Wolfram Sang [Thu, 29 Jun 2023 12:05:26 +0000 (14:05 +0200)]
virtio-mmio: don't break lifecycle of vm_dev
[ Upstream commit
55c91fedd03d7b9cf0c5199b2eb12b9b8e95281a ]
vm_dev has a separate lifecycle because it has a 'struct device'
embedded. Thus, having a release callback for it is correct.
Allocating the vm_dev struct with devres totally breaks this protection,
though. Instead of waiting for the vm_dev release callback, the memory
is freed when the platform_device is removed. Resulting in a
use-after-free when finally the callback is to be called.
To easily see the problem, compile the kernel with
CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.
The fix is easy, don't use devres in this case.
Found during my research about object lifetime problems.
Fixes:
7eb781b1bbb7 ("virtio_mmio: add cleanup for virtio_mmio_probe")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Message-Id: <
20230629120526.7184-1-wsa+renesas@sang-engineering.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Filipe Manana [Wed, 28 Jun 2023 16:13:37 +0000 (17:13 +0100)]
btrfs: fix use-after-free of new block group that became unused
[ Upstream commit
0657b20c5a76c938612f8409735a8830d257866e ]
If a task creates a new block group and that block group becomes unused
before we finish its creation, at btrfs_create_pending_block_groups(),
then when btrfs_mark_bg_unused() is called against the block group, we
assume that the block group is currently in the list of block groups to
reclaim, and we move it out of the list of new block groups and into the
list of unused block groups. This has two consequences:
1) We move it out of the list of new block groups associated to the
current transaction. So the block group creation is not finished and
if we attempt to delete the bg because it's unused, we will not find
the block group item in the extent tree (or the new block group tree),
its device extent items in the device tree etc, resulting in the
deletion to fail due to the missing items;
2) We don't increment the reference count on the block group when we
move it to the list of unused block groups, because we assumed the
block group was on the list of block groups to reclaim, and in that
case it already has the correct reference count. However the block
group was on the list of new block groups, in which case no extra
reference was taken because it's local to the current task. This
later results in doing an extra reference count decrement when
removing the block group from the unused list, eventually leading the
reference count to 0.
This second case was caught when running generic/297 from fstests, which
produced the following assertion failure and stack trace:
[589.559] assertion failed: refcount_read(&block_group->refs) == 1, in fs/btrfs/block-group.c:4299
[589.559] ------------[ cut here ]------------
[589.559] kernel BUG at fs/btrfs/block-group.c:4299!
[589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1
[589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
[589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs]
[589.561] Code: 68 62 da c0 (...)
[589.561] RSP: 0018:
ffffa55a8c3b3d98 EFLAGS:
00010246
[589.561] RAX:
0000000000000058 RBX:
ffff8f030d7f2000 RCX:
0000000000000000
[589.562] RDX:
0000000000000000 RSI:
ffffffff953f0878 RDI:
00000000ffffffff
[589.562] RBP:
ffff8f030d7f2088 R08:
0000000000000000 R09:
ffffa55a8c3b3c50
[589.562] R10:
0000000000000001 R11:
0000000000000001 R12:
ffff8f05850b4c00
[589.562] R13:
ffff8f030d7f2090 R14:
ffff8f05850b4cd8 R15:
dead000000000100
[589.563] FS:
00007f497fd2e840(0000) GS:
ffff8f09dfc00000(0000) knlGS:
0000000000000000
[589.563] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[589.563] CR2:
00007f497ff8ec10 CR3:
0000000271472006 CR4:
0000000000370ee0
[589.563] DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
[589.564] DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
[589.564] Call Trace:
[589.564] <TASK>
[589.565] ? __die_body+0x1b/0x60
[589.565] ? die+0x39/0x60
[589.565] ? do_trap+0xeb/0x110
[589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]
[589.566] ? do_error_trap+0x6a/0x90
[589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]
[589.566] ? exc_invalid_op+0x4e/0x70
[589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]
[589.567] ? asm_exc_invalid_op+0x16/0x20
[589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]
[589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]
[589.567] close_ctree+0x35d/0x560 [btrfs]
[589.568] ? fsnotify_sb_delete+0x13e/0x1d0
[589.568] ? dispose_list+0x3a/0x50
[589.568] ? evict_inodes+0x151/0x1a0
[589.568] generic_shutdown_super+0x73/0x1a0
[589.569] kill_anon_super+0x14/0x30
[589.569] btrfs_kill_super+0x12/0x20 [btrfs]
[589.569] deactivate_locked_super+0x2e/0x70
[589.569] cleanup_mnt+0x104/0x160
[589.570] task_work_run+0x56/0x90
[589.570] exit_to_user_mode_prepare+0x160/0x170
[589.570] syscall_exit_to_user_mode+0x22/0x50
[589.570] ? __x64_sys_umount+0x12/0x20
[589.571] do_syscall_64+0x48/0x90
[589.571] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[589.571] RIP: 0033:0x7f497ff0a567
[589.571] Code: af 98 0e (...)
[589.572] RSP: 002b:
00007ffc98347358 EFLAGS:
00000246 ORIG_RAX:
00000000000000a6
[589.572] RAX:
0000000000000000 RBX:
00007f49800b8264 RCX:
00007f497ff0a567
[589.572] RDX:
0000000000000000 RSI:
0000000000000000 RDI:
0000557f558abfa0
[589.573] RBP:
0000557f558a6ba0 R08:
0000000000000000 R09:
00007ffc98346100
[589.573] R10:
0000000000000000 R11:
0000000000000246 R12:
0000000000000000
[589.573] R13:
0000557f558abfa0 R14:
0000557f558a6cb0 R15:
0000557f558a6dd0
[589.573] </TASK>
[589.574] Modules linked in: dm_snapshot dm_thin_pool (...)
[589.576] ---[ end trace
0000000000000000 ]---
Fix this by adding a runtime flag to the block group to tell that the
block group is still in the list of new block groups, and therefore it
should not be moved to the list of unused block groups, at
btrfs_mark_bg_unused(), until the flag is cleared, when we finish the
creation of the block group at btrfs_create_pending_block_groups().
Fixes:
a9f189716cf1 ("btrfs: move out now unused BG from the reclaim list")
CC: stable@vger.kernel.org # 5.15+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
David Sterba [Mon, 31 Oct 2022 19:33:46 +0000 (20:33 +0100)]
btrfs: convert btrfs_block_group::seq_zone to runtime flag
[ Upstream commit
961f5b8bf48a463ac5fe5b13143426d79eb41817 ]
In zoned mode the sequential status of zone can be also tracked in the
runtime flags of block group.
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Stable-dep-of:
0657b20c5a76 ("btrfs: fix use-after-free of new block group that became unused")
Signed-off-by: Sasha Levin <sashal@kernel.org>
David Sterba [Mon, 31 Oct 2022 19:33:44 +0000 (20:33 +0100)]
btrfs: convert btrfs_block_group::needs_free_space to runtime flag
[ Upstream commit
0d7764ff58b4b45c39eb03f2c74a819c1a88fa7b ]
We already have flags in block group to track various status bits,
convert needs_free_space as well and reduce size of btrfs_block_group.
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Stable-dep-of:
0657b20c5a76 ("btrfs: fix use-after-free of new block group that became unused")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Naohiro Aota [Tue, 6 Jun 2023 05:36:34 +0000 (14:36 +0900)]
btrfs: move out now unused BG from the reclaim list
[ Upstream commit
a9f189716cf15913c453299d72f69c51a9b0f86b ]
An unused block group is easy to remove to free up space and should be
reclaimed fast. Such block group can often already be a target of the
reclaim process. As we check list_empty(&bg->bg_list), we keep it in the
reclaim list. That block group is never reclaimed until the file system
is filled e.g. up to 75%.
Instead, we can move unused block group to the unused list and delete it
fast.
Fixes:
18bb8bbf13c1 ("btrfs: zoned: automatically reclaim zones")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Daniel Vetter [Thu, 6 Apr 2023 13:21:07 +0000 (15:21 +0200)]
video/aperture: Only remove sysfb on the default vga pci device
[ Upstream commit
5ae3716cfdcd286268133867f67d0803847acefc ]
Instead of calling aperture_remove_conflicting_devices() to remove the
conflicting devices, just call to aperture_detach_devices() to detach
the device that matches the same PCI BAR / aperture range. Since the
former is just a wrapper of the latter plus a sysfb_disable() call,
and now that's done in this function but only for the primary devices.
This fixes a regression introduced by commit
ee7a69aa38d8 ("fbdev:
Disable sysfb device registration when removing conflicting FBs"),
where we remove the sysfb when loading a driver for an unrelated pci
device, resulting in the user losing their efifb console or similar.
Note that in practice this only is a problem with the nvidia blob,
because that's the only gpu driver people might install which does not
come with an fbdev driver of it's own. For everyone else the real gpu
driver will restore a working console.
Also note that in the referenced bug there's confusion that this same
bug also happens on amdgpu. But that was just another amdgpu specific
regression, which just happened to happen at roughly the same time and
with the same user-observable symptoms. That bug is fixed now, see
https://bugzilla.kernel.org/show_bug.cgi?id=216331#c15
Note that we should not have any such issues on non-pci multi-gpu
issues, because I could only find two such cases:
- SoC with some external panel over spi or similar. These panel
drivers do not use drm_aperture_remove_conflicting_framebuffers(),
so no problem.
- vga+mga, which is a direct console driver and entirely bypasses all
this.
For the above reasons the cc: stable is just notionally, this patch
will need a backport and that's up to nvidia if they care enough.
v2:
- Explain a bit better why other multi-gpu that aren't pci shouldn't
have any issues with making all this fully pci specific.
v3
- polish commit message (Javier)
v4:
- Fix commit message style (i.e., commit 1234 ("..."))
- fix Daniel's S-o-b address
v5:
- add back an S-o-b tag with Daniel's Intel address
Fixes:
ee7a69aa38d8 ("fbdev: Disable sysfb device registration when removing conflicting FBs")
Tested-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216303#c28
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Aaron Plattner <aplattner@nvidia.com>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Helge Deller <deller@gmx.de>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: <stable@vger.kernel.org> # v5.19+ (if someone else does the backport)
Link: https://patchwork.freedesktop.org/patch/msgid/20230406132109.32050-8-tzimmermann@suse.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
Thomas Zimmermann [Mon, 19 Dec 2022 16:05:06 +0000 (17:05 +0100)]
fbdev/hyperv-fb: Do not set struct fb_info.apertures
[ Upstream commit
81d2393485f0990cf6566b0c9e0697c199f68ae5 ]
Generic fbdev drivers use the apertures field in struct fb_info to
control ownership of the framebuffer memory and graphics device. Do
not set the values in hyperv-fb.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221219160516.23436-9-tzimmermann@suse.de
Stable-dep-of:
5ae3716cfdcd ("video/aperture: Only remove sysfb on the default vga pci device")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Xu Yang [Mon, 17 Jul 2023 02:28:33 +0000 (10:28 +0800)]
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
[ Upstream commit
ee70b908f77a9d8f689dea986f09e6d7dc481934 ]
Property name "phy-3p0-supply" is used instead of "phy-reg_3p0-supply".
Fixes:
9f30b6b1a957 ("ARM: dts: imx: Add basic dtsi file for imx6sll")
cc: <stable@vger.kernel.org>
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Marc Zyngier [Thu, 13 Jul 2023 07:06:57 +0000 (08:06 +0100)]
KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption
[ Upstream commit
b321c31c9b7b309dcde5e8854b741c8e6a9a05f0 ]
Xiang reports that VMs occasionally fail to boot on GICv4.1 systems when
running a preemptible kernel, as it is possible that a vCPU is blocked
without requesting a doorbell interrupt.
The issue is that any preemption that occurs between vgic_v4_put() and
schedule() on the block path will mark the vPE as nonresident and *not*
request a doorbell irq. This occurs because when the vcpu thread is
resumed on its way to block, vcpu_load() will make the vPE resident
again. Once the vcpu actually blocks, we don't request a doorbell
anymore, and the vcpu won't be woken up on interrupt delivery.
Fix it by tracking that we're entering WFI, and key the doorbell
request on that flag. This allows us not to make the vPE resident
when going through a preempt/schedule cycle, meaning we don't lose
any state.
Cc: stable@vger.kernel.org
Fixes:
8e01d9a396e6 ("KVM: arm64: vgic-v4: Move the GICv4 residency flow to be driven by vcpu_load/put")
Reported-by: Xiang Chen <chenxiang66@hisilicon.com>
Suggested-by: Zenghui Yu <yuzenghui@huawei.com>
Tested-by: Xiang Chen <chenxiang66@hisilicon.com>
Co-developed-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Acked-by: Zenghui Yu <yuzenghui@huawei.com>
Link: https://lore.kernel.org/r/20230713070657.3873244-1-maz@kernel.org
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Hersen Wu [Tue, 28 Mar 2023 14:45:24 +0000 (10:45 -0400)]
drm/amd/display: fix access hdcp_workqueue assert
[ Upstream commit
cdff36a0217aadf5cbc167893ad1c0da869619cb ]
[Why] hdcp are enabled for asics from raven. for old asics
which hdcp are not enabled, hdcp_workqueue are null. some
access to hdcp work queue are not guarded with pointer check.
[How] add hdcp_workqueue pointer check before access workqueue.
