Matthias Brugger [Wed, 2 Oct 2019 16:41:32 +0000 (18:41 +0200)]
overlays: fix compatible for RPi4
RPi4 compatible is now bcm2711, but some overlays refer to the SoC as
bcm2838. Fix this overlays as they otherwise won't apply.
Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Phil Elwell [Mon, 7 Oct 2019 12:51:07 +0000 (13:51 +0100)]
overlays: gpio-shutdown: Add debounce parameter
Give the gpio-shutdown overlay a debounce parameter that requires
the GPIO to be held at the relevant level for a specified number
of milliseconds. The default value is 100 - higher than the driver
default of 5ms to avoid unfortunate glitches.
See: https://www.raspberrypi.org/forums/viewtopic.php?f=107&t=253680
Signed-off-by: Phil Elwell <phil@raspberrypi.org>
Floris Bos [Fri, 4 Oct 2019 14:41:30 +0000 (16:41 +0200)]
pcie-brcmstb-bounce64.c: dev_err() -> dev_info() for info messages
"dmabounce: initialised" is not an error, so do not log it as such.
Prevents screen polution on OS with "quiet" as kernel parameter.
Closes #3266
popcornmix [Fri, 4 Oct 2019 13:26:59 +0000 (14:26 +0100)]
Merge remote-tracking branch 'stable/linux-4.19.y' into rpi-4.19.y
James Hughes [Tue, 24 Sep 2019 17:26:55 +0000 (18:26 +0100)]
Rename HDMI ALSA device names, check for enable state
HDMI Alsa devices renamed to match names used by DRM, to
HDMI 1 and HDMI 2
Check for which HDMI devices are connected and only create
devices for those that are present.
The rename of the devices might cause some backwards compatibility
issues, but since this particular part of the driver needs to be
specifically enabled, I suspect the number of people who will see
the problem will be very small.
Signed-off-by: James Hughes <james.hughes@raspberrypi.org>
Greg Kroah-Hartman [Tue, 1 Oct 2019 06:26:13 +0000 (08:26 +0200)]
Linux 4.19.76
Chao Yu [Thu, 20 Jun 2019 03:36:14 +0000 (11:36 +0800)]
f2fs: use generic EFSBADCRC/EFSCORRUPTED
[ Upstream commit
10f966bbf521bb9b2e497bbca496a5141f4071d0 ]
f2fs uses EFAULT as error number to indicate filesystem is corrupted
all the time, but generic filesystems use EUCLEAN for such condition,
we need to change to follow others.
This patch adds two new macros as below to wrap more generic error
code macros, and spread them in code.
EFSBADCRC EBADMSG /* Bad CRC detected */
EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
Reported-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ka-Cheong Poon [Tue, 24 Sep 2019 15:51:16 +0000 (08:51 -0700)]
net/rds: Check laddr_check before calling it
[ Upstream commit
05733434ee9ae6548723a808647248583e347cca ]
In rds_bind(), laddr_check is called without checking if it is NULL or
not. And rs_transport should be reset if rds_add_bound() fails.
Fixes:
c5c1a030a7db ("net/rds: An rds_sock is added too early to the hash table")
Reported-by: syzbot+fae39afd2101a17ec624@syzkaller.appspotmail.com
Signed-off-by: Ka-Cheong Poon <ka-cheong.poon@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ka-Cheong Poon [Wed, 11 Sep 2019 09:58:05 +0000 (02:58 -0700)]
net/rds: An rds_sock is added too early to the hash table
[ Upstream commit
c5c1a030a7dbf8dd4e1fa4405ae9a89dc1d2a8db ]
In rds_bind(), an rds_sock is added to the RDS bind hash table before
rs_transport is set. This means that the socket can be found by the
receive code path when rs_transport is NULL. And the receive code
path de-references rs_transport for congestion update check. This can
cause a panic. An rds_sock should not be added to the bind hash table
before all the needed fields are set.
Reported-by: syzbot+4b4f8163c2e246df3c4c@syzkaller.appspotmail.com
Signed-off-by: Ka-Cheong Poon <ka-cheong.poon@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Cong Wang [Sun, 8 Sep 2019 19:11:23 +0000 (12:11 -0700)]
net_sched: check cops->tcf_block in tc_bind_tclass()
[ Upstream commit
8b142a00edcf8422ca48b8de88d286efb500cb53 ]
At least sch_red and sch_tbf don't implement ->tcf_block()
while still have a non-zero tc "class".
Instead of adding nop implementations to each of such qdisc's,
we can just relax the check of cops->tcf_block() in
tc_bind_tclass(). They don't support TC filter anyway.
Reported-by: syzbot+21b29db13c065852f64b@syzkaller.appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jian-Hong Pan [Tue, 3 Sep 2019 09:10:42 +0000 (17:10 +0800)]
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
[ Upstream commit
6d0762b19c5963ff9e178e8af3626532ee04d93d ]
The ASUS X412FA laptop contains a Realtek RTL8822CE device with an
associated BT chip using a USB ID of 04ca:4005. This ID is added to the
driver.
The /sys/kernel/debug/usb/devices portion for this device is:
T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=04 Dev#= 4 Spd=12 MxCh= 0
D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=04ca ProdID=4005 Rev= 0.00
S: Manufacturer=Realtek
S: Product=Bluetooth Radio
S: SerialNumber=
00e04c000001
C:* #Ifs= 2 Cfg#= 1 Atr=a0 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms
E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms
E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms
E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms
Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=204707
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Fernando Fernandez Mancera [Sun, 1 Sep 2019 09:48:08 +0000 (11:48 +0200)]
netfilter: nft_socket: fix erroneous socket assignment
[ Upstream commit
039b1f4f24ecc8493b6bb9d70b4b78750d1b35c2 ]
The socket assignment is wrong, see skb_orphan():
When skb->destructor callback is not set, but skb->sk is set, this hits BUG().
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1651813
Fixes:
554ced0a6e29 ("netfilter: nf_tables: add support for native socket matching")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Darrick J. Wong [Sun, 11 Aug 2019 22:52:27 +0000 (15:52 -0700)]
xfs: don't crash on null attr fork xfs_bmapi_read
[ Upstream commit
8612de3f7ba6e900465e340516b8313806d27b2d ]
Zorro Lang reported a crash in generic/475 if we try to inactivate a
corrupt inode with a NULL attr fork (stack trace shortened somewhat):
RIP: 0010:xfs_bmapi_read+0x311/0xb00 [xfs]
RSP: 0018:
ffff888047f9ed68 EFLAGS:
00010202
RAX:
dffffc0000000000 RBX:
ffff888047f9f038 RCX:
1ffffffff5f99f51
RDX:
0000000000000002 RSI:
0000000000000008 RDI:
0000000000000012
RBP:
ffff888002a41f00 R08:
ffffed10005483f0 R09:
ffffed10005483ef
R10:
ffffed10005483ef R11:
ffff888002a41f7f R12:
0000000000000004
R13:
ffffe8fff53b5768 R14:
0000000000000005 R15:
0000000000000001
FS:
00007f11d44b5b80(0000) GS:
ffff888114200000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000000000ef6000 CR3:
000000002e176003 CR4:
00000000001606e0
Call Trace:
xfs_dabuf_map.constprop.18+0x696/0xe50 [xfs]
xfs_da_read_buf+0xf5/0x2c0 [xfs]
xfs_da3_node_read+0x1d/0x230 [xfs]
xfs_attr_inactive+0x3cc/0x5e0 [xfs]
xfs_inactive+0x4c8/0x5b0 [xfs]
xfs_fs_destroy_inode+0x31b/0x8e0 [xfs]
destroy_inode+0xbc/0x190
xfs_bulkstat_one_int+0xa8c/0x1200 [xfs]
xfs_bulkstat_one+0x16/0x20 [xfs]
xfs_bulkstat+0x6fa/0xf20 [xfs]
xfs_ioc_bulkstat+0x182/0x2b0 [xfs]
xfs_file_ioctl+0xee0/0x12a0 [xfs]
do_vfs_ioctl+0x193/0x1000
ksys_ioctl+0x60/0x90
__x64_sys_ioctl+0x6f/0xb0
do_syscall_64+0x9f/0x4d0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f11d39a3e5b
The "obvious" cause is that the attr ifork is null despite the inode
claiming an attr fork having at least one extent, but it's not so
obvious why we ended up with an inode in that state.
Reported-by: Zorro Lang <zlang@redhat.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204031
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Bill O'Donnell <billodo@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ilia Mirkin [Sat, 25 May 2019 22:41:49 +0000 (18:41 -0400)]
drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling
[ Upstream commit
533f4752407543f488a9118d817b8c504352b6fb ]
Previously center scaling would get scaling applied to it (when it was
only supposed to center the image), and aspect-corrected scaling did not
always correctly pick whether to reduce width or height for a particular
combination of inputs/outputs.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=110660
Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Hans de Goede [Fri, 12 Jul 2019 10:00:33 +0000 (12:00 +0200)]
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
[ Upstream commit
4f7f96453b462b3de0fa18d18fe983960bb5ee7f ]
Some machines change the brightness themselves when a brightness hotkey
gets pressed, despite us telling them not to. This causes the brightness to
go two steps up / down when the hotkey is pressed. This is esp. a problem
on older machines with only a few brightness levels.
This commit adds a new hw_changes_brightness quirk which makes
acpi_video_device_notify() only call backlight_force_update(...,
BACKLIGHT_UPDATE_HOTKEY) and not do anything else, notifying userspace
that the brightness was changed and leaving it at that fixing the dual
step problem.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204077
Reported-by: Kacper Piwiński <cosiekvfj@o2.pl>
Tested-by: Kacper Piwiński <cosiekvfj@o2.pl>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jian-Hong Pan [Tue, 25 Jun 2019 08:30:51 +0000 (16:30 +0800)]
Bluetooth: btrtl: HCI reset on close for Realtek BT chip
[ Upstream commit
7af3f558aca74f2ee47b173f1c27f6bb9a5b5561 ]
Realtek RTL8822BE BT chip on ASUS X420FA cannot be turned on correctly
after on-off several times. Bluetooth daemon sets BT mode failed when
this issue happens. Scanning must be active while turning off for this
bug to be hit.
bluetoothd[1576]: Failed to set mode: Failed (0x03)
If BT is turned off, then turned on again, it works correctly again.
According to the vendor driver, the HCI_QUIRK_RESET_ON_CLOSE flag is set
during probing. So, this patch makes Realtek's BT reset on close to fix
this issue.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=203429
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Reviewed-by: Daniel Drake <drake@endlessm.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Stephen Hemminger [Tue, 2 Jul 2019 22:20:21 +0000 (15:20 -0700)]
net: don't warn in inet diag when IPV6 is disabled
[ Upstream commit
1e64d7cbfdce4887008314d5b367209582223f27 ]
If IPV6 was disabled, then ss command would cause a kernel warning
because the command was attempting to dump IPV6 socket information.
