazeev <[email protected]>
tpm_crb: fix fTPM on AMD Zen+ CPUs
Alex Deucher <[email protected]>
drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
Lee Jones <[email protected]>
mfd: mfd-core: Protect against NULL call-back function pointer
Hou Tao <[email protected]>
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
Alex Deucher <[email protected]>
drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
Stephen Kitt <[email protected]>
clk/ti/adpll: allocate room for terminating null
Eric Dumazet <[email protected]>
net: silence data-races on sk_backlog.tail
James Smart <[email protected]>
scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce
Pan Bian <[email protected]>
scsi: fnic: fix use after free
Dmitry Osipenko <[email protected]>
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
Oleh Kravchenko <[email protected]>
leds: mlxreg: Fix possible buffer overflow
Nick Desaulniers <[email protected]>
lib/string.c: implement stpcpy
Kai-Heng Feng <[email protected]>
ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520
Hui Wang <[email protected]>
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
Joakim Tjernlund <[email protected]>
ALSA: usb-audio: Add delay quirk for H570e USB headsets
Thomas Gleixner <[email protected]>
x86/ioapic: Unbreak check_timer()
Mikulas Patocka <[email protected]>
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
Sakari Ailus <[email protected]>
media: smiapp: Fix error handling at NVM reading
Russell King <[email protected]>
ASoC: kirkwood: fix IRQ error handling
Kangjie Lu <[email protected]>
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
Fuqian Huang <[email protected]>
m68k: q40: Fix info-leak in rtc_ioctl
Balsundar P <[email protected]>
scsi: aacraid: fix illegal IO beyond last LBA
Jia He <[email protected]>
mm: fix double page fault on arm64 if PTE_AF is cleared
Miaoqing Pan <[email protected]>
ath10k: fix memory leak for tpc_stats_final
Miaoqing Pan <[email protected]>
ath10k: fix array out-of-bounds access
Chris Wilson <[email protected]>
dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
zhengbin <[email protected]>
media: mc-device.c: fix memleak in media_device_register_entity
Jonathan Lebon <[email protected]>
selinux: allow labeling before policy is loaded
-------------
Diffstat:
Documentation/devicetree/bindings/sound/wm8994.txt | 18 ++-
Documentation/driver-api/libata.rst | 2 +-
Makefile | 4 +-
arch/arm/include/asm/kvm_emulate.h | 11 +-
arch/arm/kernel/stacktrace.c | 2 +
arch/arm/kernel/traps.c | 6 +-
arch/arm64/include/asm/kvm_emulate.h | 9 +-
arch/arm64/kernel/cpufeature.c | 12 +-
arch/arm64/kvm/hyp/switch.c | 2 +-
arch/m68k/q40/config.c | 1 +
arch/mips/include/asm/cpu-type.h | 1 +
arch/powerpc/include/asm/kvm_asm.h | 3 +
arch/powerpc/kernel/eeh.c | 2 +-
arch/powerpc/kernel/traps.c | 6 +-
arch/powerpc/kvm/book3s_hv_tm.c | 28 +++-
arch/powerpc/kvm/book3s_hv_tm_builtin.c | 16 ++-
arch/riscv/include/asm/ftrace.h | 7 +
arch/riscv/kernel/ftrace.c | 19 +++
arch/s390/kernel/perf_cpum_sf.c | 9 +-
arch/s390/kernel/setup.c | 6 +-
arch/x86/include/asm/nospec-branch.h | 4 +-
arch/x86/include/asm/pkeys.h | 5 +
arch/x86/kernel/apic/io_apic.c | 1 +
arch/x86/kernel/fpu/xstate.c | 9 +-
arch/x86/kvm/mmutrace.h | 2 +-
arch/x86/kvm/svm.c | 8 +-
arch/x86/kvm/x86.c | 13 +-
arch/x86/lib/usercopy_64.c | 2 +-
drivers/acpi/ec.c | 16 +--
drivers/ata/acard-ahci.c | 6 +-
drivers/ata/libahci.c | 6 +-
drivers/ata/libata-core.c | 9 +-
drivers/ata/libata-sff.c | 12 +-
drivers/ata/pata_macio.c | 6 +-
drivers/ata/pata_pxa.c | 8 +-
drivers/ata/pdc_adma.c | 7 +-
drivers/ata/sata_fsl.c | 4 +-
drivers/ata/sata_inic162x.c | 4 +-
drivers/ata/sata_mv.c | 34 ++---
drivers/ata/sata_nv.c | 18 ++-
drivers/ata/sata_promise.c | 6 +-
drivers/ata/sata_qstor.c | 8 +-
drivers/ata/sata_rcar.c | 6 +-
drivers/ata/sata_sil.c | 8 +-
drivers/ata/sata_sil24.c | 6 +-
drivers/ata/sata_sx4.c | 6 +-
drivers/atm/eni.c | 2 +-
drivers/base/regmap/regmap.c | 12 +-
drivers/bluetooth/btrtl.c | 20 +--
drivers/bus/hisi_lpc.c | 27 +++-
drivers/char/random.c | 12 +-
drivers/char/tlclk.c | 17 ++-
drivers/char/tpm/tpm_crb.c | 123 ++++++++++++-----
drivers/char/tpm/tpm_ibmvtpm.c | 9 ++
drivers/char/tpm/tpm_ibmvtpm.h | 1 +
drivers/clk/socfpga/clk-pll-s10.c | 4 +-
drivers/clk/ti/adpll.c | 11 +-
drivers/clocksource/h8300_timer8.c | 2 +-
