This is the start of the stable review cycle for the 5.15.35 release.
There are 189 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 20 Apr 2022 12:11:14 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.35-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <[email protected]>
Linux 5.15.35-rc1
Duoming Zhou <[email protected]>
ax25: Fix UAF bugs in ax25 timers
Duoming Zhou <[email protected]>
ax25: Fix NULL pointer dereferences in ax25 timers
Duoming Zhou <[email protected]>
ax25: fix NPD bug in ax25_disconnect
Duoming Zhou <[email protected]>
ax25: fix UAF bug in ax25_send_control()
Duoming Zhou <[email protected]>
ax25: Fix refcount leaks caused by ax25_cb_del()
Duoming Zhou <[email protected]>
ax25: fix UAF bugs of net_device caused by rebinding operation
Duoming Zhou <[email protected]>
ax25: fix reference count leaks of ax25_dev
Duoming Zhou <[email protected]>
ax25: add refcount in ax25_dev to avoid UAF bugs
Srinivas Pandruvada <[email protected]>
cpufreq: intel_pstate: ITMT support for overclocked system
Alex Elder <[email protected]>
net: ipa: fix a build dependency
Miaoqian Lin <[email protected]>
soc: qcom: aoss: Fix missing put_device call in qmp_get
Steven Price <[email protected]>
cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state
Matt Roper <[email protected]>
drm/i915: Sunset igpu legacy mmap support based on GRAPHICS_VER_FULL
Chao Gao <[email protected]>
dma-direct: avoid redundant memory sync for swiotlb
Anna-Maria Behnsen <[email protected]>
timers: Fix warning condition in __run_timers()
Dongjin Yang <[email protected]>
dt-bindings: net: snps: remove duplicate name
Martin Povišer <[email protected]>
i2c: pasemi: Wait for write xfers to finish
Nadav Amit <[email protected]>
smp: Fix offline cpu check in flush_smp_call_function_queue()
Andy Shevchenko <[email protected]>
i2c: dev: check return value when calling dev_set_name()
Mikulas Patocka <[email protected]>
dm integrity: fix memory corruption when tag_size is less than digest size
Nathan Chancellor <[email protected]>
ARM: davinci: da850-evm: Avoid NULL pointer dereference
Paul Gortmaker <[email protected]>
tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
Rei Yamamoto <[email protected]>
genirq/affinity: Consider that CPUs on nodes can be unbalanced
Pawan Gupta <[email protected]>
x86/tsx: Disable TSX development mode at boot
Pawan Gupta <[email protected]>
x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits
Tomasz Moń <[email protected]>
drm/amdgpu: Enable gfxoff quirk on MacBook Pro
Melissa Wen <[email protected]>
drm/amd/display: don't ignore alpha property on pre-multiplied mode
Nicolas Dichtel <[email protected]>
ipv6: fix panic when forwarding a pkt with no in6 dev
Johannes Berg <[email protected]>
nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size
Fabio M. De Francesco <[email protected]>
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
Tao Jin <[email protected]>
ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers
Tim Crawford <[email protected]>
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
Naohiro Aota <[email protected]>
btrfs: mark resumed async balance as writing
Jia-Ju Bai <[email protected]>
btrfs: fix root ref counts in error handling in btrfs_get_root_ref
Toke Høiland-Jørgensen <[email protected]>
ath9k: Fix usage of driver-private space in tx_info
Toke Høiland-Jørgensen <[email protected]>
ath9k: Properly clear TX status area before reporting to mac80211
Ronnie Sahlberg <[email protected]>
cifs: verify that tcon is valid before dereference in cifs_kill_sb
Jason A. Donenfeld <[email protected]>
gcc-plugins: latent_entropy: use /dev/urandom
Johan Hovold <[email protected]>
memory: renesas-rpc-if: fix platform-device leak in error path
Chuck Lever <[email protected]>
SUNRPC: Fix NFSD's request deferral on RDMA transports
Oliver Upton <[email protected]>
KVM: Don't create VM debugfs files outside of the VM directory
Sean Christopherson <[email protected]>
KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded
Patrick Wang <[email protected]>
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
Minchan Kim <[email protected]>
mm: fix unexpected zeroed page mapping with zram swap
Juergen Gross <[email protected]>
mm, page_alloc: fix build_zonerefs_node()
Axel Rasmussen <[email protected]>
mm/secretmem: fix panic when growing a memfd_secret
Borislav Petkov <[email protected]>
perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
Pavel Begunkov <[email protected]>
io_uring: use nospec annotation for more indexes
Pavel Begunkov <[email protected]>
io_uring: zero tag on rsrc removal
Duoming Zhou <[email protected]>
drivers: net: slip: fix NPD bug in sl_tx_timeout()
Chandrakanth patil <[email protected]>
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
Alexey Galakhov <[email protected]>
scsi: mvsas: Add PCI ID of RocketRaid 2640
Sreekanth Reddy <[email protected]>
scsi: mpt3sas: Fail reset operation if config request timed out
Christoph Böhmwalder <[email protected]>
drbd: set QUEUE_FLAG_STABLE_WRITES
Roman Li <[email protected]>
drm/amd/display: Fix allocate_mst_payload assert on resume
Martin Leung <[email protected]>
drm/amd/display: Revert FEC check in validation
Roman Li <[email protected]>
drm/amd/display: Enable power gating before init_pipes
Matthias Schiffer <[email protected]>
spi: cadence-quadspi: fix protocol setup for non-1-1-X operations
Xiaomeng Tong <[email protected]>
myri10ge: fix an incorrect free for skb in myri10ge_sw_tso
Marcin Kozlowski <[email protected]>
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
Boqun Feng <[email protected]>
Drivers: hv: balloon: Disable balloon and hot-add accordingly
Andy Chiu <[email protected]>
net: axienet: setup mdio unconditionally
Steve Capper <[email protected]>
tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
Joey Gouly <[email protected]>
arm64: alternatives: mark patch_alternative() as `noinstr`
Jonathan Bakker <[email protected]>
regulator: wm8994: Add an off-on delay for WM8994 variant
Leo Ruan <[email protected]>
gpu: ipu-v3: Fix dev_dbg frequency output
Christian Lamparter <[email protected]>
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
Randy Dunlap <[email protected]>
net: micrel: fix KS8851_MLL Kconfig
Tyrel Datwyler <[email protected]>
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
James Smart <[email protected]>
scsi: lpfc: Fix queue failures when recovering from PCI parity error
Xiaoguang Wang <[email protected]>
scsi: target: tcmu: Fix possible page UAF
Michael Kelley <[email protected]>
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
Michael Kelley <[email protected]>
PCI: hv: Propagate coherence from VMbus device to PCI device
Andrea Parri (Microsoft) <[email protected]>
Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
QintaoShen <[email protected]>
drm/amdkfd: Check for potential null return of kmalloc_array()
Tianci Yin <[email protected]>
drm/amdgpu/vcn: improve vcn dpg stop procedure
Tushar Patel <[email protected]>
drm/amdkfd: Fix Incorrect VMIDs passed to HWS
Leo (Hanghong) Ma <[email protected]>
drm/amd/display: Update VTEM Infopacket definition
Chiawen Huang <[email protected]>
drm/amd/display: FEC check in timing validation
Charlene Liu <[email protected]>
drm/amd/display: fix audio format not updated after edid updated
Alex Deucher <[email protected]>
drm/amdgpu/gmc: use PCI BARs for APUs in passthrough
Guchun Chen <[email protected]>
drm/amdgpu: conduct a proper cleanup of PDB bo
Josef Bacik <[email protected]>
btrfs: do not warn for free space inode in cow_file_range
Darrick J. Wong <[email protected]>
btrfs: fix fallocate to use file_modified to update permissions consistently
Aurabindo Pillai <[email protected]>
drm/amd: Add USBC connector ID
Ming Lei <[email protected]>
block: fix offset/size check in bio_trim()
Jeremy Linton <[email protected]>
net: bcmgenet: Revert "Use stronger register read/writes to assure ordering"
Jason Gunthorpe <[email protected]>
vfio/pci: Fix vf_token mechanism when device-specific VF drivers are used
Khazhismel Kumykov <[email protected]>
dm mpath: only use ktime_get_ns() in historical selector
Harshit Mogalapalli <[email protected]>
cifs: potential buffer overflow in handling symlinks
Lin Ma <[email protected]>
nfc: nci: add flush_workqueue to prevent uaf
Dylan Hung <[email protected]>
net: ftgmac100: access hardware register after clock ready
Martin Willi <[email protected]>
macvlan: Fix leaking skb in source mode with nodst option
Adrian Hunter <[email protected]>
perf tools: Fix misleading add event PMU debug message
Takashi Iwai <[email protected]>
ALSA: usb-audio: Limit max buffer and period sizes per time
Takashi Iwai <[email protected]>
ALSA: usb-audio: Increase max buffer size
Athira Rajeev <[email protected]>
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
Dylan Yudaken <[email protected]>
io_uring: verify pad field is 0 in io_get_ext_arg
Dylan Yudaken <[email protected]>
io_uring: verify that resv2 is 0 in io_uring_rsrc_update2
Dylan Yudaken <[email protected]>
io_uring: move io_uring_rsrc_update2 validation
Takashi Iwai <[email protected]>
ALSA: mtpav: Don't call card private_free at probe error path
Takashi Iwai <[email protected]>
ALSA: ad1889: Fix the missing snd_card_free() call at probe error
Antoine Tenart <[email protected]>
netfilter: nf_tables: nft_parse_register can return a negative value
Petr Malat <[email protected]>
sctp: Initialize daddr on peeled off socket
Mike Christie <[email protected]>
scsi: iscsi: Fix unbound endpoint error handling
Mike Christie <[email protected]>
scsi: iscsi: Fix conn cleanup and stop race during iscsid restart
Mike Christie <[email protected]>
scsi: iscsi: Fix endpoint reuse regression
Mike Christie <[email protected]>
scsi: iscsi: Fix offload conn cleanup when iscsid restarts
Mike Christie <[email protected]>
scsi: iscsi: Move iscsi_ep_disconnect()
Ajish Koshy <[email protected]>
scsi: pm80xx: Enable upper inbound, outbound queues
Ajish Koshy <[email protected]>
scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
Karsten Graul <[email protected]>
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
Kuogee Hsieh <[email protected]>