The fix is to just remove the warning.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202249
Fixes:
432490f9d455 ("net: ip, diag -- Add diag interface for raw sockets")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Chris Wilson [Mon, 3 Jun 2019 13:58:57 +0000 (14:58 +0100)]
drm: Flush output polling on shutdown
[ Upstream commit
3b295cb1a411d9c82bbfaa66bc17a8508716ed07 ]
We need to mark the output polling as disabled to prevent concurrent
irqs from queuing new work as shutdown the probe -- causing that work to
execute after we have freed the structs:
<4> [341.846490] DEBUG_LOCKS_WARN_ON(mutex_is_locked(lock))
<4> [341.846497] WARNING: CPU: 3 PID: 3300 at kernel/locking/mutex-debug.c:103 mutex_destroy+0x49/0x50
<4> [341.846508] Modules linked in: i915(-) vgem thunderbolt snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic mei_hdcp x86_pkg_temp_thermal coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm mcs7830 btusb usbnet btrtl mii btbcm btintel bluetooth ecdh_generic ecc mei_me mei prime_numbers i2c_hid pinctrl_sunrisepoint pinctrl_intel [last unloaded: i915]
<4> [341.846546] CPU: 3 PID: 3300 Comm: i915_module_loa Tainted: G U 5.2.0-rc2-CI-CI_DRM_6175+ #1
<4> [341.846553] Hardware name: Dell Inc. XPS 13 9360/0823VW, BIOS 2.9.0 07/09/2018
<4> [341.846560] RIP: 0010:mutex_destroy+0x49/0x50
<4> [341.846565] Code: 00 00 5b c3 e8 a8 9f 3b 00 85 c0 74 ed 8b 05 3e 55 23 01 85 c0 75 e3 48 c7 c6 00 d0 08 82 48 c7 c7 a8 aa 07 82 e8 e7 08 fa ff <0f> 0b eb cc 0f 1f 00 48 b8 11 11 11 11 11 11 11 11 48 89 76 20 48
<4> [341.846578] RSP: 0018:
ffffc900006cfdb0 EFLAGS:
00010286
<4> [341.846583] RAX:
0000000000000000 RBX:
ffff88826759a168 RCX:
0000000000000000
<4> [341.846589] RDX:
0000000000000002 RSI:
0000000000000000 RDI:
ffffffff8112844c
<4> [341.846595] RBP:
ffff8882708fa548 R08:
0000000000000000 R09:
0000000000039600
<4> [341.846601] R10:
0000000000000000 R11:
0000000000000ce4 R12:
ffffffffa07de1e0
<4> [341.846607] R13:
0000000000000000 R14:
0000000000000000 R15:
ffffffffa07de2d0
<4> [341.846613] FS:
00007f62b5ae0e40(0000) GS:
ffff888276380000(0000) knlGS:
0000000000000000
<4> [341.846620] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
<4> [341.846626] CR2:
000055a4e064f4a0 CR3:
0000000266b16006 CR4:
00000000003606e0
<4> [341.846632] Call Trace:
<4> [341.846639] drm_fb_helper_fini.part.17+0xb3/0x100
<4> [341.846682] intel_fbdev_fini+0x20/0x80 [i915]
<4> [341.846722] intel_modeset_cleanup+0x9a/0x140 [i915]
<4> [341.846750] i915_driver_unload+0xa3/0x100 [i915]
<4> [341.846778] i915_pci_remove+0x19/0x30 [i915]
<4> [341.846784] pci_device_remove+0x36/0xb0
<4> [341.846790] device_release_driver_internal+0xd3/0x1b0
<4> [341.846795] driver_detach+0x3f/0x80
<4> [341.846800] bus_remove_driver+0x53/0xd0
<4> [341.846805] pci_unregister_driver+0x25/0xa0
<4> [341.846843] i915_exit+0x16/0x1c [i915]
<4> [341.846849] __se_sys_delete_module+0x162/0x210
<4> [341.846855] ? trace_hardirqs_off_thunk+0x1a/0x1c
<4> [341.846859] ? do_syscall_64+0xd/0x1c0
<4> [341.846864] do_syscall_64+0x55/0x1c0
<4> [341.846869] entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4> [341.846875] RIP: 0033:0x7f62b51871b7
<4> [341.846881] Code: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48
<4> [341.846897] RSP: 002b:
00007ffe7a227138 EFLAGS:
00000206 ORIG_RAX:
00000000000000b0
<4> [341.846904] RAX:
ffffffffffffffda RBX:
00007ffe7a2272b0 RCX:
00007f62b51871b7
<4> [341.846910] RDX:
0000000000000001 RSI:
0000000000000800 RDI:
0000557cd6b55948
<4> [341.846916] RBP:
0000557cd6b558e0 R08:
0000557cd6b5594c R09:
00007ffe7a227160
<4> [341.846922] R10:
00007ffe7a226134 R11:
0000000000000206 R12:
0000000000000000
<4> [341.846927] R13:
00007ffe7a227820 R14:
0000000000000000 R15:
0000000000000000
<4> [341.846936] irq event stamp: 3547847
<4> [341.846940] hardirqs last enabled at (3547847): [<
ffffffff819aad2c>] _raw_spin_unlock_irqrestore+0x4c/0x60
<4> [341.846949] hardirqs last disabled at (3547846): [<
ffffffff819aab9d>] _raw_spin_lock_irqsave+0xd/0x50
<4> [341.846957] softirqs last enabled at (3547376): [<
ffffffff81c0033a>] __do_softirq+0x33a/0x4b9
<4> [341.846966] softirqs last disabled at (3547367): [<
ffffffff810b6379>] irq_exit+0xa9/0xc0
<4> [341.846973] WARNING: CPU: 3 PID: 3300 at kernel/locking/mutex-debug.c:103 mutex_destroy+0x49/0x50
<4> [341.846980] ---[ end trace
ba94ca8952ba970e ]---
<7> [341.866547] [drm:intel_dp_detect [i915]] MST support? port A: no, sink: no, modparam: yes
<7> [341.890480] [drm:drm_add_display_info] non_desktop set to 0
<7> [341.890530] [drm:drm_add_edid_modes] ELD: no CEA Extension found
<7> [341.890537] [drm:drm_add_display_info] non_desktop set to 0
<7> [341.890578] [drm:drm_helper_probe_single_connector_modes] [CONNECTOR:86:eDP-1] probed modes :
<7> [341.890589] [drm:drm_mode_debug_printmodeline] Modeline "3200x1800": 60 373250 3200 3248 3280 3360 1800 1803 1808 1852 0x48 0xa
<7> [341.890602] [drm:drm_mode_debug_printmodeline] Modeline "3200x1800": 48 298600 3200 3248 3280 3360 1800 1803 1808 1852 0x40 0xa
<4> [341.890628] general protection fault: 0000 [#1] PREEMPT SMP PTI
<4> [341.890636] CPU: 0 PID: 508 Comm: kworker/0:4 Tainted: G U W 5.2.0-rc2-CI-CI_DRM_6175+ #1
<4> [341.890646] Hardware name: Dell Inc. XPS 13 9360/0823VW, BIOS 2.9.0 07/09/2018
<4> [341.890655] Workqueue: events output_poll_execute
<4> [341.890663] RIP: 0010:drm_setup_crtcs+0x13e/0xbe0
<4> [341.890669] Code: 00 41 8b 44 24 58 85 c0 0f 8e f9 01 00 00 44 8b 6c 24 20 44 8b 74 24 28 31 db 31 ed 49 8b 44 24 60 48 63 d5 44 89 ee 83 c5 01 <48> 8b 04 d0 44 89 f2 48 8b 38 48 8b 87 88 01 00 00 48 8b 40 20 e8
<4> [341.890686] RSP: 0018:
ffffc9000033fd40 EFLAGS:
00010202
<4> [341.890692] RAX:
6b6b6b6b6b6b6b6b RBX:
0000000000000002 RCX:
0000000000000000
<4> [341.890700] RDX:
0000000000000001 RSI:
0000000000000c80 RDI:
00000000ffffffff
<4> [341.890707] RBP:
0000000000000002 R08:
0000000000000000 R09:
0000000000000000
<4> [341.890715] R10:
0000000000000c80 R11:
0000000000000000 R12:
ffff888267599fe8
<4> [341.890722] R13:
0000000000000c80 R14:
0000000000000708 R15:
0000000000000007
<4> [341.890730] FS:
0000000000000000(0000) GS:
ffff888276200000(0000) knlGS:
0000000000000000
<4> [341.890739] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
<4> [341.890745] CR2:
000055a4e064f4a0 CR3:
000000026d234003 CR4:
00000000003606f0
<4> [341.890752] Call Trace:
<4> [341.890760] drm_fb_helper_hotplug_event.part.24+0x89/0xb0
<4> [341.890768] drm_kms_helper_hotplug_event+0x21/0x30
<4> [341.890774] output_poll_execute+0x9d/0x1a0
<4> [341.890782] process_one_work+0x245/0x610
<4> [341.890790] worker_thread+0x37/0x380
<4> [341.890796] ? process_one_work+0x610/0x610
<4> [341.890802] kthread+0x119/0x130
<4> [341.890808] ? kthread_park+0x80/0x80
<4> [341.890815] ret_from_fork+0x3a/0x50
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109964
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Imre Deak <imre.deak@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190603135910.15979-2-chris@chris-wilson.co.uk
Signed-off-by: Sasha Levin <sashal@kernel.org>
Chao Yu [Sat, 25 May 2019 15:07:25 +0000 (23:07 +0800)]
f2fs: fix to do sanity check on segment bitmap of LFS curseg
[ Upstream commit
c854f4d681365498f53ba07843a16423625aa7e9 ]
As Jungyeon Reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=203233
- Reproduces
gcc poc_13.c
./run.sh f2fs
- Kernel messages
F2FS-fs (sdb): Bitmap was wrongly set, blk:4608
kernel BUG at fs/f2fs/segment.c:2133!
RIP: 0010:update_sit_entry+0x35d/0x3e0
Call Trace:
f2fs_allocate_data_block+0x16c/0x5a0
do_write_page+0x57/0x100
f2fs_do_write_node_page+0x33/0xa0
__write_node_page+0x270/0x4e0
f2fs_sync_node_pages+0x5df/0x670
f2fs_write_checkpoint+0x364/0x13a0
f2fs_sync_fs+0xa3/0x130
f2fs_do_sync_file+0x1a6/0x810
do_fsync+0x33/0x60
__x64_sys_fsync+0xb/0x10
do_syscall_64+0x43/0x110
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The testcase fails because that, in fuzzed image, current segment was
allocated with LFS type, its .next_blkoff should point to an unused
block address, but actually, its bitmap shows it's not. So during
allocation, f2fs crash when setting bitmap.
