2021-01-11 13:56:33

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 00/77] 4.19.167-rc1 review

This is the start of the stable review cycle for the 4.19.167 release.
There are 77 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.

Responses should be made by Wed, 13 Jan 2021 13:00:19 +0000.
Anything received after that time might be too late.

The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.167-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.

thanks,

greg k-h

-------------
Pseudo-Shortlog of commits:

Greg Kroah-Hartman <[email protected]>
Linux 4.19.167-rc1

Paolo Bonzini <[email protected]>
KVM: x86: fix shift out of bounds reported by UBSAN

Ying-Tsun Huang <[email protected]>
x86/mtrr: Correct the range check before performing MTRR type lookups

Florian Westphal <[email protected]>
netfilter: xt_RATEEST: reject non-null terminated string from userspace

Vasily Averin <[email protected]>
netfilter: ipset: fix shift-out-of-bounds in htable_bits()

Subash Abhinov Kasiviswanathan <[email protected]>
netfilter: x_tables: Update remaining dereference to RCU

Roger Pau Monne <[email protected]>
xen/pvh: correctly setup the PV EFI interface for dom0

Bard Liao <[email protected]>
Revert "device property: Keep secondary firmware node secondary by type"

Filipe Manana <[email protected]>
btrfs: send: fix wrong file path when there is an inode with a pending rmdir

Kailang Yang <[email protected]>
ALSA: hda/realtek - Fix speaker volume control on Lenovo C940

bo liu <[email protected]>
ALSA: hda/conexant: add a new hda codec CX11970

Takashi Iwai <[email protected]>
ALSA: hda/via: Fix runtime PM for Clevo W35xSS

Dan Williams <[email protected]>
x86/mm: Fix leak of pmd ptlock

Johan Hovold <[email protected]>
USB: serial: keyspan_pda: remove unused variable

Eddie Hung <[email protected]>
usb: gadget: configfs: Fix use-after-free issue with udc_name

Chandana Kishori Chiluveru <[email protected]>
usb: gadget: configfs: Preserve function ordering after bind failure

Sriharsha Allenki <[email protected]>
usb: gadget: Fix spinlock lockup on usb_function_deactivate

Yang Yingliang <[email protected]>
USB: gadget: legacy: fix return error code in acm_ms_bind()

Manish Narani <[email protected]>
usb: gadget: u_ether: Fix MTU size mismatch with RX packet size

Zqiang <[email protected]>
usb: gadget: function: printer: Fix a memory leak for interface descriptor

Jerome Brunet <[email protected]>
usb: gadget: f_uac2: reset wMaxPacketSize

Arnd Bergmann <[email protected]>
usb: gadget: select CONFIG_CRC32

Takashi Iwai <[email protected]>
ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks

Johan Hovold <[email protected]>
USB: usblp: fix DMA to stack

Johan Hovold <[email protected]>
USB: yurex: fix control-URB timeout handling

Bjørn Mork <[email protected]>
USB: serial: option: add Quectel EM160R-GL

Daniel Palmer <[email protected]>
USB: serial: option: add LongSung M5710 module support

Johan Hovold <[email protected]>
USB: serial: iuu_phoenix: fix DMA from stack

Thinh Nguyen <[email protected]>
usb: uas: Add PNY USB Portable SSD to unusual_uas

Randy Dunlap <[email protected]>
usb: usbip: vhci_hcd: protect shift size

Michael Grzeschik <[email protected]>
USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set

Yu Kuai <[email protected]>
usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data()

Serge Semin <[email protected]>
usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion

Tetsuo Handa <[email protected]>
USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().

Sean Young <[email protected]>
USB: cdc-acm: blacklist another IR Droid device

taehyun.cho <[email protected]>
usb: gadget: enable super speed plus

Christophe JAILLET <[email protected]>
staging: mt7621-dma: Fix a resource leak in an error handling path

Ard Biesheuvel <[email protected]>
crypto: ecdh - avoid buffer overflow in ecdh_set_secret()

Dexuan Cui <[email protected]>
video: hyperv_fb: Fix the mmap() regression for v5.4.y and older

Hans de Goede <[email protected]>
Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close

Florian Fainelli <[email protected]>
net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE

Antoine Tenart <[email protected]>
net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc

Antoine Tenart <[email protected]>
net-sysfs: take the rtnl lock when storing xps_rxqs

Randy Dunlap <[email protected]>
net: sched: prevent invalid Scell_log shift count

Yunjian Wang <[email protected]>
vhost_net: fix ubuf refcount incorrectly when sendmsg fails

Heiner Kallweit <[email protected]>
r8169: work around power-saving bug on some chip versions

Bjørn Mork <[email protected]>
net: usb: qmi_wwan: add Quectel EM160R-GL

Roland Dreier <[email protected]>
CDC-NCM: remove "connected" log message

Xie He <[email protected]>
net: hdlc_ppp: Fix issues when mod_timer is called while timer is running

Cong Wang <[email protected]>
erspan: fix version 1 check in gre_parse_header()

Yunjian Wang <[email protected]>
net: hns: fix return value check in __lb_other_process()

Guillaume Nault <[email protected]>
ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()

Yunjian Wang <[email protected]>
tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS

Grygorii Strashko <[email protected]>
net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered

Antoine Tenart <[email protected]>
net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc

Antoine Tenart <[email protected]>
net-sysfs: take the rtnl lock when storing xps_cpus

Dinghao Liu <[email protected]>
net: ethernet: Fix memleak in ethoc_probe

John Wang <[email protected]>
net/ncsi: Use real net-device for response handler

Petr Machata <[email protected]>
net: dcb: Validate netlink message in DCB handler

Jeff Dike <[email protected]>
virtio_net: Fix recursive call to cpus_read_lock()

Manish Chopra <[email protected]>
qede: fix offload for IPIP tunnel packets

Stefan Chulski <[email protected]>
net: mvpp2: Fix GoP port 3 Networking Complex Control configurations

Dan Carpenter <[email protected]>
atm: idt77252: call pci_disable_device() on error path

Rasmus Villemoes <[email protected]>
ethernet: ucc_geth: set dev->max_mtu to 1518

Rasmus Villemoes <[email protected]>
ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()

Stefan Chulski <[email protected]>
net: mvpp2: prs: fix PPPoE with ipv6 packet parse

Stefan Chulski <[email protected]>
net: mvpp2: Add TCAM entry to drop flow control pause frames

Sylwester Dziedziuch <[email protected]>
i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs

Alexey Dobriyan <[email protected]>
proc: fix lookup in /proc/net subdirectories after setns(2)

Alexey Dobriyan <[email protected]>
proc: change ->nlink under proc_subdir_lock

Linus Torvalds <[email protected]>
depmod: handle the case of /sbin/depmod without /sbin in PATH

Huang Shijie <[email protected]>
lib/genalloc: fix the overflow when size is too big

Bart Van Assche <[email protected]>
scsi: scsi_transport_spi: Set RQF_PM for domain validation commands

Bart Van Assche <[email protected]>
scsi: ide: Do not set the RQF_PREEMPT flag for sense requests

Adrian Hunter <[email protected]>
scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff()

Bean Huo <[email protected]>
scsi: ufs: Fix wrong print message in dev_err()

Yunfeng Ye <[email protected]>
workqueue: Kick a worker based on the actual activation of delayed works

Dominique Martinet <[email protected]>
kbuild: don't hardcode depmod path


-------------

Diffstat:

