* [PATCH 4.19 000/323] 4.19.291-rc1 review
@ 2023-08-09 10:37 Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 001/323] gfs2: Dont deref jdesc in evict Greg Kroah-Hartman
` (326 more replies)
0 siblings, 327 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor
This is the start of the stable review cycle for the 4.19.291 release.
There are 323 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.291-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.19.291-rc1
Dinh Nguyen <dinguyen@kernel.org>
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
Joe Perches <joe@perches.com>
drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
Xu Yang <xu.yang_2@nxp.com>
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
Andreas Kemnade <andreas@kemnade.info>
ARM: dts: imx6sll: fixup of operating points
Peng Fan <peng.fan@nxp.com>
ARM: dts: imx: add usb alias
Shengjiu Wang <shengjiu.wang@nxp.com>
ARM: dts: imx6sll: Make ssi node name same as other platforms
Johan Hovold <johan+linaro@kernel.org>
PM: sleep: wakeirq: fix wake irq arming
Chunfeng Yun <chunfeng.yun@mediatek.com>
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
powerpc/mm/altmap: Fix altmap boundary check
Roger Quadros <rogerq@kernel.org>
mtd: rawnand: omap_elm: Fix incorrect type in assignment
Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
test_firmware: fix a memory leak with reqs buffer
Jan Kara <jack@suse.cz>
ext2: Drop fragment support
Alan Stern <stern@rowland.harvard.edu>
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
Sungwoo Kim <iam@sung-woo.kim>
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
Prince Kumar Maurya <princekumarmaurya06@gmail.com>
fs/sysv: Null check to prevent null-ptr-deref bug
Ross Maynard <bids.7405@bigpond.com>
USB: zaurus: Add ID for A-300/B-500/C-700
Ilya Dryomov <idryomov@gmail.com>
libceph: fix potential hang in ceph_osdc_notify()
Steffen Maier <maier@linux.ibm.com>
scsi: zfcp: Defer fc_rport blocking until after ADISC response
Eric Dumazet <edumazet@google.com>
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
Eric Dumazet <edumazet@google.com>
tcp_metrics: annotate data-races around tm->tcpm_net
Eric Dumazet <edumazet@google.com>
tcp_metrics: annotate data-races around tm->tcpm_vals[]
Eric Dumazet <edumazet@google.com>
tcp_metrics: annotate data-races around tm->tcpm_lock
Eric Dumazet <edumazet@google.com>
tcp_metrics: annotate data-races around tm->tcpm_stamp
Eric Dumazet <edumazet@google.com>
tcp_metrics: fix addr_same() helper
Yue Haibing <yuehaibing@huawei.com>
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
valis <sec@valis.email>
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
valis <sec@valis.email>
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
Eric Dumazet <edumazet@google.com>
net: add missing data-race annotation for sk_ll_usec
Eric Dumazet <edumazet@google.com>
net: add missing data-race annotations around sk->sk_peek_off
Jamal Hadi Salim <jhs@mojatatu.com>
net: sched: cls_u32: Fix match key mis-addressing
Georg Müller <georgmueller@gmx.net>
perf test uprobe_from_different_cu: Skip if there is no gcc
Yuanjun Gong <ruc_gongyuanjun@163.com>
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
Heiko Carstens <hca@linux.ibm.com>
KVM: s390: fix sthyi error handling
ndesaulniers@google.com <ndesaulniers@google.com>
word-at-a-time: use the same return type for has_zero regardless of endianness
Bart Van Assche <bvanassche@acm.org>
loop: Select I/O scheduler 'none' from inside add_disk()
Peter Zijlstra <peterz@infradead.org>
perf: Fix function pointer case
Lee Jones <lee@kernel.org>
net/sched: cls_u32: Fix reference counter leak leading to overflow
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
Pedro Tammela <pctammela@mojatatu.com>
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
M A Ramdhan <ramdhan@starlabs.sg>
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
Jocelyn Falempe <jfalempe@redhat.com>
drm/client: Fix memory leak in drm_client_target_cloned
Joe Thornber <ejt@redhat.com>
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
Mark Brown <broonie@kernel.org>
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
Stefan Haberland <sth@linux.ibm.com>
s390/dasd: fix hanging device after quiesce/resume
Jason Wang <jasowang@redhat.com>
virtio-net: fix race between set queues and probe
Ruihong Luo <colorsu1922@gmail.com>
serial: 8250_dw: Preserve original value of DLF register
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
serial: 8250_dw: split Synopsys DesignWare 8250 common functions
Jonas Gorski <jonas.gorski@gmail.com>
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
Alexander Steffen <Alexander.Steffen@infineon.com>
tpm_tis: Explicitly check for error code
Filipe Manana <fdmanana@suse.com>
btrfs: check for commit error at btrfs_attach_transaction_barrier()
Gilles Buloz <Gilles.Buloz@kontron.com>
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
Zhang Shurong <zhang_shurong@foxmail.com>
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation: security-bugs.rst: clarify CVE handling
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
Ricardo Ribalda <ribalda@chromium.org>
usb: xhci-mtk: set the dma max_seg_size
Łukasz Bartosik <lb@semihalf.com>
USB: quirks: add quirk for Focusrite Scarlett
Guiting Shen <aarongt.shen@gmail.com>
usb: ohci-at91: Fix the unhandle interrupt when resume
Jisheng Zhang <jszhang@kernel.org>
usb: dwc3: don't reset device side if dwc3 was configured as host-only
Gratian Crisan <gratian.crisan@ni.com>
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
Jakub Vanek <linuxtardis@gmail.com>
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
Marc Kleine-Budde <mkl@pengutronix.de>
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
Johan Hovold <johan@kernel.org>
USB: serial: simple: sort driver entries
Oliver Neukum <oneukum@suse.com>
USB: serial: simple: add Kaufmann RKS+CAN VCP
Mohsen Tahmasebi <moh53n@moh53n.ir>
USB: serial: option: add Quectel EC200A module support
Jerry Meng <jerry-meng@foxmail.com>
USB: serial: option: support Quectel EM060K_128
Zheng Yejian <zhengyejian1@huawei.com>
tracing: Fix warning in trace_buffered_event_disable()
Zheng Yejian <zhengyejian1@huawei.com>
ring-buffer: Fix wrong stat of cpu_buffer->read
Arnd Bergmann <arnd@arndb.de>
ata: pata_ns87415: mark ns87560_tf_read static
Yu Kuai <yukuai3@huawei.com>
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
Bart Van Assche <bvanassche@acm.org>
block: Fix a source code comment in include/uapi/linux/blkzoned.h
Matus Gajdos <matuszpd@gmail.com>
ASoC: fsl_spdif: Silence output on stop
Gaosheng Cui <cuigaosheng1@huawei.com>
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
Dan Carpenter <dan.carpenter@linaro.org>
RDMA/mlx4: Make check for invalid flags stricter
Yuanjun Gong <ruc_gongyuanjun@163.com>
benet: fix return value check in be_lancer_xmit_workarounds()
Lin Ma <linma@zju.edu.cn>
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
Vladimir Oltean <vladimir.oltean@nxp.com>
net/sched: mqprio: add extack to mqprio_parse_nlattr()
Vladimir Oltean <vladimir.oltean@nxp.com>
net/sched: mqprio: refactor nlattr parsing to a separate function
Maxim Mikityanskiy <maxtram95@gmail.com>
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
Hangbin Liu <liuhangbin@gmail.com>
team: reset team's flags when down link is P2P device
Hangbin Liu <liuhangbin@gmail.com>
bonding: reset bond's flags when down link is P2P device
Stewart Smith <trawets@amazon.com>
tcp: Reduce chance of collisions in inet6_hashfn().
Maciej Żenczykowski <maze@google.com>
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
Yuanjun Gong <ruc_gongyuanjun@163.com>
ethernet: atheros: fix return value check in atl1e_tso_csum()
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
Wang Ming <machel@vivo.com>
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
Chao Yu <chao@kernel.org>
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
Nilesh Javali <njavali@marvell.com>
scsi: qla2xxx: Array index may go out of bound
Ye Bin <yebin10@huawei.com>
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
Zheng Yejian <zhengyejian1@huawei.com>
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
Linus Torvalds <torvalds@linux-foundation.org>
ftrace: Store the order of pages allocated in ftrace_page
Steven Rostedt (VMware) <rostedt@goodmis.org>
ftrace: Check if pages were allocated before calling free_pages()
Steven Rostedt (VMware) <rostedt@goodmis.org>
ftrace: Add information on number of page groups allocated
Alexander Aring <aahringo@redhat.com>
fs: dlm: interrupt posix locks only when process is killed
Alexander Aring <aahringo@redhat.com>
dlm: rearrange async condition return
Alexander Aring <aahringo@redhat.com>
dlm: cleanup plock_op vs plock_xop
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
PCI/ASPM: Avoid link retraining race
Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
PCI/ASPM: Factor out pcie_wait_for_retrain()
Bjorn Helgaas <bhelgaas@google.com>
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
Stefan Mätje <stefan.maetje@esd.eu>
PCI: Rework pcie_retrain_link() wait loop
Zhihao Cheng <chengzhihao1@huawei.com>
ext4: Fix reusing stale buffer heads from last failed mounting
Chunguang Xu <brookxu@tencent.com>
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
Filipe Manana <fdmanana@suse.com>
btrfs: fix extent buffer leak after tree mod log failure at split_node()
Zheng Wang <zyytlz.wz@163.com>
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
Coly Li <colyli@suse.de>
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
Shenghui Wang <shhuiw@foxmail.com>
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
Hans de Goede <hdegoede@redhat.com>
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
Mohamed Khalfella <mkhalfella@purestorage.com>
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
Eric Dumazet <edumazet@google.com>
tcp: annotate data-races around fastopenq.max_qlen
Eric Dumazet <edumazet@google.com>
tcp: annotate data-races around tp->notsent_lowat
Eric Dumazet <edumazet@google.com>
tcp: annotate data-races around rskq_defer_accept
Eric Dumazet <edumazet@google.com>
tcp: annotate data-races around tp->linger2
Cambda Zhu <cambda@linux.alibaba.com>
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: can't schedule in nft_chain_validate
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: fix spurious set element insertion failure
Kuniyuki Iwashima <kuniyu@amazon.com>
llc: Don't drop packet from non-root netns.
