December 2021 - Linux-stable-mirror

[PATCH v2] thermal/drivers/int340x: Fix RFIM mailbox write commands

by Sumeet Pawnikar

The existing mail mechanism only supports writing of workload types. But mailbox command for RFIM (cmd = 0x08) also requires write operation which was ignored. This results in failing to store RFI restriction. This requires enhancing mailbox writes for non workload commands also. So, remove the check for MBOX_CMD_WORKLOAD_TYPE_WRITE in mailbox write, with this other write commands also can be supoorted. But at the same time, we have to make sure that there is no impact on read commands, by not writing anything in mailbox data register. To properly implement, add two separate functions for mbox read and write command for processor thermal workload command type. This helps to differentiate the read and write workload command types while sending mbox command. Fixes: 5d6fbc96bd36 ("thermal/drivers/int340x: processor_thermal: Export additional attributes") Signed-off-by: Sumeet Pawnikar <sumeet.r.pawnikar(a)intel.com> Cc: stable(a)vger.kernel.org # 5.14+ --- Changes in v2 from v1: - Addressed below review comments received from Srinivas. - updated subject line. - removed data argument for send_mbox_read_cmd function as it's not used. - removed writel call inside send_mbox_read_cmd function which is not required. --- .../processor_thermal_device.h | 3 +- .../int340x_thermal/processor_thermal_mbox.c | 100 +++++++++++------- .../int340x_thermal/processor_thermal_rfim.c | 23 ++-- 3 files changed, 73 insertions(+), 53 deletions(-) diff --git a/drivers/thermal/intel/int340x_thermal/processor_thermal_device.h b/drivers/thermal/intel/int340x_thermal/processor_thermal_device.h index be27f633e40a..9b2a64ef55d0 100644 --- a/drivers/thermal/intel/int340x_thermal/processor_thermal_device.h +++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_device.h @@ -80,7 +80,8 @@ void proc_thermal_rfim_remove(struct pci_dev *pdev); int proc_thermal_mbox_add(struct pci_dev *pdev, struct proc_thermal_device *proc_priv); void proc_thermal_mbox_remove(struct pci_dev *pdev); -int processor_thermal_send_mbox_cmd(struct pci_dev *pdev, u16 cmd_id, u32 cmd_data, u64 *cmd_resp); +int processor_thermal_send_mbox_read_cmd(struct pci_dev *pdev, u16 id, u64 *resp); +int processor_thermal_send_mbox_write_cmd(struct pci_dev *pdev, u16 id, u32 data); int proc_thermal_add(struct device *dev, struct proc_thermal_device *priv); void proc_thermal_remove(struct proc_thermal_device *proc_priv); int proc_thermal_suspend(struct device *dev); diff --git a/drivers/thermal/intel/int340x_thermal/processor_thermal_mbox.c b/drivers/thermal/intel/int340x_thermal/processor_thermal_mbox.c index 01008ae00e7f..0b89a4340ff4 100644 --- a/drivers/thermal/intel/int340x_thermal/processor_thermal_mbox.c +++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_mbox.c @@ -24,19 +24,15 @@ static DEFINE_MUTEX(mbox_lock); -static int send_mbox_cmd(struct pci_dev *pdev, u16 cmd_id, u32 cmd_data, u64 *cmd_resp) +static int wait_for_mbox_ready(struct proc_thermal_device *proc_priv) { - struct proc_thermal_device *proc_priv; u32 retries, data; int ret; - mutex_lock(&mbox_lock); - proc_priv = pci_get_drvdata(pdev); - /* Poll for rb bit == 0 */ retries = MBOX_RETRY_COUNT; do { - data = readl((void __iomem *) (proc_priv->mmio_base + MBOX_OFFSET_INTERFACE)); + data = readl(proc_priv->mmio_base + MBOX_OFFSET_INTERFACE); if (data & BIT_ULL(MBOX_BUSY_BIT)) { ret = -EBUSY; continue; @@ -45,53 +41,78 @@ static int send_mbox_cmd(struct pci_dev *pdev, u16 cmd_id, u32 cmd_data, u64 *cm break; } while (--retries); + return ret; +} + +static int send_mbox_write_cmd(struct pci_dev *pdev, u16 id, u32 data) +{ + struct proc_thermal_device *proc_priv; + u32 reg_data; + int ret; + + proc_priv = pci_get_drvdata(pdev); + + mutex_lock(&mbox_lock); + + ret = wait_for_mbox_ready(proc_priv); if (ret) goto unlock_mbox; - if (cmd_id == MBOX_CMD_WORKLOAD_TYPE_WRITE) - writel(cmd_data, (void __iomem *) ((proc_priv->mmio_base + MBOX_OFFSET_DATA))); - + writel(data, (proc_priv->mmio_base + MBOX_OFFSET_DATA)); /* Write command register */ - data = BIT_ULL(MBOX_BUSY_BIT) | cmd_id; - writel(data, (void __iomem *) ((proc_priv->mmio_base + MBOX_OFFSET_INTERFACE))); + reg_data = BIT_ULL(MBOX_BUSY_BIT) | id; + writel(reg_data, (proc_priv->mmio_base + MBOX_OFFSET_INTERFACE)); - /* Poll for rb bit == 0 */ - retries = MBOX_RETRY_COUNT; - do { - data = readl((void __iomem *) (proc_priv->mmio_base + MBOX_OFFSET_INTERFACE)); - if (data & BIT_ULL(MBOX_BUSY_BIT)) { - ret = -EBUSY; - continue; - } + ret = wait_for_mbox_ready(proc_priv); - if (data) { - ret = -ENXIO; - goto unlock_mbox; - } +unlock_mbox: + mutex_unlock(&mbox_lock); + return ret; +} - ret = 0; +static int send_mbox_read_cmd(struct pci_dev *pdev, u16 id, u64 *resp) +{ + struct proc_thermal_device *proc_priv; + u32 reg_data; + int ret; - if (!cmd_resp) - break; + proc_priv = pci_get_drvdata(pdev); - if (cmd_id == MBOX_CMD_WORKLOAD_TYPE_READ) - *cmd_resp = readl((void __iomem *) (proc_priv->mmio_base + MBOX_OFFSET_DATA)); - else - *cmd_resp = readq((void __iomem *) (proc_priv->mmio_base + MBOX_OFFSET_DATA)); + mutex_lock(&mbox_lock); - break; - } while (--retries); + ret = wait_for_mbox_ready(proc_priv); + if (ret) + goto unlock_mbox; + + /* Write command register */ + reg_data = BIT_ULL(MBOX_BUSY_BIT) | id; + writel(reg_data, (proc_priv->mmio_base + MBOX_OFFSET_INTERFACE)); + + ret = wait_for_mbox_ready(proc_priv); + if (ret) + goto unlock_mbox; + + if (id == MBOX_CMD_WORKLOAD_TYPE_READ) + *resp = readl(proc_priv->mmio_base + MBOX_OFFSET_DATA); + else + *resp = readq(proc_priv->mmio_base + MBOX_OFFSET_DATA); unlock_mbox: mutex_unlock(&mbox_lock); return ret; } -int processor_thermal_send_mbox_cmd(struct pci_dev *pdev, u16 cmd_id, u32 cmd_data, u64 *cmd_resp) +int processor_thermal_send_mbox_read_cmd(struct pci_dev *pdev, u16 id, u64 *resp) { - return send_mbox_cmd(pdev, cmd_id, cmd_data, cmd_resp); + return send_mbox_read_cmd(pdev, id, resp); } -EXPORT_SYMBOL_GPL(processor_thermal_send_mbox_cmd); +EXPORT_SYMBOL_NS_GPL(processor_thermal_send_mbox_read_cmd, INT340X_THERMAL); + +int processor_thermal_send_mbox_write_cmd(struct pci_dev *pdev, u16 id, u32 data) +{ + return send_mbox_write_cmd(pdev, id, data); +} +EXPORT_SYMBOL_NS_GPL(processor_thermal_send_mbox_write_cmd, INT340X_THERMAL); /* List of workload types */ static const char * const workload_types[] = { @@ -104,7 +125,6 @@ static const char * const workload_types[] = { NULL }; - static ssize_t workload_available_types_show(struct device *dev, struct device_attribute *attr, char *buf) @@ -146,7 +166,7 @@ static ssize_t workload_type_store(struct device *dev, data |= ret; - ret = send_mbox_cmd(pdev, MBOX_CMD_WORKLOAD_TYPE_WRITE, data, NULL); + ret = send_mbox_write_cmd(pdev, MBOX_CMD_WORKLOAD_TYPE_WRITE, data); if (ret) return false; @@ -161,7 +181,7 @@ static ssize_t workload_type_show(struct device *dev, u64 cmd_resp; int ret; - ret = send_mbox_cmd(pdev, MBOX_CMD_WORKLOAD_TYPE_READ, 0, &cmd_resp); + ret = send_mbox_read_cmd(pdev, MBOX_CMD_WORKLOAD_TYPE_READ, &cmd_resp); if (ret) return false; @@ -186,8 +206,6 @@ static const struct attribute_group workload_req_attribute_group = { .name = "workload_request" }; - - static bool workload_req_created; int proc_thermal_mbox_add(struct pci_dev *pdev, struct proc_thermal_device *proc_priv) @@ -196,7 +214,7 @@ int proc_thermal_mbox_add(struct pci_dev *pdev, struct proc_thermal_device *proc int ret; /* Check if there is a mailbox support, if fails return success */ - ret = send_mbox_cmd(pdev, MBOX_CMD_WORKLOAD_TYPE_READ, 0, &cmd_resp); + ret = send_mbox_read_cmd(pdev, MBOX_CMD_WORKLOAD_TYPE_READ, &cmd_resp); if (ret) return 0; diff --git a/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c b/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c index e693ec8234fb..8c42e7662033 100644 --- a/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c +++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c @@ -9,6 +9,8 @@ #include <linux/pci.h> #include "processor_thermal_device.h" +MODULE_IMPORT_NS(INT340X_THERMAL); + struct mmio_reg { int read_only; u32 offset; @@ -194,8 +196,7 @@ static ssize_t rfi_restriction_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) { - u16 cmd_id = 0x0008; - u64 cmd_resp; + u16 id = 0x0008; u32 input; int ret; @@ -203,7 +204,7 @@ static ssize_t rfi_restriction_store(struct device *dev, if (ret) return ret; - ret = processor_thermal_send_mbox_cmd(to_pci_dev(dev), cmd_id, input, &cmd_resp); + ret = processor_thermal_send_mbox_write_cmd(to_pci_dev(dev), id, input); if (ret) return ret; @@ -214,30 +215,30 @@ static ssize_t rfi_restriction_show(struct device *dev, struct device_attribute *attr, char *buf) { - u16 cmd_id = 0x0007; - u64 cmd_resp; + u16 id = 0x0007; + u64 resp; int ret; - ret = processor_thermal_send_mbox_cmd(to_pci_dev(dev), cmd_id, 0, &cmd_resp); + ret = processor_thermal_send_mbox_read_cmd(to_pci_dev(dev), id, &resp); if (ret) return ret; - return sprintf(buf, "%llu\n", cmd_resp); + return sprintf(buf, "%llu\n", resp); } static ssize_t ddr_data_rate_show(struct device *dev, struct device_attribute *attr, char *buf) { - u16 cmd_id = 0x0107; - u64 cmd_resp; + u16 id = 0x0107; + u64 resp; int ret; - ret = processor_thermal_send_mbox_cmd(to_pci_dev(dev), cmd_id, 0, &cmd_resp); + ret = processor_thermal_send_mbox_read_cmd(to_pci_dev(dev), id, &resp); if (ret) return ret; - return sprintf(buf, "%llu\n", cmd_resp); + return sprintf(buf, "%llu\n", resp); } static DEVICE_ATTR_RW(rfi_restriction); -- 2.17.1