Makefile | 6 +-
arch/x86/kernel/cpu/mtrr/generic.c | 6 +-
arch/x86/kvm/mmu.h | 2 +-
arch/x86/mm/pgtable.c | 2 +
arch/x86/xen/efi.c | 12 ++--
arch/x86/xen/enlighten_pv.c | 2 +-
arch/x86/xen/enlighten_pvh.c | 4 ++
arch/x86/xen/xen-ops.h | 4 +-
crypto/ecdh.c | 3 +-
drivers/atm/idt77252.c | 2 +-
drivers/base/core.c | 2 +-
drivers/bluetooth/hci_h5.c | 8 +--
drivers/ide/ide-atapi.c | 1 -
drivers/ide/ide-io.c | 5 --
drivers/net/ethernet/broadcom/bcmsysport.c | 1 +
drivers/net/ethernet/ethoc.c | 3 +-
drivers/net/ethernet/freescale/ucc_geth.c | 3 +-
drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 4 ++
drivers/net/ethernet/intel/i40e/i40e.h | 3 +
drivers/net/ethernet/intel/i40e/i40e_main.c | 10 ++++
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 38 +++++++++++-
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.h | 2 +-
drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 ++
drivers/net/ethernet/realtek/r8169.c | 6 +-
drivers/net/ethernet/ti/cpts.c | 2 +
drivers/net/tun.c | 2 +-
drivers/net/usb/cdc_ncm.c | 3 -
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/virtio_net.c | 12 ++--
drivers/net/wan/hdlc_ppp.c | 7 +++
drivers/scsi/scsi_transport_spi.c | 27 ++++++---
drivers/scsi/ufs/ufshcd-pci.c | 34 ++++++++++-
drivers/scsi/ufs/ufshcd.c | 2 +-
drivers/staging/mt7621-dma/mtk-hsdma.c | 4 +-
drivers/usb/chipidea/ci_hdrc_imx.c | 6 +-
drivers/usb/class/cdc-acm.c | 4 ++
drivers/usb/class/cdc-wdm.c | 16 ++++-
drivers/usb/class/usblp.c | 21 ++++++-
drivers/usb/dwc3/core.h | 1 +
drivers/usb/dwc3/ulpi.c | 2 +-
drivers/usb/gadget/Kconfig | 2 +
drivers/usb/gadget/composite.c | 10 +++-
drivers/usb/gadget/configfs.c | 19 ++++--
drivers/usb/gadget/function/f_printer.c | 1 +
drivers/usb/gadget/function/f_uac2.c | 69 +++++++++++++++++-----
drivers/usb/gadget/function/u_ether.c | 9 +--
drivers/usb/gadget/legacy/acm_ms.c | 4 +-
drivers/usb/host/xhci.c | 24 ++++----
drivers/usb/misc/yurex.c | 3 +
drivers/usb/serial/iuu_phoenix.c | 20 +++++--
drivers/usb/serial/keyspan_pda.c | 2 -
drivers/usb/serial/option.c | 3 +
drivers/usb/storage/unusual_uas.h | 7 +++
drivers/usb/usbip/vhci_hcd.c | 2 +
drivers/vhost/net.c | 6 +-
drivers/video/fbdev/hyperv_fb.c | 6 +-
fs/btrfs/send.c | 49 +++++++++------
fs/proc/generic.c | 55 +++++++++++------
fs/proc/internal.h | 7 +++
fs/proc/proc_net.c | 16 -----
include/linux/proc_fs.h | 8 ++-
include/net/red.h | 4 +-
kernel/workqueue.c | 13 +++-
lib/genalloc.c | 25 ++++----
net/core/net-sysfs.c | 65 ++++++++++++++++----
net/dcb/dcbnl.c | 2 +
net/ipv4/fib_frontend.c | 2 +-
net/ipv4/gre_demux.c | 2 +-
net/ipv4/netfilter/arp_tables.c | 2 +-
net/ipv4/netfilter/ip_tables.c | 2 +-
net/ipv6/netfilter/ip6_tables.c | 2 +-
net/ncsi/ncsi-rsp.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h | 20 ++-----
net/netfilter/xt_RATEEST.c | 3 +
net/sched/sch_choke.c | 2 +-
net/sched/sch_gred.c | 2 +-
net/sched/sch_red.c | 2 +-
net/sched/sch_sfq.c | 2 +-
scripts/depmod.sh | 2 +
sound/pci/hda/hda_intel.c | 2 -
sound/pci/hda/patch_conexant.c | 1 +
sound/pci/hda/patch_realtek.c | 6 ++
sound/pci/hda/patch_via.c | 13 ++++
sound/usb/midi.c | 4 ++
86 files changed, 556 insertions(+), 230 deletions(-)



2021-01-11 13:56:51

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 36/77] net-sysfs: take the rtnl lock when storing xps_rxqs

From: Antoine Tenart <[email protected]>

[ Upstream commit 2d57b4f142e0b03e854612b8e28978935414bced ]

Two race conditions can be triggered when storing xps rxqs, resulting in
various oops and invalid memory accesses:

1. Calling netdev_set_num_tc while netif_set_xps_queue:

- netif_set_xps_queue uses dev->tc_num as one of the parameters to
compute the size of new_dev_maps when allocating it. dev->tc_num is
also used to access the map, and the compiler may generate code to
retrieve this field multiple times in the function.

- netdev_set_num_tc sets dev->tc_num.

If new_dev_maps is allocated using dev->tc_num and then dev->tc_num
is set to a higher value through netdev_set_num_tc, later accesses to
new_dev_maps in netif_set_xps_queue could lead to accessing memory
outside of new_dev_maps; triggering an oops.

2. Calling netif_set_xps_queue while netdev_set_num_tc is running:

2.1. netdev_set_num_tc starts by resetting the xps queues,
dev->tc_num isn't updated yet.

2.2. netif_set_xps_queue is called, setting up the map with the
*old* dev->num_tc.

2.3. netdev_set_num_tc updates dev->tc_num.

2.4. Later accesses to the map lead to out of bound accesses and
oops.

A similar issue can be found with netdev_reset_tc.

One way of triggering this is to set an iface up (for which the driver
uses netdev_set_num_tc in the open path, such as bnx2x) and writing to
xps_rxqs in a concurrent thread. With the right timing an oops is
triggered.

Both issues have the same fix: netif_set_xps_queue, netdev_set_num_tc
and netdev_reset_tc should be mutually exclusive. We do that by taking
the rtnl lock in xps_rxqs_store.

Fixes: 8af2c06ff4b1 ("net-sysfs: Add interface for Rx queue(s) map per Tx queue")
Signed-off-by: Antoine Tenart <[email protected]>
Reviewed-by: Alexander Duyck <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/core/net-sysfs.c | 7 +++++++
1 file changed, 7 insertions(+)

--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -1428,10 +1428,17 @@ static ssize_t xps_rxqs_store(struct net
return err;
}

+ if (!rtnl_trylock()) {
+ bitmap_free(mask);
+ return restart_syscall();
+ }
+
cpus_read_lock();
err = __netif_set_xps_queue(dev, mask, index, true);
cpus_read_unlock();

+ rtnl_unlock();
+
kfree(mask);
return err ? : len;
}


2021-01-11 13:56:53

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 45/77] USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().

From: Tetsuo Handa <[email protected]>

commit 5e5ff0b4b6bcb4d17b7a26ec8bcfc7dd4651684f upstream.

syzbot is reporting UAF at usb_submit_urb() [1], for
service_outstanding_interrupt() is not checking WDM_DISCONNECTING
before calling usb_submit_urb(). Close the race by doing same checks
wdm_read() does upon retry.

Also, while wdm_read() checks WDM_DISCONNECTING with desc->rlock held,
service_interrupt_work() does not hold desc->rlock. Thus, it is possible
that usb_submit_urb() is called from service_outstanding_interrupt() from
service_interrupt_work() after WDM_DISCONNECTING was set and kill_urbs()
from wdm_disconnect() completed. Thus, move kill_urbs() in
wdm_disconnect() to after cancel_work_sync() (which makes sure that
service_interrupt_work() is no longer running) completed.

Although it seems to be safe to dereference desc->intf->dev in
service_outstanding_interrupt() even if WDM_DISCONNECTING was already set
because desc->rlock or cancel_work_sync() prevents wdm_disconnect() from
reaching list_del() before service_outstanding_interrupt() completes,
let's not emit error message if WDM_DISCONNECTING is set by
wdm_disconnect() while usb_submit_urb() is in progress.

[1] https://syzkaller.appspot.com/bug?extid=9e04e2df4a32fb661daf

Reported-by: syzbot <[email protected]>
Signed-off-by: Tetsuo Handa <[email protected]>
Cc: stable <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/usb/class/cdc-wdm.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)

--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -465,13 +465,23 @@ static int service_outstanding_interrupt
if (!desc->resp_count || !--desc->resp_count)
goto out;

+ if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
+ rv = -ENODEV;
+ goto out;
+ }
+ if (test_bit(WDM_RESETTING, &desc->flags)) {
+ rv = -EIO;
+ goto out;
+ }
+
set_bit(WDM_RESPONDING, &desc->flags);
spin_unlock_irq(&desc->iuspin);
rv = usb_submit_urb(desc->response, GFP_KERNEL);
spin_lock_irq(&desc->iuspin);
if (rv) {
- dev_err(&desc->intf->dev,
- "usb_submit_urb failed with result %d\n", rv);
+ if (!test_bit(WDM_DISCONNECTING, &desc->flags))
+ dev_err(&desc->intf->dev,
+ "usb_submit_urb failed with result %d\n", rv);

/* make sure the next notification trigger a submit */
clear_bit(WDM_RESPONDING, &desc->flags);
@@ -1026,9 +1036,9 @@ static void wdm_disconnect(struct usb_in
wake_up_all(&desc->wait);
mutex_lock(&desc->rlock);
mutex_lock(&desc->wlock);
- kill_urbs(desc);
cancel_work_sync(&desc->rxwork);
cancel_work_sync(&desc->service_outs_intr);
+ kill_urbs(desc);
mutex_unlock(&desc->wlock);
mutex_unlock(&desc->rlock);



2021-01-11 13:56:54

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 07/77] lib/genalloc: fix the overflow when size is too big

From: Huang Shijie <[email protected]>

[ Upstream commit 36845663843fc59c5d794e3dc0641472e3e572da ]

Some graphic card has very big memory on chip, such as 32G bytes.