Zhang Shurong <zhang_shurong@foxmail.com>
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
Kuniyuki Iwashima <kuniyu@amazon.com>
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
Yuanjun Gong <ruc_gongyuanjun@163.com>
net:ipv6: check return value of pskb_trim()
Tanmay Patil <t-patil@ti.com>
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
Mario Limonciello <mario.limonciello@amd.com>
pinctrl: amd: Use amd_pinconf_set() for all config options
Martin Kaiser <martin@kaiser.cx>
fbdev: imxfb: warn about invalid left/right margin
Jonas Gorski <jonas.gorski@gmail.com>
spi: bcm63xx: fix max prepend length
Ying Hsu <yinghsu@chromium.org>
igb: Fix igb_down hung on surprise removal
Johannes Berg <johannes.berg@intel.com>
wifi: iwlwifi: mvm: avoid baid size integer overflow
Gustavo A. R. Silva <gustavoars@kernel.org>
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
Martin KaFai Lau <martin.lau@kernel.org>
bpf: Address KCSAN report on bpf_lru_list
Yicong Yang <yangyicong@hisilicon.com>
sched/fair: Don't balance task to its current running CPU
Thomas Gleixner <tglx@linutronix.de>
posix-timers: Ensure timer ID search-loop limit is valid
Yu Kuai <yukuai3@huawei.com>
md/raid10: prevent soft lockup while flush writes
Yu Kuai <yukuai3@huawei.com>
md: fix data corruption for raid456 when reshape restart while grow up
Zhong Jinghua <zhongjinghua@huawei.com>
nbd: Add the maximum limit of allocated index in nbd_dev_add
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
debugobjects: Recheck debug_objects_enabled before reporting
Eric Whitney <enwlinux@gmail.com>
ext4: correct inline offset when handling xattrs in inode body
YueHaibing <yuehaibing@huawei.com>
can: bcm: Fix UAF in bcm_proc_show()
Miklos Szeredi <mszeredi@redhat.com>
fuse: revalidate: don't invalidate if interrupted
Georg Müller <georgmueller@gmx.net>
perf probe: Add test for regression introduced by switch to die_get_decl_file()
Mohamed Khalfella <mkhalfella@purestorage.com>
tracing/histograms: Add histograms to hist_vars if they have referenced variables
Daniel Vetter <daniel.vetter@ffwll.ch>
drm/atomic: Fix potential use-after-free in nonblocking commits
Shreyas Deodhar <sdeodhar@marvell.com>
scsi: qla2xxx: Pointer may be dereferenced
Nilesh Javali <njavali@marvell.com>
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
Bikash Hazarika <bhazarika@marvell.com>
scsi: qla2xxx: Fix potential NULL pointer dereference
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Wait for io return on terminate rport
Max Filippov <jcmvbkbc@gmail.com>
xtensa: ISS: fix call to split_if_spec
Zheng Yejian <zhengyejian1@huawei.com>
ring-buffer: Fix deadloop issue on reading trace_pipe
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Revert "8250: add support for ASIX devices with a FIFO bug"
George Stark <gnstark@sberdevices.ru>
meson saradc: fix clock divider mask length
Xiubo Li <xiubli@redhat.com>
ceph: don't let check_caps skip sending responses for revoke msgs
Martin Kaiser <martin@kaiser.cx>
hwrng: imx-rngc - fix the timeout for init and self check
Dan Carpenter <dan.carpenter@linaro.org>
serial: atmel: don't enable IRQs prematurely
Alexander Aring <aahringo@redhat.com>
fs: dlm: return positive pid value for F_GETLK
Jason Baron <jbaron@akamai.com>
md/raid0: add discard support for the 'original' layout
Damien Le Moal <dlemoal@kernel.org>
misc: pci_endpoint_test: Re-init completion for every test
Damien Le Moal <dlemoal@kernel.org>
misc: pci_endpoint_test: Free IRQs before removing the device
Rick Wertenbroek <rick.wertenbroek@gmail.com>
PCI: rockchip: Use u32 variable to access 32-bit registers
Rick Wertenbroek <rick.wertenbroek@gmail.com>
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
Rick Wertenbroek <rick.wertenbroek@gmail.com>
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
Rick Wertenbroek <rick.wertenbroek@gmail.com>
PCI: rockchip: Write PCI Device ID to correct register
Rick Wertenbroek <rick.wertenbroek@gmail.com>
PCI: rockchip: Assert PCI Configuration Enable bit after probe
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
PCI: qcom: Disable write access to read only registers for IP v2.3.3
Robin Murphy <robin.murphy@arm.com>
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
Ondrej Zary <linux@zary.sk>
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
Siddh Raman Pant <code@siddh.me>
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
Baokun Li <libaokun1@huawei.com>
ext4: only update i_reserved_data_blocks on successful block allocation
Kemeng Shi <shikemeng@huaweicloud.com>
ext4: fix wrong unit use in ext4_mb_clear_bb
Adrian Hunter <adrian.hunter@intel.com>
perf intel-pt: Fix CYC timestamps after standalone CBR
Ding Hui <dinghui@sangfor.com.cn>
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
Florian Fainelli <florian.fainelli@broadcom.com>
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
Mario Limonciello <mario.limonciello@amd.com>
pinctrl: amd: Only use special debounce behavior for GPIO 0
Mario Limonciello <mario.limonciello@amd.com>
pinctrl: amd: Detect internal GPIO0 debounce handling
Mario Limonciello <mario.limonciello@amd.com>
pinctrl: amd: Fix mistake in handling clearing pins at startup
Pedro Tammela <pctammela@mojatatu.com>
net/sched: make psched_mtu() RTNL-less safe
Randy Dunlap <rdunlap@infradead.org>
wifi: airo: avoid uninitialized warning in airo_get_rate()
Ziyang Xuan <william.xuanziyang@huawei.com>
ipv6/addrconf: fix a potential refcount underflow for idev
Jiasheng Jiang <jiasheng@iscas.ac.cn>
NTB: ntb_tool: Add check for devm_kcalloc
Yang Yingliang <yangyingliang@huawei.com>
NTB: ntb_transport: fix possible memory leak while device_register() fails
Yuan Can <yuancan@huawei.com>
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
Yuan Can <yuancan@huawei.com>
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
Yuan Can <yuancan@huawei.com>
ntb: idt: Fix error handling in idt_pci_driver_init()
Eric Dumazet <edumazet@google.com>
udp6: fix udp6_ehashfn() typo
Kuniyuki Iwashima <kuniyu@amazon.com>
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
Stephen Suryaputra <ssuryaextr@gmail.com>
vrf: Increment Icmp6InMsgs on the original netdev
Klaus Kudielka <klaus.kudielka@gmail.com>
net: mvneta: fix txq_map in case of txq_number==1
Linus Torvalds <torvalds@linux-foundation.org>
workqueue: clean up WORK_* constant types, clarify masking
Moritz Fischer <moritzf@google.com>
net: lan743x: Don't sleep in atomic context
Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
Florent Revest <revest@chromium.org>
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: fix scheduling-while-atomic splat
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: reject unbound anonymous set before commit phase
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: use net_generic infra for transaction data
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: add helper function to set up the nfnetlink header and use it
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nftables: add helper function to set the base sequence number
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: add rescheduling points during loop detection walks
Florian Westphal <fw@strlen.de>
netfilter: nf_tables: fix nat hook table deletion
Rasmus Villemoes <rasmus.villemoes@prevas.dk>
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
Rasmus Villemoes <rasmus.villemoes@prevas.dk>
spi: spi-fsl-spi: relax message sanity checking a little
Rasmus Villemoes <rasmus.villemoes@prevas.dk>
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
Arnd Bergmann <arnd@arndb.de>
ARM: orion5x: fix d2net gpio initialization
Filipe Manana <fdmanana@suse.com>
btrfs: fix race when deleting quota root from the dirty cow roots list
Fabian Frederick <fabf@skynet.be>
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
integrity: Fix possible multiple allocation in integrity_inode_get()
Zheng Wang <zyytlz.wz@163.com>
bcache: Remove unnecessary NULL point check in node allocations
Robert Marko <robimarko@gmail.com>
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
Robert Marko <robimarko@gmail.com>
mmc: core: disable TRIM on Kingston EMMC04G-M627
Dai Ngo <dai.ngo@oracle.com>
NFSD: add encoding of op_recall flag for write delegation
Takashi Iwai <tiwai@suse.de>
ALSA: jack: Fix mutex call in snd_jack_report()
Robert Hancock <robert.hancock@calian.com>
i2c: xiic: Don't try to handle more interrupt events after error
Marek Vasut <marex@denx.de>
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
Artur Rojek <contact@artur-rojek.eu>
sh: dma: Fix DMA channel offset calculation
Lin Ma <linma@zju.edu.cn>
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
Eric Dumazet <edumazet@google.com>
tcp: annotate data races in __tcp_oow_rate_limited()
Vladimir Oltean <vladimir.oltean@nxp.com>
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
Randy Dunlap <rdunlap@infradead.org>
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
Chao Yu <chao@kernel.org>
f2fs: fix error path handling in truncate_dnode()
Nishanth Menon <nm@ti.com>
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
Jonas Gorski <jonas.gorski@gmail.com>
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Tobias Heider <me@tobhe.de>
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
Chengfeng Ye <dg573847474@gmail.com>
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
mfd: stmpe: Only disable the regulators if they are enabled
Jiasheng Jiang <jiasheng@iscas.ac.cn>
mfd: intel-lpss: Add missing check for platform_get_resource
Nico Boehr <nrb@linux.ibm.com>
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
Stephan Gerhold <stephan@gerhold.net>
mfd: rt5033: Drop rt5033-battery sub-device
Li Yang <lidaxian@hust.edu.cn>
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
extcon: Fix kernel doc of property capability fields to avoid warnings
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
extcon: Fix kernel doc of property fields to avoid warnings
Duoming Zhou <duoming@zju.edu.cn>
media: usb: siano: Fix warning due to null work_func_t function pointer
Marek Vasut <marex@denx.de>
media: videodev2.h: Fix struct v4l2_input tuner index comment
Daniil Dulov <d.dulov@aladdin.ru>
media: usb: Check az6007_read() return value
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
sh: j2: Use ioremap() to translate device tree address into kernel memory
Dan Carpenter <dan.carpenter@oracle.com>
w1: fix loop in w1_fini()
Michael Schmitz <schmitzmic@gmail.com>
block: change all __u32 annotations to __be32 in affs_hardblocks.h
Davide Tronchin <davide.tronchin.94@gmail.com>
USB: serial: option: add LARA-R6 01B PIDs
Masahiro Yamada <masahiroy@kernel.org>
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
Vineet Gupta <vgupta@synopsys.com>
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
Vineet Gupta <vgupta@synopsys.com>
ARCv2: entry: avoid a branch
Vineet Gupta <vgupta@synopsys.com>
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
Vineet Gupta <vgupta@synopsys.com>
ARCv2: entry: comments about hardware auto-save on taken interrupts
Masahiro Yamada <masahiroy@kernel.org>
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
Masahiro Yamada <masahiroy@kernel.org>
modpost: fix section mismatch message for R_ARM_ABS32
Randy Dunlap <rdunlap@infradead.org>
crypto: nx - fix build warnings when DEBUG_FS is not enabled
Herbert Xu <herbert@gondor.apana.org.au>
hwrng: virtio - Fix race on data_avail and actual data
Laurent Vivier <lvivier@redhat.com>
hwrng: virtio - always add a pending request
Laurent Vivier <lvivier@redhat.com>
hwrng: virtio - don't waste entropy
Laurent Vivier <lvivier@redhat.com>
hwrng: virtio - don't wait on cleanup
Laurent Vivier <lvivier@redhat.com>
hwrng: virtio - add an internal buffer
Claudiu Beznea <claudiu.beznea@microchip.com>
pinctrl: at91-pio4: check return value of devm_kasprintf()
Namhyung Kim <namhyung@kernel.org>
perf dwarf-aux: Fix off-by-one in die_get_varname()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
pinctrl: cherryview: Return correct value if pin in push-pull mode
Sui Jingfeng <suijingfeng@loongson.cn>
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
Yuchen Yang <u202114568@hust.edu.cn>
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
Su Hui <suhui@nfschina.com>
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
drm/radeon: fix possible division-by-zero errors
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
Wolfram Sang <wsa+renesas@sang-engineering.com>
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
Randy Dunlap <rdunlap@infradead.org>
soc/fsl/qe: fix usb.c build errors
Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
ASoC: es8316: Increment max value for ALC Capture Target Volume control
Arnd Bergmann <arnd@arndb.de>
ARM: ep93xx: fix missing-prototype warnings
Dario Binacchi <dario.binacchi@amarulasolutions.com>
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
Marek Vasut <marex@denx.de>
Input: adxl34x - do not hardcode interrupt trigger type
Rafał Miłecki <rafal@milecki.pl>
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Luca Weiss <luca@z3ntu.xyz>
Input: drv260x - sleep between polling GO bit
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
radeon: avoid double free in ci_dpm_init()
Kuniyuki Iwashima <kuniyu@amazon.com>
netlink: Add __sock_i_ino() for __netlink_diag_dump().
Cambda Zhu <cambda@linux.alibaba.com>
ipvlan: Fix return value of ipvlan_queue_xmit()
Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
Jeremy Sowden <jeremy@azazel.net>
lib/ts_bm: reset initial match offset for every block of text
Kuniyuki Iwashima <kuniyu@amazon.com>
gtp: Fix use-after-free in __gtp_encap_destroy().
Eric Dumazet <edumazet@google.com>
netlink: do not hard code device address lenth in fdb dumps
Eric Dumazet <edumazet@google.com>
netlink: fix potential deadlock in netlink_set_err()
Dmitry Antipov <dmantipov@yandex.ru>
wifi: ath9k: convert msecs to jiffies where needed
Remi Pommarel <repk@triplefau.lt>
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
Arnd Bergmann <arnd@arndb.de>
memstick r592: make memstick_debug_get_tpc_name() static
Zhen Lei <thunder.leizhen@huawei.com>
kexec: fix a memory leak in crash_shrink_memory()
Douglas Anderson <dianders@chromium.org>
watchdog/perf: more properly prevent false positives with turbo modes
Douglas Anderson <dianders@chromium.org>
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
Marek Vasut <marex@denx.de>
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: ray_cs: Fix an error handling path in ray_probe()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
wifi: ray_cs: Drop useless status variable in parse_addr()
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
wifi: ray_cs: Utilize strnlen() in parse_addr()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
Jakub Kicinski <kuba@kernel.org>
wl3501_cs: use eth_hw_addr_set()
Jakub Kicinski <kuba@kernel.org>
net: create netdev->dev_addr assignment helpers
Lee Jones <lee.jones@linaro.org>
wl3501_cs: Fix misspelling and provide missing documentation
Alex Dewar <alex.dewar90@gmail.com>
wl3501_cs: Remove unnecessary NULL check
Lee Jones <lee.jones@linaro.org>
wl3501_cs: Fix a bunch of formatting issues related to function docs
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: atmel: Fix an error handling path in atmel_probe()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
nfc: constify several pointers to u8, char and sk_buff
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
Pengcheng Yang <yangpc@wangsu.com>
samples/bpf: Fix buffer overflow in tcp_basertt
Fedor Pchelkin <pchelkin@ispras.ru>
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
Peter Seiderer <ps.report@gmx.net>
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
Roberto Sassu <roberto.sassu@huawei.com>
evm: Complete description of evm_inode_setattr()
Arnd Bergmann <arnd@arndb.de>
ARM: 9303/1: kprobes: avoid missing-declaration warnings
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
PM: domains: fix integer overflow issues in genpd_parse_state()
Feng Mingxi <m202271825@hust.edu.cn>
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
Rajan Vaja <rajan.vaja@xilinx.com>
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
Daniel Lezcano <daniel.lezcano@linaro.org>
clocksource/drivers: Unify the names to timer-* format
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
Marc Zyngier <maz@kernel.org>
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
Li Nan <linan122@huawei.com>
md/raid10: fix io loss while replacement replace rdev
Li Nan <linan122@huawei.com>
md/raid10: fix wrong setting of max_corr_read_errors
Li Nan <linan122@huawei.com>
md/raid10: fix overflow of md/safe_mode_delay
Li Nan <linan122@huawei.com>
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
Kees Cook <keescook@chromium.org>
treewide: Remove uninitialized_var() usage
Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
drm/amdgpu: Validate VM ioctl flags.