3 years, 4 months

3
2
0 0

my contact

by ab

Good Day I Am Andrew Bailey Governor Bank of England (https://en.wikipedia.org/wiki/Andrew_Bailey_%28banker%29) I have a proposal for you, if you know you can Handle this, Contact me through my private email:(ande.bailey@mail2world.com) with your full names and address, phone numbers for more details. I await your reply, Regards, Andrew Bailey.

3 years, 4 months

1
0
0 0

[PATCH v2] tpm: fix potential NULL pointer access in tpm_del_char_device

by Lino Sanfilippo

Some SPI controller drivers unregister the controller in the shutdown handler (e.g. BCM2835). If such a controller is used with a TPM 2 slave chip->ops may be accessed when it is already NULL: At system shutdown the pre-shutdown handler tpm_class_shutdown() shuts down TPM 2 and sets chip->ops to NULL. Then at SPI controller unregistration tpm_tis_spi_remove() is called and eventually calls tpm_del_char_device() which tries to shut down TPM 2 again. Thereby it accesses chip->ops again: (tpm_del_char_device calls tpm_chip_start which calls tpm_clk_enable which calls chip->ops->clk_enable). Avoid the NULL pointer access by testing if chip->ops is valid and skipping the TPM 2 shutdown procedure in case it is NULL. Fixes: dcbeab1946454 ("tpm: fix crash in tpm_tis deinitialization") Cc: stable(a)vger.kernel.org Signed-off-by: Lino Sanfilippo <LinoSanfilippo(a)gmx.de> --- Changes to v2: - rephrased the commit message to clarify the circumstances under which this bug triggers (as requested by Jarkko) I was able to reproduce this issue with a SLB 9670 TPM chip controlled by a BCM2835 SPI controller. The approach to fix this issue in the BCM2835 driver was rejected after a discussion on the mailing list: https://marc.info/?l=linux-integrity&m=163285906725367&w=2 The reason for the rejection was the realization, that this issue should rather be fixed in the TPM code: https://marc.info/?l=linux-spi&m=163311087423271&w=2 So this is the reworked version of a patch that is supposed to do that. drivers/char/tpm/tpm-chip.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index ddaeceb7e109..7960da490e72 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -474,13 +474,19 @@ static void tpm_del_char_device(struct tpm_chip *chip) /* Make the driver uncallable. */ down_write(&chip->ops_sem); - if (chip->flags & TPM_CHIP_FLAG_TPM2) { - if (!tpm_chip_start(chip)) { - tpm2_shutdown(chip, TPM2_SU_CLEAR); - tpm_chip_stop(chip); + /* Check if chip->ops is still valid: In case that the controller + * drivers shutdown handler unregisters the controller in its + * shutdown handler we are called twice and chip->ops to NULL. + */ + if (chip->ops) { + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + if (!tpm_chip_start(chip)) { + tpm2_shutdown(chip, TPM2_SU_CLEAR); + tpm_chip_stop(chip); + } } + chip->ops = NULL; } - chip->ops = NULL; up_write(&chip->ops_sem); } base-commit: a7904a538933c525096ca2ccde1e60d0ee62c08e -- 2.34.1