drm/msm/dp: add fail safe mode outside of event_mutex context
Stephen Boyd <[email protected]>
drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
Rob Clark <[email protected]>
drm/msm: Fix range size vs end confusion
Florian Westphal <[email protected]>
netfilter: nft_socket: make cgroup match work in input too
Rameshkumar Sundaram <[email protected]>
cfg80211: hold bss_lock while updating nontrans_list
Benedikt Spranger <[email protected]>
net/sched: taprio: Check if socket flags are valid
Dinh Nguyen <[email protected]>
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
Michael Walle <[email protected]>
net: dsa: felix: suppress -EPROBE_DEFER errors
Marcelo Ricardo Leitner <[email protected]>
net/sched: fix initialization order when updating chain 0 head
Vadim Pasternak <[email protected]>
mlxsw: i2c: Fix initialization error flow
Vladimir Oltean <[email protected]>
net: mdio: don't defer probe forever if PHY IRQ provider is missing
Shyam Prasad N <[email protected]>
cifs: release cached dentries only if mount is complete
Linus Torvalds <[email protected]>
gpiolib: acpi: use correct format characters
Guillaume Nault <[email protected]>
veth: Ensure eth header is in skb's linear part
Vlad Buslov <[email protected]>
net/sched: flower: fix parsing of ethertype following VLAN header
Chuck Lever <[email protected]>
SUNRPC: Fix the svc_deferred_event trace class
Kyle Copperfield <[email protected]>
media: rockchip/rga: do proper error checking in probe
Cristian Marussi <[email protected]>
firmware: arm_scmi: Fix sorting of retrieved clock rates
Anilkumar Kolli <[email protected]>
Revert "ath11k: mesh: add support for 256 bitmap in blockack frames in 11ax"
Miaoqian Lin <[email protected]>
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
Cristian Marussi <[email protected]>
firmware: arm_scmi: Remove clear channel call on the TX channel
Rob Clark <[email protected]>
drm/msm: Add missing put_task_struct() in debugfs path
Takashi Iwai <[email protected]>
ALSA: nm256: Don't call card private_free at probe error path
Takashi Iwai <[email protected]>
ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb
Takashi Iwai <[email protected]>
ALSA: via82xx: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: sonicvibes: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: sc6000: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: rme96: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: rme9652: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: rme32: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: riptide: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: oxygen: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: maestro3: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: lx6464es: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: lola: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: korg1212: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: intel_hdmi: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: intel8x0: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: ice1724: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: hdspm: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: hdsp: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: galaxy: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: fm801: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: es1968: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: es1938: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: ens137x: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: emu10k1x: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: echoaudio: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: cs5535audio: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: cs4281: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: cmipci: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: ca0106: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: bt87x: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: azt3328: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: aw2: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: au88x0: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: atiixp: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: als4000: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: als300: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: ali5451: Fix the missing snd_card_free() call at probe error
Takashi Iwai <[email protected]>
ALSA: sis7019: Fix the missing error handling
Takashi Iwai <[email protected]>
ALSA: core: Add snd_card_free_on_error() helper
Naohiro Aota <[email protected]>
btrfs: release correct delalloc amount in direct IO write path
Alex Elder <[email protected]>
net: ipa: request IPA register values be retained
Alex Elder <[email protected]>
dt-bindings: net: qcom,ipa: add optional qcom,qmp property
Deepak Kumar Singh <[email protected]>
soc: qcom: aoss: Expose send for generic usecase
Nathan Chancellor <[email protected]>
btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
Filipe Manana <[email protected]>
btrfs: remove no longer used counter when reading data page
Qu Wenruo <[email protected]>
btrfs: remove unused parameter nr_pages in add_ra_bio_pages()
Woody Suwalski <[email protected]>
ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40
Richard Gong <[email protected]>
ACPI: processor idle: Allow playing dead in C3 state
Mario Limonciello <[email protected]>
ACPI: processor idle: Check for architectural support for LPI
Mario Limonciello <[email protected]>
cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function
Lin Ma <[email protected]>
hamradio: remove needs_free_netdev to avoid UAF
Lin Ma <[email protected]>
hamradio: defer 6pack kfree after unregister_netdev
Nicholas Kazlauskas <[email protected]>
drm/amd/display: Fix p-state allow debug index on dcn31
Nicholas Kazlauskas <[email protected]>
drm/amd/display: Add pstate verification and recovery for DCN31
-------------
Diffstat:
.../devicetree/bindings/net/qcom,ipa.yaml | 6 +
.../devicetree/bindings/net/snps,dwmac.yaml | 6 +-
Makefile | 4 +-
arch/arm/mach-davinci/board-da850-evm.c | 4 +-
arch/arm64/kernel/alternative.c | 6 +-
arch/arm64/kernel/cpuidle.c | 6 +-
arch/x86/include/asm/kvm_host.h | 5 +-
arch/x86/include/asm/msr-index.h | 4 +-
arch/x86/kernel/cpu/common.c | 2 +
arch/x86/kernel/cpu/cpu.h | 5 +-
arch/x86/kernel/cpu/intel.c | 7 -
arch/x86/kernel/cpu/tsx.c | 104 +++++++++++--
arch/x86/kvm/mmu/mmu.c | 20 ++-
arch/x86/kvm/x86.c | 20 ++-
block/bio.c | 2 +-
drivers/acpi/processor_idle.c | 23 ++-
drivers/ata/libata-core.c | 3 +
drivers/base/dd.c | 1 +
drivers/block/drbd/drbd_main.c | 1 +
drivers/cpufreq/intel_pstate.c | 10 ++
drivers/firmware/arm_scmi/clock.c | 3 +-
drivers/firmware/arm_scmi/driver.c | 3 +-
drivers/gpio/gpiolib-acpi.c | 4 +-
drivers/gpu/drm/amd/amdgpu/ObjectID.h | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 +
drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 5 +-
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 4 +-
drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 3 +
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 11 +-
drivers/gpu/drm/amd/amdkfd/kfd_events.c | 2 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +-
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 4 +-
.../gpu/drm/amd/display/dc/dcn10/dcn10_hubbub.c | 1 +
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 29 ++--
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 14 +-
.../gpu/drm/amd/display/dc/dcn30/dcn30_hubbub.c | 1 +
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 5 +-
.../gpu/drm/amd/display/dc/dcn301/dcn301_hubbub.c | 1 +
.../gpu/drm/amd/display/dc/dcn31/dcn31_hubbub.c | 62 ++++++++
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hwseq.c | 5 +-
.../gpu/drm/amd/display/dc/dcn31/dcn31_resource.c | 2 +-
drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h | 2 +
.../amd/display/modules/info_packet/info_packet.c | 5 +-
drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 2 +-
drivers/gpu/drm/msm/dp/dp_display.c | 6 +
drivers/gpu/drm/msm/dp/dp_panel.c | 20 +--
drivers/gpu/drm/msm/dp/dp_panel.h | 1 +
drivers/gpu/drm/msm/dsi/dsi_manager.c | 2 +-
drivers/gpu/drm/msm/msm_gem.c | 1 +
drivers/gpu/ipu-v3/ipu-di.c | 5 +-
drivers/hv/hv_balloon.c | 36 ++++-
drivers/hv/ring_buffer.c | 11 +-
drivers/hv/vmbus_drv.c | 18 ++-
drivers/i2c/busses/i2c-pasemi.c | 6 +
drivers/i2c/i2c-dev.c | 15 +-
drivers/md/dm-integrity.c | 7 +-
drivers/md/dm-ps-historical-service-time.c | 10 +-
drivers/media/platform/rockchip/rga/rga.c | 2 +-
drivers/memory/atmel-ebi.c | 23 ++-
drivers/memory/renesas-rpc-if.c | 10 +-
drivers/net/dsa/ocelot/felix_vsc9959.c | 2 +-
drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +-
drivers/net/ethernet/faraday/ftgmac100.c | 10 +-
drivers/net/ethernet/mellanox/mlxsw/i2c.c | 1 +
drivers/net/ethernet/micrel/Kconfig | 1 +
drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 6 +-
drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.c | 8 -
drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.h | 4 +
.../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 13 +-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 13 +-
drivers/net/hamradio/6pack.c | 5 +-
drivers/net/ipa/Kconfig | 1 +
drivers/net/ipa/ipa_power.c | 52 +++++++
drivers/net/ipa/ipa_power.h | 7 +
drivers/net/ipa/ipa_uc.c | 5 +
drivers/net/macvlan.c | 8 +-
drivers/net/mdio/fwnode_mdio.c | 5 +
drivers/net/slip/slip.c | 2 +-
drivers/net/usb/aqc111.c | 9 +-
drivers/net/veth.c | 2 +-
drivers/net/wireless/ath/ath11k/mac.c | 21 ++-
drivers/net/wireless/ath/ath9k/main.c | 2 +-
drivers/net/wireless/ath/ath9k/xmit.c | 33 ++--
drivers/pci/controller/pci-hyperv.c | 9 ++
drivers/perf/fsl_imx8_ddr_perf.c | 2 +-
drivers/regulator/wm8994-regulator.c | 42 +++++-
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +-
drivers/scsi/lpfc/lpfc_init.c | 2 +
drivers/scsi/megaraid/megaraid_sas.h | 3 +
drivers/scsi/megaraid/megaraid_sas_base.c | 7 +
drivers/scsi/mpt3sas/mpt3sas_config.c | 9 +-
drivers/scsi/mvsas/mv_init.c | 1 +
drivers/scsi/pm8001/pm80xx_hwi.c | 33 ++--
drivers/scsi/scsi_transport_iscsi.c | 168 +++++++++++++--------