Ahmed S. Darwish <darwi@linutronix.de>
scripts/tags.sh: Resolve gtags empty index generation
Lyude Paul <lyude@redhat.com>
drm/edid: Fix uninitialized variable in drm_cvt_modes()
Zheng Wang <zyytlz.wz@163.com>
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
video: imsttfb: check for ioremap() failures
Thomas Gleixner <tglx@linutronix.de>
x86/smp: Use dedicated cache-line for mwait_play_dead()
Bob Peterson <rpeterso@redhat.com>
gfs2: Don't deref jdesc in evict
-------------
Diffstat:
Documentation/admin-guide/security-bugs.rst | 37 +-
MAINTAINERS | 10 +-
Makefile | 4 +-
arch/arc/include/asm/entry-arcv2.h | 374 ++++++++--------
arch/arc/include/asm/linkage.h | 22 +-
arch/arc/kernel/asm-offsets.c | 7 +
arch/arc/kernel/entry-arcv2.S | 4 +-
arch/arc/mm/tlbex.S | 11 +
arch/arm/boot/dts/bcm5301x.dtsi | 1 -
arch/arm/boot/dts/imx6qdl.dtsi | 4 +
arch/arm/boot/dts/imx6sl.dtsi | 3 +
arch/arm/boot/dts/imx6sll.dtsi | 32 +-
arch/arm/boot/dts/imx6sx.dtsi | 3 +
arch/arm/boot/dts/imx6ul.dtsi | 2 +
arch/arm/boot/dts/imx7d.dtsi | 6 +
arch/arm/boot/dts/imx7s.dtsi | 2 +
arch/arm/mach-ep93xx/timer-ep93xx.c | 3 +-
arch/arm/mach-orion5x/board-dt.c | 3 +
arch/arm/mach-orion5x/common.h | 6 +
arch/arm/mach-sa1100/assabet.c | 2 +-
arch/arm/probes/kprobes/checkers-common.c | 2 +-
arch/arm/probes/kprobes/core.c | 2 +-
arch/arm/probes/kprobes/opt-arm.c | 2 -
arch/arm/probes/kprobes/test-core.c | 2 +-
arch/arm/probes/kprobes/test-core.h | 4 +
.../boot/dts/altera/socfpga_stratix10_socdk.dts | 2 +-
arch/arm64/boot/dts/renesas/ulcb-kf.dtsi | 3 +-
arch/ia64/kernel/process.c | 2 +-
arch/ia64/mm/discontig.c | 2 +-
arch/ia64/mm/tlb.c | 2 +-
arch/powerpc/Kconfig.debug | 2 +-
arch/powerpc/include/asm/word-at-a-time.h | 2 +-
arch/powerpc/mm/init_64.c | 3 +-
arch/powerpc/platforms/52xx/mpc52xx_pic.c | 2 +-
arch/s390/kernel/smp.c | 2 +-
arch/s390/kernel/sthyi.c | 6 +-
arch/s390/kvm/intercept.c | 9 +-
arch/s390/kvm/kvm-s390.c | 4 +
arch/sh/drivers/dma/dma-sh.c | 37 +-
arch/sh/kernel/cpu/sh2/probe.c | 2 +-
arch/x86/kernel/quirks.c | 10 +-
arch/x86/kernel/smpboot.c | 24 +-
arch/xtensa/platforms/iss/network.c | 2 +-
drivers/acpi/acpi_pad.c | 2 +-
drivers/ata/libata-scsi.c | 2 +-
drivers/ata/pata_ns87415.c | 2 +-
drivers/atm/zatm.c | 2 +-
drivers/base/arch_topology.c | 2 +-
drivers/base/cacheinfo.c | 18 +-
drivers/base/core.c | 8 +-
drivers/base/cpu.c | 34 +-
drivers/base/firmware_loader/fallback.c | 2 +-
drivers/base/memory.c | 24 +-
drivers/base/node.c | 34 +-
drivers/base/platform.c | 2 +-
drivers/base/power/domain.c | 6 +-
drivers/base/power/power.h | 8 +-
drivers/base/power/runtime.c | 6 +-
drivers/base/power/sysfs.c | 50 +--
drivers/base/power/wakeirq.c | 111 ++++-
drivers/base/soc.c | 8 +-
drivers/block/drbd/drbd_nl.c | 6 +-
drivers/block/loop.c | 3 +-
drivers/block/nbd.c | 3 +-
drivers/char/hw_random/imx-rngc.c | 6 +-
drivers/char/hw_random/virtio-rng.c | 86 +++-
drivers/char/tpm/tpm_tis_core.c | 10 +-
drivers/char/tpm/tpm_vtpm_proxy.c | 30 +-
drivers/clk/clk-gate.c | 2 +-
drivers/clocksource/Makefile | 26 +-
...{time-armada-370-xp.c => timer-armada-370-xp.c} | 0
.../{cadence_ttc_timer.c => timer-cadence-ttc.c} | 45 +-
.../clocksource/{time-efm32.c => timer-efm32.c} | 0
.../{fsl_ftm_timer.c => timer-fsl-ftm.c} | 0
.../{time-lpc32xx.c => timer-lpc32xx.c} | 0
.../clocksource/{time-orion.c => timer-orion.c} | 0
drivers/clocksource/{owl-timer.c => timer-owl.c} | 0
.../{time-pistachio.c => timer-pistachio.c} | 0
drivers/clocksource/{qcom-timer.c => timer-qcom.c} | 0
.../clocksource/{versatile.c => timer-versatile.c} | 0
.../clocksource/{vf_pit_timer.c => timer-vf-pit.c} | 0
.../clocksource/{vt8500_timer.c => timer-vt8500.c} | 0
.../clocksource/{zevio-timer.c => timer-zevio.c} | 0
drivers/crypto/nx/Makefile | 2 +-
drivers/crypto/nx/nx.h | 4 +-
drivers/extcon/extcon.c | 8 +
drivers/firewire/ohci.c | 14 +-
drivers/gpio/gpio-tps68470.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 +
drivers/gpu/drm/bridge/sil-sii8620.c | 2 +-
drivers/gpu/drm/drm_atomic.c | 11 +-
drivers/gpu/drm/drm_edid.c | 4 +-
drivers/gpu/drm/drm_fb_helper.c | 5 +
drivers/gpu/drm/exynos/exynos_drm_dsi.c | 6 +-
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 2 +-
drivers/gpu/drm/panel/panel-simple.c | 4 +-
drivers/gpu/drm/radeon/ci_dpm.c | 28 +-
drivers/gpu/drm/radeon/cypress_dpm.c | 8 +-
drivers/gpu/drm/radeon/ni_dpm.c | 8 +-
drivers/gpu/drm/radeon/rv740_dpm.c | 8 +-
drivers/hwmon/nct7802.c | 2 +-
drivers/i2c/busses/i2c-rk3x.c | 2 +-
drivers/i2c/busses/i2c-xiic.c | 39 +-
drivers/ide/ide-acpi.c | 2 +-
drivers/ide/ide-atapi.c | 2 +-
drivers/ide/ide-io-std.c | 4 +-
drivers/ide/ide-io.c | 8 +-
drivers/ide/ide-sysfs.c | 2 +-
drivers/ide/umc8672.c | 2 +-
drivers/iio/adc/meson_saradc.c | 2 +-
drivers/infiniband/core/uverbs_cmd.c | 4 +-
drivers/infiniband/hw/cxgb4/cm.c | 2 +-
drivers/infiniband/hw/cxgb4/cq.c | 2 +-
drivers/infiniband/hw/hfi1/sdma.c | 4 +-
drivers/infiniband/hw/hfi1/sdma.h | 15 +-
drivers/infiniband/hw/mlx4/qp.c | 24 +-
drivers/infiniband/hw/mlx5/cq.c | 2 +-
drivers/infiniband/hw/mthca/mthca_qp.c | 10 +-
drivers/input/misc/adxl34x.c | 3 +-
drivers/input/misc/drv260x.c | 1 +
drivers/input/serio/serio_raw.c | 2 +-
drivers/irqchip/irq-bcm6345-l1.c | 14 +-
drivers/irqchip/irq-jcore-aic.c | 11 +-
drivers/mailbox/ti-msgmgr.c | 12 +-
drivers/md/bcache/alloc.c | 35 +-
drivers/md/bcache/bcache.h | 4 +-
drivers/md/bcache/btree.c | 16 +-
drivers/md/bcache/super.c | 6 +-
drivers/md/dm-cache-policy-smq.c | 28 +-
drivers/md/dm-io.c | 2 +-
drivers/md/dm-ioctl.c | 2 +-
drivers/md/dm-raid.c | 9 +-
drivers/md/dm-snap-persistent.c | 2 +-
drivers/md/dm-table.c | 2 +-
drivers/md/md-bitmap.c | 17 +-
drivers/md/md.c | 23 +-
drivers/md/raid0.c | 62 ++-
drivers/md/raid0.h | 1 +
drivers/md/raid10.c | 24 +-
drivers/md/raid5.c | 2 +-
drivers/media/dvb-frontends/rtl2832.c | 2 +-
drivers/media/tuners/qt1010.c | 4 +-
drivers/media/usb/dvb-usb-v2/az6007.c | 3 +-
drivers/media/usb/gspca/vicam.c | 2 +-
drivers/media/usb/siano/smsusb.c | 3 +-
drivers/media/usb/uvc/uvc_video.c | 8 +-
drivers/memstick/host/jmb38x_ms.c | 2 +-
drivers/memstick/host/r592.c | 4 +-
drivers/memstick/host/tifm_ms.c | 2 +-
drivers/mfd/intel-lpss-acpi.c | 3 +
drivers/mfd/rt5033.c | 3 -
drivers/mfd/stmpe.c | 4 +-
drivers/misc/pci_endpoint_test.c | 10 +-
drivers/mmc/core/quirks.h | 14 +
drivers/mmc/host/sdhci.c | 2 +-
drivers/mtd/nand/raw/nand_ecc.c | 2 +-
drivers/mtd/nand/raw/omap_elm.c | 24 +-
drivers/mtd/nand/raw/s3c2410.c | 2 +-
drivers/mtd/ubi/eba.c | 2 +-
drivers/net/bonding/bond_main.c | 5 +
drivers/net/can/janz-ican3.c | 2 +-
drivers/net/can/usb/gs_usb.c | 2 +
drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 7 +-
drivers/net/ethernet/broadcom/bnx2.c | 4 +-
drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +
drivers/net/ethernet/broadcom/tg3.c | 1 +
drivers/net/ethernet/emulex/benet/be_main.c | 3 +-
drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +-
drivers/net/ethernet/intel/igb/igb_main.c | 5 +
drivers/net/ethernet/marvell/mvneta.c | 4 +-
.../mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 4 +-
.../net/ethernet/mellanox/mlx5/core/pagealloc.c | 4 +-
drivers/net/ethernet/microchip/lan743x_main.c | 21 +-
drivers/net/ethernet/neterion/s2io.c | 2 +-
drivers/net/ethernet/qlogic/qla3xxx.c | 2 +-
drivers/net/ethernet/sun/cassini.c | 2 +-
drivers/net/ethernet/sun/niu.c | 6 +-
drivers/net/ethernet/ti/cpsw_ale.c | 24 +-
drivers/net/gtp.c | 2 +
drivers/net/ipvlan/ipvlan_core.c | 9 +-
drivers/net/team/team.c | 9 +
drivers/net/usb/cdc_ether.c | 21 +
drivers/net/usb/usbnet.c | 6 +
drivers/net/usb/zaurus.c | 21 +
drivers/net/virtio_net.c | 4 +-
drivers/net/wan/z85230.c | 2 +-
drivers/net/wireless/ath/ath10k/core.c | 2 +-
drivers/net/wireless/ath/ath6kl/init.c | 2 +-
drivers/net/wireless/ath/ath9k/ar9003_hw.c | 27 +-
drivers/net/wireless/ath/ath9k/htc_hst.c | 8 +-
drivers/net/wireless/ath/ath9k/init.c | 2 +-
drivers/net/wireless/ath/ath9k/main.c | 11 +-
drivers/net/wireless/ath/ath9k/wmi.c | 4 +
drivers/net/wireless/atmel/atmel_cs.c | 13 +-
drivers/net/wireless/broadcom/b43/debugfs.c | 2 +-
drivers/net/wireless/broadcom/b43/dma.c | 2 +-
drivers/net/wireless/broadcom/b43/lo.c | 2 +-
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
drivers/net/wireless/broadcom/b43/xmit.c | 12 +-
drivers/net/wireless/broadcom/b43legacy/debugfs.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/main.c | 2 +-
drivers/net/wireless/cisco/airo.c | 5 +-
drivers/net/wireless/intel/iwlegacy/3945.c | 2 +-
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +-
drivers/net/wireless/intersil/orinoco/orinoco_cs.c | 13 +-
.../net/wireless/intersil/orinoco/spectrum_cs.c | 13 +-
drivers/net/wireless/marvell/mwifiex/scan.c | 6 +-
drivers/net/wireless/ray_cs.c | 36 +-
drivers/net/wireless/rsi/rsi_91x_sdio.c | 3 -
drivers/net/wireless/wl3501_cs.c | 51 ++-
drivers/ntb/hw/amd/ntb_hw_amd.c | 7 +-
drivers/ntb/hw/idt/ntb_hw_idt.c | 7 +-
drivers/ntb/hw/intel/ntb_hw_gen1.c | 7 +-
drivers/ntb/ntb_transport.c | 2 +-
drivers/ntb/test/ntb_tool.c | 2 +
drivers/pci/controller/dwc/pcie-qcom.c | 2 +
drivers/pci/controller/pcie-rockchip-ep.c | 64 +--
drivers/pci/controller/pcie-rockchip.c | 17 +
drivers/pci/controller/pcie-rockchip.h | 11 +-
drivers/pci/pci.c | 10 +-
drivers/pci/pcie/aspm.c | 57 ++-
drivers/pci/quirks.c | 2 +
drivers/phy/hisilicon/phy-hisi-inno-usb2.c | 2 +-
drivers/pinctrl/intel/pinctrl-cherryview.c | 15 +-
drivers/pinctrl/pinctrl-amd.c | 41 +-
drivers/pinctrl/pinctrl-amd.h | 1 +
drivers/pinctrl/pinctrl-at91-pio4.c | 2 +
drivers/platform/x86/hdaps.c | 4 +-
drivers/platform/x86/msi-laptop.c | 8 +-
drivers/rtc/rtc-st-lpc.c | 2 +-
drivers/s390/block/dasd_ioctl.c | 1 +
drivers/s390/scsi/zfcp_fc.c | 6 +-
drivers/scsi/3w-xxxx.c | 4 +-
drivers/scsi/dc395x.c | 2 +-
drivers/scsi/pm8001/pm8001_hwi.c | 2 +-
drivers/scsi/pm8001/pm80xx_hwi.c | 2 +-
drivers/scsi/qla2xxx/qla_attr.c | 13 +
drivers/scsi/qla2xxx/qla_bsg.c | 6 +
drivers/scsi/qla2xxx/qla_iocb.c | 3 +-
drivers/scsi/qla2xxx/qla_os.c | 5 +-
drivers/soc/fsl/qe/Kconfig | 1 +
drivers/spi/spi-bcm-qspi.c | 10 +-
drivers/spi/spi-bcm63xx.c | 2 +-
drivers/spi/spi-fsl-spi.c | 25 +-
drivers/ssb/driver_chipcommon.c | 4 +-
drivers/staging/ks7010/ks_wlan_net.c | 6 +-
drivers/tty/cyclades.c | 2 +-
drivers/tty/isicom.c | 2 +-
drivers/tty/serial/8250/8250.h | 1 -
drivers/tty/serial/8250/8250_dwlib.c | 128 ++++++
drivers/tty/serial/8250/8250_dwlib.h | 19 +
drivers/tty/serial/8250/8250_pci.c | 19 -
drivers/tty/serial/8250/8250_port.c | 11 +-
drivers/tty/serial/8250/Kconfig | 3 +