3 years, 4 months

3
7
0 0

[PATCH 1/2] tpm: Fix error handling in async work

by Tadeusz Struk

When an invalid (non exitsinting) handle is used in a tpm command, that uses the resource manager interface (/dev/tpmrm0) the resource manager tries to load it from its internal cache, but fails and returns an -EINVAL error to the caller. The existing async handler doesn't handle these error cases currently and the condition in the poll handler never returns mask with EPOLLIN set causing the userspace code to get stack. Make sure that error conditions also contribute to the poll mask so that a correct error code could passed back to the caller. Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: <linux-integrity(a)vger.kernel.org> Cc: <stable(a)vger.kernel.org> Cc: <linux-kernel(a)vger.kernel.org> Fixes: 9e1b74a63f77 ("tpm: add support for nonblocking operation") Signed-off-by: Tadeusz Struk <tstruk(a)gmail.com> --- drivers/char/tpm/tpm-dev-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c index c08cbb306636..fe2679f84cb6 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -69,7 +69,7 @@ static void tpm_dev_async_work(struct work_struct *work) ret = tpm_dev_transmit(priv->chip, priv->space, priv->data_buffer, sizeof(priv->data_buffer)); tpm_put_ops(priv->chip); - if (ret > 0) { + if (ret != 0) { priv->response_length = ret; mod_timer(&priv->user_read_timer, jiffies + (120 * HZ)); } -- 2.30.2

3 years, 4 months

2
3
0 0

[PATCH] tpm: fix NPE on probe for missing device

by Patrick Williams

When using the tpm_tis-spi driver on a system missing the physical TPM, a null pointer exception was observed. [ 0.938677] Unable to handle kernel NULL pointer dereference at virtual address 00000004 [ 0.939020] pgd = 10c753cb [ 0.939237] [00000004] *pgd=00000000 [ 0.939808] Internal error: Oops: 5 [#1] SMP ARM [ 0.940157] CPU: 0 PID: 48 Comm: kworker/u4:1 Not tainted 5.15.10-dd1e40c #1 [ 0.940364] Hardware name: Generic DT based system [ 0.940601] Workqueue: events_unbound async_run_entry_fn [ 0.941048] PC is at tpm_tis_remove+0x28/0xb4 [ 0.941196] LR is at tpm_tis_core_init+0x170/0x6ac This is due to an attempt in 'tpm_tis_remove' to use the drvdata, which was not initialized in 'tpm_tis_core_init' prior to the first error. Move the initialization of drvdata earlier so 'tpm_tis_remove' has access to it. Signed-off-by: Patrick Williams <patrick(a)stwcx.xyz> Fixes: 79ca6f74dae0 ("tpm: fix Atmel TPM crash caused by too frequent queries") Cc: stable(a)vger.kernel.org --- drivers/char/tpm/tpm_tis_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index b2659a4c4016..9813b934e6e4 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -950,6 +950,8 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, priv->timeout_max = TPM_TIMEOUT_USECS_MAX; priv->phy_ops = phy_ops; + dev_set_drvdata(&chip->dev, priv); + rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor); if (rc < 0) goto out_err; @@ -962,8 +964,6 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, priv->timeout_max = TIS_TIMEOUT_MAX_ATML; } - dev_set_drvdata(&chip->dev, priv); - if (is_bsw()) { priv->ilb_base_addr = ioremap(INTEL_LEGACY_BLK_BASE_ADDR, ILB_REMAP_SIZE); -- 2.32.0

