Sanjay R Mehta [Sat, 28 Aug 2021 19:28:28 +0000 (14:28 -0500)]
dmaengine: ptdma: remove PT_OFFSET to avoid redefnition
Building on ARCH=um causes a "redefined" warning, so remove this
PT_OFFSET macro to avoid the warning.
drivers/dma/ptdma/ptdma.h:34: warning: "PT_OFFSET" redefined
34 | #define PT_OFFSET 0x0
|
In file included from ./arch/um/include/asm/thread_info.h:17,
from ./include/linux/thread_info.h:60,
from ./include/asm-generic/preempt.h:5,
from ./arch/um/include/generated/asm/preempt.h:1,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:55,
from ./include/linux/wait.h:9,
from ./include/linux/wait_bit.h:8,
from ./include/linux/fs.h:6,
from ./include/linux/debugfs.h:15,
from drivers/dma/ptdma/ptdma-debugfs.c:12:
./arch/x86/um/shared/sysdep/ptrace_user.h:4: note: this is the location of the previous definition
4 | #define PT_OFFSET(r) ((r) * sizeof(long))
Sanjay R Mehta [Tue, 17 Aug 2021 13:55:57 +0000 (08:55 -0500)]
dmaengine: ptdma: Initial driver for the AMD PTDMA
Add support for AMD PTDMA controller. It performs high-bandwidth
memory to memory and IO copy operation. Device commands are managed
via a circular queue of 'descriptors', each of which specifies source
and destination addresses for copying a single buffer of data.
Dave Jiang [Tue, 24 Aug 2021 21:24:27 +0000 (14:24 -0700)]
dmaengine: idxd: remove interrupt disable for dev_lock
The spinlock is not being used in hard interrupt context. There is no need
to disable irq when acquiring the lock. The interrupt thread handler also
is not in bottom half context, therefore we can also remove disabling of
the bh. Convert all dev_lock acquisition to plain spin_lock() calls.
Dave Jiang [Tue, 24 Aug 2021 21:24:39 +0000 (14:24 -0700)]
dmaengine: idxd: remove interrupt disable for cmd_lock
The cmd_lock spinlock is not being used in hard interrupt context. There is
no need to disable irq when acquiring the lock. Convert all cmd_lock
acquisition to plain spin_lock() calls.
Dave Jiang [Thu, 19 Aug 2021 16:34:06 +0000 (09:34 -0700)]
dmaengine: idxd: fix setting up priv mode for dwq
DSA spec says WQ priv bit is 0 if the Privileged Mode Enable field of the
PCI Express PASID capability is 0 and pasid is enabled. Make sure that the
WQCFG priv field is set correctly according to usage type. Reject config if
setting up kernel WQ type and no support. Also add the correct priv setup
for a descriptor.
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
The xilinx dma driver uses the consistent allocations, so for correct
operation also set the DMA mask for coherent APIs. It fixes the below
kernel crash with dmatest client when DMA IP is configured with 64-bit
address width and linux is booted from high (>4GB) memory.
Pratyush Yadav [Thu, 19 Aug 2021 11:01:05 +0000 (16:31 +0530)]
dmaengine: ti: k3-psil-j721e: Add entry for CSI2RX
The CSI2RX subsystem on J721E is serviced by UDMA via PSI-L to transfer
frames to memory. It can have up to 32 threads per instance. J721E has
two instances of the subsystem, so there are 64 threads total. Add them
to the endpoint map.
Dave Jiang [Fri, 6 Aug 2021 17:38:37 +0000 (10:38 -0700)]
dmaengine: idxd: set descriptor allocation size to threshold for swq
Since submission is sent to limited portal, the actual wq size for shared
wq is set by the threshold rather than the wq size. When the wq type is
shared, set the allocated descriptors to the threshold.
Dave Jiang [Fri, 6 Aug 2021 17:37:40 +0000 (10:37 -0700)]
dmaengine: idxd: make submit failure path consistent on desc freeing
The submission path for dmaengine API does not do descriptor freeing on
failure. Also, with the abort mechanism, the freeing of descriptor happens
when the abort callback is completed. Therefore free descriptor on all
error paths for submission call to make things consistent. Also remove the
double free that would happen on abort in idxd_dma_tx_submit() call.
Linus Torvalds [Sun, 8 Aug 2021 18:53:30 +0000 (11:53 -0700)]
Merge tag 'timers-urgent-2021-08-08' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Thomas Gleixner:
"A single timer fix:
- Prevent a memory ordering issue in the timer expiry code which
makes it possible to observe falsely that the callback has been
executed already while that's not the case, which violates the
guarantee of del_timer_sync()"
* tag 'timers-urgent-2021-08-08' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
timers: Move clearing of base::timer_running under base:: Lock
Linus Torvalds [Sun, 8 Aug 2021 18:46:13 +0000 (11:46 -0700)]
Merge tag 'perf-urgent-2021-08-08' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Thomas Gleixner:
"A set of perf fixes:
- Correct the permission checks for perf event which send SIGTRAP to
a different process and clean up that code to be more readable.
- Prevent an out of bound MSR access in the x86 perf code which
happened due to an incomplete limiting to the actually available
hardware counters.
- Prevent access to the AMD64_EVENTSEL_HOSTONLY bit when running
inside a guest.
- Handle small core counter re-enabling correctly by issuing an ACK
right before reenabling it to prevent a stale PEBS record being
kept around"
* tag 'perf-urgent-2021-08-08' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/intel: Apply mid ACK for small core
perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
perf/x86: Fix out of bound MSR access
perf: Refactor permissions check into perf_check_permission()
perf: Fix required permissions if sigtrap is requested
Linus Torvalds [Sun, 8 Aug 2021 17:41:49 +0000 (10:41 -0700)]
Merge tag 'char-misc-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small char/misc driver fixes for 5.14-rc5.
They resolve a few regressions that people reported:
- acrn driver fix
- fpga driver fix
- interconnect tiny driver fixes
All have been in linux-next for a while with no reported issues"
* tag 'char-misc-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
interconnect: Fix undersized devress_alloc allocation
interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate
interconnect: qcom: icc-rpmh: Ensure floor BW is enforced for all nodes
fpga: dfl: fme: Fix cpu hotplug issue in performance reporting
virt: acrn: Do hcall_destroy_vm() before resource release
interconnect: Always call pre_aggregate before aggregate
interconnect: Zero initial BW after sync-state
Linus Torvalds [Sun, 8 Aug 2021 17:34:49 +0000 (10:34 -0700)]
Merge tag 'driver-core-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are three tiny driver core and firmware loader fixes for
5.14-rc5. They are:
- driver core fix for when probing fails
- firmware loader fixes for reported problems.