drivers/soc/qcom/qcom_aoss.c | 58 ++++++-
drivers/spi/spi-cadence-quadspi.c | 46 ++----
drivers/target/target_core_user.c | 3 +-
drivers/vfio/pci/vfio_pci_core.c | 124 +++++++++------
fs/btrfs/block-group.c | 4 -
fs/btrfs/compression.c | 2 -
fs/btrfs/disk-io.c | 5 +-
fs/btrfs/extent_io.c | 5 +-
fs/btrfs/file.c | 13 +-
fs/btrfs/inode.c | 7 +-
fs/btrfs/volumes.c | 2 +
fs/cifs/cifsfs.c | 28 ++--
fs/cifs/link.c | 3 +
fs/io_uring.c | 24 +--
include/asm-generic/tlb.h | 10 +-
include/linux/soc/qcom/qcom_aoss.h | 38 +++++
include/linux/sunrpc/svc.h | 1 +
include/linux/vfio_pci_core.h | 2 +
include/net/ax25.h | 12 ++
include/net/flow_dissector.h | 2 +
include/scsi/scsi_transport_iscsi.h | 2 +
include/sound/core.h | 1 +
include/trace/events/sunrpc.h | 7 +-
kernel/cpu.c | 36 ++---
kernel/dma/direct.h | 3 +-
kernel/irq/affinity.c | 5 +-
kernel/smp.c | 2 +-
kernel/time/tick-sched.c | 2 +-
kernel/time/timer.c | 11 +-
mm/kmemleak.c | 8 +-
mm/page_alloc.c | 2 +-
mm/page_io.c | 54 -------
mm/secretmem.c | 17 +++
net/ax25/af_ax25.c | 38 ++++-
net/ax25/ax25_dev.c | 28 +++-
net/ax25/ax25_route.c | 13 +-
net/ax25/ax25_subr.c | 20 ++-
net/core/flow_dissector.c | 1 +
net/ipv6/ip6_output.c | 2 +-
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nft_socket.c | 7 +-
net/nfc/nci/core.c | 4 +
net/sched/cls_api.c | 2 +-
net/sched/cls_flower.c | 18 ++-
net/sched/sch_taprio.c | 3 +-
net/sctp/socket.c | 2 +-
net/smc/smc_pnet.c | 5 +-
net/sunrpc/svc_xprt.c | 3 +
net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 2 +-
net/wireless/nl80211.c | 3 +-
net/wireless/scan.c | 2 +
scripts/gcc-plugins/latent_entropy_plugin.c | 44 +++---
sound/core/init.c | 28 ++++
sound/core/pcm_misc.c | 2 +-
sound/drivers/mtpav.c | 4 +-
sound/isa/galaxy/galaxy.c | 7 +-
sound/isa/sc6000.c | 7 +-
sound/pci/ad1889.c | 10 +-
sound/pci/ali5451/ali5451.c | 10 +-
sound/pci/als300.c | 8 +-
sound/pci/als4000.c | 10 +-
sound/pci/atiixp.c | 10 +-
sound/pci/atiixp_modem.c | 10 +-
sound/pci/au88x0/au88x0.c | 8 +-
sound/pci/aw2/aw2-alsa.c | 8 +-
sound/pci/azt3328.c | 8 +-
sound/pci/bt87x.c | 10 +-
sound/pci/ca0106/ca0106_main.c | 10 +-
sound/pci/cmipci.c | 8 +-
sound/pci/cs4281.c | 10 +-
sound/pci/cs5535audio/cs5535audio.c | 10 +-
sound/pci/echoaudio/echoaudio.c | 9 +-
sound/pci/emu10k1/emu10k1x.c | 10 +-
sound/pci/ens1370.c | 10 +-
sound/pci/es1938.c | 10 +-
sound/pci/es1968.c | 10 +-
sound/pci/fm801.c | 10 +-
sound/pci/hda/patch_realtek.c | 2 +
sound/pci/ice1712/ice1724.c | 10 +-
sound/pci/intel8x0.c | 10 +-
sound/pci/intel8x0m.c | 10 +-
sound/pci/korg1212/korg1212.c | 8 +-
sound/pci/lola/lola.c | 10 +-
sound/pci/lx6464es/lx6464es.c | 8 +-
sound/pci/maestro3.c | 8 +-
sound/pci/nm256/nm256.c | 2 +-
sound/pci/oxygen/oxygen_lib.c | 12 +-
sound/pci/riptide/riptide.c | 8 +-
sound/pci/rme32.c | 8 +-
sound/pci/rme96.c | 10 +-
sound/pci/rme9652/hdsp.c | 8 +-
sound/pci/rme9652/hdspm.c | 8 +-
sound/pci/rme9652/rme9652.c | 8 +-
sound/pci/sis7019.c | 14 +-
sound/pci/sonicvibes.c | 10 +-
sound/pci/via82xx.c | 10 +-
sound/pci/via82xx_modem.c | 10 +-
sound/usb/pcm.c | 16 +-
sound/x86/intel_hdmi_audio.c | 7 +-
tools/arch/x86/include/asm/msr-index.h | 4 +-
tools/perf/util/parse-events.c | 5 +-
tools/testing/selftests/mqueue/mq_perf_tests.c | 25 ++-
virt/kvm/kvm_main.c | 10 +-
202 files changed, 1652 insertions(+), 654 deletions(-)
From: Takashi Iwai <[email protected]>
commit ae86bf5c2a8d81418eadf1c31dd9253b609e3093 upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() on the error from the
probe callback using a new helper function.
Fixes: 5c0939253c3c ("ALSA: maestro3: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/maestro3.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/sound/pci/maestro3.c b/sound/pci/maestro3.c
index 056838ead21d..261850775c80 100644
--- a/sound/pci/maestro3.c
+++ b/sound/pci/maestro3.c
@@ -2637,7 +2637,7 @@ snd_m3_create(struct snd_card *card, struct pci_dev *pci,
/*
*/
static int
-snd_m3_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
+__snd_m3_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
{
static int dev;
struct snd_card *card;
@@ -2702,6 +2702,12 @@ snd_m3_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
return 0;
}
+static int
+snd_m3_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
+{
+ return snd_card_free_on_error(&pci->dev, __snd_m3_probe(pci, pci_id));
+}
+
static struct pci_driver m3_driver = {
.name = KBUILD_MODNAME,
.id_table = snd_m3_ids,
--
2.35.2
From: Minchan Kim <[email protected]>
commit e914d8f00391520ecc4495dd0ca0124538ab7119 upstream.
Two processes under CLONE_VM cloning, user process can be corrupted by
seeing zeroed page unexpectedly.
CPU A CPU B
do_swap_page do_swap_page
SWP_SYNCHRONOUS_IO path SWP_SYNCHRONOUS_IO path
swap_readpage valid data
swap_slot_free_notify
delete zram entry
swap_readpage zeroed(invalid) data
pte_lock
map the *zero data* to userspace
pte_unlock
pte_lock
if (!pte_same)
goto out_nomap;
pte_unlock
return and next refault will
read zeroed data
The swap_slot_free_notify is bogus for CLONE_VM case since it doesn't
increase the refcount of swap slot at copy_mm so it couldn't catch up
whether it's safe or not to discard data from backing device. In the
case, only the lock it could rely on to synchronize swap slot freeing is
page table lock. Thus, this patch gets rid of the swap_slot_free_notify
function. With this patch, CPU A will see correct data.
CPU A CPU B
do_swap_page do_swap_page
SWP_SYNCHRONOUS_IO path SWP_SYNCHRONOUS_IO path
swap_readpage original data
pte_lock
map the original data
swap_free
swap_range_free
bd_disk->fops->swap_slot_free_notify
swap_readpage read zeroed data
pte_unlock
pte_lock
if (!pte_same)
goto out_nomap;
pte_unlock
return
on next refault will see mapped data by CPU B
The concern of the patch would increase memory consumption since it
could keep wasted memory with compressed form in zram as well as
uncompressed form in address space. However, most of cases of zram uses
no readahead and do_swap_page is followed by swap_free so it will free
the compressed form from in zram quickly.
Link: https://lkml.kernel.org/r/[email protected]
Fixes: 0bcac06f27d7 ("mm, swap: skip swapcache for swapin of synchronous device")
Reported-by: Ivan Babrou <[email protected]>
Tested-by: Ivan Babrou <[email protected]>
Signed-off-by: Minchan Kim <[email protected]>
Cc: Nitin Gupta <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: Jens Axboe <[email protected]>
Cc: David Hildenbrand <[email protected]>
Cc: <[email protected]> [4.14+]
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/page_io.c | 54 ------------------------------------------------------
1 file changed, 54 deletions(-)
--- a/mm/page_io.c
+++ b/mm/page_io.c
@@ -50,54 +50,6 @@ void end_swap_bio_write(struct bio *bio)
bio_put(bio);
}
-static void swap_slot_free_notify(struct page *page)
-{
- struct swap_info_struct *sis;
- struct gendisk *disk;
- swp_entry_t entry;
-
- /*
- * There is no guarantee that the page is in swap cache - the software
- * suspend code (at least) uses end_swap_bio_read() against a non-
- * swapcache page. So we must check PG_swapcache before proceeding with
- * this optimization.
- */
- if (unlikely(!PageSwapCache(page)))
- return;
-
- sis = page_swap_info(page);
- if (data_race(!(sis->flags & SWP_BLKDEV)))
- return;
-
- /*
- * The swap subsystem performs lazy swap slot freeing,
- * expecting that the page will be swapped out again.
- * So we can avoid an unnecessary write if the page
- * isn't redirtied.
- * This is good for real swap storage because we can
- * reduce unnecessary I/O and enhance wear-leveling
- * if an SSD is used as the as swap device.
- * But if in-memory swap device (eg zram) is used,
- * this causes a duplicated copy between uncompressed
- * data in VM-owned memory and compressed data in
- * zram-owned memory. So let's free zram-owned memory
- * and make the VM-owned decompressed page *dirty*,
- * so the page should be swapped out somewhere again if
- * we again wish to reclaim it.
- */
- disk = sis->bdev->bd_disk;
- entry.val = page_private(page);
- if (disk->fops->swap_slot_free_notify && __swap_count(entry) == 1) {
- unsigned long offset;
-
- offset = swp_offset(entry);
-
- SetPageDirty(page);
- disk->fops->swap_slot_free_notify(sis->bdev,
- offset);
- }
-}
-
static void end_swap_bio_read(struct bio *bio)
{
struct page *page = bio_first_page_all(bio);
@@ -113,7 +65,6 @@ static void end_swap_bio_read(struct bio
}
SetPageUptodate(page);
- swap_slot_free_notify(page);
out:
unlock_page(page);
WRITE_ONCE(bio->bi_private, NULL);
@@ -392,11 +343,6 @@ int swap_readpage(struct page *page, boo
if (sis->flags & SWP_SYNCHRONOUS_IO) {
ret = bdev_read_page(sis->bdev, swap_page_sector(page), page);
if (!ret) {
- if (trylock_page(page)) {
- swap_slot_free_notify(page);
- unlock_page(page);
- }
-
count_vm_event(PSWPIN);
goto out;
}
From: Takashi Iwai <[email protected]>
commit b087a381d7386ec95803222d0d9b1ac499550713 upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() on the error from the
probe callback using a new helper function.
Fixes: 2ca6cbde6ad7 ("ALSA: sonicvibes: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/sonicvibes.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/sound/pci/sonicvibes.c b/sound/pci/sonicvibes.c
index c8c49881008f..f91cbf6eeca0 100644
--- a/sound/pci/sonicvibes.c
+++ b/sound/pci/sonicvibes.c
@@ -1387,8 +1387,8 @@ static int snd_sonicvibes_midi(struct sonicvibes *sonic,
return 0;
}
-static int snd_sonic_probe(struct pci_dev *pci,
- const struct pci_device_id *pci_id)
+static int __snd_sonic_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
{
static int dev;
struct snd_card *card;
@@ -1459,6 +1459,12 @@ static int snd_sonic_probe(struct pci_dev *pci,
return 0;
}
+static int snd_sonic_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
+{
+ return snd_card_free_on_error(&pci->dev, __snd_sonic_probe(pci, pci_id));
+}
+
static struct pci_driver sonicvibes_driver = {
.name = KBUILD_MODNAME,
.id_table = snd_sonic_ids,
--
2.35.2
From: Takashi Iwai <[email protected]>
commit f37019b6bfe2e13cc536af0e6a42ed62005392ae upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() on the error from the
probe callback using a new helper function.