3 years, 4 months

2
1
0 0

[PATCH v2] powerpc/32s: Fix kasan_init_region() for KASAN

by Christophe Leroy

It has been reported some configuration where the kernel doesn't boot with KASAN enabled. This is due to wrong BAT allocation for the KASAN area: ---[ Data Block Address Translation ]--- 0: 0xc0000000-0xcfffffff 0x00000000 256M Kernel rw m 1: 0xd0000000-0xdfffffff 0x10000000 256M Kernel rw m 2: 0xe0000000-0xefffffff 0x20000000 256M Kernel rw m 3: 0xf8000000-0xf9ffffff 0x2a000000 32M Kernel rw m 4: 0xfa000000-0xfdffffff 0x2c000000 64M Kernel rw m A BAT must have both virtual and physical addresses alignment matching the size of the BAT. This is not the case for BAT 4 above. Fix kasan_init_region() by using block_size() function that is in book3s32/mmu.c. To be able to reuse it here, make it non static and change its name to bat_block_size() in order to avoid name conflict with block_size() defined in <linux/blkdev.h> Also reuse find_free_bat() to avoid an error message from setbat() when no BAT is available. And allocate memory outside of linear memory mapping to avoid wasting that precious space. With this change we get correct alignment for BATs and KASAN shadow memory is allocated outside the linear memory space. ---[ Data Block Address Translation ]--- 0: 0xc0000000-0xcfffffff 0x00000000 256M Kernel rw 1: 0xd0000000-0xdfffffff 0x10000000 256M Kernel rw 2: 0xe0000000-0xefffffff 0x20000000 256M Kernel rw 3: 0xf8000000-0xfbffffff 0x7c000000 64M Kernel rw 4: 0xfc000000-0xfdffffff 0x7a000000 32M Kernel rw Reported-by: Maxime Bizon <mbizon(a)freebox.fr> Fixes: 7974c4732642 ("powerpc/32s: Implement dedicated kasan_init_region()") Cc: stable(a)vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> --- v2: - Allocate kasan shadow memory outside precious kernel linear memory - Properly zeroise kasan shadow memory --- arch/powerpc/include/asm/book3s/32/mmu-hash.h | 2 + arch/powerpc/mm/book3s32/mmu.c | 10 ++-- arch/powerpc/mm/kasan/book3s_32.c | 58 ++++++++++--------- 3 files changed, 38 insertions(+), 32 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/32/mmu-hash.h b/arch/powerpc/include/asm/book3s/32/mmu-hash.h index f5be185cbdf8..5b45c648a8d9 100644 --- a/arch/powerpc/include/asm/book3s/32/mmu-hash.h +++ b/arch/powerpc/include/asm/book3s/32/mmu-hash.h @@ -143,6 +143,8 @@ static __always_inline void update_user_segments(u32 val) update_user_segment(15, val); } +int find_free_bat(void); +unsigned int bat_block_size(unsigned long base, unsigned long top); #endif /* !__ASSEMBLY__ */ /* We happily ignore the smaller BATs on 601, we don't actually use diff --git a/arch/powerpc/mm/book3s32/mmu.c b/arch/powerpc/mm/book3s32/mmu.c index cb48e4a5106d..9e7714a861bf 100644 --- a/arch/powerpc/mm/book3s32/mmu.c +++ b/arch/powerpc/mm/book3s32/mmu.c @@ -76,7 +76,7 @@ unsigned long p_block_mapped(phys_addr_t pa) return 0; } -static int find_free_bat(void) +int find_free_bat(void) { int b; int n = mmu_has_feature(MMU_FTR_USE_HIGH_BATS) ? 8 : 4; @@ -100,7 +100,7 @@ static int find_free_bat(void) * - block size has to be a power of two. This is calculated by finding the * highest bit set to 1. */ -static unsigned int block_size(unsigned long base, unsigned long top) +unsigned int bat_block_size(unsigned long base, unsigned long top) { unsigned int max_size = SZ_256M; unsigned int base_shift = (ffs(base) - 1) & 31; @@ -145,7 +145,7 @@ static unsigned long __init __mmu_mapin_ram(unsigned long base, unsigned long to int idx; while ((idx = find_free_bat()) != -1 && base != top) { - unsigned int size = block_size(base, top); + unsigned int size = bat_block_size(base, top); if (size < 128 << 10) break; @@ -204,12 +204,12 @@ void mmu_mark_initmem_nx(void) unsigned long size; for (i = 0; i < nb - 1 && base < top && top - base > (128 << 10);) { - size = block_size(base, top); + size = bat_block_size(base, top); setibat(i++, PAGE_OFFSET + base, base, size, PAGE_KERNEL_TEXT); base += size; } if (base < top) { - size = block_size(base, top); + size = bat_block_size(base, top); size = max(size, 128UL << 10); if ((top - base) > size) { size <<= 1; diff --git a/arch/powerpc/mm/kasan/book3s_32.c b/arch/powerpc/mm/kasan/book3s_32.c index 202bd260a009..450a67ef0bbe 100644 --- a/arch/powerpc/mm/kasan/book3s_32.c +++ b/arch/powerpc/mm/kasan/book3s_32.c @@ -10,47 +10,51 @@ int __init kasan_init_region(void *start, size_t size) { unsigned long k_start = (unsigned long)kasan_mem_to_shadow(start); unsigned long k_end = (unsigned long)kasan_mem_to_shadow(start + size); - unsigned long k_cur = k_start; - int k_size = k_end - k_start; - int k_size_base = 1 << (ffs(k_size) - 1); + unsigned long k_nobat = k_start; + unsigned long k_cur; + phys_addr_t phys; int ret; - void *block; - block = memblock_alloc(k_size, k_size_base); - - if (block && k_size_base >= SZ_128K && k_start == ALIGN(k_start, k_size_base)) { - int k_size_more = 1 << (ffs(k_size - k_size_base) - 1); - - setbat(-1, k_start, __pa(block), k_size_base, PAGE_KERNEL); - if (k_size_more >= SZ_128K) - setbat(-1, k_start + k_size_base, __pa(block) + k_size_base, - k_size_more, PAGE_KERNEL); - if (v_block_mapped(k_start)) - k_cur = k_start + k_size_base; - if (v_block_mapped(k_start + k_size_base)) - k_cur = k_start + k_size_base + k_size_more; - - update_bats(); + while (k_nobat < k_end) { + unsigned int k_size = bat_block_size(k_nobat, k_end); + int idx = find_free_bat(); + + if (idx == -1) + break; + if (k_size < SZ_128K) + break; + phys = memblock_phys_alloc_range(k_size, k_size, 0, + MEMBLOCK_ALLOC_ANYWHERE); + if (!phys) + break; + + setbat(idx, k_nobat, phys, k_size, PAGE_KERNEL); + k_nobat += k_size; } + if (k_nobat != k_start) + update_bats(); - if (!block) - block = memblock_alloc(k_size, PAGE_SIZE); - if (!block) - return -ENOMEM; + if (k_nobat < k_end) { + phys = memblock_phys_alloc_range(k_end - k_nobat, PAGE_SIZE, 0, + MEMBLOCK_ALLOC_ANYWHERE); + if (!phys) + return -ENOMEM; + } ret = kasan_init_shadow_page_tables(k_start, k_end); if (ret) return ret; - kasan_update_early_region(k_start, k_cur, __pte(0)); + kasan_update_early_region(k_start, k_nobat, __pte(0)); - for (; k_cur < k_end; k_cur += PAGE_SIZE) { + for (k_cur = k_nobat; k_cur < k_end; k_cur += PAGE_SIZE) { pmd_t *pmd = pmd_off_k(k_cur); - void *va = block + k_cur - k_start; - pte_t pte = pfn_pte(PHYS_PFN(__pa(va)), PAGE_KERNEL); + pte_t pte = pfn_pte(PHYS_PFN(phys + k_cur - k_nobat), PAGE_KERNEL); __set_pte_at(&init_mm, k_cur, pte_offset_kernel(pmd, k_cur), pte, 0); } flush_tlb_kernel_range(k_start, k_end); + memset(kasan_mem_to_shadow(start), 0, k_end - k_start); + return 0; } -- 2.33.1