All have been in linux-next for a while with no reported issues"
* tag 'driver-core-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
firmware_loader: fix use-after-free in firmware_fallback_sysfs
firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback
drivers core: Fix oops when driver probe fails
Linus Torvalds [Sun, 8 Aug 2021 17:29:39 +0000 (10:29 -0700)]
Merge tag 'staging-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are a few small staging driver fixes for 5.14-rc5 to resolve some
reported problems. They include:
- mt7621 driver fix
- rtl8723bs driver fixes
- rtl8712 driver fixes.
Nothing major, just small problems resolved.
All have been in linux-next for a while with no reported issues"
* tag 'staging-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: mt7621-pci: avoid to re-disable clock for those pcies not in use
staging: rtl8712: error handling refactoring
staging: rtl8712: get rid of flush_scheduled_work
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_ARC4
staging: rtl8723bs: Fix a resource leak in sd_int_dpc
Linus Torvalds [Sun, 8 Aug 2021 17:23:13 +0000 (10:23 -0700)]
Merge tag 'tty-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Pull tty/serial fixes from Greg KH:
"Here are some small tty/serial driver fixes for 5.14-rc5 to resolve a
number of reported problems.
They include:
- mips serial driver fixes
- 8250 driver fixes for reported problems
- fsl_lpuart driver fixes
- other tiny driver fixes
All have been in linux-next for a while with no reported problems"
* tag 'tty-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts.
serial: 8250_mtk: fix uart corruption issue when rx power off
tty: serial: fsl_lpuart: fix the wrong return value in lpuart32_get_mctrl
serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
serial: 8250: fix handle_irq locking
serial: tegra: Only print FIFO error message when an error occurs
MIPS: Malta: Do not byte-swap accesses to the CBUS UART
serial: 8250: Mask out floating 16/32-bit bus bits
serial: max310x: Unprepare and disable clock in error path
Linus Torvalds [Sun, 8 Aug 2021 17:20:05 +0000 (10:20 -0700)]
Merge tag 'usb-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB driver fixes from Greg KH:
"Here are some small USB driver fixes for 5.14-rc5. They resolve a
number of small reported issues, including:
- cdnsp driver fixes
- usb serial driver fixes and device id updates
- usb gadget hid fixes
- usb host driver fixes
- usb dwc3 driver fixes
- other usb gadget driver fixes
All of these have been in linux-next for a while with no reported
issues"
* tag 'usb-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (21 commits)
usb: typec: tcpm: Keep other events when receiving FRS and Sourcing_vbus events
usb: dwc3: gadget: Avoid runtime resume if disabling pullup
usb: dwc3: gadget: Use list_replace_init() before traversing lists
USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
USB: serial: pl2303: fix GT type detection
USB: serial: option: add Telit FD980 composition 0x1056
USB: serial: pl2303: fix HX type detection
USB: serial: ch341: fix character loss at high transfer rates
usb: cdnsp: Fix the IMAN_IE_SET and IMAN_IE_CLEAR macro
usb: cdnsp: Fixed issue with ZLP
usb: cdnsp: Fix incorrect supported maximum speed
usb: cdns3: Fixed incorrect gadget state
usb: gadget: f_hid: idle uses the highest byte for duration
Revert "thunderbolt: Hide authorized attribute if router does not support PCIe tunnels"
usb: otg-fsm: Fix hrtimer list corruption
usb: host: ohci-at91: suspend/resume ports after/before OHCI accesses
usb: musb: Fix suspend and resume issues for PHYs on I2C and SPI
usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
usb: gadget: f_hid: fixed NULL pointer dereference
usb: gadget: remove leaked entry from udc driver list
...
Linus Torvalds [Sat, 7 Aug 2021 17:34:26 +0000 (10:34 -0700)]
Merge tag 'io_uring-5.14-2021-08-07' of git://git.kernel.dk/linux-block
Pull io_uring from Jens Axboe:
"A few io-wq related fixes:
- Fix potential nr_worker race and missing max_workers check from one
path (Hao)
- Fix race between worker exiting and new work queue (me)"
* tag 'io_uring-5.14-2021-08-07' of git://git.kernel.dk/linux-block:
io-wq: fix lack of acct->nr_workers < acct->max_workers judgement
io-wq: fix no lock protection of acct->nr_worker
io-wq: fix race between worker exiting and activating free worker
Linus Torvalds [Sat, 7 Aug 2021 17:26:21 +0000 (10:26 -0700)]
Merge tag 'block-5.14-2021-08-07' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"A few minor fixes:
- Fix ldm kernel-doc warning (Bart)
- Fix adding offset twice for DMA address in n64cart (Christoph)
- Fix use-after-free in dasd path handling (Stefan)
- Order kyber insert trace correctly (Vincent)
- raid1 errored write handling fix (Wei)
- Fix blk-iolatency queue get failure handling (Yu)"
* tag 'block-5.14-2021-08-07' of git://git.kernel.dk/linux-block:
kyber: make trace_block_rq call consistent with documentation
block/partitions/ldm.c: Fix a kernel-doc warning
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
n64cart: fix the dma address in n64cart_do_bvec
s390/dasd: fix use after free in dasd path handling
md/raid10: properly indicate failure when ending a failed write request
Linus Torvalds [Sat, 7 Aug 2021 17:15:04 +0000 (10:15 -0700)]
Merge tag 'riscv-for-linus-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- avoid dereferencing a null task pointer while walking the stack
- fix the memory size in the HiFive Unleashed device tree
- disable stack protectors when randstruct is enabled, which results in
non-deterministic offsets during module builds
- a pair of fixes to avoid relying on a constant physical memory base
for the non-XIP builds
* tag 'riscv-for-linus-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
Revert "riscv: Remove CONFIG_PHYS_RAM_BASE_FIXED"
riscv: Get rid of CONFIG_PHYS_RAM_BASE in kernel physical address conversion
riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled
riscv: dts: fix memory size for the SiFive HiFive Unmatched
riscv: stacktrace: Fix NULL pointer dereference
The removal of this config exposes CONFIG_PHYS_RAM_BASE for all kernel
types: this value being implementation-specific, this breaks the
genericity of the RISC-V kernel so revert it.
riscv: Get rid of CONFIG_PHYS_RAM_BASE in kernel physical address conversion
The usage of CONFIG_PHYS_RAM_BASE for all kernel types was a mistake:
this value is implementation-specific and this breaks the genericity of
the RISC-V kernel.
Fix this by introducing a new variable phys_ram_base that holds this
value at runtime and use it in the kernel physical address conversion
macro. Since this value is used only for XIP kernels, evaluate it only if
CONFIG_XIP_KERNEL is set which in addition optimizes this macro for
standard kernels at compile-time.
Vincent Fu [Wed, 4 Aug 2021 19:49:23 +0000 (19:49 +0000)]
kyber: make trace_block_rq call consistent with documentation
The kyber ioscheduler calls trace_block_rq_insert() *after* the request
is added to the queue but the documentation for trace_block_rq_insert()
says that the call should be made *before* the request is added to the
queue. Move the tracepoint for the kyber ioscheduler so that it is
consistent with the documentation.