Reviewed-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
hersen wu [Tue, 15 Nov 2022 19:20:56 +0000 (14:20 -0500)]
drm/amd/display: phase3 mst hdcp for multiple displays
[ Upstream commit
e8fd3eeb5e8711af39b00642da06474e52f4780c ]
[Why]
multiple display hdcp are enabled within event_property_validate,
event_property_update by looping all displays on mst hub. when
one of display on mst hub in unplugged or disabled, hdcp are
disabled for all displays on mst hub within hdcp_reset_display
by looping all displays of mst link. for displays still active,
their encryption status are off. kernel driver will not run hdcp
authentication again. therefore, hdcp are not enabled automatically.
[How]
within is_content_protection_different, check drm_crtc_state changes
of all displays on mst hub, if need, triger hdcp_update_display to
re-run hdcp authentication.
Acked-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: hersen wu <hersenxs.wu@amd.com>
Reviewed-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of:
cdff36a0217a ("drm/amd/display: fix access hdcp_workqueue assert")
Signed-off-by: Sasha Levin <sashal@kernel.org>
hersen wu [Tue, 15 Nov 2022 15:39:55 +0000 (10:39 -0500)]
drm/amd/display: save restore hdcp state when display is unplugged from mst hub
[ Upstream commit
82986fd631fa04bcedaefe11a6b3767601cbe84f ]
[Why]
connector hdcp properties are lost after display is
unplgged from mst hub. connector is destroyed with
dm_dp_mst_connector_destroy. when display is plugged
back, hdcp is not desired and it wouldnt be enabled.
[How]
save hdcp properties into hdcp_work within
amdgpu_dm_atomic_commit_tail. If the same display is
plugged back with same display index, its hdcp
properties will be retrieved from hdcp_work within
dm_dp_mst_get_modes.
Acked-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: hersen wu <hersenxs.wu@amd.com>
Reviewed-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of:
cdff36a0217a ("drm/amd/display: fix access hdcp_workqueue assert")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Song Yoong Siang [Tue, 2 May 2023 15:48:06 +0000 (08:48 -0700)]
igc: read before write to SRRCTL register
[ Upstream commit
3ce29c17dc847bf4245e16aad78a7617afa96297 ]
igc_configure_rx_ring() function will be called as part of XDP program
setup. If Rx hardware timestamp is enabled prio to XDP program setup,
this timestamp enablement will be overwritten when buffer size is
written into SRRCTL register.
Thus, this commit read the register value before write to SRRCTL
register. This commit is tested by using xdp_hw_metadata bpf selftest
tool. The tool enables Rx hardware timestamp and then attach XDP program
to igc driver. It will display hardware timestamp of UDP packet with
port number 9092. Below are detail of test steps and results.
Command on DUT:
sudo ./xdp_hw_metadata <interface name>
Command on Link Partner:
echo -n skb | nc -u -q1 <destination IPv4 addr> 9092
Result before this patch:
skb hwtstamp is not found!
Result after this patch:
found skb hwtstamp =
1677800973.
642836757
Optionally, read PHC to confirm the values obtained are almost the same:
Command:
sudo ./testptp -d /dev/ptp0 -g
Result:
clock time:
1677800973.
913598978 or Fri Mar 3 07:49:33 2023
Fixes:
fc9df2a0b520 ("igc: Enable RX via AF_XDP zero-copy")
Cc: <stable@vger.kernel.org> # 5.14+
Signed-off-by: Song Yoong Siang <yoong.siang.song@intel.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Tested-by: Jesper Dangaard Brouer <brouer@redhat.com>
Tested-by: Naama Meir <naamax.meir@linux.intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Chen Lin [Wed, 19 Jul 2023 07:58:47 +0000 (15:58 +0800)]
ring-buffer: Do not swap cpu_buffer during resize process
[ Upstream commit
8a96c0288d0737ad77882024974c075345c72011 ]
When ring_buffer_swap_cpu was called during resize process,
the cpu buffer was swapped in the middle, resulting in incorrect state.
Continuing to run in the wrong state will result in oops.
This issue can be easily reproduced using the following two scripts:
/tmp # cat test1.sh
//#! /bin/sh
for i in `seq 0 100000`
do
echo 2000 > /sys/kernel/debug/tracing/buffer_size_kb
sleep 0.5
echo 5000 > /sys/kernel/debug/tracing/buffer_size_kb
sleep 0.5
done
/tmp # cat test2.sh
//#! /bin/sh
for i in `seq 0 100000`
do
echo irqsoff > /sys/kernel/debug/tracing/current_tracer
sleep 1
echo nop > /sys/kernel/debug/tracing/current_tracer
sleep 1
done
/tmp # ./test1.sh &
/tmp # ./test2.sh &
A typical oops log is as follows, sometimes with other different oops logs.
[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8
[ 231.713375] Modules linked in:
[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15
[ 231.716750] Hardware name: linux,dummy-virt (DT)
[ 231.718152] Workqueue: events update_pages_handler
[ 231.719714] pstate:
60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 231.721171] pc : rb_update_pages+0x378/0x3f8
[ 231.722212] lr : rb_update_pages+0x25c/0x3f8
[ 231.723248] sp :
ffff800082b9bd50
[ 231.724169] x29:
ffff800082b9bd50 x28:
ffff8000825f7000 x27:
0000000000000000
[ 231.726102] x26:
0000000000000001 x25:
fffffffffffff010 x24:
0000000000000ff0
[ 231.728122] x23:
ffff0000c3a0b600 x22:
ffff0000c3a0b5c0 x21:
fffffffffffffe0a
[ 231.730203] x20:
ffff0000c3a0b600 x19:
ffff0000c0102400 x18:
0000000000000000
[ 231.732329] x17:
0000000000000000 x16:
0000000000000000 x15:
0000ffffe7aa8510
[ 231.734212] x14:
0000000000000000 x13:
0000000000000000 x12:
0000000000000002
[ 231.736291] x11:
ffff8000826998a8 x10:
ffff800082b9baf0 x9 :
ffff800081137558
[ 231.738195] x8 :
fffffc00030e82c8 x7 :
0000000000000000 x6 :
0000000000000001
[ 231.740192] x5 :
ffff0000ffbafe00 x4 :
0000000000000000 x3 :
0000000000000000
[ 231.742118] x2 :
00000000000006aa x1 :
0000000000000001 x0 :
ffff0000c0007208
[ 231.744196] Call trace:
[ 231.744892] rb_update_pages+0x378/0x3f8
[ 231.745893] update_pages_handler+0x1c/0x38
[ 231.746893] process_one_work+0x1f0/0x468
[ 231.747852] worker_thread+0x54/0x410
[ 231.748737] kthread+0x124/0x138
[ 231.749549] ret_from_fork+0x10/0x20
[ 231.750434] ---[ end trace
0000000000000000 ]---
[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address
0000000000000000
[ 233.721696] Mem abort info:
[ 233.721935] ESR = 0x0000000096000004
[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits
[ 233.722596] SET = 0, FnV = 0
[ 233.722805] EA = 0, S1PTW = 0
[ 233.723026] FSC = 0x04: level 0 translation fault
[ 233.723458] Data abort info:
[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=
0000000104943000
[ 233.725592] [
0000000000000000] pgd=
0000000000000000, p4d=
0000000000000000
[ 233.726231] Internal error: Oops:
0000000096000004 [#1] PREEMPT SMP
[ 233.726720] Modules linked in:
[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15
[ 233.727777] Hardware name: linux,dummy-virt (DT)
[ 233.728225] Workqueue: events update_pages_handler
[ 233.728655] pstate:
200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8
[ 233.729334] lr : rb_update_pages+0x154/0x3f8
[ 233.729592] sp :
ffff800082b9bd50
[ 233.729792] x29:
ffff800082b9bd50 x28:
ffff8000825f7000 x27:
0000000000000000
[ 233.730220] x26:
0000000000000000 x25:
ffff800082a8b840 x24:
ffff0000c0102418
[ 233.730653] x23:
0000000000000000 x22:
fffffc000304c880 x21:
0000000000000003
[ 233.731105] x20:
00000000000001f4 x19:
ffff0000c0102400 x18:
ffff800082fcbc58
[ 233.731727] x17:
0000000000000000 x16:
0000000000000001 x15:
0000000000000001
[ 233.732282] x14:
ffff8000825fe0c8 x13:
0000000000000001 x12:
0000000000000000
[ 233.732709] x11:
ffff8000826998a8 x10:
0000000000000ae0 x9 :
ffff8000801b760c
[ 233.733148] x8 :
fefefefefefefeff x7 :
0000000000000018 x6 :
ffff0000c03298c0
[ 233.733553] x5 :
0000000000000002 x4 :
0000000000000000 x3 :
0000000000000000
[ 233.733972] x2 :
ffff0000c3a0b600 x1 :
0000000000000000 x0 :
0000000000000000
[ 233.734418] Call trace:
[ 233.734593] rb_update_pages+0x1a8/0x3f8
[ 233.734853] update_pages_handler+0x1c/0x38
[ 233.735148] process_one_work+0x1f0/0x468
[ 233.735525] worker_thread+0x54/0x410
[ 233.735852] kthread+0x124/0x138
[ 233.736064] ret_from_fork+0x10/0x20
[ 233.736387] Code:
92400000 910006b5 aa000021 aa0303f7 (
f9400060)
[ 233.736959] ---[ end trace
0000000000000000 ]---
After analysis, the seq of the error is as follows [1-5]:
int ring_buffer_resize(struct trace_buffer *buffer, unsigned long size,
int cpu_id)
{
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
//1. get cpu_buffer, aka cpu_buffer(A)
...
...
schedule_work_on(cpu,
&cpu_buffer->update_pages_work);
//2. 'update_pages_work' is queue on 'cpu', cpu_buffer(A) is passed to
// update_pages_handler, do the update process, set 'update_done' in
// complete(&cpu_buffer->update_done) and to wakeup resize process.
//---->
//3. Just at this moment, ring_buffer_swap_cpu is triggered,
//cpu_buffer(A) be swaped to cpu_buffer(B), the max_buffer.
//ring_buffer_swap_cpu is called as the 'Call trace' below.
Call trace:
dump_backtrace+0x0/0x2f8
show_stack+0x18/0x28
dump_stack+0x12c/0x188
ring_buffer_swap_cpu+0x2f8/0x328
update_max_tr_single+0x180/0x210
check_critical_timing+0x2b4/0x2c8
tracer_hardirqs_on+0x1c0/0x200
trace_hardirqs_on+0xec/0x378
el0_svc_common+0x64/0x260
do_el0_svc+0x90/0xf8
el0_svc+0x20/0x30
el0_sync_handler+0xb0/0xb8
el0_sync+0x180/0x1c0
//<----
/* wait for all the updates to complete */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
//4. get cpu_buffer, cpu_buffer(B) is used in the following process,
//the state of cpu_buffer(A) and cpu_buffer(B) is totally wrong.
//for example, cpu_buffer(A)->update_done will leave be set 1, and will
//not 'wait_for_completion' at the next resize round.
if (!cpu_buffer->nr_pages_to_update)
continue;
if (cpu_online(cpu))
wait_for_completion(&cpu_buffer->update_done);
cpu_buffer->nr_pages_to_update = 0;
}
...
}
//5. the state of cpu_buffer(A) and cpu_buffer(B) is totally wrong,
//Continuing to run in the wrong state, then oops occurs.
Link: https://lore.kernel.org/linux-trace-kernel/202307191558478409990@zte.com.cn
Signed-off-by: Chen Lin <chen.lin5@zte.com.cn>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Andy Shevchenko [Mon, 17 Jul 2023 09:32:14 +0000 (12:32 +0300)]
Bluetooth: MGMT: Use correct address for memcpy()
[ Upstream commit
d1f0a9816f5fbc1316355ec1aa4ddfb9b624cca5 ]
In function ‘fortify_memcpy_chk’,
inlined from ‘get_conn_info_complete’ at net/bluetooth/mgmt.c:7281:2:
include/linux/fortify-string.h:592:25: error: call to
‘__read_overflow2_field’ declared with attribute warning: detected read
beyond size of field (2nd parameter); maybe use struct_group()?
[-Werror=attribute-warning]
592 | __read_overflow2_field(q_size_field, size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
This is due to the wrong member is used for memcpy(). Use correct one.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Benjamin Gray [Mon, 10 Jul 2023 04:41:43 +0000 (14:41 +1000)]
powerpc/kasan: Disable KCOV in KASAN code
[ Upstream commit
ccb381e1af1ace292153c88eb1fffa5683d16a20 ]
As per the generic KASAN code in mm/kasan, disable KCOV with
KCOV_INSTRUMENT := n in the makefile.
This fixes a ppc64 boot hang when KCOV and KASAN are enabled.
kasan_early_init() gets called before a PACA is initialised, but the
KCOV hook expects a valid PACA.
Suggested-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230710044143.146840-1-bgray@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Luke D. Jones [Thu, 6 Jul 2023 22:33:23 +0000 (10:33 +1200)]
ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V
[ Upstream commit
5251605f4d297a0eb5d3b7f39f9dcee9e4d0115a ]
Adds the required quirk to enable the Cirrus amp and correct pins
on the ASUS ROG GZ301V series which uses an SPI connected Cirrus amp.
While this works if the related _DSD properties are made available, these
aren't included in the ACPI of these laptops (yet).
