Linus Torvalds [Fri, 22 May 2020 16:22:22 +0000 (09:22 -0700)]
Merge tag 'sound-5.7-rc7' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Just a few small fixes: the only significant one is a slight
improvement for PCM running position update with no-period-elapsed
case while the rest are HD-audio fixups and ice1712 model quirk"
* tag 'sound-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Add more fixup entries for Clevo machines
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
ALSA: pcm: fix incorrect hw_base increase
Linus Torvalds [Fri, 22 May 2020 15:51:39 +0000 (08:51 -0700)]
Merge tag 'powerpc-5.7-5' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
- a revert of a recent change to the PTE bits for 32-bit BookS, which
broke swap.
- a "fix" to disable STRICT_KERNEL_RWX for 64-bit in Kconfig, as it's
causing crashes for some people.
Thanks to Christophe Leroy and Rui Salvaterra.
* tag 'powerpc-5.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/64s: Disable STRICT_KERNEL_RWX
Revert "powerpc/32s: reorder Linux PTE bits to better match Hash PTE bits."
Linus Torvalds [Thu, 21 May 2020 23:43:35 +0000 (16:43 -0700)]
Merge tag 'apparmor-pr-2020-05-21' of git://git./linux/kernel/git/jj/linux-apparmor
Pull apparmor bug fixes from John Johansen:
- Fix use-after-free in aa_audit_rule_init
- Fix refcnt leak in policy_update
- Fix potential label refcnt leak in aa_change_profile
* tag 'apparmor-pr-2020-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: Fix use-after-free in aa_audit_rule_init
apparmor: Fix aa_label refcnt leak in policy_update
apparmor: fix potential label refcnt leak in aa_change_profile
Namjae Jeon [Thu, 21 May 2020 23:10:10 +0000 (08:10 +0900)]
exfat: add the dummy mount options to be backward compatible with staging/exfat
As Ubuntu and Fedora release new version used kernel version equal to or
higher than v5.4, They started to support kernel exfat filesystem.
Linus reported a mount error with new version of exfat on Fedora:
exfat: Unknown parameter 'namecase'
This is because there is a difference in mount option between old
staging/exfat and new exfat. And utf8, debug, and codepage options as
well as namecase have been removed from new exfat.
This patch add the dummy mount options as deprecated option to be
backward compatible with old one.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Sandeen <sandeen@sandeen.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Navid Emamdoost [Mon, 21 Oct 2019 15:23:47 +0000 (10:23 -0500)]
apparmor: Fix use-after-free in aa_audit_rule_init
In the implementation of aa_audit_rule_init(), when aa_label_parse()
fails the allocated memory for rule is released using
aa_audit_rule_free(). But after this release, the return statement
tries to access the label field of the rule which results in
use-after-free. Before releasing the rule, copy errNo and return it
after release.
Fixes:
52e8c38001d8 ("apparmor: Fix memory leak of rule on error exit path")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Xiyu Yang [Mon, 20 Apr 2020 05:35:28 +0000 (13:35 +0800)]
apparmor: Fix aa_label refcnt leak in policy_update
policy_update() invokes begin_current_label_crit_section(), which
returns a reference of the updated aa_label object to "label" with
increased refcount.
When policy_update() returns, "label" becomes invalid, so the refcount
should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling path of
policy_update(). When aa_may_manage_policy() returns not NULL, the
refcnt increased by begin_current_label_crit_section() is not decreased,
causing a refcnt leak.
Fix this issue by jumping to "end_section" label when
aa_may_manage_policy() returns not NULL.
Fixes:
5ac8c355ae00 ("apparmor: allow introspecting the loaded policy pre internal transform")
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Xiyu Yang [Sun, 5 Apr 2020 05:11:55 +0000 (13:11 +0800)]
apparmor: fix potential label refcnt leak in aa_change_profile
aa_change_profile() invokes aa_get_current_label(), which returns
a reference of the current task's label.
According to the comment of aa_get_current_label(), the returned
reference must be put with aa_put_label().
However, when the original object pointed by "label" becomes
unreachable because aa_change_profile() returns or a new object
is assigned to "label", reference count increased by
aa_get_current_label() is not decreased, causing a refcnt leak.
Fix this by calling aa_put_label() before aa_change_profile() return
and dropping unnecessary aa_get_current_label().
Fixes:
9fcf78cca198 ("apparmor: update domain transitions that are subsets of confinement at nnp")
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Linus Torvalds [Thu, 21 May 2020 19:59:29 +0000 (12:59 -0700)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost
Pull virtio fixes from Michael Tsirkin:
"Fix a couple of build warnings"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
vhost: missing __user tags
vdpasim: remove unused variable 'ret'
Linus Torvalds [Thu, 21 May 2020 19:07:25 +0000 (12:07 -0700)]
Merge tag 'dmaengine-fix-5.7-rc7' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Some driver fixes:
- dmatest restoration of defaults
- tegra210-adma probe handling fix
- k3-udma flags fixed for slave_sg and memcpy
- list fix for zynqmp_dma
- idxd interrupt completion fix
- lock fix for owl"
* tag 'dmaengine-fix-5.7-rc7' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
dmaengine: ti: k3-udma: Fix TR mode flags for slave_sg and memcpy
dmaengine: zynqmp_dma: Move list_del inside zynqmp_dma_free_descriptor.
dmaengine: dmatest: Restore default for channel
dmaengine: idxd: fix interrupt completion after unmasking
dmaengine: owl: Use correct lock in owl_dma_get_pchan()
Linus Torvalds [Thu, 21 May 2020 18:37:20 +0000 (11:37 -0700)]
Merge tag 'fiemap-regression-fix' of git://git./linux/kernel/git/tytso/ext4
Pull ext4 fixes from Ted Ts'o:
"Fix regression in ext4's FIEMAP handling introduced in v5.7-rc1"
* tag 'fiemap-regression-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: fix fiemap size checks for bitmap files
ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
Michael Ellerman [Wed, 20 May 2020 13:36:05 +0000 (23:36 +1000)]
powerpc/64s: Disable STRICT_KERNEL_RWX
Several strange crashes have been eventually traced back to
STRICT_KERNEL_RWX and its interaction with code patching.
Various paths in our ftrace, kprobes and other patching code need to
be hardened against patching failures, otherwise we can end up running
with partially/incorrectly patched ftrace paths, kprobes or jump
labels, which can then cause strange crashes.
Although fixes for those are in development, they're not -rc material.
There also seem to be problems with the underlying strict RWX logic,
which needs further debugging.
So for now disable STRICT_KERNEL_RWX on 64-bit to prevent people from
enabling the option and tripping over the bugs.
Fixes:
1e0fc9d1eb2b ("powerpc/Kconfig: Enable STRICT_KERNEL_RWX for some configs")
Cc: stable@vger.kernel.org # v4.13+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200520133605.972649-1-mpe@ellerman.id.au
Linus Torvalds [Wed, 20 May 2020 20:23:55 +0000 (13:23 -0700)]
Merge tag 'fixes-for-5.7-rc6' of git://git./linux/kernel/git/mtd/linux
Pull MTD fixes from Richard Weinberger:
- Fix a PM regression in brcmnand driver
- Propagate ECC information correctly on SPI-NAND
- Make sure no MTD name is used multiple time in nvmem
* tag 'fixes-for-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
mtd:rawnand: brcmnand: Fix PM resume crash
mtd: Fix mtd not registered due to nvmem name collision
mtd: spinand: Propagate ECC information to the MTD structure
Linus Torvalds [Wed, 20 May 2020 20:07:01 +0000 (13:07 -0700)]
Merge tag 'for-linus-5.7-rc6' of git://git./linux/kernel/git/rw/ubifs
Pull UBI and UBIFS fixes from Richard Weinberger:
- Correctly set next cursor for detailed_erase_block_info debugfs file
- Don't use crypto_shash_descsize() for digest size in UBIFS
- Remove broken lazytime support from UBIFS
* tag 'for-linus-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
ubifs: fix wrong use of crypto_shash_descsize()
ubifs: remove broken lazytime support
Linus Torvalds [Wed, 20 May 2020 19:56:21 +0000 (12:56 -0700)]
Merge tag 'for-linus-5.7-rc6' of git://git./linux/kernel/git/rw/uml
Pull UML fixes from Richard Weinberger:
- Two missing includes which caused build issues on recent systems
- Correctly set TRANS_GRE_LEN in our vector network driver
* tag 'for-linus-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: Fix typo in vector driver transport option definition
um: syscall.c: include <asm/unistd.h>
um: Fix xor.h include
Linus Torvalds [Wed, 20 May 2020 18:33:30 +0000 (11:33 -0700)]
Merge tag 'pm-5.7-rc7' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management fix from Rafael Wysocki:
"This makes a recently introduced suspend-to-idle wakeup issue on Dell
XPS13 9360 go away"
* tag 'pm-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive
Linus Torvalds [Wed, 20 May 2020 18:28:35 +0000 (11:28 -0700)]
Merge tag 'ovl-fixes-5.7-rc7' of git://git./linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
"Fix two bugs introduced in this cycle and one introduced in v5.5"
* tag 'ovl-fixes-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: potential crash in ovl_fid_to_fh()
ovl: clear ATTR_OPEN from attr->ia_valid
ovl: clear ATTR_FILE from attr->ia_valid
Tetsuo Handa [Tue, 19 May 2020 23:51:59 +0000 (08:51 +0900)]
pipe: Fix pipe_full() test in opipe_prep().
syzbot is reporting that splice()ing from non-empty read side to
already-full write side causes unkillable task, for opipe_prep() is by
error not inverting pipe_full() test.