Linus Torvalds [Fri, 6 Aug 2021 19:55:07 +0000 (12:55 -0700)]
Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
Pull ext4 fixes from Ted Ts'o:
"A regression fix, bug fix, and a comment cleanup for ext4"
* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: fix potential htree corruption when growing large_dir directories
ext4: remove conflicting comment from __ext4_forget
ext4: fix potential uninitialized access to retval in kmmpd
Linus Torvalds [Fri, 6 Aug 2021 19:36:46 +0000 (12:36 -0700)]
Merge tag 'trace-v5.14-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Fix tracepoint race between static_call and callback data
As callbacks to a tracepoint are paired with the data that is passed
in when the callback is registered to the tracepoint, it must have
that data passed to the callback when the tracepoint is triggered,
else bad things will happen. To keep the two together, they are both
assigned to a tracepoint structure and added to an array. The
tracepoint call site will dereference the structure (via RCU) and call
the callback in that structure along with the data in that structure.
This keeps the callback and data tightly coupled.
Because of the overhead that retpolines have on tracepoint callbacks,
if there's only one callback attached to a tracepoint (a common case),
then it is called via a static call (code modified to do a direct call
instead of an indirect call). But to implement this, the data had to
be decoupled from the callback, as now the callback is implemented via
a direct call from the static call and not an indirect call from the
dereferenced structure.
Note, the static call only calls a callback used when there's a single
callback attached to the tracepoint. If more than one callback is
attached to the same tracepoint, then the static call will call an
iterator function that goes back to dereferencing the structure
keeping the callback and its data tightly coupled again.
Issues can arise when going from 0 callbacks to one, as the static
call is assigned to the callback, and it must take care that the data
passed to it is loaded before the static call calls the callback.
Going from 1 to 2 callbacks is not an issue, as long as the static
call is updated to the iterator before the tracepoint structure array
is updated via RCU. Going from 2 to more or back down to 2 is not an
issue as the iterator can handle all theses cases. But going from 2 to
1, care must be taken as the static call is now calling a callback and
the data that is loaded must be the data for that callback.
Care was taken to ensure the callback and data would be in-sync, but
after a bug was reported, it became clear that not enough was done to
make sure that was the case. These changes address this.
The first change is to compare the old and new data instead of the old
and new callback, as it's the data that can corrupt the callback, even
if the callback is the same (something getting freed).
The next change is to convert these transitions into states, to make
it easier to know when a synchronization is needed, and to perform
those synchronizations. The problem with this patch is that it slows
down disabling all events from under a second, to making it take over
10 seconds to do the same work. But that is addressed in the final
patch.
The final patch uses the RCU state functions to keep track of the RCU
state between the transitions, and only needs to perform the
synchronization if an RCU synchronization hasn't been done already.
This brings the performance of disabling all events back to its
original value. That's because no synchronization is required between
disabling tracepoints but is required when enabling a tracepoint after
its been disabled. If an RCU synchronization happens after the
tracepoint is disabled, and before it is re-enabled, there's no need
to do the synchronization again.
Both the second and third patch have subtle complexities that they are
separated into two patches. But because the second patch causes such a
regression in performance, the third patch adds a "Fixes" tag to the
second patch, such that the two must be backported together and not
just the second patch"
* tag 'trace-v5.14-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracepoint: Use rcu get state and cond sync for static call updates
tracepoint: Fix static call function vs data state mismatch
tracepoint: static call: Compare data on transition from 2->1 callees
Linus Torvalds [Fri, 6 Aug 2021 19:30:29 +0000 (12:30 -0700)]
Merge tag 'pm-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"Fix a recent regression in the timer events oriented (TEO) cpuidle
governor causing it to misbehave when idle state 0 is disabled and
rename two local variables for improved clarity on top of that"
* tag 'pm-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: teo: Rename two local variables in teo_select()
cpuidle: teo: Fix alternative idle state lookup
Linus Torvalds [Fri, 6 Aug 2021 19:22:47 +0000 (12:22 -0700)]
Merge tag 'acpi-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Revert a recent ACPICA commit causing boot issues to appear on some
systems"
* tag 'acpi-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "ACPICA: Fix memory leak caused by _CID repair function"
Linus Torvalds [Fri, 6 Aug 2021 18:33:49 +0000 (11:33 -0700)]
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"It's all pretty minor but the main fix is sorting out how we deal with
return values from 32-bit system calls as audit expects error codes to
be sign-extended to 64 bits
Summary:
- Fix extension/truncation of return values from 32-bit system calls
- Fix interaction between unwinding and tracing
- Fix spurious toolchain warning emitted during make
- Fix Kconfig help text for RANDOMIZE_MODULE_REGION_FULL"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: stacktrace: avoid tracing arch_stack_walk()
arm64: stacktrace: fix comment
arm64: fix the doc of RANDOMIZE_MODULE_REGION_FULL
arm64: move warning about toolchains to archprepare
arm64: fix compat syscall return truncation
Linus Torvalds [Fri, 6 Aug 2021 18:15:02 +0000 (11:15 -0700)]
Merge tag 'spi-fix-v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A small collection of fixes for SPI, small mostly driver specific
things plus a fix for module autoloading which hadn't been working
properly for DT systems"
* tag 'spi-fix-v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: cadence-quadspi: Fix check condition for DTR ops
spi: mediatek: Fix fifo transfer
spi: imx: mx51-ecspi: Fix CONFIGREG delay comment
spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
spi: update modalias_show after of_device_uevent_modalias support
spi: meson-spicc: fix memory leak in meson_spicc_remove
spi: spi-mux: Add module info needed for autoloading
Linus Torvalds [Fri, 6 Aug 2021 18:08:24 +0000 (11:08 -0700)]
Merge tag 'dmaengine-fix-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine
Pull dmaengine fixes from Vinod Koul:
"A bunch of driver fixes, notably:
- idxd driver fixes for submission race, driver remove sequence,
setup sequence for MSIXPERM, array index and updating descriptor
vector
- usb-dmac, pm reference leak fix
- xilinx_dma, read-after-free fix
- uniphier-xdmac fix for using atomic readl_poll_timeout_atomic()
- of-dma, router_xlate to return
- imx-dma, generic dma fix"
* tag 'dmaengine-fix-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine:
dmaengine: imx-dma: configure the generic DMA type to make it work
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
dmaengine: stm32-dmamux: Fix PM usage counter unbalance in stm32 dmamux ops
dmaengine: stm32-dma: Fix PM usage counter imbalance in stm32 dma ops
dmaengine: uniphier-xdmac: Use readl_poll_timeout_atomic() in atomic state
dmaengine: idxd: fix submission race window
dmaengine: idxd: fix sequence for pci driver remove() and shutdown()
dmaengine: idxd: fix desc->vector that isn't being updated
dmaengine: idxd: fix setup sequence for MSIXPERM table
dmaengine: idxd: fix array index when int_handles are being used
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
Linus Torvalds [Fri, 6 Aug 2021 18:03:35 +0000 (11:03 -0700)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Several small recent regressions - rather more than usual, but nothing
too scary. Good to know people are testing.