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Link: https://lore.kernel.org/r/20230706223323.30871-2-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Luke D. Jones [Tue, 4 Jul 2023 04:46:16 +0000 (16:46 +1200)]
ALSA: hda/realtek: Add quirk for ASUS ROG GA402X
[ Upstream commit
9abc77fb144fe916fd2f592dc4b8c7bade02e58a ]
Adds the required quirk to enable the Cirrus amp and correct pins
on the ASUS ROG GA402X series which uses an I2C connected Cirrus amp.
While this works if the related _DSD properties are made available, these
aren't included in the ACPI of these laptops (yet).
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Link: https://lore.kernel.org/r/20230704044619.19343-3-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Luke D. Jones [Tue, 4 Jul 2023 04:46:15 +0000 (16:46 +1200)]
ALSA: hda/realtek: Add quirk for ASUS ROG GX650P
[ Upstream commit
8cc87c055d28320e5fa5457922f43bc07dec58bd ]
Adds the required quirk to enable the Cirrus amp and correct pins
on the ASUS ROG GV601V series which uses an I2C connected Cirrus amp.
While this works if the related _DSD properties are made available, these
aren't included in the ACPI of these laptops (yet).
Signed-off-by: Luke D. Jones <luke@ljones.dev>
Link: https://lore.kernel.org/r/20230704044619.19343-2-luke@ljones.dev
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Tuo Li [Mon, 3 Jul 2023 03:10:16 +0000 (11:10 +0800)]
ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
[ Upstream commit
1f4a08fed450db87fbb5ff5105354158bdbe1a22 ]
The variable codec->regmap is often protected by the lock
codec->regmap_lock when is accessed. However, it is accessed without
holding the lock when is accessed in snd_hdac_regmap_sync():
if (codec->regmap)
In my opinion, this may be a harmful race, because if codec->regmap is
set to NULL right after the condition is checked, a null-pointer
dereference can occur in the called function regcache_sync():
map->lock(map->lock_arg); --> Line 360 in drivers/base/regmap/regcache.c
To fix this possible null-pointer dereference caused by data race, the
mutex_lock coverage is extended to protect the if statement as well as the
function call to regcache_sync().
[ Note: the lack of the regmap_lock itself is harmless for the current
codec driver implementations, as snd_hdac_regmap_sync() is only for
PM runtime resume that is prohibited during the codec probe.
But the change makes the whole code more consistent, so it's merged
as is -- tiwai ]
Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20230703031016.1184711-1-islituo@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
dengxiang [Mon, 3 Jul 2023 02:17:51 +0000 (10:17 +0800)]
ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
[ Upstream commit
73f1c75d5e6bd8ce2a887ef493a66ad1b16ed704 ]
These models use NSIWAY amplifiers for internal speaker, but cannot put
sound outside from these amplifiers. So eapd verbs are needed to initialize
the amplifiers. They can be added during boot to get working sound out
of internal speaker.
Signed-off-by: dengxiang <dengxiang@nfschina.com>
Link: https://lore.kernel.org/r/20230703021751.2945750-1-dengxiang@nfschina.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Konstantin Komarov [Mon, 8 May 2023 07:36:28 +0000 (11:36 +0400)]
fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted
[ Upstream commit
e0f363a98830e8d7d70fbaf91c07ae0b7c57aafe ]
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jia-Ju Bai [Tue, 21 Mar 2023 13:22:11 +0000 (21:22 +0800)]
fs: ntfs3: Fix possible null-pointer dereferences in mi_read()
[ Upstream commit
97498cd610c0d030a7bd49a7efad974790661162 ]
In a previous commit
2681631c2973 ("fs/ntfs3: Add null pointer check to
attr_load_runs_vcn"), ni can be NULL in attr_load_runs_vcn(), and thus it
should be checked before being used.
However, in the call stack of this commit, mft_ni in mi_read() is
aliased with ni in attr_load_runs_vcn(), and it is also used in
mi_read() at two places:
mi_read()
rw_lock = &mft_ni->file.run_lock -> No check
attr_load_runs_vcn(mft_ni, ...)
ni (namely mft_ni) is checked in the previous commit
attr_load_runs_vcn(..., &mft_ni->file.run) -> No check
Thus, to avoid possible null-pointer dereferences, the related checks
should be added.
These bugs are reported by a static analysis tool implemented by myself,
and they are found by extending a known bug fixed in the previous commit.
Thus, they could be theoretical bugs.
Signed-off-by: Jia-Ju Bai <baijiaju@buaa.edu.cn>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Edward Lo [Thu, 16 Mar 2023 02:56:55 +0000 (10:56 +0800)]
fs/ntfs3: Enhance sanity check while generating attr_list
[ Upstream commit
fdec309c7672cbee4dc0229ee4cbb33c948a1bdd ]
ni_create_attr_list uses WARN_ON to catch error cases while generating
attribute list, which only prints out stack trace and may not be enough.
This repalces them with more proper error handling flow.
[ 59.666332] BUG: kernel NULL pointer dereference, address:
000000000000000e
[ 59.673268] #PF: supervisor read access in kernel mode
[ 59.678354] #PF: error_code(0x0000) - not-present page
[ 59.682831] PGD
8000000005ff1067 P4D
8000000005ff1067 PUD 7dee067 PMD 0
[ 59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI
[ 59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G B W 6.2.0-rc1+ #4
[ 59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
[ 59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860
[ 59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8
[ 59.731559] RSP: 0018:
ffff88800a56f1e0 EFLAGS:
00010282
[ 59.735691] RAX:
0000000000000001 RBX:
ffff88800b7b5088 RCX:
ffffffffb83079fe
[ 59.741792] RDX:
0000000000000001 RSI:
0000000000000008 RDI:
ffffffffbb7f9fc0
[ 59.748423] RBP:
ffff88800a56f3a8 R08:
ffff88800b7b50a0 R09:
fffffbfff76ff3f9
[ 59.754654] R10:
ffffffffbb7f9fc7 R11:
fffffbfff76ff3f8 R12:
ffff88800b756180
[ 59.761552] R13:
0000000000000000 R14:
000000000000000e R15:
0000000000000050
[ 59.768323] FS:
00007feaa8c96440(0000) GS:
ffff88806d400000(0000) knlGS:
0000000000000000
[ 59.776027] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 59.781395] CR2:
00007f3a2e0b1000 CR3:
000000000a5bc000 CR4:
00000000000006f0
[ 59.787607] Call Trace:
[ 59.790271] <TASK>
[ 59.792488] ? __pfx_ni_create_attr_list+0x10/0x10
[ 59.797235] ? kernel_text_address+0xd3/0xe0
[ 59.800856] ? unwind_get_return_address+0x3e/0x60
[ 59.805101] ? __kasan_check_write+0x18/0x20
[ 59.809296] ? preempt_count_sub+0x1c/0xd0
[ 59.813421] ni_ins_attr_ext+0x52c/0x5c0
[ 59.817034] ? __pfx_ni_ins_attr_ext+0x10/0x10
[ 59.821926] ? __vfs_setxattr+0x121/0x170
[ 59.825718] ? __vfs_setxattr_noperm+0x97/0x300
[ 59.829562] ? __vfs_setxattr_locked+0x145/0x170
[ 59.833987] ? vfs_setxattr+0x137/0x2a0
[ 59.836732] ? do_setxattr+0xce/0x150
[ 59.839807] ? setxattr+0x126/0x140
[ 59.842353] ? path_setxattr+0x164/0x180
[ 59.845275] ? __x64_sys_setxattr+0x71/0x90
[ 59.848838] ? do_syscall_64+0x3f/0x90
[ 59.851898] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 59.857046] ? stack_depot_save+0x17/0x20
[ 59.860299] ni_insert_attr+0x1ba/0x420
[ 59.863104] ? __pfx_ni_insert_attr+0x10/0x10
[ 59.867069] ? preempt_count_sub+0x1c/0xd0
[ 59.869897] ? _raw_spin_unlock_irqrestore+0x2b/0x50
[ 59.874088] ? __create_object+0x3ae/0x5d0
[ 59.877865] ni_insert_resident+0xc4/0x1c0
[ 59.881430] ? __pfx_ni_insert_resident+0x10/0x10
[ 59.886355] ? kasan_save_alloc_info+0x1f/0x30
[ 59.891117] ? __kasan_kmalloc+0x8b/0xa0
[ 59.894383] ntfs_set_ea+0x90d/0xbf0
[ 59.897703] ? __pfx_ntfs_set_ea+0x10/0x10
[ 59.901011] ? kernel_text_address+0xd3/0xe0
[ 59.905308] ? __kernel_text_address+0x16/0x50
[ 59.909811] ? unwind_get_return_address+0x3e/0x60
[ 59.914898] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 59.920250] ? arch_stack_walk+0xa2/0x100
[ 59.924560] ? filter_irq_stacks+0x27/0x80
[ 59.928722] ntfs_setxattr+0x405/0x440
[ 59.932512] ? __pfx_ntfs_setxattr+0x10/0x10
[ 59.936634] ? kvmalloc_node+0x2d/0x120
[ 59.940378] ? kasan_save_stack+0x41/0x60
[ 59.943870] ? kasan_save_stack+0x2a/0x60
[ 59.947719] ? kasan_set_track+0x29/0x40
[ 59.951417] ? kasan_save_alloc_info+0x1f/0x30
[ 59.955733] ? __kasan_kmalloc+0x8b/0xa0
[ 59.959598] ? __kmalloc_node+0x68/0x150
[ 59.963163] ? kvmalloc_node+0x2d/0x120
[ 59.966490] ? vmemdup_user+0x2b/0xa0
[ 59.969060] __vfs_setxattr+0x121/0x170
[ 59.972456] ? __pfx___vfs_setxattr+0x10/0x10
[ 59.976008] __vfs_setxattr_noperm+0x97/0x300
[ 59.981562] __vfs_setxattr_locked+0x145/0x170
[ 59.986100] vfs_setxattr+0x137/0x2a0
[ 59.989964] ? __pfx_vfs_setxattr+0x10/0x10
[ 59.993616] ? __kasan_check_write+0x18/0x20
[ 59.997425] do_setxattr+0xce/0x150
[ 60.000304] setxattr+0x126/0x140
[ 60.002967] ? __pfx_setxattr+0x10/0x10
[ 60.006471] ? __virt_addr_valid+0xcb/0x140
[ 60.010461] ? __call_rcu_common.constprop.0+0x1c7/0x330
[ 60.016037] ? debug_smp_processor_id+0x1b/0x30
[ 60.021008] ? kasan_quarantine_put+0x5b/0x190
[ 60.025545] ? putname+0x84/0xa0
[ 60.027910] ? __kasan_slab_free+0x11e/0x1b0
[ 60.031483] ? putname+0x84/0xa0
[ 60.033986] ? preempt_count_sub+0x1c/0xd0
[ 60.036876] ? __mnt_want_write+0xae/0x100
[ 60.040738] ? mnt_want_write+0x8f/0x150
[ 60.044317] path_setxattr+0x164/0x180
[ 60.048096] ? __pfx_path_setxattr+0x10/0x10
[ 60.052096] ? strncpy_from_user+0x175/0x1c0
[ 60.056482] ? debug_smp_processor_id+0x1b/0x30
[ 60.059848] ? fpregs_assert_state_consistent+0x6b/0x80
[ 60.064557] __x64_sys_setxattr+0x71/0x90
[ 60.068892] do_syscall_64+0x3f/0x90
[ 60.072868] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 60.077523] RIP: 0033:0x7feaa86e4469
[ 60.080915] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088
[ 60.097353] RSP: 002b:
00007ffdbd8311e8 EFLAGS:
00000286 ORIG_RAX:
00000000000000bc
[ 60.103386] RAX:
ffffffffffffffda RBX:
9461c5e290baac00 RCX:
00007feaa86e4469
[ 60.110322] RDX:
00007ffdbd831fe0 RSI:
00007ffdbd831305 RDI:
00007ffdbd831263
[ 60.116808] RBP:
00007ffdbd836180 R08:
0000000000000001 R09:
00007ffdbd836268
[ 60.123879] R10:
000000000000007d R11:
0000000000000286 R12:
0000000000400500
[ 60.130540] R13:
00007ffdbd836260 R14:
0000000000000000 R15:
0000000000000000
[ 60.136553] </TASK>
[ 60.138818] Modules linked in:
[ 60.141839] CR2:
000000000000000e
[ 60.144831] ---[ end trace
0000000000000000 ]---
[ 60.149058] RIP: 0010:ni_create_attr_list+0x505/0x860
[ 60.153975] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8
[ 60.172443] RSP: 0018:
ffff88800a56f1e0 EFLAGS:
00010282
[ 60.176246] RAX:
0000000000000001 RBX:
ffff88800b7b5088 RCX:
ffffffffb83079fe
[ 60.182752] RDX:
0000000000000001 RSI:
0000000000000008 RDI:
ffffffffbb7f9fc0
[ 60.189949] RBP:
ffff88800a56f3a8 R08:
ffff88800b7b50a0 R09:
fffffbfff76ff3f9
[ 60.196950] R10:
ffffffffbb7f9fc7 R11:
fffffbfff76ff3f8 R12:
ffff88800b756180
[ 60.203671] R13:
0000000000000000 R14:
000000000000000e R15:
0000000000000050
[ 60.209595] FS:
00007feaa8c96440(0000) GS:
ffff88806d400000(0000) knlGS:
0000000000000000
[ 60.216299] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 60.222276] CR2:
00007f3a2e0b1000 CR3:
000000000a5bc000 CR4:
00000000000006f0
Signed-off-by: Edward Lo <loyuantsung@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
shanzhulig [Wed, 28 Jun 2023 01:10:47 +0000 (18:10 -0700)]
drm/amdgpu: Fix potential fence use-after-free v2
[ Upstream commit
2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 ]
fence Decrements the reference count before exiting.