Fixes: 2b377c6b6012 ("ALSA: emu10k1x: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/emu10k1/emu10k1x.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/sound/pci/emu10k1/emu10k1x.c b/sound/pci/emu10k1/emu10k1x.c
index c49c44dc1082..89043392f3ec 100644
--- a/sound/pci/emu10k1/emu10k1x.c
+++ b/sound/pci/emu10k1/emu10k1x.c
@@ -1491,8 +1491,8 @@ static int snd_emu10k1x_midi(struct emu10k1x *emu)
return 0;
}
-static int snd_emu10k1x_probe(struct pci_dev *pci,
- const struct pci_device_id *pci_id)
+static int __snd_emu10k1x_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
{
static int dev;
struct snd_card *card;
@@ -1554,6 +1554,12 @@ static int snd_emu10k1x_probe(struct pci_dev *pci,
return 0;
}
+static int snd_emu10k1x_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
+{
+ return snd_card_free_on_error(&pci->dev, __snd_emu10k1x_probe(pci, pci_id));
+}
+
// PCI IDs
static const struct pci_device_id snd_emu10k1x_ids[] = {
{ PCI_VDEVICE(CREATIVE, 0x0006), 0 }, /* Dell OEM version (EMU10K1) */
--
2.35.2
From: Duoming Zhou <[email protected]>
commit 87563a043cef044fed5db7967a75741cc16ad2b1 upstream.
The previous commit d01ffb9eee4a ("ax25: add refcount in ax25_dev
to avoid UAF bugs") introduces refcount into ax25_dev, but there
are reference leak paths in ax25_ctl_ioctl(), ax25_fwd_ioctl(),
ax25_rt_add(), ax25_rt_del() and ax25_rt_opt().
This patch uses ax25_dev_put() and adjusts the position of
ax25_addr_ax25dev() to fix reference cout leaks of ax25_dev.
Fixes: d01ffb9eee4a ("ax25: add refcount in ax25_dev to avoid UAF bugs")
Signed-off-by: Duoming Zhou <[email protected]>
Reviewed-by: Dan Carpenter <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
[OP: backport to 5.15: adjust context]
Signed-off-by: Ovidiu Panait <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/net/ax25.h | 8 +++++---
net/ax25/af_ax25.c | 12 ++++++++----
net/ax25/ax25_dev.c | 24 +++++++++++++++++-------
net/ax25/ax25_route.c | 16 +++++++++++-----
4 files changed, 41 insertions(+), 19 deletions(-)
--- a/include/net/ax25.h
+++ b/include/net/ax25.h
@@ -291,10 +291,12 @@ static __inline__ void ax25_cb_put(ax25_
}
}
-#define ax25_dev_hold(__ax25_dev) \
- refcount_inc(&((__ax25_dev)->refcount))
+static inline void ax25_dev_hold(ax25_dev *ax25_dev)
+{
+ refcount_inc(&ax25_dev->refcount);
+}
-static __inline__ void ax25_dev_put(ax25_dev *ax25_dev)
+static inline void ax25_dev_put(ax25_dev *ax25_dev)
{
if (refcount_dec_and_test(&ax25_dev->refcount)) {
kfree(ax25_dev);
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -366,21 +366,25 @@ static int ax25_ctl_ioctl(const unsigned
if (copy_from_user(&ax25_ctl, arg, sizeof(ax25_ctl)))
return -EFAULT;
- if ((ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr)) == NULL)
- return -ENODEV;
-
if (ax25_ctl.digi_count > AX25_MAX_DIGIS)
return -EINVAL;
if (ax25_ctl.arg > ULONG_MAX / HZ && ax25_ctl.cmd != AX25_KILL)
return -EINVAL;
+ ax25_dev = ax25_addr_ax25dev(&ax25_ctl.port_addr);
+ if (!ax25_dev)
+ return -ENODEV;
+
digi.ndigi = ax25_ctl.digi_count;
for (k = 0; k < digi.ndigi; k++)
digi.calls[k] = ax25_ctl.digi_addr[k];
- if ((ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev)) == NULL)
+ ax25 = ax25_find_cb(&ax25_ctl.source_addr, &ax25_ctl.dest_addr, &digi, ax25_dev->dev);
+ if (!ax25) {
+ ax25_dev_put(ax25_dev);
return -ENOTCONN;
+ }
switch (ax25_ctl.cmd) {
case AX25_KILL:
--- a/net/ax25/ax25_dev.c
+++ b/net/ax25/ax25_dev.c
@@ -85,8 +85,8 @@ void ax25_dev_device_up(struct net_devic
spin_lock_bh(&ax25_dev_lock);
ax25_dev->next = ax25_dev_list;
ax25_dev_list = ax25_dev;
- ax25_dev_hold(ax25_dev);
spin_unlock_bh(&ax25_dev_lock);
+ ax25_dev_hold(ax25_dev);
ax25_register_dev_sysctl(ax25_dev);
}
@@ -115,8 +115,8 @@ void ax25_dev_device_down(struct net_dev
if ((s = ax25_dev_list) == ax25_dev) {
ax25_dev_list = s->next;
- ax25_dev_put(ax25_dev);
spin_unlock_bh(&ax25_dev_lock);
+ ax25_dev_put(ax25_dev);
dev->ax25_ptr = NULL;
dev_put(dev);
ax25_dev_put(ax25_dev);
@@ -126,8 +126,8 @@ void ax25_dev_device_down(struct net_dev
while (s != NULL && s->next != NULL) {
if (s->next == ax25_dev) {
s->next = ax25_dev->next;
- ax25_dev_put(ax25_dev);
spin_unlock_bh(&ax25_dev_lock);
+ ax25_dev_put(ax25_dev);
dev->ax25_ptr = NULL;
dev_put(dev);
ax25_dev_put(ax25_dev);
@@ -150,25 +150,35 @@ int ax25_fwd_ioctl(unsigned int cmd, str
switch (cmd) {
case SIOCAX25ADDFWD:
- if ((fwd_dev = ax25_addr_ax25dev(&fwd->port_to)) == NULL)
+ fwd_dev = ax25_addr_ax25dev(&fwd->port_to);
+ if (!fwd_dev) {
+ ax25_dev_put(ax25_dev);
return -EINVAL;
- if (ax25_dev->forward != NULL)
+ }
+ if (ax25_dev->forward) {
+ ax25_dev_put(fwd_dev);
+ ax25_dev_put(ax25_dev);
return -EINVAL;
+ }
ax25_dev->forward = fwd_dev->dev;
ax25_dev_put(fwd_dev);
+ ax25_dev_put(ax25_dev);
break;
case SIOCAX25DELFWD:
- if (ax25_dev->forward == NULL)
+ if (!ax25_dev->forward) {
+ ax25_dev_put(ax25_dev);
return -EINVAL;
+ }
ax25_dev->forward = NULL;
+ ax25_dev_put(ax25_dev);
break;
default:
+ ax25_dev_put(ax25_dev);
return -EINVAL;
}
- ax25_dev_put(ax25_dev);
return 0;
}
--- a/net/ax25/ax25_route.c
+++ b/net/ax25/ax25_route.c
@@ -75,11 +75,13 @@ static int __must_check ax25_rt_add(stru
ax25_dev *ax25_dev;
int i;
- if ((ax25_dev = ax25_addr_ax25dev(&route->port_addr)) == NULL)
- return -EINVAL;
if (route->digi_count > AX25_MAX_DIGIS)
return -EINVAL;
+ ax25_dev = ax25_addr_ax25dev(&route->port_addr);
+ if (!ax25_dev)
+ return -EINVAL;
+
write_lock_bh(&ax25_route_lock);
ax25_rt = ax25_route_list;
@@ -91,6 +93,7 @@ static int __must_check ax25_rt_add(stru
if (route->digi_count != 0) {
if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
write_unlock_bh(&ax25_route_lock);
+ ax25_dev_put(ax25_dev);
return -ENOMEM;
}
ax25_rt->digipeat->lastrepeat = -1;
@@ -101,6 +104,7 @@ static int __must_check ax25_rt_add(stru
}
}
write_unlock_bh(&ax25_route_lock);
+ ax25_dev_put(ax25_dev);
return 0;
}
ax25_rt = ax25_rt->next;
@@ -108,6 +112,7 @@ static int __must_check ax25_rt_add(stru
if ((ax25_rt = kmalloc(sizeof(ax25_route), GFP_ATOMIC)) == NULL) {
write_unlock_bh(&ax25_route_lock);
+ ax25_dev_put(ax25_dev);
return -ENOMEM;
}
@@ -116,11 +121,11 @@ static int __must_check ax25_rt_add(stru
ax25_rt->dev = ax25_dev->dev;
ax25_rt->digipeat = NULL;
ax25_rt->ip_mode = ' ';
- ax25_dev_put(ax25_dev);
if (route->digi_count != 0) {
if ((ax25_rt->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {
write_unlock_bh(&ax25_route_lock);
kfree(ax25_rt);
+ ax25_dev_put(ax25_dev);
return -ENOMEM;
}
ax25_rt->digipeat->lastrepeat = -1;
@@ -133,6 +138,7 @@ static int __must_check ax25_rt_add(stru
ax25_rt->next = ax25_route_list;
ax25_route_list = ax25_rt;
write_unlock_bh(&ax25_route_lock);
+ ax25_dev_put(ax25_dev);
return 0;
}
@@ -173,8 +179,8 @@ static int ax25_rt_del(struct ax25_route
}
}
}
- ax25_dev_put(ax25_dev);
write_unlock_bh(&ax25_route_lock);
+ ax25_dev_put(ax25_dev);
return 0;
}
@@ -216,8 +222,8 @@ static int ax25_rt_opt(struct ax25_route
}
out:
- ax25_dev_put(ax25_dev);
write_unlock_bh(&ax25_route_lock);
+ ax25_dev_put(ax25_dev);
return err;
}
From: Melissa Wen <[email protected]>
commit e4f1541caf60fcbe5a59e9d25805c0b5865e546a upstream.
"Pre-multiplied" is the default pixel blend mode for KMS/DRM, as
documented in supported_modes of drm_plane_create_blend_mode_property():
https://cgit.freedesktop.org/drm/drm-misc/tree/drivers/gpu/drm/drm_blend.c
In this mode, both 'pixel alpha' and 'plane alpha' participate in the
calculation, as described by the pixel blend mode formula in KMS/DRM
documentation:
out.rgb = plane_alpha * fg.rgb +
(1 - (plane_alpha * fg.alpha)) * bg.rgb
Considering the blend config mechanisms we have in the driver so far,
the alpha mode that better fits this blend mode is the
_PER_PIXEL_ALPHA_COMBINED_GLOBAL_GAIN, where the value for global_gain
is the plane alpha (global_alpha).
