Luiz Augusto von Dentz [Wed, 8 Dec 2021 23:35:48 +0000 (15:35 -0800)]
Bluetooth: L2CAP: Fix using wrong mode
[ Upstream commit
30d57722732d9736554f85f75f9d7ad5402d192e ]
If user has a set to use SOCK_STREAM the socket would default to
L2CAP_MODE_ERTM which later needs to be adjusted if the destination
address is LE which doesn't support such mode.
Fixes:
15f02b9105625 ("Bluetooth: L2CAP: Add initial code for Enhanced Credit Based Mode")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Thu, 16 Sep 2021 11:09:22 +0000 (13:09 +0200)]
um: virtio_uml: Fix time-travel external time propagation
[ Upstream commit
85e73968a040c642fd38f6cba5b73b61f5d0f052 ]
When creating an external event, the current time needs to
be propagated to other participants of a simulation. This
is done in the places here where we kick a virtq etc.
However, it must be done for _all_ external events, and
that includes making the initial socket connection and
later closing it. Call time_travel_propagate_time() to do
this before making or closing the socket connection.
Apparently, at least for the initial connection creation,
due to the remote side in my use cases using microseconds
(rather than nanoseconds), this wasn't a problem yet; only
started failing between 5.14-rc1 and 5.15-rc1 (didn't test
others much), or possibly depending on the configuration,
where more delays happen before the virtio devices are
initialized.
Fixes:
88ce64249233 ("um: Implement time-travel=ext")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Wed, 15 Sep 2021 18:30:22 +0000 (20:30 +0200)]
lib/logic_iomem: Fix operation on 32-bit
[ Upstream commit
4e8a5edac5010820e7c5303fc96f5a262e096bb6 ]
On 32-bit, the first entry might be at 0/NULL, but that's
strange and leads to issues, e.g. where we check "if (ret)".
Use a IOREMAP_BIAS/IOREMAP_MASK of 0x80000000UL to avoid
this. This then requires reducing the number of areas (via
MAX_AREAS), but we still have 128 areas, which is enough.
Fixes:
ca2e334232b6 ("lib: add iomem emulation (logic_iomem)")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Wed, 15 Sep 2021 18:30:21 +0000 (20:30 +0200)]
lib/logic_iomem: Fix 32-bit build
[ Upstream commit
4e84139e14af5ea60772cc4f33d7059aec76e0eb ]
On a 32-bit build, the (unsigned long long) casts throw warnings
(or errors) due to being to a different integer size. Cast to
uintptr_t first (with the __force for sparse) and then further
to get the consistent print on 32 and 64-bit.
Fixes:
ca2e334232b6 ("lib: add iomem emulation (logic_iomem)")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Wed, 15 Sep 2021 18:30:20 +0000 (20:30 +0200)]
um: virt-pci: Fix 32-bit compile
[ Upstream commit
d73820df6437b5d0a57be53faf39db46a0264b3a ]
There were a few 32-bit compile warnings that of course
turned into errors with -Werror, fix the 32-bit build.
Fixes:
68f5d3f3b654 ("um: add PCI over virtio emulation driver")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Tue, 31 Aug 2021 07:11:15 +0000 (09:11 +0200)]
um: rename set_signals() to um_set_signals()
[ Upstream commit
bbe33504d4a7fdab9011211e55e262c869b3f6cc ]
Rename set_signals() as there's at least one driver that
uses the same name and can now be built on UM due to PCI
support, and thus we can get symbol conflicts.
Also rename set_signals_trace() to be consistent.
Reported-by: kernel test robot <lkp@intel.com>
Fixes:
68f5d3f3b654 ("um: add PCI over virtio emulation driver")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Tue, 31 Aug 2021 07:27:53 +0000 (09:27 +0200)]
um: fix ndelay/udelay defines
[ Upstream commit
5f8539e2ff962e25b57742ca7106456403abbc94 ]
Many places in the kernel use 'udelay' as an identifier, and
are broken with the current "#define udelay um_udelay". Fix
this by adding an argument to the macro, and do the same to
'ndelay' as well, just in case.
Fixes:
0bc8fb4dda2b ("um: Implement ndelay/udelay in time-travel mode")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Bernard Zhao [Fri, 10 Dec 2021 12:03:58 +0000 (04:03 -0800)]
selinux: fix potential memleak in selinux_add_opt()
[ Upstream commit
2e08df3c7c4e4e74e3dd5104c100f0bf6288aaa8 ]
This patch try to fix potential memleak in error branch.
Fixes:
ba6418623385 ("selinux: new helper - selinux_add_opt()")
Signed-off-by: Bernard Zhao <bernard@vivo.com>
[PM: tweak the subject line, add Fixes tag]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Christoph Hellwig [Tue, 21 Dec 2021 16:18:51 +0000 (17:18 +0100)]
block: fix error unwinding in device_add_disk
[ Upstream commit
99d8690aae4b2f0d1d90075de355ac087f820a66 ]
One device_add is called disk->ev will be freed by disk_release, so we
should free it twice. Fix this by allocating disk->ev after device_add
so that the extra local unwinding can be removed entirely.
Based on an earlier patch from Tetsuo Handa.
Reported-by: syzbot <syzbot+28a66a9fbc621c939000@syzkaller.appspotmail.com>
Tested-by: syzbot <syzbot+28a66a9fbc621c939000@syzkaller.appspotmail.com>
Fixes:
83cbce9574462c6b ("block: add error handling for device_add_disk / add_disk")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20211221161851.788424-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Sergey Shtylyov [Fri, 17 Dec 2021 20:27:17 +0000 (23:27 +0300)]
mmc: meson-mx-sdio: add IRQ check
[ Upstream commit
8fc9a77bc64e1f23d07953439817d8402ac9706f ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_threaded_irq()
(which takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_threaded_irq() with the
invalid IRQ #s.
Fixes:
ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoC")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Link: https://lore.kernel.org/r/20211217202717.10041-3-s.shtylyov@omp.ru
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Sergey Shtylyov [Fri, 17 Dec 2021 20:27:16 +0000 (23:27 +0300)]
mmc: meson-mx-sdhc: add IRQ check
[ Upstream commit
77bed755e0f06135faccdd3948863703f9a6e640 ]
The driver neglects to check the result of platform_get_irq()'s call and
blithely passes the negative error codes to devm_request_threaded_irq()
(which takes *unsigned* IRQ #), causing it to fail with -EINVAL, overriding
an original error code. Stop calling devm_request_threaded_irq() with the
invalid IRQ #s.
Fixes:
e4bf1b0970ef ("mmc: host: meson-mx-sdhc: new driver for the Amlogic Meson SDHC host")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Link: https://lore.kernel.org/r/20211217202717.10041-2-s.shtylyov@omp.ru
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Avraham Stern [Sun, 19 Dec 2021 11:28:26 +0000 (13:28 +0200)]
iwlwifi: mvm: set protected flag only for NDP ranging
[ Upstream commit
6bb2ea37c02db98cb677f978cfcb833ca608c5eb ]
Don't use protected ranging negotiation for FTM ranging as responders
that support only FTM ranging don't expect the FTM request to be
protected.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Fixes:
517a5eb9fab2 ("iwlwifi: mvm: when associated with PMF, use protected NDP ranging negotiation")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219132536.f50ed0e3c6b3.Ibff247ee9d4e6e0a1a2d08a3c8a4bbb37e6829dd@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Avraham Stern [Sun, 19 Dec 2021 10:18:20 +0000 (12:18 +0200)]
iwlwifi: mvm: perform 6GHz passive scan after suspend
[ Upstream commit
f4745cbb17572209a7fa27a6796ed70e7ada860b ]
The 6GHz passive scan is performed only once every 50 minutes.
However, in case of suspend/resume, the regulatory information
is reset, so 6GHz channels may become disabled.
Fix it by performing a 6GHz passive scan within 60 seconds after
suspend/resume even if the 50 minutes timeout did not expire yet.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Fixes:
e8fe3b41c3a3 ("iwlwifi: mvm: Add support for 6GHz passive scan")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219121514.6d5c043372cf.I251dd5618a3f0b8febbcca788eb861f1cd6039bc@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nathan Errera [Sun, 19 Dec 2021 10:18:15 +0000 (12:18 +0200)]
iwlwifi: mvm: test roc running status bits before removing the sta
[ Upstream commit
998e1aba6e5eb35370eaf30ccc1823426ec11f90 ]
In some cases the sta is being removed twice since we do not test the
roc aux running before removing it. Start looking at the bit before
removing the sta.
Signed-off-by: Nathan Errera <nathan.errera@intel.com>
Fixes:
2c2c3647cde4 ("iwlwifi: mvm: support ADD_STA_CMD_API_S ver 12")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219121514.d5376ac6bcb0.Ic5f8470ea60c072bde9d1503e5f528b65e301e20@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Sun, 19 Dec 2021 09:14:18 +0000 (11:14 +0200)]
iwlwifi: mvm: fix 32-bit build in FTM
[ Upstream commit
8b0f92549f2c2458200935c12a2e2a6e80234cf5 ]
On a 32-bit build, the division here needs to be done
using do_div(), otherwise the compiler will try to call
a function that doesn't exist, thus failing to build.
Fixes:
b68bd2e3143a ("iwlwifi: mvm: Add FTM initiator RTT smoothing logic")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20211219111352.e56cbf614a4d.Ib98004ccd2c7a55fd883a8ea7eebd810f406dec6@changeid
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kai-Heng Feng [Wed, 15 Dec 2021 11:46:34 +0000 (19:46 +0800)]
rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE
[ Upstream commit
24f5e38a13b5ae2b6105cda8bb47c19108e62a9a ]
Many Intel based platforms face system random freeze after commit
9e2fd29864c5 ("rtw88: add napi support").
The commit itself shouldn't be the culprit. My guess is that the 8821CE
only leaves ASPM L1 for a short period when IRQ is raised. Since IRQ is
masked during NAPI polling, the PCIe link stays at L1 and makes RX DMA
extremely slow. Eventually the RX ring becomes messed up:
[ 1133.194697] rtw_8821ce 0000:02:00.0: pci bus timeout, check dma status
Since the 8821CE hardware may fail to leave ASPM L1, manually do it in
the driver to resolve the issue.
Fixes:
9e2fd29864c5 ("rtw88: add napi support")
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215131
BugLink: https://bugs.launchpad.net/bugs/1927808
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Acked-by: Jian-Hong Pan <jhp@endlessos.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211215114635.333767-1-kai.heng.feng@canonical.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ping-Ke Shih [Fri, 19 Nov 2021 05:24:37 +0000 (13:24 +0800)]
rtw88: add quirk to disable pci caps on HP 250 G7 Notebook PC
[ Upstream commit
c81edb8dddaa36c4defa26240cc19127f147283f ]
8821CE causes random freezes on HP 250 G7 Notebook PC. Add a quirk
to disable pci ASPM capability.