drivers/cpufreq/powernv-cpufreq.c | 13 +-
drivers/crypto/chelsio/chcr_algo.c | 5 +-
drivers/crypto/chelsio/chtls/chtls_io.c | 10 +-
drivers/devfreq/tegra-devfreq.c | 4 +-
drivers/dma-buf/dma-fence.c | 78 +++++------
drivers/dma/mediatek/mtk-hsdma.c | 4 +-
drivers/dma/stm32-dma.c | 9 +-
drivers/dma/stm32-mdma.c | 9 +-
drivers/dma/tegra20-apb-dma.c | 3 +-
drivers/dma/xilinx/zynqmp_dma.c | 24 ++--
drivers/firmware/arm_sdei.c | 26 ++--
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 31 +++--
drivers/gpu/drm/amd/amdgpu/atom.c | 4 +-
.../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 67 +++++-----
drivers/gpu/drm/amd/display/dc/core/dc_link_ddc.c | 52 ++++----
drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 7 +
drivers/gpu/drm/amd/powerplay/hwmgr/vega10_hwmgr.c | 7 +
drivers/gpu/drm/gma500/cdv_intel_display.c | 2 +
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 27 +++-
drivers/gpu/drm/msm/msm_drv.c | 6 +-
drivers/gpu/drm/nouveau/dispnv50/disp.c | 4 +-
drivers/gpu/drm/nouveau/nouveau_debugfs.c | 5 +-
drivers/gpu/drm/nouveau/nouveau_gem.c | 4 +-
.../gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c | 17 ++-
drivers/gpu/drm/omapdrm/dss/omapdss-boot-init.c | 4 +-
drivers/gpu/drm/radeon/radeon_bios.c | 30 +++--
drivers/gpu/drm/sun4i/sun8i_csc.h | 2 +-
drivers/gpu/drm/vc4/vc4_hdmi.c | 1 +
drivers/i2c/i2c-core-base.c | 2 +-
drivers/infiniband/core/cm.c | 25 ++--
drivers/infiniband/hw/cxgb4/cm.c | 4 +-
drivers/infiniband/hw/i40iw/i40iw_cm.c | 2 +-
drivers/infiniband/hw/qedr/qedr_iw_cm.c | 2 +-
drivers/infiniband/sw/rxe/rxe.c | 2 +
drivers/infiniband/sw/rxe/rxe_qp.c | 7 +-
drivers/leds/leds-mlxreg.c | 4 +-
drivers/md/bcache/bcache.h | 1 +
drivers/md/bcache/btree.c | 12 +-
drivers/md/bcache/super.c | 1 +
drivers/media/dvb-frontends/tda10071.c | 9 +-
drivers/media/i2c/smiapp/smiapp-core.c | 3 +-
drivers/media/media-device.c | 65 ++++-----
drivers/media/platform/ti-vpe/cal.c | 6 +-
drivers/media/usb/go7007/go7007-usb.c | 4 +-
drivers/mfd/mfd-core.c | 10 ++
drivers/mmc/core/mmc.c | 9 +-
drivers/mtd/chips/cfi_cmdset_0002.c | 1 -
drivers/mtd/cmdlinepart.c | 23 +++-
drivers/mtd/nand/raw/omap_elm.c | 1 +
drivers/mtd/ubi/fastmap-wl.c | 46 ++++---
drivers/mtd/ubi/fastmap.c | 14 +-
drivers/mtd/ubi/ubi.h | 6 +-
drivers/mtd/ubi/wl.c | 32 ++---
drivers/mtd/ubi/wl.h | 1 -
drivers/net/ethernet/intel/e1000/e1000_main.c | 18 ++-
drivers/net/ethernet/qlogic/qed/qed_sriov.c | 1 +
drivers/net/ieee802154/adf7242.c | 4 +-
drivers/net/ieee802154/ca8210.c | 1 +
drivers/net/wireless/ath/ar5523/ar5523.c | 2 +
drivers/net/wireless/ath/ath10k/debug.c | 3 +-
drivers/net/wireless/ath/ath10k/sdio.c | 18 ++-
drivers/net/wireless/ath/ath10k/wmi.c | 49 ++++---
drivers/net/wireless/marvell/mwifiex/fw.h | 2 +-
drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c | 4 +-
drivers/net/wireless/mediatek/mt76/agg-rx.c | 1 +
drivers/net/wireless/ti/wlcore/main.c | 4 +-
drivers/net/wireless/ti/wlcore/tx.c | 1 +
drivers/nvme/host/core.c | 12 +-
drivers/nvme/host/multipath.c | 21 ++-
drivers/nvme/host/nvme.h | 19 ++-
drivers/nvme/target/rdma.c | 30 +++--
drivers/pci/controller/pci-tegra.c | 3 +-
drivers/pci/hotplug/pciehp_hpc.c | 26 +++-
drivers/pci/rom.c | 17 ---
drivers/phy/samsung/phy-s5pv210-usb2.c | 4 +
drivers/power/supply/max17040_battery.c | 2 +-
drivers/rapidio/devices/rio_mport_cdev.c | 14 +-
drivers/rtc/rtc-ds1374.c | 15 ++-
drivers/rtc/rtc-sa1100.c | 18 +--
drivers/s390/block/dasd_fba.c | 9 +-
drivers/s390/crypto/zcrypt_api.c | 3 +-
drivers/scsi/aacraid/aachba.c | 8 +-
drivers/scsi/aacraid/commsup.c | 2 +-
drivers/scsi/aacraid/linit.c | 46 +++++--
drivers/scsi/cxlflash/main.c | 1 +
drivers/scsi/fnic/fnic_scsi.c | 3 +-
drivers/scsi/hpsa.c | 80 ++++++++----
drivers/scsi/libfc/fc_rport.c | 13 +-
drivers/scsi/lpfc/lpfc_attr.c | 35 ++---
drivers/scsi/lpfc/lpfc_ct.c | 137 +++++++++----------
drivers/scsi/lpfc/lpfc_hw.h | 36 +++--
drivers/scsi/lpfc/lpfc_sli.c | 4 +
drivers/scsi/pm8001/pm8001_sas.c | 50 +++++--
drivers/scsi/qedi/qedi_iscsi.c | 3 +
drivers/scsi/ufs/ufshcd.c | 14 +-
drivers/staging/media/imx/imx-media-capture.c | 2 +-
drivers/staging/rtl8188eu/core/rtw_recv.c | 19 +--
drivers/thermal/rcar_thermal.c | 6 +-
drivers/tty/serial/8250/8250_omap.c | 8 +-
drivers/tty/serial/8250/8250_port.c | 16 ++-
drivers/tty/serial/samsung.c | 8 +-