With this change, alpha property stops to be ignored. It also addresses
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1734
v2:
* keep the 8-bit value for global_alpha_value (Nicholas)
* correct the logical ordering for combined global gain (Nicholas)
* apply to dcn10 too (Nicholas)
Signed-off-by: Melissa Wen <[email protected]>
Tested-by: Rodrigo Siqueira <[email protected]>
Reviewed-by: Harry Wentland <[email protected]>
Tested-by: Simon Ser <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 14 +++++++++-----
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 14 +++++++++-----
2 files changed, 18 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -2460,14 +2460,18 @@ void dcn10_update_mpcc(struct dc *dc, st
struct mpc *mpc = dc->res_pool->mpc;
struct mpc_tree *mpc_tree_params = &(pipe_ctx->stream_res.opp->mpc_tree_params);
- if (per_pixel_alpha)
- blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_PER_PIXEL_ALPHA;
- else
- blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_GLOBAL_ALPHA;
-
blnd_cfg.overlap_only = false;
blnd_cfg.global_gain = 0xff;
+ if (per_pixel_alpha && pipe_ctx->plane_state->global_alpha) {
+ blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_PER_PIXEL_ALPHA_COMBINED_GLOBAL_GAIN;
+ blnd_cfg.global_gain = pipe_ctx->plane_state->global_alpha_value;
+ } else if (per_pixel_alpha) {
+ blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_PER_PIXEL_ALPHA;
+ } else {
+ blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_GLOBAL_ALPHA;
+ }
+
if (pipe_ctx->plane_state->global_alpha)
blnd_cfg.global_alpha = pipe_ctx->plane_state->global_alpha_value;
else
--- a/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c
@@ -2297,14 +2297,18 @@ void dcn20_update_mpcc(struct dc *dc, st
struct mpc *mpc = dc->res_pool->mpc;
struct mpc_tree *mpc_tree_params = &(pipe_ctx->stream_res.opp->mpc_tree_params);
- if (per_pixel_alpha)
- blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_PER_PIXEL_ALPHA;
- else
- blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_GLOBAL_ALPHA;
-
blnd_cfg.overlap_only = false;
blnd_cfg.global_gain = 0xff;
+ if (per_pixel_alpha && pipe_ctx->plane_state->global_alpha) {
+ blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_PER_PIXEL_ALPHA_COMBINED_GLOBAL_GAIN;
+ blnd_cfg.global_gain = pipe_ctx->plane_state->global_alpha_value;
+ } else if (per_pixel_alpha) {
+ blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_PER_PIXEL_ALPHA;
+ } else {
+ blnd_cfg.alpha_mode = MPCC_ALPHA_BLEND_MODE_GLOBAL_ALPHA;
+ }
+
if (pipe_ctx->plane_state->global_alpha)
blnd_cfg.global_alpha = pipe_ctx->plane_state->global_alpha_value;
else
From: Matt Roper <[email protected]>
commit 1acb34e7dd7720a1fff00cbd4d000ec3219dc9d6 upstream.
The intent of the version check in the mmap ioctl was to maintain
support for existing platforms (i.e., ADL/RPL and earlier), but drop
support on all future igpu platforms. As we've seen on the dgpu side,
the hardware teams are using a more fine-grained numbering system for IP
version numbers these days, so it's possible the version number
associated with our next igpu could be some form of "12.xx" rather than
13 or higher. Comparing against the full ver.release number will ensure
the intent of the check is maintained no matter what numbering the
hardware teams settle on.
Fixes: d3f3baa3562a ("drm/i915: Reinstate the mmap ioctl for some platforms")
Cc: Thomas Hellström <[email protected]>
Cc: Lucas De Marchi <[email protected]>
Signed-off-by: Matt Roper <[email protected]>
Reviewed-by: Lucas De Marchi <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
(cherry picked from commit 8e7e5c077cd57ee9a36d58c65f07257dc49a88d5)
Signed-off-by: Joonas Lahtinen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
@@ -66,7 +66,7 @@ i915_gem_mmap_ioctl(struct drm_device *d
* mmap ioctl is disallowed for all discrete platforms,
* and for all platforms with GRAPHICS_VER > 12.
*/
- if (IS_DGFX(i915) || GRAPHICS_VER(i915) > 12)
+ if (IS_DGFX(i915) || GRAPHICS_VER_FULL(i915) > IP_VER(12, 0))
return -EOPNOTSUPP;
if (args->flags & ~(I915_MMAP_WC))
On 2022-04-18 14:10, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.35 release.
> There are 189 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn31/dcn31_hubbub.c: In function hubbub31_verify_allow_pstate_change_high':
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn31/dcn31_hubbub.c:994:17: error: implicit declaration of function 'udelay' [-Werror=implicit-function-declaration]
994 | udelay(1);
| ^~~~~~
Caused by "drm-amd-display-add-pstate-verification-and-recovery-for-dcn31.patch".
Explicitly includng <linux/delay.h> in dcn31_hubbub.c fixes it.
Current mainline version of dcn31_hubbub.c does not explicitly include
<linux/delay.h>, so there seems to be some general inconsistency wrt.
which dcn module includes what.
CC'ing Nicholas Kazlauskas.
-h
From: Johan Hovold <[email protected]>
commit b452dbf24d7d9a990d70118462925f6ee287d135 upstream.
Make sure to free the flash platform device in the event that
registration fails during probe.
Fixes: ca7d8b980b67 ("memory: add Renesas RPC-IF driver")
Cc: [email protected] # 5.8
Cc: Sergei Shtylyov <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Krzysztof Kozlowski <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/memory/renesas-rpc-if.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/memory/renesas-rpc-if.c
+++ b/drivers/memory/renesas-rpc-if.c
@@ -579,6 +579,7 @@ static int rpcif_probe(struct platform_d
struct platform_device *vdev;
struct device_node *flash;
const char *name;
+ int ret;
flash = of_get_next_child(pdev->dev.of_node, NULL);
if (!flash) {
@@ -602,7 +603,14 @@ static int rpcif_probe(struct platform_d
return -ENOMEM;
vdev->dev.parent = &pdev->dev;
platform_set_drvdata(pdev, vdev);
- return platform_device_add(vdev);
+
+ ret = platform_device_add(vdev);
+ if (ret) {
+ platform_device_put(vdev);
+ return ret;
+ }
+
+ return 0;
}
static int rpcif_remove(struct platform_device *pdev)
From: Jonathan Bakker <[email protected]>
[ Upstream commit 92d96b603738ec4f35cde7198c303ae264dd47cb ]
As per Table 130 of the wm8994 datasheet at [1], there is an off-on
delay for LDO1 and LDO2. In the wm8958 datasheet [2], I could not
find any reference to it. I could not find a wm1811 datasheet to
double-check there, but as no one has complained presumably it works
without it.
This solves the issue on Samsung Aries boards with a wm8994 where
register writes fail when the device is powered off and back-on
quickly.
[1] https://statics.cirrus.com/pubs/proDatasheet/WM8994_Rev4.6.pdf
[2] https://statics.cirrus.com/pubs/proDatasheet/WM8958_v3.5.pdf
Signed-off-by: Jonathan Bakker <[email protected]>
Acked-by: Charles Keepax <[email protected]>
Link: https://lore.kernel.org/r/CY4PR04MB056771CFB80DC447C30D5A31CB1D9@CY4PR04MB0567.namprd04.prod.outlook.com
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/regulator/wm8994-regulator.c | 42 ++++++++++++++++++++++++++--
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git a/drivers/regulator/wm8994-regulator.c b/drivers/regulator/wm8994-regulator.c
index cadea0344486..40befdd9dfa9 100644
--- a/drivers/regulator/wm8994-regulator.c
+++ b/drivers/regulator/wm8994-regulator.c
@@ -71,6 +71,35 @@ static const struct regulator_ops wm8994_ldo2_ops = {
};
static const struct regulator_desc wm8994_ldo_desc[] = {
+ {
+ .name = "LDO1",
+ .id = 1,
+ .type = REGULATOR_VOLTAGE,
+ .n_voltages = WM8994_LDO1_MAX_SELECTOR + 1,
+ .vsel_reg = WM8994_LDO_1,
+ .vsel_mask = WM8994_LDO1_VSEL_MASK,
+ .ops = &wm8994_ldo1_ops,
+ .min_uV = 2400000,
+ .uV_step = 100000,
+ .enable_time = 3000,
+ .off_on_delay = 36000,
+ .owner = THIS_MODULE,
+ },
+ {
+ .name = "LDO2",
+ .id = 2,
+ .type = REGULATOR_VOLTAGE,
+ .n_voltages = WM8994_LDO2_MAX_SELECTOR + 1,
+ .vsel_reg = WM8994_LDO_2,
+ .vsel_mask = WM8994_LDO2_VSEL_MASK,
+ .ops = &wm8994_ldo2_ops,
+ .enable_time = 3000,
+ .off_on_delay = 36000,
+ .owner = THIS_MODULE,
+ },
+};
+
+static const struct regulator_desc wm8958_ldo_desc[] = {
{
.name = "LDO1",
.id = 1,
@@ -172,9 +201,16 @@ static int wm8994_ldo_probe(struct platform_device *pdev)
* regulator core and we need not worry about it on the
* error path.
*/
- ldo->regulator = devm_regulator_register(&pdev->dev,
- &wm8994_ldo_desc[id],
- &config);
+ if (ldo->wm8994->type == WM8994) {
+ ldo->regulator = devm_regulator_register(&pdev->dev,
+ &wm8994_ldo_desc[id],
+ &config);
+ } else {
+ ldo->regulator = devm_regulator_register(&pdev->dev,
+ &wm8958_ldo_desc[id],
+ &config);
+ }
+
if (IS_ERR(ldo->regulator)) {
ret = PTR_ERR(ldo->regulator);
dev_err(wm8994->dev, "Failed to register LDO%d: %d\n",
--
2.35.1
From: Qu Wenruo <[email protected]>
commit cd9255be6980012ad54f2d4fd3941bc2586e43e5 upstream.
Variable @nr_pages only gets increased but never used. Remove it.
Signed-off-by: Qu Wenruo <[email protected]>
Signed-off-by: David Sterba <[email protected]>
Cc: Nathan Chancellor <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
fs/btrfs/compression.c | 2 --
1 file changed, 2 deletions(-)
--- a/fs/btrfs/compression.c
+++ b/fs/btrfs/compression.c
@@ -550,7 +550,6 @@ static noinline int add_ra_bio_pages(str
u64 isize = i_size_read(inode);
int ret;
struct page *page;
- unsigned long nr_pages = 0;
struct extent_map *em;
struct address_space *mapping = inode->i_mapping;
struct extent_map_tree *em_tree;
@@ -646,7 +645,6 @@ static noinline int add_ra_bio_pages(str
PAGE_SIZE, 0);
if (ret == PAGE_SIZE) {
- nr_pages++;
put_page(page);
} else {
unlock_extent(tree, last_offset, end);
From: Tim Crawford <[email protected]>
commit 9eb6f5c388060d8cef3c8b616cc31b765e022359 upstream.
Fixes speaker output and headset detection on Clevo PD50PNT.