3 years, 4 months

3
2
0 0

iwlwifi Backport Request

by Kevin Anderson

Hello, I wanted to see if I could have two patches backported to 5.15 stable that concern Intel iwlwifi AX2XX stability. The patches are attached to the kernel bugzilla that can be found here: https://bugzilla.kernel.org/show_bug.cgi?id=214549. I've also attached them to this email. The patches fix an issue with the Intel AX210 that I have where it can cause a firmware reset when the device is under load causing performance to drop to around ~500Kb/s till the interface is restarted. This reset is easy to reproduce during normal use such as streaming videos and is problematic for devices such as laptops that primarily use wifi for connectivity. The mac80211 change is currently in the 5.16 RC and the scan timeout is in netdev-next and is supposed to be scheduled for 5.17 from what I can tell. I believe that the patches meet the requirements of the -stable tree as it makes the adapter for many users including myself difficult to use reliably. If this is the incorrect venue for this please let me know. Thanks, Kevin Anderson

3 years, 4 months

2
2
0 0

Re: iwlwifi Backport Request

by Thomas Backlund

Den 2021-12-28 kl. 02:59, skrev Kevin Anderson: > Hello, > > I wanted to see if I could have two patches backported to 5.15 stable > that concern Intel iwlwifi AX2XX stability. > > The patches are attached to the kernel bugzilla that can be found > here: https://bugzilla.kernel.org/show_bug.cgi?id=214549. I've also > attached them to this email. > > The patches fix an issue with the Intel AX210 that I have where it can > cause a firmware reset when the device is under load causing > performance to drop to around ~500Kb/s till the interface is > restarted. This reset is easy to reproduce during normal use such as > streaming videos and is problematic for devices such as laptops that > primarily use wifi for connectivity. > > The mac80211 change is currently in the 5.16 RC and the scan timeout > is in netdev-next and is supposed to be scheduled for 5.17 from what I > can tell. > > I believe that the patches meet the requirements of the -stable tree > as it makes the adapter for many users including myself difficult to > use reliably. > The mac80211 change was/is marked for stable@ and is already in 5.15.11 the scan timeout is only in a -next tree (as you already noted), so it cant land in 5.15 stable until it is also in linus tree... -- Thomas