drivers/tty/serial/8250/Makefile | 1 +
drivers/tty/serial/atmel_serial.c | 4 +-
drivers/tty/serial/samsung.c | 14 +-
drivers/usb/core/quirks.c | 4 +
drivers/usb/dwc3/core.c | 20 +-
drivers/usb/dwc3/core.h | 3 -
drivers/usb/dwc3/dwc3-pci.c | 6 +-
drivers/usb/host/ohci-at91.c | 8 +-
drivers/usb/host/xhci-mtk.c | 1 +
drivers/usb/musb/cppi_dma.c | 2 +-
drivers/usb/phy/phy-tahvo.c | 2 +-
drivers/usb/serial/option.c | 10 +
drivers/usb/serial/usb-serial-simple.c | 73 ++--
drivers/usb/storage/sddr55.c | 4 +-
drivers/vhost/net.c | 4 +-
drivers/video/fbdev/au1200fb.c | 3 +
drivers/video/fbdev/imsttfb.c | 34 +-
drivers/video/fbdev/imxfb.c | 4 +-
drivers/video/fbdev/matrox/matroxfb_maven.c | 6 +-
drivers/video/fbdev/omap/lcd_mipid.c | 6 +-
drivers/video/fbdev/pm3fb.c | 6 +-
drivers/video/fbdev/riva/riva_hw.c | 3 +-
drivers/virtio/virtio_ring.c | 2 +-
drivers/w1/w1.c | 4 +-
fs/afs/dir.c | 2 +-
fs/afs/security.c | 2 +-
fs/btrfs/ctree.c | 2 +
fs/btrfs/qgroup.c | 2 +
fs/btrfs/transaction.c | 9 +-
fs/ceph/caps.c | 9 +
fs/dlm/netlink.c | 2 +-
fs/dlm/plock.c | 104 +++--
fs/ext2/ext2.h | 12 -
fs/ext2/super.c | 23 +-
fs/ext4/ext4.h | 2 +-
fs/ext4/fsmap.c | 8 +-
fs/ext4/indirect.c | 8 +
fs/ext4/inode.c | 10 -
fs/ext4/ioctl.c | 5 +-
fs/ext4/mballoc.c | 4 +-
fs/ext4/super.c | 25 +-
fs/ext4/xattr.c | 14 +
fs/f2fs/node.c | 4 +-
fs/fat/dir.c | 2 +-
fs/fuse/control.c | 2 +-
fs/fuse/cuse.c | 2 +-
fs/fuse/dir.c | 2 +-
fs/fuse/file.c | 2 +-
fs/gfs2/aops.c | 2 +-
fs/gfs2/bmap.c | 2 +-
fs/gfs2/super.c | 8 +
fs/hfsplus/unicode.c | 2 +-
fs/isofs/namei.c | 4 +-
fs/jffs2/build.c | 5 +-
fs/jffs2/erase.c | 2 +-
fs/jffs2/xattr.c | 13 +-
fs/jffs2/xattr.h | 4 +-
fs/jfs/jfs_dmap.c | 6 +
fs/jfs/jfs_filsys.h | 2 +
fs/nfsd/nfs4xdr.c | 2 +-
fs/nfsd/nfsctl.c | 2 +-
fs/ocfs2/alloc.c | 4 +-
fs/ocfs2/dir.c | 14 +-
fs/ocfs2/extent_map.c | 4 +-
fs/ocfs2/namei.c | 2 +-
fs/ocfs2/refcounttree.c | 2 +-
fs/ocfs2/xattr.c | 2 +-
fs/omfs/file.c | 2 +-
fs/overlayfs/copy_up.c | 2 +-
fs/sysv/itree.c | 4 +
fs/ubifs/commit.c | 6 +-
fs/ubifs/dir.c | 2 +-
fs/ubifs/file.c | 4 +-
fs/ubifs/journal.c | 2 +-
fs/ubifs/lpt.c | 2 +-
fs/ubifs/tnc.c | 6 +-
fs/ubifs/tnc_misc.c | 4 +-
fs/udf/balloc.c | 2 +-
fs/xfs/xfs_bmap_util.c | 2 +-
include/asm-generic/word-at-a-time.h | 2 +-
include/linux/etherdevice.h | 12 +
include/linux/netdevice.h | 18 +
include/linux/netfilter/nfnetlink.h | 27 ++
include/linux/nmi.h | 2 +-
include/linux/pci.h | 1 +
include/linux/pm_wakeirq.h | 9 +-
include/linux/sched/signal.h | 2 +-
include/linux/serial_8250.h | 1 -
include/linux/tcp.h | 2 +-
include/linux/workqueue.h | 15 +-
include/net/addrconf.h | 16 +
include/net/ipv6.h | 8 +-
include/net/netfilter/nf_tables.h | 14 +
include/net/netns/nftables.h | 5 -
include/net/nfc/nfc.h | 4 +-
include/net/pkt_sched.h | 2 +-
include/net/sock.h | 1 +
include/net/tcp.h | 7 +-
include/uapi/linux/affs_hardblocks.h | 68 +--
include/uapi/linux/blkzoned.h | 10 +-
include/uapi/linux/videodev2.h | 2 +-
kernel/async.c | 4 +-
kernel/audit.c | 2 +-
kernel/bpf/bpf_lru_list.c | 21 +-
kernel/bpf/bpf_lru_list.h | 7 +-
kernel/dma/debug.c | 2 +-
kernel/events/core.c | 10 +-
kernel/events/uprobes.c | 2 +-
kernel/exit.c | 2 +-
kernel/futex.c | 12 +-
kernel/kexec_core.c | 5 +-
kernel/locking/lockdep.c | 6 +-
kernel/sched/fair.c | 2 +-
kernel/time/posix-timers.c | 31 +-
kernel/trace/ftrace.c | 75 +++-
kernel/trace/ring_buffer.c | 48 +-
kernel/trace/trace.c | 21 +-
kernel/trace/trace.h | 2 +
kernel/trace/trace_events.c | 14 +-
kernel/trace/trace_events_hist.c | 9 +-
kernel/watchdog_hld.c | 6 +-
kernel/workqueue.c | 13 +-
lib/debugobjects.c | 9 +
lib/radix-tree.c | 2 +-
lib/test_firmware.c | 18 +-
lib/ts_bm.c | 4 +-
mm/frontswap.c | 2 +-
mm/ksm.c | 2 +-
mm/memcontrol.c | 2 +-
mm/mempolicy.c | 4 +-
mm/percpu.c | 2 +-
mm/slub.c | 4 +-
mm/swap.c | 4 +-
net/bluetooth/l2cap_sock.c | 2 +
net/bridge/br_if.c | 5 +-
net/can/bcm.c | 12 +-
net/ceph/osd_client.c | 20 +-
net/core/rtnetlink.c | 8 +-
net/core/sock.c | 23 +-
net/dccp/options.c | 2 +-
net/ipv4/inet_hashtables.c | 17 +-
net/ipv4/inet_timewait_sock.c | 8 +-
net/ipv4/netfilter/nf_socket_ipv4.c | 6 +-
net/ipv4/tcp.c | 27 +-
net/ipv4/tcp_fastopen.c | 6 +-
net/ipv4/tcp_input.c | 12 +-
net/ipv4/tcp_metrics.c | 70 +--
net/ipv6/addrconf.c | 17 +-
net/ipv6/icmp.c | 22 +-
net/ipv6/ip6_flowlabel.c | 2 +-
net/ipv6/ip6_gre.c | 3 +-
net/ipv6/ip6mr.c | 2 +-
net/ipv6/netfilter/nf_socket_ipv6.c | 2 +-
net/ipv6/reassembly.c | 4 +-
net/ipv6/udp.c | 2 +-
net/llc/llc_input.c | 3 -
net/netfilter/ipset/ip_set_core.c | 17 +-
net/netfilter/nf_conntrack_ftp.c | 2 +-
net/netfilter/nf_conntrack_helper.c | 4 +
net/netfilter/nf_conntrack_netlink.c | 77 +---
net/netfilter/nf_conntrack_sip.c | 2 +-
net/netfilter/nf_tables_api.c | 486 ++++++++++++---------
net/netfilter/nf_tables_trace.c | 9 +-
net/netfilter/nfnetlink_acct.c | 11 +-
net/netfilter/nfnetlink_cthelper.c | 11 +-
net/netfilter/nfnetlink_cttimeout.c | 22 +-
net/netfilter/nfnetlink_log.c | 13 +-
net/netfilter/nfnetlink_queue.c | 16 +-
net/netfilter/nft_byteorder.c | 14 +-
net/netfilter/nft_chain_filter.c | 11 +-
net/netfilter/nft_compat.c | 11 +-
net/netfilter/nft_dynset.c | 6 +-
net/netlink/af_netlink.c | 5 +-
net/netlink/diag.c | 7 +-
net/nfc/core.c | 4 +-
net/nfc/hci/llc_shdlc.c | 10 +-
net/nfc/llcp.h | 8 +-
net/nfc/llcp_commands.c | 47 +-
net/nfc/llcp_core.c | 44 +-
net/nfc/nfc.h | 2 +-
net/sched/act_pedit.c | 1 +
net/sched/cls_flow.c | 2 +-
net/sched/cls_fw.c | 10 +-
net/sched/cls_route.c | 1 -
net/sched/cls_u32.c | 77 +++-
net/sched/sch_cake.c | 2 +-
net/sched/sch_cbq.c | 2 +-
net/sched/sch_fq_codel.c | 2 +-
net/sched/sch_mqprio.c | 144 +++---
net/sched/sch_qfq.c | 7 +-
net/sched/sch_sfq.c | 2 +-
net/sctp/socket.c | 4 +-
net/sunrpc/svcsock.c | 27 +-
net/unix/af_unix.c | 2 +-
net/wireless/wext-core.c | 6 +
samples/bpf/tcp_basertt_kern.c | 2 +-
scripts/mod/modpost.c | 24 +-
scripts/tags.sh | 9 +-
security/integrity/evm/evm_main.c | 2 +
security/integrity/iint.c | 15 +-
sound/core/control_compat.c | 2 +-
sound/core/jack.c | 15 +-
sound/isa/sb/sb16_csp.c | 2 +-
sound/pci/ac97/ac97_codec.c | 4 +-
sound/soc/codecs/cs42l51-i2c.c | 6 +
sound/soc/codecs/cs42l51.c | 7 -
sound/soc/codecs/cs42l51.h | 1 -
sound/soc/codecs/es8316.c | 9 +-
sound/soc/codecs/wm8904.c | 3 +
sound/soc/fsl/fsl_spdif.c | 2 +
sound/usb/endpoint.c | 2 +-
.../tests/shell/test_uprobe_from_different_cu.sh | 83 ++++
tools/perf/util/dwarf-aux.c | 2 +-
.../perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 +
469 files changed, 3441 insertions(+), 2100 deletions(-)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 001/323] gfs2: Dont deref jdesc in evict
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 002/323] x86/smp: Use dedicated cache-line for mwait_play_dead() Greg Kroah-Hartman
` (325 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Lan, Bob Peterson,
Andreas Gruenbacher, Dragos-Marian Panait
From: Bob Peterson <rpeterso@redhat.com>
commit 504a10d9e46bc37b23d0a1ae2f28973c8516e636 upstream.
On corrupt gfs2 file systems the evict code can try to reference the
journal descriptor structure, jdesc, after it has been freed and set to
NULL. The sequence of events is:
init_journal()
...
fail_jindex:
gfs2_jindex_free(sdp); <------frees journals, sets jdesc = NULL
if (gfs2_holder_initialized(&ji_gh))
gfs2_glock_dq_uninit(&ji_gh);
fail:
iput(sdp->sd_jindex); <--references jdesc in evict_linked_inode
evict()
gfs2_evict_inode()
evict_linked_inode()
ret = gfs2_trans_begin(sdp, 0, sdp->sd_jdesc->jd_blocks);
<------references the now freed/zeroed sd_jdesc pointer.
The call to gfs2_trans_begin is done because the truncate_inode_pages
call can cause gfs2 events that require a transaction, such as removing
journaled data (jdata) blocks from the journal.
This patch fixes the problem by adding a check for sdp->sd_jdesc to
function gfs2_evict_inode. In theory, this should only happen to corrupt
gfs2 file systems, when gfs2 detects the problem, reports it, then tries
to evict all the system inodes it has read in up to that point.
Reported-by: Yang Lan <lanyang0908@gmail.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
[DP: adjusted context]
Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/gfs2/super.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/fs/gfs2/super.c
+++ b/fs/gfs2/super.c
@@ -1586,6 +1586,14 @@ static void gfs2_evict_inode(struct inod
if (inode->i_nlink || sb_rdonly(sb))
goto out;
+ /*
+ * In case of an incomplete mount, gfs2_evict_inode() may be called for
+ * system files without having an active journal to write to. In that
+ * case, skip the filesystem evict.
+ */
+ if (!sdp->sd_jdesc)
+ goto out;
+
if (test_bit(GIF_ALLOC_FAILED, &ip->i_flags)) {
BUG_ON(!gfs2_glock_is_locked_by_me(ip->i_gl));
gfs2_holder_mark_uninitialized(&gh);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 002/323] x86/smp: Use dedicated cache-line for mwait_play_dead()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 001/323] gfs2: Dont deref jdesc in evict Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 003/323] video: imsttfb: check for ioremap() failures Greg Kroah-Hartman
` (324 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Gleixner, Ashok Raj,
Borislav Petkov (AMD)
From: Thomas Gleixner <tglx@linutronix.de>
commit f9c9987bf52f4e42e940ae217333ebb5a4c3b506 upstream.
Monitoring idletask::thread_info::flags in mwait_play_dead() has been an
obvious choice as all what is needed is a cache line which is not written
by other CPUs.
But there is a use case where a "dead" CPU needs to be brought out of
MWAIT: kexec().
This is required as kexec() can overwrite text, pagetables, stacks and the
monitored cacheline of the original kernel. The latter causes MWAIT to
resume execution which obviously causes havoc on the kexec kernel which
results usually in triple faults.
Use a dedicated per CPU storage to prepare for that.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ashok Raj <ashok.raj@intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230615193330.434553750@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/smpboot.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -96,6 +96,17 @@ DEFINE_PER_CPU_READ_MOSTLY(cpumask_var_t
DEFINE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info);
EXPORT_PER_CPU_SYMBOL(cpu_info);
+struct mwait_cpu_dead {
+ unsigned int control;
+ unsigned int status;
+};
+
+/*
+ * Cache line aligned data for mwait_play_dead(). Separate on purpose so
+ * that it's unlikely to be touched by other CPUs.