Signed-off-by: Tim Crawford <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2614,6 +2614,7 @@ static const struct snd_pci_quirk alc882
SND_PCI_QUIRK(0x1558, 0x65e1, "Clevo PB51[ED][DF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x65e5, "Clevo PC50D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x65f1, "Clevo PC50HS", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x65f5, "Clevo PD50PN[NRT]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67d1, "Clevo PB71[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67e1, "Clevo PB71[DE][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67e5, "Clevo PC70D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
From: James Smart <[email protected]>
[ Upstream commit df0101197c4d9596682901631f3ee193ed354873 ]
When recovering from a pci-parity error the driver is failing to re-create
queues, causing recovery to fail. Looking deeper, it was found that the
interrupt vector count allocated on the recovery was fewer than the vectors
originally allocated. This disparity resulted in CPU map entries with stale
information. When the driver tries to re-create the queues, it attempts to
use the stale information which indicates an eq/interrupt vector that was
no longer created.
Fix by clearng the cpup map array before enabling and requesting the IRQs
in the lpfc_sli_reset_slot_s4 routine().
Link: https://lore.kernel.org/r/[email protected]
Co-developed-by: Justin Tee <[email protected]>
Signed-off-by: Justin Tee <[email protected]>
Signed-off-by: James Smart <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/scsi/lpfc/lpfc_init.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 3eebcae52784..16246526e4c1 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -15105,6 +15105,8 @@ lpfc_io_slot_reset_s4(struct pci_dev *pdev)
psli->sli_flag &= ~LPFC_SLI_ACTIVE;
spin_unlock_irq(&phba->hbalock);
+ /* Init cpu_map array */
+ lpfc_cpu_map_array_init(phba);
/* Configure and enable interrupt */
intr_mode = lpfc_sli4_enable_intr(phba, phba->intr_mode);
if (intr_mode == LPFC_INTR_ERROR) {
--
2.35.1
From: Mike Christie <[email protected]>
[ Upstream commit c34f95e98d8fb750eefd4f3fe58b4f8b5e89253b ]
This patch moves iscsi_ep_disconnect() so it can be called earlier in the
next patch.
Link: https://lore.kernel.org/r/[email protected]
Tested-by: Manish Rangankar <[email protected]>
Reviewed-by: Lee Duncan <[email protected]>
Reviewed-by: Chris Leech <[email protected]>
Signed-off-by: Mike Christie <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/scsi/scsi_transport_iscsi.c | 38 ++++++++++++++---------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
index 554b6f784223..126f6f23bffa 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -2236,6 +2236,25 @@ static void iscsi_stop_conn(struct iscsi_cls_conn *conn, int flag)
ISCSI_DBG_TRANS_CONN(conn, "Stopping conn done.\n");
}
+static void iscsi_ep_disconnect(struct iscsi_cls_conn *conn, bool is_active)
+{
+ struct iscsi_cls_session *session = iscsi_conn_to_session(conn);
+ struct iscsi_endpoint *ep;
+
+ ISCSI_DBG_TRANS_CONN(conn, "disconnect ep.\n");
+ conn->state = ISCSI_CONN_FAILED;
+
+ if (!conn->ep || !session->transport->ep_disconnect)
+ return;
+
+ ep = conn->ep;
+ conn->ep = NULL;
+
+ session->transport->unbind_conn(conn, is_active);
+ session->transport->ep_disconnect(ep);
+ ISCSI_DBG_TRANS_CONN(conn, "disconnect ep done.\n");
+}
+
static int iscsi_if_stop_conn(struct iscsi_transport *transport,
struct iscsi_uevent *ev)
{
@@ -2276,25 +2295,6 @@ static int iscsi_if_stop_conn(struct iscsi_transport *transport,
return 0;
}
-static void iscsi_ep_disconnect(struct iscsi_cls_conn *conn, bool is_active)
-{
- struct iscsi_cls_session *session = iscsi_conn_to_session(conn);
- struct iscsi_endpoint *ep;
-
- ISCSI_DBG_TRANS_CONN(conn, "disconnect ep.\n");
- conn->state = ISCSI_CONN_FAILED;
-
- if (!conn->ep || !session->transport->ep_disconnect)
- return;
-
- ep = conn->ep;
- conn->ep = NULL;
-
- session->transport->unbind_conn(conn, is_active);
- session->transport->ep_disconnect(ep);
- ISCSI_DBG_TRANS_CONN(conn, "disconnect ep done.\n");
-}
-
static void iscsi_cleanup_conn_work_fn(struct work_struct *work)
{
struct iscsi_cls_conn *conn = container_of(work, struct iscsi_cls_conn,
--
2.35.1
From: Takashi Iwai <[email protected]>
commit 71b21f5f8970a87f034138454ebeff0608d24875 upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() on the error from the
probe callback using a new helper function.
Fixes: 7835e0901e24 ("ALSA: intel8x0: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/intel8x0.c | 10 ++++++++--
sound/pci/intel8x0m.c | 10 ++++++++--
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/sound/pci/intel8x0.c b/sound/pci/intel8x0.c
index a51032b3ac4d..ae285c0a629c 100644
--- a/sound/pci/intel8x0.c
+++ b/sound/pci/intel8x0.c
@@ -3109,8 +3109,8 @@ static int check_default_spdif_aclink(struct pci_dev *pci)
return 0;
}
-static int snd_intel8x0_probe(struct pci_dev *pci,
- const struct pci_device_id *pci_id)
+static int __snd_intel8x0_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
{
struct snd_card *card;
struct intel8x0 *chip;
@@ -3189,6 +3189,12 @@ static int snd_intel8x0_probe(struct pci_dev *pci,
return 0;
}
+static int snd_intel8x0_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
+{
+ return snd_card_free_on_error(&pci->dev, __snd_intel8x0_probe(pci, pci_id));
+}
+
static struct pci_driver intel8x0_driver = {
.name = KBUILD_MODNAME,
.id_table = snd_intel8x0_ids,
diff --git a/sound/pci/intel8x0m.c b/sound/pci/intel8x0m.c
index 7de3cb2f17b5..2845cc006d0c 100644
--- a/sound/pci/intel8x0m.c
+++ b/sound/pci/intel8x0m.c
@@ -1178,8 +1178,8 @@ static struct shortname_table {
{ 0 },
};
-static int snd_intel8x0m_probe(struct pci_dev *pci,
- const struct pci_device_id *pci_id)
+static int __snd_intel8x0m_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
{
struct snd_card *card;
struct intel8x0m *chip;
@@ -1225,6 +1225,12 @@ static int snd_intel8x0m_probe(struct pci_dev *pci,
return 0;
}
+static int snd_intel8x0m_probe(struct pci_dev *pci,
+ const struct pci_device_id *pci_id)
+{
+ return snd_card_free_on_error(&pci->dev, __snd_intel8x0m_probe(pci, pci_id));
+}
+
static struct pci_driver intel8x0m_driver = {
.name = KBUILD_MODNAME,
.id_table = snd_intel8x0m_ids,
--
2.35.2
From: Nicholas Kazlauskas <[email protected]>
commit 3107e1a7ae088ee94323fe9ab05dbefd65b3077f upstream.
[Why]
It changed since dcn30 but the hubbub31 constructor hasn't been
modified to reflect this.
[How]
Update the value in the constructor to 0x6 so we're checking the right
bits for p-state allow.
It worked before by accident, but can falsely assert 0 depending on HW
state transitions. The most frequent of which appears to be when
all pipes turn off during IGT tests.
Cc: Harry Wentland <[email protected]>
Fixes: e7031d8258f1b4 ("drm/amd/display: Add pstate verification and recovery for DCN31")
Signed-off-by: Nicholas Kazlauskas <[email protected]>
Reviewed-by: Eric Yang <[email protected]>
Acked-by: Harry Wentland <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubbub.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubbub.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubbub.c
@@ -1042,5 +1042,7 @@ void hubbub31_construct(struct dcn20_hub
hubbub31->detile_buf_size = det_size_kb * 1024;
hubbub31->pixel_chunk_size = pixel_chunk_size_kb * 1024;
hubbub31->crb_size_segs = config_return_buffer_size_kb / DCN31_CRB_SEGMENT_SIZE_KB;
+
+ hubbub31->debug_test_index_pstate = 0x6;
}
From: Matthias Schiffer <[email protected]>
[ Upstream commit 97e4827d775faa9a32b5e1a97959c69dd77d17a3 ]
cqspi_set_protocol() only set the data width, but ignored the command
and address width (except for 8-8-8 DTR ops), leading to corruption of
all transfers using 1-X-X or X-X-X ops. Fix by setting the other two
widths as well.
While we're at it, simplify the code a bit by replacing the
CQSPI_INST_TYPE_* constants with ilog2().
Tested on a TI AM64x with a Macronix MX25U51245G QSPI flash with 1-4-4
read and write operations.
Signed-off-by: Matthias Schiffer <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/spi/spi-cadence-quadspi.c | 46 ++++++++-----------------------
1 file changed, 12 insertions(+), 34 deletions(-)
diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c
index 101cc71bffa7..1a6294a06e72 100644
--- a/drivers/spi/spi-cadence-quadspi.c
+++ b/drivers/spi/spi-cadence-quadspi.c
@@ -18,6 +18,7 @@
#include <linux/iopoll.h>
#include <linux/jiffies.h>
#include <linux/kernel.h>
+#include <linux/log2.h>
#include <linux/module.h>
#include <linux/of_device.h>
#include <linux/of.h>
@@ -93,12 +94,6 @@ struct cqspi_driver_platdata {
#define CQSPI_TIMEOUT_MS 500
#define CQSPI_READ_TIMEOUT_MS 10
-/* Instruction type */
-#define CQSPI_INST_TYPE_SINGLE 0
-#define CQSPI_INST_TYPE_DUAL 1
-#define CQSPI_INST_TYPE_QUAD 2
-#define CQSPI_INST_TYPE_OCTAL 3
-
#define CQSPI_DUMMY_CLKS_PER_BYTE 8
#define CQSPI_DUMMY_BYTES_MAX 4
#define CQSPI_DUMMY_CLKS_MAX 31
@@ -322,10 +317,6 @@ static unsigned int cqspi_calc_dummy(const struct spi_mem_op *op, bool dtr)
static int cqspi_set_protocol(struct cqspi_flash_pdata *f_pdata,
const struct spi_mem_op *op)
{
- f_pdata->inst_width = CQSPI_INST_TYPE_SINGLE;
- f_pdata->addr_width = CQSPI_INST_TYPE_SINGLE;
- f_pdata->data_width = CQSPI_INST_TYPE_SINGLE;
-
/*
* For an op to be DTR, cmd phase along with every other non-empty
* phase should have dtr field set to 1. If an op phase has zero
@@ -335,32 +326,23 @@ static int cqspi_set_protocol(struct cqspi_flash_pdata *f_pdata,
(!op->addr.nbytes || op->addr.dtr) &&
(!op->data.nbytes || op->data.dtr);
- switch (op->data.buswidth) {
- case 0:
- break;
- case 1:
- f_pdata->data_width = CQSPI_INST_TYPE_SINGLE;
- break;
- case 2:
- f_pdata->data_width = CQSPI_INST_TYPE_DUAL;
- break;
- case 4:
- f_pdata->data_width = CQSPI_INST_TYPE_QUAD;
- break;
- case 8:
- f_pdata->data_width = CQSPI_INST_TYPE_OCTAL;
- break;
- default:
- return -EINVAL;
- }
+ f_pdata->inst_width = 0;
+ if (op->cmd.buswidth)
+ f_pdata->inst_width = ilog2(op->cmd.buswidth);
+
+ f_pdata->addr_width = 0;
+ if (op->addr.buswidth)
+ f_pdata->addr_width = ilog2(op->addr.buswidth);
+
+ f_pdata->data_width = 0;
+ if (op->data.buswidth)
+ f_pdata->data_width = ilog2(op->data.buswidth);
/* Right now we only support 8-8-8 DTR mode. */
if (f_pdata->dtr) {
switch (op->cmd.buswidth) {
case 0:
- break;
case 8:
- f_pdata->inst_width = CQSPI_INST_TYPE_OCTAL;
break;
default:
return -EINVAL;
@@ -368,9 +350,7 @@ static int cqspi_set_protocol(struct cqspi_flash_pdata *f_pdata,
switch (op->addr.buswidth) {
case 0:
- break;
case 8:
- f_pdata->addr_width = CQSPI_INST_TYPE_OCTAL;
break;
default:
return -EINVAL;
@@ -378,9 +358,7 @@ static int cqspi_set_protocol(struct cqspi_flash_pdata *f_pdata,
switch (op->data.buswidth) {
case 0:
- break;
case 8:
- f_pdata->data_width = CQSPI_INST_TYPE_OCTAL;
break;
default:
return -EINVAL;
--
2.35.1
From: Takashi Iwai <[email protected]>
commit 60797a21dd8360a99ba797f8ca587087c07bb54c upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() manually on the error
from the probe callback.