- Typo causing incorrect operation of the mlx5 mkey cache
expiration
- Revert a CM patch that is breaking some ULPs
- Typo breaking SRQ in rxe
- Revert a rxe patch breaking icrc calculation
- Static checker warning about unbalanced locking in hns
- Subtle cxgb4 regression from a recent atomic to refcount
conversion"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/iw_cxgb4: Fix refcount underflow while destroying cqs.
RDMA/hns: Fix the double unlock problem of poll_sem
RDMA/rxe: Restore setting tot_len in the IPv4 header
RDMA/rxe: Use the correct size of wqe when processing SRQ
RDMA/cma: Revert INIT-INIT patch
RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently
Linus Torvalds [Fri, 6 Aug 2021 17:42:48 +0000 (10:42 -0700)]
Merge tag 'drm-fixes-2021-08-06' of git://anongit.freedesktop.org/drm/drm
Pull drm fixes from Dave Airlie:
"Regular weekly fixes pull, live from a Brisbane lockdown with kids at
home.
A big bunch of scattered amdgpu fixes, but they are all pretty small,
minor i915 fixes, kmb, and one vmwgfx regression fixes, all pretty
quiet for this time.
amdgpu:
- Fix potential out-of-bounds read when updating GPUVM mapping
- Renoir powergating fix
- Yellow Carp updates
- 8K fix for navi1x
- Beige Goby updates and new DIDs
- Fix DMUB firmware version output
- EDP fix
- pmops config fix
i915:
- Call i915_globals_exit if pci_register_device fails
- (follow on fix for section mismatch)
- Correct SFC_DONE register offset
kmb:
- DMA fix
- driver date/version macros
vmwgfx:
- Fix I/O memory access on 64-bit systems"
* tag 'drm-fixes-2021-08-06' of git://anongit.freedesktop.org/drm/drm:
drm/amdgpu: add DID for beige goby
drm/amdgpu/display: fix DMUB firmware version info
drm/amd/display: workaround for hard hang on HPD on native DP
drm/amd/display: Fix resetting DCN3.1 HW when resuming from S4
drm/amd/display: Increase stutter watermark for dcn303
drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
drm/amd/display: Assume LTTPR interop for DCN31+
drm/amdgpu: fix checking pmops when PM_SLEEP is not enabled
drm/amd/pm: update yellow carp pmfw interface version
drm/i915: fix i915_globals_exit() section mismatch error
drm/i915: Call i915_globals_exit() if pci_register_device() fails
drm/i915: Correct SFC_DONE register offset
drm/vmwgfx: Fix a 64bit regression on svga3
drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir.
drm/amdgpu: Fix out-of-bounds read when update mapping
drm/kmb: Define driver date and major/minor version
drm/kmb: Enable LCD DMA for low TVDDCV
Theodore Ts'o [Wed, 4 Aug 2021 18:23:55 +0000 (14:23 -0400)]
ext4: fix potential htree corruption when growing large_dir directories
Commit b5776e7524af ("ext4: fix potential htree index checksum
corruption) removed a required restart when multiple levels of index
nodes need to be split. Fix this to avoid directory htree corruptions
when using the large_dir feature.
Andy Shevchenko [Mon, 2 Aug 2021 17:55:32 +0000 (20:55 +0300)]
dmaengine: acpi: Check for errors from acpi_register_gsi() separately
While IRQ test agaist the returned variable in practice is a good enough
there is still a room for theoretical mistake in case the vIRQ of the
device contains the same error code that acpi_register_gsi() may return.
Due to this, check for error code separately from matching the vIRQs.
Besides that, append documentation to tell why acpi_gsi_to_irq() can't
be used and we call acpi_register_gsi() instead.
Andy Shevchenko [Fri, 30 Jul 2021 20:27:15 +0000 (23:27 +0300)]
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
Currently the CRST parsing relies on the fact that on most of x86 devices
the IRQ mapping is 1:1 with Linux vIRQ. However, it may be not true for
some. Fix this by converting GSI to Linux vIRQ before checking it.
Mathieu Desnoyers [Thu, 5 Aug 2021 19:29:54 +0000 (15:29 -0400)]
tracepoint: Use rcu get state and cond sync for static call updates
State transitions from 1->0->1 and N->2->1 callbacks require RCU
synchronization. Rather than performing the RCU synchronization every
time the state change occurs, which is quite slow when many tracepoints
are registered in batch, instead keep a snapshot of the RCU state on the
most recent transitions which belong to a chain, and conditionally wait
for a grace period on the last transition of the chain if one g.p. has
not elapsed since the last snapshot.
This applies to both RCU and SRCU.
This brings the performance regression caused by commit 231264d6927f
("Fix: tracepoint: static call function vs data state mismatch") back to
what it was originally.
Before this commit:
# trace-cmd start -e all
# time trace-cmd start -p nop
real 0m10.593s
user 0m0.017s
sys 0m0.259s
After this commit:
# trace-cmd start -e all
# time trace-cmd start -p nop
real 0m0.878s
user 0m0.000s
sys 0m0.103s
Link: https://lkml.kernel.org/r/20210805192954.30688-1-mathieu.desnoyers@efficios.com Link: https://lore.kernel.org/io-uring/4ebea8f0-58c9-e571-fd30-0ce4f6f09c70@samba.org/ Cc: stable@vger.kernel.org Cc: Ingo Molnar <mingo@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: "Paul E. McKenney" <paulmck@kernel.org> Cc: Stefan Metzmacher <metze@samba.org> Fixes: 231264d6927f ("Fix: tracepoint: static call function vs data state mismatch") Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Reviewed-by: Paul E. McKenney <paulmck@kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Hao Xu [Thu, 5 Aug 2021 10:05:38 +0000 (18:05 +0800)]
io-wq: fix lack of acct->nr_workers < acct->max_workers judgement
There should be this judgement before we create an io-worker
Fixes: 685fe7feedb9 ("io-wq: eliminate the need for a manager thread") Signed-off-by: Hao Xu <haoxu@linux.alibaba.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Hao Xu [Thu, 5 Aug 2021 10:05:37 +0000 (18:05 +0800)]
io-wq: fix no lock protection of acct->nr_worker
There is an acct->nr_worker visit without lock protection. Think about
the case: two callers call io_wqe_wake_worker(), one is the original
context and the other one is an io-worker(by calling
io_wqe_enqueue(wqe, linked)), on two cpus paralelly, this may cause
nr_worker to be larger than max_worker.
Let's fix it by adding lock for it, and let's do nr_workers++ before
create_io_worker. There may be a edge cause that the first caller fails
to create an io-worker, but the second caller doesn't know it and then
quit creating io-worker as well:
say nr_worker = max_worker - 1
cpu 0 cpu 1
io_wqe_wake_worker() io_wqe_wake_worker()
nr_worker < max_worker
nr_worker++
create_io_worker() nr_worker == max_worker
failed return
return
But the chance of this case is very slim.
