February 2021 - Linux-stable-mirror

[PATCH 4.9 00/10] [Set 2] Futex back-port

by Lee Jones

This set required 4 additional patches to avoid errors. Peter Zijlstra (4): futex,rt_mutex: Provide futex specific rt_mutex API futex: Remove rt_mutex_deadlock_account_*() futex: Rework inconsistent rt_mutex/futex_q state futex: Avoid violating the 10th rule of futex Thomas Gleixner (6): futex: Replace pointless printk in fixup_owner() futex: Provide and use pi_state_update_owner() rtmutex: Remove unused argument from rt_mutex_proxy_unlock() futex: Use pi_state_update_owner() in put_pi_state() futex: Simplify fixup_pi_state_owner() futex: Handle faults correctly for PI futexes kernel/futex.c | 276 ++++++++++++++++++-------------- kernel/locking/rtmutex-debug.c | 9 -- kernel/locking/rtmutex-debug.h | 3 - kernel/locking/rtmutex.c | 127 +++++++++------ kernel/locking/rtmutex.h | 2 - kernel/locking/rtmutex_common.h | 12 +- 6 files changed, 243 insertions(+), 186 deletions(-) Cc: bigeasy(a)linutronix.de Cc: bristot(a)redhat.com Cc: Darren Hart <dvhart(a)infradead.org> Cc: dvhart(a)infradead.org Cc: jdesfossez(a)efficios.com Cc: juri.lelli(a)arm.com Cc: mathieu.desnoyers(a)efficios.com Cc: rostedt(a)goodmis.org Cc: stable(a)vger.kernel.org Cc: xlpang(a)redhat.com -- 2.25.1

3 years, 11 months

2
11
0 0

FAILED: patch "[PATCH] net_sched: reject silly cell_log in qdisc_get_rtab()" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From e4bedf48aaa5552bc1f49703abd17606e7e6e82a Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 14 Jan 2021 08:06:37 -0800 Subject: [PATCH] net_sched: reject silly cell_log in qdisc_get_rtab() iproute2 probably never goes beyond 8 for the cell exponent, but stick to the max shift exponent for signed 32bit. UBSAN reported: UBSAN: shift-out-of-bounds in net/sched/sch_api.c:389:22 shift exponent 130 is too large for 32-bit type 'int' CPU: 1 PID: 8450 Comm: syz-executor586 Not tainted 5.11.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x183/0x22e lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:148 [inline] __ubsan_handle_shift_out_of_bounds+0x432/0x4d0 lib/ubsan.c:395 __detect_linklayer+0x2a9/0x330 net/sched/sch_api.c:389 qdisc_get_rtab+0x2b5/0x410 net/sched/sch_api.c:435 cbq_init+0x28f/0x12c0 net/sched/sch_cbq.c:1180 qdisc_create+0x801/0x1470 net/sched/sch_api.c:1246 tc_modify_qdisc+0x9e3/0x1fc0 net/sched/sch_api.c:1662 rtnetlink_rcv_msg+0xb1d/0xe60 net/core/rtnetlink.c:5564 netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2494 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x7de/0x9b0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0xaa6/0xe90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] ____sys_sendmsg+0x5a2/0x900 net/socket.c:2345 ___sys_sendmsg net/socket.c:2399 [inline] __sys_sendmsg+0x319/0x400 net/socket.c:2432 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Acked-by: Cong Wang <cong.wang(a)bytedance.com> Link: https://lore.kernel.org/r/20210114160637.1660597-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c index 51cb553e4317..6fe4e5cc807c 100644 --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c @@ -412,7 +412,8 @@ struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r, { struct qdisc_rate_table *rtab; - if (tab == NULL || r->rate == 0 || r->cell_log == 0 || + if (tab == NULL || r->rate == 0 || + r->cell_log == 0 || r->cell_log >= 32 || nla_len(tab) != TC_RTAB_SIZE) { NL_SET_ERR_MSG(extack, "Invalid rate table parameters for searching"); return NULL;

3 years, 11 months

3
2
0 0

Re: FAILED: patch "[PATCH] tcp: make TCP_USER_TIMEOUT accurate for zero window probes" failed to apply to 5.4-stable tree

by Enke Chen

Hi, Greg: Attach is the ported patch for the 5.4-stable tree. Thanks. -- Enke > From: <gregkh(a)linuxfoundation.org> > Date: Tue, Feb 2, 2021 at 5:15 AM > Subject: FAILED: patch "[PATCH] tcp: make TCP_USER_TIMEOUT accurate for > zero window probes" failed to apply to 5.4-stable tree > To: <enchen(a)paloaltonetworks.com>, <edumazet(a)google.com>, <kuba(a)kernel.org>, > <ncardwell(a)google.com> > Cc: <stable(a)vger.kernel.org> > > > > The patch below does not apply to the 5.4-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <stable(a)vger.kernel.org>. > > thanks, > > greg k-h > tcp: make TCP_USER_TIMEOUT accurate for zero window probes From: Enke Chen <enchen(a)paloaltonetworks.com> commit 344db93ae3ee69fc137bd6ed89a8ff1bf5b0db08 upstream. The TCP_USER_TIMEOUT is checked by the 0-window probe timer. As the timer has backoff with a max interval of about two minutes, the actual timeout for TCP_USER_TIMEOUT can be off by up to two minutes. In this patch the TCP_USER_TIMEOUT is made more accurate by taking it into account when computing the timer value for the 0-window probes. This patch is similar to and builds on top of the one that made TCP_USER_TIMEOUT accurate for RTOs in commit b701a99e431d ("tcp: Add tcp_clamp_rto_to_user_timeout() helper to improve accuracy"). Fixes: 9721e709fa68 ("tcp: simplify window probe aborting on USER_TIMEOUT") Signed-off-by: Enke Chen <enchen(a)paloaltonetworks.com> Reviewed-by: Neal Cardwell <ncardwell(a)google.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Link: https://lore.kernel.org/r/20210122191306.GA99540@localhost.localdomain Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- include/net/tcp.h | 1 + net/ipv4/tcp_input.c | 1 + net/ipv4/tcp_output.c | 2 ++ net/ipv4/tcp_timer.c | 18 ++++++++++++++++++ 4 files changed, 22 insertions(+) diff --git a/include/net/tcp.h b/include/net/tcp.h index 377179283c46..424d4f137707 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -619,6 +619,7 @@ static inline void tcp_clear_xmit_timers(struct sock *sk) unsigned int tcp_sync_mss(struct sock *sk, u32 pmtu); unsigned int tcp_current_mss(struct sock *sk); +u32 tcp_clamp_probe0_to_user_timeout(const struct sock *sk, u32 when); /* Bound MSS / TSO packet size with the half of the window */ static inline int tcp_bound_to_half_wnd(struct tcp_sock *tp, int pktsize) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 7411a4313462..30c1b88ae4f7 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -3294,6 +3294,7 @@ static void tcp_ack_probe(struct sock *sk) } else { unsigned long when = tcp_probe0_when(sk, TCP_RTO_MAX); + when = tcp_clamp_probe0_to_user_timeout(sk, when); tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, when, TCP_RTO_MAX, NULL); } diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 5da6ffce390c..d0774b4e934d 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -3850,6 +3850,8 @@ void tcp_send_probe0(struct sock *sk) */ timeout = TCP_RESOURCE_PROBE_INTERVAL; } + + timeout = tcp_clamp_probe0_to_user_timeout(sk, timeout); tcp_reset_xmit_timer(sk, ICSK_TIME_PROBE0, timeout, TCP_RTO_MAX, NULL); } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c index 7fcd116fbd37..fa2ae96ecdc4 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -40,6 +40,24 @@ static u32 tcp_clamp_rto_to_user_timeout(const struct sock *sk) return min_t(u32, icsk->icsk_rto, msecs_to_jiffies(remaining)); } +u32 tcp_clamp_probe0_to_user_timeout(const struct sock *sk, u32 when) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + u32 remaining; + s32 elapsed; + + if (!icsk->icsk_user_timeout || !icsk->icsk_probes_tstamp) + return when; + + elapsed = tcp_jiffies32 - icsk->icsk_probes_tstamp; + if (unlikely(elapsed < 0)) + elapsed = 0; + remaining = msecs_to_jiffies(icsk->icsk_user_timeout) - elapsed; + remaining = max_t(u32, remaining, TCP_TIMEOUT_MIN); + + return min_t(u32, remaining, when); +} + /** * tcp_write_err() - close socket and save error info * @sk: The socket the error has appeared on. -- 2.29.2