Fixes: 6f16c19b115e ("ALSA: lx6464es: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/lx6464es/lx6464es.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/sound/pci/lx6464es/lx6464es.c b/sound/pci/lx6464es/lx6464es.c
index 168a1084f730..bd9b6148dd6f 100644
--- a/sound/pci/lx6464es/lx6464es.c
+++ b/sound/pci/lx6464es/lx6464es.c
@@ -1019,7 +1019,7 @@ static int snd_lx6464es_probe(struct pci_dev *pci,
err = snd_lx6464es_create(card, pci);
if (err < 0) {
dev_err(card->dev, "error during snd_lx6464es_create\n");
- return err;
+ goto error;
}
strcpy(card->driver, "LX6464ES");
@@ -1036,12 +1036,16 @@ static int snd_lx6464es_probe(struct pci_dev *pci,
err = snd_card_register(card);
if (err < 0)
- return err;
+ goto error;
dev_dbg(chip->card->dev, "initialization successful\n");
pci_set_drvdata(pci, card);
dev++;
return 0;
+
+ error:
+ snd_card_free(card);
+ return err;
}
static struct pci_driver lx6464es_driver = {
--
2.35.2
From: Patrick Wang <[email protected]>
commit 23c2d497de21f25898fbea70aeb292ab8acc8c94 upstream.
The kmemleak_*_phys() apis do not check the address for lowmem's min
boundary, while the caller may pass an address below lowmem, which will
trigger an oops:
# echo scan > /sys/kernel/debug/kmemleak
Unable to handle kernel paging request at virtual address ff5fffffffe00000
Oops [#1]
Modules linked in:
CPU: 2 PID: 134 Comm: bash Not tainted 5.18.0-rc1-next-20220407 #33
Hardware name: riscv-virtio,qemu (DT)
epc : scan_block+0x74/0x15c
ra : scan_block+0x72/0x15c
epc : ffffffff801e5806 ra : ffffffff801e5804 sp : ff200000104abc30
gp : ffffffff815cd4e8 tp : ff60000004cfa340 t0 : 0000000000000200
t1 : 00aaaaaac23954cc t2 : 00000000000003ff s0 : ff200000104abc90
s1 : ffffffff81b0ff28 a0 : 0000000000000000 a1 : ff5fffffffe01000
a2 : ffffffff81b0ff28 a3 : 0000000000000002 a4 : 0000000000000001
a5 : 0000000000000000 a6 : ff200000104abd7c a7 : 0000000000000005
s2 : ff5fffffffe00ff9 s3 : ffffffff815cd998 s4 : ffffffff815d0e90
s5 : ffffffff81b0ff28 s6 : 0000000000000020 s7 : ffffffff815d0eb0
s8 : ffffffffffffffff s9 : ff5fffffffe00000 s10: ff5fffffffe01000
s11: 0000000000000022 t3 : 00ffffffaa17db4c t4 : 000000000000000f
t5 : 0000000000000001 t6 : 0000000000000000
status: 0000000000000100 badaddr: ff5fffffffe00000 cause: 000000000000000d
scan_gray_list+0x12e/0x1a6
kmemleak_scan+0x2aa/0x57e
kmemleak_write+0x32a/0x40c
full_proxy_write+0x56/0x82
vfs_write+0xa6/0x2a6
ksys_write+0x6c/0xe2
sys_write+0x22/0x2a
ret_from_syscall+0x0/0x2
The callers may not quite know the actual address they pass(e.g. from
devicetree). So the kmemleak_*_phys() apis should guarantee the address
they finally use is in lowmem range, so check the address for lowmem's
min boundary.
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Patrick Wang <[email protected]>
Acked-by: Catalin Marinas <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
mm/kmemleak.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -1125,7 +1125,7 @@ EXPORT_SYMBOL(kmemleak_no_scan);
void __ref kmemleak_alloc_phys(phys_addr_t phys, size_t size, int min_count,
gfp_t gfp)
{
- if (!IS_ENABLED(CONFIG_HIGHMEM) || PHYS_PFN(phys) < max_low_pfn)
+ if (PHYS_PFN(phys) >= min_low_pfn && PHYS_PFN(phys) < max_low_pfn)
kmemleak_alloc(__va(phys), size, min_count, gfp);
}
EXPORT_SYMBOL(kmemleak_alloc_phys);
@@ -1139,7 +1139,7 @@ EXPORT_SYMBOL(kmemleak_alloc_phys);
*/
void __ref kmemleak_free_part_phys(phys_addr_t phys, size_t size)
{
- if (!IS_ENABLED(CONFIG_HIGHMEM) || PHYS_PFN(phys) < max_low_pfn)
+ if (PHYS_PFN(phys) >= min_low_pfn && PHYS_PFN(phys) < max_low_pfn)
kmemleak_free_part(__va(phys), size);
}
EXPORT_SYMBOL(kmemleak_free_part_phys);
@@ -1151,7 +1151,7 @@ EXPORT_SYMBOL(kmemleak_free_part_phys);
*/
void __ref kmemleak_not_leak_phys(phys_addr_t phys)
{
- if (!IS_ENABLED(CONFIG_HIGHMEM) || PHYS_PFN(phys) < max_low_pfn)
+ if (PHYS_PFN(phys) >= min_low_pfn && PHYS_PFN(phys) < max_low_pfn)
kmemleak_not_leak(__va(phys));
}
EXPORT_SYMBOL(kmemleak_not_leak_phys);
@@ -1163,7 +1163,7 @@ EXPORT_SYMBOL(kmemleak_not_leak_phys);
*/
void __ref kmemleak_ignore_phys(phys_addr_t phys)
{
- if (!IS_ENABLED(CONFIG_HIGHMEM) || PHYS_PFN(phys) < max_low_pfn)
+ if (PHYS_PFN(phys) >= min_low_pfn && PHYS_PFN(phys) < max_low_pfn)
kmemleak_ignore(__va(phys));
}
EXPORT_SYMBOL(kmemleak_ignore_phys);
From: Takashi Iwai <[email protected]>
commit b093de145bc8769c6e9207947afad9efe102f4f6 upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() on the error from the
probe callback using a new helper function.
Fixes: e44b5b440609 ("ALSA: au88x0: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/au88x0/au88x0.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/sound/pci/au88x0/au88x0.c b/sound/pci/au88x0/au88x0.c
index 342ef2a6655e..eb234153691b 100644
--- a/sound/pci/au88x0/au88x0.c
+++ b/sound/pci/au88x0/au88x0.c
@@ -193,7 +193,7 @@ snd_vortex_create(struct snd_card *card, struct pci_dev *pci)
// constructor -- see "Constructor" sub-section
static int
-snd_vortex_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
+__snd_vortex_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
{
static int dev;
struct snd_card *card;
@@ -310,6 +310,12 @@ snd_vortex_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
return 0;
}
+static int
+snd_vortex_probe(struct pci_dev *pci, const struct pci_device_id *pci_id)
+{
+ return snd_card_free_on_error(&pci->dev, __snd_vortex_probe(pci, pci_id));
+}
+
// pci_driver definition
static struct pci_driver vortex_driver = {
.name = KBUILD_MODNAME,
--
2.35.2
From: Pawan Gupta <[email protected]>
commit 258f3b8c3210b03386e4ad92b4bd8652b5c1beb3 upstream.
tsx_clear_cpuid() uses MSR_TSX_FORCE_ABORT to clear CPUID.RTM and
CPUID.HLE. Not all CPUs support MSR_TSX_FORCE_ABORT, alternatively use
MSR_IA32_TSX_CTRL when supported.
[ bp: Document how and why TSX gets disabled. ]
Fixes: 293649307ef9 ("x86/tsx: Clear CPUID bits when TSX always force aborts")
Reported-by: kernel test robot <[email protected]>
Signed-off-by: Pawan Gupta <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Tested-by: Neelima Krishnan <[email protected]>
Cc: <[email protected]>
Link: https://lore.kernel.org/r/5b323e77e251a9c8bcdda498c5cc0095be1e1d3c.1646943780.git.pawan.kumar.gupta@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
arch/x86/kernel/cpu/intel.c | 1
arch/x86/kernel/cpu/tsx.c | 54 ++++++++++++++++++++++++++++++++++++++------
2 files changed, 48 insertions(+), 7 deletions(-)
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -722,6 +722,7 @@ static void init_intel(struct cpuinfo_x8
else if (tsx_ctrl_state == TSX_CTRL_DISABLE)
tsx_disable();
else if (tsx_ctrl_state == TSX_CTRL_RTM_ALWAYS_ABORT)
+ /* See comment over that function for more details. */
tsx_clear_cpuid();
split_lock_init();
--- a/arch/x86/kernel/cpu/tsx.c
+++ b/arch/x86/kernel/cpu/tsx.c
@@ -58,7 +58,7 @@ void tsx_enable(void)
wrmsrl(MSR_IA32_TSX_CTRL, tsx);
}
-static bool __init tsx_ctrl_is_supported(void)
+static bool tsx_ctrl_is_supported(void)
{
u64 ia32_cap = x86_read_arch_cap_msr();
@@ -84,6 +84,44 @@ static enum tsx_ctrl_states x86_get_tsx_
return TSX_CTRL_ENABLE;
}
+/*
+ * Disabling TSX is not a trivial business.