Introducing sanity_check_curseg() to check such inconsistence of
current in-used segment.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Michal Suchanek [Mon, 9 Sep 2019 20:44:51 +0000 (22:44 +0200)]
net/ibmvnic: Fix missing { in __ibmvnic_reset
[ Upstream commit
c8dc55956b09b53ccffceb6e3146981210e27821 ]
Commit
1c2977c09499 ("net/ibmvnic: free reset work of removed device from queue")
adds a } without corresponding { causing build break.
Fixes:
1c2977c09499 ("net/ibmvnic: free reset work of removed device from queue")
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Reviewed-by: Tyrel Datwyler <tyreld@linux.ibm.com>
Reviewed-by: Juliet Kim <julietk@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mikulas Patocka [Mon, 26 Aug 2019 06:41:17 +0000 (02:41 -0400)]
dm zoned: fix invalid memory access
[ Upstream commit
0c8e9c2d668278652af028c3cc068c65f66342f4 ]
Commit
75d66ffb48efb30f2dd42f041ba8b39c5b2bd115 ("dm zoned: properly
handle backing device failure") triggers a coverity warning:
*** CID 1452808: Memory - illegal accesses (USE_AFTER_FREE)
/drivers/md/dm-zoned-target.c: 137 in dmz_submit_bio()
131 clone->bi_private = bioctx;
132
133 bio_advance(bio, clone->bi_iter.bi_size);
134
135 refcount_inc(&bioctx->ref);
136 generic_make_request(clone);
>>> CID 1452808: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "clone".
137 if (clone->bi_status == BLK_STS_IOERR)
138 return -EIO;
139
140 if (bio_op(bio) == REQ_OP_WRITE && dmz_is_seq(zone))
141 zone->wp_block += nr_blocks;
142
The "clone" bio may be processed and freed before the check
"clone->bi_status == BLK_STS_IOERR" - so this check can access invalid
memory.
Fixes:
75d66ffb48efb3 ("dm zoned: properly handle backing device failure")
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Chao Yu [Fri, 2 Aug 2019 10:15:48 +0000 (18:15 +0800)]
Revert "f2fs: avoid out-of-range memory access"
[ Upstream commit
a37d0862d17411edb67677a580a6f505ec2225f6 ]
As Pavel Machek reported:
"We normally use -EUCLEAN to signal filesystem corruption. Plus, it is
good idea to report it to the syslog and mark filesystem as "needing
fsck" if filesystem can do that."
Still we need improve the original patch with:
- use unlikely keyword
- add message print
- return EUCLEAN
However, after rethink this patch, I don't think we should add such
condition check here as below reasons:
- We have already checked the field in f2fs_sanity_check_ckpt(),
- If there is fs corrupt or security vulnerability, there is nothing
to guarantee the field is integrated after the check, unless we do
the check before each of its use, however no filesystem does that.
- We only have similar check for bitmap, which was added due to there
is bitmap corruption happened on f2fs' runtime in product.
- There are so many key fields in SB/CP/NAT did have such check
after f2fs_sanity_check_{sb,cp,..}.
So I propose to revert this unneeded check.
This reverts commit
56f3ce675103e3fb9e631cfb4131fc768bc23e9a.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
zhengbin [Mon, 12 Aug 2019 12:36:55 +0000 (20:36 +0800)]
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
[ Upstream commit
e26cc08265dda37d2acc8394604f220ef412299d ]
blk_exit_queue will free elevator_data, while blk_mq_requeue_work
will access it. Move cancel of requeue_work to the front of
blk_exit_queue to avoid use-after-free.
blk_exit_queue blk_mq_requeue_work
__elevator_exit blk_mq_run_hw_queues
blk_mq_exit_sched blk_mq_run_hw_queue
dd_exit_queue blk_mq_hctx_has_pending
kfree(elevator_data) blk_mq_sched_has_work
dd_has_work
Fixes:
fbc2a15e3433 ("blk-mq: move cancel of requeue_work into blk_mq_release")
Cc: stable@vger.kernel.org
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jianchao Wang [Fri, 12 Oct 2018 10:07:26 +0000 (18:07 +0800)]
blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs
[ Upstream commit
5b202853ffbc54b29f23c4b1b5f3948efab489a2 ]
blk_mq_realloc_hw_ctxs could be invoked during update hw queues.
At the momemt, IO is blocked. Change the gfp flags from GFP_KERNEL
to GFP_NOIO to avoid forever hang during memory allocation in
blk_mq_realloc_hw_ctxs.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Steven Price [Fri, 17 May 2019 21:31:47 +0000 (14:31 -0700)]
initramfs: don't free a non-existent initrd
[ Upstream commit
5d59aa8f9ce972b472201aed86e904bb75879ff0 ]
Since commit
54c7a8916a88 ("initramfs: free initrd memory if opening
/initrd.image fails"), the kernel has unconditionally attempted to free
the initrd even if it doesn't exist.
In the non-existent case this causes a boot-time splat if
CONFIG_DEBUG_VIRTUAL is enabled due to a call to virt_to_phys() with a
NULL address.
Instead we should check that the initrd actually exists and only attempt
to free it if it does.
Link: http://lkml.kernel.org/r/20190516143125.48948-1-steven.price@arm.com
Fixes:
54c7a8916a88 ("initramfs: free initrd memory if opening /initrd.image fails")
Signed-off-by: Steven Price <steven.price@arm.com>
Reported-by: Mark Rutland <mark.rutland@arm.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mike Rapoport <rppt@linux.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Coly Li [Tue, 30 Apr 2019 14:02:25 +0000 (22:02 +0800)]
bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
[ Upstream commit
cdca22bcbc64fc83dadb8d927df400a8d86ddabb ]
Commit
95f18c9d1310 ("bcache: avoid potential memleak of list of
journal_replay(s) in the CACHE_SYNC branch of run_cache_set") forgets
to remove the original define of LIST_HEAD(journal), which makes
the change no take effect. This patch removes redundant variable
LIST_HEAD(journal) from run_cache_set(), to make Shenghui's fix
working.
Fixes:
95f18c9d1310 ("bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set")
Reported-by: Juha Aatrokoski <juha.aatrokoski@aalto.fi>
Cc: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Dexuan Cui [Fri, 2 Aug 2019 22:50:20 +0000 (22:50 +0000)]
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
[ Upstream commit
533ca1feed98b0bf024779a14760694c7cb4d431 ]
The slot must be removed before the pci_dev is removed, otherwise a panic
can happen due to use-after-free.
Fixes:
15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver")
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Surbhi Palande [Fri, 23 Aug 2019 22:40:45 +0000 (15:40 -0700)]
f2fs: check all the data segments against all node ones
[ Upstream commit
1166c1f2f69117ad254189ca781287afa6e550b6 ]
As a part of the sanity checking while mounting, distinct segment number
assignment to data and node segments is verified. Fixing a small bug in
this verification between node and data segments. We need to check all
the data segments with all the node segments.
Fixes:
042be0f849e5f ("f2fs: fix to do sanity check with current segment number")
Signed-off-by: Surbhi Palande <csurbhi@gmail.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Marc Zyngier [Thu, 5 Sep 2019 13:56:47 +0000 (14:56 +0100)]
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
[ Upstream commit
c9c96e30ecaa0aafa225aa1a5392cb7db17c7a82 ]
When allocating a range of LPIs for a Multi-MSI capable device,
this allocation extended to the closest power of 2.
But on the release path, the interrupts are released one by
one. This results in not releasing the "extra" range, leaking
the its_device. Trying to reprobe the device will then fail.
Fix it by releasing the LPIs the same way we allocate them.
Fixes:
8208d1708b88 ("irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size")
Reported-by: Jiaxing Luo <luojiaxing@huawei.com>
Tested-by: John Garry <john.garry@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/f5e948aa-e32f-3f74-ae30-31fee06c2a74@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lorenz Bauer [Tue, 8 Jan 2019 13:58:00 +0000 (13:58 +0000)]
bpf: libbpf: retry loading program on EAGAIN
[ Upstream commit
86edaed379632e216a97e6bcef9f498b64522d50 ]
Commit
c3494801cd17 ("bpf: check pending signals while
verifying programs") makes it possible for the BPF_PROG_LOAD
to fail with EAGAIN. Retry unconditionally in this case.
Fixes:
c3494801cd17 ("bpf: check pending signals while verifying programs")
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Shirish S [Fri, 16 Nov 2018 06:50:28 +0000 (06:50 +0000)]
Revert "drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD"
[ Upstream commit
00fedbe629bfc0a51c07b6e665265ce31d8b6f3c ]
This reverts commit
dbd8299c32f6f413f6cfe322fe0308f3cfc577e8.
Reason for revert:
This patch sends msg PPSMC_MSG_DisableLowMemoryPstate(0x002e)
in wrong of sequence to SMU which is before PPSMC_MSG_UVDPowerON (0x0008).
This leads to SMU failing to service the request as it is
dependent on UVD to be powered ON, since it accesses UVD
registers.
This msg should ideally be sent only when the UVD is about to decode
a 4k video.
Signed-off-by: Shirish S <shirish.s@amd.com>
Signed-off-by: suresh guttula <suresh.guttula@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Himanshu Madhani [Fri, 28 Sep 2018 18:02:38 +0000 (11:02 -0700)]
scsi: qla2xxx: Return switch command on a timeout
[ Upstream commit
ef801f07e7b3cc1786d8ab1b4fdf069cc2a136d2 ]
This patch fixes commit
bcc71cc3cde1 ("scsi: qla2xxx: Fix for double
free of SRB structure") which placed code in wrong routines.
Also updated the use of WARN_ON() to WARN_ON_ONCE() to prevent
flooding log messages.
Fixes:
bcc71cc3cde1 ("scsi: qla2xxx: Fix for double free of SRB structure")
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Quinn Tran [Fri, 31 Aug 2018 18:24:35 +0000 (11:24 -0700)]
scsi: qla2xxx: Remove all rports if fabric scan retry fails
[ Upstream commit
9ba1cb25c151de306d64647e545d34af64f30c19 ]
When all fabric scan retries fail, remove all RPorts, DMA resources for the
command. Otherwise we have stale Rports.