Reported-by: rtl8821cerfe2 <rtl8821cerfe2@protonmail.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211119052437.8671-1-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Dan Carpenter [Fri, 17 Dec 2021 15:03:12 +0000 (18:03 +0300)]
wilc1000: fix double free error in probe()
[ Upstream commit
4894edacfa93d7046bec4fc61fc402ac6a2ac9e8 ]
Smatch complains that there is a double free in probe:
drivers/net/wireless/microchip/wilc1000/spi.c:186 wilc_bus_probe() error: double free of 'spi_priv'
drivers/net/wireless/microchip/wilc1000/sdio.c:163 wilc_sdio_probe() error: double free of 'sdio_priv'
The problem is that wilc_netdev_cleanup() function frees "wilc->bus_data".
That's confusing and a layering violation. Leave the frees in probe(),
delete the free in wilc_netdev_cleanup(), and add some new frees to the
remove() functions.
Fixes:
dc8b338f3bcd ("wilc1000: use goto labels on error path")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20211217150311.GC16611@kili
Signed-off-by: Sasha Levin <sashal@kernel.org>
Sean Wang [Thu, 28 Oct 2021 22:29:58 +0000 (06:29 +0800)]
mt76: mt7921: drop offload_flags overwritten
[ Upstream commit
2363b6a646b65a207345b9a9024dff0eff3fec44 ]
offload_flags have to be dropped for mt7921 because mt76.omac_idx 0 would
always run as station mode that would cause Tx encapsulation setting
is not applied to mac80211.
Also, drop IEEE80211_OFFLOAD_ENCAP_4ADDR too because it is not really
being supported.
Fixes:
e0f9fdda81bd ("mt76: mt7921: add ieee80211_ops")
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Marek Behún [Tue, 9 Nov 2021 16:46:04 +0000 (17:46 +0100)]
ARM: dts: armada-38x: Add generic compatible to UART nodes
[ Upstream commit
62480772263ab6b52e758f2346c70a526abd1d28 ]
Add generic compatible string "ns16550a" to serial port nodes of Armada
38x.
This makes it possible to use earlycon.
Fixes:
0d3d96ab0059 ("ARM: mvebu: add Device Tree description of the Armada 380/385 SoCs")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Robert Marko [Fri, 12 Nov 2021 13:44:03 +0000 (14:44 +0100)]
arm64: dts: marvell: cn9130: enable CP0 GPIO controllers
[ Upstream commit
0734f8311ce72c9041e5142769eff2083889c172 ]
CN9130 has a built-in CP115 which has 2 GPIO controllers, but unlike in
Armada 7k and 8k both are left disabled by the SoC DTSI.
This first of all makes no sense as they are always present due to being
SoC built-in and its an issue as boards like CN9130-CRB use the CPO GPIO2
pins for regulators and SD card support without enabling them first.
So, enable both of them like Armada 7k and 8k do.
Fixes:
6b8970bd8d7a ("arm64: dts: marvell: Add support for Marvell CN9130 SoC support")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Robert Marko [Fri, 12 Nov 2021 13:44:02 +0000 (14:44 +0100)]
arm64: dts: marvell: cn9130: add GPIO and SPI aliases
[ Upstream commit
effd42600b987c1e95f946b14fefc1c7639e7439 ]
CN9130 has one CP115 built in, which like the CP110 has 2 GPIO and 2 SPI
controllers built-in.
However, unlike the Armada 7k and 8k the SoC DTSI doesn't add the required
aliases as both the Orion SPI driver and MVEBU GPIO drivers require the
aliases to be present.
So add the required aliases for GPIO and SPI controllers.
Fixes:
6b8970bd8d7a ("arm64: dts: marvell: Add support for Marvell CN9130 SoC support")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Wei Yongjun [Fri, 17 Dec 2021 08:34:28 +0000 (16:34 +0800)]
usb: ftdi-elan: fix memory leak on device disconnect
[ Upstream commit
1646566b5e0c556f779180a8514e521ac735de1e ]
'ftdi' is alloced when probe device, but not free on device disconnect,
this cause a memory leak as follows:
unreferenced object 0xffff88800d584000 (size 8400):
comm "kworker/0:2", pid 3809, jiffies
4295453055 (age 13.784s)
hex dump (first 32 bytes):
00 40 58 0d 80 88 ff ff 00 40 58 0d 80 88 ff ff .@X......@X.....
00 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
backtrace:
[<
000000000d47f947>] kmalloc_order_trace+0x19/0x110 mm/slab_common.c:960
[<
000000008548ac68>] ftdi_elan_probe+0x8c/0x880 drivers/usb/misc/ftdi-elan.c:2647
[<
000000007f73e422>] usb_probe_interface+0x31b/0x800 drivers/usb/core/driver.c:396
[<
00000000fe8d07fc>] really_probe+0x299/0xc30 drivers/base/dd.c:517
[<
0000000005da7d32>] __driver_probe_device+0x357/0x500 drivers/base/dd.c:751
[<
000000003c2c9579>] driver_probe_device+0x4e/0x140 drivers/base/dd.c:781
Fix it by freeing 'ftdi' after nobody use it.
Fixes:
a5c66e4b2418 ("USB: ftdi-elan: client driver for ELAN Uxxx adapters")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Link: https://lore.kernel.org/r/20211217083428.2441-1-weiyongjun1@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Andre Przywara [Mon, 22 Nov 2021 15:28:43 +0000 (16:28 +0100)]
ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
[ Upstream commit
a92882a4d270fbcc021ee6848de5e48b7f0d27f3 ]
In the decompressor's head.S we need to start with an instruction that
is some kind of NOP, but also mimics as the PE/COFF header, when the
kernel is linked as an UEFI application. The clever solution here is
"tstne r0, #0x4d000", which in the worst case just clobbers the
condition flags, and bears the magic "MZ" signature in the lowest 16 bits.
However the encoding used (0x13105a4d) is actually not valid, since bits
[15:12] are supposed to be 0 (written as "(0)" in the ARM ARM).
Violating this is UNPREDICTABLE, and *can* trigger an UNDEFINED
exception. Common Cortex cores seem to ignore those bits, but QEMU
chooses to trap, so the code goes fishing because of a missing exception
handler at this point. We are just saved by the fact that commonly (with
-kernel or when running from U-Boot) the "Z" bit is set, so the
instruction is never executed. See [0] for more details.
To make things more robust and avoid UNPREDICTABLE behaviour in the
kernel code, lets replace this with a "two-instruction NOP":
The first instruction is an exclusive OR, the effect of which the second
instruction reverts. This does not leave any trace, neither in a
register nor in the condition flags. Also it's a perfectly valid
encoding. Kudos to Peter Maydell for coming up with this gem.
[0] https://lore.kernel.org/qemu-devel/YTPIdbUCmwagL5%2FD@os.inf.tu-dresden.de/T/
Link: https://lore.kernel.org/linux-arm-kernel/20210908162617.104962-1-andre.przywara@arm.com/T/
Fixes:
81a0bc39ea19 ("ARM: add UEFI stub support")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reported-by: Adam Lackorzynski <adam@l4re.org>
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Antony Antony [Sun, 12 Dec 2021 10:35:00 +0000 (11:35 +0100)]
xfrm: state and policy should fail if XFRMA_IF_ID 0
[ Upstream commit
68ac0f3810e76a853b5f7b90601a05c3048b8b54 ]
xfrm ineterface does not allow xfrm if_id = 0
fail to create or update xfrm state and policy.
With this commit:
ip xfrm policy add src 192.0.2.1 dst 192.0.2.2 dir out if_id 0
RTNETLINK answers: Invalid argument
ip xfrm state add src 192.0.2.1 dst 192.0.2.2 proto esp spi 1 \
reqid 1 mode tunnel aead 'rfc4106(gcm(aes))' \
0x1111111111111111111111111111111111111111 96 if_id 0
RTNETLINK answers: Invalid argument
v1->v2 change:
- add Fixes: tag
Fixes:
9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Antony Antony [Sun, 12 Dec 2021 10:34:30 +0000 (11:34 +0100)]
xfrm: interface with if_id 0 should return error
[ Upstream commit
8dce43919566f06e865f7e8949f5c10d8c2493f5 ]
xfrm interface if_id = 0 would cause xfrm policy lookup errors since
Commit
9f8550e4bd9d.
Now explicitly fail to create an xfrm interface when if_id = 0
With this commit:
ip link add ipsec0 type xfrm dev lo if_id 0
Error: if_id must be non zero.
v1->v2 change:
- add Fixes: tag
Fixes:
9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jernej Skrabec [Mon, 29 Nov 2021 18:26:25 +0000 (19:26 +0100)]
media: hantro: Fix probe func error path
[ Upstream commit
37af43b250fda6162005d47bf7c959c70d52b107 ]
If clocks for some reason couldn't be enabled, probe function returns
immediately, without disabling PM. This obviously leaves PM ref counters
unbalanced.
Fix that by jumping to appropriate error path, so effects of PM functions
are reversed.
Fixes:
775fec69008d ("media: add Rockchip VPU JPEG encoder driver")
Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
Acked-by: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Robin Murphy [Fri, 10 Dec 2021 17:54:44 +0000 (17:54 +0000)]
drm/tegra: vic: Fix DMA API misuse
[ Upstream commit
5566174cb10a5167d59b0793871cab7990b149b8 ]
Upon failure, dma_alloc_coherent() returns NULL. If that does happen,
passing some uninitialised stack contents to dma_mapping_error() - which
belongs to a different API in the first place - has precious little
chance of detecting it.
Also include the correct header, because the fragile transitive
inclusion currently providing it is going to break soon.
Fixes:
20e7dce255e9 ("drm/tegra: Remove memory allocation from Falcon library")
CC: Thierry Reding <thierry.reding@gmail.com>
CC: Mikko Perttunen <mperttunen@nvidia.com>
CC: dri-devel@lists.freedesktop.org
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Thierry Reding [Thu, 8 Jul 2021 14:37:36 +0000 (16:37 +0200)]
drm/tegra: gr2d: Explicitly control module reset
[ Upstream commit
271fca025a6d43f1c18a48543c5aaf31a31e4694 ]
As of commit
4782c0a5dd88 ("clk: tegra: Don't deassert reset on enabling
clocks"), module resets are no longer automatically deasserted when the
module clock is enabled. To make sure that the gr2d module continues to
work, we need to explicitly control the module reset.
Fixes:
4782c0a5dd88 ("clk: tegra: Don't deassert reset on enabling clocks")
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Arnd Bergmann [Mon, 27 Sep 2021 09:36:59 +0000 (11:36 +0200)]
gpu: host1x: select CONFIG_DMA_SHARED_BUFFER
[ Upstream commit
6c7a388b62366f0de9936db3c1921d7f4e0011bc ]
Linking fails when dma-buf is disabled:
ld.lld: error: undefined symbol: dma_fence_release
>>> referenced by fence.c
>>> gpu/host1x/fence.o:(host1x_syncpt_fence_enable_signaling) in archive drivers/built-in.a
>>> referenced by fence.c
>>> gpu/host1x/fence.o:(host1x_fence_signal) in archive drivers/built-in.a
>>> referenced by fence.c
>>> gpu/host1x/fence.o:(do_fence_timeout) in archive drivers/built-in.a
Fixes:
687db2207b1b ("gpu: host1x: Add DMA fence implementation")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Stephen Boyd [Wed, 15 Dec 2021 00:25:29 +0000 (16:25 -0800)]
drm/bridge: ti-sn65dsi86: Set max register for regmap
[ Upstream commit
0b665d4af35837f0a0ae63135b84a3c187c1db3b ]
Set the maximum register to 0xff so we can dump the registers for this
device in debugfs.