CPU: 0 PID: 9460 Comm: syz-executor.5 Not tainted 5.6.0-rc3-next-
20200228-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rol32 include/linux/bitops.h:105 [inline]
RIP: 0010:iterate_chain_key kernel/locking/lockdep.c:369 [inline]
RIP: 0010:__lock_acquire+0x6a3/0x5270 kernel/locking/lockdep.c:4178
Call Trace:
lock_acquire+0x197/0x420 kernel/locking/lockdep.c:4720
__mutex_lock_common kernel/locking/mutex.c:956 [inline]
__mutex_lock+0x156/0x13c0 kernel/locking/mutex.c:1103
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_double_lock+0x1a0/0x1e0 fs/pipe.c:104
splice_pipe_to_pipe fs/splice.c:1562 [inline]
do_splice+0x35f/0x1520 fs/splice.c:1141
__do_sys_splice fs/splice.c:1447 [inline]
__se_sys_splice fs/splice.c:1427 [inline]
__x64_sys_splice+0x2b5/0x320 fs/splice.c:1427
do_syscall_64+0xf6/0x790 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Reported-by: syzbot+b48daca8639150bc5e73@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?id=9386d051e11e09973d5a4cf79af5e8cedf79386d
Fixes:
8cefc107ca54c8b0 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Cc: stable@vger.kernel.org # 5.5+
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Christophe Leroy [Wed, 20 May 2020 10:23:45 +0000 (10:23 +0000)]
Revert "powerpc/32s: reorder Linux PTE bits to better match Hash PTE bits."
This reverts commit
697ece78f8f749aeea40f2711389901f0974017a.
The implementation of SWAP on powerpc requires page protection
bits to not be one of the least significant PTE bits.
Until the SWAP implementation is changed and this requirement voids,
we have to keep at least _PAGE_RW outside of the 3 last bits.
For now, revert to previous PTE bits order. A further rework
may come later.
Fixes:
697ece78f8f7 ("powerpc/32s: reorder Linux PTE bits to better match Hash PTE bits.")
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/b34706f8de87f84d135abb5f3ede6b6f16fb1f41.1589969799.git.christophe.leroy@csgroup.eu
Linus Torvalds [Tue, 19 May 2020 23:33:26 +0000 (16:33 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/viro/vfs
Pull vfs fix from Al Viro:
"Stable fodder fix: copy_fdtable() would get screwed on 64bit boxen
with sysctl_nr_open raised to 512M or higher, which became possible
since 2.6.25.
Nobody sane would set the things up that way, but..."
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix multiplication overflow in copy_fdtable()
Linus Torvalds [Tue, 19 May 2020 22:40:51 +0000 (15:40 -0700)]
Merge tag 'arc-5.7-rc7' of git://git./linux/kernel/git/vgupta/arc
Pull ARC fixes from Vineet Gupta:
- fix recent DSP code regression on ARC700 platforms
- fix thinkos in ICCM/DCCM size checks
- USB regression fix
- other small fixes here and there
* tag 'arc-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: show_regs: avoid extra line of output
ARC: guard dsp early init against non ARCv2
ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
ARC: entry: comment
arc: remove #ifndef CONFIG_AS_CFI_SIGNAL_FRAME
arc: ptrace: hard-code "arc" instead of UTS_MACHINE
ARC: [plat-hsdk]: fix USB regression
ARC: Fix ICCM & DCCM runtime size checks
Al Viro [Tue, 19 May 2020 21:48:52 +0000 (17:48 -0400)]
fix multiplication overflow in copy_fdtable()
cpy and set really should be size_t; we won't get an overflow on that,
since sysctl_nr_open can't be set above ~(size_t)0 / sizeof(void *),
so nr that would've managed to overflow size_t on that multiplication
won't get anywhere near copy_fdtable() - we'll fail with EMFILE
before that.
Cc: stable@kernel.org # v2.6.25+
Fixes:
9cfe015aa424 (get rid of NR_OPEN and introduce a sysctl_nr_open)
Reported-by: Thiago Macieira <thiago.macieira@intel.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Christoph Hellwig [Tue, 5 May 2020 15:43:15 +0000 (17:43 +0200)]
ext4: fix fiemap size checks for bitmap files
Add an extra validation of the len parameter, as for ext4 some files
might have smaller file size limits than others. This also means the
redundant size check in ext4_ioctl_get_es_cache can go away, as all
size checking is done in the shared fiemap handler.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ritesh Harjani <riteshh@linux.ibm.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20200505154324.3226743-3-hch@lst.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Ritesh Harjani [Tue, 5 May 2020 15:43:14 +0000 (17:43 +0200)]
ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
ext4 supports max number of logical blocks in a file to be 0xffffffff.
(This is since ext4_extent's ee_block is __le32).
This means that EXT4_MAX_LOGICAL_BLOCK should be 0xfffffffe (starting
from 0 logical offset). This patch fixes this.
The issue was seen when ext4 moved to iomap_fiemap API and when
overlayfs was mounted on top of ext4. Since overlayfs was missing
filemap_check_ranges(), so it could pass a arbitrary huge length which
lead to overflow of map.m_len logic.
This patch fixes that.
Fixes:
d3b6f23f7167 ("ext4: move ext4_fiemap to use iomap framework")
Reported-by: syzbot+77fa5bdb65cc39711820@syzkaller.appspotmail.com
Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20200505154324.3226743-2-hch@lst.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Linus Torvalds [Tue, 19 May 2020 18:52:24 +0000 (11:52 -0700)]
Merge branch 'i2c/for-current-fixed' of git://git./linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"A set of driver and core fixes as well as MAINTAINER update"
* 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
MAINTAINERS: add maintainer for mediatek i2c controller driver
i2c: mux: Replace zero-length array with flexible-array
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
i2c: altera: Fix race between xfer_msg and isr thread
i2c: algo-pca: update contact email
i2c: at91: Fix pinmux after devm_gpiod_get() for bus recovery
i2c: use my kernel.org address from now on
i2c: fix missing pm_runtime_put_sync in i2c_device_probe
Linus Torvalds [Tue, 19 May 2020 18:48:21 +0000 (11:48 -0700)]
Merge tag 'hyperv-fixes-signed' of git://git./linux/kernel/git/hyperv/linux
Pull hyperv fix from Wei Liu:
"One patch from Vitaly to fix reenlightenment notifications"
* tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
x86/hyperv: Properly suspend/resume reenlightenment notifications
Linus Torvalds [Tue, 19 May 2020 18:37:11 +0000 (11:37 -0700)]
Merge tag 'iommu-fixes-v5.7-rc6' of git://git./linux/kernel/git/joro/iommu
Pull iommu fixes from Joerg Roedel:
"All related to the AMD IOMMU driver:
- ACPI table parser fix to correctly read the UID of ACPI devices
- ACPI UID device matching fix
- Fix deferred device attachment to a domain in kdump kernels when
the IOMMU driver uses the dma-iommu DMA-API implementation"
* tag 'iommu-fixes-v5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu: Fix deferred domain attachment
iommu/amd: Fix get_acpihid_device_id()
iommu/amd: Fix over-read of ACPI UID from IVRS table
Ilya Dryomov [Tue, 19 May 2020 11:26:57 +0000 (13:26 +0200)]
vsprintf: don't obfuscate NULL and error pointers
I don't see what security concern is addressed by obfuscating NULL
and IS_ERR() error pointers, printed with %p/%pK. Given the number
of sites where %p is used (over 10000) and the fact that NULL pointers
aren't uncommon, it probably wouldn't take long for an attacker to
find the hash that corresponds to 0. Although harder, the same goes
for most common error values, such as -1, -2, -11, -14, etc.
The NULL part actually fixes a regression: NULL pointers weren't
obfuscated until commit
3e5903eb9cff ("vsprintf: Prevent crash when
dereferencing invalid pointers") which went into 5.2. I'm tacking
the IS_ERR() part on here because error pointers won't leak kernel
addresses and printing them as pointers shouldn't be any different
from e.g. %d with PTR_ERR_OR_ZERO(). Obfuscating them just makes
debugging based on existing pr_debug and friends excruciating.
Note that the "always print 0's for %pK when kptr_restrict == 2"
behaviour which goes way back is left as is.
Example output with the patch applied:
ptr error-ptr NULL
%p:
0000000001f8cc5b fffffffffffffff2 0000000000000000
%pK, kptr = 0:
0000000001f8cc5b fffffffffffffff2 0000000000000000
%px:
ffff888048c04020 fffffffffffffff2 0000000000000000
%pK, kptr = 1:
ffff888048c04020 fffffffffffffff2 0000000000000000
%pK, kptr = 2:
0000000000000000 0000000000000000 0000000000000000
Fixes:
3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Christophe JAILLET [Sat, 16 May 2020 21:42:05 +0000 (23:42 +0200)]
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
Commit
b53611fb1ce9 ("dmaengine: tegra210-adma: Fix crash during probe")
has moved some code in the probe function and reordered the error handling
path accordingly.
However, a goto has been missed.
Fix it and goto the right label if 'dma_async_device_register()' fails, so
that all resources are released.
Fixes:
b53611fb1ce9 ("dmaengine: tegra210-adma: Fix crash during probe")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20200516214205.276266-1-christophe.jaillet@wanadoo.fr
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Joerg Roedel [Tue, 19 May 2020 13:03:40 +0000 (15:03 +0200)]
iommu: Fix deferred domain attachment
The IOMMU core code has support for deferring the attachment of a domain
to a device. This is needed in kdump kernels where the new domain must
not be attached to a device before the device driver takes it over.
When the AMD IOMMU driver got converted to use the dma-iommu
implementation, the deferred attaching got lost. The code in
dma-iommu.c has support for deferred attaching, but it calls into
iommu_attach_device() to actually do it. But iommu_attach_device()
will check if the device should be deferred in it code-path and do
nothing, breaking deferred attachment.
Move the is_deferred_attach() check out of the attach_device path and
into iommu_group_add_device() to make deferred attaching work from the
dma-iommu code.
Fixes:
795bbbb9b6f8 ("iommu/dma-iommu: Handle deferred devices")
Reported-by: Jerry Snitselaar <jsnitsel@redhat.com>
Suggested-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>
Cc: Tom Murphy <murphyt7@tcd.ie>
Cc: Robin Murphy <robin.murphy@arm.com>
Link: https://lore.kernel.org/r/20200519130340.14564-1-joro@8bytes.org
Kamal Dasu [Sat, 2 May 2020 20:41:36 +0000 (16:41 -0400)]
mtd:rawnand: brcmnand: Fix PM resume crash
This change fixes crash observed on PM resume. This bug
was introduced in the change made for flash-edu support.