In the following case, it will cause overflow:

pool = gen_pool_create(PAGE_SHIFT, NUMA_NO_NODE);
ret = gen_pool_add(pool, 0x1000000, SZ_32G, NUMA_NO_NODE);

va = gen_pool_alloc(pool, SZ_4G);

The overflow occurs in gen_pool_alloc_algo_owner():

....
size = nbits << order;
....

The @nbits is "int" type, so it will overflow.
Then the gen_pool_avail() will return the wrong value.

This patch converts some "int" to "unsigned long", and
changes the compare code in while.

Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Huang Shijie <[email protected]>
Reported-by: Shi Jiasheng <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
lib/genalloc.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/lib/genalloc.c b/lib/genalloc.c
index 7e85d1e37a6ea..0b8ee173cf3a6 100644
--- a/lib/genalloc.c
+++ b/lib/genalloc.c
@@ -83,14 +83,14 @@ static int clear_bits_ll(unsigned long *addr, unsigned long mask_to_clear)
* users set the same bit, one user will return remain bits, otherwise
* return 0.
*/
-static int bitmap_set_ll(unsigned long *map, int start, int nr)
+static int bitmap_set_ll(unsigned long *map, unsigned long start, unsigned long nr)
{
unsigned long *p = map + BIT_WORD(start);
- const int size = start + nr;
+ const unsigned long size = start + nr;
int bits_to_set = BITS_PER_LONG - (start % BITS_PER_LONG);
unsigned long mask_to_set = BITMAP_FIRST_WORD_MASK(start);

- while (nr - bits_to_set >= 0) {
+ while (nr >= bits_to_set) {
if (set_bits_ll(p, mask_to_set))
return nr;
nr -= bits_to_set;
@@ -118,14 +118,15 @@ static int bitmap_set_ll(unsigned long *map, int start, int nr)
* users clear the same bit, one user will return remain bits,
* otherwise return 0.
*/
-static int bitmap_clear_ll(unsigned long *map, int start, int nr)
+static unsigned long
+bitmap_clear_ll(unsigned long *map, unsigned long start, unsigned long nr)
{
unsigned long *p = map + BIT_WORD(start);
- const int size = start + nr;
+ const unsigned long size = start + nr;
int bits_to_clear = BITS_PER_LONG - (start % BITS_PER_LONG);
unsigned long mask_to_clear = BITMAP_FIRST_WORD_MASK(start);

- while (nr - bits_to_clear >= 0) {
+ while (nr >= bits_to_clear) {
if (clear_bits_ll(p, mask_to_clear))
return nr;
nr -= bits_to_clear;
@@ -184,8 +185,8 @@ int gen_pool_add_virt(struct gen_pool *pool, unsigned long virt, phys_addr_t phy
size_t size, int nid)
{
struct gen_pool_chunk *chunk;
- int nbits = size >> pool->min_alloc_order;
- int nbytes = sizeof(struct gen_pool_chunk) +
+ unsigned long nbits = size >> pool->min_alloc_order;
+ unsigned long nbytes = sizeof(struct gen_pool_chunk) +
BITS_TO_LONGS(nbits) * sizeof(long);

chunk = vzalloc_node(nbytes, nid);
@@ -242,7 +243,7 @@ void gen_pool_destroy(struct gen_pool *pool)
struct list_head *_chunk, *_next_chunk;
struct gen_pool_chunk *chunk;
int order = pool->min_alloc_order;
- int bit, end_bit;
+ unsigned long bit, end_bit;

list_for_each_safe(_chunk, _next_chunk, &pool->chunks) {
chunk = list_entry(_chunk, struct gen_pool_chunk, next_chunk);
@@ -293,7 +294,7 @@ unsigned long gen_pool_alloc_algo(struct gen_pool *pool, size_t size,
struct gen_pool_chunk *chunk;
unsigned long addr = 0;
int order = pool->min_alloc_order;
- int nbits, start_bit, end_bit, remain;
+ unsigned long nbits, start_bit, end_bit, remain;

#ifndef CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG
BUG_ON(in_nmi());
@@ -376,7 +377,7 @@ void gen_pool_free(struct gen_pool *pool, unsigned long addr, size_t size)
{
struct gen_pool_chunk *chunk;
int order = pool->min_alloc_order;
- int start_bit, nbits, remain;
+ unsigned long start_bit, nbits, remain;

#ifndef CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG
BUG_ON(in_nmi());
@@ -638,7 +639,7 @@ unsigned long gen_pool_best_fit(unsigned long *map, unsigned long size,
index = bitmap_find_next_zero_area(map, size, start, nr, 0);

while (index < size) {
- int next_bit = find_next_bit(map, size, index + nr);
+ unsigned long next_bit = find_next_bit(map, size, index + nr);
if ((next_bit - index) < len) {
len = next_bit - index;
start_bit = index;
--
2.27.0



2021-01-11 13:57:31

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 19/77] virtio_net: Fix recursive call to cpus_read_lock()

From: Jeff Dike <[email protected]>

[ Upstream commit de33212f768c5d9e2fe791b008cb26f92f0aa31c ]

virtnet_set_channels can recursively call cpus_read_lock if CONFIG_XPS
and CONFIG_HOTPLUG are enabled.

The path is:
virtnet_set_channels - calls get_online_cpus(), which is a trivial
wrapper around cpus_read_lock()
netif_set_real_num_tx_queues
netif_reset_xps_queues_gt
netif_reset_xps_queues - calls cpus_read_lock()

This call chain and potential deadlock happens when the number of TX
queues is reduced.

This commit the removes netif_set_real_num_[tr]x_queues calls from
inside the get/put_online_cpus section, as they don't require that it
be held.

Fixes: 47be24796c13 ("virtio-net: fix the set affinity bug when CPU IDs are not consecutive")
Signed-off-by: Jeff Dike <[email protected]>
Acked-by: Jason Wang <[email protected]>
Acked-by: Michael S. Tsirkin <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/virtio_net.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -2077,14 +2077,16 @@ static int virtnet_set_channels(struct n

get_online_cpus();
err = _virtnet_set_queues(vi, queue_pairs);
- if (!err) {
- netif_set_real_num_tx_queues(dev, queue_pairs);
- netif_set_real_num_rx_queues(dev, queue_pairs);
-
- virtnet_set_affinity(vi);
+ if (err) {
+ put_online_cpus();
+ goto err;
}
+ virtnet_set_affinity(vi);
put_online_cpus();

+ netif_set_real_num_tx_queues(dev, queue_pairs);
+ netif_set_real_num_rx_queues(dev, queue_pairs);
+ err:
return err;
}



2021-01-11 13:57:40

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 12/77] net: mvpp2: Add TCAM entry to drop flow control pause frames

From: Stefan Chulski <[email protected]>

[ Upstream commit 3f48fab62bb81a7f9d01e9d43c40395fad011dd5 ]

Issue:
Flow control frame used to pause GoP(MAC) was delivered to the CPU
and created a load on the CPU. Since XOFF/XON frames are used only
by MAC, these frames should be dropped inside MAC.

Fix:
According to 802.3-2012 - IEEE Standard for Ethernet pause frame
has unique destination MAC address 01-80-C2-00-00-01.
Add TCAM parser entry to track and drop pause frames by destination MAC.