+ */
+static DEFINE_PER_CPU_ALIGNED(struct mwait_cpu_dead, mwait_cpu_dead);
+
/* Logical package management. We might want to allocate that dynamically */
unsigned int __max_logical_packages __read_mostly;
EXPORT_SYMBOL(__max_logical_packages);
@@ -1595,10 +1606,10 @@ static bool wakeup_cpu0(void)
*/
static inline void mwait_play_dead(void)
{
+ struct mwait_cpu_dead *md = this_cpu_ptr(&mwait_cpu_dead);
unsigned int eax, ebx, ecx, edx;
unsigned int highest_cstate = 0;
unsigned int highest_subcstate = 0;
- void *mwait_ptr;
int i;
if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
@@ -1632,13 +1643,6 @@ static inline void mwait_play_dead(void)
(highest_subcstate - 1);
}
- /*
- * This should be a memory location in a cache line which is
- * unlikely to be touched by other processors. The actual
- * content is immaterial as it is not actually modified in any way.
- */
- mwait_ptr = ¤t_thread_info()->flags;
-
wbinvd();
while (1) {
@@ -1650,9 +1654,9 @@ static inline void mwait_play_dead(void)
* case where we return around the loop.
*/
mb();
- clflush(mwait_ptr);
+ clflush(md);
mb();
- __monitor(mwait_ptr, 0, 0);
+ __monitor(md, 0, 0);
mb();
__mwait(eax, 0);
/*
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 003/323] video: imsttfb: check for ioremap() failures
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 001/323] gfs2: Dont deref jdesc in evict Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 002/323] x86/smp: Use dedicated cache-line for mwait_play_dead() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 004/323] fbdev: imsttfb: Fix use after free bug in imsttfb_probe Greg Kroah-Hartman
` (323 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Finn Thain,
Bartlomiej Zolnierkiewicz, Rob Herring
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 13b7c0390a5d3840e1e2cda8f44a310fdbb982de upstream.
We should check if ioremap() were to somehow fail in imsttfb_probe() and
handle the unwinding of the resources allocated here properly.
Ideally if anyone cares about this driver (it's for a PowerMac era PCI
display card), they wouldn't even be using fbdev anymore. Or the devm_*
apis could be used, but that's just extra work for diminishing
returns...
Cc: Finn Thain <fthain@telegraphics.com.au>
Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/20210503115736.2104747-68-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/imsttfb.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--- a/drivers/video/fbdev/imsttfb.c
+++ b/drivers/video/fbdev/imsttfb.c
@@ -1470,6 +1470,7 @@ static int imsttfb_probe(struct pci_dev
struct imstt_par *par;
struct fb_info *info;
struct device_node *dp;
+ int ret = -ENOMEM;
dp = pci_device_to_OF_node(pdev);
if(dp)
@@ -1508,23 +1509,37 @@ static int imsttfb_probe(struct pci_dev
default:
printk(KERN_INFO "imsttfb: Device 0x%x unknown, "
"contact maintainer.\n", pdev->device);
- release_mem_region(addr, size);
- framebuffer_release(info);
- return -ENODEV;
+ ret = -ENODEV;
+ goto error;
}
info->fix.smem_start = addr;
info->screen_base = (__u8 *)ioremap(addr, par->ramdac == IBM ?
0x400000 : 0x800000);
+ if (!info->screen_base)
+ goto error;
info->fix.mmio_start = addr + 0x800000;
par->dc_regs = ioremap(addr + 0x800000, 0x1000);
+ if (!par->dc_regs)
+ goto error;
par->cmap_regs_phys = addr + 0x840000;
par->cmap_regs = (__u8 *)ioremap(addr + 0x840000, 0x1000);
+ if (!par->cmap_regs)
+ goto error;
info->pseudo_palette = par->palette;
init_imstt(info);
pci_set_drvdata(pdev, info);
return 0;
+
+error:
+ if (par->dc_regs)
+ iounmap(par->dc_regs);
+ if (info->screen_base)
+ iounmap(info->screen_base);
+ release_mem_region(addr, size);
+ framebuffer_release(info);
+ return ret;
}
static void imsttfb_remove(struct pci_dev *pdev)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 004/323] fbdev: imsttfb: Fix use after free bug in imsttfb_probe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 003/323] video: imsttfb: check for ioremap() failures Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 005/323] drm/edid: Fix uninitialized variable in drm_cvt_modes() Greg Kroah-Hartman
` (322 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheng Wang, Helge Deller
From: Zheng Wang <zyytlz.wz@163.com>
commit c75f5a55061091030a13fef71b9995b89bc86213 upstream.
A use-after-free bug may occur if init_imstt invokes framebuffer_release
and free the info ptr. The caller, imsttfb_probe didn't notice that and
still keep the ptr as private data in pdev.
If we remove the driver which will call imsttfb_remove to make cleanup,
UAF happens.
Fix it by return error code if bad case happens in init_imstt.
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/video/fbdev/imsttfb.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
--- a/drivers/video/fbdev/imsttfb.c
+++ b/drivers/video/fbdev/imsttfb.c
@@ -1348,7 +1348,7 @@ static struct fb_ops imsttfb_ops = {
.fb_ioctl = imsttfb_ioctl,
};
-static void init_imstt(struct fb_info *info)
+static int init_imstt(struct fb_info *info)
{
struct imstt_par *par = info->par;
__u32 i, tmp, *ip, *end;
@@ -1420,7 +1420,7 @@ static void init_imstt(struct fb_info *i
|| !(compute_imstt_regvals(par, info->var.xres, info->var.yres))) {
printk("imsttfb: %ux%ux%u not supported\n", info->var.xres, info->var.yres, info->var.bits_per_pixel);
framebuffer_release(info);
- return;
+ return -ENODEV;
}
sprintf(info->fix.id, "IMS TT (%s)", par->ramdac == IBM ? "IBM" : "TVP");
@@ -1456,12 +1456,13 @@ static void init_imstt(struct fb_info *i
if (register_framebuffer(info) < 0) {
framebuffer_release(info);
- return;
+ return -ENODEV;
}
tmp = (read_reg_le32(par->dc_regs, SSTATUS) & 0x0f00) >> 8;
fb_info(info, "%s frame buffer; %uMB vram; chip version %u\n",
info->fix.id, info->fix.smem_len >> 20, tmp);
+ return 0;
}
static int imsttfb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
@@ -1527,10 +1528,10 @@ static int imsttfb_probe(struct pci_dev
if (!par->cmap_regs)
goto error;
info->pseudo_palette = par->palette;
- init_imstt(info);
-
- pci_set_drvdata(pdev, info);
- return 0;
+ ret = init_imstt(info);
+ if (!ret)
+ pci_set_drvdata(pdev, info);
+ return ret;
error:
if (par->dc_regs)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 005/323] drm/edid: Fix uninitialized variable in drm_cvt_modes()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 004/323] fbdev: imsttfb: Fix use after free bug in imsttfb_probe Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 006/323] scripts/tags.sh: Resolve gtags empty index generation Greg Kroah-Hartman
` (321 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lyude Paul, Ilia Mirkin
From: Lyude Paul <lyude@redhat.com>
commit 991fcb77f490390bcad89fa67d95763c58cdc04c upstream.
Noticed this when trying to compile with -Wall on a kernel fork. We
potentially don't set width here, which causes the compiler to complain
about width potentially being uninitialized in drm_cvt_modes(). So, let's
fix that.
Changes since v1:
* Don't emit an error as this code isn't reachable, just mark it as such
Changes since v2:
* Remove now unused variable
Fixes: 3f649ab728cd ("treewide: Remove uninitialized_var() usage")
Signed-off-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Ilia Mirkin <imirkin@alum.mit.edu>
Link: https://patchwork.freedesktop.org/patch/msgid/20201105235703.1328115-1-lyude@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_edid.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -2798,6 +2798,8 @@ static int drm_cvt_modes(struct drm_conn
case 0x0c:
width = height * 15 / 9;
break;
+ default:
+ unreachable();
}
for (j = 1; j < 5; j++) {
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 006/323] scripts/tags.sh: Resolve gtags empty index generation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 005/323] drm/edid: Fix uninitialized variable in drm_cvt_modes() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 007/323] drm/amdgpu: Validate VM ioctl flags Greg Kroah-Hartman
` (320 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ahmed S. Darwish, Masahiro Yamada
From: Ahmed S. Darwish <darwi@linutronix.de>
commit e1b37563caffc410bb4b55f153ccb14dede66815 upstream.
gtags considers any file outside of its current working directory
"outside the source tree" and refuses to index it. For O= kernel builds,
or when "make" is invoked from a directory other then the kernel source
tree, gtags ignores the entire kernel source and generates an empty
index.
Force-set gtags current working directory to the kernel source tree.
Due to commit 9da0763bdd82 ("kbuild: Use relative path when building in
a subdir of the source tree"), if the kernel build is done in a
sub-directory of the kernel source tree, the kernel Makefile will set
the kernel's $srctree to ".." for shorter compile-time and run-time
warnings. Consequently, the list of files to be indexed will be in the
"../*" form, rendering all such paths invalid once gtags switches to the
kernel source tree as its current working directory.
If gtags indexing is requested and the build directory is not the kernel
source tree, index all files in absolute-path form.
Note, indexing in absolute-path form will not affect the generated
index, as paths in gtags indices are always relative to the gtags "root
directory" anyway (as evidenced by "gtags --dump").
Signed-off-by: Ahmed S. Darwish <darwi@linutronix.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/tags.sh | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/scripts/tags.sh
+++ b/scripts/tags.sh
@@ -28,6 +28,13 @@ fi
# ignore userspace tools
ignore="$ignore ( -path ${tree}tools ) -prune -o"
+# gtags(1) refuses to index any file outside of its current working dir.
+# If gtags indexing is requested and the build output directory is not
+# the kernel source tree, index all files in absolute-path form.
+if [[ "$1" == "gtags" && -n "${tree}" ]]; then
+ tree=$(realpath "$tree")/
+fi
+
# Detect if ALLSOURCE_ARCHS is set. If not, we assume SRCARCH
if [ "${ALLSOURCE_ARCHS}" = "" ]; then
ALLSOURCE_ARCHS=${SRCARCH}
@@ -136,7 +143,7 @@ docscope()
dogtags()
{
- all_target_sources | gtags -i -f -
+ all_target_sources | gtags -i -C "${tree:-.}" -f - "$PWD"
}
# Basic regular expressions with an optional /kind-spec/ for ctags and
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 007/323] drm/amdgpu: Validate VM ioctl flags.
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 006/323] scripts/tags.sh: Resolve gtags empty index generation Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 008/323] treewide: Remove uninitialized_var() usage Greg Kroah-Hartman
` (319 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bas Nieuwenhuizen, Alex Deucher
From: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
commit a2b308044dcaca8d3e580959a4f867a1d5c37fac upstream.
None have been defined yet, so reject anybody setting any. Mesa sets
it to 0 anyway.
Signed-off-by: Bas Nieuwenhuizen <bas@basnieuwenhuizen.nl>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
@@ -2989,6 +2989,10 @@ int amdgpu_vm_ioctl(struct drm_device *d
struct amdgpu_fpriv *fpriv = filp->driver_priv;
int r;
+ /* No valid flags defined yet */
+ if (args->in.flags)
+ return -EINVAL;
+
switch (args->in.op) {
case AMDGPU_VM_OP_RESERVE_VMID:
/* current, we only have requirement to reserve vmid from gfxhub */
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 008/323] treewide: Remove uninitialized_var() usage
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 007/323] drm/amdgpu: Validate VM ioctl flags Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 009/323] md/raid10: check slab-out-of-bounds in md_bitmap_get_counter Greg Kroah-Hartman
` (318 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kees Cook, Leon Romanovsky,
Jason Gunthorpe, Kalle Valo, Chao Yu
From: Kees Cook <keescook@chromium.org>
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream.
Using uninitialized_var() is dangerous as it papers over real bugs[1]
(or can in the future), and suppresses unrelated compiler warnings
(e.g. "unused variable"). If the compiler thinks it is uninitialized,
either simply initialize the variable or make compiler changes.
In preparation for removing[2] the[3] macro[4], remove all remaining
needless uses with the following script:
git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \
xargs perl -pi -e \
's/\buninitialized_var\(([^\)]+)\)/\1/g;
s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;'
drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid
pathological white-space.
No outstanding warnings were found building allmodconfig with GCC 9.3.0
for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64,
alpha, and m68k.