Fixes:
a5d53ad26a8b ("mtd: rawnand: brcmnand: Add support for flash-edu for dma transfers")
Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
PeiSen Hou [Tue, 19 May 2020 06:50:12 +0000 (08:50 +0200)]
ALSA: hda/realtek - Add more fixup entries for Clevo machines
A few known Clevo machines (PC50, PC70, X170) with ALC1220 codec need
the existing quirk for pins for PB51 and co.
Signed-off-by: PeiSen Hou <pshou@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200519065012.13119-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Ricardo Ribalda Delgado [Thu, 30 Apr 2020 13:17:21 +0000 (15:17 +0200)]
mtd: Fix mtd not registered due to nvmem name collision
When the nvmem framework is enabled, a nvmem device is created per mtd
device/partition.
It is not uncommon that a device can have multiple mtd devices with
partitions that have the same name. Eg, when there DT overlay is allowed
and the same device with mtd is attached twice.
Under that circumstances, the mtd fails to register due to a name
duplication on the nvmem framework.
With this patch we use the mtdX name instead of the partition name,
which is unique.
[ 8.948991] sysfs: cannot create duplicate filename '/bus/nvmem/devices/Production Data'
[ 8.948992] CPU: 7 PID: 246 Comm: systemd-udevd Not tainted 5.5.0-qtec-standard #13
[ 8.948993] Hardware name: AMD Dibbler/Dibbler, BIOS 05.22.04.0019 10/26/2019
[ 8.948994] Call Trace:
[ 8.948996] dump_stack+0x50/0x70
[ 8.948998] sysfs_warn_dup.cold+0x17/0x2d
[ 8.949000] sysfs_do_create_link_sd.isra.0+0xc2/0xd0
[ 8.949002] bus_add_device+0x74/0x140
[ 8.949004] device_add+0x34b/0x850
[ 8.949006] nvmem_register.part.0+0x1bf/0x640
...
[ 8.948926] mtd mtd8: Failed to register NVMEM device
Fixes:
c4dfa25ab307 ("mtd: add support for reading MTD devices via the nvmem API")
Signed-off-by: Ricardo Ribalda Delgado <ribalda@kernel.org>
Acked-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Miquel Raynal [Wed, 13 May 2020 13:10:29 +0000 (15:10 +0200)]
mtd: spinand: Propagate ECC information to the MTD structure
This is done by default in the raw NAND core (nand_base.c) but was
missing in the SPI-NAND core. Without these two lines the ecc_strength
and ecc_step_size values are not exported to the user through sysfs.
Fixes:
7529df465248 ("mtd: nand: Add core infrastructure to support SPI NANDs")
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Linus Torvalds [Mon, 18 May 2020 18:29:21 +0000 (11:29 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/zohar/linux-integrity
Pull integrity fixes from Mimi Zohar:
"A couple of miscellaneous bug fixes for the integrity subsystem:
IMA:
- Properly modify the open flags in order to calculate the file hash.
- On systems requiring the IMA policy to be signed, the policy is
loaded differently. Don't differentiate between "enforce" and
either "log" or "fix" modes how the policy is loaded.
EVM:
- Two patches to fix an EVM race condition, normally the result of
attempting to load an unsupported hash algorithm.
- Use the lockless RCU version for walking an append only list"
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
evm: Fix a small race in init_desc()
evm: Fix RCU list related warnings
ima: Fix return value of ima_write_policy()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
Scott Bahling [Mon, 18 May 2020 17:57:28 +0000 (19:57 +0200)]
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
The ST Audio ADCIII is an STDSP24 card plus extension box. With commit
e8a91ae18bdc ("ALSA: ice1712: Add support for STAudio ADCIII") we
enabled the ADCIII ports using the model=staudio option but forgot
this part to ensure the STDSP24 card is initialized properly.
Fixes:
e8a91ae18bdc ("ALSA: ice1712: Add support for STAudio ADCIII")
Signed-off-by: Scott Bahling <sbahling@suse.com>
Cc: <stable@vger.kernel.org>
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1048934
Link: https://lore.kernel.org/r/20200518175728.28766-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Linus Torvalds [Mon, 18 May 2020 17:33:13 +0000 (10:33 -0700)]
Merge tag 'for-5.7-rc7' of git://git./linux/kernel/git/linkinjeon/exfat
Pull exfat fixes from Namjae Jeon:
- Fix potential memory leak in exfat_find
- Set exfat's splice_write to iter_file_splice_write to fix a splice
failure on direct-opened files
* tag 'for-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
exfat: fix possible memory leak in exfat_find()
exfat: use iter_file_splice_write
David Howells [Sun, 17 May 2020 20:21:05 +0000 (21:21 +0100)]
afs: Don't unlock fetched data pages until the op completes successfully
Don't call req->page_done() on each page as we finish filling it with
the data coming from the network. Whilst this might speed up the
application a bit, it's a problem if there's a network failure and the
operation has to be reissued.
If this happens, an oops occurs because afs_readpages_page_done() clears
the pointer to each page it unlocks and when a retry happens, the
pointers to the pages it wants to fill are now NULL (and the pages have
been unlocked anyway).
Instead, wait till the operation completes successfully and only then
release all the pages after clearing any terminal gap (the server can
give us less data than we requested as we're allowed to ask for more
than is available).
KASAN produces a bug like the following, and even without KASAN, it can
oops and panic.
BUG: KASAN: wild-memory-access in _copy_to_iter+0x323/0x5f4
Write of size 1404 at addr
0005088000000000 by task md5sum/5235
CPU: 0 PID: 5235 Comm: md5sum Not tainted 5.7.0-rc3-fscache+ #250
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
Call Trace:
memcpy+0x39/0x58
_copy_to_iter+0x323/0x5f4
__skb_datagram_iter+0x89/0x2a6
skb_copy_datagram_iter+0x129/0x135
rxrpc_recvmsg_data.isra.0+0x615/0xd42
rxrpc_kernel_recv_data+0x1e9/0x3ae
afs_extract_data+0x139/0x33a
yfs_deliver_fs_fetch_data64+0x47a/0x91b
afs_deliver_to_call+0x304/0x709
afs_wait_for_call_to_complete+0x1cc/0x4ad
yfs_fs_fetch_data+0x279/0x288
afs_fetch_data+0x1e1/0x38d
afs_readpages+0x593/0x72e
read_pages+0xf5/0x21e
__do_page_cache_readahead+0x128/0x23f
ondemand_readahead+0x36e/0x37f
generic_file_buffered_read+0x234/0x680
new_sync_read+0x109/0x17e
vfs_read+0xe6/0x138
ksys_read+0xd8/0x14d
do_syscall_64+0x6e/0x8a
entry_SYSCALL_64_after_hwframe+0x49/0xb3
Fixes:
196ee9cd2d04 ("afs: Make afs_fs_fetch_data() take a list of pages")
Fixes:
30062bd13e36 ("afs: Implement YFS support in the fs client")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Rafael J. Wysocki [Fri, 15 May 2020 10:58:19 +0000 (12:58 +0200)]
ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive
Flushing the EC work while suspended to idle when the EC GPE status
is not set causes some EC wakeup events (notably power button and
lid ones) to be missed after a series of spurious wakeups on the Dell
XPS13 9360 in my office.
If that happens, the machine cannot be woken up from suspend-to-idle
by the power button or lid status change and it needs to be woken up
in some other way (eg. by a key press).
Flushing the EC work only after successful dispatching the EC GPE,
which means that its status has been set, avoids the issue, so change
the code in question accordingly.
Fixes:
7b301750f7f8 ("ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake()")
Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Tested-by: Chris Chiu <chiu@endlessm.com>
Christian Lachner [Mon, 18 May 2020 05:38:44 +0000 (07:38 +0200)]
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
The Gigabyte X570 Aorus Xtreme motherboard with ALC1220 codec
requires a similar workaround for Clevo laptops to enforce the
DAC/mixer connection path. Set up a quirk entry for that.
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=205275
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200518053844.42743-2-gladiac@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Brent Lu [Mon, 18 May 2020 04:30:38 +0000 (12:30 +0800)]
ALSA: pcm: fix incorrect hw_base increase
There is a corner case that ALSA keeps increasing the hw_ptr but DMA
already stop working/updating the position for a long time.
In following log we can see the position returned from DMA driver does
not move at all but the hw_ptr got increased at some point of time so
snd_pcm_avail() will return a large number which seems to be a buffer
underrun event from user space program point of view. The program
thinks there is space in the buffer and fill more data.
[ 418.510086] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 4096 avail 12368
[ 418.510149] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 6910 avail 9554
...
[ 418.681052] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 15102 avail 1362
[ 418.681130] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 16464 avail 0
[ 418.726515] sound pcmC0D5p: pos 96 hw_ptr 16464 appl_ptr 16464 avail 16368
This is because the hw_base will be increased by runtime->buffer_size
frames unconditionally if the hw_ptr is not updated for over half of
buffer time. As the hw_base increases, so does the hw_ptr increased
by the same number.
The avail value returned from snd_pcm_avail() could exceed the limit
(buffer_size) easily becase the hw_ptr itself got increased by same
buffer_size samples when the corner case happens. In following log,
the buffer_size is 16368 samples but the avail is 21810 samples so
CRAS server complains about it.
[ 418.851755] sound pcmC0D5p: pos 96 hw_ptr 16464 appl_ptr 27390 avail 5442
[ 418.926491] sound pcmC0D5p: pos 96 hw_ptr 32832 appl_ptr 27390 avail 21810
cras_server[1907]: pcm_avail returned frames larger than buf_size:
sof-glkda7219max: :0,5: 21810 > 16368
By updating runtime->hw_ptr_jiffies each time the HWSYNC is called,
the hw_base will keep the same when buffer stall happens at long as
the interval between each HWSYNC call is shorter than half of buffer
time.
Following is a log captured by a patched kernel. The hw_base/hw_ptr
value is fixed in this corner case and user space program should be
aware of the buffer stall and handle it.
[ 293.525543] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 4096 avail 12368
[ 293.525606] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 6880 avail 9584
[ 293.525975] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 10976 avail 5488
[ 293.611178] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 15072 avail 1392
[ 293.696429] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 16464 avail 0
...