Fixes: 3f518509dedc ("ethernet: Add new driver for Marvell Armada 375 network unit")
Signed-off-by: Stefan Chulski <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 33 +++++++++++++++++++++++++
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.h | 2 -
2 files changed, 34 insertions(+), 1 deletion(-)

--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c
@@ -405,6 +405,38 @@ static int mvpp2_prs_tcam_first_free(str
return -EINVAL;
}

+/* Drop flow control pause frames */
+static void mvpp2_prs_drop_fc(struct mvpp2 *priv)
+{
+ unsigned char da[ETH_ALEN] = { 0x01, 0x80, 0xC2, 0x00, 0x00, 0x01 };
+ struct mvpp2_prs_entry pe;
+ unsigned int len;
+
+ memset(&pe, 0, sizeof(pe));
+
+ /* For all ports - drop flow control frames */
+ pe.index = MVPP2_PE_FC_DROP;
+ mvpp2_prs_tcam_lu_set(&pe, MVPP2_PRS_LU_MAC);
+
+ /* Set match on DA */
+ len = ETH_ALEN;
+ while (len--)
+ mvpp2_prs_tcam_data_byte_set(&pe, len, da[len], 0xff);
+
+ mvpp2_prs_sram_ri_update(&pe, MVPP2_PRS_RI_DROP_MASK,
+ MVPP2_PRS_RI_DROP_MASK);
+
+ mvpp2_prs_sram_bits_set(&pe, MVPP2_PRS_SRAM_LU_GEN_BIT, 1);
+ mvpp2_prs_sram_next_lu_set(&pe, MVPP2_PRS_LU_FLOWS);
+
+ /* Mask all ports */
+ mvpp2_prs_tcam_port_map_set(&pe, MVPP2_PRS_PORT_MASK);
+
+ /* Update shadow table and hw entry */
+ mvpp2_prs_shadow_set(priv, pe.index, MVPP2_PRS_LU_MAC);
+ mvpp2_prs_hw_write(priv, &pe);
+}
+
/* Enable/disable dropping all mac da's */
static void mvpp2_prs_mac_drop_all_set(struct mvpp2 *priv, int port, bool add)
{
@@ -1162,6 +1194,7 @@ static void mvpp2_prs_mac_init(struct mv
mvpp2_prs_hw_write(priv, &pe);

/* Create dummy entries for drop all and promiscuous modes */
+ mvpp2_prs_drop_fc(priv);
mvpp2_prs_mac_drop_all_set(priv, 0, false);
mvpp2_prs_mac_promisc_set(priv, 0, MVPP2_PRS_L2_UNI_CAST, false);
mvpp2_prs_mac_promisc_set(priv, 0, MVPP2_PRS_L2_MULTI_CAST, false);
--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.h
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.h
@@ -129,7 +129,7 @@
#define MVPP2_PE_VID_EDSA_FLTR_DEFAULT (MVPP2_PRS_TCAM_SRAM_SIZE - 7)
#define MVPP2_PE_VLAN_DBL (MVPP2_PRS_TCAM_SRAM_SIZE - 6)
#define MVPP2_PE_VLAN_NONE (MVPP2_PRS_TCAM_SRAM_SIZE - 5)
-/* reserved */
+#define MVPP2_PE_FC_DROP (MVPP2_PRS_TCAM_SRAM_SIZE - 4)
#define MVPP2_PE_MAC_MC_PROMISCUOUS (MVPP2_PRS_TCAM_SRAM_SIZE - 3)
#define MVPP2_PE_MAC_UC_PROMISCUOUS (MVPP2_PRS_TCAM_SRAM_SIZE - 2)
#define MVPP2_PE_MAC_NON_PROMISCUOUS (MVPP2_PRS_TCAM_SRAM_SIZE - 1)


2021-01-11 13:57:57

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 18/77] qede: fix offload for IPIP tunnel packets

From: Manish Chopra <[email protected]>

[ Upstream commit 5d5647dad259bb416fd5d3d87012760386d97530 ]

IPIP tunnels packets are unknown to device,
hence these packets are incorrectly parsed and
caused the packet corruption, so disable offlods
for such packets at run time.

Signed-off-by: Manish Chopra <[email protected]>
Signed-off-by: Sudarsana Kalluru <[email protected]>
Signed-off-by: Igor Russkikh <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +++++
1 file changed, 5 insertions(+)

--- a/drivers/net/ethernet/qlogic/qede/qede_fp.c
+++ b/drivers/net/ethernet/qlogic/qede/qede_fp.c
@@ -1747,6 +1747,11 @@ netdev_features_t qede_features_check(st
ntohs(udp_hdr(skb)->dest) != gnv_port))
return features & ~(NETIF_F_CSUM_MASK |
NETIF_F_GSO_MASK);
+ } else if (l4_proto == IPPROTO_IPIP) {
+ /* IPIP tunnels are unknown to the device or at least unsupported natively,
+ * offloads for them can't be done trivially, so disable them for such skb.
+ */
+ return features & ~(NETIF_F_CSUM_MASK | NETIF_F_GSO_MASK);
}
}



2021-01-11 13:58:10

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 05/77] scsi: ide: Do not set the RQF_PREEMPT flag for sense requests

From: Bart Van Assche <[email protected]>

[ Upstream commit 96d86e6a80a3ab9aff81d12f9f1f2a0da2917d38 ]

RQF_PREEMPT is used for two different purposes in the legacy IDE code:

1. To mark power management requests.

2. To mark requests that should preempt another request. An (old)
explanation of that feature is as follows: "The IDE driver in the Linux
kernel normally uses a series of busywait delays during its
initialization. When the driver executes these busywaits, the kernel
does nothing for the duration of the wait. The time spent in these
waits could be used for other initialization activities, if they could
be run concurrently with these waits.

More specifically, busywait-style delays such as udelay() in module
init functions inhibit kernel preemption because the Big Kernel Lock is
held, while yielding APIs such as schedule_timeout() allow
preemption. This is true because the kernel handles the BKL specially
and releases and reacquires it across reschedules allowed by the
current thread.

This IDE-preempt specification requires that the driver eliminate these
busywaits and replace them with a mechanism that allows other work to
proceed while the IDE driver is initializing."

Since I haven't found an implementation of (2), do not set the PREEMPT flag
for sense requests. This patch causes sense requests to be postponed while
a drive is suspended instead of being submitted to ide_queue_rq().

If it would ever be necessary to restore the IDE PREEMPT functionality,
that can be done by introducing a new flag in struct ide_request.

Link: https://lore.kernel.org/r/[email protected]
Cc: David S. Miller <[email protected]>
Cc: Alan Stern <[email protected]>
Cc: Can Guo <[email protected]>
Cc: Stanley Chu <[email protected]>
Cc: Ming Lei <[email protected]>
Cc: Rafael J. Wysocki <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>
Reviewed-by: Jens Axboe <[email protected]>
Signed-off-by: Bart Van Assche <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/ide/ide-atapi.c | 1 -
drivers/ide/ide-io.c | 5 -----
2 files changed, 6 deletions(-)

diff --git a/drivers/ide/ide-atapi.c b/drivers/ide/ide-atapi.c
index 8b2b72b938857..4224c4dd89635 100644
--- a/drivers/ide/ide-atapi.c
+++ b/drivers/ide/ide-atapi.c
@@ -213,7 +213,6 @@ void ide_prep_sense(ide_drive_t *drive, struct request *rq)
sense_rq->rq_disk = rq->rq_disk;
sense_rq->cmd_flags = REQ_OP_DRV_IN;
ide_req(sense_rq)->type = ATA_PRIV_SENSE;
- sense_rq->rq_flags |= RQF_PREEMPT;

req->cmd[0] = GPCMD_REQUEST_SENSE;
req->cmd[4] = cmd_len;
diff --git a/drivers/ide/ide-io.c b/drivers/ide/ide-io.c
index 0d93e0cfbeaf9..4381760846109 100644
--- a/drivers/ide/ide-io.c
+++ b/drivers/ide/ide-io.c
@@ -527,11 +527,6 @@ repeat:
* above to return us whatever is in the queue. Since we call
* ide_do_request() ourselves, we end up taking requests while
* the queue is blocked...
- *
- * We let requests forced at head of queue with ide-preempt
- * though. I hope that doesn't happen too much, hopefully not
- * unless the subdriver triggers such a thing in its own PM
- * state machine.
*/
if ((drive->dev_flags & IDE_DFLAG_BLOCKED) &&
ata_pm_request(rq) == 0 &&
--
2.27.0



2021-01-11 13:58:53

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 16/77] atm: idt77252: call pci_disable_device() on error path

From: Dan Carpenter <[email protected]>

[ Upstream commit 8df66af5c1e5f80562fe728db5ec069b21810144 ]

This error path needs to disable the pci device before returning.

Fixes: ede58ef28e10 ("atm: remove deprecated use of pci api")
Signed-off-by: Dan Carpenter <[email protected]>
Link: https://lore.kernel.org/r/X93dmC4NX0vbTpGp@mwanda
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/atm/idt77252.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -3607,7 +3607,7 @@ static int idt77252_init_one(struct pci_

if ((err = dma_set_mask_and_coherent(&pcidev->dev, DMA_BIT_MASK(32)))) {
printk("idt77252: can't enable DMA for PCI device at %s\n", pci_name(pcidev));
- return err;
+ goto err_out_disable_pdev;
}

card = kzalloc(sizeof(struct idt77252_dev), GFP_KERNEL);


2021-01-11 13:59:51

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 11/77] i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs

From: Sylwester Dziedziuch <[email protected]>

[ Upstream commit 3ac874fa84d1baaf0c0175f2a1499f5d88d528b2 ]

When removing VFs for PF added to bridge there was
an error I40E_AQ_RC_EINVAL. It was caused by not properly
resetting and reinitializing PF when adding/removing VFs.
Changed how reset is performed when adding/removing VFs
to properly reinitialize PFs VSI.