Avoid Race Vulnerabilities for fence use-after-free.
v2 (chk): actually fix the use after free and not just move it.
Signed-off-by: shanzhulig <shanzhulig@gmail.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Xiubo Li [Thu, 18 May 2023 01:40:14 +0000 (09:40 +0800)]
ceph: try to dump the msgs when decoding fails
[ Upstream commit
8b0da5c549ae63ba1debd92a350f90773cb4bfe7 ]
When the msgs are corrupted we need to dump them and then it will
be easier to dig what has happened and where the issue is.
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Matthew Anderson [Sat, 24 Jun 2023 17:08:10 +0000 (12:08 -0500)]
Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
[ Upstream commit
fa01eba11f0e57c767a5eab5291c7a01407a00be ]
Adding the device ID from the Asus Ally gets the bluetooth working
on the device.
Signed-off-by: Matthew Anderson <ruinairas1992@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Zhengping Jiang [Thu, 25 May 2023 00:04:15 +0000 (17:04 -0700)]
Bluetooth: L2CAP: Fix use-after-free
[ Upstream commit
f752a0b334bb95fe9b42ecb511e0864e2768046f ]
Fix potential use-after-free in l2cap_le_command_rej.
Signed-off-by: Zhengping Jiang <jiangzp@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Yuechao Zhao [Mon, 12 Jun 2023 03:19:07 +0000 (11:19 +0800)]
watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub)
[ Upstream commit
009637de1f65cff452ad49554d1e8ef9fda99e43 ]
Add PCI_VENDOR_ID_HYGON(Hygon vendor id [0x1d94]) in this driver
Signed-off-by: Yuechao Zhao <yuechao.zhao@advantech.com.cn>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lkml.kernel.org/r/20230612031907.796461-1-a345351830@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Zhang Shurong [Fri, 23 Jun 2023 05:39:35 +0000 (13:39 +0800)]
firewire: net: fix use after free in fwnet_finish_incoming_packet()
[ Upstream commit
3ff256751a2853e1ffaa36958ff933ccc98c6cb5 ]
The netif_rx() function frees the skb so we can't dereference it to
save the skb->len.
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Link: https://lore.kernel.org/r/tencent_3B3D24B66ED66A6BB73CC0E63C6A14E45109@qq.com
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mika Westerberg [Wed, 17 May 2023 07:45:53 +0000 (10:45 +0300)]
thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth
[ Upstream commit
f2bfa944080dcbb8eb56259dfd2c07204cbee17e ]
Intel Barlow Ridge discrete USB4 host router has the same limitation as
the previous generations so make sure the USB3 bandwidth limitation
quirk is applied to Barlow Ridge too.
Signed-off-by: Gil Fine <gil.fine@linux.intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mika Westerberg [Sat, 17 Dec 2022 06:35:04 +0000 (08:35 +0200)]
thunderbolt: Add Intel Barlow Ridge PCI ID
[ Upstream commit
6f14a210661ce03988ef4ed3c8402037c8e06539 ]
Intel Barlow Ridge is the first USB4 v2 controller from Intel. The
controller exposes standard USB4 PCI class ID in typical configurations,
however there is a way to configure it so that it uses a special class
ID to allow using s different driver than the Windows inbox one. For
this reason add the Barlow Ridge PCI ID to the Linux driver too so that
the driver can attach regardless of the class ID.
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Armin Wolf [Fri, 12 May 2023 18:45:29 +0000 (20:45 +0200)]
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
[ Upstream commit
c85fd9422fe0f5d667305efb27f56d09eab120b0 ]
When nonstatic_release_resource_db() frees all resources associated
with an PCMCIA socket, it forgets to free socket_data too, causing
a memory leak observable with kmemleak:
unreferenced object 0xc28d1000 (size 64):
comm "systemd-udevd", pid 297, jiffies
4294898478 (age 194.484s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 f0 85 0e c3 00 00 00 00 ................
00 00 00 00 0c 10 8d c2 00 00 00 00 00 00 00 00 ................
backtrace:
[<
ffda4245>] __kmem_cache_alloc_node+0x2d7/0x4a0
[<
7e51f0c8>] kmalloc_trace+0x31/0xa4
[<
d52b4ca0>] nonstatic_init+0x24/0x1a4 [pcmcia_rsrc]
[<
a2f13e08>] pcmcia_register_socket+0x200/0x35c [pcmcia_core]
[<
a728be1b>] yenta_probe+0x4d8/0xa70 [yenta_socket]
[<
c48fac39>] pci_device_probe+0x99/0x194
[<
84b7c690>] really_probe+0x181/0x45c
[<
8060fe6e>] __driver_probe_device+0x75/0x1f4
[<
b9b76f43>] driver_probe_device+0x28/0xac
[<
648b766f>] __driver_attach+0xeb/0x1e4
[<
6e9659eb>] bus_for_each_dev+0x61/0xb4
[<
25a669f3>] driver_attach+0x1e/0x28
[<
d8671d6b>] bus_add_driver+0x102/0x20c
[<
df0d323c>] driver_register+0x5b/0x120
[<
942cd8a4>] __pci_register_driver+0x44/0x4c
[<
e536027e>] __UNIQUE_ID___addressable_cleanup_module188+0x1c/0xfffff000 [iTCO_vendor_support]
Fix this by freeing socket_data too.
Tested on a Acer Travelmate 4002WLMi by manually binding/unbinding
the yenta_cardbus driver (yenta_socket).
Signed-off-by: Armin Wolf <W_Armin@gmx.de>
Message-ID: <
20230512184529.5094-1-W_Armin@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Tuo Li [Tue, 13 Jun 2023 03:06:37 +0000 (11:06 +0800)]
gfs2: Fix possible data races in gfs2_show_options()
[ Upstream commit
6fa0a72cbbe45db4ed967a51f9e6f4e3afe61d20 ]
Some fields such as gt_logd_secs of the struct gfs2_tune are accessed
without holding the lock gt_spin in gfs2_show_options():
val = sdp->sd_tune.gt_logd_secs;
if (val != 30)
seq_printf(s, ",commit=%d", val);
And thus can cause data races when gfs2_show_options() and other functions
such as gfs2_reconfigure() are concurrently executed:
spin_lock(>->gt_spin);
gt->gt_logd_secs = newargs->ar_commit;
To fix these possible data races, the lock sdp->sd_tune.gt_spin is
acquired before accessing the fields of gfs2_tune and released after these
accesses.
Further changes by Andreas:
- Don't hold the spin lock over the seq_printf operations.
Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Xu Yang [Wed, 17 May 2023 08:19:07 +0000 (16:19 +0800)]
usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
[ Upstream commit
53d061c19dc4cb68409df6dc11c40389c8c42a75 ]
USB PHY DPDM wakeup bit is enabled by default, when USB wakeup
is not required(/sys/.../wakeup is disabled), this bit should be
disabled, otherwise we will have unexpected wakeup if do USB device
connect/disconnect while system sleep.
This bit can be enabled for both host and device mode.
Signed-off-by: Li Jun <jun.li@nxp.com>
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Acked-by: Peter Chen <peter.chen@kernel.org>
Message-ID: <
20230517081907.3410465-3-xu.yang_2@nxp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Xu Yang [Tue, 30 May 2023 10:40:07 +0000 (18:40 +0800)]
usb: chipidea: imx: don't request QoS for imx8ulp
[ Upstream commit
9a070e8e208995a9d638b538ed7abf28bd6ea6f0 ]
Use dedicated imx8ulp usb compatible to remove QoS request
since imx8ulp has no such limitation of imx7ulp: DMA will
not work if system enters idle.
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Signed-off-by: Li Jun <jun.li@nxp.com>
Acked-by: Peter Chen <peter.chen@kernel.org>
Message-ID: <
20230530104007.1294702-2-xu.yang_2@nxp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mika Westerberg [Fri, 26 May 2023 11:46:44 +0000 (14:46 +0300)]
thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx()
[ Upstream commit
1402ba08abae5cfa583ff1a40b99c098a0532d41 ]
According to the USB4 retimer guide the correct order is immediately
after sending ENUMERATE_RETIMERS so update the code to follow this.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Hans Verkuil [Wed, 24 May 2023 12:11:47 +0000 (13:11 +0100)]
media: platform: mediatek: vpu: fix NULL ptr dereference
[ Upstream commit
3df55cd773e8603b623425cc97b05e542854ad27 ]
If pdev is NULL, then it is still dereferenced.
This fixes this smatch warning:
drivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer 'pdev'
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Cc: Yunfei Dong <yunfei.dong@mediatek.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Avichal Rakesh [Mon, 8 May 2023 23:11:03 +0000 (16:11 -0700)]
usb: gadget: uvc: queue empty isoc requests if no video buffer is available
[ Upstream commit
c3ff12a92bd7072170978b8b41c2fa41b038139a ]
ISOC transfers expect a certain cadence of requests being queued. Not
keeping up with the expected rate of requests results in missed ISOC
transfers (EXDEV). The application layer may or may not produce video
frames to match this expectation, so uvc gadget driver must handle cases
where the application is not queuing up buffers fast enough to fulfill
ISOC requirements.
Currently, uvc gadget driver waits for new video buffer to become available
before queuing up usb requests. With this patch the gadget driver queues up
0 length usb requests whenever there are no video buffers available. The
USB controller's complete callback is used as the limiter for how quickly
the 0 length packets will be queued. Video buffers are still queued as
soon as they become available.
Link: https://lore.kernel.org/CAMHf4WKbi6KBPQztj9FA4kPvESc1fVKrC8G73-cs6tTeQby9=w@mail.gmail.com/
Signed-off-by: Avichal Rakesh <arakesh@google.com>
Link: https://lore.kernel.org/r/20230508231103.1621375-1-arakesh@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Prashanth K [Tue, 9 May 2023 13:27:52 +0000 (18:57 +0530)]
usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push
[ Upstream commit
e5990469943c711cb00bfde6338d2add6c6d0bfe ]
When serial console over USB is enabled, gs_console_connect
queues gs_console_work, where it acquires the spinlock and
queues the usb request, and this request goes to gadget layer.
Now consider a situation where gadget layer prints something
to dmesg, this will eventually call gs_console_write() which
requires cons->lock. And this causes spinlock recursion. Avoid
this by excluding usb_ep_queue from the spinlock.
spin_lock_irqsave //needs cons->lock
gs_console_write
.
.
_printk
__warn_printk
dev_warn/pr_err
.
.
[USB Gadget Layer]
.
.
usb_ep_queue
gs_console_work
__gs_console_push // acquires cons->lock
process_one_work
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
Link: https://lore.kernel.org/r/1683638872-6885-1-git-send-email-quic_prashk@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Andrey Konovalov [Thu, 18 May 2023 21:52:35 +0000 (00:52 +0300)]
media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250
[ Upstream commit
d5b7eb477c286f6ceccbb38704136eea0e6b09ca ]
From the experiments with camera sensors using SGRBG10_1X10/3280x2464 and
SRGGB10_1X10/3280x2464 formats, it becomes clear that on sdm845 and sm8250
VFE outputs the lines padded to a length multiple of 16 bytes. As in the
current driver the value of the bpl_alignment is set to 8 bytes, the frames
captured in formats with the bytes-per-line value being not a multiple of
16 get corrupted.
Set the bpl_alignment of the camss video output device to 16 for sdm845 and
sm8250 to fix that.
Signed-off-by: Andrey Konovalov <andrey.konovalov@linaro.org>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Yunfei Dong [Mon, 17 Apr 2023 08:17:40 +0000 (16:17 +0800)]
media: v4l2-mem2mem: add lock to protect parameter num_rdy
[ Upstream commit
56b5c3e67b0f9af3f45cf393be048ee8d8a92694 ]
Getting below error when using KCSAN to check the driver. Adding lock to
protect parameter num_rdy when getting the value with function:
v4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready.
kworker/u16:3: [name:report&]BUG: KCSAN: data-race in v4l2_m2m_buf_queue
kworker/u16:3: [name:report&]
kworker/u16:3: [name:report&]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 on cpu 7:
kworker/u16:3: v4l2_m2m_buf_queue+0xd8/0x10c
Signed-off-by: Pina Chen <pina.chen@mediatek.com>
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lu Hongfei [Thu, 25 May 2023 11:17:03 +0000 (19:17 +0800)]
led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node() loops
[ Upstream commit
8f38f8fa7261819eb7d4fb369dc3bfab72259033 ]
Ensure child node references are decremented properly in the error path.
Signed-off-by: Lu Hongfei <luhongfei@vivo.com>
Link: https://lore.kernel.org/r/20230525111705.3055-1-luhongfei@vivo.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Uwe Kleine-König [Fri, 12 May 2023 17:38:09 +0000 (19:38 +0200)]
serial: stm32: Ignore return value of uart_remove_one_port() in .remove()
[ Upstream commit
6bd6cd29c92401a101993290051fa55078238a52 ]
Returning early from stm32_usart_serial_remove() results in a resource
leak as several cleanup functions are not called. The driver core ignores
the return value and there is no possibility to clean up later.
uart_remove_one_port() only returns non-zero if there is some
inconsistency (i.e. stm32_usart_driver.state[port->line].uart_port == NULL).