Fixes: 685fe7feedb9 ("io-wq: eliminate the need for a manager thread") Signed-off-by: Hao Xu <haoxu@linux.alibaba.com>
[axboe: fix unconditional create_io_worker() call] Signed-off-by: Jens Axboe <axboe@kernel.dk>
Dave Jiang [Tue, 3 Aug 2021 22:29:30 +0000 (15:29 -0700)]
dmaengine: idxd: make I/O interrupt handler one shot
The interrupt thread handler currently loops forever to process outstanding
completions. This causes either an "irq X: nobody cared" kernel splat or
the NMI watchdog kicks in due to running too long in the function. The irq
thread handler is expected to run again after exiting if there are
interrupts fired while the thread handler is running. So the handler code
can process all the completed I/O in a single pass and exit without losing
the follow on completed I/O.
Dave Jiang [Tue, 3 Aug 2021 22:37:15 +0000 (15:37 -0700)]
dmaengine: idxd: clear block on fault flag when clear wq
The block on fault flag is not cleared when we disable or reset wq. This
causes it to remain set if the user does not clear it on the next
configuration load. Add clear of flag in dxd_wq_disable_cleanup()
routine.
Dave Jiang [Tue, 3 Aug 2021 22:32:06 +0000 (15:32 -0700)]
dmaengine: idxd: add capability check for 'block on fault' attribute
The device general capability has a bit that indicate whether 'block on
fault' is supported. Add check to wq sysfs knob to check if cap exists
before allowing user to toggle.
Marek Vasut [Wed, 4 Aug 2021 19:51:40 +0000 (21:51 +0200)]
dmaengine: xilinx: Add empty device_config function
Various DMA users call the dmaengine_slave_config() and expect it to
succeed, but that can only succeed if .device_config is implemented.
Add empty device_config function rather than patching all the places
which use dmaengine_slave_config().
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Akinobu Mita <akinobu.mita@gmail.com> Cc: Kedareswara rao Appana <appana.durga.rao@xilinx.com> Cc: Michal Simek <monstr@monstr.eu> Cc: Vinod Koul <vkoul@kernel.org> Link: https://lore.kernel.org/r/20210804195140.61396-1-marex@denx.de Signed-off-by: Vinod Koul <vkoul@kernel.org>
Andy Shevchenko [Mon, 2 Aug 2021 18:43:55 +0000 (21:43 +0300)]
dmaengine: dw: Simplify DT property parser
Since we converted internal data types to match DT, there is no need to have
an intermediate conversion layer, hence drop a few conditionals and for loops
for good.
Andy Shevchenko [Mon, 2 Aug 2021 18:43:53 +0000 (21:43 +0300)]
dmaengine: dw: Remove error message from DT parsing code
Users are a bit frightened of the harmless message that tells that
DT is missed on ACPI-based platforms. Remove it for good, it will
simplify the future conversion to fwnode and device property APIs.
Kan Liang [Tue, 3 Aug 2021 13:25:28 +0000 (06:25 -0700)]
perf/x86/intel: Apply mid ACK for small core
A warning as below may be occasionally triggered in an ADL machine when
these conditions occur:
- Two perf record commands run one by one. Both record a PEBS event.
- Both runs on small cores.
- They have different adaptive PEBS configuration (PEBS_DATA_CFG).
Different from the big core, the small core requires the ACK right
before re-enabling counters in the NMI handler, otherwise a stale PEBS
record may be dumped into the later NMI handler, which trigger the
warning.
Add a new mid_ack flag to track the case. Add all PMI handler bits in
the struct x86_hybrid_pmu to track the bits for different types of
PMUs. Apply mid ACK for the small cores on an Alder Lake machine.
The existing hybrid() macro has a compile error when taking address of
a bit-field variable. Add a new macro hybrid_bit() to get the
bit-field value of a given PMU.
Fixes: f83d2f91d259 ("perf/x86/intel: Add Alder Lake Hybrid support") Reported-by: Ammy Yi <ammy.yi@intel.com> Signed-off-by: Kan Liang <kan.liang@linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Andi Kleen <ak@linux.intel.com> Tested-by: Ammy Yi <ammy.yi@intel.com> Link: https://lkml.kernel.org/r/1627997128-57891-1-git-send-email-kan.liang@linux.intel.com
Dakshaja Uppalapati [Thu, 5 Aug 2021 12:43:32 +0000 (18:13 +0530)]
RDMA/iw_cxgb4: Fix refcount underflow while destroying cqs.
Previous atomic increment/decrement logic expects the atomic count to be
'0' after the final decrement.
Replacing atomic count with refcount does not allow that, as
refcount_dec() considers count of 1 as underflow and triggers a kernel
splat.
Fix the current refcount logic by using the usual pattern of decrementing
the refcount and test if it is '0' on the final deref in
c4iw_destroy_cq(). Use wait_for_completion() instead of wait_event().
Fixes: 7183451f846d ("RDMA/cxgb4: Use refcount_t instead of atomic_t for reference counting") Link: https://lore.kernel.org/r/1628167412-12114-1-git-send-email-dakshaja@chelsio.com Signed-off-by: Dakshaja Uppalapati <dakshaja@chelsio.com> Reviewed-by: Potnuri Bharat Teja <bharat@chelsio.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Shirish S [Tue, 3 Aug 2021 08:33:44 +0000 (14:03 +0530)]
drm/amdgpu/display: fix DMUB firmware version info
DMUB firmware info is printed before it gets initialized.
Correct this order to ensure true value is conveyed.
Signed-off-by: Shirish S <shirish.s@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org
drm/amd/display: workaround for hard hang on HPD on native DP
[Why]
HPD disable and enable sequences are not mutually exclusive
on Linux. For HPDs that spans over 1s (i.e. HPD low = 1s),
part of the disable sequence (specifically, a request to SMU
to lower refclk) could come right before the call to PHY
enable, causing DMUB to access an unresponsive PHY
and thus a hard hang on the system.
drm/amd/display: Fix resetting DCN3.1 HW when resuming from S4
[Why] On S4 resume we also need to fix detection of when to reload DMCUB
firmware because we're currently using the VBIOS version which isn't
compatible with the driver version.
[How] Update the hardware init check for DCN31 since it's the ASIC that
has this issue.
Reviewed-by: Nicholas Kazlauskas <Nicholas.Kazlauskas@amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Jude Shih <jude.shih@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
[WHY]
For DCN31 onward, LTTPR is to be enabled and set to Transparent by
VBIOS. Driver is to assume that VBIOS has done this without needing to
check the VBIOS interop bit.
[HOW]
Add LTTPR enable and interop VBIOS bits into dc->caps, and force-set the
interop bit to true for DCN31+.