Fixes: fc60861e9b00 ("i40e: start up in VEPA mode by default")
Signed-off-by: Sylwester Dziedziuch <[email protected]>
Tested-by: Konrad Jankowski <[email protected]>
Signed-off-by: Tony Nguyen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/intel/i40e/i40e.h | 3 +++
drivers/net/ethernet/intel/i40e/i40e_main.c | 10 ++++++++++
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 ++--
3 files changed, 15 insertions(+), 2 deletions(-)

--- a/drivers/net/ethernet/intel/i40e/i40e.h
+++ b/drivers/net/ethernet/intel/i40e/i40e.h
@@ -127,6 +127,7 @@ enum i40e_state_t {
__I40E_RESET_INTR_RECEIVED,
__I40E_REINIT_REQUESTED,
__I40E_PF_RESET_REQUESTED,
+ __I40E_PF_RESET_AND_REBUILD_REQUESTED,
__I40E_CORE_RESET_REQUESTED,
__I40E_GLOBAL_RESET_REQUESTED,
__I40E_EMP_RESET_REQUESTED,
@@ -153,6 +154,8 @@ enum i40e_state_t {
};

#define I40E_PF_RESET_FLAG BIT_ULL(__I40E_PF_RESET_REQUESTED)
+#define I40E_PF_RESET_AND_REBUILD_FLAG \
+ BIT_ULL(__I40E_PF_RESET_AND_REBUILD_REQUESTED)

/* VSI state flags */
enum i40e_vsi_state_t {
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -42,6 +42,8 @@ static int i40e_setup_misc_vector(struct
static void i40e_determine_queue_usage(struct i40e_pf *pf);
static int i40e_setup_pf_filter_control(struct i40e_pf *pf);
static void i40e_prep_for_reset(struct i40e_pf *pf, bool lock_acquired);
+static void i40e_reset_and_rebuild(struct i40e_pf *pf, bool reinit,
+ bool lock_acquired);
static int i40e_reset(struct i40e_pf *pf);
static void i40e_rebuild(struct i40e_pf *pf, bool reinit, bool lock_acquired);
static void i40e_fdir_sb_setup(struct i40e_pf *pf);
@@ -7929,6 +7931,14 @@ void i40e_do_reset(struct i40e_pf *pf, u
dev_dbg(&pf->pdev->dev, "PFR requested\n");
i40e_handle_reset_warning(pf, lock_acquired);

+ } else if (reset_flags & I40E_PF_RESET_AND_REBUILD_FLAG) {
+ /* Request a PF Reset
+ *
+ * Resets PF and reinitializes PFs VSI.
+ */
+ i40e_prep_for_reset(pf, lock_acquired);
+ i40e_reset_and_rebuild(pf, true, lock_acquired);
+
} else if (reset_flags & BIT_ULL(__I40E_REINIT_REQUESTED)) {
int v;

--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -1567,7 +1567,7 @@ int i40e_pci_sriov_configure(struct pci_
if (num_vfs) {
if (!(pf->flags & I40E_FLAG_VEB_MODE_ENABLED)) {
pf->flags |= I40E_FLAG_VEB_MODE_ENABLED;
- i40e_do_reset_safe(pf, I40E_PF_RESET_FLAG);
+ i40e_do_reset_safe(pf, I40E_PF_RESET_AND_REBUILD_FLAG);
}
return i40e_pci_sriov_enable(pdev, num_vfs);
}
@@ -1575,7 +1575,7 @@ int i40e_pci_sriov_configure(struct pci_
if (!pci_vfs_assigned(pf->pdev)) {
i40e_free_vfs(pf);
pf->flags &= ~I40E_FLAG_VEB_MODE_ENABLED;
- i40e_do_reset_safe(pf, I40E_PF_RESET_FLAG);
+ i40e_do_reset_safe(pf, I40E_PF_RESET_AND_REBUILD_FLAG);
} else {
dev_warn(&pdev->dev, "Unable to free VFs because some are assigned to VMs.\n");
return -EINVAL;


2021-01-11 13:59:57

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 14/77] ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()

From: Rasmus Villemoes <[email protected]>

[ Upstream commit e925e0cd2a705aaacb0b907bb3691fcac3a973a4 ]

ugeth is the netdiv_priv() part of the netdevice. Accessing the memory
pointed to by ugeth (such as done by ucc_geth_memclean() and the two
of_node_puts) after free_netdev() is thus use-after-free.

Fixes: 80a9fad8e89a ("ucc_geth: fix module removal")
Signed-off-by: Rasmus Villemoes <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/freescale/ucc_geth.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/ethernet/freescale/ucc_geth.c
+++ b/drivers/net/ethernet/freescale/ucc_geth.c
@@ -3947,12 +3947,12 @@ static int ucc_geth_remove(struct platfo
struct device_node *np = ofdev->dev.of_node;

unregister_netdev(dev);
- free_netdev(dev);
ucc_geth_memclean(ugeth);
if (of_phy_is_fixed_link(np))
of_phy_deregister_fixed_link(np);
of_node_put(ugeth->ug_info->tbi_node);
of_node_put(ugeth->ug_info->phy_node);
+ free_netdev(dev);

return 0;
}


2021-01-11 14:00:21

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 17/77] net: mvpp2: Fix GoP port 3 Networking Complex Control configurations

From: Stefan Chulski <[email protected]>

[ Upstream commit 2575bc1aa9d52a62342b57a0b7d0a12146cf6aed ]

During GoP port 2 Networking Complex Control mode of operation configurations,
also GoP port 3 mode of operation was wrongly set.
Patch removes these configurations.

Fixes: f84bf386f395 ("net: mvpp2: initialize the GoP")
Acked-by: Marcin Wojtas <[email protected]>
Signed-off-by: Stefan Chulski <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
+++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c
@@ -954,7 +954,7 @@ static void mvpp22_gop_init_rgmii(struct

regmap_read(priv->sysctrl_base, GENCONF_CTRL0, &val);
if (port->gop_id == 2)
- val |= GENCONF_CTRL0_PORT0_RGMII | GENCONF_CTRL0_PORT1_RGMII;
+ val |= GENCONF_CTRL0_PORT0_RGMII;
else if (port->gop_id == 3)
val |= GENCONF_CTRL0_PORT1_RGMII_MII;
regmap_write(priv->sysctrl_base, GENCONF_CTRL0, val);


2021-01-11 14:01:32

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 15/77] ethernet: ucc_geth: set dev->max_mtu to 1518

From: Rasmus Villemoes <[email protected]>

[ Upstream commit 1385ae5c30f238f81bc6528d897c6d7a0816783f ]

All the buffers and registers are already set up appropriately for an
MTU slightly above 1500, so we just need to expose this to the
networking stack. AFAICT, there's no need to implement .ndo_change_mtu
when the receive buffers are always set up to support the max_mtu.

This fixes several warnings during boot on our mpc8309-board with an
embedded mv88e6250 switch:

mv88e6085 mdio@e0102120:10: nonfatal error -34 setting MTU 1500 on port 0
...
mv88e6085 mdio@e0102120:10: nonfatal error -34 setting MTU 1500 on port 4
ucc_geth e0102000.ethernet eth1: error -22 setting MTU to 1504 to include DSA overhead

The last line explains what the DSA stack tries to do: achieving an MTU
of 1500 on-the-wire requires that the master netdevice connected to
the CPU port supports an MTU of 1500+the tagging overhead.