3 years, 11 months

2
1
0 0

Re: [PATCH v2 0/3] drm: panfrost: Coherency support

by Robin Murphy

Hi Greg, On 2020-09-22 15:16, Robin Murphy wrote: > Hi all, > > Here's a quick v2 with the tags so far picked up and some inline > commentary about the shareability domains for the pagetable code. > > Robin. > > > Robin Murphy (3): > iommu/io-pgtable-arm: Support coherency for Mali LPAE > drm/panfrost: Support cache-coherent integrations > arm64: dts: meson: Describe G12b GPU as coherent Please would you consider applying these patches to 5.10 stable? The mainline commit IDs are now: 728da60da7c1 iommu/io-pgtable-arm: Support coherency for Mali LPAE 268af50f38b1 drm/panfrost: Support cache-coherent integrations 03544505cb10 arm64: dts: meson: Describe G12b GPU as coherent and I've checked that they cherry-pick to the current 5.10.y branch (5.10.12) cleanly. Amlogic-based boards that require this support are quite popular, and end-users are now starting to run into the weird behaviour that ensues without it, which is all to easy to misattribute to the userspace driver in Mesa, e.g. [1],[2]. Fortunately 5.10 also happens to be the first kernel version to start probing the particular GPU models on these SoCs anyway, and I'm not aware of any other significant systems that are affected, so I don't believe we will need to worry about any other stable versions. Thanks, Robin. [1] https://gitlab.freedesktop.org/mesa/mesa/-/issues/4157 [2] https://gitlab.freedesktop.org/mesa/mesa/-/issues/4160 > > arch/arm64/boot/dts/amlogic/meson-g12b.dtsi | 4 ++++ > drivers/gpu/drm/panfrost/panfrost_device.h | 1 + > drivers/gpu/drm/panfrost/panfrost_drv.c | 2 ++ > drivers/gpu/drm/panfrost/panfrost_gem.c | 2 ++ > drivers/gpu/drm/panfrost/panfrost_mmu.c | 1 + > drivers/iommu/io-pgtable-arm.c | 11 ++++++++++- > 6 files changed, 20 insertions(+), 1 deletion(-) >