Fixes:
a095f15c00e2 ("drm/bridge: add support for sn65dsi86 bridge driver")
Cc: Rob Clark <robdclark@chromium.org>
Cc: Douglas Anderson <dianders@chromium.org>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Reviewed-by: Robert Foss <robert.foss@linaro.org>
Signed-off-by: Robert Foss <robert.foss@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20211215002529.382383-1-swboyd@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Dmitry Baryshkov [Wed, 1 Dec 2021 22:26:27 +0000 (01:26 +0300)]
drm/msm/dpu: fix safe status debugfs file
[ Upstream commit
f31b0e24d31e18b4503eeaf0032baeacc0beaff6 ]
Make safe_status debugfs fs file actually return safe status rather than
danger status data.
Fixes:
25fdd5933e4c ("drm/msm: Add SDM845 DPU support")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Link: https://lore.kernel.org/r/20211201222633.2476780-3-dmitry.baryshkov@linaro.org
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Baruch Siach [Tue, 7 Dec 2021 07:27:10 +0000 (09:27 +0200)]
arm64: dts: qcom: ipq6018: Fix gpio-ranges property
[ Upstream commit
72cb4c48a46a7cfa58eb5842c0d3672ddd5bd9ad ]
There must be three parameters in gpio-ranges property. Fixes this not
very helpful error message:
OF: /soc/pinctrl@1000000: (null) = 3 found 3
Fixes:
1e8277854b49 ("arm64: dts: Add ipq6018 SoC and CP01 board support")
Cc: Sricharan R <sricharan@codeaurora.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/8a744cfd96aff5754bfdcf7298d208ddca5b319a.1638862030.git.baruch@tkos.co.il
Signed-off-by: Sasha Levin <sashal@kernel.org>
Srinivas Kandagatla [Thu, 9 Dec 2021 17:53:41 +0000 (17:53 +0000)]
arm64: dts: qcom: c630: Fix soundcard setup
[ Upstream commit
c02b360ca67ebeb9de07b47b2fe53f964c2561d1 ]
Currently Soundcard has 1 rx device for headset and SoundWire Speaker Playback.
This setup has issues, ex if we try to play on headset the audio stream is
also sent to SoundWire Speakers and we will hear sound in both headsets and speakers.
Make a separate device for Speakers and Headset so that the streams are
different and handled properly.
Fixes:
45021d35fcb2 ("arm64: dts: qcom: c630: Enable audio support")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Tested-by: Steev Klimaszewski <steev@kali.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20211209175342.20386-2-srinivas.kandagatla@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kurt Kanzenbach [Tue, 14 Dec 2021 13:45:08 +0000 (14:45 +0100)]
net: dsa: hellcreek: Add missing PTP via UDP rules
[ Upstream commit
6cf01e451599da630ff1af529d61c5e4db4550ab ]
The switch supports PTP for UDP transport too. Therefore, add the missing static
FDB entries to ensure correct forwarding of these packets.
Fixes:
ddd56dfe52c9 ("net: dsa: hellcreek: Add PTP clock support")
Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kurt Kanzenbach [Tue, 14 Dec 2021 13:45:07 +0000 (14:45 +0100)]
net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports
[ Upstream commit
cad1798d2d0811ded37d1e946c6796102e58013b ]
Allow PTP peer delay measurements on blocked ports by STP. In case of topology
changes the PTP stack can directly start with the correct delays.
Fixes:
ddd56dfe52c9 ("net: dsa: hellcreek: Add PTP clock support")
Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kurt Kanzenbach [Tue, 14 Dec 2021 13:45:06 +0000 (14:45 +0100)]
net: dsa: hellcreek: Add STP forwarding rule
[ Upstream commit
b7ade35eb53a2455f737a623c24e4b24455b2271 ]
Treat STP as management traffic. STP traffic is designated for the CPU port
only. In addition, STP traffic has to pass blocked ports.
Fixes:
e4b27ebc780f ("net: dsa: Add DSA driver for Hirschmann Hellcreek switches")
Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kurt Kanzenbach [Tue, 14 Dec 2021 13:45:05 +0000 (14:45 +0100)]
net: dsa: hellcreek: Fix insertion of static FDB entries
[ Upstream commit
4db4c3ea56978086ca367a355e440de17d534827 ]
The insertion of static FDB entries ignores the pass_blocked bit. That bit is
evaluated with regards to STP. Add the missing functionality.
Fixes:
e4b27ebc780f ("net: dsa: Add DSA driver for Hirschmann Hellcreek switches")
Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Zhou Qingyang [Mon, 13 Dec 2021 09:53:07 +0000 (11:53 +0200)]
ath11k: Fix a NULL pointer dereference in ath11k_mac_op_hw_scan()
[ Upstream commit
eccd25136386a04ebf46a64f3a34e8e0fab6d9e1 ]
In ath11k_mac_op_hw_scan(), the return value of kzalloc() is directly
used in memcpy(), which may lead to a NULL pointer dereference on
failure of kzalloc().
Fix this bug by adding a check of arg.extraie.ptr.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_ATH11K=m show no new warnings, and our static
analyzer no longer warns about this code.
Fixes:
d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20211202155348.71315-1-zhou1615@umn.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jiasheng Jiang [Mon, 6 Dec 2021 02:22:01 +0000 (03:22 +0100)]
media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
[ Upstream commit
43f0633f89947df57fe0b5025bdd741768007708 ]
The return value of dma_set_coherent_mask() is not always 0.
To catch the exception in case that dma is not support the mask.
Link: https://lore.kernel.org/linux-media/20211206022201.1639460-1-jiasheng@iscas.ac.cn
Fixes:
b0444f18e0b1 ("[media] coda: add i.MX6 VDOA driver")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Wang Hai [Tue, 26 Oct 2021 11:23:48 +0000 (13:23 +0200)]
media: msi001: fix possible null-ptr-deref in msi001_probe()
[ Upstream commit
3d5831a40d3464eea158180eb12cbd81c5edfb6a ]
I got a null-ptr-deref report:
BUG: kernel NULL pointer dereference, address:
0000000000000060
...
RIP: 0010:v4l2_ctrl_auto_cluster+0x57/0x270
...
Call Trace:
msi001_probe+0x13b/0x24b [msi001]
spi_probe+0xeb/0x130
...
do_syscall_64+0x35/0xb0
In msi001_probe(), if the creation of control for bandwidth_auto
fails, there will be a null-ptr-deref issue when it is used in
v4l2_ctrl_auto_cluster().
Check dev->hdl.error before v4l2_ctrl_auto_cluster() to fix this bug.
Link: https://lore.kernel.org/linux-media/20211026112348.2878040-1-wanghai38@huawei.com
Fixes:
93203dd6c7c4 ("[media] msi001: Mirics MSi001 silicon tuner driver")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Hai <wanghai38@huawei.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Anton Vasilyev [Thu, 22 Aug 2019 10:41:47 +0000 (12:41 +0200)]
media: dw2102: Fix use after free
[ Upstream commit
589a9f0eb799f77de2c09583bf5bad221fa5d685 ]
dvb_usb_device_init stores parts of properties at d->props
and d->desc and uses it on dvb_usb_device_exit.
Free of properties on module probe leads to use after free.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204597
The patch makes properties static instead of allocated on heap to prevent
memleak and use after free.
Also fixes s421_properties.devices initialization to have 2 element
instead of 6 copied from p7500_properties.
[mchehab: fix function call alignments]
Link: https://lore.kernel.org/linux-media/20190822104147.4420-1-vasilyev@ispras.ru
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Fixes:
299c7007e936 ("media: dw2102: Fix memleak on sequence of probes")
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Robin Murphy [Fri, 3 Dec 2021 11:44:50 +0000 (11:44 +0000)]
perf/arm-cmn: Fix CPU hotplug unregistration
[ Upstream commit
56c7c6eaf3eb8ac1ec40d56096c0f2b27250da5f ]
Attempting to migrate the PMU context after we've unregistered the PMU
device, or especially if we never successfully registered it in the
first place, is a woefully bad idea. It's also fundamentally pointless
anyway. Make sure to unregister an instance from the hotplug handler
*without* invoking the teardown callback.
Fixes:
0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver")
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/2c221d745544774e4b07583b65b5d4d94f7e0fe4.1638530442.git.robin.murphy@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Christian Lamparter [Mon, 6 Dec 2021 00:43:34 +0000 (01:43 +0100)]
ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
[ Upstream commit
4754eab7e5a78bdefe7a960c5c260c95ebbb5fa6 ]
Steven Maddox reported in the OpenWrt bugzilla, that his
RaidSonic IB-NAS4220-B was no longer booting with the new
OpenWrt 21.02 (uses linux 5.10's device-tree). However, it was
working with the previous OpenWrt 19.07 series (uses 4.14).
|[ 5.548038] No RedBoot partition table detected in
30000000.flash
|[ 5.618553] Searching for RedBoot partition table in
30000000.flash at offset 0x0
|[ 5.739093] No RedBoot partition table detected in
30000000.flash
|...
|[ 7.039504] Waiting for root device /dev/mtdblock3...
The provided bootlog shows that the RedBoot partition parser was
looking for the partition table "at offset 0x0". Which is strange
since the comment in the device-tree says it should be at 0xfe0000.
Further digging on the internet led to a review site that took
some useful PCB pictures of their review unit back in February 2009.
Their picture shows a Spansion S29GL128N11TFI01 flash chip.
>From Spansion's Datasheet:
"S29GL128N: One hundred twenty-eight 64 Kword (128 Kbyte) sectors"
Steven also provided a "cat /sys/class/mtd/mtd0/erasesize" from his
unit: "131072".
With the 128 KiB Sector/Erasesize in mind. This patch changes the
fis-index-block property to (0xfe0000 / 0x20000) = 0x7f.
Fixes:
b5a923f8c739 ("ARM: dts: gemini: Switch to redboot partition parsing")
Reported-by: Steven Maddox <s.maddox@lantizia.me.uk>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Steven Maddox <s.maddox@lantizia.me.uk>
Link: https://lore.kernel.org/r/20211206004334.4169408-1-linus.walleij@linaro.org'
Bugzilla: https://bugs.openwrt.org/index.php?do=details&task_id=4137
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Hector Martin [Fri, 10 Dec 2021 17:05:34 +0000 (02:05 +0900)]
spi: Fix incorrect cs_setup delay handling
[ Upstream commit
95c07247399536f83b89dc60cfe7b279d17e69f6 ]
Move the cs_setup delay to the end of spi_set_cs.