3 years, 4 months

2
1
0 0

[PATCH 4.9 00/19] 4.9.295-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.295 release. There are 19 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Dec 2021 15:13:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.295-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.295-rc1 Rémi Denis-Courmont <remi(a)remlab.net> phonet/pep: refuse to enable an unbound pipe Lin Ma <linma(a)zju.edu.cn> hamradio: improve the incomplete fix to avoid NPD Lin Ma <linma(a)zju.edu.cn> hamradio: defer ax25 kfree after unregister_netdev Lin Ma <linma(a)zju.edu.cn> ax25: NPD bug when detaching AX25 device Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Do not report 'busy' status bit as alarm Samuel Čavoj <samuel(a)cavoj.net> Input: i8042 - enable deferred probe quirk for ASUS UM325UA Ard Biesheuvel <ardb(a)kernel.org> ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling Andrew Cooper <andrew.cooper3(a)citrix.com> x86/pkey: Fix undefined behaviour with PKRU_WD_BIT Colin Ian King <colin.i.king(a)gmail.com> ALSA: drivers: opl3: Fix incorrect use of vp->state Xiaoke Wang <xkernel.wang(a)foxmail.com> ALSA: jack: Check the return value of kstrdup() Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Fix usage of CONFIG2 register in detect function Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drivers: net: smc911x: Check for error irq Jiasheng Jiang <jiasheng(a)iscas.ac.cn> fjes: Check for error irq Fernando Fernandez Mancera <ffmancera(a)riseup.net> bonding: fix ad_actor_system option setting to default Jiasheng Jiang <jiasheng(a)iscas.ac.cn> qlcnic: potential dereference null pointer of rx_queue->page_ring José Expósito <jose.exposito89(a)gmail.com> IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() Benjamin Tissoires <benjamin.tissoires(a)redhat.com> HID: holtek: fix mouse probing Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: get CAN clock frequency from device Greg Jesionowski <jesionowskigreg(a)gmail.com> net: usb: lan78xx: add Allied Telesis AT29M2-AF ------------- Diffstat: Documentation/networking/bonding.txt | 11 +++--- Makefile | 4 +-- arch/arm/kernel/entry-armv.S | 8 ++--- arch/x86/include/asm/pgtable.h | 4 +-- drivers/hid/hid-holtek-mouse.c | 15 ++++++++ drivers/hwmon/lm90.c | 8 ++--- drivers/infiniband/hw/qib/qib_user_sdma.c | 2 +- drivers/input/serio/i8042-x86ia64io.h | 7 ++++ drivers/net/bonding/bond_options.c | 2 +- drivers/net/can/usb/kvaser_usb.c | 41 +++++++++++++++++++--- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov.h | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 12 +++++-- .../net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c | 4 ++- drivers/net/ethernet/smsc/smc911x.c | 5 +++ drivers/net/fjes/fjes_main.c | 5 +++ drivers/net/hamradio/mkiss.c | 5 +-- drivers/net/usb/lan78xx.c | 6 ++++ net/ax25/af_ax25.c | 4 ++- net/phonet/pep.c | 2 ++ sound/core/jack.c | 4 +++ sound/drivers/opl3/opl3_midi.c | 2 +- 21 files changed, 119 insertions(+), 34 deletions(-)