3 years, 11 months

2
1
0 0

FAILED: patch "[PATCH] ACPI: thermal: Do not call acpi_thermal_check() directly" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 81b704d3e4674e09781d331df73d76675d5ad8cb Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Thu, 14 Jan 2021 19:34:22 +0100 Subject: [PATCH] ACPI: thermal: Do not call acpi_thermal_check() directly Calling acpi_thermal_check() from acpi_thermal_notify() directly is problematic if _TMP triggers Notify () on the thermal zone for which it has been evaluated (which happens on some systems), because it causes a new acpi_thermal_notify() invocation to be queued up every time and if that takes place too often, an indefinite number of pending work items may accumulate in kacpi_notify_wq over time. Besides, it is not really useful to queue up a new invocation of acpi_thermal_check() if one of them is pending already. For these reasons, rework acpi_thermal_notify() to queue up a thermal check instead of calling acpi_thermal_check() directly and only allow one thermal check to be pending at a time. Moreover, only allow one acpi_thermal_check_fn() instance at a time to run thermal_zone_device_update() for one thermal zone and make it return early if it sees other instances running for the same thermal zone. While at it, fold acpi_thermal_check() into acpi_thermal_check_fn(), as it is only called from there after the other changes made here. [This issue appears to have been exposed by commit 6d25be5782e4 ("sched/core, workqueues: Distangle worker accounting from rq lock"), but it is unclear why it was not visible earlier.] BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208877 Reported-by: Stephen Berman <stephen.berman(a)gmx.net> Diagnosed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Tested-by: Stephen Berman <stephen.berman(a)gmx.net> Cc: All applicable <stable(a)vger.kernel.org> diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c index 12c0ece746f0..859b1de31ddc 100644 --- a/drivers/acpi/thermal.c +++ b/drivers/acpi/thermal.c @@ -174,6 +174,8 @@ struct acpi_thermal { struct thermal_zone_device *thermal_zone; int kelvin_offset; /* in millidegrees */ struct work_struct thermal_check_work; + struct mutex thermal_check_lock; + refcount_t thermal_check_count; }; /* -------------------------------------------------------------------------- @@ -495,14 +497,6 @@ static int acpi_thermal_get_trip_points(struct acpi_thermal *tz) return 0; } -static void acpi_thermal_check(void *data) -{ - struct acpi_thermal *tz = data; - - thermal_zone_device_update(tz->thermal_zone, - THERMAL_EVENT_UNSPECIFIED); -} - /* sys I/F for generic thermal sysfs support */ static int thermal_get_temp(struct thermal_zone_device *thermal, int *temp) @@ -900,6 +894,12 @@ static void acpi_thermal_unregister_thermal_zone(struct acpi_thermal *tz) Driver Interface -------------------------------------------------------------------------- */ +static void acpi_queue_thermal_check(struct acpi_thermal *tz) +{ + if (!work_pending(&tz->thermal_check_work)) + queue_work(acpi_thermal_pm_queue, &tz->thermal_check_work); +} + static void acpi_thermal_notify(struct acpi_device *device, u32 event) { struct acpi_thermal *tz = acpi_driver_data(device); @@ -910,17 +910,17 @@ static void acpi_thermal_notify(struct acpi_device *device, u32 event) switch (event) { case ACPI_THERMAL_NOTIFY_TEMPERATURE: - acpi_thermal_check(tz); + acpi_queue_thermal_check(tz); break; case ACPI_THERMAL_NOTIFY_THRESHOLDS: acpi_thermal_trips_update(tz, ACPI_TRIPS_REFRESH_THRESHOLDS); - acpi_thermal_check(tz); + acpi_queue_thermal_check(tz); acpi_bus_generate_netlink_event(device->pnp.device_class, dev_name(&device->dev), event, 0); break; case ACPI_THERMAL_NOTIFY_DEVICES: acpi_thermal_trips_update(tz, ACPI_TRIPS_REFRESH_DEVICES); - acpi_thermal_check(tz); + acpi_queue_thermal_check(tz); acpi_bus_generate_netlink_event(device->pnp.device_class, dev_name(&device->dev), event, 0); break; @@ -1020,7 +1020,25 @@ static void acpi_thermal_check_fn(struct work_struct *work) { struct acpi_thermal *tz = container_of(work, struct acpi_thermal, thermal_check_work); - acpi_thermal_check(tz); + + /* + * In general, it is not sufficient to check the pending bit, because + * subsequent instances of this function may be queued after one of them + * has started running (e.g. if _TMP sleeps). Avoid bailing out if just + * one of them is running, though, because it may have done the actual + * check some time ago, so allow at least one of them to block on the + * mutex while another one is running the update. + */ + if (!refcount_dec_not_one(&tz->thermal_check_count)) + return; + + mutex_lock(&tz->thermal_check_lock); + + thermal_zone_device_update(tz->thermal_zone, THERMAL_EVENT_UNSPECIFIED); + + refcount_inc(&tz->thermal_check_count); + + mutex_unlock(&tz->thermal_check_lock); } static int acpi_thermal_add(struct acpi_device *device) @@ -1052,6 +1070,8 @@ static int acpi_thermal_add(struct acpi_device *device) if (result) goto free_memory; + refcount_set(&tz->thermal_check_count, 3); + mutex_init(&tz->thermal_check_lock); INIT_WORK(&tz->thermal_check_work, acpi_thermal_check_fn); pr_info(PREFIX "%s [%s] (%ld C)\n", acpi_device_name(device), @@ -1117,7 +1137,7 @@ static int acpi_thermal_resume(struct device *dev) tz->state.active |= tz->trips.active[i].flags.enabled; } - queue_work(acpi_thermal_pm_queue, &tz->thermal_check_work); + acpi_queue_thermal_check(tz); return AE_OK; }