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Quinn Tran [Fri, 31 Aug 2018 18:24:33 +0000 (11:24 -0700)]
scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion
[ Upstream commit
e112761a4f1dcbe9fb9f43f46de7be69d6963b0d ]
Turn off IOCB timeout timer on IOCB completion instead of turning it off in a
deferred task. This prevent false alarm if the deferred task is stalled out.
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Waiman Long [Thu, 10 Jan 2019 04:03:25 +0000 (23:03 -0500)]
locking/lockdep: Add debug_locks check in __lock_downgrade()
[ Upstream commit
71492580571467fb7177aade19c18ce7486267f5 ]
Tetsuo Handa had reported he saw an incorrect "downgrading a read lock"
warning right after a previous lockdep warning. It is likely that the
previous warning turned off lock debugging causing the lockdep to have
inconsistency states leading to the lock downgrade warning.
Fix that by add a check for debug_locks at the beginning of
__lock_downgrade().
Debugged-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: syzbot+53383ae265fb161ef488@syzkaller.appspotmail.com
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Link: https://lkml.kernel.org/r/1547093005-26085-1-git-send-email-longman@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David Lechner [Thu, 13 Sep 2018 00:48:30 +0000 (19:48 -0500)]
power: supply: sysfs: ratelimit property read error message
[ Upstream commit
87a2b65fc855e6be50f791c2ebbb492541896827 ]
This adds rate limiting to the message that is printed when reading a
power supply property via sysfs returns an error. This will prevent
userspace applications from unintentionally dDOSing the system by
continuously reading a property that returns an error.
Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nathan Chancellor [Thu, 1 Nov 2018 00:44:10 +0000 (17:44 -0700)]
pinctrl: sprd: Use define directive for sprd_pinconf_params values
[ Upstream commit
957063c924736d4341e5d588757b9f31e8f6fa24 ]
Clang warns when one enumerated type is implicitly converted to another:
drivers/pinctrl/sprd/pinctrl-sprd.c:845:19: warning: implicit conversion
from enumeration type 'enum sprd_pinconf_params' to different
enumeration type 'enum pin_config_param' [-Wenum-conversion]
{"sprd,control", SPRD_PIN_CONFIG_CONTROL, 0},
~ ^~~~~~~~~~~~~~~~~~~~~~~
drivers/pinctrl/sprd/pinctrl-sprd.c:846:22: warning: implicit conversion
from enumeration type 'enum sprd_pinconf_params' to different
enumeration type 'enum pin_config_param' [-Wenum-conversion]
{"sprd,sleep-mode", SPRD_PIN_CONFIG_SLEEP_MODE, 0},
~ ^~~~~~~~~~~~~~~~~~~~~~~~~~
It is expected that pinctrl drivers can extend pin_config_param because
of the gap between PIN_CONFIG_END and PIN_CONFIG_MAX so this conversion
isn't an issue. Most drivers that take advantage of this define the
PIN_CONFIG variables as constants, rather than enumerated values. Do the
same thing here so that Clang no longer warns.
Link: https://github.com/ClangBuiltLinux/linux/issues/138
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Josh Poimboeuf [Thu, 29 Aug 2019 23:28:49 +0000 (18:28 -0500)]
objtool: Clobber user CFLAGS variable
commit
f73b3cc39c84220e6dccd463b5c8279b03514646 upstream.
If the build user has the CFLAGS variable set in their environment,
objtool blindly appends to it, which can cause unexpected behavior.
Clobber CFLAGS to ensure consistent objtool compilation behavior.
Reported-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Tested-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/83a276df209962e6058fcb6c615eef9d401c21bc.1567121311.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
CC: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Fri, 20 Sep 2019 07:30:40 +0000 (09:30 +0200)]
ALSA: hda - Apply AMD controller workaround for Raven platform
commit
d2c63b7dfd06788a466d5ec8a850491f084c5fc2 upstream.
It's reported that the garbled sound on HP Envy x360 13z-ag000 (Ryzen
Laptop) is fixed by the same workaround applied to other AMD chips.
Update the driver_data entry for Raven (1022:15e3) to use the newly
introduced preset, AZX_DCAPS_PRESET_AMD_SB. Since it already contains
AZX_DCAPS_PM_RUNTIME, we can drop that bit, too.
Reported-and-tested-by: Dennis Padiernos <depadiernos@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190920073040.31764-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Shih-Yuan Lee (FourDollars) [Fri, 20 Sep 2019 13:40:53 +0000 (21:40 +0800)]
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
commit
7b485d175631be676424aedb8cd2f66d0c93da78 upstream.
The same fixup to enable laptop imic is needed for ASUS M9V with AD1986A
codec like another HP machine.
Signed-off-by: Shih-Yuan Lee (FourDollars) <fourdollars@debian.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190920134052.GA8035@localhost
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Sakamoto [Mon, 16 Sep 2019 10:18:51 +0000 (19:18 +0900)]
ALSA: dice: fix wrong packet parameter for Alesis iO26
commit
3a9236e97207f2469254b4098995159b80174d95 upstream.
At higher sampling rate (e.g. 192.0 kHz), Alesis iO26 transfers 4 data
channels per data block in CIP.
Both iO14 and iO26 have the same contents in their configuration ROM.
For this reason, ALSA Dice driver attempts to distinguish them according
to the value of TX0_AUDIO register at probe callback. Although the way is
valid at lower and middle sampling rate, it's lastly invalid at higher
sampling rate because because the two models returns the same value for
read transaction to the register.
In the most cases, users just plug-in the device and ALSA dice driver
detects it. In the case, the device runs at lower sampling rate and
the driver detects expectedly. For this reason, this commit leaves the
way to detect as is.
Fixes:
28b208f600a3 ("ALSA: dice: add parameters of stream formats for models produced by Alesis")
Cc: <stable@vger.kernel.org> # v4.18+
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20190916101851.30409-1-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jussi Laako [Tue, 24 Sep 2019 07:11:43 +0000 (10:11 +0300)]
ALSA: usb-audio: Add DSD support for EVGA NU Audio
commit
f41f900568d9ffd896cc941db7021eb14bd55910 upstream.
EVGA NU Audio is actually a USB audio device on a PCIexpress card,
with it's own USB controller. It supports both PCM and DSD.
Signed-off-by: Jussi Laako <jussi@sonarnerd.net>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190924071143.30911-1-jussi@sonarnerd.net
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ilya Pshonkin [Tue, 17 Sep 2019 07:49:34 +0000 (10:49 +0300)]
ALSA: usb-audio: Add Hiby device family to quirks for native DSD support
commit
029d2c0fd61eac74700fb4ffff36fc63bfff7e5e upstream.
This patch adds quirk VID ID for Hiby portable players family with
native DSD playback support.
Signed-off-by: Ilya Pshonkin <sudokamikaze@protonmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190917074937.157802-1-ilya.pshonkin@netforce.ua
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 19 Feb 2019 15:46:47 +0000 (16:46 +0100)]
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
commit
2757970f6d0d0a112247600b23d38c0c728ceeb3 upstream.
The node obtained from of_find_node_by_path() has to be unreferenced
after the use, but we forgot it for the root node.
Fixes:
f0fba2ad1b6b ("ASoC: multi-component - ASoC Multi-Component Support")
Cc: Timur Tabi <timur@kernel.org>
Cc: Nicolin Chen <nicoleotsuka@gmail.com>
Cc: Xiubo Li <Xiubo.Lee@gmail.com>
Cc: Fabio Estevam <festevam@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Nicolin Chen <nicoleotsuka@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hans de Goede [Tue, 2 Apr 2019 10:20:49 +0000 (12:20 +0200)]
ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it enabled
commit
4bcdec39c454c4e8f9512115bdcc3efec1ba5f55 upstream.
Users have been seeing sound stability issues with max98090 codecs since:
commit
648e921888ad ("clk: x86: Stop marking clocks as CLK_IS_CRITICAL")
At first that commit broke sound for Chromebook Swanky and Clapper models,
the problem was that the machine-driver has been controlling the wrong
clock on those models since support for them was added. This was hidden by
clk-pmc-atom.c keeping the actual clk on unconditionally.
With the machine-driver controlling the proper clock, sound works again
but we are seeing bug reports describing it as: low volume,
"sounds like played at 10x speed" and instable.
When these issues are hit the following message is seen in dmesg:
"max98090 i2c-
193C9890:00: PLL unlocked".
Attempts have been made to fix this by inserting a delay between enabling
the clk and enabling and checking the pll, but this has not helped.
It seems that at least on boards which use pmc_plt_clk_0 as clock,
if we ever disable the clk, the pll looses its lock and after that we get
various issues.
This commit fixes this by enabling the clock once at probe time on
these boards. In essence this restores the old behavior of clk-pmc-atom.c
always keeping the clk on on these boards.
Fixes:
648e921888ad ("clk: x86: Stop marking clocks as CLK_IS_CRITICAL")
Reported-by: Mogens Jensen <mogens-jensen@protonmail.com>
Reported-by: Dean Wallace <duffydack73@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Marco Felsch [Thu, 28 Jun 2018 16:20:34 +0000 (12:20 -0400)]
media: tvp5150: fix switch exit in set control handler
commit
2d29bcc8c237874795175b2930fa9a45a115175a upstream.
The function only consists of a single switch case block without a
default case. Unsupported control requests are indicated by the -EINVAL
return code trough the last return statement at the end of the function. So
exiting just the switch case block returns the -EINVAL error code but the
hue control is supported and a zero should be returned instead.
Replace the break by a 'return 0' to fix this behaviour.
Fixes:
d183e4efcae8 ("[media] v4l: tvp5150: Add missing break in set
control handler")
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Naftali Goldstein [Thu, 10 May 2018 17:32:36 +0000 (20:32 +0300)]
iwlwifi: mvm: always init rs_fw with 20MHz bandwidth rates
commit
2859de7637b541dc7191f4d3fce4a1adba80fb3e upstream.
As with the non-offloaded rs case, during assoc on the ap side the phy
context is set to 20MHz until authorization of a client that supports
wider channel-widths. Support this by sending the initial
tlc_config_cmd with max supported channel width of 20MHz until
authorization succeeds.
Fixes:
6b7a5aea71b3 ("iwlwifi: mvm: always init rs with 20mhz bandwidth rates")
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Emmanuel Grumbach [Mon, 7 May 2018 13:46:35 +0000 (16:46 +0300)]
iwlwifi: mvm: send BCAST management frames to the right station
commit
65c3b582ecab7a403efdf08babbf87fdbe27369c upstream.
Probe responses were sent to the multicast station while
they should be routed to the broadcast station.
This has no negative effect since the frame was still
routed to the right queue, but it looked very fishy
to send a frame to a (queue, station) tuple where
'queue' is not mapped to 'station'.