3 years, 4 months

5
23
0 0

[PATCH 5.4 00/47] 5.4.169-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.169 release. There are 47 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Dec 2021 15:13:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.169-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.169-rc1 Rémi Denis-Courmont <remi(a)remlab.net> phonet/pep: refuse to enable an unbound pipe Lin Ma <linma(a)zju.edu.cn> hamradio: improve the incomplete fix to avoid NPD Lin Ma <linma(a)zju.edu.cn> hamradio: defer ax25 kfree after unregister_netdev Lin Ma <linma(a)zju.edu.cn> ax25: NPD bug when detaching AX25 device Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Do not report 'busy' status bit as alarm Guenter Roeck <linux(a)roeck-us.net> hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 Guodong Liu <guodong.liu(a)mediatek.corp-partner.google.com> pinctrl: mediatek: fix global-out-of-bounds issue Samuel Čavoj <samuel(a)cavoj.net> Input: i8042 - enable deferred probe quirk for ASUS UM325UA Andrey Ryabinin <arbn(a)yandex-team.com> mm: mempolicy: fix THP allocations escaping mempolicy restrictions Sean Christopherson <seanjc(a)google.com> KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state Marian Postevca <posteuca(a)mutex.one> usb: gadget: u_ether: fix race in setting MAC address in setup phase Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix incorrect page free bug Ard Biesheuvel <ardb(a)kernel.org> ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Disable card detect during shutdown Prathamesh Shete <pshete(a)nvidia.com> mmc: sdhci-tegra: Fix switch to HS400ES mode Fabien Dessenne <fabien.dessenne(a)foss.st.com> pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines Andrew Cooper <andrew.cooper3(a)citrix.com> x86/pkey: Fix undefined behaviour with PKRU_WD_BIT John David Anglin <dave.anglin(a)bell.net> parisc: Correct completer in lws start Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> ipmi: fix initialization when workqueue allocation fails Mian Yousaf Kaukab <ykaukab(a)suse.de> ipmi: ssif: initialize ssif_info->client early Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> ipmi: bail out if init_srcu_struct fails José Expósito <jose.exposito89(a)gmail.com> Input: atmel_mxt_ts - fix double free in mxt_read_info_block Bradley Scott <Bradley.Scott(a)zebra.com> ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 Colin Ian King <colin.i.king(a)gmail.com> ALSA: drivers: opl3: Fix incorrect use of vp->state Xiaoke Wang <xkernel.wang(a)foxmail.com> ALSA: jack: Check the return value of kstrdup() Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Drop critical attribute support for MAX6654 Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Introduce flag indicating extended temperature support Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Add basic support for TI TMP461 Josh Lehan <krellan(a)google.com> hwmon: (lm90) Add max6654 support to lm90 driver Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm90) Fix usage of CONFIG2 register in detect function Andrea Righi <andrea.righi(a)canonical.com> Input: elantech - fix stack out of bound access in elantech_change_report_id() Jiasheng Jiang <jiasheng(a)iscas.ac.cn> sfc: falcon: Check null pointer of rx_queue->page_ring Jiasheng Jiang <jiasheng(a)iscas.ac.cn> drivers: net: smc911x: Check for error irq Jiasheng Jiang <jiasheng(a)iscas.ac.cn> fjes: Check for error irq Fernando Fernandez Mancera <ffmancera(a)riseup.net> bonding: fix ad_actor_system option setting to default Wu Bo <wubo40(a)huawei.com> ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Willem de Bruijn <willemb(a)google.com> net: skip virtio_net_hdr_set_proto if protocol already set Willem de Bruijn <willemb(a)google.com> net: accept UFOv6 packages in virtio_net_hdr_to_skb Jiasheng Jiang <jiasheng(a)iscas.ac.cn> qlcnic: potential dereference null pointer of rx_queue->page_ring Ignacy Gawędzki <ignacy.gawedzki(a)green-communications.fr> netfilter: fix regression in looped (broad|multi)cast's MAC handling José Expósito <jose.exposito89(a)gmail.com> IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() Dongliang Mu <mudongliangabcd(a)gmail.com> spi: change clk_disable_unprepare to clk_unprepare Robert Marko <robert.marko(a)sartura.hr> arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode Benjamin Tissoires <benjamin.tissoires(a)redhat.com> HID: holtek: fix mouse probing Ji-Ze Hong (Peter Hong) <hpeter(a)gmail.com> serial: 8250_fintek: Fix garbled text for console Greg Jesionowski <jesionowskigreg(a)gmail.com> net: usb: lan78xx: add Allied Telesis AT29M2-AF ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 8 +- Documentation/hwmon/lm90.rst | 33 +++- Documentation/networking/bonding.txt | 11 +- Makefile | 4 +- arch/arm/kernel/entry-armv.S | 8 +- .../dts/allwinner/sun50i-h5-orangepi-zero-plus.dts | 2 +- arch/parisc/kernel/syscall.S | 2 +- arch/x86/include/asm/pgtable.h | 4 +- drivers/char/ipmi/ipmi_msghandler.c | 21 ++- drivers/char/ipmi/ipmi_ssif.c | 7 +- drivers/hid/hid-holtek-mouse.c | 15 ++ drivers/hwmon/Kconfig | 9 +- drivers/hwmon/lm90.c | 200 ++++++++++++++------- drivers/infiniband/hw/qib/qib_user_sdma.c | 2 +- drivers/input/mouse/elantech.c | 8 +- drivers/input/serio/i8042-x86ia64io.h | 7 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/mmc/core/core.c | 7 +- drivers/mmc/core/core.h | 1 + drivers/mmc/core/host.c | 9 + drivers/mmc/host/sdhci-tegra.c | 43 +++-- drivers/net/bonding/bond_options.c | 2 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov.h | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 12 +- .../net/ethernet/qlogic/qlcnic/qlcnic_sriov_pf.c | 4 +- drivers/net/ethernet/sfc/falcon/rx.c | 5 +- drivers/net/ethernet/smsc/smc911x.c | 5 + drivers/net/fjes/fjes_main.c | 5 + drivers/net/hamradio/mkiss.c | 5 +- drivers/net/usb/lan78xx.c | 6 + drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 8 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 8 +- drivers/spi/spi-armada-3700.c | 2 +- drivers/tee/optee/shm_pool.c | 6 +- drivers/tty/serial/8250/8250_fintek.c | 19 -- drivers/usb/gadget/function/u_ether.c | 15 +- fs/f2fs/xattr.c | 11 +- include/linux/virtio_net.h | 25 ++- mm/mempolicy.c | 5 +- net/ax25/af_ax25.c | 4 +- net/netfilter/nfnetlink_log.c | 3 +- net/netfilter/nfnetlink_queue.c | 3 +- net/phonet/pep.c | 2 + sound/core/jack.c | 4 + sound/drivers/opl3/opl3_midi.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + 46 files changed, 393 insertions(+), 174 deletions(-)

3 years, 4 months

7
53
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2021