[1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
[2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
[3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
[4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/
Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5
Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB
Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers
Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-sa1100/assabet.c | 2 +-
arch/ia64/kernel/process.c | 2 +-
arch/ia64/mm/discontig.c | 2 +-
arch/ia64/mm/tlb.c | 2 +-
arch/powerpc/platforms/52xx/mpc52xx_pic.c | 2 +-
arch/s390/kernel/smp.c | 2 +-
arch/x86/kernel/quirks.c | 10 +++++-----
drivers/acpi/acpi_pad.c | 2 +-
drivers/ata/libata-scsi.c | 2 +-
drivers/atm/zatm.c | 2 +-
drivers/block/drbd/drbd_nl.c | 6 +++---
drivers/clk/clk-gate.c | 2 +-
drivers/firewire/ohci.c | 14 +++++++-------
drivers/gpu/drm/bridge/sil-sii8620.c | 2 +-
drivers/gpu/drm/drm_edid.c | 2 +-
drivers/gpu/drm/exynos/exynos_drm_dsi.c | 6 +++---
drivers/i2c/busses/i2c-rk3x.c | 2 +-
drivers/ide/ide-acpi.c | 2 +-
drivers/ide/ide-atapi.c | 2 +-
drivers/ide/ide-io-std.c | 4 ++--
drivers/ide/ide-io.c | 8 ++++----
drivers/ide/ide-sysfs.c | 2 +-
drivers/ide/umc8672.c | 2 +-
drivers/infiniband/core/uverbs_cmd.c | 4 ++--
drivers/infiniband/hw/cxgb4/cm.c | 2 +-
drivers/infiniband/hw/cxgb4/cq.c | 2 +-
drivers/infiniband/hw/mlx4/qp.c | 6 +++---
drivers/infiniband/hw/mlx5/cq.c | 2 +-
drivers/infiniband/hw/mthca/mthca_qp.c | 10 +++++-----
drivers/input/serio/serio_raw.c | 2 +-
drivers/md/dm-io.c | 2 +-
drivers/md/dm-ioctl.c | 2 +-
drivers/md/dm-snap-persistent.c | 2 +-
drivers/md/dm-table.c | 2 +-
drivers/md/raid5.c | 2 +-
drivers/media/dvb-frontends/rtl2832.c | 2 +-
drivers/media/tuners/qt1010.c | 4 ++--
drivers/media/usb/gspca/vicam.c | 2 +-
drivers/media/usb/uvc/uvc_video.c | 8 ++++----
drivers/memstick/host/jmb38x_ms.c | 2 +-
drivers/memstick/host/tifm_ms.c | 2 +-
drivers/mmc/host/sdhci.c | 2 +-
drivers/mtd/nand/raw/nand_ecc.c | 2 +-
drivers/mtd/nand/raw/s3c2410.c | 2 +-
drivers/mtd/ubi/eba.c | 2 +-
drivers/net/can/janz-ican3.c | 2 +-
drivers/net/ethernet/broadcom/bnx2.c | 4 ++--
drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 4 ++--
drivers/net/ethernet/neterion/s2io.c | 2 +-
drivers/net/ethernet/qlogic/qla3xxx.c | 2 +-
drivers/net/ethernet/sun/cassini.c | 2 +-
drivers/net/ethernet/sun/niu.c | 6 +++---
drivers/net/wan/z85230.c | 2 +-
drivers/net/wireless/ath/ath10k/core.c | 2 +-
drivers/net/wireless/ath/ath6kl/init.c | 2 +-
drivers/net/wireless/ath/ath9k/init.c | 2 +-
drivers/net/wireless/broadcom/b43/debugfs.c | 2 +-
drivers/net/wireless/broadcom/b43/dma.c | 2 +-
drivers/net/wireless/broadcom/b43/lo.c | 2 +-
drivers/net/wireless/broadcom/b43/phy_n.c | 2 +-
drivers/net/wireless/broadcom/b43/xmit.c | 12 ++++++------
drivers/net/wireless/broadcom/b43legacy/debugfs.c | 2 +-
drivers/net/wireless/broadcom/b43legacy/main.c | 2 +-
drivers/net/wireless/intel/iwlegacy/3945.c | 2 +-
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +-
drivers/platform/x86/hdaps.c | 4 ++--
drivers/scsi/dc395x.c | 2 +-
drivers/scsi/pm8001/pm8001_hwi.c | 2 +-
drivers/scsi/pm8001/pm80xx_hwi.c | 2 +-
drivers/ssb/driver_chipcommon.c | 4 ++--
drivers/tty/cyclades.c | 2 +-
drivers/tty/isicom.c | 2 +-
drivers/usb/musb/cppi_dma.c | 2 +-
drivers/usb/storage/sddr55.c | 4 ++--
drivers/vhost/net.c | 4 ++--
drivers/video/fbdev/matrox/matroxfb_maven.c | 6 +++---
drivers/video/fbdev/pm3fb.c | 6 +++---
drivers/video/fbdev/riva/riva_hw.c | 3 +--
drivers/virtio/virtio_ring.c | 2 +-
fs/afs/dir.c | 2 +-
fs/afs/security.c | 2 +-
fs/dlm/netlink.c | 2 +-
fs/fat/dir.c | 2 +-
fs/fuse/control.c | 2 +-
fs/fuse/cuse.c | 2 +-
fs/fuse/file.c | 2 +-
fs/gfs2/aops.c | 2 +-
fs/gfs2/bmap.c | 2 +-
fs/hfsplus/unicode.c | 2 +-
fs/isofs/namei.c | 4 ++--
fs/jffs2/erase.c | 2 +-
fs/nfsd/nfsctl.c | 2 +-
fs/ocfs2/alloc.c | 4 ++--
fs/ocfs2/dir.c | 14 +++++++-------
fs/ocfs2/extent_map.c | 4 ++--
fs/ocfs2/namei.c | 2 +-
fs/ocfs2/refcounttree.c | 2 +-
fs/ocfs2/xattr.c | 2 +-
fs/omfs/file.c | 2 +-
fs/overlayfs/copy_up.c | 2 +-
fs/ubifs/commit.c | 6 +++---
fs/ubifs/dir.c | 2 +-
fs/ubifs/file.c | 4 ++--
fs/ubifs/journal.c | 2 +-
fs/ubifs/lpt.c | 2 +-
fs/ubifs/tnc.c | 6 +++---
fs/ubifs/tnc_misc.c | 4 ++--
fs/udf/balloc.c | 2 +-
fs/xfs/xfs_bmap_util.c | 2 +-
kernel/async.c | 4 ++--
kernel/audit.c | 2 +-
kernel/dma/debug.c | 2 +-
kernel/events/core.c | 2 +-
kernel/events/uprobes.c | 2 +-
kernel/exit.c | 2 +-
kernel/futex.c | 12 ++++++------
kernel/locking/lockdep.c | 6 +++---
kernel/trace/ring_buffer.c | 2 +-
lib/radix-tree.c | 2 +-
mm/frontswap.c | 2 +-
mm/ksm.c | 2 +-
mm/memcontrol.c | 2 +-
mm/mempolicy.c | 4 ++--
mm/percpu.c | 2 +-
mm/slub.c | 4 ++--
mm/swap.c | 4 ++--
net/dccp/options.c | 2 +-
net/ipv4/netfilter/nf_socket_ipv4.c | 6 +++---
net/ipv6/ip6_flowlabel.c | 2 +-
net/ipv6/netfilter/nf_socket_ipv6.c | 2 +-
net/netfilter/nf_conntrack_ftp.c | 2 +-
net/netfilter/nfnetlink_log.c | 2 +-
net/netfilter/nfnetlink_queue.c | 4 ++--
net/sched/cls_flow.c | 2 +-
net/sched/sch_cake.c | 2 +-
net/sched/sch_cbq.c | 2 +-
net/sched/sch_fq_codel.c | 2 +-
net/sched/sch_sfq.c | 2 +-
sound/core/control_compat.c | 2 +-
sound/isa/sb/sb16_csp.c | 2 +-
sound/usb/endpoint.c | 2 +-
141 files changed, 216 insertions(+), 217 deletions(-)
--- a/arch/arm/mach-sa1100/assabet.c
+++ b/arch/arm/mach-sa1100/assabet.c
@@ -570,7 +570,7 @@ static void __init map_sa1100_gpio_regs(
*/
static void __init get_assabet_scr(void)
{
- unsigned long uninitialized_var(scr), i;
+ unsigned long scr, i;
GPDR |= 0x3fc; /* Configure GPIO 9:2 as outputs */
GPSR = 0x3fc; /* Write 0xFF to GPIO 9:2 */
--- a/arch/ia64/kernel/process.c
+++ b/arch/ia64/kernel/process.c
@@ -444,7 +444,7 @@ static void
do_copy_task_regs (struct task_struct *task, struct unw_frame_info *info, void *arg)
{
unsigned long mask, sp, nat_bits = 0, ar_rnat, urbs_end, cfm;
- unsigned long uninitialized_var(ip); /* GCC be quiet */
+ unsigned long ip;
elf_greg_t *dst = arg;
struct pt_regs *pt;
char nat;
--- a/arch/ia64/mm/discontig.c
+++ b/arch/ia64/mm/discontig.c
@@ -181,7 +181,7 @@ static void *per_cpu_node_setup(void *cp
void __init setup_per_cpu_areas(void)
{
struct pcpu_alloc_info *ai;
- struct pcpu_group_info *uninitialized_var(gi);
+ struct pcpu_group_info *gi;
unsigned int *cpu_map;
void *base;
unsigned long base_offset;
--- a/arch/ia64/mm/tlb.c
+++ b/arch/ia64/mm/tlb.c
@@ -339,7 +339,7 @@ EXPORT_SYMBOL(flush_tlb_range);
void ia64_tlb_init(void)
{
- ia64_ptce_info_t uninitialized_var(ptce_info); /* GCC be quiet */
+ ia64_ptce_info_t ptce_info;
u64 tr_pgbits;
long status;
pal_vm_info_1_u_t vm_info_1;
--- a/arch/powerpc/platforms/52xx/mpc52xx_pic.c
+++ b/arch/powerpc/platforms/52xx/mpc52xx_pic.c
@@ -340,7 +340,7 @@ static int mpc52xx_irqhost_map(struct ir
{
int l1irq;
int l2irq;
- struct irq_chip *uninitialized_var(irqchip);
+ struct irq_chip *irqchip;
void *hndlr;
int type;
u32 reg;
--- a/arch/s390/kernel/smp.c
+++ b/arch/s390/kernel/smp.c
@@ -145,7 +145,7 @@ static int pcpu_sigp_retry(struct pcpu *
static inline int pcpu_stopped(struct pcpu *pcpu)
{
- u32 uninitialized_var(status);
+ u32 status;
if (__pcpu_sigp(pcpu->address, SIGP_SENSE,
0, &status) != SIGP_CC_STATUS_STORED)
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -96,7 +96,7 @@ static void ich_force_hpet_resume(void)
static void ich_force_enable_hpet(struct pci_dev *dev)
{
u32 val;
- u32 uninitialized_var(rcba);
+ u32 rcba;
int err = 0;
if (hpet_address || force_hpet_address)
@@ -186,7 +186,7 @@ static void hpet_print_force_info(void)
static void old_ich_force_hpet_resume(void)
{
u32 val;
- u32 uninitialized_var(gen_cntl);
+ u32 gen_cntl;
if (!force_hpet_address || !cached_dev)
return;
@@ -208,7 +208,7 @@ static void old_ich_force_hpet_resume(vo
static void old_ich_force_enable_hpet(struct pci_dev *dev)
{
u32 val;
- u32 uninitialized_var(gen_cntl);
+ u32 gen_cntl;
if (hpet_address || force_hpet_address)
return;
@@ -299,7 +299,7 @@ static void vt8237_force_hpet_resume(voi
static void vt8237_force_enable_hpet(struct pci_dev *dev)
{
- u32 uninitialized_var(val);
+ u32 val;
if (hpet_address || force_hpet_address)
return;
@@ -430,7 +430,7 @@ static void nvidia_force_hpet_resume(voi
static void nvidia_force_enable_hpet(struct pci_dev *dev)
{
- u32 uninitialized_var(val);
+ u32 val;
if (hpet_address || force_hpet_address)
return;
--- a/drivers/acpi/acpi_pad.c
+++ b/drivers/acpi/acpi_pad.c
@@ -95,7 +95,7 @@ static void round_robin_cpu(unsigned int
cpumask_var_t tmp;
int cpu;
unsigned long min_weight = -1;
- unsigned long uninitialized_var(preferred_cpu);
+ unsigned long preferred_cpu;
if (!alloc_cpumask_var(&tmp, GFP_KERNEL))
return;
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -178,7 +178,7 @@ static ssize_t ata_scsi_park_show(struct
struct ata_link *link;
struct ata_device *dev;
unsigned long now;
- unsigned int uninitialized_var(msecs);
+ unsigned int msecs;
int rc = 0;
ap = ata_shost_to_port(sdev->host);
--- a/drivers/atm/zatm.c
+++ b/drivers/atm/zatm.c
@@ -939,7 +939,7 @@ static int open_tx_first(struct atm_vcc
vcc->qos.txtp.max_pcr >= ATM_OC3_PCR);
if (unlimited && zatm_dev->ubr != -1) zatm_vcc->shaper = zatm_dev->ubr;
else {
- int uninitialized_var(pcr);
+ int pcr;
if (unlimited) vcc->qos.txtp.max_sdu = ATM_MAX_AAL5_PDU;
if ((zatm_vcc->shaper = alloc_shaper(vcc->dev,&pcr,
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -3394,7 +3394,7 @@ int drbd_adm_dump_devices(struct sk_buff
{
struct nlattr *resource_filter;
struct drbd_resource *resource;
- struct drbd_device *uninitialized_var(device);
+ struct drbd_device *device;
int minor, err, retcode;
struct drbd_genlmsghdr *dh;
struct device_info device_info;
@@ -3483,7 +3483,7 @@ int drbd_adm_dump_connections(struct sk_
{
struct nlattr *resource_filter;
struct drbd_resource *resource = NULL, *next_resource;
- struct drbd_connection *uninitialized_var(connection);