[ 381.139517] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 16464 avail 0
Signed-off-by: Brent Lu <brent.lu@intel.com>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1589776238-23877-1-git-send-email-brent.lu@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Wei Yongjun [Wed, 6 May 2020 14:25:54 +0000 (14:25 +0000)]
exfat: fix possible memory leak in exfat_find()
'es' is malloced from exfat_get_dentry_set() in exfat_find() and should
be freed before leaving from the error handling cases, otherwise it will
cause memory leak.
Fixes:
5f2aa075070c ("exfat: add inode operations")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Eric Sandeen [Sat, 2 May 2020 01:34:25 +0000 (20:34 -0500)]
exfat: use iter_file_splice_write
Doing copy_file_range() on exfat with a file opened for direct IO leads
to an -EFAULT:
# xfs_io -f -d -c "truncate 32768" \
-c "copy_range -d 16384 -l 16384 -f 0" /mnt/test/junk
copy_range: Bad address
and the reason seems to be that we go through:
default_file_splice_write
splice_from_pipe
__splice_from_pipe
write_pipe_buf
__kernel_write
new_sync_write
generic_file_write_iter
generic_file_direct_write
exfat_direct_IO
do_blockdev_direct_IO
iov_iter_get_pages
and land in iterate_all_kinds(), which does "return -EFAULT" for our kvec
iter.
Setting exfat's splice_write to iter_file_splice_write fixes this and lets
fsx (which originally detected the problem) run to success from
the xfstests harness.
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Linus Torvalds [Sun, 17 May 2020 23:48:37 +0000 (16:48 -0700)]
Linux 5.7-rc6
Linus Torvalds [Sun, 17 May 2020 23:07:30 +0000 (16:07 -0700)]
Merge tag 'for-linus-5.7-2' of git://github.com/cminyard/linux-ipmi
Pull IPMI update from Corey Minyard:
"Convert i2c_new_device() to i2c_new_client_device()
Wolfram Sang has asked to have this included in 5.7 so the deprecated
API can be removed next release. There should be no functional
difference.
I think that entire this section of code can be removed; it is
leftover from other things that have since changed, but this is the
safer thing to do for now. The full removal can happen next release"
* tag 'for-linus-5.7-2' of git://github.com/cminyard/linux-ipmi:
char: ipmi: convert to use i2c_new_client_device()
Richard Weinberger [Sat, 2 May 2020 12:48:02 +0000 (14:48 +0200)]
ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
3bfa7e141b0b ("fs/seq_file.c: seq_read(): add info message about buggy .next functions")
showed that we don't use seq_file correctly.
So make sure that our ->next function always updates the position.
Fixes:
7bccd12d27b7 ("ubi: Add debugfs file for tracking PEB state")
Signed-off-by: Richard Weinberger <richard@nod.at>
Eric Biggers [Sat, 2 May 2020 05:59:45 +0000 (22:59 -0700)]
ubifs: fix wrong use of crypto_shash_descsize()
crypto_shash_descsize() returns the size of the shash_desc context
needed to compute the hash, not the size of the hash itself.
crypto_shash_digestsize() would be correct, or alternatively using
c->hash_len and c->hmac_desc_len which already store the correct values.
But actually it's simpler to just use stack arrays, so do that instead.
Fixes:
49525e5eecca ("ubifs: Add helper functions for authentication support")
Fixes:
da8ef65f9573 ("ubifs: Authenticate replayed journal")
Cc: <stable@vger.kernel.org> # v4.20+
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Linus Torvalds [Sun, 17 May 2020 19:33:00 +0000 (12:33 -0700)]
Merge tag 'clk-fixes-for-linus' of git://git./linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"Some more clk driver fixes and one core framework fix:
- A handful of TI driver fixes for bad of_node_put() and incorrect
parent names
- Rockchip rk3228 aclk_gpu* creation was interfering with lima GPU
work so we use a composite clk now
- Resuming from suspend on Tegra Jetson TK1 was broken because an
audio PLL calculated an incorrect rate
- A fix for devicetree probing on IM-PD1 by actually specifying a clk
name which is required to pass clk registration
- Avoid list corruption if registration fails for a critical clk"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: ti: clkctrl: convert subclocks to use proper names also
clk: ti: am33xx: fix RTC clock parent
clk: ti: clkctrl: Fix Bad of_node_put within clkctrl_get_name
clk: tegra: Fix initial rate for pll_a on Tegra124
clk: impd1: Look up clock-output-names
clk: Unlink clock if failed to prepare or enable
clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
Linus Torvalds [Sun, 17 May 2020 19:31:22 +0000 (12:31 -0700)]
Merge tag 'usb-5.7-rc6' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a number of USB fixes for 5.7-rc6
The "largest" in here is a bunch of raw-gadget fixes and api changes
as the driver just showed up in -rc1 and work has been done to fix up
some uapi issues found with the original submission, before it shows
up in a -final release.
Other than that, a bunch of other small USB gadget fixes, xhci fixes,
some quirks, andother tiny fixes for reported issues.
All of these have been in linux-next with no reported issues"
* tag 'usb-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits)
USB: gadget: fix illegal array access in binding with UDC
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
USB: usbfs: fix mmap dma mismatch
usb: host: xhci-plat: keep runtime active when removing host
usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
usb: cdns3: gadget: make a bunch of functions static
usb: mtu3: constify struct debugfs_reg32
usb: gadget: udc: atmel: Make some symbols static
usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
usb: raw-gadget: documentation updates
usb: raw-gadget: support stalling/halting/wedging endpoints
usb: raw-gadget: fix gadget endpoint selection
usb: raw-gadget: improve uapi headers comments
usb: typec: mux: intel: Fix DP_HPD_LVL bit field
usb: raw-gadget: fix return value of ep read ioctls
usb: dwc3: select USB_ROLE_SWITCH
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
usb: gadget: legacy: fix redundant initialization warnings
usb: gadget: tegra-xudc: Fix idle suspend/resume
...
Linus Torvalds [Sun, 17 May 2020 19:23:37 +0000 (12:23 -0700)]
Merge branch 'exec-linus' of git://git./linux/kernel/git/ebiederm/user-namespace
Pull execve fix from Eric Biederman:
"While working on my exec cleanups I found a bug in exec that I
introduced by accident a couple of years ago. I apparently missed the
fact that bprm->file can change.
Now I have a very personal motive to clean up exec and make it more
approachable.
The change is just moving woud_dump to where it acts on the final
bprm->file not the initial bprm->file. I have been careful and tested
and verify this fix works"
* 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
exec: Move would_dump into flush_old_exec
Linus Torvalds [Sun, 17 May 2020 19:20:14 +0000 (12:20 -0700)]
Merge tag 'objtool-urgent-2020-05-17' of git://git./linux/kernel/git/tip/tip
Pull x86 stack unwinding fix from Thomas Gleixner:
"A single bugfix for the ORC unwinder to ensure that the error flag
which tells the unwinding code whether a stack trace can be trusted or
not is always set correctly.
This was messed up by a couple of changes in the recent past"
* tag 'objtool-urgent-2020-05-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/unwind/orc: Fix error handling in __unwind_start()
Linus Torvalds [Sun, 17 May 2020 18:08:29 +0000 (11:08 -0700)]
Merge tag 'x86_urgent_for_v5.7-rc7' of git://git./linux/kernel/git/tip/tip
Pull x86 fix from Borislav Petkov:
"A single fix for early boot crashes of kernels built with gcc10 and
stack protector enabled"
* tag 'x86_urgent_for_v5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86: Fix early boot crash on gcc-10, third try
Eric W. Biederman [Sat, 16 May 2020 21:29:20 +0000 (16:29 -0500)]
exec: Move would_dump into flush_old_exec
I goofed when I added mm->user_ns support to would_dump. I missed the
fact that in the case of binfmt_loader, binfmt_em86, binfmt_misc, and
binfmt_script bprm->file is reassigned. Which made the move of
would_dump from setup_new_exec to __do_execve_file before exec_binprm
incorrect as it can result in would_dump running on the script instead
of the interpreter of the script.
The net result is that the code stopped making unreadable interpreters
undumpable. Which allows them to be ptraced and written to disk
without special permissions. Oops.
The move was necessary because the call in set_new_exec was after
bprm->mm was no longer valid.
To correct this mistake move the misplaced would_dump from
__do_execve_file into flos_old_exec, before exec_mmap is called.
I tested and confirmed that without this fix I can attach with gdb to
a script with an unreadable interpreter, and with this fix I can not.
Cc: stable@vger.kernel.org
Fixes:
f84df2a6f268 ("exec: Ensure mm->user_ns contains the execed files")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Linus Torvalds [Sun, 17 May 2020 04:43:11 +0000 (21:43 -0700)]
Merge tag '5.7-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French:
"Three small cifs/smb3 fixes, one for stable"
* tag '5.7-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: fix leaked reference on requeued write
cifs: Fix null pointer check in cifs_read
CIFS: Spelling s/EACCESS/EACCES/
Linus Torvalds [Sat, 16 May 2020 20:39:22 +0000 (13:39 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"A new testcase for guest debugging (gdbstub) that exposed a bunch of
bugs, mostly for AMD processors. And a few other x86 fixes"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c
KVM: SVM: Disable AVIC before setting V_IRQ
KVM: Introduce kvm_make_all_cpus_request_except()
KVM: VMX: pass correct DR6 for GD userspace exit
KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6
KVM: SVM: keep DR6 synchronized with vcpu->arch.dr6
KVM: nSVM: trap #DB and #BP to userspace if guest debugging is on
KVM: selftests: Add KVM_SET_GUEST_DEBUG test
KVM: X86: Fix single-step with KVM_SET_GUEST_DEBUG
KVM: X86: Set RTM for DB_VECTOR too for KVM_EXIT_DEBUG
KVM: x86: fix DR6 delivery for various cases of #DB injection
KVM: X86: Declare KVM_CAP_SET_GUEST_DEBUG properly
Linus Torvalds [Sat, 16 May 2020 20:34:45 +0000 (13:34 -0700)]
Merge tag 'powerpc-5.7-4' of git://git./linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
- A fix for unrecoverable SLB faults in the interrupt exit path,
introduced by the recent rewrite of interrupt exit in C.
- Four fixes for our KUAP (Kernel Userspace Access Prevention) support
on 64-bit. These are all fairly minor with the exception of the
change to evaluate the get/put_user() arguments before we enable user
access, which reduces the amount of code we run with user access
enabled.