Reviewed-by: Jun Lei <Jun.Lei@amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Wesley Chalmers <Wesley.Chalmers@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Randy Dunlap [Fri, 30 Jul 2021 03:03:47 +0000 (20:03 -0700)]
drm/amdgpu: fix checking pmops when PM_SLEEP is not enabled
'pm_suspend_target_state' is only available when CONFIG_PM_SLEEP
is set/enabled. OTOH, when both SUSPEND and HIBERNATION are not set,
PM_SLEEP is not set, so this variable cannot be used.
../drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c: In function ‘amdgpu_acpi_is_s0ix_active’:
../drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:1046:11: error: ‘pm_suspend_target_state’ undeclared (first use in this function); did you mean ‘__KSYM_pm_suspend_target_state’?
return pm_suspend_target_state == PM_SUSPEND_TO_IDLE;
^~~~~~~~~~~~~~~~~~~~~~~
__KSYM_pm_suspend_target_state
Also use shorter IS_ENABLED(CONFIG_foo) notation for checking the
2 config symbols.
Fixes: 91e273712ab8dd ("drm/amdgpu: Check pmops for desired suspend state") Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Alex Deucher <alexander.deucher@amd.com> Cc: Christian König <christian.koenig@amd.com> Cc: "Pan, Xinhui" <Xinhui.Pan@amd.com> Cc: amd-gfx@lists.freedesktop.org Cc: dri-devel@lists.freedesktop.org Cc: linux-next@vger.kernel.org Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Cc: stable@vger.kernel.org
----> [ delayed here on one CPU (e.g. vcpu preempted by the host) ]
static_call(tp_func_##name)(__data, args); \
} \
} while (0)
It has loaded the tp->funcs of the old callback, so it will try to use the old
data. This can be fixed by adding a RCU sync anywhere in the 1->0->1
transition chain.
On a N->2->1 transition, we need an rcu-sync because you may have a
sequence of 3->2->1 (or 1->2->1) where the element 0 data is unchanged
between 2->1, but was changed from 3->2 (or from 1->2), which may be
observed by the static call. This can be fixed by adding an
unconditional RCU sync in transition 2->1.
Note, this fixes a correctness issue at the cost of adding a tremendous
performance regression to the disabling of tracepoints.
Before this commit:
# trace-cmd start -e all
# time trace-cmd start -p nop
real 0m0.778s
user 0m0.000s
sys 0m0.061s
After this commit:
# trace-cmd start -e all
# time trace-cmd start -p nop
real 0m10.593s
user 0m0.017s
sys 0m0.259s
A follow up fix will introduce a more lightweight scheme based on RCU
get_state and cond_sync, that will return the performance back to what it
was. As both this change and the lightweight versions are complex on their
own, for bisecting any issues that this may cause, they are kept as two
separate changes.
Mathieu Desnoyers [Thu, 5 Aug 2021 13:27:15 +0000 (09:27 -0400)]
tracepoint: static call: Compare data on transition from 2->1 callees
On transition from 2->1 callees, we should be comparing .data rather
than .func, because the same callback can be registered twice with
different data, and what we care about here is that the data of array
element 0 is unchanged to skip rcu sync.
Linus Torvalds [Thu, 5 Aug 2021 19:26:00 +0000 (12:26 -0700)]
Merge tag 'net-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from ipsec.
Current release - regressions:
- sched: taprio: fix init procedure to avoid inf loop when dumping
- sctp: move the active_key update after sh_keys is added
Current release - new code bugs:
- sparx5: fix build with old GCC & bitmask on 32-bit targets
Previous releases - regressions:
- xfrm: redo the PREEMPT_RT RCU vs hash_resize_mutex deadlock fix
- xfrm: fixes for the compat netlink attribute translator
- phy: micrel: Fix detection of ksz87xx switch
Previous releases - always broken:
- gro: set inner transport header offset in tcp/udp GRO hook to avoid
crashes when such packets reach GSO
- vsock: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST, as required by spec
- dsa: sja1105: fix static FDB entries on SJA1105P/Q/R/S and SJA1110
- bridge: validate the NUD_PERMANENT bit when adding an extern_learn
FDB entry
- usb: lan78xx: don't modify phy_device state concurrently
- usb: pegasus: check for errors of IO routines"
* tag 'net-5.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (48 commits)
net: vxge: fix use-after-free in vxge_device_unregister
net: fec: fix use-after-free in fec_drv_remove
net: pegasus: fix uninit-value in get_interrupt_interval
net: ethernet: ti: am65-cpsw: fix crash in am65_cpsw_port_offload_fwd_mark_update()
bnx2x: fix an error code in bnx2x_nic_load()
net: wwan: iosm: fix recursive lock acquire in unregister
net: wwan: iosm: correct data protocol mask bit
net: wwan: iosm: endianness type correction
net: wwan: iosm: fix lkp buildbot warning
net: usb: lan78xx: don't modify phy_device state concurrently
docs: networking: netdevsim rules
net: usb: pegasus: Remove the changelog and DRIVER_VERSION.
net: usb: pegasus: Check the return value of get_geristers() and friends;
net/prestera: Fix devlink groups leakage in error flow
net: sched: fix lockdep_set_class() typo error for sch->seqlock
net: dsa: qca: ar9331: reorder MDIO write sequence
VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST
mptcp: drop unused rcu member in mptcp_pm_addr_entry
net: ipv6: fix returned variable type in ip6_skb_dst_mtu
nfp: update ethtool reporting of pauseframe control
...
spi: cadence-quadspi: Fix check condition for DTR ops
buswidth and dtr fields in spi_mem_op are only valid when the
corresponding spi_mem_op phase has a non-zero length. For example,
SPI NAND core doesn't set buswidth when using SPI_MEM_OP_NO_ADDR
phase.
Fix the dtr checks in set_protocol() and suppports_mem_op() to
ignore empty spi_mem_op phases, as checking for dtr field in
empty phase will result in false negatives.
Tetsuo Handa [Wed, 4 Aug 2021 10:26:56 +0000 (19:26 +0900)]
Bluetooth: defer cleanup of resources in hci_unregister_dev()
syzbot is hitting might_sleep() warning at hci_sock_dev_event() due to
calling lock_sock() with rw spinlock held [1].
It seems that history of this locking problem is a trial and error.
Commit b40df5743ee8 ("[PATCH] bluetooth: fix socket locking in
hci_sock_dev_event()") in 2.6.21-rc4 changed bh_lock_sock() to
lock_sock() as an attempt to fix lockdep warning.
Then, commit 4ce61d1c7a8e ("[BLUETOOTH]: Fix locking in
hci_sock_dev_event().") in 2.6.22-rc2 changed lock_sock() to
local_bh_disable() + bh_lock_sock_nested() as an attempt to fix the
sleep in atomic context warning.
Then, commit 4b5dd696f81b ("Bluetooth: Remove local_bh_disable() from
hci_sock.c") in 3.3-rc1 removed local_bh_disable().