+ struct drbd_connection *connection;
int err = 0, retcode;
struct drbd_genlmsghdr *dh;
struct connection_info connection_info;
@@ -3645,7 +3645,7 @@ int drbd_adm_dump_peer_devices(struct sk
{
struct nlattr *resource_filter;
struct drbd_resource *resource;
- struct drbd_device *uninitialized_var(device);
+ struct drbd_device *device;
struct drbd_peer_device *peer_device = NULL;
int minor, err, retcode;
struct drbd_genlmsghdr *dh;
--- a/drivers/clk/clk-gate.c
+++ b/drivers/clk/clk-gate.c
@@ -43,7 +43,7 @@ static void clk_gate_endisable(struct cl
{
struct clk_gate *gate = to_clk_gate(hw);
int set = gate->flags & CLK_GATE_SET_TO_DISABLE ? 1 : 0;
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
u32 reg;
set ^= enable;
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -1112,7 +1112,7 @@ static void context_tasklet(unsigned lon
static int context_add_buffer(struct context *ctx)
{
struct descriptor_buffer *desc;
- dma_addr_t uninitialized_var(bus_addr);
+ dma_addr_t bus_addr;
int offset;
/*
@@ -1302,7 +1302,7 @@ static int at_context_queue_packet(struc
struct fw_packet *packet)
{
struct fw_ohci *ohci = ctx->ohci;
- dma_addr_t d_bus, uninitialized_var(payload_bus);
+ dma_addr_t d_bus, payload_bus;
struct driver_data *driver_data;
struct descriptor *d, *last;
__le32 *header;
@@ -2458,7 +2458,7 @@ static int ohci_set_config_rom(struct fw
{
struct fw_ohci *ohci;
__be32 *next_config_rom;
- dma_addr_t uninitialized_var(next_config_rom_bus);
+ dma_addr_t next_config_rom_bus;
ohci = fw_ohci(card);
@@ -2947,10 +2947,10 @@ static struct fw_iso_context *ohci_alloc
int type, int channel, size_t header_size)
{
struct fw_ohci *ohci = fw_ohci(card);
- struct iso_context *uninitialized_var(ctx);
- descriptor_callback_t uninitialized_var(callback);
- u64 *uninitialized_var(channels);
- u32 *uninitialized_var(mask), uninitialized_var(regs);
+ struct iso_context *ctx;
+ descriptor_callback_t callback;
+ u64 *channels;
+ u32 *mask, regs;
int index, ret = -EBUSY;
spin_lock_irq(&ohci->lock);
--- a/drivers/gpu/drm/bridge/sil-sii8620.c
+++ b/drivers/gpu/drm/bridge/sil-sii8620.c
@@ -988,7 +988,7 @@ static void sii8620_set_auto_zone(struct
static void sii8620_stop_video(struct sii8620 *ctx)
{
- u8 uninitialized_var(val);
+ u8 val;
sii8620_write_seq_static(ctx,
REG_TPI_INTR_EN, 0,
--- a/drivers/gpu/drm/drm_edid.c
+++ b/drivers/gpu/drm/drm_edid.c
@@ -2778,7 +2778,7 @@ static int drm_cvt_modes(struct drm_conn
const u8 empty[3] = { 0, 0, 0 };
for (i = 0; i < 4; i++) {
- int uninitialized_var(width), height;
+ int width, height;
cvt = &(timing->data.other_data.data.cvt[i]);
if (!memcmp(cvt->code, empty, 3))
--- a/drivers/gpu/drm/exynos/exynos_drm_dsi.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_dsi.c
@@ -544,9 +544,9 @@ static unsigned long exynos_dsi_pll_find
unsigned long best_freq = 0;
u32 min_delta = 0xffffffff;
u8 p_min, p_max;
- u8 _p, uninitialized_var(best_p);
- u16 _m, uninitialized_var(best_m);
- u8 _s, uninitialized_var(best_s);
+ u8 _p, best_p;
+ u16 _m, best_m;
+ u8 _s, best_s;
p_min = DIV_ROUND_UP(fin, (12 * MHZ));
p_max = fin / (6 * MHZ);
--- a/drivers/i2c/busses/i2c-rk3x.c
+++ b/drivers/i2c/busses/i2c-rk3x.c
@@ -421,7 +421,7 @@ static void rk3x_i2c_handle_read(struct
{
unsigned int i;
unsigned int len = i2c->msg->len - i2c->processed;
- u32 uninitialized_var(val);
+ u32 val;
u8 byte;
/* we only care for MBRF here. */
--- a/drivers/ide/ide-acpi.c
+++ b/drivers/ide/ide-acpi.c
@@ -180,7 +180,7 @@ err:
static acpi_handle ide_acpi_hwif_get_handle(ide_hwif_t *hwif)
{
struct device *dev = hwif->gendev.parent;
- acpi_handle uninitialized_var(dev_handle);
+ acpi_handle dev_handle;
u64 pcidevfn;
acpi_handle chan_handle;
int err;
--- a/drivers/ide/ide-atapi.c
+++ b/drivers/ide/ide-atapi.c
@@ -591,7 +591,7 @@ static int ide_delayed_transfer_pc(ide_d
static ide_startstop_t ide_transfer_pc(ide_drive_t *drive)
{
- struct ide_atapi_pc *uninitialized_var(pc);
+ struct ide_atapi_pc *pc;
ide_hwif_t *hwif = drive->hwif;
struct request *rq = hwif->rq;
ide_expiry_t *expiry;
--- a/drivers/ide/ide-io-std.c
+++ b/drivers/ide/ide-io-std.c
@@ -172,7 +172,7 @@ void ide_input_data(ide_drive_t *drive,
u8 mmio = (hwif->host_flags & IDE_HFLAG_MMIO) ? 1 : 0;
if (io_32bit) {
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
if ((io_32bit & 2) && !mmio) {
local_irq_save(flags);
@@ -216,7 +216,7 @@ void ide_output_data(ide_drive_t *drive,
u8 mmio = (hwif->host_flags & IDE_HFLAG_MMIO) ? 1 : 0;
if (io_32bit) {
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
if ((io_32bit & 2) && !mmio) {
local_irq_save(flags);
--- a/drivers/ide/ide-io.c
+++ b/drivers/ide/ide-io.c
@@ -605,12 +605,12 @@ static int drive_is_ready(ide_drive_t *d
void ide_timer_expiry (struct timer_list *t)
{
ide_hwif_t *hwif = from_timer(hwif, t, timer);
- ide_drive_t *uninitialized_var(drive);
+ ide_drive_t *drive;
ide_handler_t *handler;
unsigned long flags;
int wait = -1;
int plug_device = 0;
- struct request *uninitialized_var(rq_in_flight);
+ struct request *rq_in_flight;
spin_lock_irqsave(&hwif->lock, flags);
@@ -763,13 +763,13 @@ irqreturn_t ide_intr (int irq, void *dev
{
ide_hwif_t *hwif = (ide_hwif_t *)dev_id;
struct ide_host *host = hwif->host;
- ide_drive_t *uninitialized_var(drive);
+ ide_drive_t *drive;
ide_handler_t *handler;
unsigned long flags;
ide_startstop_t startstop;
irqreturn_t irq_ret = IRQ_NONE;
int plug_device = 0;
- struct request *uninitialized_var(rq_in_flight);
+ struct request *rq_in_flight;
if (host->host_flags & IDE_HFLAG_SERIALIZE) {
if (hwif != host->cur_port)
--- a/drivers/ide/ide-sysfs.c
+++ b/drivers/ide/ide-sysfs.c
@@ -131,7 +131,7 @@ static struct device_attribute *ide_port
int ide_sysfs_register_port(ide_hwif_t *hwif)
{
- int i, uninitialized_var(rc);
+ int i, rc;
for (i = 0; ide_port_attrs[i]; i++) {
rc = device_create_file(hwif->portdev, ide_port_attrs[i]);
--- a/drivers/ide/umc8672.c
+++ b/drivers/ide/umc8672.c
@@ -107,7 +107,7 @@ static void umc_set_speeds(u8 speeds[])
static void umc_set_pio_mode(ide_hwif_t *hwif, ide_drive_t *drive)
{
ide_hwif_t *mate = hwif->mate;
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
const u8 pio = drive->pio_mode - XFER_PIO_0;
printk("%s: setting umc8672 to PIO mode%d (speed %d)\n",
--- a/drivers/infiniband/core/uverbs_cmd.c
+++ b/drivers/infiniband/core/uverbs_cmd.c
@@ -1726,7 +1726,7 @@ ssize_t ib_uverbs_open_qp(struct ib_uver
struct ib_udata udata;
struct ib_uqp_object *obj;
struct ib_xrcd *xrcd;
- struct ib_uobject *uninitialized_var(xrcd_uobj);
+ struct ib_uobject *xrcd_uobj;
struct ib_qp *qp;
struct ib_qp_open_attr attr;
int ret;
@@ -3694,7 +3694,7 @@ static int __uverbs_create_xsrq(struct i
struct ib_usrq_object *obj;
struct ib_pd *pd;
struct ib_srq *srq;
- struct ib_uobject *uninitialized_var(xrcd_uobj);
+ struct ib_uobject *xrcd_uobj;
struct ib_srq_init_attr attr;
int ret;
struct ib_device *ib_dev;
--- a/drivers/infiniband/hw/cxgb4/cm.c
+++ b/drivers/infiniband/hw/cxgb4/cm.c
@@ -3195,7 +3195,7 @@ static int get_lladdr(struct net_device
static int pick_local_ip6addrs(struct c4iw_dev *dev, struct iw_cm_id *cm_id)
{
- struct in6_addr uninitialized_var(addr);
+ struct in6_addr addr;
struct sockaddr_in6 *la6 = (struct sockaddr_in6 *)&cm_id->m_local_addr;
struct sockaddr_in6 *ra6 = (struct sockaddr_in6 *)&cm_id->m_remote_addr;
--- a/drivers/infiniband/hw/cxgb4/cq.c
+++ b/drivers/infiniband/hw/cxgb4/cq.c
@@ -755,7 +755,7 @@ skip_cqe:
static int __c4iw_poll_cq_one(struct c4iw_cq *chp, struct c4iw_qp *qhp,
struct ib_wc *wc, struct c4iw_srq *srq)
{
- struct t4_cqe uninitialized_var(cqe);
+ struct t4_cqe cqe;
struct t4_wq *wq = qhp ? &qhp->wq : NULL;
u32 credit = 0;
u8 cqe_flushed;
--- a/drivers/infiniband/hw/mlx4/qp.c
+++ b/drivers/infiniband/hw/mlx4/qp.c
@@ -3463,11 +3463,11 @@ static int _mlx4_ib_post_send(struct ib_
int nreq;
int err = 0;
unsigned ind;
- int uninitialized_var(size);
- unsigned uninitialized_var(seglen);
+ int size;
+ unsigned seglen;
__be32 dummy;
__be32 *lso_wqe;
- __be32 uninitialized_var(lso_hdr_sz);
+ __be32 lso_hdr_sz;
__be32 blh;
int i;
struct mlx4_ib_dev *mdev = to_mdev(ibqp->device);
--- a/drivers/infiniband/hw/mlx5/cq.c
+++ b/drivers/infiniband/hw/mlx5/cq.c
@@ -1333,7 +1333,7 @@ int mlx5_ib_resize_cq(struct ib_cq *ibcq
__be64 *pas;
int page_shift;
int inlen;
- int uninitialized_var(cqe_size);
+ int cqe_size;
unsigned long flags;
if (!MLX5_CAP_GEN(dev->mdev, cq_resize)) {
--- a/drivers/infiniband/hw/mthca/mthca_qp.c
+++ b/drivers/infiniband/hw/mthca/mthca_qp.c
@@ -1630,8 +1630,8 @@ int mthca_tavor_post_send(struct ib_qp *
* without initializing f0 and size0, and they are in fact
* never used uninitialized.
*/
- int uninitialized_var(size0);
- u32 uninitialized_var(f0);
+ int size0;
+ u32 f0;
int ind;
u8 op0 = 0;
@@ -1831,7 +1831,7 @@ int mthca_tavor_post_receive(struct ib_q
* without initializing size0, and it is in fact never used
* uninitialized.
*/
- int uninitialized_var(size0);
+ int size0;
int ind;
void *wqe;
void *prev_wqe;
@@ -1945,8 +1945,8 @@ int mthca_arbel_post_send(struct ib_qp *
* without initializing f0 and size0, and they are in fact
* never used uninitialized.
*/
- int uninitialized_var(size0);
- u32 uninitialized_var(f0);
+ int size0;
+ u32 f0;
int ind;
u8 op0 = 0;
--- a/drivers/input/serio/serio_raw.c
+++ b/drivers/input/serio/serio_raw.c
@@ -162,7 +162,7 @@ static ssize_t serio_raw_read(struct fil
{
struct serio_raw_client *client = file->private_data;
struct serio_raw *serio_raw = client->serio_raw;
- char uninitialized_var(c);
+ char c;
ssize_t read = 0;
int error;
--- a/drivers/md/dm-io.c
+++ b/drivers/md/dm-io.c
@@ -306,7 +306,7 @@ static void do_region(int op, int op_fla
struct request_queue *q = bdev_get_queue(where->bdev);
unsigned short logical_block_size = queue_logical_block_size(q);
sector_t num_sectors;
- unsigned int uninitialized_var(special_cmd_max_sectors);
+ unsigned int special_cmd_max_sectors;
/*
* Reject unsupported discard and write same requests.