- A fix for our secure boot IMA rules, if enforcement of module
signatures is enabled at runtime rather than build time.
- A fix to our 32-bit VDSO clock_getres() which wasn't falling back to
the syscall for unknown clocks.
- A build fix for CONFIG_PPC_KUAP_DEBUG on 32-bit BookS, and another
for 40x.
Thanks to: Christophe Leroy, Hugh Dickins, Nicholas Piggin, Aurelien
Jarno, Mimi Zohar, Nayna Jain.
* tag 'powerpc-5.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/40x: Make more space for system call exception
powerpc/vdso32: Fallback on getres syscall when clock is unknown
powerpc/32s: Fix build failure with CONFIG_PPC_KUAP_DEBUG
powerpc/ima: Fix secure boot rules in ima arch policy
powerpc/64s/kuap: Restore AMR in fast_interrupt_return
powerpc/64s/kuap: Restore AMR in system reset exception
powerpc/64/kuap: Move kuap checks out of MSR[RI]=0 regions of exit code
powerpc/64s: Fix unrecoverable SLB crashes due to preemption check
powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
Linus Torvalds [Sat, 16 May 2020 20:31:40 +0000 (13:31 -0700)]
Merge tag 'csky-for-linus-5.7-rc6' of git://github.com/c-sky/csky-linux
Pull csky updates from Guo Ren:
- fix for copy_from/to_user (a hard-to-find bug, thx Viro)
- fix for calltrace panic without FRAME_POINT
- two fixes for perf
- two build fixes
- four fixes for non-fatal bugs (msa, rm dis_irq, cleanup psr,
gdbmacros.txt)
* tag 'csky-for-linus-5.7-rc6' of git://github.com/c-sky/csky-linux:
csky: Fixup raw_copy_from_user()
csky: Fixup gdbmacros.txt with name sp in thread_struct
csky: Fixup remove unnecessary save/restore PSR code
csky: Fixup remove duplicate irq_disable
csky: Fixup calltrace panic
csky: Fixup perf callchain unwind
csky: Fixup msa highest 3 bits mask
csky: Fixup perf probe -x hungup
csky: Fixup compile error for abiv1 entry.S
csky/ftrace: Fixup error when disable CONFIG_DYNAMIC_FTRACE
Linus Torvalds [Sat, 16 May 2020 20:27:58 +0000 (13:27 -0700)]
Merge tag 'arm-soc-fixes-5.7' of git://git./linux/kernel/git/soc/soc
Pull ARM SoC/dt fixes from Arnd Bergmann:
"This round of fixes is almost exclusively device tree changes, with
trivial defconfig fixes and one compiler warning fix added in.
A number of patches are to fix dtc warnings, in particular on Amlogic,
i.MX and Rockchips.
Other notable changes include:
Renesas:
- Fix a wrong clock configuration on R-Mobile A1
- Fix IOMMU support on R-Car V3H
Allwinner
- Multiple audio fixes
Qualcomm
- Use a safe CPU voltage on MSM8996
- Fixes to match a late audio driver change
Rockchip:
- Some fixes for the newly added Pinebook Pro
NXP i.MX:
- Fix I2C1 pinctrl configuration for i.MX27 phytec-phycard board
- Fix imx6dl-yapp4-ursa board Ethernet connection
OMAP:
- A regression fix for non-existing can device on am534x-idk
- Fix flakey wlan on droid4 where some devices would not connect at
all because of internal pull being used with an external pull
- Fix occasional missed wake-up events on droid4 modem uart"
* tag 'arm-soc-fixes-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (51 commits)
ARM: dts: iwg20d-q7-dbcm-ca: Remove unneeded properties in hdmi@39
ARM: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
arm64: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
arm64: defconfig: add MEDIA_PLATFORM_SUPPORT
arm64: defconfig: ARCH_R8A7795: follow changed config symbol name
arm64: defconfig: add DRM_DISPLAY_CONNECTOR
arm64: defconfig: DRM_DUMB_VGA_DAC: follow changed config symbol name
ARM: oxnas: make ox820_boot_secondary static
ARM: dts: r8a7740: Add missing extal2 to CPG node
ARM: dts: omap4-droid4: Fix occasional lost wakeirq for uart1
ARM: dts: omap4-droid4: Fix flakey wlan by disabling internal pull for gpio
arm64: dts: allwinner: a64: Remove unused SPDIF sound card
arm64: dts: allwinner: a64: pinetab: Fix cpvdd supply name
arm64: dts: meson-g12: remove spurious blank line
arm64: dts: meson-g12b-khadas-vim3: add missing frddr_a status property
arm64: dts: meson-g12-common: fix dwc2 clock names
arm64: dts: meson-g12b-ugoos-am6: fix usb vbus-supply
arm64: dts: freescale: imx8mp: update input_val for AUDIOMIX_BIT_STREAM
ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
...
Linus Torvalds [Sat, 16 May 2020 20:24:41 +0000 (13:24 -0700)]
Merge tag 'block-5.7-2020-05-16' of git://git.kernel.dk/linux-block
Pull block fix from Jens Axboe:
"Just a single NVMe pull in here, with a single fix for a missing DMA
read memory barrier for completions"
* tag 'block-5.7-2020-05-16' of git://git.kernel.dk/linux-block:
nvme-pci: dma read memory barrier for completions
Linus Torvalds [Sat, 16 May 2020 20:20:50 +0000 (13:20 -0700)]
Merge tag 'pinctrl-v5.7-2' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"A bunch of pin control fixes, some a bit overly ripe, sorry about
that. We have important systems like Intel laptops and Qualcomm mobile
chips covered.
- Pad lock register on Intel Sunrisepoint had the wrong offset
- Fix pin config setting for the Baytrail GPIO chip
- Fix a compilation warning in the Mediatek driver
- Fix a function group name in the Actions driver
- Fix a behaviour bug in the edge polarity code in the Qualcomm
driver
- Add a missing spinlock in the Intel Cherryview driver
- Add affinity callbacks to the Qualcomm MSMGPIO chip"
* tag 'pinctrl-v5.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: qcom: Add affinity callbacks to msmgpio IRQ chip
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
pinctrl: qcom: fix wrong write in update_dual_edge
pinctrl: actions: fix function group name for i2c0_group
pinctrl: mediatek: remove shadow variable declaration
pinctrl: baytrail: Enable pin configuration setting for GPIO chip
pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H
Linus Torvalds [Sat, 16 May 2020 20:17:41 +0000 (13:17 -0700)]
Merge tag 'io_uring-5.7-2020-05-15' of git://git.kernel.dk/linux-block
Pull io_uring fixes from Jens Axboe:
"Two small fixes that should go into this release:
- Check and handle zero length splice (Pavel)
- Fix a regression in this merge window for fixed files used with
polled block IO"
* tag 'io_uring-5.7-2020-05-15' of git://git.kernel.dk/linux-block:
io_uring: polled fixed file must go through free iteration
io_uring: fix zero len do_splice()
Jens Axboe [Sat, 16 May 2020 15:25:34 +0000 (09:25 -0600)]
Merge branch 'nvme-5.7' of git://git.infradead.org/nvme into block-5.7
Pull NVMe fix from Christoph.
* 'nvme-5.7' of git://git.infradead.org/nvme:
nvme-pci: dma read memory barrier for completions
Arnd Bergmann [Fri, 15 May 2020 21:14:36 +0000 (23:14 +0200)]
Merge tag 'renesas-fixes-for-v5.7-tag2' of git://git./linux/kernel/git/geert/renesas-devel into arm/fixes
Renesas fixes for v5.7 (take two)
- Fix a wrong clock configuration on R-Mobile A1,
- Minor fixes that are fast-tracked to avoid introducing regressions
during conversion of DT bindings to json-schema.
* tag 'renesas-fixes-for-v5.7-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel:
ARM: dts: iwg20d-q7-dbcm-ca: Remove unneeded properties in hdmi@39
ARM: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
arm64: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
ARM: dts: r8a7740: Add missing extal2 to CPG node
Link: https://lore.kernel.org/r/20200515125043.22811-1-geert+renesas@glider.be
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Arnd Bergmann [Fri, 15 May 2020 21:13:45 +0000 (23:13 +0200)]
Merge tag 'sunxi-fixes-for-5.7-1' of git://git./linux/kernel/git/sunxi/linux into arm/fixes
Two fixes for the Allwinner SoCs, one to remove some inexistant sound card on
the A64, and one to fix the audio codec regulator on the pinetab.
* tag 'sunxi-fixes-for-5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux:
arm64: dts: allwinner: a64: Remove unused SPDIF sound card
arm64: dts: allwinner: a64: pinetab: Fix cpvdd supply name
Link: https://lore.kernel.org/r/f7a98a47-316d-4b1a-b5a5-0e1e330d5f52.lettre@localhost
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Linus Torvalds [Fri, 15 May 2020 21:03:13 +0000 (14:03 -0700)]
Merge tag 'nfs-for-5.7-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
Pull NFS client bugfixes from Trond Myklebust:
"Highlights include:
Stable fixes:
- nfs: fix NULL deference in nfs4_get_valid_delegation
Bugfixes:
- Fix corruption of the return value in cachefiles_read_or_alloc_pages()
- Fix several fscache cookie issues
- Fix a fscache queuing race that can trigger a BUG_ON
- NFS: Fix two use-after-free regressions due to the RPC_TASK_CRED_NOREF flag
- SUNRPC: Fix a use-after-free regression in rpc_free_client_work()
- SUNRPC: Fix a race when tearing down the rpc client debugfs directory
- SUNRPC: Signalled ASYNC tasks need to exit
- NFSv3: fix rpc receive buffer size for MOUNT call"
* tag 'nfs-for-5.7-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFSv3: fix rpc receive buffer size for MOUNT call
SUNRPC: 'Directory with parent 'rpc_clnt' already present!'