3 years, 11 months

3
2
0 0

[PATCH 5.4 000/142] 5.4.44-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.44 release. There are 142 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Jun 2020 17:38:19 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.44-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.44-rc1 Changbin Du <changbin.du(a)intel.com> perf: Make perf able to build with latest libbfd Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build Nathan Chancellor <natechancellor(a)gmail.com> netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: comparison of unsigned in cthelper confirmation Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Revert "Input: i8042 - add ThinkPad S230u to i8042 nomux list" Qiushi Wu <wu000273(a)umn.edu> bonding: Fix reference count leak in bond_sysfs_slave_add. Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: declare lockless TX feature for slave ports David Ahern <dsahern(a)gmail.com> ipv4: nexthop version of fib_info_nh_uses_dev David Ahern <dsahern(a)gmail.com> nexthop: Expand nexthop_is_multipath in a few places Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> nexthops: don't modify published nexthop groups David Ahern <dsahern(a)gmail.com> nexthops: Move code from remove_nexthop_from_groups to remove_nh_grp_entry Eric Dumazet <edumazet(a)google.com> crypto: chelsio/chtls: properly set tp->lsndtime Qiushi Wu <wu000273(a)umn.edu> qlcnic: fix missing release in qlcnic_83xx_interrupt_test. Björn Töpel <bjorn.topel(a)intel.com> xsk: Add overflow check for u64 division, stored into u32 Pradeep Kumar Chitrapu <pradeepc(a)codeaurora.org> ieee80211: Fix incorrect mask for default PE duration Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix accumulation of bp->net_stats_prev. Xin Long <lucien.xin(a)gmail.com> esp6: get the right proto for transport mode in esp6_gso_encap Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nfnetlink_cthelper: unbreak userspace helper support Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: make conntrack userspace helpers work again Phil Sutter <phil(a)nwl.cc> netfilter: ipset: Fix subcounter update skip Michael Braun <michael-dev(a)fami-braun.de> netfilter: nft_reject_bridge: enable reject with bridge vlan Xin Long <lucien.xin(a)gmail.com> ip_vti: receive ipip packet by calling ip_tunnel_rcv Antony Antony <antony(a)phenome.org> xfrm: fix error in comment Xin Long <lucien.xin(a)gmail.com> xfrm: fix a NULL-ptr deref in xfrm_local_error Xin Long <lucien.xin(a)gmail.com> xfrm: fix a warning in xfrm_policy_insert_list Nicolas Dichtel <nicolas.dichtel(a)6wind.com> xfrm interface: fix oops when deleting a x-netns interface Xin Long <lucien.xin(a)gmail.com> xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output Xin Long <lucien.xin(a)gmail.com> xfrm: remove the xfrm_state_put call becofe going to out_reset Xin Long <lucien.xin(a)gmail.com> xfrm: do pskb_pull properly in __xfrm_transport_prep Xin Long <lucien.xin(a)gmail.com> xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input Al Viro <viro(a)zeniv.linux.org.uk> copy_xstate_to_kernel(): don't leave parts of destination uninitialized Alexander Dahl <post(a)lespocky.de> x86/dma: Fix max PFN arithmetic overflow on 32 bit systems Linus Lüssing <ll(a)simonwunderlich.de> mac80211: mesh: fix discovery timer re-arming issue / crash Andy Lutomirski <luto(a)kernel.org> x86/syscalls: Revert "x86/syscalls: Make __X32_SYSCALL_BIT be unsigned long" Johannes Berg <johannes.berg(a)intel.com> cfg80211: fix debugfs rename crash Helge Deller <deller(a)gmx.de> parisc: Fix kernel panic in mem_init() Qiushi Wu <wu000273(a)umn.edu> iommu: Fix reference count leak in iommu_group_alloc. Linus Walleij <linus.walleij(a)linaro.org> gpio: fix locking open drain IRQ lines Jens Axboe <axboe(a)kernel.dk> Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT" Arnd Bergmann <arnd(a)arndb.de> include/asm-generic/topology.h: guard cpumask_of_node() macro argument Alexander Potapenko <glider(a)google.com> fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() Konstantin Khlebnikov <khlebnikov(a)yandex-team.ru> mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() Hugh Dickins <hughd(a)google.com> mm,thp: stop leaking unreleased file pages Valentine Fatiev <valentinef(a)mellanox.com> IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode Simon Ser <contact(a)emersion.fr> drm/amd/display: drop cursor position check in atomic test Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Fix double destruction of uobject Jeff Layton <jlayton(a)kernel.org> ceph: flush release queue when handling caps for unknown inode Jerry Lee <leisurelysw24(a)gmail.com> libceph: ignore pool overlay and cache logic on redirects Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add new codec supported for ALC287 Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio Vinod Koul <vkoul(a)kernel.org> clk: qcom: gcc: Fix parent for gpll0_out_even Eric W. Biederman <ebiederm(a)xmission.com> exec: Always set cap_ambient in cap_bprm_set_creds Chris Chiu <chiu(a)endlessm.com> ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround Changming Liu <liu.changm(a)northeastern.edu> ALSA: hwdep: fix a left shifting 1 by 31 UB bug Qiushi Wu <wu000273(a)umn.edu> RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() Tiezhu Yang <yangtiezhu(a)loongson.cn> gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() Tiezhu Yang <yangtiezhu(a)loongson.cn> gpio: pxa: Fix return value of pxa_gpio_probe() Peng Hao <richard.peng(a)oppo.com> mmc: block: Fix use-after-free issue for rpmb Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> ARM: dts: bcm: HR2: Fix PPI interrupt types Vincent Stehlé <vincent.stehle(a)laposte.net> ARM: dts: bcm2835-rpi-zero-w: Fix led polarity Robert Beckett <bob.beckett(a)collabora.com> ARM: dts/imx6q-bx50v3: Set display interface clock parents Kaike Wan <kaike.wan(a)intel.com> IB/qib: Call kobject_put() when kobject_init_and_add() fails Paul Cercueil <paul(a)crapouillou.net> gpu/drm: Ingenic: Fix opaque pointer casted to wrong type Dennis YC Hsieh <dennis-yc.hsieh(a)mediatek.com> soc: mediatek: cmdq: return send msg error code Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8173: fix