Fixes:
7c305de2b954 ("iwlwifi: mvm: Direct multicast frames to the correct station")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Saeed Mahameed [Mon, 23 Sep 2019 12:40:29 +0000 (12:40 +0000)]
net/mlx5e: Rx, Check ip headers sanity
[ Upstream commit
0318a7b7fcad9765931146efa7ca3a034194737c ]
In the two places is_last_ethertype_ip is being called, the caller will
be looking inside the ip header, to be safe, add ip{4,6} header sanity
check. And return true only on valid ip headers, i.e: the whole header
is contained in the linear part of the skb.
Note: Such situation is very rare and hard to reproduce, since mlx5e
allocates a large enough headroom to contain the largest header one can
imagine.
Fixes:
fe1dc069990c ("net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets")
Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Saeed Mahameed [Mon, 23 Sep 2019 12:40:25 +0000 (12:40 +0000)]
net/mlx5e: Rx, Fixup skb checksum for packets with tail padding
[ Upstream commit
0aa1d18615c163f92935b806dcaff9157645233a ]
When an ethernet frame with ip payload is padded, the padding octets are
not covered by the hardware checksum.
Prior to the cited commit, skb checksum was forced to be CHECKSUM_NONE
when padding is detected. After it, the kernel will try to trim the
padding bytes and subtract their checksum from skb->csum.
In this patch we fixup skb->csum for any ip packet with tail padding of
any size, if any padding found.
FCS case is just one special case of this general purpose patch, hence,
it is removed.
Fixes:
88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"),
Cc: Eric Dumazet <edumazet@google.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Saeed Mahameed [Mon, 23 Sep 2019 12:40:20 +0000 (12:40 +0000)]
net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
[ Upstream commit
5d0bb3bac4b9f6c22280b04545626fdfd99edc6b ]
XDP programs might change packets data contents which will make the
reported skb checksum (checksum complete) invalid.
When XDP programs are loaded/unloaded set/clear rx RQs
MLX5E_RQ_STATE_NO_CSUM_COMPLETE flag.
Fixes:
86994156c736 ("net/mlx5e: XDP fast RX drop bpf programs support")
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Or Gerlitz [Mon, 23 Sep 2019 12:40:16 +0000 (12:40 +0000)]
net/mlx5e: Allow reporting of checksum unnecessary
[ Upstream commit
b856df28f9230a47669efbdd57896084caadb2b3 ]
Currently we practically never report checksum unnecessary, because
for all IP packets we take the checksum complete path.
Enable non-default runs with reprorting checksum unnecessary, using
an ethtool private flag. This can be useful for performance evals
and other explorations.
Required by downstream patch which fixes XDP checksum.
Fixes:
86994156c736 ("net/mlx5e: XDP fast RX drop bpf programs support")
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cong Wang [Mon, 23 Sep 2019 12:40:12 +0000 (12:40 +0000)]
mlx5: fix get_ip_proto()
[ Upstream commit
ef6fcd455278c2be3032a346cc66d9dd9866b787 ]
IP header is not necessarily located right after struct ethhdr,
there could be multiple 802.1Q headers in between, this is why
we call __vlan_get_protocol().
Fixes:
fe1dc069990c ("net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets")
Cc: Alaa Hleihel <alaa@mellanox.com>
Cc: Or Gerlitz <ogerlitz@mellanox.com>
Cc: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Acked-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alaa Hleihel [Mon, 23 Sep 2019 12:40:06 +0000 (12:40 +0000)]
net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets
[ Upstream commit
fe1dc069990c1f290ef6b99adb46332c03258f38 ]
CHECKSUM_COMPLETE is not applicable to SCTP protocol.
Setting it for SCTP packets leads to CRC32c validation failure.
Fixes:
bbceefce9adf ("net/mlx5e: Support RX CHECKSUM_COMPLETE")
Signed-off-by: Alaa Hleihel <alaa@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Natali Shechtman [Mon, 23 Sep 2019 12:40:01 +0000 (12:40 +0000)]
net/mlx5e: Set ECN for received packets using CQE indication
[ Upstream commit
f007c13d4ad62f494c83897eda96437005df4a91 ]
In multi-host (MH) NIC scheme, a single HW port serves multiple hosts
or sockets on the same host.
The HW uses a mechanism in the PCIe buffer which monitors
the amount of consumed PCIe buffers per host.
On a certain configuration, under congestion,
the HW emulates a switch doing ECN marking on packets using ECN
indication on the completion descriptor (CQE).
The driver needs to set the ECN bits on the packet SKB,
such that the network stack can react on that, this commit does that.
Needed by downstream patch which fixes a mlx5 checksum issue.
Fixes:
bbceefce9adf ("net/mlx5e: Support RX CHECKSUM_COMPLETE")
Signed-off-by: Natali Shechtman <natali@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Aurelien Aptel [Wed, 17 Jul 2019 10:46:28 +0000 (12:46 +0200)]
CIFS: fix deadlock in cached root handling
commit
7e5a70ad88b1e6f6d9b934b2efb41afff496820f upstream.
Prevent deadlock between open_shroot() and
cifs_mark_open_files_invalid() by releasing the lock before entering
SMB2_open, taking it again after and checking if we still need to use
the result.
Link: https://lore.kernel.org/linux-cifs/684ed01c-cbca-2716-bc28-b0a59a0f8521@prodrive-technologies.com/T/#u
Fixes:
3d4ef9a15343 ("smb3: fix redundant opens on root")
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gustavo A. R. Silva [Mon, 9 Sep 2019 05:29:52 +0000 (00:29 -0500)]
crypto: talitos - fix missing break in switch statement
commit
5fc194ea6d34dfad9833d3043ce41d6c52aff39a upstream.
Add missing break statement in order to prevent the code from falling
through to case CRYPTO_ALG_TYPE_AHASH.
Fixes:
aeb4c132f33d ("crypto: talitos - Convert to new AEAD interface")
Cc: stable@vger.kernel.org
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tokunori Ikegami [Mon, 5 Aug 2019 19:03:18 +0000 (04:03 +0900)]
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
commit
37c673ade35c707d50583b5b25091ff8ebdeafd7 upstream.
As reported by the OpenWRT team, write requests sometimes fail on some
platforms.
Currently to check the state chip_ready() is used correctly as described by
the flash memory S29GL256P11TFI01 datasheet.
Also chip_good() is used to check if the write is succeeded and it was
implemented by the commit
fb4a90bfcd6d8 ("[MTD] CFI-0002 - Improve error
checking").
But actually the write failure is caused on some platforms and also it can
be fixed by using chip_good() to check the state and retry instead.
Also it seems that it is caused after repeated about 1,000 times to retry
the write one word with the reset command.
By using chip_good() to check the state to be done it can be reduced the
retry with reset.
It is depended on the actual flash chip behavior so the root cause is
unknown.
Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
Cc: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
Cc: linux-mtd@lists.infradead.org
Cc: stable@vger.kernel.org
Reported-by: Fabio Bettoni <fbettoni@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
[vigneshr@ti.com: Fix a checkpatch warning]
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sebastian Parschauer [Mon, 2 Sep 2019 10:39:30 +0000 (12:39 +0200)]
HID: Add quirk for HP X500 PIXART OEM mouse
commit
2acf40f0454d41b8d51c95d317283c20c931164d upstream.
The PixArt OEM mice are known for disconnecting every minute in
runlevel 1 or 3 if they are not always polled. So add quirk
ALWAYS_POLL for this one as well.
Ville Viinikka (viinikv) reported and tested the quirk.
Link: https://github.com/sriemer/fix-linux-mouse
Signed-off-by: Sebastian Parschauer <s.parschauer@gmx.de>
CC: stable@vger.kernel.org # v4.16+
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alan Stern [Wed, 21 Aug 2019 17:27:12 +0000 (13:27 -0400)]
HID: hidraw: Fix invalid read in hidraw_ioctl
commit
416dacb819f59180e4d86a5550052033ebb6d72c upstream.
The syzbot fuzzer has reported a pair of problems in the
hidraw_ioctl() function: slab-out-of-bounds read and use-after-free
read. An example of the first:
BUG: KASAN: slab-out-of-bounds in strlen+0x79/0x90 lib/string.c:525
Read of size 1 at addr
ffff8881c8035f38 by task syz-executor.4/2833
CPU: 1 PID: 2833 Comm: syz-executor.4 Not tainted 5.3.0-rc2+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xca/0x13e lib/dump_stack.c:113
print_address_description+0x6a/0x32c mm/kasan/report.c:351
__kasan_report.cold+0x1a/0x33 mm/kasan/report.c:482
kasan_report+0xe/0x12 mm/kasan/common.c:612
strlen+0x79/0x90 lib/string.c:525
strlen include/linux/string.h:281 [inline]
hidraw_ioctl+0x245/0xae0 drivers/hid/hidraw.c:446
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:509 [inline]
do_vfs_ioctl+0xd2d/0x1330 fs/ioctl.c:696
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:713
__do_sys_ioctl fs/ioctl.c:720 [inline]
__se_sys_ioctl fs/ioctl.c:718 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718
do_syscall_64+0xb7/0x580 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459829
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:
00007f7a68f6dc78 EFLAGS:
00000246 ORIG_RAX:
0000000000000010
RAX:
ffffffffffffffda RBX:
0000000000000003 RCX:
0000000000459829
RDX:
0000000000000000 RSI:
0000000080404805 RDI:
0000000000000004
RBP:
000000000075bf20 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000246 R12:
00007f7a68f6e6d4
R13:
00000000004c21de R14:
00000000004d5620 R15:
00000000ffffffff
The two problems have the same cause: hidraw_ioctl() fails to test
whether the device has been removed. This patch adds the missing test.
Reported-and-tested-by: syzbot+5a6c4ec678a0c6ee84ba@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alan Stern [Tue, 20 Aug 2019 20:00:21 +0000 (16:00 -0400)]
HID: logitech: Fix general protection fault caused by Logitech driver
commit
5f9242775bb61f390f0885f23fc16397262c7538 upstream.