drivers/tty/serial/xilinx_uartps.c | 8 ++
drivers/tty/vcc.c | 1 +
drivers/usb/dwc3/gadget.c | 2 +-
drivers/usb/host/ehci-mv.c | 8 +-
drivers/vfio/pci/vfio_pci.c | 13 ++
fs/block_dev.c | 10 ++
fs/btrfs/extent-tree.c | 2 -
fs/btrfs/inode.c | 23 ++--
fs/ceph/caps.c | 14 +-
fs/ceph/inode.c | 5 +-
fs/cifs/cifsglob.h | 9 +-
fs/cifs/file.c | 21 ++-
fs/cifs/misc.c | 17 +--
fs/cifs/smb1ops.c | 8 +-
fs/cifs/smb2misc.c | 32 +----
fs/cifs/smb2ops.c | 44 +++++--
fs/cifs/smb2pdu.h | 2 +-
fs/dcache.c | 4 +-
fs/ext4/inode.c | 2 +-
fs/ext4/mballoc.c | 11 +-
fs/fuse/dev.c | 1 -
fs/gfs2/inode.c | 13 +-
fs/nfs/pagelist.c | 67 ++++++----
fs/nfs/write.c | 10 +-
fs/nfsd/nfs4state.c | 73 ++++++-----
fs/ubifs/io.c | 16 ++-
fs/xfs/libxfs/xfs_attr_leaf.c | 4 +-
fs/xfs/libxfs/xfs_dir2_node.c | 1 +
fs/xfs/libxfs/xfs_trans_resv.c | 96 +++++++++++---
fs/xfs/scrub/dir.c | 3 +
include/linux/debugfs.h | 5 +-
include/linux/libata.h | 13 +-
include/linux/mmc/card.h | 2 +-
include/linux/nfs_page.h | 2 +
include/linux/pci.h | 1 -
include/linux/seqlock.h | 11 +-
include/linux/skbuff.h | 14 +-
include/net/sock.h | 4 +-
include/trace/events/sctp.h | 9 --
kernel/audit_watch.c | 2 -
kernel/bpf/hashtab.c | 8 --
kernel/bpf/inode.c | 4 +-
kernel/kprobes.c | 22 +++-
kernel/printk/printk.c | 3 +
kernel/sys.c | 4 +-
kernel/time/timekeeping.c | 3 +-
kernel/trace/trace.c | 5 +-
kernel/trace/trace_entries.h | 2 +-
kernel/trace/trace_events.c | 2 +
kernel/trace/trace_events_hist.c | 1 -
kernel/trace/trace_preemptirq.c | 4 +-
lib/string.c | 24 ++++
mm/filemap.c | 8 ++
mm/kmemleak.c | 2 +-
mm/memory.c | 121 +++++++++++++++--
mm/mmap.c | 2 +
mm/pagewalk.c | 4 +-
mm/swap_state.c | 5 +-
mm/swapfile.c | 4 +-
mm/vmscan.c | 45 ++++---
net/atm/lec.c | 6 +
net/batman-adv/bridge_loop_avoidance.c | 145 +++++++++++++++++----
net/batman-adv/bridge_loop_avoidance.h | 4 +-
net/batman-adv/routing.c | 4 +
net/batman-adv/soft-interface.c | 6 +-
net/bluetooth/hci_event.c | 25 +++-
net/bluetooth/l2cap_core.c | 29 +++--
net/bluetooth/l2cap_sock.c | 18 ++-
net/core/filter.c | 4 +-
net/core/neighbour.c | 1 +
net/ipv4/route.c | 1 +
net/ipv4/tcp.c | 2 +-
net/ipv6/ip6_fib.c | 7 +-
net/llc/af_llc.c | 2 +-
net/mac802154/tx.c | 8 +-
net/openvswitch/meter.c | 4 +-
net/openvswitch/meter.h | 2 +-
net/sctp/outqueue.c | 6 +
net/sunrpc/svc_xprt.c | 19 ++-
net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 1 +
net/tipc/topsrv.c | 4 +-
net/unix/af_unix.c | 11 +-
security/selinux/hooks.c | 12 ++
security/selinux/selinuxfs.c | 1 +
sound/hda/hdac_bus.c | 4 +
sound/pci/asihpi/hpioctl.c | 4 +-
sound/pci/hda/hda_controller.c | 11 +-
sound/pci/hda/patch_realtek.c | 13 +-
sound/soc/codecs/max98090.c | 8 +-
sound/soc/codecs/wm8994.c | 10 ++
sound/soc/codecs/wm_hubs.c | 3 +
sound/soc/codecs/wm_hubs.h | 1 +
sound/soc/img/img-i2s-out.c | 8 +-
sound/soc/intel/boards/bytcr_rt5640.c | 10 ++
sound/soc/kirkwood/kirkwood-dma.c | 2 +-
sound/usb/midi.c | 29 ++++-
sound/usb/mixer.c | 10 ++
sound/usb/quirks.c | 7 +-
tools/gpio/gpio-hammer.c | 17 ++-
tools/objtool/check.c | 2 +-
tools/perf/builtin-stat.c | 2 +-
tools/perf/pmu-events/jevents.c | 15 ++-
tools/perf/tests/shell/lib/probe_vfs_getname.sh | 2 +-
tools/perf/trace/beauty/arch_errno_names.sh | 2 +-
tools/perf/util/cpumap.c | 10 +-
tools/perf/util/evsel.c | 7 +
tools/perf/util/mem2node.c | 3 +-
tools/perf/util/metricgroup.c | 3 +
tools/perf/util/parse-events.c | 9 +-
tools/perf/util/sort.c | 2 +-
tools/perf/util/symbol-elf.c | 7 +
.../x86/intel_pstate_tracer/intel_pstate_tracer.py | 22 ++--
.../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +-
tools/testing/selftests/x86/syscall_nt.c | 1 +
virt/kvm/arm/mmio.c | 2 +-
virt/kvm/arm/mmu.c | 5 +-
virt/kvm/arm/vgic/vgic-init.c | 1 +
virt/kvm/arm/vgic/vgic-its.c | 11 +-
virt/kvm/kvm_main.c | 1 +
279 files changed, 2370 insertions(+), 1213 deletions(-)
From: Chris Wilson <[email protected]>
[ Upstream commit 9c98f021e4e717ffd9948fa65340ea3ef12b7935 ]
Make dma_fence_enable_sw_signaling() behave like its
dma_fence_add_callback() and dma_fence_default_wait() counterparts and
perform the test to enable signaling under the fence->lock, along with
the action to do so. This ensure that should an implementation be trying
to flush the cb_list (by signaling) on retirement before freeing the
fence, it can do so in a race-free manner.