vcodec-enc clock Takashi Iwai <tiwai(a)suse.de> gpio: exar: Fix bad handling for ida_simple_get error path Russell King <rmk+kernel(a)armlinux.org.uk> ARM: uaccess: fix DACR mismatch with nested exceptions Russell King <rmk+kernel(a)armlinux.org.uk> ARM: uaccess: integrate uaccess_save and uaccess_restore Russell King <rmk+kernel(a)armlinux.org.uk> ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h Łukasz Stelmach <l.stelmach(a)samsung.com> ARM: 8970/1: decompressor: increase tag size Wei Yongjun <weiyongjun1(a)huawei.com> Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() Evan Green <evgreen(a)chromium.org> Input: synaptics-rmi4 - really fix attn_data use-after-free Kevin Locke <kevin(a)kevinlocke.name> Input: i8042 - add ThinkPad S230u to i8042 reset list Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Input: dlink-dir685-touchkeys - fix a typo in driver name Łukasz Patron <priv.luk(a)gmail.com> Input: xpad - add custom init packet for Xbox One S controllers Brendan Shanks <bshanks(a)codeweavers.com> Input: evdev - call input_flush_device() on release(), not flush() Kevin Locke <kevin(a)kevinlocke.name> Input: i8042 - add ThinkPad S230u to i8042 nomux list James Hilliard <james.hilliard1(a)gmail.com> Input: usbtouchscreen - add support for BonXeon TP Madhuparna Bhowmik <madhuparnabhowmik10(a)gmail.com> drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c Matteo Croce <mcroce(a)redhat.com> samples: bpf: Fix build error Al Viro <viro(a)zeniv.linux.org.uk> csky: Fixup raw_copy_from_user() Steve French <stfrench(a)microsoft.com> cifs: Fix null pointer check in cifs_read Amy Shih <amy.shih(a)advantech.com.tw> hwmon: (nct7904) Fix incorrect range of temperature limit registers Liu Yibin <jiulong(a)linux.alibaba.com> csky: Fixup remove duplicate irq_disable Mao Han <han_mao(a)linux.alibaba.com> csky: Fixup perf callchain unwind Liu Yibin <jiulong(a)linux.alibaba.com> csky: Fixup msa highest 3 bits mask Tero Kristo <t-kristo(a)ti.com> clk: ti: am33xx: fix RTC clock parent Kefeng Wang <wangkefeng.wang(a)huawei.com> riscv: stacktrace: Fix undefined reference to `walk_stackframe' Denis V. Lunev <den(a)openvz.org> IB/i40iw: Remove bogus call to netdev_master_upper_dev_get() Arnd Bergmann <arnd(a)arndb.de> net: freescale: select CONFIG_FIXED_PHY where needed Masahiro Yamada <masahiroy(a)kernel.org> usb: gadget: legacy: fix redundant initialization warnings Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> usb: phy: twl6030-usb: Fix a resource leak in an error handling path in 'twl6030_usb_probe()' Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: pci: Enable extcon driver for Intel Merrifield Lei Xue <carmark.dlut(a)gmail.com> cachefiles: Fix race between read_waiter and read_copier involving op->to_do Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Use GEM obj reference for KFD BOs Evan Quan <evan.quan(a)amd.com> drm/amd/powerplay: perform PG ungate prior to CG ungate Evan Quan <evan.quan(a)amd.com> drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Grab glock reference sooner in gfs2_add_revoke Bob Peterson <rpeterso(a)redhat.com> gfs2: don't call quota_unhold if quotas are not locked Bob Peterson <rpeterso(a)redhat.com> gfs2: move privileged user check to gfs2_quota_lock_check Chuhong Yuan <hslester96(a)gmail.com> net: microchip: encx24j600: add missed kthread_stop Andrew Oakley <andrew(a)adoakley.name> ALSA: usb-audio: add mapping for ASRock TRX40 Creator Stephen Warren <swarren(a)nvidia.com> gpio: tegra: mask GPIO IRQs during IRQ shutdown Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: swap clock-names of gpu nodes Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node Johan Jonker <jbx6244(a)gmail.com> arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix phy nodename for rk3229-xms6 Johan Jonker <jbx6244(a)gmail.com> ARM: dts: rockchip: fix phy nodename for rk3228-evb Jiri Pirko <jiri(a)mellanox.com> mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails Qiushi Wu <wu000273(a)umn.edu> net/mlx4_core: fix a memory leak bug. Qiushi Wu <wu000273(a)umn.edu> net: sun: fix missing release regions in cas_init_one(). Vadim Fedorenko <vfedorenko(a)novek.ru> net/tls: free record only on encryption error Vadim Fedorenko <vfedorenko(a)novek.ru> net/tls: fix encryption error checking Roi Dayan <roid(a)mellanox.com> net/mlx5: Annotate mutex destroy for root ns Shay Drory <shayd(a)mellanox.com> net/mlx5: Fix error flow in case of function_setup failure Moshe Shemesh <moshe(a)mellanox.com> net/mlx5e: Update netdev txq on completions during closure Moshe Shemesh <moshe(a)mellanox.com> net/mlx5: Fix memory leak in mlx5_events_init Roi Dayan <roid(a)mellanox.com> net/mlx5e: Fix inner tirs handling Tariq Toukan <tariqt(a)mellanox.com> net/mlx5e: kTLS, Destroy key object after destroying the TIS Eric Dumazet <edumazet(a)google.com> tipc: block BH before using dst_cache Jere Leppänen <jere.leppanen(a)nokia.com> sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed Neil Horman <nhorman(a)tuxdriver.com> sctp: Don't add the shutdown timer if its already been added Marc Payne <marc.payne(a)mdpsys.co.uk> r8152: support additional Microsoft Surface Ethernet Adapter variant David Ahern <dsahern(a)gmail.com> nexthop: Fix attribute checking for groups Vinay Kumar Yadav <vinay.yadav(a)chelsio.com> net/tls: fix race condition causing kernel panic Roman Mashak <mrv(a)mojatatu.com> net sched: fix reporting the first-time use timestamp Yuqi Jin <jinyuqi(a)huawei.com> net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() Stephen Worley <sworley(a)cumulusnetworks.com> net: nlmsg_cancel() if put fails for nhmsg Russell King <rmk+kernel(a)armlinux.org.uk> net: mvpp2: fix RX hashing for non-10G ports Moshe Shemesh <moshe(a)mellanox.com> net/mlx5: Add command entry handling completion Vadim Fedorenko <vfedorenko(a)novek.ru> net: ipip: fix wrong address family in init error path Martin KaFai Lau <kafai(a)fb.com> net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* Boris Sukholitko <boris.sukholitko(a)broadcom.com> __netif_receive_skb_core: pass skb by reference Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend DENG Qingfang <dqfext(a)gmail.com> net: dsa: mt7530: fix roaming from DSA user ports