This should never happen, and even if it does it's a bad idea to exit
early in the remove callback without cleaning up.
This prepares changing the prototype of struct platform_driver::remove to
return void. See commit
5c5a7680e67b ("platform: Provide a remove callback
that returns no value") for further details about this quest.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20230512173810.131447-2-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Winston Wen [Mon, 26 Jun 2023 03:42:56 +0000 (11:42 +0800)]
cifs: fix session state check in reconnect to avoid use-after-free issue
[ Upstream commit
99f280700b4cc02d5f141b8d15f8e9fad0418f65 ]
Don't collect exiting session in smb2_reconnect_server(), because it
will be released soon.
Note that the exiting session will stay in server->smb_ses_list until
it complete the cifs_free_ipc() and logoff() and then delete itself
from the list.
Signed-off-by: Winston Wen <wentao@uniontech.com>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Paulo Alcantara [Mon, 19 Jun 2023 19:24:37 +0000 (16:24 -0300)]
smb: client: fix warning in cifs_smb3_do_mount()
[ Upstream commit
12c30f33cc6769bf411088a2872843c4f9ea32f9 ]
This fixes the following warning reported by kernel test robot
fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible
memory leak of 'cifs_sb'
Link: https://lore.kernel.org/all/202306170124.CtQqzf0I-lkp@intel.com/
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Matthew Anderson [Wed, 21 Jun 2023 16:17:14 +0000 (11:17 -0500)]
ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
[ Upstream commit
724418b84e6248cd27599607b7e5fac365b8e3f5 ]
This requires a patched ACPI table or a firmware from ASUS to work because
the system does not come with the _DSD field for the CSC3551.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217550
Signed-off-by: Matthew Anderson <ruinairas1992@gmail.com>
Tested-by: Philip Mueller <philm@manjaro.org>
Link: https://lore.kernel.org/r/20230621161714.9442-1-ruinairas1992@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Even Xu [Thu, 15 Jun 2023 00:26:41 +0000 (08:26 +0800)]
HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID
[ Upstream commit
4982126e3029cd59fbd1da0d9cc0365a0585fe64 ]
Add device ID of Arrow Lake-H into ishtp support list.
Signed-off-by: Even Xu <even.xu@intel.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Peter Ujfalusi [Fri, 16 Jun 2023 10:00:34 +0000 (12:00 +0200)]
ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown()
[ Upstream commit
d389dcb3a48cec4f03c16434c0bf98a4c635372a ]
The shutdown is called on reboot/shutdown of the machine.
At this point the firmware tracing cannot be used anymore but in case of
IPC3 it is using and keeping a DMA channel active (dtrace).
For Tiger Lake platforms we have a quirk in place to fix rare reboot issues
when a DMA was active before rebooting the system.
If the tracing is enabled this quirk will be always used and a print
appears on the kernel log which might be misleading or not even correct.
Release the fw tracing before executing the shutdown to make sure that this
known DMA user is cleared away.
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Rander Wang <rander.wang@intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20230616100039.378150-4-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Daniel Miess [Fri, 19 May 2023 17:02:01 +0000 (13:02 -0400)]
drm/amd/display: Enable dcn314 DPP RCO
[ Upstream commit
17fbdbda9cc87ff5a013898de506212d25323ed7 ]
[Why and How]
Add back debug bits enabling RCO for dcn314 as underflow
associated with this change has been resolved
Acked-by: Stylon Wang <stylon.wang@amd.com>
Signed-off-by: Daniel Miess <daniel.miess@amd.com>
Reviewed-by: Jun Lei <jun.lei@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicholas Kazlauskas [Fri, 28 Apr 2023 15:23:50 +0000 (11:23 -0400)]
drm/amd/display: Skip DPP DTO update if root clock is gated
[ Upstream commit
30f90f3c1c2c63c2fa44f61233737d27b72637c2 ]
[Why]
Hardware implements root clock gating by utilizing the DPP DTO registers
with a special case of DTO enabled, phase = 0, modulo = 1. This
conflicts with our policy to always update the DPPDTO for cases where
it's expected to be disabled.
The pipes unexpectedly enter a higher power state than expected because
of this programming flow.
[How]
Guard the upper layers of HWSS against this hardware quirk with
programming the register with an internal state flag in DCCG.
While technically acting as global state for the DCCG, HWSS shouldn't be
expected to understand the hardware quirk for having DTO disabled
causing more power than DTO enabled with this specific setting.
This also prevents sequencing errors from occuring in the future if
we have to program DPP DTO in multiple locations.
Acked-by: Stylon Wang <stylon.wang@amd.com>
Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Reviewed-by: Jun Lei <jun.lei@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Patrisious Haddad [Mon, 5 Jun 2023 10:14:07 +0000 (13:14 +0300)]
RDMA/mlx5: Return the firmware result upon destroying QP/RQ
[ Upstream commit
22664c06e997087fe37f9ba208008c948571214a ]
Previously when destroying a QP/RQ, the result of the firmware
destruction function was ignored and upper layers weren't informed
about the failure.
Which in turn could lead to various problems since when upper layer
isn't aware of the failure it continues its operation thinking that the
related QP/RQ was successfully destroyed while it actually wasn't,
which could lead to the below kernel WARN.
Currently, we return the correct firmware destruction status to upper
layers which in case of the RQ would be mlx5_ib_destroy_wq() which
was already capable of handling RQ destruction failure or in case of
a QP to destroy_qp_common(), which now would actually warn upon qp
destruction failure.
WARNING: CPU: 3 PID: 995 at drivers/infiniband/core/rdma_core.c:940 uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]
Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core overlay mlx5_core fuse
CPU: 3 PID: 995 Comm: python3 Not tainted 5.16.0-rc5+ #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]
Code: 41 5c 41 5d 41 5e e9 44 34 f0 e0 48 89 df e8 4c 77 ff ff 49 8b 86 10 01 00 00 48 85 c0 74 a1 4c 89 e7 ff d0 eb 9a 0f 0b eb c1 <0f> 0b be 04 00 00 00 48 89 df e8 b6 f6 ff ff e9 75 ff ff ff 90 0f
RSP: 0018:
ffff8881533e3e78 EFLAGS:
00010287
RAX:
ffff88811b2cf3e0 RBX:
ffff888106209700 RCX:
0000000000000000
RDX:
ffff888106209780 RSI:
ffff8881533e3d30 RDI:
ffff888109b101a0
RBP:
0000000000000001 R08:
ffff888127cb381c R09:
0de9890000000009
R10:
ffff888127cb3800 R11:
0000000000000000 R12:
ffff888106209780
R13:
ffff888106209750 R14:
ffff888100f20660 R15:
0000000000000000
FS:
00007f8be353b740(0000) GS:
ffff88852c980000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
00007f8bd5b117c0 CR3:
000000012cd8a004 CR4:
0000000000370ea0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
Call Trace:
<TASK>
ib_uverbs_close+0x1a/0x90 [ib_uverbs]
__fput+0x82/0x230
task_work_run+0x59/0x90
exit_to_user_mode_prepare+0x138/0x140
syscall_exit_to_user_mode+0x1d/0x50
? __x64_sys_close+0xe/0x40
do_syscall_64+0x4a/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f8be3ae0abb
Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 83 43 f9 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 c1 43 f9 ff 8b 44
RSP: 002b:
00007ffdb51909c0 EFLAGS:
00000293 ORIG_RAX:
0000000000000003
RAX:
0000000000000000 RBX:
0000557bb7f7c020 RCX:
00007f8be3ae0abb
RDX:
0000557bb7c74010 RSI:
0000557bb7f14ca0 RDI:
0000000000000005
RBP:
0000557bb7fbd598 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000293 R12:
0000557bb7fbd5b8
R13:
0000557bb7fbd5a8 R14:
0000000000001000 R15:
0000557bb7f7c020
</TASK>
Signed-off-by: Patrisious Haddad <phaddad@nvidia.com>
Link: https://lore.kernel.org/r/c6df677f931d18090bafbe7f7dbb9524047b7d9b.1685953497.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alvin Lee [Thu, 11 May 2023 19:25:01 +0000 (15:25 -0400)]
drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz
[ Upstream commit
7e60ab4eb3e4ba2adac46d737fdbbc5732bebd58 ]
[Description]
- Previously we wanted to apply extra 60us of prefetch for min DCFCLK
(200Mhz), but DCFCLK can be calculated to be 201Mhz which underflows
also without the extra prefetch
- Instead, apply the the extra 60us prefetch for any DCFCLK freq <=
300Mhz
Reviewed-by: Nevenko Stupar <nevenko.stupar@amd.com>
Reviewed-by: Jun Lei <jun.lei@amd.com>
Acked-by: Tom Chung <chiahsuan.chung@amd.com>
Signed-off-by: Alvin Lee <alvin.lee2@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lang Yu [Fri, 5 May 2023 12:14:15 +0000 (20:14 +0800)]
drm/amdgpu: install stub fence into potential unused fence pointers
[ Upstream commit
187916e6ed9d0c3b3abc27429f7a5f8c936bd1f0 ]
When using cpu to update page tables, vm update fences are unused.
Install stub fence into these fence pointers instead of NULL
to avoid NULL dereference when calling dma_fence_wait() on them.
Suggested-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Lang Yu <Lang.Yu@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Suravee Suthikulpanit [Tue, 30 May 2023 14:11:35 +0000 (10:11 -0400)]
iommu/amd: Introduce Disable IRTE Caching Support
[ Upstream commit
66419036f68a838c00cbccacd6cb2e99da6e5710 ]
An Interrupt Remapping Table (IRT) stores interrupt remapping configuration
for each device. In a normal operation, the AMD IOMMU caches the table
to optimize subsequent data accesses. This requires the IOMMU driver to
invalidate IRT whenever it updates the table. The invalidation process
includes issuing an INVALIDATE_INTERRUPT_TABLE command following by
a COMPLETION_WAIT command.
However, there are cases in which the IRT is updated at a high rate.
For example, for IOMMU AVIC, the IRTE[IsRun] bit is updated on every
vcpu scheduling (i.e. amd_iommu_update_ga()). On system with large
amount of vcpus and VFIO PCI pass-through devices, the invalidation
process could potentially become a performance bottleneck.
Introducing a new kernel boot option:
amd_iommu=irtcachedis
which disables IRTE caching by setting the IRTCachedis bit in each IOMMU
Control register, and bypass the IRT invalidation process.
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Co-developed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Link: https://lore.kernel.org/r/20230530141137.14376-4-suravee.suthikulpanit@amd.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
stuarthayhurst [Tue, 30 May 2023 14:44:28 +0000 (15:44 +0100)]
HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard
[ Upstream commit
48aea8b445c422a372cf15915101035a47105421 ]
Adds the USB and Bluetooth IDs for the Logitech G915 TKL keyboard, for device detection
For this device, this provides battery reporting on top of hid-generic
Reviewed-by: Bastien Nocera <hadess@hadess.net>
Signed-off-by: Stuart Hayhurst <stuart.a.hayhurst@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ofir Bitton [Tue, 18 Apr 2023 11:48:22 +0000 (14:48 +0300)]
accel/habanalabs: add pci health check during heartbeat
[ Upstream commit
d8b9cea584661b30305cf341bf9f675dc0a25471 ]
Currently upon a heartbeat failure, we don't know if the failure
is due to firmware hang or due to a bad PCI link. Hence, we
are reading a PCI config space register with a known value (vendor ID)
so we will know which of the two possibilities caused the heartbeat
failure.
Signed-off-by: Ofir Bitton <obitton@habana.ai>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
gaoxu [Tue, 6 Jun 2023 12:47:37 +0000 (12:47 +0000)]
dma-remap: use kvmalloc_array/kvfree for larger dma memory remap
[ Upstream commit
51ff97d54f02b4444dfc42e380ac4c058e12d5dd ]
If dma_direct_alloc() alloc memory in size of 64MB, the inner function
dma_common_contiguous_remap() will allocate 128KB memory by invoking
the function kmalloc_array(). and the kmalloc_array seems to fail to try to
allocate 128KB mem.
Call trace:
[14977.928623] qcrosvm: page allocation failure: order:5, mode:0x40cc0
[14977.928638] dump_backtrace.cfi_jt+0x0/0x8
[14977.928647] dump_stack_lvl+0x80/0xb8
[14977.928652] warn_alloc+0x164/0x200
[14977.928657] __alloc_pages_slowpath+0x9f0/0xb4c
[14977.928660] __alloc_pages+0x21c/0x39c
[14977.928662] kmalloc_order+0x48/0x108
[14977.928666] kmalloc_order_trace+0x34/0x154
[14977.928668] __kmalloc+0x548/0x7e4
[14977.928673] dma_direct_alloc+0x11c/0x4f8
[14977.928678] dma_alloc_attrs+0xf4/0x138
[14977.928680] gh_vm_ioctl_set_fw_name+0x3c4/0x610 [gunyah]
[14977.928698] gh_vm_ioctl+0x90/0x14c [gunyah]
[14977.928705] __arm64_sys_ioctl+0x184/0x210
work around by doing kvmalloc_array instead.