From include/linux/spi/spi.h:
* @cs_setup: delay to be introduced by the controller after CS is
asserted
The cs_setup delay needs to happen *after* CS is asserted, that is, at
the end of spi_set_cs, not at the beginning. Otherwise we're just
delaying before the SPI transaction starts at all, which isn't very
useful.
No drivers use this right now, but that is likely to change soon with an
upcoming Apple SPI HID transport driver.
Fixes:
25093bdeb6bc ("spi: implement SW control for CS times")
Signed-off-by: Hector Martin <marcan@marcan.st>
Link: https://lore.kernel.org/r/20211210170534.177139-1-marcan@marcan.st
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Rameshkumar Sundaram [Thu, 9 Dec 2021 17:37:01 +0000 (23:07 +0530)]
ath11k: Fix deleting uninitialized kernel timer during fragment cache flush
[ Upstream commit
ba53ee7f7f38cf0592b8be1dcdabaf8f7535f8c1 ]
frag_timer will be created & initialized for stations when
they associate and will be deleted during every key installation
while flushing old fragments.
For AP interface self peer will be created and Group keys
will be installed for this peer, but there will be no real
Station entry & hence frag_timer won't be created and
initialized, deleting such uninitialized kernel timers causes below
warnings and backtraces printed with CONFIG_DEBUG_OBJECTS_TIMERS
enabled.
[ 177.828008] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0
[ 177.836833] WARNING: CPU: 3 PID: 188 at lib/debugobjects.c:508 debug_print_object+0xb0/0xf0
[ 177.845185] Modules linked in: ath11k_pci ath11k qmi_helpers qrtr_mhi qrtr ns mhi
[ 177.852679] CPU: 3 PID: 188 Comm: hostapd Not tainted 5.14.0-rc3-32919-g4034139e1838-dirty #14
[ 177.865805] pstate:
60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
[ 177.871804] pc : debug_print_object+0xb0/0xf0
[ 177.876155] lr : debug_print_object+0xb0/0xf0
[ 177.880505] sp :
ffffffc01169b5a0
[ 177.883810] x29:
ffffffc01169b5a0 x28:
ffffff80081c2320 x27:
ffffff80081c4078
[ 177.890942] x26:
ffffff8003fe8f28 x25:
ffffff8003de9890 x24:
ffffffc01134d738
[ 177.898075] x23:
ffffffc010948f20 x22:
ffffffc010b2d2e0 x21:
ffffffc01169b628
[ 177.905206] x20:
ffffffc01134d700 x19:
ffffffc010c80d98 x18:
00000000000003f6
[ 177.912339] x17:
203a657079742074 x16:
63656a626f202930 x15:
0000000000000152
[ 177.919471] x14:
0000000000000152 x13:
00000000ffffffea x12:
ffffffc010d732e0
[ 177.926603] x11:
0000000000000003 x10:
ffffffc010d432a0 x9 :
ffffffc010d432f8
[ 177.933735] x8 :
000000000002ffe8 x7 :
c0000000ffffdfff x6 :
0000000000000001
[ 177.940866] x5 :
0000000000000000 x4 :
0000000000000000 x3 :
00000000ffffffff
[ 177.947997] x2 :
ffffffc010c93240 x1 :
ffffff80023624c0 x0 :
0000000000000054
[ 177.955130] Call trace:
[ 177.957567] debug_print_object+0xb0/0xf0
[ 177.961570] debug_object_assert_init+0x124/0x178
[ 177.966269] try_to_del_timer_sync+0x1c/0x70
[ 177.970536] del_timer_sync+0x30/0x50
[ 177.974192] ath11k_peer_frags_flush+0x34/0x68 [ath11k]
[ 177.979439] ath11k_mac_op_set_key+0x1e4/0x338 [ath11k]
[ 177.984673] ieee80211_key_enable_hw_accel+0xc8/0x3d0
[ 177.989722] ieee80211_key_replace+0x360/0x740
[ 177.994160] ieee80211_key_link+0x16c/0x210
[ 177.998337] ieee80211_add_key+0x138/0x338
[ 178.002426] nl80211_new_key+0xfc/0x258
[ 178.006257] genl_family_rcv_msg_doit.isra.17+0xd8/0x120
[ 178.011565] genl_rcv_msg+0xd8/0x1c8
[ 178.015134] netlink_rcv_skb+0x38/0xf8
[ 178.018877] genl_rcv+0x34/0x48
[ 178.022012] netlink_unicast+0x174/0x230
[ 178.025928] netlink_sendmsg+0x188/0x388
[ 178.029845] ____sys_sendmsg+0x218/0x250
[ 178.033763] ___sys_sendmsg+0x68/0x90
[ 178.037418] __sys_sendmsg+0x44/0x88
[ 178.040988] __arm64_sys_sendmsg+0x20/0x28
[ 178.045077] invoke_syscall.constprop.5+0x54/0xe0
[ 178.049776] do_el0_svc+0x74/0xc0
[ 178.053084] el0_svc+0x10/0x18
[ 178.056133] el0t_64_sync_handler+0x88/0xb0
[ 178.060310] el0t_64_sync+0x148/0x14c
[ 178.063966] ---[ end trace
8a5cf0bf9d34a058 ]---
Add changes to not to delete frag timer for peers during
group key installation.
Tested on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01092-QCAHKSWPL_SILICONZ-1
Fixes:
c3944a562102 ("ath11k: Clear the fragment cache during key install")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1639071421-25078-1-git-send-email-quic_ramess@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Weili Qian [Sat, 4 Dec 2021 10:43:01 +0000 (18:43 +0800)]
crypto: hisilicon/qm - fix incorrect return value of hisi_qm_resume()
[ Upstream commit
3f9dd4c802b96626e869b2d29c8e401dabadd23e ]
When hisi_qm_resume() returns 0, it indicates that the device has started
successfully. If the device fails to start, hisi_qm_resume() needs to
return the actual error code to the caller instead of 0.
Fixes:
d7ea53395b72 ("crypto: hisilicon - add runtime PM ops")
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Herbert Xu [Wed, 1 Dec 2021 06:30:41 +0000 (17:30 +1100)]
crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
[ Upstream commit
3d6b661330a7954d8136df98160d525eb04dcd6a ]
We should not call pm_runtime_resume_and_get where the reference
count is expected to be incremented unconditionally. This patch
reverts these calls to the original unconditional get_sync call.
Reported-by: Heiner Kallweit <hkallweit1@gmail.com>
Fixes:
747bf30fd944 ("crypto: stm32/cryp - Fix PM reference leak...")
Fixes:
1cb3ad701970 ("crypto: stm32/hash - Fix PM reference leak...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Toromanoff [Tue, 30 Nov 2021 07:55:00 +0000 (08:55 +0100)]
crypto: stm32/cryp - fix bugs and crash in tests
[ Upstream commit
4b898d5cfa4d9a0ad5bc82cb5eafdc092394c6a9 ]
Extra crypto manager auto test were crashing or failling due
to 2 reasons:
- block in a dead loop (dues to issues in cipher end process management)
- crash due to read/write unmapped memory (this crash was also reported
when using openssl afalg engine)
Rework interrupt management, interrupts are masked as soon as they are
no more used: if input buffer is fully consumed, "Input FIFO not full"
interrupt is masked and if output buffer is full, "Output FIFO not
empty" interrupt is masked.
And crypto request finish when input *and* outpout buffer are fully
read/write.
About the crash due to unmapped memory, using scatterwalk_copychunks()
that will map and copy each block fix the issue.
Using this api and copying full block will also fix unaligned data
access, avoid early copy of in/out buffer, and make useless the extra
alignment constraint.
Fixes:
9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:59 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix lrw chaining mode
[ Upstream commit
fa97dc2d48b476ea98199d808d3248d285987e99 ]
This fixes the lrw autotest if lrw uses the CRYP as the AES block cipher
provider (as ecb(aes)). At end of request, CRYP should not update the IV
in case of ECB chaining mode. Indeed the ECB chaining mode never uses
the IV, but the software LRW chaining mode uses the IV field as
a counter and due to the (unexpected) update done by CRYP while the AES
block process, the counter get a wrong value when the IV overflow.
Fixes:
5f49f18d27cd ("crypto: stm32/cryp - update to return iv_out")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:58 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix double pm exit
[ Upstream commit
6c12e742785bf9333faf60bfb96575bdd763448e ]
Delete extraneous lines in probe error handling code: pm was
disabled twice.
Fixes:
65f9aa36ee47 ("crypto: stm32/cryp - Add power management support")
Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:57 +0000 (08:54 +0100)]
crypto: stm32/cryp - check early input data
[ Upstream commit
39e6e699c7fb92bdb2617b596ca4a4ea35c5d2a7 ]
Some auto tests failed because driver wasn't returning the expected
error with some input size/iv value/tag size.
Now:
Return 0 early for empty buffer. (We don't need to start the engine for
an empty input buffer).
Accept any valid authsize for gcm(aes).
Return -EINVAL if iv for ccm(aes) is invalid.
Return -EINVAL if buffer size is a not a multiple of algorithm block size.
Fixes:
9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:56 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
[ Upstream commit
d703c7a994ee34b7fa89baf21631fca0aa9f17fc ]
Don't erase key:
If key is erased before the crypto_finalize_.*_request() call, some
pending process will run with a key={ 0 }.
Moreover if the key is reset at end of request, it breaks xts chaining
mode, as for last xts block (in case input len is not a multiple of
block) a new AES request is started without calling again set_key().
Fixes:
9e054ec21ef8 ("crypto: stm32 - Support for STM32 CRYP crypto module")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Toromanoff [Tue, 30 Nov 2021 07:54:55 +0000 (08:54 +0100)]
crypto: stm32/cryp - fix CTR counter carry
[ Upstream commit
41c76690b0990efacd15d35cfb4e77318cd80ebb ]
STM32 CRYP hardware doesn't manage CTR counter bigger than max U32, as
a workaround, at each block the current IV is saved, if the saved IV
lower u32 is 0xFFFFFFFF, the full IV is manually incremented, and set
in hardware.
Fixes:
bbb2832620ac ("crypto: stm32 - Fix sparse warnings")
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jakub Kicinski [Wed, 24 Nov 2021 22:39:16 +0000 (14:39 -0800)]
selftests: harness: avoid false negatives if test has no ASSERTs
[ Upstream commit
3abedf4646fdc0036fcb8ebbc3b600667167fafe ]
Test can fail either immediately when ASSERT() failed or at the
end if one or more EXPECT() was not met. The exact return code
is decided based on the number of successful ASSERT()s.
If test has no ASSERT()s, however, the return code will be 0,
as if the test did not fail. Start counting ASSERT()s from 1.
Fixes:
369130b63178 ("selftests: Enhance kselftest_harness.h to print which assert failed")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Anders Roxell [Wed, 3 Nov 2021 20:13:50 +0000 (21:13 +0100)]
selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
[ Upstream commit
a531b0c23c0fc68ad758cc31a74cf612a4dafeb0 ]
Building selftests/clone3 with clang warns about enumeration not handled
in switch case:
clone3.c:54:10: warning: enumeration value 'CLONE3_ARGS_NO_TEST' not handled in switch [-Wswitch]
switch (test_mode) {
^
Add the missing switch case with a comment.