Sabrina Dubroca <sd(a)queasysnail.net> net: don't return invalid table id error when we fall back to PF_UNSPEC Vladimir Oltean <vladimir.oltean(a)nxp.com> dpaa_eth: fix usage as DSA master, try 3 Eric Dumazet <edumazet(a)google.com> ax25: fix setsockopt(SO_BINDTODEVICE) ------------- Diffstat: Makefile | 4 +- arch/arm/boot/compressed/vmlinux.lds.S | 2 +- arch/arm/boot/dts/bcm-hr2.dtsi | 6 +- arch/arm/boot/dts/bcm2835-rpi-zero-w.dts | 2 +- arch/arm/boot/dts/imx6q-b450v3.dts | 7 -- arch/arm/boot/dts/imx6q-b650v3.dts | 7 -- arch/arm/boot/dts/imx6q-b850v3.dts | 11 -- arch/arm/boot/dts/imx6q-bx50v3.dtsi | 15 +++ arch/arm/boot/dts/rk3036.dtsi | 2 +- arch/arm/boot/dts/rk3228-evb.dts | 2 +- arch/arm/boot/dts/rk3229-xms6.dts | 2 +- arch/arm/boot/dts/rk322x.dtsi | 6 +- arch/arm/boot/dts/rk3xxx.dtsi | 2 +- arch/arm/include/asm/assembler.h | 75 +------------ arch/arm/include/asm/uaccess-asm.h | 117 +++++++++++++++++++++ arch/arm/kernel/entry-armv.S | 11 +- arch/arm/kernel/entry-header.S | 9 +- arch/arm64/boot/dts/mediatek/mt8173.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3328-evb.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3399.dtsi | 8 +- arch/csky/abiv1/inc/abi/entry.h | 4 +- arch/csky/abiv2/inc/abi/entry.h | 4 +- arch/csky/include/asm/uaccess.h | 49 +++++---- arch/csky/kernel/entry.S | 2 - arch/csky/kernel/perf_callchain.c | 9 +- arch/csky/lib/usercopy.c | 8 +- arch/parisc/mm/init.c | 2 +- arch/riscv/kernel/stacktrace.c | 2 +- arch/x86/include/asm/dma.h | 2 +- arch/x86/include/uapi/asm/unistd.h | 11 +- arch/x86/kernel/fpu/xstate.c | 86 ++++++++------- block/blk-core.c | 11 +- drivers/clk/qcom/gcc-sm8150.c | 3 +- drivers/clk/ti/clk-33xx.c | 2 +- drivers/crypto/chelsio/chtls/chtls_io.c | 2 +- drivers/gpio/gpio-bcm-kona.c | 2 +- drivers/gpio/gpio-exar.c | 7 +- drivers/gpio/gpio-pxa.c | 4 +- drivers/gpio/gpio-tegra.c | 1 + drivers/gpio/gpiolib.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 12 +-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 -- drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 6 +- drivers/gpu/drm/amd/powerplay/amdgpu_smu.c | 6 +- drivers/gpu/drm/ingenic/ingenic-drm.c | 2 +- drivers/hwmon/nct7904.c | 4 +- drivers/infiniband/core/rdma_core.c | 20 ++-- drivers/infiniband/hw/i40iw/i40iw_cm.c | 8 -- drivers/infiniband/hw/qib/qib_sysfs.c | 9 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib.h | 4 + drivers/infiniband/ulp/ipoib/ipoib_cm.c | 15 +-- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 9 +- drivers/infiniband/ulp/ipoib/ipoib_main.c | 10 +- drivers/input/evdev.c | 19 +--- drivers/input/joystick/xpad.c | 12 +++ drivers/input/keyboard/dlink-dir685-touchkeys.c | 2 +- drivers/input/rmi4/rmi_driver.c | 5 +- drivers/input/serio/i8042-x86ia64io.h | 7 ++ drivers/input/touchscreen/usbtouchscreen.c | 1 + drivers/iommu/iommu.c | 2 +- drivers/mmc/core/block.c | 2 +- drivers/net/bonding/bond_sysfs_slave.c | 4 +- drivers/net/dsa/mt7530.c | 9 +- drivers/net/dsa/mt7530.h | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- drivers/net/ethernet/freescale/Kconfig | 2 + drivers/net/ethernet/freescale/dpaa/Kconfig | 1 + drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_cls.c | 2 +- drivers/net/ethernet/mellanox/mlx4/fw.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 14 +++ drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ktls.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 12 ++- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/events.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 6 ++ .../net/ethernet/mellanox/mlx5/core/ipoib/ipoib.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 14 ++- drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 8 ++ drivers/net/ethernet/microchip/encx24j600.c | 5 +- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 4 +- drivers/net/ethernet/sun/cassini.c | 3 +- drivers/net/ethernet/ti/cpsw.c | 4 + drivers/net/hamradio/bpqether.c | 3 +- drivers/net/usb/cdc_ether.c | 11 +- drivers/net/usb/r8152.c | 1 + drivers/soc/mediatek/mtk-cmdq-helper.c | 4 +- drivers/usb/dwc3/dwc3-pci.c | 1 + drivers/usb/gadget/legacy/inode.c | 3 +- drivers/usb/phy/phy-twl6030-usb.c | 12 ++- fs/binfmt_elf.c | 2 +- fs/cachefiles/rdwr.c | 2 +- fs/ceph/caps.c | 2 +- fs/cifs/file.c | 2 +- fs/gfs2/log.c | 6 +- fs/gfs2/quota.c | 6 +- fs/gfs2/quota.h | 3 +- include/asm-generic/topology.h | 2 +- include/linux/ieee80211.h | 2 +- include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 15 ++- include/linux/netfilter/nf_conntrack_pptp.h | 2 +- include/net/act_api.h | 3 +- include/net/ip_fib.h | 11 +- include/net/nexthop.h | 67 +++++++++--- include/net/tls.h | 4 + include/rdma/uverbs_std_types.h | 2 +- include/uapi/linux/xfrm.h | 2 +- mm/khugepaged.c | 1 + net/ax25/af_ax25.c | 6 +- net/bridge/netfilter/nft_reject_bridge.c | 6 ++ net/ceph/osd_client.c | 4 +- net/core/dev.c | 20 +++- net/dsa/slave.c | 1 + net/dsa/tag_mtk.c | 15 +++ net/ipv4/esp4_offload.c | 4 +- net/ipv4/fib_frontend.c | 22 ++-- net/ipv4/inet_connection_sock.c | 43 ++++---- net/ipv4/ip_vti.c | 23 +++- net/ipv4/ipip.c | 2 +- net/ipv4/ipmr.c | 2 +- net/ipv4/netfilter/nf_nat_pptp.c | 7 +- net/ipv4/nexthop.c | 105 +++++++++++------- net/ipv4/route.c | 14 ++- net/ipv6/esp6_offload.c | 13 ++- net/ipv6/ip6_fib.c | 2 +- net/ipv6/ip6mr.c | 2 +- net/mac80211/mesh_hwmp.c | 7 ++ net/netfilter/ipset/ip_set_list_set.c | 2 +- net/netfilter/nf_conntrack_core.c | 80 ++++++++++++-- net/netfilter/nf_conntrack_pptp.c | 62 ++++++----- net/netfilter/nfnetlink_cthelper.c | 3 +- net/qrtr/qrtr.c | 2 +- net/sctp/sm_sideeffect.c | 14 ++- net/sctp/sm_statefuns.c | 9 +- net/tipc/udp_media.c | 6 +- net/tls/tls_sw.c | 50 ++++++--- net/wireless/core.c | 2 +- net/xdp/xdp_umem.c | 8 +- net/xfrm/xfrm_device.c | 8 +- net/xfrm/xfrm_input.c | 2 +- net/xfrm/xfrm_interface.c | 21 ++++ net/xfrm/xfrm_output.c | 15 +-- net/xfrm/xfrm_policy.c | 7 +- samples/bpf/lwt_len_hist_user.c | 2 - security/commoncap.c | 1 + sound/core/hwdep.c | 4 +- sound/pci/hda/patch_realtek.c | 39 +++++-- sound/usb/mixer.c | 8 ++ sound/usb/mixer_maps.c | 24 +++++ sound/usb/quirks-table.h | 26 +++++ tools/arch/x86/include/uapi/asm/unistd.h | 2 +- tools/perf/util/srcline.c | 16 ++- 159 files changed, 1101 insertions(+), 594 deletions(-)