Signed-off-by: Gao Xu <gaoxu2@hihonor.com>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Pierre-Louis Bossart [Tue, 6 Jun 2023 22:25:28 +0000 (17:25 -0500)]
ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
[ Upstream commit
f751b99255cacd9ffe8c4bbf99767ad670cee1f7 ]
The functionality described in Commit
61bef9e68dca ("ASoC: SOF: Intel: hda: enforce exclusion between HDaudio and SoundWire")
does not seem to be properly implemented with two issues that need to
be corrected.
a) The test used is incorrect when DisplayAudio codecs are not supported.
b) Conversely when only Display Audio codecs can be found, we do want
to start the SoundWire links, if any. That will help add the relevant
topologies and machine descriptors, and identify cases where the
SoundWire information in ACPI needs to be modified with a quirk.
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Link: https://lore.kernel.org/r/20230606222529.57156-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Geert Uytterhoeven [Fri, 2 Jun 2023 08:50:36 +0000 (10:50 +0200)]
iopoll: Call cpu_relax() in busy loops
[ Upstream commit
b407460ee99033503993ac7437d593451fcdfe44 ]
It is considered good practice to call cpu_relax() in busy loops, see
Documentation/process/volatile-considered-harmful.rst. This can not
only lower CPU power consumption or yield to a hyperthreaded twin
processor, but also allows an architecture to mitigate hardware issues
(e.g. ARM Erratum 754327 for Cortex-A9 prior to r2p0) in the
architecture-specific cpu_relax() implementation.
In addition, cpu_relax() is also a compiler barrier. It is not
immediately obvious that the @op argument "function" will result in an
actual function call (e.g. in case of inlining).
Where a function call is a C sequence point, this is lost on inlining.
Therefore, with agressive enough optimization it might be possible for
the compiler to hoist the:
(val) = op(args);
"load" out of the loop because it doesn't see the value changing. The
addition of cpu_relax() would inhibit this.
As the iopoll helpers lack calls to cpu_relax(), people are sometimes
reluctant to use them, and may fall back to open-coded polling loops
(including cpu_relax() calls) instead.
Fix this by adding calls to cpu_relax() to the iopoll helpers:
- For the non-atomic case, it is sufficient to call cpu_relax() in
case of a zero sleep-between-reads value, as a call to
usleep_range() is a safe barrier otherwise. However, it doesn't
hurt to add the call regardless, for simplicity, and for similarity
with the atomic case below.
- For the atomic case, cpu_relax() must be called regardless of the
sleep-between-reads value, as there is no guarantee all
architecture-specific implementations of udelay() handle this.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Link: https://lore.kernel.org/r/45c87bec3397fdd704376807f0eec5cc71be440f.1685692810.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
Uday M Bhat [Fri, 2 Jun 2023 20:22:24 +0000 (15:22 -0500)]
ASoC: Intel: sof_sdw: Add support for Rex soundwire
[ Upstream commit
164e5dc17525181c05563f0a06796f1a363801d5 ]
Add rex entry in the soundwire quirk table
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Signed-off-by: Yong Zhi <yong.zhi@intel.com>
Signed-off-by: Uday M Bhat <uday.m.bhat@intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20230602202225.249209-28-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Bard Liao [Fri, 2 Jun 2023 20:22:04 +0000 (15:22 -0500)]
ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit
[ Upstream commit
526a1876fc48e2d0c0ea8ad63b58bdb2cc13047f ]
if (!SOF_RT711_JDSRC(sof_sdw_quirk)) is tested in rt711_sdca_add_codec_
device_props(), and we don't add software node to the device if jack
source is not set. We need to do the same test in
sof_sdw_rt711_sdca_exit(), and avoid removing software node if jack
source is not set.
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20230602202225.249209-8-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Oleksij Rempel [Tue, 30 May 2023 12:03:44 +0000 (14:03 +0200)]
ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings
[ Upstream commit
1d14bd943fa2bbdfda1efbcc080b298fed5f1803 ]
Fix USB-related warnings in prtrvt, prtvt7, prti6q and prtwd2 device trees
by disabling unused usbphynop1 and usbphynop2 USB PHYs and providing proper
configuration for the over-current detection. This fixes the following
warnings with the current kernel:
usb_phy_generic usbphynop1: dummy supplies not allowed for exclusive requests
usb_phy_generic usbphynop2: dummy supplies not allowed for exclusive requests
imx_usb 2184200.usb: No over current polarity defined
By the way, fix over-current detection on usbotg port for prtvt7, prti6q
and prtwd2 boards. Only prtrvt do not have OC on USB OTG port.
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Venkata Prasad Potturu [Tue, 30 May 2023 11:07:58 +0000 (16:37 +0530)]
ASoC: amd: vangogh: Add check for acp config flags in vangogh platform
[ Upstream commit
e89f45edb747ed88e97a5771dd6d3dd1eb517873 ]
We have SOF and generic ACP support enabled for Vangogh platform
on some machines. Since we have same PCI id used for probing,
add check for machine configuration flag to avoid conflict with
newer pci drivers. Such machine flag has been initialized via
dmi match on few Vangogh based machines. If no flag is
specified probe and register older platform device.
Signed-off-by: Venkata Prasad Potturu <venkataprasad.potturu@amd.com>
Link: https://lore.kernel.org/r/20230530110802.674939-1-venkataprasad.potturu@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Wolfram Sang [Tue, 9 May 2023 07:48:17 +0000 (09:48 +0200)]
drm: rcar-du: remove R-Car H3 ES1.* workarounds
[ Upstream commit
2da4b728f994a1f9189a8066b0be90b615768764 ]
R-Car H3 ES1.* was only available to an internal development group and
needed a lot of quirks and workarounds. These become a maintenance
burden now, so our development group decided to remove upstream support
for this SoC and prevent booting it. Public users only have ES2 onwards.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Raphael Gallais-Pou [Mon, 15 May 2023 12:38:18 +0000 (14:38 +0200)]
drm/stm: ltdc: fix late dereference check
[ Upstream commit
898a9e3f56db9860ab091d4bf41b6caa99aafc3d ]
In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a
container_of() before the pointer check. This could cause a kernel panic.
Fix this smatch warning:
drivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119)
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/lkml/
202212241802.zeLFZCXB-lkp@intel.com/
Reported-by: Dan Carpenter <error27@gmail.com>
Closes: https://lore.kernel.org/lkml/
202212241802.zeLFZCXB-lkp@intel.com/
Signed-off-by: Raphael Gallais-Pou <raphael.gallais-pou@foss.st.com>
Acked-by: Philippe Cornu <philippe.cornu@foss.st.com>
Signed-off-by: Philippe Cornu <philippe.cornu@foss.st.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230515123818.93971-1-raphael.gallais-pou@foss.st.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Venkata Prasad Potturu [Tue, 23 May 2023 07:20:01 +0000 (12:50 +0530)]
ASoC: SOF: amd: Add pci revision id check
[ Upstream commit
1d4a84632b90d88316986b05bcdfe715399a33db ]
Add pci revision id check for renoir and rembrandt platforms.
Signed-off-by: Venkata Prasad Potturu <venkataprasad.potturu@amd.com>
Link: https://lore.kernel.org/r/20230523072009.2379198-1-venkataprasad.potturu@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Sumit Gupta [Thu, 11 May 2023 17:32:09 +0000 (23:02 +0530)]
PCI: tegra194: Fix possible array out of bounds access
[ Upstream commit
205b3d02d57ce6dce96f6d2b9c230f56a9bf9817 ]
Add check to fix the possible array out of bounds violation by
making speed equal to GEN1_CORE_CLK_FREQ when its value is more
than the size of "pcie_gen_freq" array. This array has size of
four but possible speed (CLS) values are from "0 to 0xF". So,
"speed - 1" values are "-1 to 0xE".
Suggested-by: Bjorn Helgaas <helgaas@kernel.org>
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Link: https://lore.kernel.org/lkml/72b9168b-d4d6-4312-32ea-69358df2f2d0@nvidia.com/
Acked-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Peter Ujfalusi [Fri, 12 May 2023 17:33:05 +0000 (12:33 -0500)]
ASoC: Intel: sof_sdw: add quirk for LNL RVP
[ Upstream commit
dfe25fea968dc4884e12d471c8263f0f611b380a ]
We should use RT711_JD2_100K for on board rt711
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com
Link: https://lore.kernel.org/r/20230512173305.65399-9-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Bard Liao [Fri, 12 May 2023 17:33:00 +0000 (12:33 -0500)]
ASoC: Intel: sof_sdw: add quirk for MTL RVP
[ Upstream commit
289e1df00e49a229a1c924c059242e759a552f01 ]
We should use RT711_JD2_100K for on board rt711.
Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com
Link: https://lore.kernel.org/r/20230512173305.65399-4-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jack Xiao [Fri, 21 Apr 2023 06:20:38 +0000 (14:20 +0800)]
drm/amdgpu: fix memory leak in mes self test
[ Upstream commit
31d7c3a4fc3d312a0646990767647925d5bde540 ]
The fences associated with mes queue have to be freed
up during amdgpu_ring_fini.
Signed-off-by: Jack Xiao <Jack.Xiao@amd.com>
Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
hackyzh002 [Wed, 19 Apr 2023 12:22:33 +0000 (20:22 +0800)]
drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
[ Upstream commit
87c2213e85bd81e4a9a4d0880c256568794ae388 ]
The type of size is unsigned int, if size is 0x40000000, there will
be an integer overflow, size will be zero after size *= sizeof(uint32_t),
will cause uninitialized memory to be referenced later.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: hackyzh002 <hackyzh002@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Longlong Yao [Thu, 13 Apr 2023 05:21:45 +0000 (13:21 +0800)]
drm/amdgpu: fix calltrace warning in amddrm_buddy_fini
[ Upstream commit
01382501509871d0799bab6bd412c228486af5bf ]
The following call trace is observed when removing the amdgpu driver, which
is caused by that BOs allocated for psp are not freed until removing.
[61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy]
[61811.450577] Call Trace:
[61811.450577] <TASK>
[61811.450579] amdgpu_vram_mgr_fini+0x135/0x1c0 [amdgpu]
[61811.450728] amdgpu_ttm_fini+0x207/0x290 [amdgpu]
[61811.450870] amdgpu_bo_fini+0x27/0xa0 [amdgpu]
[61811.451012] gmc_v9_0_sw_fini+0x4a/0x60 [amdgpu]
[61811.451166] amdgpu_device_fini_sw+0x117/0x520 [amdgpu]
[61811.451306] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]
[61811.451447] devm_drm_dev_init_release+0x4d/0x80 [drm]
[61811.451466] devm_action_release+0x15/0x20
[61811.451469] release_nodes+0x40/0xb0
[61811.451471] devres_release_all+0x9b/0xd0
[61811.451473] __device_release_driver+0x1bb/0x2a0
[61811.451476] driver_detach+0xf3/0x140
[61811.451479] bus_remove_driver+0x6c/0xf0
[61811.451481] driver_unregister+0x31/0x60
[61811.451483] pci_unregister_driver+0x40/0x90
[61811.451486] amdgpu_exit+0x15/0x447 [amdgpu]
For smu v13_0_2, if the GPU supports xgmi, refer to
commit
f5c7e7797060 ("drm/amdgpu: Adjust removal control flow for smu v13_0_2"),
it will run gpu recover in AMDGPU_RESET_FOR_DEVICE_REMOVE mode when removing,
which makes all devices in hive list have hw reset but no resume except the
basic ip blocks, then other ip blocks will not call .hw_fini according to
ip_block.status.hw.
Since psp_free_shared_bufs just includes some software operations, so move
it to psp_sw_fini.
Reviewed-by: Guchun Chen <guchun.chen@amd.com>
Reviewed-by: Feifei Xu <Feifei.Xu@amd.com>
Signed-off-by: Longlong Yao <Longlong.Yao@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Li Yang [Wed, 2 Aug 2023 19:13:46 +0000 (14:13 -0500)]
net: phy: at803x: fix the wol setting functions
[ Upstream commit
e58f30246c35c126c7571065b33bee4b3b1d2ef8 ]
In commit
7beecaf7d507 ("net: phy: at803x: improve the WOL feature"), it
seems not correct to use a wol_en bit in a 1588 Control Register which is
only available on AR8031/AR8033(share the same phy_id) to determine if WoL
is enabled. Change it back to use AT803X_INTR_ENABLE_WOL for determining
the WoL status which is applicable on all chips supporting wol. Also update
the at803x_set_wol() function to only update the 1588 register on chips
having it. After this change, disabling wol at probe from commit
d7cd5e06c9dd ("net: phy: at803x: disable WOL at probe") is no longer
needed. Change it to just disable the WoL bit in 1588 register for
AR8031/AR8033 to be aligned with AT803X_INTR_ENABLE_WOL in probe.
Fixes:
7beecaf7d507 ("net: phy: at803x: improve the WOL feature")
Signed-off-by: Li Yang <leoyang.li@nxp.com>
Reviewed-by: Viorel Suman <viorel.suman@nxp.com>
Reviewed-by: Wei Fang <wei.fang@nxp.com>
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Christophe JAILLET [Sat, 17 Jun 2023 14:24:37 +0000 (16:24 +0200)]
net: phy: at803x: Use devm_regulator_get_enable_optional()
[ Upstream commit
988e8d90b3dc482637532e61bc2d58bfc4af5167 ]
Use devm_regulator_get_enable_optional() instead of hand writing it. It
saves some line of code.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of:
e58f30246c35 ("net: phy: at803x: fix the wol setting functions")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Gerd Bayer [Fri, 4 Aug 2023 17:06:23 +0000 (19:06 +0200)]
net/smc: Fix setsockopt and sysctl to specify same buffer size again
[ Upstream commit
833bac7ec392bf75053c8a4fa4c36d4148dac77d ]
Commit
0227f058aa29 ("net/smc: Unbind r/w buffer size from clcsock
and make them tunable") introduced the net.smc.rmem and net.smc.wmem
sysctls to specify the size of buffers to be used for SMC type
connections. This created a regression for users that specified the
buffer size via setsockopt() as the effective buffer size was now
doubled.