See also 0fc89b6802ba ("dma-fence: Simply wrap dma_fence_signal_locked
with dma_fence_signal").
v2: Refactor all 3 enable_signaling paths to use a common function.
v3: Don't argue, just keep the tracepoint in the existing spot.
Signed-off-by: Chris Wilson <[email protected]>
Cc: Tvrtko Ursulin <[email protected]>
Reviewed-by: Tvrtko Ursulin <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/dma-buf/dma-fence.c | 78 +++++++++++++++++--------------------
1 file changed, 35 insertions(+), 43 deletions(-)
diff --git a/drivers/dma-buf/dma-fence.c b/drivers/dma-buf/dma-fence.c
index 1551ca7df3941..8586cc05def17 100644
--- a/drivers/dma-buf/dma-fence.c
+++ b/drivers/dma-buf/dma-fence.c
@@ -244,6 +244,30 @@ void dma_fence_free(struct dma_fence *fence)
}
EXPORT_SYMBOL(dma_fence_free);
+static bool __dma_fence_enable_signaling(struct dma_fence *fence)
+{
+ bool was_set;
+
+ lockdep_assert_held(fence->lock);
+
+ was_set = test_and_set_bit(DMA_FENCE_FLAG_ENABLE_SIGNAL_BIT,
+ &fence->flags);
+
+ if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
+ return false;
+
+ if (!was_set && fence->ops->enable_signaling) {
+ trace_dma_fence_enable_signal(fence);
+
+ if (!fence->ops->enable_signaling(fence)) {
+ dma_fence_signal_locked(fence);
+ return false;
+ }
+ }
+
+ return true;
+}
+
/**
* dma_fence_enable_sw_signaling - enable signaling on fence
* @fence: the fence to enable
@@ -256,19 +280,12 @@ void dma_fence_enable_sw_signaling(struct dma_fence *fence)
{
unsigned long flags;
- if (!test_and_set_bit(DMA_FENCE_FLAG_ENABLE_SIGNAL_BIT,
- &fence->flags) &&
- !test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags) &&
- fence->ops->enable_signaling) {
- trace_dma_fence_enable_signal(fence);
-
- spin_lock_irqsave(fence->lock, flags);
-
- if (!fence->ops->enable_signaling(fence))
- dma_fence_signal_locked(fence);
+ if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
+ return;
- spin_unlock_irqrestore(fence->lock, flags);
- }
+ spin_lock_irqsave(fence->lock, flags);
+ __dma_fence_enable_signaling(fence);
+ spin_unlock_irqrestore(fence->lock, flags);
}
EXPORT_SYMBOL(dma_fence_enable_sw_signaling);
@@ -302,7 +319,6 @@ int dma_fence_add_callback(struct dma_fence *fence, struct dma_fence_cb *cb,
{
unsigned long flags;
int ret = 0;
- bool was_set;
if (WARN_ON(!fence || !func))
return -EINVAL;
@@ -314,25 +330,14 @@ int dma_fence_add_callback(struct dma_fence *fence, struct dma_fence_cb *cb,
spin_lock_irqsave(fence->lock, flags);
- was_set = test_and_set_bit(DMA_FENCE_FLAG_ENABLE_SIGNAL_BIT,
- &fence->flags);
-
- if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
- ret = -ENOENT;
- else if (!was_set && fence->ops->enable_signaling) {
- trace_dma_fence_enable_signal(fence);
-
- if (!fence->ops->enable_signaling(fence)) {
- dma_fence_signal_locked(fence);
- ret = -ENOENT;
- }
- }
-
- if (!ret) {
+ if (__dma_fence_enable_signaling(fence)) {
cb->func = func;
list_add_tail(&cb->node, &fence->cb_list);
- } else
+ } else {
INIT_LIST_HEAD(&cb->node);
+ ret = -ENOENT;
+ }
+
spin_unlock_irqrestore(fence->lock, flags);
return ret;
@@ -432,7 +437,6 @@ dma_fence_default_wait(struct dma_fence *fence, bool intr, signed long timeout)
struct default_wait_cb cb;
unsigned long flags;
signed long ret = timeout ? timeout : 1;
- bool was_set;
if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
return ret;
@@ -444,21 +448,9 @@ dma_fence_default_wait(struct dma_fence *fence, bool intr, signed long timeout)
goto out;
}
- was_set = test_and_set_bit(DMA_FENCE_FLAG_ENABLE_SIGNAL_BIT,
- &fence->flags);
-
- if (test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags))
+ if (!__dma_fence_enable_signaling(fence))
goto out;
- if (!was_set && fence->ops->enable_signaling) {
- trace_dma_fence_enable_signal(fence);
-
- if (!fence->ops->enable_signaling(fence)) {
- dma_fence_signal_locked(fence);
- goto out;
- }
- }
-
if (!timeout) {
ret = 0;
goto out;
--
2.25.1
From: Stephen Kitt <[email protected]>
[ Upstream commit 7f6ac72946b88b89ee44c1c527aa8591ac5ffcbe ]
The buffer allocated in ti_adpll_clk_get_name doesn't account for the
terminating null. This patch switches to devm_kasprintf to avoid
overflowing.
Signed-off-by: Stephen Kitt <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
Acked-by: Tony Lindgren <[email protected]>
Signed-off-by: Stephen Boyd <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/clk/ti/adpll.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/drivers/clk/ti/adpll.c b/drivers/clk/ti/adpll.c
index 688e403333b91..14926e07d09ae 100644
--- a/drivers/clk/ti/adpll.c
+++ b/drivers/clk/ti/adpll.c
@@ -193,15 +193,8 @@ static const char *ti_adpll_clk_get_name(struct ti_adpll_data *d,
if (err)
return NULL;
} else {
- const char *base_name = "adpll";
- char *buf;
-
- buf = devm_kzalloc(d->dev, 8 + 1 + strlen(base_name) + 1 +
- strlen(postfix), GFP_KERNEL);
- if (!buf)
- return NULL;
- sprintf(buf, "%08lx.%s.%s", d->pa, base_name, postfix);
- name = buf;
+ name = devm_kasprintf(d->dev, GFP_KERNEL, "%08lx.adpll.%s",
+ d->pa, postfix);
}
return name;
--
2.25.1
From: Miaoqing Pan <[email protected]>
[ Upstream commit 486a8849843455298d49e694cca9968336ce2327 ]
The memory of ar->debug.tpc_stats_final is reallocated every debugfs
reading, it should be freed in ath10k_debug_destroy() for the last
allocation.