Fixes: bfcb813203e6 ("net: dsa: configure the MTU for switch ports")
Reviewed-by: Andrew Lunn <[email protected]>
Signed-off-by: Rasmus Villemoes <[email protected]>
Reviewed-by: Vladimir Oltean <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/freescale/ucc_geth.c | 1 +
1 file changed, 1 insertion(+)

--- a/drivers/net/ethernet/freescale/ucc_geth.c
+++ b/drivers/net/ethernet/freescale/ucc_geth.c
@@ -3902,6 +3902,7 @@ static int ucc_geth_probe(struct platfor
INIT_WORK(&ugeth->timeout_work, ucc_geth_timeout_work);
netif_napi_add(dev, &ugeth->napi, ucc_geth_poll, 64);
dev->mtu = 1500;
+ dev->max_mtu = 1518;

ugeth->msg_enable = netif_msg_init(debug.msg_enable, UGETH_MSG_DEFAULT);
ugeth->phy_interface = phy_interface;


2021-01-11 14:02:33

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 01/77] kbuild: dont hardcode depmod path

From: Dominique Martinet <[email protected]>

commit 436e980e2ed526832de822cbf13c317a458b78e1 upstream.

depmod is not guaranteed to be in /sbin, just let make look for
it in the path like all the other invoked programs

Signed-off-by: Dominique Martinet <[email protected]>
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/Makefile
+++ b/Makefile
@@ -400,7 +400,7 @@ YACC = bison
AWK = awk
GENKSYMS = scripts/genksyms/genksyms
INSTALLKERNEL := installkernel
-DEPMOD = /sbin/depmod
+DEPMOD = depmod
PERL = perl
PYTHON = python
PYTHON2 = python2


2021-01-11 16:29:18

by Pavel Machek

[permalink] [raw]
Subject: Re: [PATCH 4.19 00/77] 4.19.167-rc1 review

Hi!

> This is the start of the stable review cycle for the 4.19.167 release.
> There are 77 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.

CIP testing did not find any problems here:

https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/pipelines/239960426

Tested-by: Pavel Machek (CIP) <[email protected]>

Best regards,
Pavel

--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Attachments:
(No filename) (665.00 B)
signature.asc (201.00 B)
Download all attachments

2021-01-11 21:57:27

by Guenter Roeck

[permalink] [raw]
Subject: Re: [PATCH 4.19 00/77] 4.19.167-rc1 review

On Mon, Jan 11, 2021 at 02:01:09PM +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.167 release.
> There are 77 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 13 Jan 2021 13:00:19 +0000.
> Anything received after that time might be too late.
>

Build results:
total: 155 pass: 155 fail: 0
Qemu test results:
total: 418 pass: 418 fail: 0

Tested-by: Guenter Roeck <[email protected]>

Guenter

2021-01-12 00:50:42

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 37/77] net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc

From: Antoine Tenart <[email protected]>

[ Upstream commit 4ae2bb81649dc03dfc95875f02126b14b773f7ab ]

Accesses to dev->xps_rxqs_map (when using dev->num_tc) should be
protected by the rtnl lock, like we do for netif_set_xps_queue. I didn't
see an actual bug being triggered, but let's be safe here and take the
rtnl lock while accessing the map in sysfs.

Fixes: 8af2c06ff4b1 ("net-sysfs: Add interface for Rx queue(s) map per Tx queue")
Signed-off-by: Antoine Tenart <[email protected]>
Reviewed-by: Alexander Duyck <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/core/net-sysfs.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)

--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
@@ -1356,23 +1356,30 @@ static struct netdev_queue_attribute xps

static ssize_t xps_rxqs_show(struct netdev_queue *queue, char *buf)
{
+ int j, len, ret, num_tc = 1, tc = 0;
struct net_device *dev = queue->dev;
struct xps_dev_maps *dev_maps;
unsigned long *mask, index;
- int j, len, num_tc = 1, tc = 0;

index = get_netdev_queue_index(queue);

+ if (!rtnl_trylock())
+ return restart_syscall();
+
if (dev->num_tc) {
num_tc = dev->num_tc;
tc = netdev_txq_to_tc(dev, index);
- if (tc < 0)
- return -EINVAL;
+ if (tc < 0) {
+ ret = -EINVAL;
+ goto err_rtnl_unlock;
+ }
}
mask = kcalloc(BITS_TO_LONGS(dev->num_rx_queues), sizeof(long),
GFP_KERNEL);
- if (!mask)
- return -ENOMEM;
+ if (!mask) {
+ ret = -ENOMEM;
+ goto err_rtnl_unlock;
+ }

rcu_read_lock();
dev_maps = rcu_dereference(dev->xps_rxqs_map);
@@ -1398,10 +1405,16 @@ static ssize_t xps_rxqs_show(struct netd
out_no_maps:
rcu_read_unlock();

+ rtnl_unlock();
+
len = bitmap_print_to_pagebuf(false, buf, mask, dev->num_rx_queues);
kfree(mask);

return len < PAGE_SIZE ? len : -EINVAL;
+
+err_rtnl_unlock:
+ rtnl_unlock();
+ return ret;
}

static ssize_t xps_rxqs_store(struct netdev_queue *queue, const char *buf,


2021-01-12 00:51:22

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 20/77] net: dcb: Validate netlink message in DCB handler

From: Petr Machata <[email protected]>

[ Upstream commit 826f328e2b7e8854dd42ea44e6519cd75018e7b1 ]

DCB uses the same handler function for both RTM_GETDCB and RTM_SETDCB
messages. dcb_doit() bounces RTM_SETDCB mesasges if the user does not have
the CAP_NET_ADMIN capability.

However, the operation to be performed is not decided from the DCB message
type, but from the DCB command. Thus DCB_CMD_*_GET commands are used for
reading DCB objects, the corresponding SET and DEL commands are used for
manipulation.

The assumption is that set-like commands will be sent via an RTM_SETDCB
message, and get-like ones via RTM_GETDCB. However, this assumption is not
enforced.

It is therefore possible to manipulate DCB objects without CAP_NET_ADMIN
capability by sending the corresponding command in an RTM_GETDCB message.
That is a bug. Fix it by validating the type of the request message against
the type used for the response.

Fixes: 2f90b8657ec9 ("ixgbe: this patch adds support for DCB to the kernel and ixgbe driver")
Signed-off-by: Petr Machata <[email protected]>
Link: https://lore.kernel.org/r/a2a9b88418f3a58ef211b718f2970128ef9e3793.1608673640.git.me@pmachata.org
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/dcb/dcbnl.c | 2 ++
1 file changed, 2 insertions(+)

--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1756,6 +1756,8 @@ static int dcb_doit(struct sk_buff *skb,
fn = &reply_funcs[dcb->cmd];
if (!fn->cb)
return -EOPNOTSUPP;
+ if (fn->type != nlh->nlmsg_type)
+ return -EPERM;

if (!tb[DCB_ATTR_IFNAME])
return -EINVAL;


2021-01-12 00:51:46

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 22/77] net: ethernet: Fix memleak in ethoc_probe

From: Dinghao Liu <[email protected]>

[ Upstream commit 5d41f9b7ee7a5a5138894f58846a4ffed601498a ]

When mdiobus_register() fails, priv->mdio allocated
by mdiobus_alloc() has not been freed, which leads
to memleak.

Fixes: e7f4dc3536a4 ("mdio: Move allocation of interrupts into core")
Signed-off-by: Dinghao Liu <[email protected]>
Reviewed-by: Andrew Lunn <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/net/ethernet/ethoc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/net/ethernet/ethoc.c
+++ b/drivers/net/ethernet/ethoc.c
@@ -1213,7 +1213,7 @@ static int ethoc_probe(struct platform_d
ret = mdiobus_register(priv->mdio);
if (ret) {
dev_err(&netdev->dev, "failed to register MDIO bus\n");
- goto free2;
+ goto free3;
}

ret = ethoc_mdio_probe(netdev);
@@ -1245,6 +1245,7 @@ error2:
netif_napi_del(&priv->napi);
error:
mdiobus_unregister(priv->mdio);
+free3:
mdiobus_free(priv->mdio);
free2:
clk_disable_unprepare(priv->clk);


2021-01-12 06:14:48

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 63/77] usb: gadget: configfs: Preserve function ordering after bind failure

From: Chandana Kishori Chiluveru <[email protected]>

commit 6cd0fe91387917be48e91385a572a69dfac2f3f7 upstream.

When binding the ConfigFS gadget to a UDC, the functions in each
configuration are added in list order. However, if usb_add_function()
fails, the failed function is put back on its configuration's
func_list and purge_configs_funcs() is called to further clean up.

purge_configs_funcs() iterates over the configurations and functions
in forward order, calling unbind() on each of the previously added
functions. But after doing so, each function gets moved to the
tail of the configuration's func_list. This results in reshuffling
the original order of the functions within a configuration such
that the failed function now appears first even though it may have
originally appeared in the middle or even end of the list. At this
point if the ConfigFS gadget is attempted to re-bind to the UDC,
the functions will be added in a different order than intended,
with the only recourse being to remove and relink the functions all
over again.