Re-introduce the division by 2 in the SMC buffer create code and level
this out by duplicating the net.smc.[rw]mem values used for initializing
sk_rcvbuf/sk_sndbuf at socket creation time. This gives users of both
methods (setsockopt or sysctl) the effective buffer size that they
expect.
Initialize net.smc.[rw]mem from its own constant of 64kB, respectively.
Internal performance tests show that this value is a good compromise
between throughput/latency and memory consumption. Also, this decouples
it from any tuning that was done to net.ipv4.tcp_[rw]mem[1] before the
module for SMC protocol was loaded. Check that no more than INT_MAX / 2
is assigned to net.smc.[rw]mem, in order to avoid any overflow condition
when that is doubled for use in sk_sndbuf or sk_rcvbuf.
While at it, drop the confusing sk_buf_size variable from
__smc_buf_create and name "compressed" buffer size variables more
consistently.
Background:
Before the commit mentioned above, SMC's buffer allocator in
__smc_buf_create() always used half of the sockets' sk_rcvbuf/sk_sndbuf
value as initial value to search for appropriate buffers. If the search
resorted to using a bigger buffer when all buffers of the specified
size were busy, the duplicate of the used effective buffer size is
stored back to sk_rcvbuf/sk_sndbuf.
When available, buffers of exactly the size that a user had specified as
input to setsockopt() were used, despite setsockopt()'s documentation in
"man 7 socket" talking of a mandatory duplication:
[...]
SO_SNDBUF
Sets or gets the maximum socket send buffer in bytes.
The kernel doubles this value (to allow space for book‐
keeping overhead) when it is set using setsockopt(2),
and this doubled value is returned by getsockopt(2).
The default value is set by the
/proc/sys/net/core/wmem_default file and the maximum
allowed value is set by the /proc/sys/net/core/wmem_max
file. The minimum (doubled) value for this option is
2048.
[...]
Fixes:
0227f058aa29 ("net/smc: Unbind r/w buffer size from clcsock and make them tunable")
Co-developed-by: Jan Karcher <jaka@linux.ibm.com>
Signed-off-by: Jan Karcher <jaka@linux.ibm.com>
Reviewed-by: Wenjia Zhang <wenjia@linux.ibm.com>
Reviewed-by: Tony Lu <tonylu@linux.alibaba.com>
Signed-off-by: Gerd Bayer <gbayer@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
D. Wythe [Thu, 2 Feb 2023 08:26:42 +0000 (16:26 +0800)]
net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore
[ Upstream commit
aff7bfed9097435ea38de919befbe2d7771a3e87 ]
It's clear that rmbs_lock and sndbufs_lock are aims to protect the
rmbs list or the sndbufs list.
During connection establieshment, smc_buf_get_slot() will always
be invoked, and it only performs read semantics in rmbs list and
sndbufs list.
Based on the above considerations, we replace mutex with rw_semaphore.
Only smc_buf_get_slot() use down_read() to allow smc_buf_get_slot()
run concurrently, other part use down_write() to keep exclusive
semantics.
Signed-off-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of:
833bac7ec392 ("net/smc: Fix setsockopt and sysctl to specify same buffer size again")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ido Schimmel [Tue, 8 Aug 2023 14:14:57 +0000 (17:14 +0300)]
selftests: forwarding: tc_actions: Use ncat instead of nc
[ Upstream commit
5e8670610b93158ffacc3241f835454ff26a3469 ]
The test relies on 'nc' being the netcat version from the nmap project.
While this seems to be the case on Fedora, it is not the case on Ubuntu,
resulting in failures such as [1].
Fix by explicitly using the 'ncat' utility from the nmap project and the
skip the test in case it is not installed.
[1]
# timeout set to 0
# selftests: net/forwarding: tc_actions.sh
# TEST: gact drop and ok (skip_hw) [ OK ]
# TEST: mirred egress flower redirect (skip_hw) [ OK ]
# TEST: mirred egress flower mirror (skip_hw) [ OK ]
# TEST: mirred egress matchall mirror (skip_hw) [ OK ]
# TEST: mirred_egress_to_ingress (skip_hw) [ OK ]
# nc: invalid option -- '-'
# usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
# [-m minttl] [-O length] [-P proxy_username] [-p source_port]
# [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]
# [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]
# [destination] [port]
# nc: invalid option -- '-'
# usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
# [-m minttl] [-O length] [-P proxy_username] [-p source_port]
# [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]
# [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]
# [destination] [port]
# TEST: mirred_egress_to_ingress_tcp (skip_hw) [FAIL]
# server output check failed
# INFO: Could not test offloaded functionality
not ok 80 selftests: net/forwarding: tc_actions.sh # exit=1
Fixes:
ca22da2fbd69 ("act_mirred: use the backlog for nested calls to mirred ingress")
Reported-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Closes: https://lore.kernel.org/netdev/
adc5e40d-d040-a65e-eb26-
edf47dac5b02@alu.unizg.hr/
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Tested-by: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20230808141503.4060661-12-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Davide Caratti [Tue, 14 Feb 2023 09:52:37 +0000 (10:52 +0100)]
selftests: forwarding: tc_actions: cleanup temporary files when test is aborted
[ Upstream commit
f58531716ced8975a4ade108ef4af35f98722af7 ]
remove temporary files created by 'mirred_egress_to_ingress_tcp' test
in the cleanup() handler. Also, change variable names to avoid clashing
with globals from lib.sh.
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Link: https://lore.kernel.org/r/091649045a017fc00095ecbb75884e5681f7025f.1676368027.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of:
5e8670610b93 ("selftests: forwarding: tc_actions: Use ncat instead of nc")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Andrew Yang [Fri, 21 Jul 2023 06:37:01 +0000 (14:37 +0800)]
zsmalloc: fix races between modifications of fullness and isolated
[ Upstream commit
4b5d1e47b69426c0f7491d97d73ad0152d02d437 ]
We encountered many kernel exceptions of VM_BUG_ON(zspage->isolated ==
0) in dec_zspage_isolation() and BUG_ON(!pages[1]) in zs_unmap_object()
lately. This issue only occurs when migration and reclamation occur at
the same time.
With our memory stress test, we can reproduce this issue several times
a day. We have no idea why no one else encountered this issue. BTW,
we switched to the new kernel version with this defect a few months
ago.
Since fullness and isolated share the same unsigned int, modifications of
them should be protected by the same lock.
[andrew.yang@mediatek.com: move comment]
Link: https://lkml.kernel.org/r/20230727062910.6337-1-andrew.yang@mediatek.com
Link: https://lkml.kernel.org/r/20230721063705.11455-1-andrew.yang@mediatek.com
Fixes:
c4549b871102 ("zsmalloc: remove zspage isolation for migration")
Signed-off-by: Andrew Yang <andrew.yang@mediatek.com>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nhat Pham [Mon, 28 Nov 2022 19:16:12 +0000 (11:16 -0800)]
zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks
[ Upstream commit
c0547d0b6a4b637db05406b90ba82e1b2e71de56 ]
Currently, zsmalloc has a hierarchy of locks, which includes a pool-level
migrate_lock, and a lock for each size class. We have to obtain both
locks in the hotpath in most cases anyway, except for zs_malloc. This
exception will no longer exist when we introduce a LRU into the zs_pool
for the new writeback functionality - we will need to obtain a pool-level
lock to synchronize LRU handling even in zs_malloc.
In preparation for zsmalloc writeback, consolidate these locks into a
single pool-level lock, which drastically reduces the complexity of
synchronization in zsmalloc.
We have also benchmarked the lock consolidation to see the performance
effect of this change on zram.
First, we ran a synthetic FS workload on a server machine with 36 cores
(same machine for all runs), using
fs_mark -d ../zram1mnt -s 100000 -n 2500 -t 32 -k
before and after for btrfs and ext4 on zram (FS usage is 80%).
Here is the result (unit is file/second):
With lock consolidation (btrfs):
Average: 13520.2, Median: 13531.0, Stddev: 137.
5961482019028
Without lock consolidation (btrfs):
Average: 13487.2, Median: 13575.0, Stddev: 309.
08283679298665
With lock consolidation (ext4):
Average: 16824.4, Median: 16839.0, Stddev: 89.
97388510006668
Without lock consolidation (ext4)
Average: 16958.0, Median: 16986.0, Stddev: 194.
7370021336469
As you can see, we observe a 0.3% regression for btrfs, and a 0.9%
regression for ext4. This is a small, barely measurable difference in my
opinion.
For a more realistic scenario, we also tries building the kernel on zram.
Here is the time it takes (in seconds):
With lock consolidation (btrfs):
real
Average: 319.6, Median: 320.0, Stddev: 0.
8944271909999159
user
Average: 6894.2, Median: 6895.0, Stddev: 25.
528415540334656
sys
Average: 521.4, Median: 522.0, Stddev: 1.
51657508881031
Without lock consolidation (btrfs):
real
Average: 319.8, Median: 320.0, Stddev: 0.
8366600265340756
user
Average: 6896.6, Median: 6899.0, Stddev: 16.
04057355583023
sys
Average: 520.6, Median: 521.0, Stddev: 1.
140175425099138
With lock consolidation (ext4):
real
Average: 320.0, Median: 319.0, Stddev: 1.
4142135623730951
user
Average: 6896.8, Median: 6878.0, Stddev: 28.
621670111997307
sys
Average: 521.2, Median: 521.0, Stddev: 1.
7888543819998317
Without lock consolidation (ext4)
real
Average: 319.6, Median: 319.0, Stddev: 0.
8944271909999159
user
Average: 6886.2, Median: 6887.0, Stddev: 16.
93221781102523
sys
Average: 520.4, Median: 520.0, Stddev: 1.
140175425099138
The difference is entirely within the noise of a typical run on zram.
This hardly justifies the complexity of maintaining both the pool lock and
the class lock. In fact, for writeback, we would need to introduce yet
another lock to prevent data races on the pool's LRU, further complicating
the lock handling logic. IMHO, it is just better to collapse all of these
into a single pool-level lock.
Link: https://lkml.kernel.org/r/20221128191616.1261026-4-nphamcs@gmail.com
Signed-off-by: Nhat Pham <nphamcs@gmail.com>
Suggested-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Minchan Kim <minchan@kernel.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: Dan Streetman <ddstreet@ieee.org>
Cc: Nitin Gupta <ngupta@vflare.org>
Cc: Seth Jennings <sjenning@redhat.com>
Cc: Vitaly Wool <vitaly.wool@konsulko.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Stable-dep-of:
4b5d1e47b694 ("zsmalloc: fix races between modifications of fullness and isolated")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Maulik Shah [Mon, 3 Jul 2023 08:55:54 +0000 (14:25 +0530)]
cpuidle: psci: Move enabling OSI mode after power domains creation
[ Upstream commit
12acb348fa4528a4203edf1cce7a3be2c9af2279 ]
A switch from OSI to PC mode is only possible if all CPUs other than the
calling one are OFF, either through a call to CPU_OFF or not yet booted.
Currently OSI mode is enabled before power domains are created. In cases
where CPUidle states are not using hierarchical CPU topology the bail out
path tries to switch back to PC mode which gets denied by firmware since
other CPUs are online at this point and creates inconsistent state as
firmware is in OSI mode and Linux in PC mode.
This change moves enabling OSI mode after power domains are created,
this would makes sure that hierarchical CPU topology is used before
switching firmware to OSI mode.
Cc: stable@vger.kernel.org
Fixes:
70c179b49870 ("cpuidle: psci: Allow PM domain to be initialized even if no OSI mode")
Signed-off-by: Maulik Shah <quic_mkshah@quicinc.com>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ulf Hansson [Thu, 20 Oct 2022 11:55:13 +0000 (13:55 +0200)]
cpuidle: psci: Extend information in log about OSI/PC mode
[ Upstream commit
668057b07db069daac3ca4e4978f8373db9cb71c ]
It's useful to understand whether we are using OS-initiated (OSI) mode or
Platform Coordinated (PC) mode, when initializing the CPU PM domains.
Therefore, let's extend the print in the log after a successful probe with
this information.
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Sudeep Holla <sudeep.holla@arm.com
Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Stable-dep-of:
12acb348fa45 ("cpuidle: psci: Move enabling OSI mode after power domains creation")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Kunihiko Hayashi [Fri, 30 Jun 2023 00:45:33 +0000 (09:45 +0900)]
mmc: sdhci-f-sdh30: Replace with sdhci_pltfm
[ Upstream commit
5def5c1c15bf22934ee227af85c1716762f3829f ]
Even if sdhci_pltfm_pmops is specified for PM, this driver doesn't apply
sdhci_pltfm, so the structure is not correctly referenced in PM functions.
This applies sdhci_pltfm to this driver to fix this issue.
- Call sdhci_pltfm_init() instead of sdhci_alloc_host() and
other functions that covered by sdhci_pltfm.
- Move ops and quirks to sdhci_pltfm_data
- Replace sdhci_priv() with own private function sdhci_f_sdh30_priv().