Fixes:
17a810699c18 ("selftests: add tests for clone3()")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kees Cook [Thu, 9 Dec 2021 04:34:56 +0000 (20:34 -0800)]
x86/uaccess: Move variable into switch case statement
[ Upstream commit
61646ca83d3889696f2772edaff122dd96a2935e ]
When building with automatic stack variable initialization, GCC 12
complains about variables defined outside of switch case statements.
Move the variable into the case that uses it, which silences the warning:
./arch/x86/include/asm/uaccess.h:317:23: warning: statement will never be executed [-Wswitch-unreachable]
317 | unsigned char x_u8__; \
| ^~~~~~
Fixes:
865c50e1d279 ("x86/uaccess: utilize CONFIG_CC_HAS_ASM_GOTO_OUTPUT")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20211209043456.1377875-1-keescook@chromium.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Eric Dumazet [Wed, 8 Dec 2021 20:20:19 +0000 (12:20 -0800)]
xfrm: fix a small bug in xfrm_sa_len()
[ Upstream commit
7770a39d7c63faec6c4f33666d49a8cb664d0482 ]
copy_user_offload() will actually push a struct struct xfrm_user_offload,
which is different than (struct xfrm_state *)->xso
(struct xfrm_state_offload)
Fixes:
d77e38e612a01 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Brian Norris [Tue, 30 Nov 2021 00:47:34 +0000 (16:47 -0800)]
mwifiex: Fix possible ABBA deadlock
[ Upstream commit
1b8bb8919ef81bfc8873d223b9361f1685f2106d ]
Quoting Jia-Ju Bai <baijiaju1990@gmail.com>:
mwifiex_dequeue_tx_packet()
spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 1432 (Lock A)
mwifiex_send_addba()
spin_lock_bh(&priv->sta_list_spinlock); --> Line 608 (Lock B)
mwifiex_process_sta_tx_pause()
spin_lock_bh(&priv->sta_list_spinlock); --> Line 398 (Lock B)
mwifiex_update_ralist_tx_pause()
spin_lock_bh(&priv->wmm.ra_list_spinlock); --> Line 941 (Lock A)
Similar report for mwifiex_process_uap_tx_pause().
While the locking expectations in this driver are a bit unclear, the
Fixed commit only intended to protect the sta_ptr, so we can drop the
lock as soon as we're done with it.
IIUC, this deadlock cannot actually happen, because command event
processing (which calls mwifiex_process_sta_tx_pause()) is
sequentialized with TX packet processing (e.g.,
mwifiex_dequeue_tx_packet()) via the main loop (mwifiex_main_process()).
But it's good not to leave this potential issue lurking.
Fixes:
f0f7c2275fb9 ("mwifiex: minor cleanups w/ sta_list_spinlock in cfg80211.c")
Cc: Douglas Anderson <dianders@chromium.org>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Link: https://lore.kernel.org/linux-wireless/0e495b14-efbb-e0da-37bd-af6bd677ee2c@gmail.com/
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/YaV0pllJ5p/EuUat@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Dmitry Baryshkov [Thu, 25 Nov 2021 18:01:14 +0000 (21:01 +0300)]
drm/msm/dsi: fix initialization in the bonded DSI case
[ Upstream commit
92cb1bedde9dba78d802fe2510949743a2581aed ]
Commit
739b4e7756d3 ("drm/msm/dsi: Fix an error code in
msm_dsi_modeset_init()") changed msm_dsi_modeset_init() to return an
error code in case msm_dsi_manager_validate_current_config() returns
false. However this is not an error case, but a slave DSI of the bonded
DSI link. In this case msm_dsi_modeset_init() should return 0, but just
skip connector and bridge initialization.
To reduce possible confusion, drop the
msm_dsi_manager_validate_current_config() function, and specif 'bonded
&& !master' condition directly in the msm_dsi_modeset_init().
Fixes:
739b4e7756d3 ("drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()")
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Link: https://lore.kernel.org/r/20211125180114.561278-1-dmitry.baryshkov@linaro.org
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Loic Poulain [Thu, 2 Dec 2021 09:02:12 +0000 (10:02 +0100)]
wcn36xx: Fix max channels retrieval
[ Upstream commit
09cab4308bf9b8076ee4a3c56015daf9ef9cb23e ]
Kernel test robot reported:drivers/net/wireless/ath/wcn36xx/smd.c:943:33:
sparse: sparse: cast truncates bits from constant value (780 becomes 80)
The 'channels' field is not a simple u8 array but an array of
channel_params. Using sizeof for retrieving the max number of
channels is then wrong.
In practice, it was not an issue, because the sizeof returned
value is 780, which is truncated in min_t (u8) to 80, which is
the value we expect...
Fix that properly using ARRAY_SIZE instead of sizeof.
Fixes:
d707f812bb05 ("wcn36xx: Channel list update before hardware scan")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1638435732-14657-1-git-send-email-loic.poulain@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Frederic Weisbecker [Tue, 30 Nov 2021 16:21:08 +0000 (17:21 +0100)]
rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
[ Upstream commit
81f6d49cce2d2fe507e3fddcc4a6db021d9c2e7b ]
Expedited RCU grace periods invoke sync_rcu_exp_select_node_cpus(), which
takes two passes over the leaf rcu_node structure's CPUs. The first
pass gathers up the current CPU and CPUs that are in dynticks idle mode.
The workqueue will report a quiescent state on their behalf later.
The second pass sends IPIs to the rest of the CPUs, but excludes the
current CPU, incorrectly assuming it has been included in the first
pass's list of CPUs.
Unfortunately the current CPU may have changed between the first and
second pass, due to the fact that the various rcu_node structures'
->lock fields have been dropped, thus momentarily enabling preemption.
This means that if the second pass's CPU was not on the first pass's
list, it will be ignored completely. There will be no IPI sent to
it, and there will be no reporting of quiescent states on its behalf.
Unfortunately, the expedited grace period will nevertheless be waiting
for that CPU to report a quiescent state, but with that CPU having no
reason to believe that such a report is needed.
The result will be an expedited grace period stall.
Fix this by no longer excluding the current CPU from consideration during
the second pass.
Fixes:
b9ad4d6ed18e ("rcu: Avoid self-IPI in sync_rcu_exp_select_node_cpus()")
Reviewed-by: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Cc: Uladzislau Rezki <urezki@gmail.com>
Cc: Neeraj Upadhyay <quic_neeraju@quicinc.com>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jackie Liu [Wed, 10 Nov 2021 07:09:49 +0000 (15:09 +0800)]
drm/msm/dp: displayPort driver need algorithm rational
[ Upstream commit
53d22794711ad630f40d59dd726bd260d77d585f ]
Let's select RATIONAL with dp driver. avoid like:
[...]
x86_64-linux-gnu-ld: drivers/gpu/drm/msm/dp/dp_catalog.o: in function `dp_catalog_ctrl_config_msa':
dp_catalog.c:(.text+0x57e): undefined reference to `rational_best_approximation'
Fixes:
c943b4948b58 ("drm/msm/dp: add displayPort driver support")
Reported-by: kernelbot <kernel-bot@kylinos.cn>
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
Link: https://lore.kernel.org/r/20211110070950.3355597-2-liu.yun@linux.dev
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Rob Clark [Mon, 29 Nov 2021 18:23:44 +0000 (10:23 -0800)]
drm/msm/gpu: Don't allow zero fence_id
[ Upstream commit
ca3ffcbeb0c866d9b0cb38eaa2bd4416597b5966 ]
Elsewhere we treat zero as "no fence" and __msm_gem_submit_destroy()
skips removal from fence_idr. We could alternately change this to use
negative values for "no fence" but I think it is more clear to not allow
zero as a valid fence_id.
Signed-off-by: Rob Clark <robdclark@chromium.org>
Fixes:
a61acbbe9cf8 ("drm/msm: Track "seqno" fences by idr")
Link: https://lore.kernel.org/r/20211129182344.292609-1-robdclark@gmail.com
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicholas Kazlauskas [Tue, 7 Dec 2021 14:46:39 +0000 (09:46 -0500)]
drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs
[ Upstream commit
d374d3b493215d637b9e7be12a93f22caf4c1f97 ]
[Why]
During dcn31_stream_encoder_create, if PHYC/D get remapped to F/G on B0
then we'll index 5 or 6 into a array of length 5 - leading to an
access violation on some configs during device creation.
[How]
Software won't be touching PHYF/PHYG directly, so just extend the
array to cover all possible engine IDs.
Even if it does by try to access one of these registers by accident
the offset will be 0 and we'll get a warning during the access.
Fixes:
2fe9a0e1173f ("drm/amd/display: Fix DCN3 B0 DP Alt Mapping")
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Wayne Lin [Fri, 26 Nov 2021 07:19:57 +0000 (15:19 +0800)]
drm/amd/display: Fix bug in debugfs crc_win_update entry
[ Upstream commit
4bef85d4c9491415b7931407b07f24841c1e0390 ]
[Why]
crc_rd_wrk shouldn't be null in crc_win_update_set(). Current programming
logic is inconsistent in crc_win_update_set().
[How]
Initially, return if crc_rd_wrk is NULL. Later on, we can use member of
crc_rd_wrk safely.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes:
9a65df193108 ("drm/amd/display: Use PSP TA to read out crc")
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Acked-by: Pavle Kotarac <Pavle.Kotarac@amd.com>
Signed-off-by: Wayne Lin <Wayne.Lin@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mark Chen [Mon, 6 Dec 2021 17:33:42 +0000 (01:33 +0800)]
Bluetooth: btusb: Handle download_firmware failure cases
[ Upstream commit
00c0ee9850b7b0cb7c40b8daba806ae2245e59d4 ]
For Mediatek chipset, it can not enabled if there are something wrong
in btmtk_setup_firmware_79xx(). Thus, the process must be terminated
and returned error code.
Fixes:
fc342c4dc4087 ("Bluetooth: btusb: Add protocol support for MediaTek MT7921U USB devices")
Co-developed-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Mark Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Luiz Augusto von Dentz [Wed, 1 Dec 2021 19:49:49 +0000 (11:49 -0800)]
Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag
[ Upstream commit
6f59f991b4e735323f099ac6490e725ae8c750a5 ]
This make use of hci_dev_test_and_{set,clear}_flag instead of doing 2
operations in a row.
Fixes:
cbbdfa6f33198 ("Bluetooth: Enable controller RPA resolution using Experimental feature")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Joseph Hwang [Sun, 15 Aug 2021 12:17:15 +0000 (20:17 +0800)]
Bluetooth: refactor set_exp_feature with a feature table
[ Upstream commit
93fb70bc112e922def6e50b37e20ccfce0c67c0a ]
This patch refactors the set_exp_feature with a feature table
consisting of UUIDs and the corresponding callback functions.
In this way, a new experimental feature setting function can be
simply added with its UUID and callback function.