Tested HW: QCA9984
Tested FW: 10.4-3.9.0.2-00035
Signed-off-by: Miaoqing Pan <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/net/wireless/ath/ath10k/debug.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/ath/ath10k/debug.c b/drivers/net/wireless/ath/ath10k/debug.c
index aa333110eaba6..4e980e78ba95c 100644
--- a/drivers/net/wireless/ath/ath10k/debug.c
+++ b/drivers/net/wireless/ath/ath10k/debug.c
@@ -2365,6 +2365,7 @@ void ath10k_debug_destroy(struct ath10k *ar)
ath10k_debug_fw_stats_reset(ar);
kfree(ar->debug.tpc_stats);
+ kfree(ar->debug.tpc_stats_final);
}
int ath10k_debug_register(struct ath10k *ar)
--
2.25.1
From: Kangjie Lu <[email protected]>
[ Upstream commit 57a25a5f754ce27da2cfa6f413cfd366f878db76 ]
`best_clock` is an object that may be sent out. Object `clock`
contains uninitialized bytes that are copied to `best_clock`,
which leads to memory disclosure and information leak.
Signed-off-by: Kangjie Lu <[email protected]>
Signed-off-by: Daniel Vetter <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/gpu/drm/gma500/cdv_intel_display.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/gma500/cdv_intel_display.c b/drivers/gpu/drm/gma500/cdv_intel_display.c
index 17db4b4749d5a..2e8479744ca4a 100644
--- a/drivers/gpu/drm/gma500/cdv_intel_display.c
+++ b/drivers/gpu/drm/gma500/cdv_intel_display.c
@@ -415,6 +415,8 @@ static bool cdv_intel_find_dp_pll(const struct gma_limit_t *limit,
struct gma_crtc *gma_crtc = to_gma_crtc(crtc);
struct gma_clock_t clock;
+ memset(&clock, 0, sizeof(clock));
+
switch (refclk) {
case 27000:
if (target < 200000) {
--
2.25.1
From: Jonathan Lebon <[email protected]>
[ Upstream commit 3e3e24b42043eceb97ed834102c2d094dfd7aaa6 ]
Currently, the SELinux LSM prevents one from setting the
`security.selinux` xattr on an inode without a policy first being
loaded. However, this restriction is problematic: it makes it impossible
to have newly created files with the correct label before actually
loading the policy.
This is relevant in distributions like Fedora, where the policy is
loaded by systemd shortly after pivoting out of the initrd. In such
instances, all files created prior to pivoting will be unlabeled. One
then has to relabel them after pivoting, an operation which inherently
races with other processes trying to access those same files.
Going further, there are use cases for creating the entire root
filesystem on first boot from the initrd (e.g. Container Linux supports
this today[1], and we'd like to support it in Fedora CoreOS as well[2]).
One can imagine doing this in two ways: at the block device level (e.g.
laying down a disk image), or at the filesystem level. In the former,
labeling can simply be part of the image. But even in the latter
scenario, one still really wants to be able to set the right labels when
populating the new filesystem.
This patch enables this by changing behaviour in the following two ways:
1. allow `setxattr` if we're not initialized
2. don't try to set the in-core inode SID if we're not initialized;
instead leave it as `LABEL_INVALID` so that revalidation may be
attempted at a later time
Note the first hunk of this patch is mostly the same as a previously
discussed one[3], though it was part of a larger series which wasn't
accepted.
[1] https://coreos.com/os/docs/latest/root-filesystem-placement.html
[2] https://github.com/coreos/fedora-coreos-tracker/issues/94
[3] https://www.spinics.net/lists/linux-initramfs/msg04593.html
Co-developed-by: Victor Kamensky <[email protected]>
Signed-off-by: Victor Kamensky <[email protected]>
Signed-off-by: Jonathan Lebon <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
security/selinux/hooks.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 452254fd89f87..250b725f5754c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3304,6 +3304,9 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
}
+ if (!selinux_state.initialized)
+ return (inode_owner_or_capable(inode) ? 0 : -EPERM);
+
sbsec = inode->i_sb->s_security;
if (!(sbsec->flags & SBLABEL_MNT))
return -EOPNOTSUPP;
@@ -3387,6 +3390,15 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
return;
}
+ if (!selinux_state.initialized) {
+ /* If we haven't even been initialized, then we can't validate
+ * against a policy, so leave the label as invalid. It may
+ * resolve to a valid label on the next revalidation try if
+ * we've since initialized.
+ */
+ return;
+ }
+
rc = security_context_to_sid_force(&selinux_state, value, size,
&newsid);
if (rc) {
--
2.25.1
From: Dmitry Osipenko <[email protected]>
[ Upstream commit 53b4b2aeee26f42cde5ff2a16dd0d8590c51a55a ]
There is another kHz-conversion bug in the code, resulting in integer
overflow. Although, this time the resulting value is 4294966296 and it's
close to ULONG_MAX, which is okay in this case.