Fixes:
87a507459f49 ("mmc: sdhci: host: add new f_sdh30")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230630004533.26644-1-hayashi.kunihiko@socionext.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Kroah-Hartman [Wed, 16 Aug 2023 16:27:31 +0000 (18:27 +0200)]
Linux 6.1.46
Link: https://lore.kernel.org/r/20230813211718.757428827@linuxfoundation.org
Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
Tested-by: Takeshi Ogasawara <takeshi.ogasawara@futuring-girl.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Tested-by: SeongJae Park <sj@kernel.org>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Ron Economos <re@w6rz.net>
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
Tested-by: Allen Pais <apais@linux.microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alex Deucher [Mon, 6 Feb 2023 16:47:47 +0000 (11:47 -0500)]
drm/amd/pm/smu7: move variables to where they are used
commit
63a9ab264a8c030482ab9e7e20b6c4c162299531 upstream.
Move variable declarations to where they are used. Fixes
a segfault on smu7 V0 structures where some tables don't
exist.
Cc: Evan Quan <evan.quan@amd.com>
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2388
Fixes:
b1a9557a7d00 ("drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings")
Reviewed-by: Evan Quan <evan.quan@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Dumazet [Thu, 22 Jun 2023 18:15:03 +0000 (18:15 +0000)]
sch_netem: fix issues in netem_change() vs get_dist_table()
commit
11b73313c12403f617b47752db0ab3deef201af7 upstream.
In blamed commit, I missed that get_dist_table() was allocating
memory using GFP_KERNEL, and acquiring qdisc lock to perform
the swap of newly allocated table with current one.
In this patch, get_dist_table() is allocating memory and
copy user data before we acquire the qdisc lock.
Then we perform swap operations while being protected by the lock.
Note that after this patch netem_change() no longer can do partial changes.
If an error is returned, qdisc conf is left unchanged.
Fixes:
2174a08db80d ("sch_netem: acquire qdisc lock in netem_change()")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230622181503.2327695-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Masahiro Yamada [Sat, 29 Jul 2023 07:42:23 +0000 (16:42 +0900)]
alpha: remove __init annotation from exported page_is_ram()
commit
6ccbd7fd474674654019a20177c943359469103a upstream.
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization.
Commit
c5a130325f13 ("ACPI/APEI: Add parameter check before error
injection") exported page_is_ram(), hence the __init annotation should
be removed.
This fixes the modpost warning in ARCH=alpha builds:
WARNING: modpost: vmlinux: page_is_ram: EXPORT_SYMBOL used for init symbol. Remove __init or EXPORT_SYMBOL.
Fixes:
c5a130325f13 ("ACPI/APEI: Add parameter check before error injection")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Simon Trimmer [Fri, 28 Jul 2023 11:13:45 +0000 (12:13 +0100)]
ACPI: scan: Create platform device for CS35L56
commit
1cd0302be5645420f73090aee26fa787287e1096 upstream.
The ACPI device CSC3556 is a Cirrus Logic CS35L56 mono amplifier which
is used in multiples, and can be connected either to I2C or SPI.
There will be multiple instances under the same Device() node. Add it
to ignore_serial_bus_ids and handle it in the serial-multi-instantiate
driver.
There can be a 5th I2cSerialBusV2, but this is an alias address and doesn't
represent a real device. Ignore this by having a dummy 5th entry in the
serial-multi-instantiate instance list with the name of a non-existent
driver, on the same pattern as done for bsg2150.
Signed-off-by: Simon Trimmer <simont@opensource.cirrus.com>
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Link: https://lore.kernel.org/r/20230728111345.7224-1-rf@opensource.cirrus.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David Xu [Thu, 13 Jul 2023 13:35:28 +0000 (21:35 +0800)]
platform/x86: serial-multi-instantiate: Auto detect IRQ resource for CSC3551
commit
676b7c5ecab36274442887ceadd6dee8248a244f upstream.
The current code assumes that the CSC3551(multiple cs35l41) always have
its interrupt pin connected to GPIO thus the IRQ can be acquired with
acpi_dev_gpio_irq_get. However on some newer laptop models this is no
longer the case as they have the CSC3551's interrupt pin connected to
APIC. This causes smi_i2c_probe to fail on these machines.
To support these machines, a new macro IRQ_RESOURCE_AUTO was introduced
for cs35l41 smi_node, and smi_get_irq function was modified so it tries
to get GPIO irq resource first and if failed, tries to get
APIC irq resource for cs35l41.
This patch affects only the cs35l41's probing and brings no negative
influence on machines that indeed have the cs35l41's interrupt pin
connected to GPIO.
Signed-off-by: David Xu <xuwd1@hotmail.com>
Link: https://lore.kernel.org/r/SY4P282MB18350CD8288687B87FFD2243E037A@SY4P282MB1835.AUSP282.PROD.OUTLOOK.COM
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nilesh Javali [Mon, 7 Aug 2023 09:37:24 +0000 (15:07 +0530)]
scsi: qedf: Fix firmware halt over suspend and resume
commit
ef222f551e7c4e2008fc442ffc9edcd1a7fd8f63 upstream.
While performing certain power-off sequences, PCI drivers are called to
suspend and resume their underlying devices through PCI PM (power
management) interface. However the hardware does not support PCI PM
suspend/resume operations so system wide suspend/resume leads to bad MFW
(management firmware) state which causes various follow-up errors in driver
when communicating with the device/firmware.
To fix this driver implements PCI PM suspend handler to indicate
unsupported operation to the PCI subsystem explicitly, thus avoiding system
to go into suspended/standby mode.
Fixes:
61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230807093725.46829-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nilesh Javali [Mon, 7 Aug 2023 09:37:25 +0000 (15:07 +0530)]
scsi: qedi: Fix firmware halt over suspend and resume
commit
1516ee035df32115197cd93ae3619dba7b020986 upstream.
While performing certain power-off sequences, PCI drivers are called to
suspend and resume their underlying devices through PCI PM (power
management) interface. However the hardware does not support PCI PM
suspend/resume operations so system wide suspend/resume leads to bad MFW
(management firmware) state which causes various follow-up errors in driver
when communicating with the device/firmware.
To fix this driver implements PCI PM suspend handler to indicate
unsupported operation to the PCI subsystem explicitly, thus avoiding system
to go into suspended/standby mode.
Fixes:
ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.")
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230807093725.46829-2-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Karan Tilak Kumar [Thu, 27 Jul 2023 19:39:19 +0000 (12:39 -0700)]
scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
commit
5a43b07a87835660f91d88a4db11abfea8c523b7 upstream.
fnic_clean_pending_aborts() was returning a non-zero value irrespective of
failure or success. This caused the caller of this function to assume that
the device reset had failed, even though it would succeed in most cases. As
a consequence, a successful device reset would escalate to host reset.
Reviewed-by: Sesidhar Baddela <sebaddel@cisco.com>
Tested-by: Karan Tilak Kumar <kartilak@cisco.com>
Signed-off-by: Karan Tilak Kumar <kartilak@cisco.com>
Link: https://lore.kernel.org/r/20230727193919.2519-1-kartilak@cisco.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Zhu Wang [Thu, 3 Aug 2023 02:02:30 +0000 (10:02 +0800)]
scsi: core: Fix possible memory leak if device_add() fails
commit
04b5b5cb0136ce970333a9c6cec7e46adba1ea3a upstream.
If device_add() returns error, the name allocated by dev_set_name() needs
be freed. As the comment of device_add() says, put_device() should be used
to decrease the reference count in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanp().
Fixes:
ee959b00c335 ("SCSI: convert struct class_device to struct device")
Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
Link: https://lore.kernel.org/r/20230803020230.226903-1-wangzhu9@huawei.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Zhu Wang [Tue, 1 Aug 2023 11:14:21 +0000 (19:14 +0800)]
scsi: snic: Fix possible memory leak if device_add() fails
commit
41320b18a0e0dfb236dba4edb9be12dba1878156 upstream.
If device_add() returns error, the name allocated by dev_set_name() needs
be freed. As the comment of device_add() says, put_device() should be used
to give up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanp().
Fixes:
c8806b6c9e82 ("snic: driver for Cisco SCSI HBA")
Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
Acked-by: Narsimhulu Musini <nmusini@cisco.com>
Link: https://lore.kernel.org/r/20230801111421.63651-1-wangzhu9@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexandra Diupina [Fri, 28 Jul 2023 12:35:21 +0000 (15:35 +0300)]
scsi: 53c700: Check that command slot is not NULL
commit
8366d1f1249a0d0bba41d0bd1298d63e5d34c7f7 upstream.
Add a check for the command slot value to avoid dereferencing a NULL
pointer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes:
1da177e4c3f4 ("Linux-2.6.12-rc2")
Co-developed-by: Vladimir Telezhnikov <vtelezhnikov@astralinux.ru>
Signed-off-by: Vladimir Telezhnikov <vtelezhnikov@astralinux.ru>
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Link: https://lore.kernel.org/r/20230728123521.18293-1-adiupina@astralinux.ru
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Yoshihiro Shimoda [Thu, 3 Aug 2023 08:18:12 +0000 (17:18 +0900)]
scsi: ufs: renesas: Fix private allocation
commit
b6d128f89a85771433a004e8656090ccbe1fb969 upstream.
Should use devm_kzalloc() for struct ufs_renesas_priv because the
.initialized should be false as default.
Fixes:
d69520288efd ("scsi: ufs: ufs-renesas: Add support for Renesas R-Car UFS controller")
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Link: https://lore.kernel.org/r/20230803081812.1446282-1-yoshihiro.shimoda.uh@renesas.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Michael Kelley [Sat, 29 Jul 2023 04:59:24 +0000 (21:59 -0700)]
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
commit
175544ad48cbf56affeef2a679c6a4d4fb1e2881 upstream.
Hyper-V provides the ability to connect Fibre Channel LUNs to the host
system and present them in a guest VM as a SCSI device. I/O to the vFC
device is handled by the storvsc driver. The storvsc driver includes a
partial integration with the FC transport implemented in the generic
portion of the Linux SCSI subsystem so that FC attributes can be displayed
in /sys. However, the partial integration means that some aspects of vFC
don't work properly. Unfortunately, a full and correct integration isn't
practical because of limitations in what Hyper-V provides to the guest.
In particular, in the context of Hyper-V storvsc, the FC transport timeout
function fc_eh_timed_out() causes a kernel panic because it can't find the
rport and dereferences a NULL pointer. The original patch that added the
call from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this
regard.
In many cases a timeout is due to a transient condition, so the situation
can be improved by just continuing to wait like with other I/O requests
issued by storvsc, and avoiding the guaranteed panic. For a permanent
failure, continuing to wait may result in a hung thread instead of a panic,
which again may be better.
So fix the panic by removing the storvsc call to fc_eh_timed_out(). This
allows storvsc to keep waiting for a response. The change has been tested
by users who experienced a panic in fc_eh_timed_out() due to transient
timeouts, and it solves their problem.
In the future we may want to deprecate the vFC functionality in storvsc
since it can't be fully fixed. But it has current users for whom it is
working well enough, so it should probably stay for a while longer.
Fixes:
3930d7309807 ("scsi: storvsc: use default I/O timeout handler for FC devices")
Cc: stable@vger.kernel.org
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1690606764-79669-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tony Battersby [Mon, 24 Jul 2023 18:25:40 +0000 (14:25 -0400)]
scsi: core: Fix legacy /proc parsing buffer overflow
commit
9426d3cef5000824e5f24f80ed5f42fb935f2488 upstream.
(lightly modified commit message mostly by Linus Torvalds)
The parsing code for /proc/scsi/scsi is disgusting and broken. We should
have just used 'sscanf()' or something simple like that, but the logic may
actually predate our kernel sscanf library routine for all I know. It
certainly predates both git and BK histories.
And we can't change it to be something sane like that now, because the
string matching at the start is done case-insensitively, and the separator
parsing between numbers isn't done at all, so *any* separator will work,
including a possible terminating NUL character.
This interface is root-only, and entirely for legacy use, so there is
absolutely no point in trying to tighten up the parsing. Because any
separator has traditionally worked, it's entirely possible that people have
used random characters rather than the suggested space.
So don't bother to try to pretty it up, and let's just make a minimal patch
that can be back-ported and we can forget about this whole sorry thing for
another two decades.
Just make it at least not read past the end of the supplied data.
Link: https://lore.kernel.org/linux-scsi/b570f5fe-cb7c-863a-6ed9-f6774c219b88@cybernetics.com/
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin K Petersen <martin.petersen@oracle.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: stable@kernel.org
Fixes:
1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Martin K Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pablo Neira Ayuso [Wed, 28 Jun 2023 14:24:27 +0000 (16:24 +0200)]
netfilter: nf_tables: report use refcount overflow
commit
1689f25924ada8fe14a4a82c38925d04994c7142 upstream.
Overflow use refcount checks are not complete.
Add helper function to deal with object reference counter tracking.
Report -EMFILE in case UINT_MAX is reached.
nft_use_dec() splats in case that reference counter underflows,
which should not ever happen.
Add nft_use_inc_restore() and nft_use_dec_restore() which are used
to restore reference counter from error and abort paths.
Use u32 in nft_flowtable and nft_object since helper functions cannot
work on bitfields.
Remove the few early incomplete checks now that the helper functions
are in place and used to check for refcount overflow.
Fixes:
96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>