The syzbot fuzzer found a general protection fault in the HID subsystem:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 3715 Comm: syz-executor.3 Not tainted 5.2.0-rc6+ #15
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__pm_runtime_resume+0x49/0x180 drivers/base/power/runtime.c:1069
Code: ed 74 d5 fe 45 85 ed 0f 85 9a 00 00 00 e8 6f 73 d5 fe 48 8d bd c1 02
00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48
89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 fe 00 00 00
RSP: 0018:
ffff8881d99d78e0 EFLAGS:
00010202
RAX:
dffffc0000000000 RBX:
0000000000000020 RCX:
ffffc90003f3f000
RDX:
0000000416d8686d RSI:
ffffffff82676841 RDI:
00000020b6c3436a
RBP:
00000020b6c340a9 R08:
ffff8881c6d64800 R09:
fffffbfff0e84c25
R10:
ffff8881d99d7940 R11:
ffffffff87426127 R12:
0000000000000004
R13:
0000000000000000 R14:
ffff8881d9b94000 R15:
ffffffff897f9048
FS:
00007f047f542700(0000) GS:
ffff8881db200000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000001b30f21000 CR3:
00000001ca032000 CR4:
00000000001406f0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
Call Trace:
pm_runtime_get_sync include/linux/pm_runtime.h:226 [inline]
usb_autopm_get_interface+0x1b/0x50 drivers/usb/core/driver.c:1707
usbhid_power+0x7c/0xe0 drivers/hid/usbhid/hid-core.c:1234
hid_hw_power include/linux/hid.h:1038 [inline]
hidraw_open+0x20d/0x740 drivers/hid/hidraw.c:282
chrdev_open+0x219/0x5c0 fs/char_dev.c:413
do_dentry_open+0x497/0x1040 fs/open.c:778
do_last fs/namei.c:3416 [inline]
path_openat+0x1430/0x3ff0 fs/namei.c:3533
do_filp_open+0x1a1/0x280 fs/namei.c:3563
do_sys_open+0x3c0/0x580 fs/open.c:1070
do_syscall_64+0xb7/0x560 arch/x86/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x49/0xbe
It turns out the fault was caused by a bug in the HID Logitech driver,
which violates the requirement that every pathway calling
hid_hw_start() must also call hid_hw_stop(). This patch fixes the bug
by making sure the requirement is met.
Reported-and-tested-by: syzbot+3cbe5cd105d2ad56a1df@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Roderick Colenbrander [Wed, 4 Sep 2019 21:22:11 +0000 (14:22 -0700)]
HID: sony: Fix memory corruption issue on cleanup.
commit
2bcdacb70327013ca2066bfcf2af1009eff01f1d upstream.
The sony driver is not properly cleaning up from potential failures in
sony_input_configured. Currently it calls hid_hw_stop, while hid_connect
is still running. This is not a good idea, instead hid_hw_stop should
be moved to sony_probe. Similar changes were recently made to Logitech
drivers, which were also doing improper cleanup.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
CC: stable@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alan Stern [Wed, 4 Sep 2019 15:54:20 +0000 (11:54 -0400)]
HID: prodikeys: Fix general protection fault during probe
commit
98375b86c79137416e9fd354177b85e768c16e56 upstream.
The syzbot fuzzer provoked a general protection fault in the
hid-prodikeys driver:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc5+ #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:pcmidi_submit_output_report drivers/hid/hid-prodikeys.c:300 [inline]
RIP: 0010:pcmidi_set_operational drivers/hid/hid-prodikeys.c:558 [inline]
RIP: 0010:pcmidi_snd_initialise drivers/hid/hid-prodikeys.c:686 [inline]
RIP: 0010:pk_probe+0xb51/0xfd0 drivers/hid/hid-prodikeys.c:836
Code: 0f 85 50 04 00 00 48 8b 04 24 4c 89 7d 10 48 8b 58 08 e8 b2 53 e4 fc
48 8b 54 24 20 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f
85 13 04 00 00 48 ba 00 00 00 00 00 fc ff df 49 8b
The problem is caused by the fact that pcmidi_get_output_report() will
return an error if the HID device doesn't provide the right sort of
output report, but pcmidi_set_operational() doesn't bother to check
the return code and assumes the function call always succeeds.
This patch adds the missing check and aborts the probe operation if
necessary.
Reported-and-tested-by: syzbot+1088533649dafa1c9004@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jack Morgenstein [Mon, 27 Aug 2018 05:35:55 +0000 (08:35 +0300)]
IB/core: Add an unbound WQ type to the new CQ API
commit
f794809a7259dfaa3d47d90ef5a86007cf48b1ce upstream.
The upstream kernel commit cited below modified the workqueue in the
new CQ API to be bound to a specific CPU (instead of being unbound).
This caused ALL users of the new CQ API to use the same bound WQ.
Specifically, MAD handling was severely delayed when the CPU bound
to the WQ was busy handling (higher priority) interrupts.
This caused a delay in the MAD "heartbeat" response handling,
which resulted in ports being incorrectly classified as "down".
To fix this, add a new "unbound" WQ type to the new CQ API, so that users
have the option to choose either a bound WQ or an unbound WQ.
For MADs, choose the new "unbound" WQ.
Fixes:
b7363e67b23e ("IB/device: Convert ib-comp-wq to be CPU-bound")
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.m>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nick Desaulniers [Mon, 22 Jul 2019 22:31:05 +0000 (15:31 -0700)]
drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines
[ Upstream commit
0f0727d971f6fdf8f1077180d495ddb9928f0c8b ]
arch/x86/Makefile disables SSE and SSE2 for the whole kernel. The
AMDGPU drivers modified in this patch re-enable SSE but not SSE2. Turn
on SSE2 to support emitting double precision floating point instructions
rather than calls to non-existent (usually available from gcc_s or
compiler_rt) floating point helper routines for Clang.
This was originally landed in:
commit
10117450735c ("drm/amd/display: add -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines")
but reverted in:
commit
193392ed9f69 ("Revert "drm/amd/display: add -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines"")
due to bugreports from GCC builds. Add guards to only do so for Clang.
Link: https://bugs.freedesktop.org/show_bug.cgi?id=109487
Link: https://github.com/ClangBuiltLinux/linux/issues/327
Suggested-by: Sedat Dilek <sedat.dilek@gmail.com>
Suggested-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Kurz [Wed, 11 Sep 2019 15:52:18 +0000 (17:52 +0200)]
powerpc/xive: Fix bogus error code returned by OPAL
commit
6ccb4ac2bf8a35c694ead92f8ac5530a16e8f2c8 upstream.
There's a bug in skiboot that causes the OPAL_XIVE_ALLOCATE_IRQ call
to return the 32-bit value 0xffffffff when OPAL has run out of IRQs.
Unfortunatelty, OPAL return values are signed 64-bit entities and
errors are supposed to be negative. If that happens, the linux code
confusingly treats 0xffffffff as a valid IRQ number and panics at some
point.
A fix was recently merged in skiboot:
e97391ae2bb5 ("xive: fix return value of opal_xive_allocate_irq()")
but we need a workaround anyway to support older skiboots already
in the field.
Internally convert 0xffffffff to OPAL_RESOURCE which is the usual error
returned upon resource exhaustion.
Cc: stable@vger.kernel.org # v4.12+
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/156821713818.1985334.14123187368108582810.stgit@bahia.lan
(groug: fix arch/powerpc/platforms/powernv/opal-wrappers.S instead of
non-existing arch/powerpc/platforms/powernv/opal-call.c)
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Leon Romanovsky [Thu, 11 Oct 2018 19:10:10 +0000 (22:10 +0300)]
RDMA/restrack: Protect from reentry to resource return path
commit
fe9bc1644918aa1d02a889b4ca788bfb67f90816 upstream.
Nullify the resource task struct pointer to ensure that subsequent calls
won't try to release task_struct again.
------------[ cut here ]------------
ODEBUG: free active (active state 1) object type: rcu_head hint:
(null)
WARNING: CPU: 0 PID: 6048 at lib/debugobjects.c:329
debug_print_object+0x16a/0x210 lib/debugobjects.c:326
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 6048 Comm: syz-executor022 Not tainted
4.19.0-rc7-next-
20181008+ #89
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x3ab lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x254/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
Code: 41 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14
dd
60 02 41 88 4c 89 fe 48 c7 c7 00 f8 40 88 e8 36 2f b4 fd <0f> 0b 83 05
a9
f4 5e 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:
ffff8801d8c3eda8 EFLAGS:
00010086
RAX:
0000000000000000 RBX:
0000000000000003 RCX:
0000000000000000
RDX:
0000000000000000 RSI:
ffffffff8164d235 RDI:
0000000000000005
RBP:
ffff8801d8c3ede8 R08:
ffff8801d70aa280 R09:
ffffed003b5c3eda
R10:
ffffed003b5c3eda R11:
ffff8801dae1f6d7 R12:
0000000000000001
R13:
ffffffff8939a760 R14:
0000000000000000 R15:
ffffffff8840fca0
__debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
debug_check_no_obj_freed+0x3ae/0x58d lib/debugobjects.c:818
kmem_cache_free+0x202/0x290 mm/slab.c:3759
free_task_struct kernel/fork.c:163 [inline]
free_task+0x16e/0x1f0 kernel/fork.c:457
__put_task_struct+0x2e6/0x620 kernel/fork.c:730
put_task_struct include/linux/sched/task.h:96 [inline]
finish_task_switch+0x66c/0x900 kernel/sched/core.c:2715
context_switch kernel/sched/core.c:2834 [inline]
__schedule+0x8d7/0x21d0 kernel/sched/core.c:3480
schedule+0xfe/0x460 kernel/sched/core.c:3524
freezable_schedule include/linux/freezer.h:172 [inline]
futex_wait_queue_me+0x3f9/0x840 kernel/futex.c:2530
futex_wait+0x45c/0xa50 kernel/futex.c:2645
do_futex+0x31a/0x26d0 kernel/futex.c:3528
__do_sys_futex kernel/futex.c:3589 [inline]
__se_sys_futex kernel/futex.c:3557 [inline]
__x64_sys_futex+0x472/0x6a0 kernel/futex.c:3557
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446549
Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:
00007f3a998f5da8 EFLAGS:
00000246 ORIG_RAX:
00000000000000ca
RAX:
ffffffffffffffda RBX:
00000000006dbc38 RCX:
0000000000446549
RDX:
0000000000000000 RSI:
0000000000000080 RDI:
00000000006dbc38
RBP:
00000000006dbc30 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000246 R12:
00000000006dbc3c
R13:
2f646e6162696e69 R14:
666e692f7665642f R15:
00000000006dbd2c
Kernel Offset: disabled
Reported-by: syzbot+71aff6ea121ffefc280f@syzkaller.appspotmail.com
Fixes:
ed7a01fd3fd7 ("RDMA/restrack: Release task struct which was hold by CM_ID object")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Cc: Pavel Machek <pavel@denx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Juliet Kim [Thu, 5 Sep 2019 21:30:01 +0000 (17:30 -0400)]
net/ibmvnic: free reset work of removed device from queue
[ Upstream commit
1c2977c094998de032fee6e898c88b4a05483d08 ]
Commit
36f1031c51a2 ("ibmvnic: Do not process reset during or after
device removal") made the change to exit reset if the driver has been
removed, but does not free reset work items of the adapter from queue.