NFS/pnfs: Don't use RPC_TASK_CRED_NOREF with pnfs
NFS: Don't use RPC_TASK_CRED_NOREF with delegreturn
SUNRPC: Signalled ASYNC tasks need to exit
nfs: fix NULL deference in nfs4_get_valid_delegation
SUNRPC: fix use-after-free in rpc_free_client_work()
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
NFSv4: Fix fscache cookie aux_data to ensure change_attr is included
NFS: Fix fscache super_cookie allocation
NFS: Fix fscache super_cookie index_key from changing after umount
cachefiles: Fix corruption of the return value in cachefiles_read_or_alloc_pages()
Linus Torvalds [Fri, 15 May 2020 20:10:06 +0000 (13:10 -0700)]
Merge git://git./linux/kernel/git/netdev/net
Pull networking fixes from David Miller:
1) Fix sk_psock reference count leak on receive, from Xiyu Yang.
2) CONFIG_HNS should be invisible, from Geert Uytterhoeven.
3) Don't allow locking route MTUs in ipv6, RFCs actually forbid this,
from Maciej Żenczykowski.
4) ipv4 route redirect backoff wasn't actually enforced, from Paolo
Abeni.
5) Fix netprio cgroup v2 leak, from Zefan Li.
6) Fix infinite loop on rmmod in conntrack, from Florian Westphal.
7) Fix tcp SO_RCVLOWAT hangs, from Eric Dumazet.
8) Various bpf probe handling fixes, from Daniel Borkmann.
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (68 commits)
selftests: mptcp: pm: rm the right tmp file
dpaa2-eth: properly handle buffer size restrictions
bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier
bpf: Add bpf_probe_read_{user, kernel}_str() to do_refine_retval_range
bpf: Restrict bpf_probe_read{, str}() only to archs where they work
MAINTAINERS: Mark networking drivers as Maintained.
ipmr: Add lockdep expression to ipmr_for_each_table macro
ipmr: Fix RCU list debugging warning
drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c
net: phy: broadcom: fix BCM54XX_SHD_SCR3_TRDDAPD value for BCM54810
tcp: fix error recovery in tcp_zerocopy_receive()
MAINTAINERS: Add Jakub to networking drivers.
MAINTAINERS: another add of Karsten Graul for S390 networking
drivers: ipa: fix typos for ipa_smp2p structure doc
pppoe: only process PADT targeted at local interfaces
selftests/bpf: Enforce returning 0 for fentry/fexit programs
bpf: Enforce returning 0 for fentry/fexit progs
net: stmmac: fix num_por initialization
security: Fix the default value of secid_to_secctx hook
libbpf: Fix register naming in PT_REGS s390 macros
...
Linus Torvalds [Fri, 15 May 2020 20:06:56 +0000 (13:06 -0700)]
Merge tag 'for-linus' of git://git./linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"A few minor bug fixes for user visible defects, and one regression:
- Various bugs from static checkers and syzkaller
- Add missing error checking in mlx4
- Prevent RTNL lock recursion in i40iw
- Fix segfault in cxgb4 in peer abort cases
- Fix a regression added in 5.7 where the IB_EVENT_DEVICE_FATAL could
be lost, and wasn't delivered to all the FDs"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/uverbs: Move IB_EVENT_DEVICE_FATAL to destroy_uobj
RDMA/uverbs: Do not discard the IB_EVENT_DEVICE_FATAL event
RDMA/iw_cxgb4: Fix incorrect function parameters
RDMA/core: Fix double put of resource
IB/core: Fix potential NULL pointer dereference in pkey cache
IB/hfi1: Fix another case where pq is left on waitlist
IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
IB/mlx4: Test return value of calls to ib_get_cached_pkey
RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info()
i40iw: Fix error handling in i40iw_manage_arp_cache()
Linus Torvalds [Fri, 15 May 2020 19:57:50 +0000 (12:57 -0700)]
Merge tag 'linux-kselftest-5.7-rc6' of git://git./linux/kernel/git/shuah/linux-kselftest
Pull kselftest fixes from Shuah Khan:
- lkdtm runner fixes to prevent dmesg clearing and shellcheck errors
- ftrace test handling when test module doesn't exist
- nsfs test fix to replace zero-length array with flexible-array
- dmabuf-heaps test fix to return clear error value
* tag 'linux-kselftest-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/lkdtm: Use grep -E instead of egrep
selftests/lkdtm: Don't clear dmesg when running tests
selftests/ftrace: mark irqsoff_tracer.tc test as unresolved if the test module does not exist
tools/testing: Replace zero-length array with flexible-array
kselftests: dmabuf-heaps: Fix confused return value on expected error testing
Linus Torvalds [Fri, 15 May 2020 19:47:15 +0000 (12:47 -0700)]
Merge tag 'riscv-for-linus-5.7-rc6' of git://git./linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
"A handful of build fixes, all found by Huawei's autobuilder.
None of these patches should have any functional impact on kernels
that build, and they're mostly related to various features
intermingling with !MMU.
While some of these might be better hoisted to generic code, it seems
better to have the simple fixes in the meanwhile.
As far as I know these are the only outstanding patches for 5.7"
* tag 'riscv-for-linus-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: mmiowb: Fix implicit declaration of function 'smp_processor_id'
riscv: pgtable: Fix __kernel_map_pages build error if NOMMU
riscv: Make SYS_SUPPORTS_HUGETLBFS depends on MMU
riscv: Disable ARCH_HAS_DEBUG_VIRTUAL if NOMMU
riscv: Add pgprot_writecombine/device and PAGE_SHARED defination if NOMMU
riscv: stacktrace: Fix undefined reference to `walk_stackframe'
riscv: Fix unmet direct dependencies built based on SOC_VIRT
riscv: perf: RISCV_BASE_PMU should be independent
riscv: perf_event: Make some funciton static
Linus Torvalds [Fri, 15 May 2020 18:08:46 +0000 (11:08 -0700)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fix from Catalin Marinas:
"Fix flush_icache_range() second argument in machine_kexec() to be an
address rather than size"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: fix the flush_icache_range arguments in machine_kexec
David S. Miller [Fri, 15 May 2020 17:57:21 +0000 (10:57 -0700)]
Merge git://git./pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says:
====================
pull-request: bpf 2020-05-15
The following pull-request contains BPF updates for your *net* tree.
We've added 9 non-merge commits during the last 2 day(s) which contain
a total of 14 files changed, 137 insertions(+), 43 deletions(-).
The main changes are:
1) Fix secid_to_secctx LSM hook default value, from Anders.
2) Fix bug in mmap of bpf array, from Andrii.
3) Restrict bpf_probe_read to archs where they work, from Daniel.
4) Enforce returning 0 for fentry/fexit progs, from Yonghong.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jim Mattson [Mon, 11 May 2020 22:56:16 +0000 (15:56 -0700)]
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Bank_num is a one-based count of banks, not a zero-based index. It
overflows the allocated space only when strictly greater than
KVM_MAX_MCE_BANKS.
Fixes:
a9e38c3e01ad ("KVM: x86: Catch potential overrun in MCE setup")
Signed-off-by: Jue Wang <juew@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Message-Id: <
20200511225616.19557-1-jmattson@google.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Fri, 15 May 2020 17:47:57 +0000 (13:47 -0400)]
Merge branch 'kvm-amd-fixes' into HEAD
This topic branch will be included in both kvm/master and kvm/next
(for 5.8) in order to simplify testing of kvm/next.
Matthieu Baerts [Fri, 15 May 2020 15:54:41 +0000 (17:54 +0200)]
selftests: mptcp: pm: rm the right tmp file
"$err" is a variable pointing to a temp file. "$out" is not: only used
as a local variable in "check()" and representing the output of a
command line.
Fixes:
eedbc685321b (selftests: add PM netlink functional tests)
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ioana Ciornei [Fri, 15 May 2020 12:30:22 +0000 (15:30 +0300)]
dpaa2-eth: properly handle buffer size restrictions
Depending on the WRIOP version, the buffer size on the RX path must by a
multiple of 64 or 256. Handle this restriction properly by aligning down
the buffer size to the necessary value. Also, use the new buffer size
dynamically computed instead of the compile time one.
Fixes:
27c874867c4e ("dpaa2-eth: Use a single page per Rx buffer")
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 15 May 2020 17:14:05 +0000 (10:14 -0700)]
Merge tag 'hwmon-for-v5.7-rc6' of git://git./linux/kernel/git/groeck/linux-staging
Pull hwmon fixes from Guenter Roeck:
- Fix ADC access synchronization problem with da9052 driver
- Fix temperature limit and status reporting in nct7904 driver
- Fix drivetemp temperature reporting if SCT is supported but SCT data
tables are not.
* tag 'hwmon-for-v5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (da9052) Synchronize access with mfd
hwmon: (nct7904) Fix incorrect range of temperature limit registers
hwmon: (nct7904) Read all SMI status registers in probe function
hwmon: (drivetemp) Fix SCT support if SCT data tables are not supported
Linus Torvalds [Fri, 15 May 2020 17:06:49 +0000 (10:06 -0700)]
Merge tag 'sound-5.7-rc6' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Things look good and calming down; the only change to ALSA core is the
fix for racy rawmidi buffer accesses spotted by syzkaller, and the
rest are all small device-specific quirks for HD-audio and USB-audio
devices"
* tag 'sound-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA
ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295
ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295
ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295
ALSA: hda/realtek: Add quirk for Samsung Notebook
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: usb-audio: add mapping for ASRock TRX40 Creator
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
ALSA: firewire-lib: fix 'function sizeof not defined' error of tracepoints format
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
Linus Torvalds [Fri, 15 May 2020 16:59:49 +0000 (09:59 -0700)]
Merge tag 'drm-fixes-2020-05-15' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"As mentioned last week an i915 PR came in late, but I left it, so the
i915 bits of this cover 2 weeks, which is why it's likely a bit larger
than usual.