Reviewed-by: Chanwoo Choi <[email protected]>
Tested-by: Peter Geis <[email protected]>
Signed-off-by: Dmitry Osipenko <[email protected]>
Signed-off-by: Chanwoo Choi <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/devfreq/tegra-devfreq.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/devfreq/tegra-devfreq.c b/drivers/devfreq/tegra-devfreq.c
index 06768074d2d82..479d9575e1245 100644
--- a/drivers/devfreq/tegra-devfreq.c
+++ b/drivers/devfreq/tegra-devfreq.c
@@ -80,6 +80,8 @@
#define KHZ 1000
+#define KHZ_MAX (ULONG_MAX / KHZ)
+
/* Assume that the bus is saturated if the utilization is 25% */
#define BUS_SATURATION_RATIO 25
@@ -180,7 +182,7 @@ struct tegra_actmon_emc_ratio {
};
static struct tegra_actmon_emc_ratio actmon_emc_ratios[] = {
- { 1400000, ULONG_MAX },
+ { 1400000, KHZ_MAX },
{ 1200000, 750000 },
{ 1100000, 600000 },
{ 1000000, 500000 },
--
2.25.1
From: Balsundar P <[email protected]>
[ Upstream commit c86fbe484c10b2cd1e770770db2d6b2c88801c1d ]
The driver fails to handle data when read or written beyond device reported
LBA, which triggers kernel panic
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Balsundar P <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/scsi/aacraid/aachba.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
index 6e356325d8d98..54717fb84a54c 100644
--- a/drivers/scsi/aacraid/aachba.c
+++ b/drivers/scsi/aacraid/aachba.c
@@ -2481,13 +2481,13 @@ static int aac_read(struct scsi_cmnd * scsicmd)
scsicmd->result = DID_OK << 16 | COMMAND_COMPLETE << 8 |
SAM_STAT_CHECK_CONDITION;
set_sense(&dev->fsa_dev[cid].sense_data,
- HARDWARE_ERROR, SENCODE_INTERNAL_TARGET_FAILURE,
+ ILLEGAL_REQUEST, SENCODE_LBA_OUT_OF_RANGE,
ASENCODE_INTERNAL_TARGET_FAILURE, 0, 0);
memcpy(scsicmd->sense_buffer, &dev->fsa_dev[cid].sense_data,
min_t(size_t, sizeof(dev->fsa_dev[cid].sense_data),
SCSI_SENSE_BUFFERSIZE));
scsicmd->scsi_done(scsicmd);
- return 1;
+ return 0;
}
dprintk((KERN_DEBUG "aac_read[cpu %d]: lba = %llu, t = %ld.\n",
@@ -2573,13 +2573,13 @@ static int aac_write(struct scsi_cmnd * scsicmd)
scsicmd->result = DID_OK << 16 | COMMAND_COMPLETE << 8 |
SAM_STAT_CHECK_CONDITION;
set_sense(&dev->fsa_dev[cid].sense_data,
- HARDWARE_ERROR, SENCODE_INTERNAL_TARGET_FAILURE,
+ ILLEGAL_REQUEST, SENCODE_LBA_OUT_OF_RANGE,
ASENCODE_INTERNAL_TARGET_FAILURE, 0, 0);
memcpy(scsicmd->sense_buffer, &dev->fsa_dev[cid].sense_data,
min_t(size_t, sizeof(dev->fsa_dev[cid].sense_data),
SCSI_SENSE_BUFFERSIZE));
scsicmd->scsi_done(scsicmd);
- return 1;
+ return 0;
}
dprintk((KERN_DEBUG "aac_write[cpu %d]: lba = %llu, t = %ld.\n",
--
2.25.1
From: zhengbin <[email protected]>
[ Upstream commit 713f871b30a66dc4daff4d17b760c9916aaaf2e1 ]
In media_device_register_entity, if media_graph_walk_init fails,
need to free the previously memory.
Reported-by: Hulk Robot <[email protected]>
Signed-off-by: zhengbin <[email protected]>
Signed-off-by: Sakari Ailus <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/media-device.c | 65 ++++++++++++++++++------------------
1 file changed, 33 insertions(+), 32 deletions(-)
diff --git a/drivers/media/media-device.c b/drivers/media/media-device.c
index ed518b1f82e4a..d04ed438a45de 100644
--- a/drivers/media/media-device.c
+++ b/drivers/media/media-device.c
@@ -568,6 +568,38 @@ static void media_device_release(struct media_devnode *devnode)
dev_dbg(devnode->parent, "Media device released\n");
}
+static void __media_device_unregister_entity(struct media_entity *entity)
+{
+ struct media_device *mdev = entity->graph_obj.mdev;
+ struct media_link *link, *tmp;
+ struct media_interface *intf;
+ unsigned int i;
+
+ ida_free(&mdev->entity_internal_idx, entity->internal_idx);
+
+ /* Remove all interface links pointing to this entity */
+ list_for_each_entry(intf, &mdev->interfaces, graph_obj.list) {
+ list_for_each_entry_safe(link, tmp, &intf->links, list) {
+ if (link->entity == entity)
+ __media_remove_intf_link(link);
+ }
+ }
+
+ /* Remove all data links that belong to this entity */
+ __media_entity_remove_links(entity);
+
+ /* Remove all pads that belong to this entity */
+ for (i = 0; i < entity->num_pads; i++)
+ media_gobj_destroy(&entity->pads[i].graph_obj);
+
+ /* Remove the entity */
+ media_gobj_destroy(&entity->graph_obj);
+
+ /* invoke entity_notify callbacks to handle entity removal?? */
+
+ entity->graph_obj.mdev = NULL;
+}
+
/**
* media_device_register_entity - Register an entity with a media device
* @mdev: The media device
@@ -625,6 +657,7 @@ int __must_check media_device_register_entity(struct media_device *mdev,
*/
ret = media_graph_walk_init(&new, mdev);
if (ret) {
+ __media_device_unregister_entity(entity);
mutex_unlock(&mdev->graph_mutex);
return ret;
}
@@ -637,38 +670,6 @@ int __must_check media_device_register_entity(struct media_device *mdev,
}
EXPORT_SYMBOL_GPL(media_device_register_entity);
-static void __media_device_unregister_entity(struct media_entity *entity)
-{
- struct media_device *mdev = entity->graph_obj.mdev;
- struct media_link *link, *tmp;
- struct media_interface *intf;
- unsigned int i;
-
- ida_free(&mdev->entity_internal_idx, entity->internal_idx);
-
- /* Remove all interface links pointing to this entity */
- list_for_each_entry(intf, &mdev->interfaces, graph_obj.list) {
- list_for_each_entry_safe(link, tmp, &intf->links, list) {
- if (link->entity == entity)
- __media_remove_intf_link(link);
- }
- }
-
- /* Remove all data links that belong to this entity */
- __media_entity_remove_links(entity);
-
- /* Remove all pads that belong to this entity */
- for (i = 0; i < entity->num_pads; i++)
- media_gobj_destroy(&entity->pads[i].graph_obj);
-
- /* Remove the entity */
- media_gobj_destroy(&entity->graph_obj);
-
- /* invoke entity_notify callbacks to handle entity removal?? */
-
- entity->graph_obj.mdev = NULL;
-}
-
void media_device_unregister_entity(struct media_entity *entity)
{
struct media_device *mdev = entity->graph_obj.mdev;
--
2.25.1
On Tue, 29 Sep 2020 at 16:58, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 4.19.149 release.