Ensure all reset work items are freed when breaking out of the loop early.
Fixes:
36f1031c51a2 ("ibmnvic: Do not process reset during or after device removal”)
Signed-off-by: Juliet Kim <julietk@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Marcel Holtmann [Wed, 4 Sep 2019 18:13:08 +0000 (20:13 +0200)]
Revert "Bluetooth: validate BLE connection interval updates"
[ Upstream commit
68d19d7d995759b96169da5aac313363f92a9075 ]
This reverts commit
c49a8682fc5d298d44e8d911f4fa14690ea9485e.
There are devices which require low connection intervals for usable operation
including keyboards and mice. Forcing a static connection interval for
these types of devices has an impact in latency and causes a regression.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Stefan Wahren [Sun, 21 Jul 2019 14:01:36 +0000 (16:01 +0200)]
pinctrl: bcm2835: Add support for BCM2711 pull-up functionality
commit
e38a9a437fb93ddafab5030165e4c6a3a5021669 upstream.
The BCM2711 has a new way of selecting the pull-up/pull-down setting
for a GPIO pin. The registers used for the BCM2835, GP_PUD and
GP_PUDCLKn0, are no longer connected. A new set of registers,
GP_GPIO_PUP_PDN_CNTRL_REGx must be used. This commit will add
a new compatible string "brcm,bcm2711-gpio" and the kernel
driver will use it to select which method is used to select
pull-up/pull-down.
This patch based on a patch by Al Cooper which was intended for the
BCM7211. This is a bugfixed and improved version.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Acked-by: Eric Anholt <eric@anholt.net>
Stefan Wahren [Sun, 3 Feb 2019 13:02:34 +0000 (14:02 +0100)]
pinctrl: bcm2835: Direct GPIO config changes to generic pinctrl
commit
b6e5531c0f80de2779c87d0235b4fde5310a83b5 upstream.
In order to support GPIO config changes direct these to the generic pinctrl.
This also requires an adjust of the return code for unsupported parameter
otherwise gpiod_configure_flags wont work as expected.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stefan Wahren [Sun, 3 Feb 2019 13:02:33 +0000 (14:02 +0100)]
pinctrl: bcm2835: declare pin config as generic
commit
1cb66f080c27349fbf87fb327d587b4b0b624fa3 upstream.
Since commit
0de704955ee44 ("pinctrl: bcm2835: Add support for
generic pinctrl binding") this driver is capable to use the generic
interface. So declare this accordingly.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stefan Wahren [Sat, 10 Nov 2018 16:15:11 +0000 (17:15 +0100)]
pinctrl: bcm2835: Switch to SPDX identifier
commit
a62c36775ba873611b00b82ce7ebcd4ff2126111 upstream.
Adopt the SPDX license identifier headers to ease license compliance
management.
Cc: Simon Arlott <simon@arlott.org>
Cc: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Nathan Chancellor [Thu, 1 Nov 2018 00:46:54 +0000 (17:46 -0700)]
pinctrl: bcm2835: Use define directive for BCM2835_PINCONF_PARAM_PULL
commit
b40ac08ff886302a6aa457fd72e94a969f50e245 upstream.
Clang warns when one enumerated type is implicitly converted to another:
drivers/pinctrl/bcm/pinctrl-bcm2835.c:707:40: warning: implicit
conversion from enumeration type 'enum bcm2835_pinconf_param' to
different enumeration type 'enum pin_config_param' [-Wenum-conversion]
configs[0] = pinconf_to_config_packed(BCM2835_PINCONF_PARAM_PULL, pull);
~~~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
It is expected that pinctrl drivers can extend pin_config_param because
of the gap between PIN_CONFIG_END and PIN_CONFIG_MAX so this conversion
isn't an issue. Most drivers that take advantage of this define the
PIN_CONFIG variables as constants, rather than enumerated values. Do the
same thing here so that Clang no longer warns.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stefan Wahren [Tue, 24 Sep 2019 19:37:17 +0000 (21:37 +0200)]
Revert "pinctrl-bcm2835: Add support for BCM2838"
This reverts commit
abcfd092860760087b87acbdda0963fe7906839c, so we can
apply all upstream pinctrl changes.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Thu, 19 Sep 2019 18:45:30 +0000 (20:45 +0200)]
ARM: bcm: Switch board, clk and pinctrl to bcm2711 compatible
After the decision to use bcm2711 compatible for upstream, we should
switch all accepted compatibles to bcm2711. So we can boot with
one DTB the down- and the upstream kernel.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Fri, 20 Sep 2019 05:27:03 +0000 (07:27 +0200)]
clk: bcm2835: Add BCM2711_CLOCK_EMMC2 support
commit
42de9ad400afadd41ee027b5feef234a2d2918b9 upstream.
The new BCM2711 supports an additional clock for the emmc2 block.
So add a new compatible and register this clock only for BCM2711.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Reviewed-by: Matthias Brugger <mbrugger@suse.com>
Acked-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Stefan Wahren [Thu, 19 Sep 2019 18:12:15 +0000 (20:12 +0200)]
clk: bcm2835: Introduce SoC specific clock registration
commit
ee0a5a9013b2b2502571a763c3093d400d18191f upstream.
In order to support SoC specific clocks (e.g. emmc2 for BCM2711), we
extend the description with a SoC support flag. This approach avoids long
and mostly redundant lists of clock IDs. Since PLLH is specific to
BCM2835, we register only rest of the clocks as common to all SoC.
Suggested-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Reviewed-by: Matthias Brugger <mbrugger@suse.com>
Acked-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Stefan Wahren [Fri, 20 Sep 2019 05:25:38 +0000 (07:25 +0200)]
Revert "HACK: clk-bcm2835: Add BCM2838_CLOCK_EMMC2 support"
This reverts commit
1ac954a8c5dd939dffd3b256be50253082297d9a
to apply the much better upstream solution afterwards.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Tue, 17 Sep 2019 17:31:19 +0000 (19:31 +0200)]
ARM: dts: bcm283x: Enable HDMI at board level
commit
60c833d5664e1b3f71c4471233469790adf505ca upstream.
There might be headless setups of the Compute Module without HDMI,
so better enable HDMI at board level. Btw this allows moving HDMI
base definition into upcoming bcm2835-common.dtsi.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Reviewed-by: Eric Anholt <eric@anholt.net>
Stefan Wahren [Sat, 21 Sep 2019 13:55:19 +0000 (15:55 +0200)]
ARM: dts: bcm2708-rpi: Define the downstream HDMI power at one place
In order to keep downstream definition of the HDMI power domain separate
and independent from upstream changes, add them to bcm2708-rpi.dtsi.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Mon, 23 Sep 2019 17:41:33 +0000 (19:41 +0200)]
ARM: dts: bcm2835-rpi-zero-w: Fix bus-width of sdhci
The commit
e7774049ff25 ("ARM: dts: bcm283x: Define MMC interfaces at
board level") accidently dropped the bus width for the sdhci on the
RPi Zero W, because the board file was relying on the defaults
from bcm2835-rpi.dtsi. So fix this performance regression by adding
the bus width to the board file.
Fixes:
e7774049ff25 ("ARM: dts: bcm283x: Define MMC interfaces at board level")
Reported-by: Phil Elwell <phil@raspberrypi.org>
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Tue, 17 Sep 2019 17:16:17 +0000 (19:16 +0200)]
ARM: dts: bcm283x: Define MMC interfaces at board level
commit
e7774049ff255c8ba72bcee9c7ab307a95e8d7bc upstream.
Starting with RPi 4 this is the first board, which doesn't use sdhost
as default SD interface. So the MMC interfaces should be defined finally at
board level. Since all boards using sdhci already does this, we can drop the
pinctrl part from bcm2835-rpi.dtsi.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Acked-by: Eric Anholt <eric@anholt.net>
Stefan Wahren [Sat, 21 Sep 2019 13:29:33 +0000 (15:29 +0200)]
ARM: dts: bcm2708-rpi: Define the downstream MMC interfaces at one place
In order to keep downstream definition of the MMC interfaces separate
and independent from upstream changes, add them to bcm2708-rpi.dtsi.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Sun, 30 Dec 2018 11:07:16 +0000 (12:07 +0100)]
ARM: dts: bcm2835-rpi: Drop unnecessary #address-cells/#size-cells
Compiling the bcm2835-rpi.dtsi with W=1 leads to the following warning:
Warning (avoid_unnecessary_addr_size): /soc/firmware: unnecessary
#address-cells/#size-cells without "ranges" or child "reg" property
Fix this by removing these unnecessary properties.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Lukas Wunner [Thu, 9 May 2019 17:03:00 +0000 (19:03 +0200)]
ARM: bcm283x: Enable DMA support for SPI controller
Without this, the driver for the BCM2835 SPI controller uses interrupt
mode instead of DMA mode, incurring a significant performance penalty.
The Foundation's device tree has had these attributes for years, but for
some reason they were never upstreamed.
They were originally contributed by Noralf Trønnes and Martin Sperl:
https://github.com/raspberrypi/linux/commit/
25f3e064afc8
https://github.com/raspberrypi/linux/commit/
e0edb52b47e6
The DREQ numbers 6 and 7 are documented in section 4.2.1.3 of:
https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf
Tested-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Martin Sperl <kernel@martin.sperl.org>
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Cc: Martin Sperl <kernel@martin.sperl.org>
Cc: Noralf Trønnes <noralf@tronnes.org>
Stefan Wahren [Mon, 23 Sep 2019 18:09:12 +0000 (20:09 +0200)]
ARM: dts: bcm27xx: Fix DTC warning for memory node
Compiling the bcm27xx DTS with W=1 leads to the following warning:
Warning (unit_address_vs_reg): /memory: node has a reg or ranges property,
but no unit name
Fix this by adding the unit address.
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Stefan Wahren [Mon, 23 Sep 2019 16:56:37 +0000 (18:56 +0200)]
ARM: dts: bcm283x: Fix DTC warning for memory node
commit
f090e1bd7b05f17d35b6e2d0e946d8a8085d264f upstream.
Compiling the bcm283x DTS with W=1 leads to the following warning:
Warning (unit_address_vs_reg): /memory: node has a reg or ranges property,
but no unit name
Fix this by adding the unit address.
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Tested-by: Peter Robinson <pbrobinson@gmail.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Michael Brown [Sun, 22 Sep 2019 20:51:29 +0000 (21:51 +0100)]
bcm2708_fb: Fix layout of struct vc4_display_settings_t
The display parameters returned by the VC4 firmware in response to the
RPI_FIRMWARE_FRAMEBUFFER_GET_DISPLAY_SETTINGS tag do not match the
layout of struct vc4_display_settings_t: the colour depth and row
pitch are erroneously swapped in the kernel definition. This can
trigger a kernel warning from pixel_to_pat(), such as:
pixel_to_pat(): unsupported pixelformat 7296
Fix by adjusting the layout of struct vc4_display_settings_t to match
the layout as used by the VC4 firmware.
Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
popcornmix [Tue, 24 Sep 2019 17:28:42 +0000 (18:28 +0100)]
Merge remote-tracking branch 'stable/linux-4.19.y' into rpi-4.19.y
Takashi Iwai [Sat, 14 Sep 2019 15:24:05 +0000 (17:24 +0200)]
staging: bcm2835-audio: Fix draining behavior regression
The PCM draining behavior got broken since the recent refactoring, and
this turned out to be the incorrect expectation of the firmware
behavior regarding "draining". While I expected the "drain" flag at
the stop operation would do processing the queued samples, it seems
rather dropping the samples.
As a quick fix, just drop the SNDRV_PCM_INFO_DRAIN_TRIGGER flag, so
that the driver uses the normal PCM draining procedure. Also, put
some caution comment to the function for future readers not to fall
into the same pitfall.
Fixes:
d7ca3a71545b ("staging: bcm2835-audio: Operate non-atomic PCM ops")
BugLink: https://github.com/raspberrypi/linux/issues/2983
Cc: stable@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
popcornmix [Tue, 24 Sep 2019 15:04:26 +0000 (17:04 +0200)]
configs: Update bcm2711 arm64 USB options to match arm (#3254)
Signed-off-by: popcornmix <popcornmix@gmail.com>
Phil Elwell [Tue, 24 Sep 2019 08:31:38 +0000 (09:31 +0100)]
configs: Enable CONFIG_NET_VRF=m
Add the Virtual Routing and Forwarding module.
See: https://github.com/raspberrypi/linux/issues/3253
Signed-off-by: Phil Elwell <phil@raspberrypi.org>
Greg Kroah-Hartman [Sat, 21 Sep 2019 05:17:15 +0000 (07:17 +0200)]
Linux 4.19.75
Sean Young [Wed, 3 Jul 2019 14:52:39 +0000 (10:52 -0400)]
media: technisat-usb2: break out of loop at end of buffer
commit
0c4df39e504bf925ab666132ac3c98d6cbbe380b upstream.
Ensure we do not access the buffer beyond the end if no 0xff byte
is encountered.
Reported-by: syzbot+eaaaf38a95427be88f4b@syzkaller.appspotmail.com
Signed-off-by: Sean Young <sean@mess.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Will Deacon [Thu, 13 Dec 2018 13:47:38 +0000 (13:47 +0000)]
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
commit
2a355ec25729053bb9a1a89b6c1d1cdd6c3b3fb1 upstream.
While the CSV3 field of the ID_AA64_PFR0 CPU ID register can be checked
to see if a CPU is susceptible to Meltdown and therefore requires kpti
to be enabled, existing CPUs do not implement this field.
We therefore whitelist all unaffected Cortex-A CPUs that do not implement
the CSV3 field.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Cc: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kees Cook [Tue, 14 May 2019 22:43:57 +0000 (15:43 -0700)]
binfmt_elf: move brk out of mmap when doing direct loader exec
commit
bbdc6076d2e5d07db44e74c11b01a3e27ab90b32 upstream.
Commmit
eab09532d400 ("binfmt_elf: use ELF_ET_DYN_BASE only for PIE"),
made changes in the rare case when the ELF loader was directly invoked
(e.g to set a non-inheritable LD_LIBRARY_PATH, testing new versions of
the loader), by moving into the mmap region to avoid both ET_EXEC and
PIE binaries. This had the effect of also moving the brk region into
mmap, which could lead to the stack and brk being arbitrarily close to
each other. An unlucky process wouldn't get its requested stack size
and stack allocations could end up scribbling on the heap.
This is illustrated here. In the case of using the loader directly, brk
(so helpfully identified as "[heap]") is allocated with the _loader_ not
the binary. For example, with ASLR entirely disabled, you can see this
more clearly:
$ /bin/cat /proc/self/maps
555555554000-
55555555c000 r-xp
00000000 ... /bin/cat
55555575b000-
55555575c000 r--p
00007000 ... /bin/cat
55555575c000-
55555575d000 rw-p
00008000 ... /bin/cat
55555575d000-
55555577e000 rw-p
00000000 ... [heap]
...
7ffff7ff7000-
7ffff7ffa000 r--p
00000000 ... [vvar]
7ffff7ffa000-
7ffff7ffc000 r-xp
00000000 ... [vdso]
7ffff7ffc000-
7ffff7ffd000 r--p
00027000 ... /lib/x86_64-linux-gnu/ld-2.27.so
7ffff7ffd000-
7ffff7ffe000 rw-p
00028000 ... /lib/x86_64-linux-gnu/ld-2.27.so
7ffff7ffe000-
7ffff7fff000 rw-p
00000000 ...
7ffffffde000-
7ffffffff000 rw-p
00000000 ... [stack]
$ /lib/x86_64-linux-gnu/ld-2.27.so /bin/cat /proc/self/maps
...
7ffff7bcc000-
7ffff7bd4000 r-xp
00000000 ... /bin/cat
7ffff7bd4000-
7ffff7dd3000 ---p
00008000 ... /bin/cat
7ffff7dd3000-
7ffff7dd4000 r--p
00007000 ... /bin/cat
7ffff7dd4000-
7ffff7dd5000 rw-p
00008000 ... /bin/cat
7ffff7dd5000-
7ffff7dfc000 r-xp
00000000 ... /lib/x86_64-linux-gnu/ld-2.27.so
7ffff7fb2000-
7ffff7fd6000 rw-p
00000000 ...
7ffff7ff7000-
7ffff7ffa000 r--p
00000000 ... [vvar]
7ffff7ffa000-
7ffff7ffc000 r-xp
00000000 ... [vdso]
7ffff7ffc000-
7ffff7ffd000 r--p
00027000 ... /lib/x86_64-linux-gnu/ld-2.27.so
7ffff7ffd000-
7ffff7ffe000 rw-p
00028000 ... /lib/x86_64-linux-gnu/ld-2.27.so
7ffff7ffe000-
7ffff8020000 rw-p
00000000 ... [heap]
7ffffffde000-
7ffffffff000 rw-p
00000000 ... [stack]
The solution is to move brk out of mmap and into ELF_ET_DYN_BASE since
nothing is there in the direct loader case (and ET_EXEC is still far
away at 0x400000). Anything that ran before should still work (i.e.
the ultimately-launched binary already had the brk very far from its
text, so this should be no different from a COMPAT_BRK standpoint). The
only risk I see here is that if someone started to suddenly depend on
the entire memory space lower than the mmap region being available when
launching binaries via a direct loader execs which seems highly
unlikely, I'd hope: this would mean a binary would _not_ work when
exec()ed normally.
(Note that this is only done under CONFIG_ARCH_HAS_ELF_RANDOMIZATION
when randomization is turned on.)
Link: http://lkml.kernel.org/r/20190422225727.GA21011@beast
Link: https://lkml.kernel.org/r/CAGXu5jJ5sj3emOT2QPxQkNQk0qbU6zEfu9=Omfhx_p0nCKPSjA@mail.gmail.com
Fixes:
eab09532d400 ("binfmt_elf: use ELF_ET_DYN_BASE only for PIE")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Ali Saidi <alisaidi@amazon.com>
Cc: Ali Saidi <alisaidi@amazon.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jann Horn [Tue, 26 Mar 2019 22:03:48 +0000 (23:03 +0100)]
floppy: fix usercopy direction
commit
52f6f9d74f31078964ca1574f7bb612da7877ac8 upstream.
As sparse points out, these two copy_from_user() should actually be
copy_to_user().
Fixes:
229b53c9bf4e ("take floppy compat ioctls to sodding floppy.c")
Cc: stable@vger.kernel.org
Acked-by: Alexander Popov <alex.popov@linux.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Amir Goldstein [Fri, 12 Jul 2019 12:24:34 +0000 (15:24 +0300)]
ovl: fix regression caused by overlapping layers detection
commit
0be0bfd2de9dfdd2098a9c5b14bdd8f739c9165d upstream.
Once upon a time, commit
2cac0c00a6cd ("ovl: get exclusive ownership on
upper/work dirs") in v4.13 added some sanity checks on overlayfs layers.
This change caused a docker regression. The root cause was mount leaks
by docker, which as far as I know, still exist.
To mitigate the regression, commit
85fdee1eef1a ("ovl: fix regression
caused by exclusive upper/work dir protection") in v4.14 turned the
mount errors into warnings for the default index=off configuration.
Recently, commit
146d62e5a586 ("ovl: detect overlapping layers") in
v5.2, re-introduced exclusive upper/work dir checks regardless of
index=off configuration.
This changes the status quo and mount leak related bug reports have
started to re-surface. Restore the status quo to fix the regressions.
To clarify, index=off does NOT relax overlapping layers check for this
ovelayfs mount. index=off only relaxes exclusive upper/work dir checks
with another overlayfs mount.
To cover the part of overlapping layers detection that used the
exclusive upper/work dir checks to detect overlap with self upper/work
dir, add a trap also on the work base dir.
Link: https://github.com/moby/moby/issues/34672
Link: https://lore.kernel.org/linux-fsdevel/20171006121405.GA32700@veci.piliscsaba.szeredi.hu/
Link: https://github.com/containers/libpod/issues/3540
Fixes:
146d62e5a586 ("ovl: detect overlapping layers")
Cc: <stable@vger.kernel.org> # v4.19+
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Tested-by: Colin Walters <walters@verbum.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nathan Chancellor [Wed, 19 Sep 2018 05:38:29 +0000 (22:38 -0700)]
PCI: kirin: Fix section mismatch warning
commit
6870b673509779195cab300aedc844b352d9cfbc upstream.
The PCI kirin driver compilation produces the following section mismatch
warning:
WARNING: vmlinux.o(.text+0x4758cc): Section mismatch in reference from
the function kirin_pcie_probe() to the function
.init.text:kirin_add_pcie_port()
The function kirin_pcie_probe() references
the function __init kirin_add_pcie_port().
This is often because kirin_pcie_probe lacks a __init
annotation or the annotation of kirin_add_pcie_port is wrong.
Remove '__init' from kirin_add_pcie_port() to fix it.
Fixes:
fc5165db245a ("PCI: kirin: Add HiSilicon Kirin SoC PCIe controller driver")
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
[lorenzo.pieralisi@arm.com: updated commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
projects / platform / kernel / linux-rpi.git / log