+ *
+ * First of all, there's a CPUID bit: X86_FEATURE_RTM_ALWAYS_ABORT
+ * which says that TSX is practically disabled (all transactions are
+ * aborted by default). When that bit is set, the kernel unconditionally
+ * disables TSX.
+ *
+ * In order to do that, however, it needs to dance a bit:
+ *
+ * 1. The first method to disable it is through MSR_TSX_FORCE_ABORT and
+ * the MSR is present only when *two* CPUID bits are set:
+ *
+ * - X86_FEATURE_RTM_ALWAYS_ABORT
+ * - X86_FEATURE_TSX_FORCE_ABORT
+ *
+ * 2. The second method is for CPUs which do not have the above-mentioned
+ * MSR: those use a different MSR - MSR_IA32_TSX_CTRL and disable TSX
+ * through that one. Those CPUs can also have the initially mentioned
+ * CPUID bit X86_FEATURE_RTM_ALWAYS_ABORT set and for those the same strategy
+ * applies: TSX gets disabled unconditionally.
+ *
+ * When either of the two methods are present, the kernel disables TSX and
+ * clears the respective RTM and HLE feature flags.
+ *
+ * An additional twist in the whole thing presents late microcode loading
+ * which, when done, may cause for the X86_FEATURE_RTM_ALWAYS_ABORT CPUID
+ * bit to be set after the update.
+ *
+ * A subsequent hotplug operation on any logical CPU except the BSP will
+ * cause for the supported CPUID feature bits to get re-detected and, if
+ * RTM and HLE get cleared all of a sudden, but, userspace did consult
+ * them before the update, then funny explosions will happen. Long story
+ * short: the kernel doesn't modify CPUID feature bits after booting.
+ *
+ * That's why, this function's call in init_intel() doesn't clear the
+ * feature flags.
+ */
void tsx_clear_cpuid(void)
{
u64 msr;
@@ -97,6 +135,10 @@ void tsx_clear_cpuid(void)
rdmsrl(MSR_TSX_FORCE_ABORT, msr);
msr |= MSR_TFA_TSX_CPUID_CLEAR;
wrmsrl(MSR_TSX_FORCE_ABORT, msr);
+ } else if (tsx_ctrl_is_supported()) {
+ rdmsrl(MSR_IA32_TSX_CTRL, msr);
+ msr |= TSX_CTRL_CPUID_CLEAR;
+ wrmsrl(MSR_IA32_TSX_CTRL, msr);
}
}
@@ -106,13 +148,11 @@ void __init tsx_init(void)
int ret;
/*
- * Hardware will always abort a TSX transaction if both CPUID bits
- * RTM_ALWAYS_ABORT and TSX_FORCE_ABORT are set. In this case, it is
- * better not to enumerate CPUID.RTM and CPUID.HLE bits. Clear them
- * here.
+ * Hardware will always abort a TSX transaction when the CPUID bit
+ * RTM_ALWAYS_ABORT is set. In this case, it is better not to enumerate
+ * CPUID.RTM and CPUID.HLE bits. Clear them here.
*/
- if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT) &&
- boot_cpu_has(X86_FEATURE_TSX_FORCE_ABORT)) {
+ if (boot_cpu_has(X86_FEATURE_RTM_ALWAYS_ABORT)) {
tsx_ctrl_state = TSX_CTRL_RTM_ALWAYS_ABORT;
tsx_clear_cpuid();
setup_clear_cpu_cap(X86_FEATURE_RTM);
From: Xiaoguang Wang <[email protected]>
[ Upstream commit a6968f7a367f128d120447360734344d5a3d5336 ]
tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not
take refcount properly and just returns page pointer. When
tcmu_try_get_data_page() returns, the returned page may have been freed by
tcmu_blocks_release().
We need to get_page() under cmdr_lock to avoid concurrent
tcmu_blocks_release().
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Bodo Stroesser <[email protected]>
Signed-off-by: Xiaoguang Wang <[email protected]>
Signed-off-by: Martin K. Petersen <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/target/target_core_user.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c
index 9f552f48084c..0ca5ec14d3db 100644
--- a/drivers/target/target_core_user.c
+++ b/drivers/target/target_core_user.c
@@ -1821,6 +1821,7 @@ static struct page *tcmu_try_get_data_page(struct tcmu_dev *udev, uint32_t dpi)
mutex_lock(&udev->cmdr_lock);
page = xa_load(&udev->data_pages, dpi);
if (likely(page)) {
+ get_page(page);
mutex_unlock(&udev->cmdr_lock);
return page;
}
@@ -1877,6 +1878,7 @@ static vm_fault_t tcmu_vma_fault(struct vm_fault *vmf)
/* For the vmalloc()ed cmd area pages */
addr = (void *)(unsigned long)info->mem[mi].addr + offset;
page = vmalloc_to_page(addr);
+ get_page(page);
} else {
uint32_t dpi;
@@ -1887,7 +1889,6 @@ static vm_fault_t tcmu_vma_fault(struct vm_fault *vmf)
return VM_FAULT_SIGBUS;
}
- get_page(page);
vmf->page = page;
return 0;
}
--
2.35.1
From: Takashi Iwai <[email protected]>
commit 10b1881a97be240126891cb384bd3bc1869f52d8 upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() on the error from the
probe callback using a new helper function.
Fixes: 35a245ec0619 ("ALSA: galaxy: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/isa/galaxy/galaxy.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/sound/isa/galaxy/galaxy.c b/sound/isa/galaxy/galaxy.c
index ea001c80149d..3164eb8510fa 100644
--- a/sound/isa/galaxy/galaxy.c
+++ b/sound/isa/galaxy/galaxy.c
@@ -478,7 +478,7 @@ static void snd_galaxy_free(struct snd_card *card)
galaxy_set_config(galaxy, galaxy->config);
}
-static int snd_galaxy_probe(struct device *dev, unsigned int n)
+static int __snd_galaxy_probe(struct device *dev, unsigned int n)
{
struct snd_galaxy *galaxy;
struct snd_wss *chip;
@@ -598,6 +598,11 @@ static int snd_galaxy_probe(struct device *dev, unsigned int n)
return 0;
}
+static int snd_galaxy_probe(struct device *dev, unsigned int n)
+{
+ return snd_card_free_on_error(dev, __snd_galaxy_probe(dev, n));
+}
+
static struct isa_driver snd_galaxy_driver = {
.match = snd_galaxy_match,
.probe = snd_galaxy_probe,
--
2.35.2
On 4/18/22 5:10 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 5.15.35 release.
> There are 189 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 20 Apr 2022 12:11:14 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.35-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <[email protected]>
From: Tianci Yin <[email protected]>
[ Upstream commit 6ea239adc2a712eb318f04f5c29b018ba65ea38a ]
Prior to disabling dpg, VCN need unpausing dpg mode, or VCN will hang in
S3 resuming.
Reviewed-by: James Zhu <[email protected]>
Signed-off-by: Tianci Yin <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c b/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
index 54b405fc600d..6e56bef4fdf8 100644
--- a/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
@@ -1508,8 +1508,11 @@ static int vcn_v3_0_start_sriov(struct amdgpu_device *adev)
static int vcn_v3_0_stop_dpg_mode(struct amdgpu_device *adev, int inst_idx)
{
+ struct dpg_pause_state state = {.fw_based = VCN_DPG_STATE__UNPAUSE};
uint32_t tmp;
+ vcn_v3_0_pause_dpg_mode(adev, 0, &state);
+
/* Wait for power status to be 1 */
SOC15_WAIT_ON_RREG(VCN, inst_idx, mmUVD_POWER_STATUS, 1,
UVD_POWER_STATUS__UVD_POWER_STATUS_MASK);
--
2.35.1
From: Kyle Copperfield <[email protected]>
[ Upstream commit 6150f276073a1480030242a7e006a89e161d6cd6 ]
The latest fix for probe error handling contained a typo that causes
probing to fail with the following message:
rockchip-rga: probe of ff680000.rga failed with error -12
This patch fixes the typo.
Fixes: e58430e1d4fd (media: rockchip/rga: fix error handling in probe)
Reviewed-by: Dragan Simic <[email protected]>
Signed-off-by: Kyle Copperfield <[email protected]>
Reviewed-by: Kieran Bingham <[email protected]>
Reviewed-by: Dan Carpenter <[email protected]>
Signed-off-by: Hans Verkuil <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
---
drivers/media/platform/rockchip/rga/rga.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/rockchip/rga/rga.c b/drivers/media/platform/rockchip/rga/rga.c
index 6759091b15e0..d99ea8973b67 100644
--- a/drivers/media/platform/rockchip/rga/rga.c
+++ b/drivers/media/platform/rockchip/rga/rga.c
@@ -895,7 +895,7 @@ static int rga_probe(struct platform_device *pdev)
}
rga->dst_mmu_pages =
(unsigned int *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 3);
- if (rga->dst_mmu_pages) {
+ if (!rga->dst_mmu_pages) {
ret = -ENOMEM;
goto free_src_pages;
}
--
2.35.1
From: Takashi Iwai <[email protected]>
commit b2aa4f80693b7841e5ac4eadbd2d8cec56b10a51 upstream.
The previous cleanup with devres may lead to the incorrect release
orders at the probe error handling due to the devres's nature. Until
we register the card, snd_card_free() has to be called at first for
releasing the stuff properly when the driver tries to manage and
release the stuff via card->private_free().
This patch fixes it by calling snd_card_free() manually on the error
from the probe callback.
Fixes: b1002b2d41c5 ("ALSA: rme9652: Allocate resources with device-managed APIs")
Cc: <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
sound/pci/rme9652/rme9652.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/sound/pci/rme9652/rme9652.c b/sound/pci/rme9652/rme9652.c
index 7755e19aa776..1d614fe89a6a 100644
--- a/sound/pci/rme9652/rme9652.c
+++ b/sound/pci/rme9652/rme9652.c
@@ -2572,7 +2572,7 @@ static int snd_rme9652_probe(struct pci_dev *pci,
rme9652->pci = pci;
err = snd_rme9652_create(card, rme9652, precise_ptr[dev]);
if (err)
- return err;
+ goto error;
strcpy(card->shortname, rme9652->card_name);
@@ -2580,10 +2580,14 @@ static int snd_rme9652_probe(struct pci_dev *pci,
card->shortname, rme9652->port, rme9652->irq);
err = snd_card_register(card);
if (err)
- return err;
+ goto error;
pci_set_drvdata(pci, card);
dev++;
return 0;
+
+ error:
+ snd_card_free(card);
+ return err;
}
static struct pci_driver rme9652_driver = {
--
2.35.2