Signed-off-by: Joseph Hwang <josephsih@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Fabio Estevam [Wed, 24 Nov 2021 13:10:47 +0000 (10:10 -0300)]
ath10k: Fix the MTU size on QCA9377 SDIO
[ Upstream commit
09b8cd69edcf2be04a781e1781e98e52a775c9ad ]
On an imx6dl-pico-pi board with a QCA9377 SDIO chip, simply trying to
connect via ssh to another machine causes:
[ 55.824159] ath10k_sdio mmc1:0001:1: failed to transmit packet, dropping: -12
[ 55.832169] ath10k_sdio mmc1:0001:1: failed to submit frame: -12
[ 55.838529] ath10k_sdio mmc1:0001:1: failed to push frame: -12
[ 55.905863] ath10k_sdio mmc1:0001:1: failed to transmit packet, dropping: -12
[ 55.913650] ath10k_sdio mmc1:0001:1: failed to submit frame: -12
[ 55.919887] ath10k_sdio mmc1:0001:1: failed to push frame: -12
, leading to an ssh connection failure.
One user inspected the size of frames on Wireshark and reported
the followig:
"I was able to narrow the issue down to the mtu. If I set the mtu for
the wlan0 device to 1486 instead of 1500, the issue does not happen.
The size of frames that I see on Wireshark is exactly 1500 after
setting it to 1486."
Clearing the HI_ACS_FLAGS_ALT_DATA_CREDIT_SIZE avoids the problem and
the ssh command works successfully after that.
Introduce a 'credit_size_workaround' field to ath10k_hw_params for
the QCA9377 SDIO, so that the HI_ACS_FLAGS_ALT_DATA_CREDIT_SIZE
is not set in this case.
Tested with QCA9377 SDIO with firmware WLAN.TF.1.1.1-00061-QCATFSWPZ-1.
Fixes:
2f918ea98606 ("ath10k: enable alt data of TX path for sdio")
Signed-off-by: Fabio Estevam <festevam@denx.de>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20211124131047.713756-1-festevam@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
Li Hua [Fri, 3 Dec 2021 03:36:18 +0000 (03:36 +0000)]
sched/rt: Try to restart rt period timer when rt runtime exceeded
[ Upstream commit
9b58e976b3b391c0cf02e038d53dd0478ed3013c ]
When rt_runtime is modified from -1 to a valid control value, it may
cause the task to be throttled all the time. Operations like the following
will trigger the bug. E.g:
1. echo -1 > /proc/sys/kernel/sched_rt_runtime_us
2. Run a FIFO task named A that executes while(1)
3. echo 950000 > /proc/sys/kernel/sched_rt_runtime_us
When rt_runtime is -1, The rt period timer will not be activated when task
A enqueued. And then the task will be throttled after setting rt_runtime to
950,000. The task will always be throttled because the rt period timer is
not activated.
Fixes:
d0b27fa77854 ("sched: rt-group: synchonised bandwidth period")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Li Hua <hucool.lihua@huawei.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20211203033618.11895-1-hucool.lihua@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lv Yunlong [Sat, 3 Apr 2021 05:47:55 +0000 (22:47 -0700)]
wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
[ Upstream commit
f973795a8d19cbf3d03807704eb7c6ff65788d5a ]
In iwl_txq_dyn_alloc_dma, txq->tfds is freed at first time by:
iwl_txq_alloc()->goto err_free_tfds->dma_free_coherent(). But
it forgot to set txq->tfds to NULL.
Then the txq->tfds is freed again in iwl_txq_dyn_alloc_dma by:
goto error->iwl_txq_gen2_free_memory()->dma_free_coherent().
My patch sets txq->tfds to NULL after the first free to avoid the
double free.
Fixes:
0cd1ad2d7fd41 ("iwlwifi: move all bus-independent TX functions to common code")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Link: https://lore.kernel.org/r/20210403054755.4781-1-lyl2019@mail.ustc.edu.cn
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Robert Schlabbach [Wed, 1 Dec 2021 21:08:43 +0000 (22:08 +0100)]
media: si2157: Fix "warm" tuner state detection
[ Upstream commit
a6441ea29cb2c9314654e093a1cd8020b9b851c8 ]
Commit
e955f959ac52 ("media: si2157: Better check for running tuner in
init") completely broke the "warm" tuner detection of the si2157 driver
due to a simple endian error: The Si2157 CRYSTAL_TRIM property code is
0x0402 and needs to be transmitted LSB first. However, it was inserted
MSB first, causing the warm detection to always fail and spam the kernel
log with tuner initialization messages each time the DVB frontend
device was closed and reopened:
[ 312.215682] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 312.264334] si2157 16-0060: firmware version: 3.0.5
[ 342.248593] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 342.295743] si2157 16-0060: firmware version: 3.0.5
[ 372.328574] si2157 16-0060: found a 'Silicon Labs Si2157-A30'
[ 372.385035] si2157 16-0060: firmware version: 3.0.5
Also, the reinitializations were observed disturb _other_ tuners on
multi-tuner cards such as the Hauppauge WinTV-QuadHD, leading to missed
or errored packets when one of the other DVB frontend devices on that
card was opened.
Fix the order of the property code bytes to make the warm detection work
again, also reducing the tuner initialization message in the kernel log
to once per power-on, as well as fixing the interference with other
tuners.
Link: https://lore.kernel.org/linux-media/trinity-2a86eb9d-6264-4387-95e1-ba7b79a4050f-1638392923493@3c-app-gmx-bap03
Fixes:
e955f959ac52 ("media: si2157: Better check for running tuner in init")
Reported-by: Robert Schlabbach <robert_s@gmx.net>
Signed-off-by: Robert Schlabbach <robert_s@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Zhou Qingyang [Tue, 30 Nov 2021 16:34:44 +0000 (17:34 +0100)]
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
[ Upstream commit
0407c49ebe330333478440157c640fffd986f41b ]
In mxb_attach(dev, info), saa7146_vv_init() is called to allocate a
new memory for dev->vv_data. saa7146_vv_release() will be called on
failure of mxb_probe(dev). There is a dereference of dev->vv_data
in saa7146_vv_release(), which could lead to a NULL pointer dereference
on failure of saa7146_vv_init().
Fix this bug by adding a check of saa7146_vv_init().
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_VIDEO_MXB=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes:
03b1930efd3c ("V4L/DVB: saa7146: fix regression of the av7110/budget-av driver")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Zhou Qingyang [Tue, 30 Nov 2021 15:38:05 +0000 (16:38 +0100)]
media: dib8000: Fix a memleak in dib8000_init()
[ Upstream commit
8dbdcc7269a83305ee9d677b75064d3530a48ee2 ]
In dib8000_init(), the variable fe is not freed or passed out on the
failure of dib8000_identify(&state->i2c), which could lead to a memleak.
Fix this bug by adding a kfree of fe in the error path.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_DVB_DIB8000=m show no new warnings,
and our static analyzer no longer warns about this code.
Fixes:
77e2c0f5d471 ("V4L/DVB (12900): DiB8000: added support for DiBcom ISDB-T/ISDB-Tsb demodulator DiB8000")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Lobakin [Fri, 3 Dec 2021 19:50:04 +0000 (20:50 +0100)]
samples: bpf: Fix 'unknown warning group' build warning on Clang
[ Upstream commit
6f670d06e47c774bc065aaa84a527a4838f34bd8 ]
Clang doesn't have 'stringop-truncation' group like GCC does, and
complains about it when building samples which use xdp_sample_user
infra:
samples/bpf/xdp_sample_user.h:48:32: warning: unknown warning group '-Wstringop-truncation', ignored [-Wunknown-warning-option]
#pragma GCC diagnostic ignored "-Wstringop-truncation"
^
[ repeat ]
Those are harmless, but avoidable when guarding it with ifdef.
I could guard push/pop as well, but this would require one more
ifdef cruft around a single line which I don't think is reasonable.
Fixes:
156f886cf697 ("samples: bpf: Add basic infrastructure for XDP samples")
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/bpf/20211203195004.5803-3-alexandr.lobakin@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Lobakin [Fri, 3 Dec 2021 19:50:03 +0000 (20:50 +0100)]
samples: bpf: Fix xdp_sample_user.o linking with Clang
[ Upstream commit
e64fbcaa7a666f16329b1c67af15ea501bc84586 ]
Clang (13) doesn't get the jokes about specifying libraries to link in
cclags of individual .o objects:
clang-13: warning: -lm: 'linker' input unused [-Wunused-command-line-argument]
[ ... ]
LD samples/bpf/xdp_redirect_cpu
LD samples/bpf/xdp_redirect_map_multi
LD samples/bpf/xdp_redirect_map
LD samples/bpf/xdp_redirect
LD samples/bpf/xdp_monitor
/usr/bin/ld: samples/bpf/xdp_sample_user.o: in function `sample_summary_print':
xdp_sample_user.c:(.text+0x84c): undefined reference to `floor'
/usr/bin/ld: xdp_sample_user.c:(.text+0x870): undefined reference to `ceil'
/usr/bin/ld: xdp_sample_user.c:(.text+0x8cf): undefined reference to `floor'
/usr/bin/ld: xdp_sample_user.c:(.text+0x8f3): undefined reference to `ceil'
[ more ]
Specify '-lm' as ldflags for all xdp_sample_user.o users in the main
Makefile and remove it from ccflags of ^ in Makefile.target -- just
like it's done for all other samples. This works with all compilers.
Fixes:
6e1051a54e31 ("samples: bpf: Convert xdp_monitor to XDP samples helper")
Fixes:
b926c55d856c ("samples: bpf: Convert xdp_redirect to XDP samples helper")
Fixes:
e531a220cc59 ("samples: bpf: Convert xdp_redirect_cpu to XDP samples helper")
Fixes:
bbe65865aa05 ("samples: bpf: Convert xdp_redirect_map to XDP samples helper")
Fixes:
594a116b2aa1 ("samples: bpf: Convert xdp_redirect_map_multi to XDP samples helper")
Signed-off-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/bpf/20211203195004.5803-2-alexandr.lobakin@intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Andrii Nakryiko [Wed, 1 Dec 2021 23:28:22 +0000 (15:28 -0800)]
samples/bpf: Clean up samples/bpf build failes
[ Upstream commit
527024f7aeb683ce7ef49b07ef7ce9ecf015288d ]
Remove xdp_samples_user.o rule redefinition which generates Makefile
warning and instead override TPROGS_CFLAGS. This seems to work fine when
building inside selftests/bpf.
That was one big head-scratcher before I found that generic
Makefile.target hid this surprising specialization for for xdp_samples_user.o.
Main change is to use actual locally installed libbpf headers.
Also drop printk macro re-definition (not even used!).
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20211201232824.3166325-8-andrii@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Quentin Monnet [Thu, 7 Oct 2021 19:44:35 +0000 (20:44 +0100)]
samples/bpf: Install libbpf headers when building
[ Upstream commit
3f7a3318a7c60947e27be372950840a5eab976d0 ]
API headers from libbpf should not be accessed directly from the source
directory. Instead, they should be exported with "make install_headers".