3 years, 11 months

5
152
0 0

FAILED: patch "[PATCH] iwlwifi: mvm: fix the return type for DSM functions 1 and 2" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From aefbe5c445c7e2f0e082b086ba1e45502dac4b0e Mon Sep 17 00:00:00 2001 From: Matt Chen <matt.chen(a)intel.com> Date: Fri, 22 Jan 2021 14:52:36 +0200 Subject: [PATCH] iwlwifi: mvm: fix the return type for DSM functions 1 and 2 The return type value of functions 1 and 2 were considered to be an integer inside a buffer, but they can also be only an integer, without the buffer. Fix the code in iwl_acpi_get_dsm_u8() to handle it as a single integer value, as well as packed inside a buffer. Signed-off-by: Matt Chen <matt.chen(a)intel.com> Fixes: 9db93491f29e ("iwlwifi: acpi: support device specific method (DSM)") Signed-off-by: Luca Coelho <luciano.coelho(a)intel.com> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> Link: https://lore.kernel.org/r/iwlwifi.20210122144849.5757092adcd6.Ic24524627b89… diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c index 15248b064380..d8b7776a8dde 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c @@ -80,19 +80,45 @@ static void *iwl_acpi_get_dsm_object(struct device *dev, int rev, int func, } /* - * Evaluate a DSM with no arguments and a single u8 return value (inside a - * buffer object), verify and return that value. + * Generic function to evaluate a DSM with no arguments + * and an integer return value, + * (as an integer object or inside a buffer object), + * verify and assign the value in the "value" parameter. + * return 0 in success and the appropriate errno otherwise. */ -int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func) +static int iwl_acpi_get_dsm_integer(struct device *dev, int rev, int func, + u64 *value, size_t expected_size) { union acpi_object *obj; - int ret; + int ret = 0; obj = iwl_acpi_get_dsm_object(dev, rev, func, NULL); - if (IS_ERR(obj)) + if (IS_ERR(obj)) { + IWL_DEBUG_DEV_RADIO(dev, + "Failed to get DSM object. func= %d\n", + func); return -ENOENT; + } + + if (obj->type == ACPI_TYPE_INTEGER) { + *value = obj->integer.value; + } else if (obj->type == ACPI_TYPE_BUFFER) { + __le64 le_value = 0; - if (obj->type != ACPI_TYPE_BUFFER) { + if (WARN_ON_ONCE(expected_size > sizeof(le_value))) + return -EINVAL; + + /* if the buffer size doesn't match the expected size */ + if (obj->buffer.length != expected_size) + IWL_DEBUG_DEV_RADIO(dev, + "ACPI: DSM invalid buffer size, padding or truncating (%d)\n", + obj->buffer.length); + + /* assuming LE from Intel BIOS spec */ + memcpy(&le_value, obj->buffer.pointer, + min_t(size_t, expected_size, (size_t)obj->buffer.length)); + *value = le64_to_cpu(le_value); + } else { IWL_DEBUG_DEV_RADIO(dev, "ACPI: DSM method did not return a valid object, type=%d\n", obj->type); @@ -100,15 +126,6 @@ int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func) goto out; } - if (obj->buffer.length != sizeof(u8)) { - IWL_DEBUG_DEV_RADIO(dev, - "ACPI: DSM method returned invalid buffer, length=%d\n", - obj->buffer.length); - ret = -EINVAL; - goto out; - } - - ret = obj->buffer.pointer[0]; IWL_DEBUG_DEV_RADIO(dev, "ACPI: DSM method evaluated: func=%d, ret=%d\n", func, ret); @@ -116,6 +133,24 @@ int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func) ACPI_FREE(obj); return ret; } + +/* + * Evaluate a DSM with no arguments and a u8 return value, + */ +int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func, u8 *value) +{ + int ret; + u64 val; + + ret = iwl_acpi_get_dsm_integer(dev, rev, func, &val, sizeof(u8)); + + if (ret < 0) + return ret; + + /* cast val (u64) to be u8 */ + *value = (u8)val; + return 0; +} IWL_EXPORT_SYMBOL(iwl_acpi_get_dsm_u8); union acpi_object *iwl_acpi_get_wifi_pkg(struct device *dev, diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.h b/drivers/net/wireless/intel/iwlwifi/fw/acpi.h index 042dd247d387..1cce30d1ef55 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.h +++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */ /* * Copyright (C) 2017 Intel Deutschland GmbH - * Copyright (C) 2018-2020 Intel Corporation + * Copyright (C) 2018-2021 Intel Corporation */ #ifndef __iwl_fw_acpi__ #define __iwl_fw_acpi__ @@ -99,7 +99,7 @@ struct iwl_fw_runtime; void *iwl_acpi_get_object(struct device *dev, acpi_string method); -int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func); +int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func, u8 *value); union acpi_object *iwl_acpi_get_wifi_pkg(struct device *dev, union acpi_object *data, @@ -159,7 +159,8 @@ static inline void *iwl_acpi_get_dsm_object(struct device *dev, int rev, return ERR_PTR(-ENOENT); } -static inline int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func) +static inline +int iwl_acpi_get_dsm_u8(struct device *dev, int rev, int func, u8 *value) { return -ENOENT; } diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c index 0637eb1cff4e..313e9f106f46 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c @@ -1090,20 +1090,22 @@ static void iwl_mvm_tas_init(struct iwl_mvm *mvm) static u8 iwl_mvm_eval_dsm_indonesia_5g2(struct iwl_mvm *mvm) { + u8 value; + int ret = iwl_acpi_get_dsm_u8((&mvm->fwrt)->dev, 0, - DSM_FUNC_ENABLE_INDONESIA_5G2); + DSM_FUNC_ENABLE_INDONESIA_5G2, &value); if (ret < 0) IWL_DEBUG_RADIO(mvm, "Failed to evaluate DSM function ENABLE_INDONESIA_5G2, ret=%d\n", ret); - else if (ret >= DSM_VALUE_INDONESIA_MAX) + else if (value >= DSM_VALUE_INDONESIA_MAX) IWL_DEBUG_RADIO(mvm, - "DSM function ENABLE_INDONESIA_5G2 return invalid value, ret=%d\n", - ret); + "DSM function ENABLE_INDONESIA_5G2 return invalid value, value=%d\n", + value); - else if (ret == DSM_VALUE_INDONESIA_ENABLE) { + else if (value == DSM_VALUE_INDONESIA_ENABLE) { IWL_DEBUG_RADIO(mvm, "Evaluated DSM function ENABLE_INDONESIA_5G2: Enabling 5g2\n"); return DSM_VALUE_INDONESIA_ENABLE; @@ -1114,25 +1116,26 @@ static u8 iwl_mvm_eval_dsm_indonesia_5g2(struct iwl_mvm *mvm) static u8 iwl_mvm_eval_dsm_disable_srd(struct iwl_mvm *mvm) { + u8 value; int ret = iwl_acpi_get_dsm_u8((&mvm->fwrt)->dev, 0, - DSM_FUNC_DISABLE_SRD); + DSM_FUNC_DISABLE_SRD, &value); if (ret < 0) IWL_DEBUG_RADIO(mvm, "Failed to evaluate DSM function DISABLE_SRD, ret=%d\n", ret); - else if (ret >= DSM_VALUE_SRD_MAX) + else if (value >= DSM_VALUE_SRD_MAX) IWL_DEBUG_RADIO(mvm, - "DSM function DISABLE_SRD return invalid value, ret=%d\n", - ret); + "DSM function DISABLE_SRD return invalid value, value=%d\n", + value); - else if (ret == DSM_VALUE_SRD_PASSIVE) { + else if (value == DSM_VALUE_SRD_PASSIVE) { IWL_DEBUG_RADIO(mvm, "Evaluated DSM function DISABLE_SRD: setting SRD to passive\n"); return DSM_VALUE_SRD_PASSIVE; - } else if (ret == DSM_VALUE_SRD_DISABLE) { + } else if (value == DSM_VALUE_SRD_DISABLE) { IWL_DEBUG_RADIO(mvm, "Evaluated DSM function DISABLE_SRD: disabling SRD\n"); return DSM_VALUE_SRD_DISABLE;