Then, commit e305509e678b ("Bluetooth: use correct lock to prevent UAF
of hdev object") in 5.13-rc5 again changed bh_lock_sock_nested() to
lock_sock() as an attempt to fix CVE-2021-3573.
This difficulty comes from current implementation that
hci_sock_dev_event(HCI_DEV_UNREG) is responsible for dropping all
references from sockets because hci_unregister_dev() immediately
reclaims resources as soon as returning from
hci_sock_dev_event(HCI_DEV_UNREG).
But the history suggests that hci_sock_dev_event(HCI_DEV_UNREG) was not
doing what it should do.
Therefore, instead of trying to detach sockets from device, let's accept
not detaching sockets from device at hci_sock_dev_event(HCI_DEV_UNREG),
by moving actual cleanup of resources from hci_unregister_dev() to
hci_cleanup_dev() which is called by bt_host_release() when all
references to this unregistered device (which is a kobject) are gone.
Since hci_sock_dev_event(HCI_DEV_UNREG) no longer resets
hci_pi(sk)->hdev, we need to check whether this device was unregistered
and return an error based on HCI_UNREGISTER flag. There might be subtle
behavioral difference in "monitor the hdev" functionality; please report
if you found something went wrong due to this patch.
Link: https://syzkaller.appspot.com/bug?extid=a5df189917e79d5e59c9 Reported-by: syzbot <syzbot+a5df189917e79d5e59c9@syzkaller.appspotmail.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Fixes: e305509e678b ("Bluetooth: use correct lock to prevent UAF of hdev object") Acked-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 5 Aug 2021 19:06:31 +0000 (12:06 -0700)]
Merge tag 'selinux-pr-20210805' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fix from Paul Moore:
"One small SELinux fix for a problem where an error code was not being
propagated back up to userspace when a bogus SELinux policy is loaded
into the kernel"
* tag 'selinux-pr-20210805' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: correct the return value when loads initial sids
Linus Torvalds [Thu, 5 Aug 2021 19:00:00 +0000 (12:00 -0700)]
Merge branch 'for-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull ucounts fix from Eric Biederman:
"Fix a subtle locking versus reference counting bug in the ucount
changes, found by syzbot"
* 'for-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
ucounts: Fix race condition between alloc_ucounts and put_ucounts
Linus Torvalds [Thu, 5 Aug 2021 18:53:34 +0000 (11:53 -0700)]
Merge tag 'trace-v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Various tracing fixes:
- Fix NULL pointer dereference caused by an error path
- Give histogram calculation fields a size, otherwise it breaks
synthetic creation based on them.
- Reject strings being used for number calculations.
- Fix recordmcount.pl warning on llvm building RISC-V allmodconfig
- Fix the draw_functrace.py script to handle the new trace output
- Fix warning of smp_processor_id() in preemptible code"
* tag 'trace-v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Quiet smp_processor_id() use in preemptable warning in hwlat
scripts/tracing: fix the bug that can't parse raw_trace_func
scripts/recordmcount.pl: Remove check_objcopy() and $can_use_local
tracing: Reject string operand in the histogram expression
tracing / histogram: Give calculation hist_fields a size
tracing: Fix NULL pointer dereference in start_creating
Linus Torvalds [Thu, 5 Aug 2021 18:23:09 +0000 (11:23 -0700)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"Mostly bugfixes; plus, support for XMM arguments to Hyper-V hypercalls
now obeys KVM_CAP_HYPERV_ENFORCE_CPUID.
Both the XMM arguments feature and KVM_CAP_HYPERV_ENFORCE_CPUID are
new in 5.14, and each did not know of the other"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
KVM: selftests: fix hyperv_clock test
KVM: SVM: improve the code readability for ASID management
KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
KVM: Do not leak memory for duplicate debugfs directories
KVM: selftests: Test access to XMM fast hypercalls
KVM: x86: hyper-v: Check if guest is allowed to use XMM registers for hypercall input
KVM: x86: Introduce trace_kvm_hv_hypercall_done()
KVM: x86: hyper-v: Check access to hypercall before reading XMM registers
KVM: x86: accept userspace interrupt only if no event is injected
Yu Kuai [Thu, 5 Aug 2021 12:46:45 +0000 (20:46 +0800)]
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
If queue is dying while iolatency_set_limit() is in progress,
blk_get_queue() won't increment the refcount of the queue. However,
blk_put_queue() will still decrement the refcount later, which will
cause the refcout to be unbalanced.
Thus error out in such case to fix the problem.
Fixes: 8c772a9bfc7c ("blk-iolatency: fix IO hang due to negative inflight counter") Signed-off-by: Yu Kuai <yukuai3@huawei.com> Acked-by: Tejun Heo <tj@kernel.org> Link: https://lore.kernel.org/r/20210805124645.543797-1-yukuai3@huawei.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
Jakub Kicinski [Thu, 5 Aug 2021 14:29:55 +0000 (07:29 -0700)]
Merge branch 'net-fix-use-after-free-bugs'
Pavel Skripkin says:
====================
net: fix use-after-free bugs
I've added new checker to smatch yesterday. It warns about using
netdev_priv() pointer after free_{netdev,candev}() call. I hope, it will
get into next smatch release.
Some of the reported bugs are fixed and upstreamed already, but Dan ran new
smatch with allmodconfig and found 2 more. Big thanks to Dan for doing it,
because I totally forgot to do it.
====================
Pavel Skripkin [Wed, 4 Aug 2021 15:52:20 +0000 (18:52 +0300)]
net: vxge: fix use-after-free in vxge_device_unregister
Smatch says:
drivers/net/ethernet/neterion/vxge/vxge-main.c:3518 vxge_device_unregister() error: Using vdev after free_{netdev,candev}(dev);
drivers/net/ethernet/neterion/vxge/vxge-main.c:3518 vxge_device_unregister() error: Using vdev after free_{netdev,candev}(dev);
drivers/net/ethernet/neterion/vxge/vxge-main.c:3520 vxge_device_unregister() error: Using vdev after free_{netdev,candev}(dev);
drivers/net/ethernet/neterion/vxge/vxge-main.c:3520 vxge_device_unregister() error: Using vdev after free_{netdev,candev}(dev);
Since vdev pointer is netdev private data accessing it after free_netdev()
call can cause use-after-free bug. Fix it by moving free_netdev() call at
the end of the function
Fixes: 6cca200362b4 ("vxge: cleanup probe error paths") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Pavel Skripkin [Wed, 4 Aug 2021 15:51:51 +0000 (18:51 +0300)]
net: fec: fix use-after-free in fec_drv_remove
Smatch says:
drivers/net/ethernet/freescale/fec_main.c:3994 fec_drv_remove() error: Using fep after free_{netdev,candev}(ndev);
drivers/net/ethernet/freescale/fec_main.c:3995 fec_drv_remove() error: Using fep after free_{netdev,candev}(ndev);
Since fep pointer is netdev private data, accessing it after free_netdev()
call can cause use-after-free bug. Fix it by moving free_netdev() call at
the end of the function
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: a31eda65ba21 ("net: fec: fix clock count mis-match") Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> Reviewed-by: Joakim Zhang <qiangqing.zhang@nxp.com> Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Pavel Skripkin [Wed, 4 Aug 2021 14:30:05 +0000 (17:30 +0300)]
net: pegasus: fix uninit-value in get_interrupt_interval
Syzbot reported uninit value pegasus_probe(). The problem was in missing
error handling.
get_interrupt_interval() internally calls read_eprom_word() which can
fail in some cases. For example: failed to receive usb control message.