Make sure that samples/bpf/Makefile installs the headers properly when
building.
The object compiled from and exported by libbpf are now placed into a
subdirectory of sample/bpf/ instead of remaining in tools/lib/bpf/. We
attempt to remove this directory on "make clean". However, the "clean"
target re-enters the samples/bpf/ directory from the root of the
repository ("$(MAKE) -C ../../ M=$(CURDIR) clean"), in such a way that
$(srctree) and $(src) are not defined, making it impossible to use
$(LIBBPF_OUTPUT) and $(LIBBPF_DESTDIR) in the recipe. So we only attempt
to clean $(CURDIR)/libbpf, which is the default value.
Add a dependency on libbpf's headers for the $(TRACE_HELPERS).
We also change the output directory for bpftool, to place the generated
objects under samples/bpf/bpftool/ instead of building in bpftool's
directory directly. Doing so, we make sure bpftool reuses the libbpf
library previously compiled and installed.
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20211007194438.34443-10-quentin@isovalent.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Reiji Watanabe [Mon, 6 Dec 2021 00:47:36 +0000 (16:47 -0800)]
arm64: mte: DC {GVA,GZVA} shouldn't be used when DCZID_EL0.DZP == 1
[ Upstream commit
685e2564daa1493053fcd7f1dbed38b35ee2f3cb ]
Currently, mte_set_mem_tag_range() and mte_zero_clear_page_tags() use
DC {GVA,GZVA} unconditionally. But, they should make sure that
DCZID_EL0.DZP, which indicates whether or not use of those instructions
is prohibited, is zero when using those instructions.
Use ST{G,ZG,Z2G} instead when DCZID_EL0.DZP == 1.
Fixes:
013bb59dbb7c ("arm64: mte: handle tags zeroing at page allocation time")
Fixes:
3d0cca0b02ac ("kasan: speed up mte_set_mem_tag_range")
Signed-off-by: Reiji Watanabe <reijiw@google.com>
Link: https://lore.kernel.org/r/20211206004736.1520989-3-reijiw@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Reiji Watanabe [Mon, 6 Dec 2021 00:47:35 +0000 (16:47 -0800)]
arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
[ Upstream commit
f0616abd4e67143b45b04b565839148458857347 ]
Currently, clear_page() uses DC ZVA instruction unconditionally. But it
should make sure that DCZID_EL0.DZP, which indicates whether or not use
of DC ZVA instruction is prohibited, is zero when using the instruction.
Use STNP instead when DCZID_EL0.DZP == 1.
Fixes:
f27bb139c387 ("arm64: Miscellaneous library functions")
Signed-off-by: Reiji Watanabe <reijiw@google.com>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20211206004736.1520989-2-reijiw@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kajol Jain [Mon, 6 Dec 2021 07:33:15 +0000 (13:03 +0530)]
bpf: Remove config check to enable bpf support for branch records
[ Upstream commit
db52f57211b4e45f0ebb274e2c877b211dc18591 ]
Branch data available to BPF programs can be very useful to get stack traces
out of userspace application.
Commit
fff7b64355ea ("bpf: Add bpf_read_branch_records() helper") added BPF
support to capture branch records in x86. Enable this feature also for other
architectures as well by removing checks specific to x86.
If an architecture doesn't support branch records, bpf_read_branch_records()
still has appropriate checks and it will return an -EINVAL in that scenario.
Based on UAPI helper doc in include/uapi/linux/bpf.h, unsupported architectures
should return -ENOENT in such case. Hence, update the appropriate check to
return -ENOENT instead.
Selftest 'perf_branches' result on power9 machine which has the branch stacks
support:
- Before this patch:
[command]# ./test_progs -t perf_branches
#88/1 perf_branches/perf_branches_hw:FAIL
#88/2 perf_branches/perf_branches_no_hw:OK
#88 perf_branches:FAIL
Summary: 0/1 PASSED, 0 SKIPPED, 1 FAILED
- After this patch:
[command]# ./test_progs -t perf_branches
#88/1 perf_branches/perf_branches_hw:OK
#88/2 perf_branches/perf_branches_no_hw:OK
#88 perf_branches:OK
Summary: 1/2 PASSED, 0 SKIPPED, 0 FAILED
Selftest 'perf_branches' result on power9 machine which doesn't have branch
stack report:
- After this patch:
[command]# ./test_progs -t perf_branches
#88/1 perf_branches/perf_branches_hw:SKIP
#88/2 perf_branches/perf_branches_no_hw:OK
#88 perf_branches:OK
Summary: 1/1 PASSED, 1 SKIPPED, 0 FAILED
Fixes:
fff7b64355eac ("bpf: Add bpf_read_branch_records() helper")
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20211206073315.77432-1-kjain@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Hou Tao [Fri, 3 Dec 2021 05:30:01 +0000 (13:30 +0800)]
bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
[ Upstream commit
866de407444398bc8140ea70de1dba5f91cc34ac ]
BPF_LOG_KERNEL is only used internally, so disallow bpf_btf_load()
to set log level as BPF_LOG_KERNEL. The same checking has already
been done in bpf_check(), so factor out a helper to check the
validity of log attributes and use it in both places.
Fixes:
8580ac9404f6 ("bpf: Process in-kernel BTF")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20211203053001.740945-1-houtao1@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexei Starovoitov [Wed, 1 Dec 2021 18:10:29 +0000 (10:10 -0800)]
bpf: Adjust BTF log size limit.
[ Upstream commit
c5a2d43e998a821701029f23e25b62f9188e93ff ]
Make BTF log size limit to be the same as the verifier log size limit.
Otherwise tools that progressively increase log size and use the same log
for BTF loading and program loading will be hitting hard to debug EINVAL.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20211201181040.23337-7-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Vincent Donnefort [Mon, 29 Nov 2021 17:31:15 +0000 (17:31 +0000)]
sched/fair: Fix per-CPU kthread and wakee stacking for asym CPU capacity
[ Upstream commit
014ba44e8184e1acf93e0cbb7089ee847802f8f0 ]
select_idle_sibling() has a special case for tasks woken up by a per-CPU
kthread where the selected CPU is the previous one. For asymmetric CPU
capacity systems, the assumption was that the wakee couldn't have a
bigger utilization during task placement than it used to have during the
last activation. That was not considering uclamp.min which can completely
change between two task activations and as a consequence mandates the
fitness criterion asym_fits_capacity(), even for the exit path described
above.
Fixes:
b4c9c9f15649 ("sched/fair: Prefer prev cpu in asymmetric wakeup path")
Signed-off-by: Vincent Donnefort <vincent.donnefort@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lkml.kernel.org/r/20211129173115.4006346-1-vincent.donnefort@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Vincent Donnefort [Wed, 1 Dec 2021 14:34:50 +0000 (14:34 +0000)]
sched/fair: Fix detection of per-CPU kthreads waking a task
[ Upstream commit
8b4e74ccb582797f6f0b0a50372ebd9fd2372a27 ]
select_idle_sibling() has a special case for tasks woken up by a per-CPU
kthread, where the selected CPU is the previous one. However, the current
condition for this exit path is incomplete. A task can wake up from an
interrupt context (e.g. hrtimer), while a per-CPU kthread is running. A
such scenario would spuriously trigger the special case described above.
Also, a recent change made the idle task like a regular per-CPU kthread,
hence making that situation more likely to happen
(is_per_cpu_kthread(swapper) being true now).
Checking for task context makes sure select_idle_sibling() will not
interpret a wake up from any other context as a wake up by a per-CPU
kthread.
Fixes:
52262ee567ad ("sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression")
Signed-off-by: Vincent Donnefort <vincent.donnefort@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Reviewed-by: Valentin Schneider <valentin.schneider@arm.com>
Link: https://lore.kernel.org/r/20211201143450.479472-1-vincent.donnefort@arm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Maxim Mikityanskiy [Tue, 30 Nov 2021 18:18:11 +0000 (20:18 +0200)]
bpf: Fix the test_task_vma selftest to support output shorter than 1 kB
[ Upstream commit
da54ab14953c38d98cb3e34c564c06c3739394b2 ]
The test for bpf_iter_task_vma assumes that the output will be longer
than 1 kB, as the comment above the loop says. Due to this assumption,
the loop becomes infinite if the output turns to be shorter than 1 kB.
The return value of read_fd_into_buffer is 0 when the end of file was
reached, and len isn't being increased any more.
This commit adds a break on EOF to handle short output correctly. For
the reference, this is the contents that I get when running test_progs
under vmtest.sh, and it's shorter than 1 kB:
00400000-
00401000 r--p
00000000 fe:00 25867 /root/bpf/test_progs
00401000-
00674000 r-xp
00001000 fe:00 25867 /root/bpf/test_progs
00674000-
0095f000 r--p
00274000 fe:00 25867 /root/bpf/test_progs
0095f000-
00983000 r--p
0055e000 fe:00 25867 /root/bpf/test_progs
00983000-
00a8a000 rw-p
00582000 fe:00 25867 /root/bpf/test_progs
00a8a000-
0484e000 rw-p
00000000 00:00 0
7f6c64000000-
7f6c64021000 rw-p
00000000 00:00 0
7f6c64021000-
7f6c68000000 ---p
00000000 00:00 0
7f6c6ac8f000-
7f6c6ac90000 r--s
00000000 00:0d 8032
anon_inode:bpf-map
7f6c6ac90000-
7f6c6ac91000 ---p
00000000 00:00 0
7f6c6ac91000-
7f6c6b491000 rw-p
00000000 00:00 0
7f6c6b491000-
7f6c6b492000 r--s
00000000 00:0d 8032
anon_inode:bpf-map
7f6c6b492000-
7f6c6b493000 rw-s
00000000 00:0d 8032
anon_inode:bpf-map
7ffc1e23d000-
7ffc1e25e000 rw-p
00000000 00:00 0
7ffc1e3b8000-
7ffc1e3bc000 r--p
00000000 00:00 0
7ffc1e3bc000-
7ffc1e3bd000 r-xp
00000000 00:00 0
7fffffffe000-
7ffffffff000 --xp
00000000 00:00 0
Fixes:
e8168840e16c ("selftests/bpf: Add test for bpf_iter_task_vma")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20211130181811.594220-1-maximmi@nvidia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Sean Wang [Wed, 1 Dec 2021 18:02:47 +0000 (02:02 +0800)]
Bluetooth: btmtksdio: fix resume failure
[ Upstream commit
561ae1d46a8ddcbc13162d5771f5ed6c8249e730 ]
btmtksdio have to rely on MMC_PM_KEEP_POWER in pm_flags to avoid that
SDIO power is being shut off during the device is in suspend. That fixes
the SDIO command fails to access the bus after the device is resumed.