An example of this as follows:

ln -s functions/mass_storage.0 configs/c.1
ln -s functions/ncm.0 configs/c.1
ln -s functions/ffs.adb configs/c.1 # oops, forgot to start adbd
echo "<udc device>" > UDC # fails
start adbd
echo "<udc device>" > UDC # now succeeds, but...
# bind order is
# "ADB", mass_storage, ncm

[30133.118289] configfs-gadget gadget: adding 'Mass Storage Function'/ffffff810af87200 to config 'c'/ffffff817d6a2520
[30133.119875] configfs-gadget gadget: adding 'cdc_network'/ffffff80f48d1a00 to config 'c'/ffffff817d6a2520
[30133.119974] using random self ethernet address
[30133.120002] using random host ethernet address
[30133.139604] usb0: HOST MAC 3e:27:46:ba:3e:26
[30133.140015] usb0: MAC 6e:28:7e:42:66:6a
[30133.140062] configfs-gadget gadget: adding 'Function FS Gadget'/ffffff80f3868438 to config 'c'/ffffff817d6a2520
[30133.140081] configfs-gadget gadget: adding 'Function FS Gadget'/ffffff80f3868438 --> -19
[30133.140098] configfs-gadget gadget: unbind function 'Mass Storage Function'/ffffff810af87200
[30133.140119] configfs-gadget gadget: unbind function 'cdc_network'/ffffff80f48d1a00
[30133.173201] configfs-gadget a600000.dwc3: failed to start g1: -19
[30136.661933] init: starting service 'adbd'...
[30136.700126] read descriptors
[30136.700413] read strings
[30138.574484] configfs-gadget gadget: adding 'Function FS Gadget'/ffffff80f3868438 to config 'c'/ffffff817d6a2520
[30138.575497] configfs-gadget gadget: adding 'Mass Storage Function'/ffffff810af87200 to config 'c'/ffffff817d6a2520
[30138.575554] configfs-gadget gadget: adding 'cdc_network'/ffffff80f48d1a00 to config 'c'/ffffff817d6a2520
[30138.575631] using random self ethernet address
[30138.575660] using random host ethernet address
[30138.595338] usb0: HOST MAC 2e:cf:43:cd:ca:c8
[30138.597160] usb0: MAC 6a:f0:9f:ee:82:a0
[30138.791490] configfs-gadget gadget: super-speed config #1: c

Fix this by reversing the iteration order of the functions in
purge_config_funcs() when unbinding them, and adding them back to
the config's func_list at the head instead of the tail. This
ensures that we unbind and unwind back to the original list order.

Fixes: 88af8bbe4ef7 ("usb: gadget: the start of the configfs interface")
Signed-off-by: Chandana Kishori Chiluveru <[email protected]>
Signed-off-by: Jack Pham <[email protected]>
Reviewed-by: Peter Chen <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/usb/gadget/configfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/usb/gadget/configfs.c
+++ b/drivers/usb/gadget/configfs.c
@@ -1217,9 +1217,9 @@ static void purge_configs_funcs(struct g

cfg = container_of(c, struct config_usb_cfg, c);

- list_for_each_entry_safe(f, tmp, &c->functions, list) {
+ list_for_each_entry_safe_reverse(f, tmp, &c->functions, list) {

- list_move_tail(&f->list, &cfg->func_list);
+ list_move(&f->list, &cfg->func_list);
if (f->unbind) {
dev_dbg(&gi->cdev.gadget->dev,
"unbind function '%s'/%p\n",


2021-01-12 06:18:17

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 51/77] USB: serial: iuu_phoenix: fix DMA from stack

From: Johan Hovold <[email protected]>

commit 54d0a3ab80f49f19ee916def62fe067596833403 upstream.

Stack-allocated buffers cannot be used for DMA (on all architectures) so
allocate the flush command buffer using kmalloc().

Fixes: 60a8fc017103 ("USB: add iuu_phoenix driver")
Cc: stable <[email protected]> # 2.6.25
Reviewed-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
drivers/usb/serial/iuu_phoenix.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)

--- a/drivers/usb/serial/iuu_phoenix.c
+++ b/drivers/usb/serial/iuu_phoenix.c
@@ -536,23 +536,29 @@ static int iuu_uart_flush(struct usb_ser
struct device *dev = &port->dev;
int i;
int status;
- u8 rxcmd = IUU_UART_RX;
+ u8 *rxcmd;
struct iuu_private *priv = usb_get_serial_port_data(port);

if (iuu_led(port, 0xF000, 0, 0, 0xFF) < 0)
return -EIO;

+ rxcmd = kmalloc(1, GFP_KERNEL);
+ if (!rxcmd)
+ return -ENOMEM;
+
+ rxcmd[0] = IUU_UART_RX;
+
for (i = 0; i < 2; i++) {
- status = bulk_immediate(port, &rxcmd, 1);
+ status = bulk_immediate(port, rxcmd, 1);
if (status != IUU_OPERATION_OK) {
dev_dbg(dev, "%s - uart_flush_write error\n", __func__);
- return status;
+ goto out_free;
}

status = read_immediate(port, &priv->len, 1);
if (status != IUU_OPERATION_OK) {
dev_dbg(dev, "%s - uart_flush_read error\n", __func__);
- return status;
+ goto out_free;
}

if (priv->len > 0) {
@@ -560,12 +566,16 @@ static int iuu_uart_flush(struct usb_ser
status = read_immediate(port, priv->buf, priv->len);
if (status != IUU_OPERATION_OK) {
dev_dbg(dev, "%s - uart_flush_read error\n", __func__);
- return status;
+ goto out_free;
}
}
}
dev_dbg(dev, "%s - uart_flush_read OK!\n", __func__);
iuu_led(port, 0, 0xF000, 0, 0xFF);
+
+out_free:
+ kfree(rxcmd);
+
return status;
}



2021-01-12 06:27:31

by Greg Kroah-Hartman

[permalink] [raw]
Subject: [PATCH 4.19 06/77] scsi: scsi_transport_spi: Set RQF_PM for domain validation commands

From: Bart Van Assche <[email protected]>

[ Upstream commit cfefd9f8240a7b9fdd96fcd54cb029870b6d8d88 ]

Disable runtime power management during domain validation. Since a later
patch removes RQF_PREEMPT, set RQF_PM for domain validation commands such
that these are executed in the quiesced SCSI device state.

Link: https://lore.kernel.org/r/[email protected]
Cc: Alan Stern <[email protected]>
Cc: James Bottomley <[email protected]>
Cc: Woody Suwalski <[email protected]>
Cc: Can Guo <[email protected]>
Cc: Stanley Chu <[email protected]>
Cc: Ming Lei <[email protected]>
Cc: Rafael J. Wysocki <[email protected]>
Cc: Stan Johnson <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Reviewed-by: Jens Axboe <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>
Signed-off-by: Bart Van Assche <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/scsi/scsi_transport_spi.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/drivers/scsi/scsi_transport_spi.c b/drivers/scsi/scsi_transport_spi.c
index 69213842e63e0..efb9c3d902133 100644
--- a/drivers/scsi/scsi_transport_spi.c
+++ b/drivers/scsi/scsi_transport_spi.c
@@ -130,12 +130,16 @@ static int spi_execute(struct scsi_device *sdev, const void *cmd,
sshdr = &sshdr_tmp;

for(i = 0; i < DV_RETRIES; i++) {
+ /*
+ * The purpose of the RQF_PM flag below is to bypass the
+ * SDEV_QUIESCE state.
+ */
result = scsi_execute(sdev, cmd, dir, buffer, bufflen, sense,
sshdr, DV_TIMEOUT, /* retries */ 1,
REQ_FAILFAST_DEV |
REQ_FAILFAST_TRANSPORT |
REQ_FAILFAST_DRIVER,
- 0, NULL);
+ RQF_PM, NULL);
if (driver_byte(result) != DRIVER_SENSE ||
sshdr->sense_key != UNIT_ATTENTION)
break;
@@ -1018,23 +1022,26 @@ spi_dv_device(struct scsi_device *sdev)
*/
lock_system_sleep();

+ if (scsi_autopm_get_device(sdev))
+ goto unlock_system_sleep;
+
if (unlikely(spi_dv_in_progress(starget)))
- goto unlock;
+ goto put_autopm;

if (unlikely(scsi_device_get(sdev)))
- goto unlock;
+ goto put_autopm;

spi_dv_in_progress(starget) = 1;

buffer = kzalloc(len, GFP_KERNEL);

if (unlikely(!buffer))
- goto out_put;
+ goto put_sdev;

/* We need to verify that the actual device will quiesce; the
* later target quiesce is just a nice to have */
if (unlikely(scsi_device_quiesce(sdev)))
- goto out_free;
+ goto free_buffer;

scsi_target_quiesce(starget);

@@ -1054,12 +1061,16 @@ spi_dv_device(struct scsi_device *sdev)

spi_initial_dv(starget) = 1;

- out_free:
+free_buffer:
kfree(buffer);
- out_put:
+
+put_sdev:
spi_dv_in_progress(starget) = 0;
scsi_device_put(sdev);
-unlock:
+put_autopm:
+ scsi_autopm_put_device(sdev);
+
+unlock_system_sleep:
unlock_system_sleep();
}
EXPORT_SYMBOL(spi_dv_device);
--
2.27.0



2021-01-12 11:37:57

by Naresh Kamboju

[permalink] [raw]
Subject: Re: [PATCH 4.19 00/77] 4.19.167-rc1 review

On Mon, 11 Jan 2021 at 18:38, Greg Kroah-Hartman
<[email protected]> wrote:
>
> This is the start of the stable review cycle for the 4.19.167 release.
> There are 77 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 13 Jan 2021 13:00:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.167-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h

Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.