3 years, 11 months

1
0
0 0

[PATCH v6] x86/sgx: Maintain encl->refcount for each encl->mm_list entry

by Jarkko Sakkinen

This has been shown in tests: [ +0.000008] WARNING: CPU: 3 PID: 7620 at kernel/rcu/srcutree.c:374 cleanup_srcu_struct+0xed/0x100 There are two functions that drain encl->mm_list: - sgx_release() (i.e. VFS release) removes the remaining mm_list entries. - sgx_mmu_notifier_release() removes mm_list entry for the registered process, if it still exists. If encl->refcount is taken only for VFS, this can lead to sgx_encl_release() being executed before sgx_mmu_notifier_release() completes, which is exactly what happens in the above klog entry. Each process also needs its own enclave reference. In order to fix the race condition, increase encl->refcount when an entry to encl->mm_list added for a process. Release this reference when the mm_list entry is cleaned up, either in sgx_mmu_notifier_release() or sgx_release(). Cc: stable(a)vger.kernel.org Fixes: 1728ab54b4be ("x86/sgx: Add a page reclaimer") Reported-by: Haitao Huang <haitao.huang(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v6: - Maintain refcount for each encl->mm_list entry. v5: - To make sure that the instance does not get deleted use kref_get() kref_put(). This also removes the need for additional synchronize_srcu(). v4: - Rewrite the commit message. - Just change the call order. *_expedited() is out of scope for this bug fix. v3: Fine-tuned tags, and added missing change log for v2. v2: Switch to synchronize_srcu_expedited(). arch/x86/kernel/cpu/sgx/driver.c | 6 ++++++ arch/x86/kernel/cpu/sgx/encl.c | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/arch/x86/kernel/cpu/sgx/driver.c b/arch/x86/kernel/cpu/sgx/driver.c index f2eac41bb4ff..8d8fcc91c0d6 100644 --- a/arch/x86/kernel/cpu/sgx/driver.c +++ b/arch/x86/kernel/cpu/sgx/driver.c @@ -72,6 +72,12 @@ static int sgx_release(struct inode *inode, struct file *file) synchronize_srcu(&encl->srcu); mmu_notifier_unregister(&encl_mm->mmu_notifier, encl_mm->mm); kfree(encl_mm); + + /* + * Release the mm_list reference, as sgx_mmu_notifier_release() + * will only do this only, when it grabs encl_mm. + */ + kref_put(&encl->refcount, sgx_encl_release); } kref_put(&encl->refcount, sgx_encl_release); diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index ee50a5010277..c1d9c86c0265 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -474,6 +474,7 @@ static void sgx_mmu_notifier_release(struct mmu_notifier *mn, if (tmp == encl_mm) { synchronize_srcu(&encl_mm->encl->srcu); mmu_notifier_put(mn); + kref_put(&encl_mm->encl->refcount, sgx_encl_release); } } @@ -545,6 +546,13 @@ int sgx_encl_mm_add(struct sgx_encl *encl, struct mm_struct *mm) } spin_lock(&encl->mm_lock); + + /* + * Take a reference to guarantee that the enclave is not destroyed, + * while sgx_mmu_notifier_release() is active. + */ + kref_get(&encl->refcount); + list_add_rcu(&encl_mm->list, &encl->mm_list); /* Pairs with smp_rmb() in sgx_reclaimer_block(). */ smp_wmb(); -- 2.30.0

3 years, 11 months

1
0
0 0

[RESEND PATCH] nvmem: qcom-spmi-sdam: Fix uninitialized pdev pointer

by Subbaraman Narayanamurthy

"sdam->pdev" is uninitialized and it is used to print error logs. Fix it. Since device pointer can be used from sdam_config, use it directly thereby removing pdev pointer. Cc: stable(a)vger.kernel.org Signed-off-by: Subbaraman Narayanamurthy <subbaram(a)codeaurora.org> --- drivers/nvmem/qcom-spmi-sdam.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/nvmem/qcom-spmi-sdam.c b/drivers/nvmem/qcom-spmi-sdam.c index a72704c..f6e9f96 100644 --- a/drivers/nvmem/qcom-spmi-sdam.c +++ b/drivers/nvmem/qcom-spmi-sdam.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (c) 2017, 2020 The Linux Foundation. All rights reserved. + * Copyright (c) 2017, 2020-2021, The Linux Foundation. All rights reserved. */ #include <linux/device.h> @@ -18,7 +18,6 @@ #define SDAM_PBS_TRIG_CLR 0xE6 struct sdam_chip { - struct platform_device *pdev; struct regmap *regmap; struct nvmem_config sdam_config; unsigned int base; @@ -65,7 +64,7 @@ static int sdam_read(void *priv, unsigned int offset, void *val, size_t bytes) { struct sdam_chip *sdam = priv; - struct device *dev = &sdam->pdev->dev; + struct device *dev = sdam->sdam_config.dev; int rc; if (!sdam_is_valid(sdam, offset, bytes)) { @@ -86,7 +85,7 @@ static int sdam_write(void *priv, unsigned int offset, void *val, size_t bytes) { struct sdam_chip *sdam = priv; - struct device *dev = &sdam->pdev->dev; + struct device *dev = sdam->sdam_config.dev; int rc; if (!sdam_is_valid(sdam, offset, bytes)) { -- The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project

3 years, 11 months

2
1
0 0

[PATCH v2] misc: rtsx: init of rts522a add OCP power off when no card is present

by ricky_wu＠realtek.com

From: Ricky Wu <ricky_wu(a)realtek.com> Power down OCP for power consumption when no SD/MMC card is present Cc: stable(a)vger.kernel.org Signed-off-by: Ricky Wu <ricky_wu(a)realtek.com> --- v2: update the subject line and description --- drivers/misc/cardreader/rts5227.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/misc/cardreader/rts5227.c b/drivers/misc/cardreader/rts5227.c index 8859011672cb..8200af22b529 100644 --- a/drivers/misc/cardreader/rts5227.c +++ b/drivers/misc/cardreader/rts5227.c @@ -398,6 +398,11 @@ static int rts522a_extra_init_hw(struct rtsx_pcr *pcr) { rts5227_extra_init_hw(pcr); + /* Power down OCP for power consumption */ + if (!pcr->card_exist) + rtsx_pci_write_register(pcr, FPDCTL, OC_POWER_DOWN, + OC_POWER_DOWN); + rtsx_pci_write_register(pcr, FUNC_FORCE_CTL, FUNC_FORCE_UPME_XMT_DBG, FUNC_FORCE_UPME_XMT_DBG); rtsx_pci_write_register(pcr, PCLK_CTL, 0x04, 0x04); -- 2.17.1

3 years, 11 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2021