Fixes:
7f3c563c575e7 ("Bluetooth: btmtksdio: Add runtime PM support to SDIO based Bluetooth")
Co-developed-by: Mark-yw Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Mark-yw Chen <mark-yw.chen@mediatek.com>
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Yang Yingliang [Thu, 2 Dec 2021 03:07:03 +0000 (11:07 +0800)]
staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
[ Upstream commit
e730cd57ac2dfe94bca0f14a3be8e1b21de41a9c ]
Some variables are leaked in the error handling in alloc_rtllib(), free
the variables in the error path.
Fixes:
94a799425eee ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-3-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Yang Yingliang [Thu, 2 Dec 2021 03:07:02 +0000 (11:07 +0800)]
staging: rtl8192e: return error code from rtllib_softmac_init()
[ Upstream commit
68bf78ff59a0891eb1239948e94ce10f73a9dd30 ]
If it fails to allocate 'dot11d_info', rtllib_softmac_init()
should return error code. And remove unneccessary error message.
Fixes:
94a799425eee ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-2-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Tasos Sahanidis [Fri, 3 Sep 2021 06:47:58 +0000 (09:47 +0300)]
floppy: Fix hang in watchdog when disk is ejected
[ Upstream commit
fb48febce7e30baed94dd791e19521abd2c3fd83 ]
When the watchdog detects a disk change, it calls cancel_activity(),
which in turn tries to cancel the fd_timer delayed work.
In the above scenario, fd_timer_fn is set to fd_watchdog(), meaning
it is trying to cancel its own work.
This results in a hang as cancel_delayed_work_sync() is waiting for the
watchdog (itself) to return, which never happens.
This can be reproduced relatively consistently by attempting to read a
broken floppy, and ejecting it while IO is being attempted and retried.
To resolve this, this patch calls cancel_delayed_work() instead, which
cancels the work without waiting for the watchdog to return and finish.
Before this regression was introduced, the code in this section used
del_timer(), and not del_timer_sync() to delete the watchdog timer.
Link: https://lore.kernel.org/r/399e486c-6540-db27-76aa-7a271b061f76@tasossah.com
Fixes:
070ad7e793dc ("floppy: convert to delayed work and single-thread wq")
Signed-off-by: Tasos Sahanidis <tasos@tasossah.com>
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Michael Walle [Thu, 4 Nov 2021 13:48:43 +0000 (14:48 +0100)]
mtd: core: provide unique name for nvmem device
[ Upstream commit
c048b60d39e109c201d31ed5ad3a4f939064d6c4 ]
If there is more than one mtd device which supports OTP, there will
be a kernel warning about duplicated sysfs entries and the probing will
fail. This is because the nvmem device name is not unique. Make it
unique by prepending the name of the mtd. E.g. before the name was
"user-otp", now it will be "mtd0-user-otp".
For reference the kernel splash is:
[ 4.665531] sysfs: cannot create duplicate filename '/bus/nvmem/devices/user-otp'
[ 4.673056] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-next-
20211101+ #1296
[ 4.680565] Hardware name: Kontron SMARC-sAL28 (Single PHY) on SMARC Eval 2.0 carrier (DT)
[ 4.688856] Call trace:
[ 4.691303] dump_backtrace+0x0/0x1bc
[ 4.694984] show_stack+0x24/0x30
[ 4.698306] dump_stack_lvl+0x68/0x84
[ 4.701980] dump_stack+0x18/0x34
[ 4.705302] sysfs_warn_dup+0x70/0x90
[ 4.708973] sysfs_do_create_link_sd+0x144/0x150
[ 4.713603] sysfs_create_link+0x2c/0x50
[ 4.717535] bus_add_device+0x74/0x120
[ 4.721293] device_add+0x330/0x890
[ 4.724791] device_register+0x2c/0x40
[ 4.728550] nvmem_register+0x240/0x9f0
[ 4.732398] mtd_otp_nvmem_register+0xb0/0x10c
[ 4.736854] mtd_device_parse_register+0x28c/0x2b4
[ 4.741659] spi_nor_probe+0x20c/0x2e0
[ 4.745418] spi_mem_probe+0x78/0xbc
[ 4.749001] spi_probe+0x90/0xf0
[ 4.752237] really_probe.part.0+0xa4/0x320
..
[ 4.873936] mtd mtd1: Failed to register OTP NVMEM device
[ 4.894468] spi-nor: probe of spi0.0 failed with error -17
Fixes:
4b361cfa8624 ("mtd: core: add OTP nvmem provider support")
Signed-off-by: Michael Walle <michael@walle.cc>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20211104134843.2642800-1-michael@walle.cc
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lino Sanfilippo [Mon, 29 Nov 2021 17:42:38 +0000 (18:42 +0100)]
serial: amba-pl011: do not request memory region twice
[ Upstream commit
d1180405c7b5c7a1c6bde79d5fc24fe931430737 ]
With commit
3873e2d7f63a ("drivers: PL011: refactor pl011_probe()") the
function devm_ioremap() called from pl011_setup_port() was replaced with
devm_ioremap_resource(). Since this function not only remaps but also
requests the ports io memory region it now collides with the .config_port()
callback which requests the same region at uart port registration.
Since devm_ioremap_resource() already claims the memory successfully, the
request in .config_port() fails.
Later at uart port deregistration the attempt to release the unclaimed
memory also fails. The failure results in a “Trying to free nonexistent
resource" warning.
Fix these issues by removing the callbacks that implement the redundant
memory allocation/release. Also make sure that changing the drivers io
memory base address via TIOCSSERIAL is not allowed any more.
Fixes:
3873e2d7f63a ("drivers: PL011: refactor pl011_probe()")
Signed-off-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Link: https://lore.kernel.org/r/20211129174238.8333-1-LinoSanfilippo@gmx.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lizhi Hou [Mon, 29 Nov 2021 20:23:02 +0000 (12:23 -0800)]
tty: serial: uartlite: allow 64 bit address
[ Upstream commit
3672fb65155530b5eea6225685c75329b6debec3 ]
The base address of uartlite registers could be 64 bit address which is from
device resource. When ulite_probe() calls ulite_assign(), this 64 bit
address is casted to 32-bit. The fix is to replace "u32" type with
"phys_addr_t" type for the base address in ulite_assign() argument list.
Fixes:
8fa7b6100693 ("[POWERPC] Uartlite: Separate the bus binding from the driver proper")
Signed-off-by: Lizhi Hou <lizhi.hou@xilinx.com>
Link: https://lore.kernel.org/r/20211129202302.1319033-1-lizhi.hou@xilinx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nishanth Menon [Sat, 13 Nov 2021 04:26:40 +0000 (22:26 -0600)]
arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
[ Upstream commit
a172c86931709d6663318609d71a811333bdf4b0 ]
A72 Cluster (chapter 1.3.1 [1]) has 48KB Icache, 32KB Dcache and 1MB L2 Cache
- ICache is 3-way set-associative
- Dcache is 2-way set-associative
- Line size are 64bytes
32KB (Dcache)/64 (fixed line length of 64 bytes) = 512 ways
512 ways / 2 (Dcache is 2-way per set) = 256 sets.
So, correct the d-cache-sets info.
[1] https://www.ti.com/lit/pdf/spruiu1
Fixes:
d361ed88455f ("arm64: dts: ti: Add support for J7200 SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Reviewed-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113042640.30955-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nishanth Menon [Sat, 13 Nov 2021 04:36:39 +0000 (22:36 -0600)]
arm64: dts: ti: k3-j721e: Fix the L2 cache sets
[ Upstream commit
e9ba3a5bc6fdc2c796c69fdaf5ed6c9957cf9f9d ]
A72's L2 cache[1] on J721e[2] is 1MB. A72's L2 is fixed line length of
64 bytes and 16-way set-associative cache structure.
1MB of L2 / 64 (line length) = 16384 ways
16384 ways / 16 = 1024 sets
Fix the l2 cache-sets.
[1] https://developer.arm.com/documentation/100095/0003/Level-2-Memory-System/About-the-L2-memory-system
[2] http://www.ti.com/lit/pdf/spruil1
Fixes:
2d87061e70de ("arm64: dts: ti: Add Support for J721E SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113043639.4413-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nishanth Menon [Sat, 13 Nov 2021 04:36:38 +0000 (22:36 -0600)]
arm64: dts: ti: k3-j7200: Fix the L2 cache sets
[ Upstream commit
d0c826106f3fc11ff97285102b576b65576654ae ]
A72's L2 cache[1] on J7200[2] is 1MB. A72's L2 is fixed line length of
64 bytes and 16-way set-associative cache structure.
1MB of L2 / 64 (line length) = 16384 ways
16384 ways / 16 = 1024 sets
Fix the l2 cache-sets.
[1] https://developer.arm.com/documentation/100095/0003/Level-2-Memory-System/About-the-L2-memory-system
[2] https://www.ti.com/lit/pdf/spruiu1
Fixes:
d361ed88455f ("arm64: dts: ti: Add support for J7200 SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113043638.4358-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nishanth Menon [Sat, 13 Nov 2021 04:36:35 +0000 (22:36 -0600)]
arm64: dts: ti: k3-am642: Fix the L2 cache sets
[ Upstream commit
a27a93bf70045be54b594fa8482959ffb84166d7 ]
A53's L2 cache[1] on AM642[2] is 256KB. A53's L2 is fixed line length
of 64 bytes and 16-way set-associative cache structure.
256KB of L2 / 64 (line length) = 4096 ways
4096 ways / 16 = 256 sets
Fix the l2 cache-sets.
[1] https://developer.arm.com/documentation/ddi0500/j/Level-2-Memory-System/About-the-L2-memory-system?lang=en
[2] https://www.ti.com/lit/pdf/spruim2
Fixes:
8abae9389bdb ("arm64: dts: ti: Add support for AM642 SoC")
Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Reviewed-by: Pratyush Yadav <p.yadav@ti.com>
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Link: https://lore.kernel.org/r/20211113043635.4296-1-nm@ti.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Gaurav Jain [Mon, 22 Nov 2021 11:32:34 +0000 (17:02 +0530)]
crypto: caam - save caam memory to support crypto engine retry mechanism.
[ Upstream commit
087e1d715bccf25dc0e83294576e416b0386ba20 ]
When caam queue is full (-ENOSPC), caam frees descriptor memory.
crypto-engine checks if retry support is true and h/w queue
is full(-ENOSPC), then requeue the crypto request.
During processing the requested descriptor again, caam gives below error.
(caam_jr
30902000.jr:
40000006: DECO: desc idx 0: Invalid KEY Command).
This patch adds a check to return when caam input ring is full
and retry support is true. so descriptor memory is not freed
and requeued request can be processed again.
Fixes:
2d653936eb2cf ("crypto: caam - enable crypto-engine retry mechanism")
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexei Starovoitov [Wed, 1 Dec 2021 18:10:34 +0000 (10:10 -0800)]
libbpf: Clean gen_loader's attach kind.
[ Upstream commit
19250f5fc0c283892a61f3abf9d65e6325f63897 ]
The gen_loader has to clear attach_kind otherwise the programs
without attach_btf_id will fail load if they follow programs
with attach_btf_id.
Fixes:
67234743736a ("libbpf: Generate loader program out of BPF ELF file.")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20211201181040.23337-12-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>