Tested-by: Linux Kernel Functional Testing <[email protected]>

Summary
------------------------------------------------------------------------

kernel: 4.19.167-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.19.y
git commit: 7f0a1a1d4ba925eedec5669d52d6ed7da84084da
git describe: v4.19.166-78-g7f0a1a1d4ba9
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-4.19.y/build/v4.19.166-78-g7f0a1a1d4ba9

No regressions (compared to build v4.19.166)

No fixes (compared to build v4.19.166)

Ran 46273 total tests in the following environments and test suites.

Environments
--------------
- arm
- arm64
- dragonboard-410c - arm64
- hi6220-hikey - arm64
- i386
- juno-r2 - arm64
- juno-r2-compat
- juno-r2-kasan
- mips
- nxp-ls2088
- qemu-arm64-clang
- qemu-arm64-kasan
- qemu-x86_64-clang
- qemu-x86_64-kasan
- qemu_arm
- qemu_arm64
- qemu_arm64-compat
- qemu_i386
- qemu_x86_64
- qemu_x86_64-compat
- s390
- sparc
- x15 - arm
- x86_64
- x86-kasan

Test Suites
-----------
* build
* linux-log-parser
* install-android-platform-tools-r2600
* ltp-controllers-tests
* ltp-dio-tests
* ltp-hugetlb-tests
* ltp-io-tests
* ltp-mm-tests
* ltp-sched-tests
* fwts
* kselftest
* libhugetlbfs
* ltp-cap_bounds-tests
* ltp-commands-tests
* ltp-containers-tests
* ltp-cpuhotplug-tests
* ltp-crypto-tests
* ltp-cve-tests
* ltp-fcntl-locktests-tests
* ltp-filecaps-tests
* ltp-fs_bind-tests
* ltp-fs_perms_simple-tests
* ltp-fsx-tests
* ltp-ipc-tests
* ltp-math-tests
* ltp-nptl-tests
* ltp-pty-tests
* ltp-securebits-tests
* ltp-syscalls-tests
* ltp-tracing-tests
* network-basic-tests
* perf
* v4l2-compliance
* ltp-fs-tests
* ltp-open-posix-tests
* kvm-unit-tests
* rcutorture
* kselftest-vsyscall-mode-none
* kselftest-vsyscall-mode-native

--
Linaro LKFT
https://lkft.linaro.org

2021-01-12 19:10:34

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH 4.19 00/77] 4.19.167-rc1 review

On Mon, Jan 11, 2021 at 05:24:15PM +0100, Pavel Machek wrote:
> Hi!
>
> > This is the start of the stable review cycle for the 4.19.167 release.
> > There are 77 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
>
> CIP testing did not find any problems here:
>
> https://gitlab.com/cip-project/cip-testing/linux-stable-rc-ci/-/pipelines/239960426
>
> Tested-by: Pavel Machek (CIP) <[email protected]>

Thanks for testing 2 of these and letting me know.

greg k-h

2021-01-12 22:19:11

by Shuah Khan

[permalink] [raw]
Subject: Re: [PATCH 4.19 00/77] 4.19.167-rc1 review

On 1/11/21 6:01 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.167 release.
> There are 77 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 13 Jan 2021 13:00:19 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.167-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>

Compiled and booted on my test system. No dmesg regressions.

Tested-by: Shuah Khan <[email protected]>

thanks,
-- Shuah

2021-01-13 11:51:49

by Pavel Machek

[permalink] [raw]
Subject: Re: [PATCH 4.19 06/77] scsi: scsi_transport_spi: Set RQF_PM for domain validation commands

Hi!

> From: Bart Van Assche <[email protected]>
>
> [ Upstream commit cfefd9f8240a7b9fdd96fcd54cb029870b6d8d88 ]
>
> Disable runtime power management during domain validation. Since a later
> patch removes RQF_PREEMPT, set RQF_PM for domain validation commands such
> that these are executed in the quiesced SCSI device state.

This and "05/77] scsi: ide: Do not set the RQF_PREEMPT flag for" do
not fix anything AFAICT. They are in series with other patches in
5.10, so they may make sense there, but I don't think we need them in
4.19.

Best regards,
Pavel


> index 69213842e63e0..efb9c3d902133 100644
> --- a/drivers/scsi/scsi_transport_spi.c
> +++ b/drivers/scsi/scsi_transport_spi.c
> @@ -130,12 +130,16 @@ static int spi_execute(struct scsi_device *sdev, const void *cmd,
> sshdr = &sshdr_tmp;
>
> for(i = 0; i < DV_RETRIES; i++) {
> + /*
> + * The purpose of the RQF_PM flag below is to bypass the
> + * SDEV_QUIESCE state.
> + */
> result = scsi_execute(sdev, cmd, dir, buffer, bufflen, sense,
> sshdr, DV_TIMEOUT, /* retries */ 1,
> REQ_FAILFAST_DEV |
> REQ_FAILFAST_TRANSPORT |
> REQ_FAILFAST_DRIVER,
> - 0, NULL);
> + RQF_PM, NULL);
> if (driver_byte(result) != DRIVER_SENSE ||
> sshdr->sense_key != UNIT_ATTENTION)
> break;
> @@ -1018,23 +1022,26 @@ spi_dv_device(struct scsi_device *sdev)
> */
> lock_system_sleep();
>
> + if (scsi_autopm_get_device(sdev))
> + goto unlock_system_sleep;
> +
> if (unlikely(spi_dv_in_progress(starget)))
> - goto unlock;
> + goto put_autopm;
>
> if (unlikely(scsi_device_get(sdev)))
> - goto unlock;
> + goto put_autopm;
>
> spi_dv_in_progress(starget) = 1;
>
> buffer = kzalloc(len, GFP_KERNEL);
>
> if (unlikely(!buffer))
> - goto out_put;
> + goto put_sdev;
>
> /* We need to verify that the actual device will quiesce; the
> * later target quiesce is just a nice to have */
> if (unlikely(scsi_device_quiesce(sdev)))
> - goto out_free;
> + goto free_buffer;
>
> scsi_target_quiesce(starget);
>
> @@ -1054,12 +1061,16 @@ spi_dv_device(struct scsi_device *sdev)
>
> spi_initial_dv(starget) = 1;
>
> - out_free:
> +free_buffer:
> kfree(buffer);
> - out_put:
> +
> +put_sdev:
> spi_dv_in_progress(starget) = 0;
> scsi_device_put(sdev);
> -unlock:
> +put_autopm:
> + scsi_autopm_put_device(sdev);
> +
> +unlock_system_sleep:
> unlock_system_sleep();
> }
> EXPORT_SYMBOL(spi_dv_device);
> --
> 2.27.0
>
>

--
http://www.livejournal.com/~pavelmachek


Attachments:
(No filename) (2.60 kB)
signature.asc (201.00 B)
Download all attachments

2021-01-14 01:46:35

by Bart Van Assche

[permalink] [raw]
Subject: Re: [PATCH 4.19 06/77] scsi: scsi_transport_spi: Set RQF_PM for domain validation commands

On 1/13/21 3:47 AM, Pavel Machek wrote:
>> From: Bart Van Assche <[email protected]>
>>
>> [ Upstream commit cfefd9f8240a7b9fdd96fcd54cb029870b6d8d88 ]
>>
>> Disable runtime power management during domain validation. Since a later
>> patch removes RQF_PREEMPT, set RQF_PM for domain validation commands such
>> that these are executed in the quiesced SCSI device state.
>
> This and "05/77] scsi: ide: Do not set the RQF_PREEMPT flag for" do
> not fix anything AFAICT. They are in series with other patches in
> 5.10, so they may make sense there, but I don't think we need them in
> 4.19.

Agreed. Please either backport the entire series of 8 patches or do not
backport any patch from that series. Selecting a subset of the patches
of that series is dangerous. As an example, applying patch 8/8 without
applying the prior patches from that series would break SCSI domain
validation. See also
https://lore.kernel.org/linux-scsi/[email protected]/

Thanks,

Bart.