Otherwise it's mostly amdgpu fixes, one tegra fix, one meson fix.
i915:
- Handle idling during i915_gem_evict_something busy loops (Chris)
- Mark current submissions with a weak-dependency (Chris)
- Propagate error from completed fences (Chris)
- Fixes on execlist to avoid GPU hang situation (Chris)
- Fixes couple deadlocks (Chris)
- Timeslice preemption fixes (Chris)
- Fix Display Port interrupt handling on Tiger Lake (Imre)
- Reduce debug noise around Frame Buffer Compression (Peter)
- Fix logic around IPC W/a for Coffee Lake and Kaby Lake (Sultan)
- Avoid dereferencing a dead context (Chris)
tegra:
- tegra120/4 smmu fixes
amdgpu:
- Clockgating fixes
- Fix fbdev with scatter/gather display
- S4 fix for navi
- Soft recovery for gfx10
- Freesync fixes
- Atomic check cursor fix
- Add a gfxoff quirk
- MST fix
amdkfd:
- Fix GEM reference counting
meson:
- error code propogation fix"
* tag 'drm-fixes-2020-05-15' of git://anongit.freedesktop.org/drm/drm: (29 commits)
drm/i915: Handle idling during i915_gem_evict_something busy loops
drm/meson: pm resume add return errno branch
drm/amd/amdgpu: Update update_config() logic
drm/amd/amdgpu: add raven1 part to the gfxoff quirk list
drm/i915: Mark concurrent submissions with a weak-dependency
drm/i915: Propagate error from completed fences
drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest
drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance.
drm/amd/display: add basic atomic check for cursor plane
drm/amd/display: Fix vblank and pageflip event handling for FreeSync
drm/amdgpu: implement soft_recovery for gfx10
drm/amdgpu: enable hibernate support on Navi1X
drm/amdgpu: Use GEM obj reference for KFD BOs
drm/amdgpu: force fbdev into vram
drm/amd/powerplay: perform PG ungate prior to CG ungate
drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate
drm/amdgpu: disable MGCG/MGLS also on gfx CG ungate
drm/i915/execlists: Track inflight CCID
drm/i915/execlists: Avoid reusing the same logical CCID
drm/i915/gem: Remove object_is_locked assertion from unpin_from_display_plane
...
Michael S. Tsirkin [Fri, 15 May 2020 15:29:53 +0000 (11:29 -0400)]
vhost: missing __user tags
sparse warns about converting void * to void __user *. This is not new
but only got noticed now that vhost is built on more systems.
This is just a question of __user tags missing in a couple of places,
so fix it up.
Fixes:
f88949138058 ("vhost: introduce O(1) vq metadata cache")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Alexei Starovoitov [Fri, 15 May 2020 15:10:36 +0000 (08:10 -0700)]
Merge branch 'restrict-bpf_probe_read'
Daniel Borkmann says:
====================
Small set of fixes in order to restrict BPF helpers for tracing which are
broken on archs with overlapping address ranges as per discussion in [0].
I've targetted this for -bpf tree so they can be routed as fixes. Thanks!
v1 -> v2:
- switch to reusable %pks, %pus format specifiers (Yonghong)
- fixate %s on kernel_ds probing for archs with overlapping addr space
[0] https://lore.kernel.org/bpf/CAHk-=wjJKo0GVixYLmqPn-Q22WFu0xHaBSjKEo7e7Yw72y5SPQ@mail.gmail.com/T/
====================
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Daniel Borkmann [Fri, 15 May 2020 10:11:18 +0000 (12:11 +0200)]
bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier
Usage of plain %s conversion specifier in bpf_trace_printk() suffers from the
very same issue as bpf_probe_read{,str}() helpers, that is, it is broken on
archs with overlapping address ranges.
While the helpers have been addressed through work in
6ae08ae3dea2 ("bpf: Add
probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers"), we need
an option for bpf_trace_printk() as well to fix it.
Similarly as with the helpers, force users to make an explicit choice by adding
%pks and %pus specifier to bpf_trace_printk() which will then pick the corresponding
strncpy_from_unsafe*() variant to perform the access under KERNEL_DS or USER_DS.
The %pk* (kernel specifier) and %pu* (user specifier) can later also be extended
for other objects aside strings that are probed and printed under tracing, and
reused out of other facilities like bpf_seq_printf() or BTF based type printing.
Existing behavior of %s for current users is still kept working for archs where it
is not broken and therefore gated through CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
For archs not having this property we fall-back to pick probing under KERNEL_DS as
a sensible default.
Fixes:
8d3b7dce8622 ("bpf: add support for %s specifier to bpf_trace_printk()")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Link: https://lore.kernel.org/bpf/20200515101118.6508-4-daniel@iogearbox.net
Daniel Borkmann [Fri, 15 May 2020 10:11:17 +0000 (12:11 +0200)]
bpf: Add bpf_probe_read_{user, kernel}_str() to do_refine_retval_range
Given bpf_probe_read{,str}() BPF helpers are now only available under
CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE, we need to add the drop-in
replacements of bpf_probe_read_{kernel,user}_str() to do_refine_retval_range()
as well to avoid hitting the same issue as in
849fa50662fbc ("bpf/verifier:
refine retval R0 state for bpf_get_stack helper").
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200515101118.6508-3-daniel@iogearbox.net
Daniel Borkmann [Fri, 15 May 2020 10:11:16 +0000 (12:11 +0200)]
bpf: Restrict bpf_probe_read{, str}() only to archs where they work
Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs
with overlapping address ranges, we should really take the next step to
disable them from BPF use there.
To generally fix the situation, we've recently added new helper variants
bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str().
For details on them, see
6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel}
and probe_read_{user,kernel}_str helpers").
Given bpf_probe_read{,str}() have been around for ~5 years by now, there
are plenty of users at least on x86 still relying on them today, so we
cannot remove them entirely w/o breaking the BPF tracing ecosystem.
However, their use should be restricted to archs with non-overlapping
address ranges where they are working in their current form. Therefore,
move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and
have x86, arm64, arm select it (other archs supporting it can follow-up
on it as well).
For the remaining archs, they can workaround easily by relying on the
feature probe from bpftool which spills out defines that can be used out
of BPF C code to implement the drop-in replacement for old/new kernels
via: bpftool feature probe macro
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/bpf/20200515101118.6508-2-daniel@iogearbox.net
Kyungtae Kim [Sun, 10 May 2020 05:43:34 +0000 (05:43 +0000)]
USB: gadget: fix illegal array access in binding with UDC
FuzzUSB (a variant of syzkaller) found an illegal array access
using an incorrect index while binding a gadget with UDC.
Reference: https://www.spinics.net/lists/linux-usb/msg194331.html
This bug occurs when a size variable used for a buffer
is misused to access its strcpy-ed buffer.
Given a buffer along with its size variable (taken from user input),
from which, a new buffer is created using kstrdup().
Due to the original buffer containing 0 value in the middle,
the size of the kstrdup-ed buffer becomes smaller than that of the original.
So accessing the kstrdup-ed buffer with the same size variable
triggers memory access violation.
The fix makes sure no zero value in the buffer,
by comparing the strlen() of the orignal buffer with the size variable,
so that the access to the kstrdup-ed buffer is safe.
BUG: KASAN: slab-out-of-bounds in gadget_dev_desc_UDC_store+0x1ba/0x200
drivers/usb/gadget/configfs.c:266
Read of size 1 at addr
ffff88806a55dd7e by task syz-executor.0/17208
CPU: 2 PID: 17208 Comm: syz-executor.0 Not tainted 5.6.8 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xce/0x128 lib/dump_stack.c:118
print_address_description.constprop.4+0x21/0x3c0 mm/kasan/report.c:374
__kasan_report+0x131/0x1b0 mm/kasan/report.c:506
kasan_report+0x12/0x20 mm/kasan/common.c:641
__asan_report_load1_noabort+0x14/0x20 mm/kasan/generic_report.c:132
gadget_dev_desc_UDC_store+0x1ba/0x200 drivers/usb/gadget/configfs.c:266
flush_write_buffer fs/configfs/file.c:251 [inline]
configfs_write_file+0x2f1/0x4c0 fs/configfs/file.c:283
__vfs_write+0x85/0x110 fs/read_write.c:494
vfs_write+0x1cd/0x510 fs/read_write.c:558
ksys_write+0x18a/0x220 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:620
do_syscall_64+0x9e/0x510 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Kyungtae Kim <kt0755@gmail.com>
Reported-and-tested-by: Kyungtae Kim <kt0755@gmail.com>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200510054326.GA19198@pizza01
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eugeniu Rosca [Thu, 14 May 2020 22:02:46 +0000 (00:02 +0200)]
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
On Tue, May 12, 2020 at 09:36:07PM +0800, Kai-Heng Feng wrote [1]:
> This patch prevents my Raven Ridge xHCI from getting runtime suspend.
The problem described in v5.6 commit
1208f9e1d758c9 ("USB: hub: Fix the
broken detection of USB3 device in SMSC hub") applies solely to the
USB5534B hub [2] present on the Kingfisher Infotainment Carrier Board,
manufactured by Shimafuji Electric Inc [3].
Despite that, the aforementioned commit applied the quirk to _all_ hubs
carrying vendor ID 0x424 (i.e. SMSC), of which there are more [4] than
initially expected. Consequently, the quirk is now enabled on platforms
carrying SMSC/Microchip hub models which potentially don't exhibit the
original issue.
To avoid reports like [1], further limit the quirk's scope to
USB5534B [2], by employing both Vendor and Product ID checks.
Tested on H3ULCB + Kingfisher rev. M05.
[1] https://lore.kernel.org/linux-renesas-soc/
73933975-6F0E-40F5-9584-
D2B8F615C0F3@canonical.com/
[2] https://www.microchip.com/wwwproducts/en/USB5534B
[3] http://www.shimafuji.co.jp/wp/wp-content/uploads/2018/08/SBEV-RCAR-KF-M06Board_HWSpecificationEN_Rev130.pdf
[4] https://devicehunt.com/search/type/usb/vendor/0424/device/any
Fixes:
1208f9e1d758c9 ("USB: hub: Fix the broken detection of USB3 device in SMSC hub")
Cc: stable@vger.kernel.org # v4.14+
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Hardik Gajjar <hgajjar@de.adit-jv.com>
Cc: linux-renesas-soc@vger.kernel.org
Cc: linux-usb@vger.kernel.org
Reported-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Tested-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Link: https://lore.kernel.org/r/20200514220246.13290-1-erosca@de.adit-jv.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Fri, 15 May 2020 13:37:20 +0000 (15:37 +0200)]
Merge tag 'fixes-for-v5.7-rc6' of git://git./linux/kernel/git/balbi/usb into usb-linus
Felipe writes:
USB: fixes for v5.7-rc6
The main part here are the important fixes for the raw-gadget before it
becomes an ABI. We're adding support for stall/halt/wedge which is
actually pretty important in many situations. There's also a NULL
pointer deref fix.