These cases should be handled to prevent uninit value bug, since
read_eprom_word() will not initialize passed stack variable in case of
internal failure.
Steven Rostedt (VMware) [Wed, 4 Aug 2021 18:18:48 +0000 (14:18 -0400)]
tracing: Quiet smp_processor_id() use in preemptable warning in hwlat
The hardware latency detector (hwlat) has a mode that it runs one thread
across CPUs. The logic to move from the currently running CPU to the next
one in the list does a smp_processor_id() to find where it currently is.
Unfortunately, it's done with preemption enabled, and this triggers a
warning for using smp_processor_id() in a preempt enabled section.
As it is only using smp_processor_id() to get information on where it
currently is in order to simply move it to the next CPU, it doesn't really
care if it got moved in the mean time. It will simply balance out later if
such a case arises.
Switch smp_processor_id() to raw_smp_processor_id() to quiet that warning.
Grygorii Strashko [Thu, 5 Aug 2021 10:14:09 +0000 (13:14 +0300)]
net: ethernet: ti: am65-cpsw: fix crash in am65_cpsw_port_offload_fwd_mark_update()
The am65_cpsw_port_offload_fwd_mark_update() causes NULL exception crash
when there is at least one disabled port and any other port added to the
bridge first time.
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000858
pc : am65_cpsw_port_offload_fwd_mark_update+0x54/0x68
lr : am65_cpsw_netdevice_event+0x8c/0xf0
Call trace:
am65_cpsw_port_offload_fwd_mark_update+0x54/0x68
notifier_call_chain+0x54/0x98
raw_notifier_call_chain+0x14/0x20
call_netdevice_notifiers_info+0x34/0x78
__netdev_upper_dev_link+0x1c8/0x290
netdev_master_upper_dev_link+0x1c/0x28
br_add_if+0x3f0/0x6d0 [bridge]
Fix it by adding proper check for port->ndev != NULL.
Fixes: 2934db9bcb30 ("net: ti: am65-cpsw-nuss: Add netdevice notifiers") Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Dan Carpenter [Thu, 5 Aug 2021 10:38:26 +0000 (13:38 +0300)]
bnx2x: fix an error code in bnx2x_nic_load()
Set the error code if bnx2x_alloc_fw_stats_mem() fails. The current
code returns success.
Fixes: ad5afc89365e ("bnx2x: Separate VF and PF logic") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
kbuild: cancel sub_make_done for the install target to fix DKMS
Since commit bcf637f54f6d ("kbuild: parse C= and M= before changing the
working directory"), external module builds invoked by DKMS fail because
M= option is not parsed.
I wanted to add 'unset sub_make_done' in install.sh but similar scripts,
arch/*/boot/install.sh, are duplicated, so I set sub_make_done empty in
the top Makefile.
Fixes: bcf637f54f6d ("kbuild: parse C= and M= before changing the working directory") Reported-by: John S Gruber <johnsgruber@gmail.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Tested-by: John S Gruber <johnsgruber@gmail.com>
When cross compiling a MIPS kernel on a BSD based HOSTCC leads
to errors like
SYNC include/config/auto.conf.cmd - due to: .config
egrep: empty (sub)expression
UPD include/config/kernel.release
HOSTCC scripts/dtc/dtc.o - due to target missing
It turns out that egrep uses this egrep pattern:
(|MINOR_|PATCHLEVEL_)
This is not valid syntax or gives undefined results according
to POSIX 9.5.3 ERE Grammar
It seems to be silently accepted by the Linux egrep implementation
while a BSD host complains.
Such patterns can be replaced by a transformation like
"(|p1|p2)" -> "(p1|p2)?"
Fixes: 48c35b2d245f ("[MIPS] There is no __GNUC_MAJOR__") Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Trying to run a cross-compiled x86 relocs tool on a BSD based
HOSTCC leads to errors like
VOFFSET arch/x86/boot/compressed/../voffset.h - due to: vmlinux
CC arch/x86/boot/compressed/misc.o - due to: arch/x86/boot/compressed/../voffset.h
OBJCOPY arch/x86/boot/compressed/vmlinux.bin - due to: vmlinux
RELOCS arch/x86/boot/compressed/vmlinux.relocs - due to: vmlinux
empty (sub)expressionarch/x86/boot/compressed/Makefile:118: recipe for target 'arch/x86/boot/compressed/vmlinux.relocs' failed
make[3]: *** [arch/x86/boot/compressed/vmlinux.relocs] Error 1
It turns out that relocs.c uses patterns like
"something(|_end)"
This is not valid syntax or gives undefined results according
to POSIX 9.5.3 ERE Grammar
David S. Miller [Thu, 5 Aug 2021 10:28:56 +0000 (11:28 +0100)]
Merge branch 'eean-iosm-fixes'
M Chetan Kumar says:
====================
net: wwan: iosm: fixes
This patch series contains IOSM Driver fixes. Below is the patch
series breakdown.
PATCH1:
* Correct the td buffer type casting & format specifier to fix lkp buildbot
warning.
PATCH2:
* Endianness type correction for nr_of_bytes. This field is exchanged
as part of host-device protocol communication.
PATCH3:
* Correct ul/dl data protocol mask bit to know which protocol capability
does device implement.
PATCH4:
* Calling unregister_netdevice() inside wwan del link is trying to
acquire the held lock in ndo_stop_cb(). Instead, queue net dev to
be unregistered later.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
M Chetan Kumar [Wed, 4 Aug 2021 16:09:52 +0000 (21:39 +0530)]
net: wwan: iosm: fix recursive lock acquire in unregister
Calling unregister_netdevice() inside wwan del link is trying to
acquire the held lock in ndo_stop_cb(). Instead, queue net dev to
be unregistered later.
Signed-off-by: M Chetan Kumar <m.chetan.kumar@linux.intel.com> Reviewed-by: Loic Poulain <loic.poulain@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
M Chetan Kumar [Wed, 4 Aug 2021 16:09:51 +0000 (21:39 +0530)]
net: wwan: iosm: correct data protocol mask bit
Correct ul/dl data protocol mask bit to know which protocol capability
does device implement.
Signed-off-by: M Chetan Kumar <m.chetan.kumar@linux.intel.com> Reviewed-by: Loic Poulain <loic.poulain@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>