> There are 245 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 01 Oct 2020 10:59:03 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.149-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
<trim>
>
> Stephane Eranian <[email protected]>
> perf stat: Force error in fallback on :k events
perf failed on stable rc branch 4.19 on all devices.
Reported-by: Naresh Kamboju <[email protected]>
In file included from util/evlist.h:15:0,
from util/evsel.c:30:
util/evsel.c: In function 'perf_evsel__exit':
util/util.h:25:28: warning: passing argument 1 of 'free' discards
'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
#define zfree(ptr) ({ free(*ptr); *ptr = NULL; })
^
util/evsel.c:1293:2: note: in expansion of macro 'zfree'
zfree(&evsel->pmu_name);
^~~~~
In file included from
/srv/oe/build/tmp-lkft-glibc/work/intel_corei7_64-linaro-linux/perf/1.0-r9/perf-1.0/tools/perf/arch/x86/include/perf_regs.h:5:0,
from util/perf_regs.h:27,
from util/event.h:11,
from util/callchain.h:8,
from util/evsel.c:26:
perf/1.0-r9/recipe-sysroot/usr/include/stdlib.h:563:13: note: expected
'void *' but argument is of type 'const char *'
extern void free (void *__ptr) __THROW;
^~~~
util/evsel.c: In function 'perf_evsel__fallback':
util/evsel.c:2802:14: error: 'struct perf_evsel' has no member named
'core'; did you mean 'node'?
if (evsel->core.attr.exclude_user)
^~~~
node
--
Linaro LKFT
https://lkft.linaro.org
From: Sean Christopherson <[email protected]>
[ Upstream commit 8d214c481611b29458a57913bd786f0ac06f0605 ]
Reset the MMU context during kvm_set_cr4() if SMAP or PKE is toggled.
Recent commits to (correctly) not reload PDPTRs when SMAP/PKE are
toggled inadvertantly skipped the MMU context reset due to the mask
of bits that triggers PDPTR loads also being used to trigger MMU context
resets.
Fixes: 427890aff855 ("kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode")
Fixes: cb957adb4ea4 ("kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode")
Cc: Jim Mattson <[email protected]>
Cc: Peter Shier <[email protected]>
Cc: Oliver Upton <[email protected]>
Signed-off-by: Sean Christopherson <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
arch/x86/kvm/x86.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 620ed1fa35119..dd182228be714 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -858,6 +858,7 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
unsigned long old_cr4 = kvm_read_cr4(vcpu);
unsigned long pdptr_bits = X86_CR4_PGE | X86_CR4_PSE | X86_CR4_PAE |
X86_CR4_SMEP;
+ unsigned long mmu_role_bits = pdptr_bits | X86_CR4_SMAP | X86_CR4_PKE;
if (kvm_valid_cr4(vcpu, cr4))
return 1;
@@ -885,7 +886,7 @@ int kvm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
if (kvm_x86_ops->set_cr4(vcpu, cr4))
return 1;
- if (((cr4 ^ old_cr4) & pdptr_bits) ||
+ if (((cr4 ^ old_cr4) & mmu_role_bits) ||
(!(cr4 & X86_CR4_PCIDE) && (old_cr4 & X86_CR4_PCIDE)))
kvm_mmu_reset_context(vcpu);
--
2.25.1
From: Mikel Rychliski <[email protected]>
[ Upstream commit 72e0ef0e5f067fd991f702f0b2635d911d0cf208 ]
On some EFI systems, the video BIOS is provided by the EFI firmware. The
boot stub code stores the physical address of the ROM image in pdev->rom.
Currently we attempt to access this pointer using phys_to_virt(), which
doesn't work with CONFIG_HIGHMEM.
On these systems, attempting to load the radeon module on a x86_32 kernel
can result in the following:
BUG: unable to handle page fault for address: 3e8ed03c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
*pde = 00000000
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 317 Comm: systemd-udevd Not tainted 5.6.0-rc3-next-20200228 #2
Hardware name: Apple Computer, Inc. MacPro1,1/Mac-F4208DC8, BIOS MP11.88Z.005C.B08.0707021221 07/02/07
EIP: radeon_get_bios+0x5ed/0xe50 [radeon]
Code: 00 00 84 c0 0f 85 12 fd ff ff c7 87 64 01 00 00 00 00 00 00 8b 47 08 8b 55 b0 e8 1e 83 e1 d6 85 c0 74 1a 8b 55 c0 85 d2 74 13 <80> 38 55 75 0e 80 78 01 aa 0f 84 a4 03 00 00 8d 74 26 00 68 dc 06
EAX: 3e8ed03c EBX: 00000000 ECX: 3e8ed03c EDX: 00010000
ESI: 00040000 EDI: eec04000 EBP: eef3fc60 ESP: eef3fbe0
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010206
CR0: 80050033 CR2: 3e8ed03c CR3: 2ec77000 CR4: 000006d0
Call Trace:
r520_init+0x26/0x240 [radeon]
radeon_device_init+0x533/0xa50 [radeon]
radeon_driver_load_kms+0x80/0x220 [radeon]
drm_dev_register+0xa7/0x180 [drm]
radeon_pci_probe+0x10f/0x1a0 [radeon]
pci_device_probe+0xd4/0x140
Fix the issue by updating all drivers which can access a platform provided
ROM. Instead of calling the helper function pci_platform_rom() which uses
phys_to_virt(), call ioremap() directly on the pdev->rom.
radeon_read_platform_bios() previously directly accessed an __iomem
pointer. Avoid this by calling memcpy_fromio() instead of kmemdup().
pci_platform_rom() now has no remaining callers, so remove it.