Apart from raw-gadget, I've included some recent sparse fixes to a few
drivers.
Signed-off-by: Felipe Balbi <balbi@kernel.org>
* tag 'fixes-for-v5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb:
usb: cdns3: gadget: make a bunch of functions static
usb: mtu3: constify struct debugfs_reg32
usb: gadget: udc: atmel: Make some symbols static
usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
usb: raw-gadget: documentation updates
usb: raw-gadget: support stalling/halting/wedging endpoints
usb: raw-gadget: fix gadget endpoint selection
usb: raw-gadget: improve uapi headers comments
Borislav Petkov [Wed, 22 Apr 2020 16:11:30 +0000 (18:11 +0200)]
x86: Fix early boot crash on gcc-10, third try
... or the odyssey of trying to disable the stack protector for the
function which generates the stack canary value.
The whole story started with Sergei reporting a boot crash with a kernel
built with gcc-10:
Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013
Call Trace:
dump_stack
panic
? start_secondary
__stack_chk_fail
start_secondary
secondary_startup_64
-—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary
This happens because gcc-10 tail-call optimizes the last function call
in start_secondary() - cpu_startup_entry() - and thus emits a stack
canary check which fails because the canary value changes after the
boot_init_stack_canary() call.
To fix that, the initial attempt was to mark the one function which
generates the stack canary with:
__attribute__((optimize("-fno-stack-protector"))) ... start_secondary(void *unused)
however, using the optimize attribute doesn't work cumulatively
as the attribute does not add to but rather replaces previously
supplied optimization options - roughly all -fxxx options.
The key one among them being -fno-omit-frame-pointer and thus leading to
not present frame pointer - frame pointer which the kernel needs.
The next attempt to prevent compilers from tail-call optimizing
the last function call cpu_startup_entry(), shy of carving out
start_secondary() into a separate compilation unit and building it with
-fno-stack-protector, was to add an empty asm("").
This current solution was short and sweet, and reportedly, is supported
by both compilers but we didn't get very far this time: future (LTO?)
optimization passes could potentially eliminate this, which leads us
to the third attempt: having an actual memory barrier there which the
compiler cannot ignore or move around etc.
That should hold for a long time, but hey we said that about the other
two solutions too so...
Reported-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Kalle Valo <kvalo@codeaurora.org>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@gentoo.org
Qii Wang [Thu, 14 May 2020 13:09:04 +0000 (21:09 +0800)]
MAINTAINERS: add maintainer for mediatek i2c controller driver
Add Qii Wang as maintainer for mediatek i2c controller driver.
Signed-off-by: Qii Wang <qii.wang@mediatek.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Gustavo A. R. Silva [Thu, 7 May 2020 18:53:29 +0000 (13:53 -0500)]
i2c: mux: Replace zero-length array with flexible-array
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
sizeof(flexible-array-member) triggers a warning because flexible array
members have incomplete type[1]. There are some instances of code in
which the sizeof operator is being incorrectly/erroneously applied to
zero-length arrays and the result is zero. Such instances may be hiding
some bugs. So, this work (flexible-array member conversions) will also
help to get completely rid of those sorts of issues.
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21
[3] commit
76497732932f ("cxgb3/l2t: Fix undefined behaviour")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Christophe JAILLET [Wed, 6 May 2020 19:21:00 +0000 (21:21 +0200)]
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
A call to 'i2c_demux_deactivate_master()' is missing in the error handling
path, as already done in the remove function.
Fixes:
50a5ba876908 ("i2c: mux: demux-pinctrl: add driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Atsushi Nemoto [Fri, 8 May 2020 13:12:48 +0000 (22:12 +0900)]
i2c: altera: Fix race between xfer_msg and isr thread
Use a mutex to protect access to idev->msg_len, idev->buf, etc. which
are modified by both altr_i2c_xfer_msg() and altr_i2c_isr().
This is the minimal fix for easy backporting. A cleanup to remove the
spinlock will be added later.
Signed-off-by: Atsushi Nemoto <atsushi.nemoto@sord.co.jp>
Acked-by: Thor Thayer <thor.thayer@linux.intel.com>
[wsa: updated commit message]
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Wolfram Sang [Sat, 2 May 2020 14:26:49 +0000 (16:26 +0200)]
i2c: algo-pca: update contact email
The 'pengutronix' address is defunct for years. Use the proper contact
address.
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Codrin Ciubotariu [Wed, 15 Apr 2020 07:06:43 +0000 (10:06 +0300)]
i2c: at91: Fix pinmux after devm_gpiod_get() for bus recovery
devm_gpiod_get() usually calls gpio_request_enable() for non-strict pinmux
drivers. These puts the pins in GPIO mode, whithout notifying the pinctrl
driver. At this point, the I2C bus no longer owns the pins. To mux the
pins back to the I2C bus, we use the pinctrl driver to change the state
of the pins to GPIO, before using devm_gpiod_get(). After the pins are
received as GPIOs, we switch theer pinctrl state back to the default
one,
Fixes:
d3d3fdcc4c90 ("i2c: at91: implement i2c bus recovery")
Signed-off-by: Codrin Ciubotariu <codrin.ciubotariu@microchip.com>
Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Ricardo Cañuelo [Mon, 11 May 2020 11:06:10 +0000 (13:06 +0200)]
ARM: dts: iwg20d-q7-dbcm-ca: Remove unneeded properties in hdmi@39
Remove the adi,input-style and adi,input-justification properties of
hdmi@39 to make it compliant with the "adi,adv7511w" DT binding.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20200511110611.3142-6-ricardo.canuelo@collabora.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Ricardo Cañuelo [Mon, 11 May 2020 11:06:07 +0000 (13:06 +0200)]
ARM: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
Small fixes to make these DTs compliant with the adi,adv7511w and
adi,adv7513 bindings:
r8a7745-iwg22d-sodimm-dbhd-ca.dts
r8a7790-lager.dts
r8a7790-stout.dts
r8a7791-koelsch.dts
r8a7791-porter.dts
r8a7792-blanche.dts
r8a7793-gose.dts
r8a7794-silk.dts:
Remove the adi,input-style and adi,input-justification properties.
r8a7792-wheat.dts:
Reorder the I2C slave addresses of hdmi@3d and hdmi@39 and remove
the adi,input-style and adi,input-justification properties.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20200511110611.3142-3-ricardo.canuelo@collabora.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Ricardo Cañuelo [Mon, 11 May 2020 11:06:06 +0000 (13:06 +0200)]
arm64: dts: renesas: Make hdmi encoder nodes compliant with DT bindings
Small fixes to make these DTs compliant with the adi,adv7511w binding.
r8a77970-eagle.dts,
r8a77970-v3msk.dts,
r8a77980-condor.dts,
r8a77980-v3hsk.dts,
r8a77990-ebisu.dts:
Remove the adi,input-style and adi,input-justification properties.
r8a77995-draak.dts:
Reorder the I2C slave addresses of the hdmi-encoder@39 node and
remove the adi,input-style and adi,input-justification properties.
Signed-off-by: Ricardo Cañuelo <ricardo.canuelo@collabora.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20200511110611.3142-2-ricardo.canuelo@collabora.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Josh Poimboeuf [Thu, 14 May 2020 20:31:10 +0000 (15:31 -0500)]
x86/unwind/orc: Fix error handling in __unwind_start()
The unwind_state 'error' field is used to inform the reliable unwinding
code that the stack trace can't be trusted. Set this field for all
errors in __unwind_start().
Also, move the zeroing out of the unwind_state struct to before the ORC
table initialization check, to prevent the caller from reading
uninitialized data if the ORC table is corrupted.
Fixes:
af085d9084b4 ("stacktrace/x86: add function for detecting reliable stack traces")
Fixes:
d3a09104018c ("x86/unwinder/orc: Dont bail on stack overflow")
Fixes:
98d0c8ebf77e ("x86/unwind/orc: Prevent unwinding before ORC initialization")
Reported-by: Pavel Machek <pavel@denx.de>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/d6ac7215a84ca92b895fdd2e1aa546729417e6e6.1589487277.git.jpoimboe@redhat.com
Dave Airlie [Fri, 15 May 2020 06:00:53 +0000 (16:00 +1000)]
Merge tag 'drm-misc-fixes-2020-05-14' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes
Just one meson patch this time to propagate an error code
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20200514073538.wvdtv5s2mt4wdrdj@gilmour.lan
Peter Ujfalusi [Tue, 12 May 2020 13:45:31 +0000 (16:45 +0300)]
dmaengine: ti: k3-udma: Fix TR mode flags for slave_sg and memcpy
cppi5_tr_csf_set() clears previously set Configuration Specific Flags.
Setting the EOP flag clears the SUPR_EVT flag for the last TR which is not
desirable as we do not want to have events from the TR.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20200512134531.5742-1-peter.ujfalusi@ti.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Rafał Hibner [Wed, 6 May 2020 10:28:45 +0000 (12:28 +0200)]
dmaengine: zynqmp_dma: Move list_del inside zynqmp_dma_free_descriptor.
List elements are not formally removed from list during zynqmp_dma_reset.
Signed-off-by: Rafal Hibner <rafal.hibner@secom.com.pl>
Link: https://lore.kernel.org/r/20200506102844.2259-1-rafal.hibner@secom.com.pl
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Dave Airlie [Fri, 15 May 2020 02:28:46 +0000 (12:28 +1000)]
Merge tag 'drm-intel-fixes-2020-05-13-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
- Handle idling during i915_gem_evict_something busy loops (Chris)
- Mark current submissions with a weak-dependency (Chris)
- Propagate errror from completed fences (Chris)
- Fixes on execlist to avoid GPU hang situation (Chris)
- Fixes couple deadlocks (Chris)
- Timeslice preemption fixes (Chris)
- Fix Display Port interrupt handling on Tiger Lake (Imre)
- Reduce debug noise around Frame Buffer Compression
+(Peter)
- Fix logic around IPC W/a for Coffee Lake and Kaby Lake
+(Sultan)
- Avoid dereferencing a dead context (Chris)
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200514040235.GA2164266@intel.com