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mikel Rychliski <[email protected]>
Signed-off-by: Bjorn Helgaas <[email protected]>
Acked-by: Alex Deucher <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 31 +++++++++++--------
.../drm/nouveau/nvkm/subdev/bios/shadowpci.c | 17 ++++++++--
drivers/gpu/drm/radeon/radeon_bios.c | 30 +++++++++++-------
drivers/pci/rom.c | 17 ----------
include/linux/pci.h | 1 -
5 files changed, 52 insertions(+), 44 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
index a5df80d50d447..6cf3dd5edffda 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
@@ -191,30 +191,35 @@ static bool amdgpu_read_bios_from_rom(struct amdgpu_device *adev)
static bool amdgpu_read_platform_bios(struct amdgpu_device *adev)
{
- uint8_t __iomem *bios;
- size_t size;
+ phys_addr_t rom = adev->pdev->rom;
+ size_t romlen = adev->pdev->romlen;
+ void __iomem *bios;
adev->bios = NULL;
- bios = pci_platform_rom(adev->pdev, &size);
- if (!bios) {
+ if (!rom || romlen == 0)
return false;
- }
- adev->bios = kzalloc(size, GFP_KERNEL);
- if (adev->bios == NULL)
+ adev->bios = kzalloc(romlen, GFP_KERNEL);
+ if (!adev->bios)
return false;
- memcpy_fromio(adev->bios, bios, size);
+ bios = ioremap(rom, romlen);
+ if (!bios)
+ goto free_bios;
- if (!check_atom_bios(adev->bios, size)) {
- kfree(adev->bios);
- return false;
- }
+ memcpy_fromio(adev->bios, bios, romlen);
+ iounmap(bios);
- adev->bios_size = size;
+ if (!check_atom_bios(adev->bios, romlen))
+ goto free_bios;
+
+ adev->bios_size = romlen;
return true;
+free_bios:
+ kfree(adev->bios);
+ return false;
}
#ifdef CONFIG_ACPI
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c
index 9b91da09dc5f8..8d9812a51ef63 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.c
@@ -101,9 +101,13 @@ platform_init(struct nvkm_bios *bios, const char *name)
else
return ERR_PTR(-ENODEV);
+ if (!pdev->rom || pdev->romlen == 0)
+ return ERR_PTR(-ENODEV);
+
if ((priv = kmalloc(sizeof(*priv), GFP_KERNEL))) {
+ priv->size = pdev->romlen;
if (ret = -ENODEV,
- (priv->rom = pci_platform_rom(pdev, &priv->size)))
+ (priv->rom = ioremap(pdev->rom, pdev->romlen)))
return priv;
kfree(priv);
}
@@ -111,11 +115,20 @@ platform_init(struct nvkm_bios *bios, const char *name)
return ERR_PTR(ret);
}
+static void
+platform_fini(void *data)
+{
+ struct priv *priv = data;
+
+ iounmap(priv->rom);
+ kfree(priv);
+}
+
const struct nvbios_source
nvbios_platform = {
.name = "PLATFORM",
.init = platform_init,
- .fini = (void(*)(void *))kfree,
+ .fini = platform_fini,
.read = pcirom_read,
.rw = true,
};
diff --git a/drivers/gpu/drm/radeon/radeon_bios.c b/drivers/gpu/drm/radeon/radeon_bios.c
index 04c0ed41374f1..dd0528cf98183 100644
--- a/drivers/gpu/drm/radeon/radeon_bios.c
+++ b/drivers/gpu/drm/radeon/radeon_bios.c
@@ -104,25 +104,33 @@ static bool radeon_read_bios(struct radeon_device *rdev)
static bool radeon_read_platform_bios(struct radeon_device *rdev)
{
- uint8_t __iomem *bios;
- size_t size;
+ phys_addr_t rom = rdev->pdev->rom;
+ size_t romlen = rdev->pdev->romlen;
+ void __iomem *bios;
rdev->bios = NULL;
- bios = pci_platform_rom(rdev->pdev, &size);
- if (!bios) {
+ if (!rom || romlen == 0)
return false;
- }
- if (size == 0 || bios[0] != 0x55 || bios[1] != 0xaa) {
+ rdev->bios = kzalloc(romlen, GFP_KERNEL);
+ if (!rdev->bios)
return false;
- }
- rdev->bios = kmemdup(bios, size, GFP_KERNEL);
- if (rdev->bios == NULL) {
- return false;
- }
+
+ bios = ioremap(rom, romlen);
+ if (!bios)
+ goto free_bios;
+
+ memcpy_fromio(rdev->bios, bios, romlen);
+ iounmap(bios);
+
+ if (rdev->bios[0] != 0x55 || rdev->bios[1] != 0xaa)
+ goto free_bios;
return true;
+free_bios:
+ kfree(rdev->bios);
+ return false;
}
#ifdef CONFIG_ACPI
diff --git a/drivers/pci/rom.c b/drivers/pci/rom.c
index 137bf0cee897c..8fc9a4e911e3a 100644
--- a/drivers/pci/rom.c
+++ b/drivers/pci/rom.c
@@ -195,20 +195,3 @@ void pci_unmap_rom(struct pci_dev *pdev, void __iomem *rom)
pci_disable_rom(pdev);
}
EXPORT_SYMBOL(pci_unmap_rom);
-
-/**
- * pci_platform_rom - provides a pointer to any ROM image provided by the
- * platform
- * @pdev: pointer to pci device struct
- * @size: pointer to receive size of pci window over ROM
- */
-void __iomem *pci_platform_rom(struct pci_dev *pdev, size_t *size)
-{
- if (pdev->rom && pdev->romlen) {
- *size = pdev->romlen;
- return phys_to_virt((phys_addr_t)pdev->rom);
- }
-
- return NULL;
-}
-EXPORT_SYMBOL(pci_platform_rom);
diff --git a/include/linux/pci.h b/include/linux/pci.h
index 2517492dd1855..2fda9893962d1 100644
--- a/include/linux/pci.h
+++ b/include/linux/pci.h
@@ -1144,7 +1144,6 @@ int pci_enable_rom(struct pci_dev *pdev);
void pci_disable_rom(struct pci_dev *pdev);
void __iomem __must_check *pci_map_rom(struct pci_dev *pdev, size_t *size);
void pci_unmap_rom(struct pci_dev *pdev, void __iomem *rom);
-void __iomem __must_check *pci_platform_rom(struct pci_dev *pdev, size_t *size);
/* Power management related routines */
int pci_save_state(struct pci_dev *dev);
--
2.25.1