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1822,7 +1822,7 @@ static int ctl_ioctl(struct file *file,
int ioctl_flags;
int param_flags;
unsigned int cmd;
- struct dm_ioctl *uninitialized_var(param);
+ struct dm_ioctl *param;
ioctl_fn fn = NULL;
size_t input_param_size;
struct dm_ioctl param_kernel;
--- a/drivers/md/dm-snap-persistent.c
+++ b/drivers/md/dm-snap-persistent.c
@@ -613,7 +613,7 @@ static int persistent_read_metadata(stru
chunk_t old, chunk_t new),
void *callback_context)
{
- int r, uninitialized_var(new_snapshot);
+ int r, new_snapshot;
struct pstore *ps = get_info(store);
/*
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -671,7 +671,7 @@ static int validate_hardware_logical_blo
*/
unsigned short remaining = 0;
- struct dm_target *uninitialized_var(ti);
+ struct dm_target *ti;
struct queue_limits ti_limits;
unsigned i;
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2603,7 +2603,7 @@ static void raid5_end_write_request(stru
struct stripe_head *sh = bi->bi_private;
struct r5conf *conf = sh->raid_conf;
int disks = sh->disks, i;
- struct md_rdev *uninitialized_var(rdev);
+ struct md_rdev *rdev;
sector_t first_bad;
int bad_sectors;
int replacement = 0;
--- a/drivers/media/dvb-frontends/rtl2832.c
+++ b/drivers/media/dvb-frontends/rtl2832.c
@@ -653,7 +653,7 @@ static int rtl2832_read_status(struct dv
struct i2c_client *client = dev->client;
struct dtv_frontend_properties *c = &fe->dtv_property_cache;
int ret;
- u32 uninitialized_var(tmp);
+ u32 tmp;
u8 u8tmp, buf[2];
u16 u16tmp;
--- a/drivers/media/tuners/qt1010.c
+++ b/drivers/media/tuners/qt1010.c
@@ -224,7 +224,7 @@ static int qt1010_set_params(struct dvb_
static int qt1010_init_meas1(struct qt1010_priv *priv,
u8 oper, u8 reg, u8 reg_init_val, u8 *retval)
{
- u8 i, val1, uninitialized_var(val2);
+ u8 i, val1, val2;
int err;
qt1010_i2c_oper_t i2c_data[] = {
@@ -259,7 +259,7 @@ static int qt1010_init_meas1(struct qt10
static int qt1010_init_meas2(struct qt1010_priv *priv,
u8 reg_init_val, u8 *retval)
{
- u8 i, uninitialized_var(val);
+ u8 i, val;
int err;
qt1010_i2c_oper_t i2c_data[] = {
{ QT1010_WR, 0x07, reg_init_val },
--- a/drivers/media/usb/gspca/vicam.c
+++ b/drivers/media/usb/gspca/vicam.c
@@ -234,7 +234,7 @@ static int sd_init(struct gspca_dev *gsp
{
int ret;
const struct ihex_binrec *rec;
- const struct firmware *uninitialized_var(fw);
+ const struct firmware *fw;
u8 *firmware_buf;
ret = request_ihex_firmware(&fw, VICAM_FIRMWARE,
--- a/drivers/media/usb/uvc/uvc_video.c
+++ b/drivers/media/usb/uvc/uvc_video.c
@@ -802,9 +802,9 @@ static void uvc_video_stats_decode(struc
unsigned int header_size;
bool has_pts = false;
bool has_scr = false;
- u16 uninitialized_var(scr_sof);
- u32 uninitialized_var(scr_stc);
- u32 uninitialized_var(pts);
+ u16 scr_sof;
+ u32 scr_stc;
+ u32 pts;
if (stream->stats.stream.nb_frames == 0 &&
stream->stats.frame.nb_packets == 0)
@@ -1801,7 +1801,7 @@ static int uvc_init_video(struct uvc_str
struct usb_host_endpoint *best_ep = NULL;
unsigned int best_psize = UINT_MAX;
unsigned int bandwidth;
- unsigned int uninitialized_var(altsetting);
+ unsigned int altsetting;
int intfnum = stream->intfnum;
/* Isochronous endpoint, select the alternate setting. */
--- a/drivers/memstick/host/jmb38x_ms.c
+++ b/drivers/memstick/host/jmb38x_ms.c
@@ -316,7 +316,7 @@ static int jmb38x_ms_transfer_data(struc
}
while (length) {
- unsigned int uninitialized_var(p_off);
+ unsigned int p_off;
if (host->req->long_data) {
pg = nth_page(sg_page(&host->req->sg),
--- a/drivers/memstick/host/tifm_ms.c
+++ b/drivers/memstick/host/tifm_ms.c
@@ -200,7 +200,7 @@ static unsigned int tifm_ms_transfer_dat
host->block_pos);
while (length) {
- unsigned int uninitialized_var(p_off);
+ unsigned int p_off;
if (host->req->long_data) {
pg = nth_page(sg_page(&host->req->sg),
--- a/drivers/mmc/host/sdhci.c
+++ b/drivers/mmc/host/sdhci.c
@@ -374,7 +374,7 @@ static void sdhci_read_block_pio(struct
{
unsigned long flags;
size_t blksize, len, chunk;
- u32 uninitialized_var(scratch);
+ u32 scratch;
u8 *buf;
DBG("PIO reading\n");
--- a/drivers/mtd/nand/raw/nand_ecc.c
+++ b/drivers/mtd/nand/raw/nand_ecc.c
@@ -144,7 +144,7 @@ void __nand_calculate_ecc(const unsigned
/* rp0..rp15..rp17 are the various accumulated parities (per byte) */
uint32_t rp0, rp1, rp2, rp3, rp4, rp5, rp6, rp7;
uint32_t rp8, rp9, rp10, rp11, rp12, rp13, rp14, rp15, rp16;
- uint32_t uninitialized_var(rp17); /* to make compiler happy */
+ uint32_t rp17;
uint32_t par; /* the cumulative parity for all data */
uint32_t tmppar; /* the cumulative parity for this iteration;
for rp12, rp14 and rp16 at the end of the
--- a/drivers/mtd/nand/raw/s3c2410.c
+++ b/drivers/mtd/nand/raw/s3c2410.c
@@ -304,7 +304,7 @@ static int s3c2410_nand_setrate(struct s
int tacls_max = (info->cpu_type == TYPE_S3C2412) ? 8 : 4;
int tacls, twrph0, twrph1;
unsigned long clkrate = clk_get_rate(info->clk);
- unsigned long uninitialized_var(set), cfg, uninitialized_var(mask);
+ unsigned long set, cfg, mask;
unsigned long flags;
/* calculate the timing information for the controller */
--- a/drivers/mtd/ubi/eba.c
+++ b/drivers/mtd/ubi/eba.c
@@ -612,7 +612,7 @@ int ubi_eba_read_leb(struct ubi_device *
int err, pnum, scrub = 0, vol_id = vol->vol_id;
struct ubi_vid_io_buf *vidb;
struct ubi_vid_hdr *vid_hdr;
- uint32_t uninitialized_var(crc);
+ uint32_t crc;
err = leb_read_lock(ubi, vol_id, lnum);
if (err)
--- a/drivers/net/can/janz-ican3.c
+++ b/drivers/net/can/janz-ican3.c
@@ -1455,7 +1455,7 @@ static int ican3_napi(struct napi_struct
/* process all communication messages */
while (true) {
- struct ican3_msg uninitialized_var(msg);
+ struct ican3_msg msg;
ret = ican3_recv_msg(mod, &msg);
if (ret)
break;
--- a/drivers/net/ethernet/broadcom/bnx2.c
+++ b/drivers/net/ethernet/broadcom/bnx2.c
@@ -1461,7 +1461,7 @@ bnx2_test_and_disable_2g5(struct bnx2 *b
static void
bnx2_enable_forced_2g5(struct bnx2 *bp)
{
- u32 uninitialized_var(bmcr);
+ u32 bmcr;
int err;
if (!(bp->phy_flags & BNX2_PHY_FLAG_2_5G_CAPABLE))
@@ -1505,7 +1505,7 @@ bnx2_enable_forced_2g5(struct bnx2 *bp)
static void
bnx2_disable_forced_2g5(struct bnx2 *bp)
{
- u32 uninitialized_var(bmcr);
+ u32 bmcr;
int err;
if (!(bp->phy_flags & BNX2_PHY_FLAG_2_5G_CAPABLE))
--- a/drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c
@@ -471,8 +471,8 @@ void mlx5_core_req_pages_handler(struct
int mlx5_satisfy_startup_pages(struct mlx5_core_dev *dev, int boot)
{
- u16 uninitialized_var(func_id);
- s32 uninitialized_var(npages);
+ u16 func_id;
+ s32 npages;
int err;
err = mlx5_cmd_query_pages(dev, &func_id, &npages, boot);
--- a/drivers/net/ethernet/neterion/s2io.c
+++ b/drivers/net/ethernet/neterion/s2io.c
@@ -7291,7 +7291,7 @@ static int rx_osm_handler(struct ring_in
int ring_no = ring_data->ring_no;
u16 l3_csum, l4_csum;
unsigned long long err = rxdp->Control_1 & RXD_T_CODE;
- struct lro *uninitialized_var(lro);
+ struct lro *lro;
u8 err_mask;
struct swStat *swstats = &sp->mac_control.stats_info->sw_stat;
--- a/drivers/net/ethernet/qlogic/qla3xxx.c
+++ b/drivers/net/ethernet/qlogic/qla3xxx.c
@@ -3771,7 +3771,7 @@ static int ql3xxx_probe(struct pci_dev *
struct net_device *ndev = NULL;
struct ql3_adapter *qdev = NULL;
static int cards_found;
- int uninitialized_var(pci_using_dac), err;
+ int pci_using_dac, err;
err = pci_enable_device(pdev);
if (err) {
--- a/drivers/net/ethernet/sun/cassini.c
+++ b/drivers/net/ethernet/sun/cassini.c
@@ -2291,7 +2291,7 @@ static int cas_rx_ringN(struct cas *cp,
drops = 0;
while (1) {
struct cas_rx_comp *rxc = rxcs + entry;
- struct sk_buff *uninitialized_var(skb);
+ struct sk_buff *skb;
int type, len;
u64 words[4];
int i, dring;
--- a/drivers/net/ethernet/sun/niu.c
+++ b/drivers/net/ethernet/sun/niu.c
@@ -429,7 +429,7 @@ static int serdes_init_niu_1g_serdes(str
struct niu_link_config *lp = &np->link_config;
u16 pll_cfg, pll_sts;
int max_retry = 100;
- u64 uninitialized_var(sig), mask, val;
+ u64 sig, mask, val;
u32 tx_cfg, rx_cfg;
unsigned long i;
int err;
@@ -526,7 +526,7 @@ static int serdes_init_niu_10g_serdes(st
struct niu_link_config *lp = &np->link_config;
u32 tx_cfg, rx_cfg, pll_cfg, pll_sts;
int max_retry = 100;
- u64 uninitialized_var(sig), mask, val;
+ u64 sig, mask, val;
unsigned long i;
int err;
@@ -714,7 +714,7 @@ static int esr_write_glue0(struct niu *n
static int esr_reset(struct niu *np)
{
- u32 uninitialized_var(reset);
+ u32 reset;
int err;
err = mdio_write(np, np->port, NIU_ESR_DEV_ADDR,
--- a/drivers/net/wan/z85230.c
+++ b/drivers/net/wan/z85230.c
@@ -705,7 +705,7 @@ EXPORT_SYMBOL(z8530_nop);
irqreturn_t z8530_interrupt(int irq, void *dev_id)
{
struct z8530_dev *dev=dev_id;
- u8 uninitialized_var(intr);
+ u8 intr;
static volatile int locker=0;
int work=0;
struct z8530_irqhandler *irqs;
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -1891,7 +1891,7 @@ static int ath10k_init_uart(struct ath10
static int ath10k_init_hw_params(struct ath10k *ar)
{
- const struct ath10k_hw_params *uninitialized_var(hw_params);
+ const struct ath10k_hw_params *hw_params;
int i;
for (i = 0; i < ARRAY_SIZE(ath10k_hw_params_list); i++) {
--- a/drivers/net/wireless/ath/ath6kl/init.c
+++ b/drivers/net/wireless/ath/ath6kl/init.c
@@ -1575,7 +1575,7 @@ static int ath6kl_init_upload(struct ath
int ath6kl_init_hw_params(struct ath6kl *ar)
{
- const struct ath6kl_hw *uninitialized_var(hw);
+ const struct ath6kl_hw *hw;
int i;
for (i = 0; i < ARRAY_SIZE(hw_list); i++) {
--- a/drivers/net/wireless/ath/ath9k/init.c
+++ b/drivers/net/wireless/ath/ath9k/init.c
@@ -230,7 +230,7 @@ static unsigned int ath9k_reg_rmw(void *
struct ath_hw *ah = hw_priv;
struct ath_common *common = ath9k_hw_common(ah);
struct ath_softc *sc = (struct ath_softc *) common->priv;
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
u32 val;
if (NR_CPUS > 1 && ah->config.serialize_regmode == SER_REG_MODE_ON) {
--- a/drivers/net/wireless/broadcom/b43/debugfs.c
+++ b/drivers/net/wireless/broadcom/b43/debugfs.c
@@ -506,7 +506,7 @@ static ssize_t b43_debugfs_read(struct f
struct b43_wldev *dev;
struct b43_debugfs_fops *dfops;
struct b43_dfs_file *dfile;
- ssize_t uninitialized_var(ret);
+ ssize_t ret;
char *buf;
const size_t bufsize = 1024 * 16; /* 16 kiB buffer */
const size_t buforder = get_order(bufsize);
--- a/drivers/net/wireless/broadcom/b43/dma.c
+++ b/drivers/net/wireless/broadcom/b43/dma.c
@@ -50,7 +50,7 @@
static u32 b43_dma_address(struct b43_dma *dma, dma_addr_t dmaaddr,
enum b43_addrtype addrtype)
{
- u32 uninitialized_var(addr);
+ u32 addr;
switch (addrtype) {
case B43_DMA_ADDR_LOW:
--- a/drivers/net/wireless/broadcom/b43/lo.c
+++ b/drivers/net/wireless/broadcom/b43/lo.c
@@ -742,7 +742,7 @@ struct b43_lo_calib *b43_calibrate_lo_se
};
int max_rx_gain;
struct b43_lo_calib *cal;
- struct lo_g_saved_values uninitialized_var(saved_regs);
+ struct lo_g_saved_values saved_regs;
/* Values from the "TXCTL Register and Value Table" */
u16 txctl_reg;
u16 txctl_value;
--- a/drivers/net/wireless/broadcom/b43/phy_n.c
+++ b/drivers/net/wireless/broadcom/b43/phy_n.c
@@ -5655,7 +5655,7 @@ static int b43_nphy_rev2_cal_rx_iq(struc
u8 rfctl[2];
u8 afectl_core;
u16 tmp[6];
- u16 uninitialized_var(cur_hpf1), uninitialized_var(cur_hpf2), cur_lna;
+ u16 cur_hpf1, cur_hpf2, cur_lna;
u32 real, imag;
enum nl80211_band band;
--- a/drivers/net/wireless/broadcom/b43/xmit.c
+++ b/drivers/net/wireless/broadcom/b43/xmit.c
@@ -435,10 +435,10 @@ int b43_generate_txhdr(struct b43_wldev
if ((rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
(rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT)) {
unsigned int len;
- struct ieee80211_hdr *uninitialized_var(hdr);
+ struct ieee80211_hdr *hdr;
int rts_rate, rts_rate_fb;
int rts_rate_ofdm, rts_rate_fb_ofdm;
- struct b43_plcp_hdr6 *uninitialized_var(plcp);
+ struct b43_plcp_hdr6 *plcp;
struct ieee80211_rate *rts_cts_rate;
rts_cts_rate = ieee80211_get_rts_cts_rate(dev->wl->hw, info);
@@ -449,7 +449,7 @@ int b43_generate_txhdr(struct b43_wldev
rts_rate_fb_ofdm = b43_is_ofdm_rate(rts_rate_fb);
if (rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
- struct ieee80211_cts *uninitialized_var(cts);
+ struct ieee80211_cts *cts;
switch (dev->fw.hdr_format) {
case B43_FW_HDR_598:
@@ -471,7 +471,7 @@ int b43_generate_txhdr(struct b43_wldev
mac_ctl |= B43_TXH_MAC_SENDCTS;
len = sizeof(struct ieee80211_cts);
} else {
- struct ieee80211_rts *uninitialized_var(rts);
+ struct ieee80211_rts *rts;
switch (dev->fw.hdr_format) {
case B43_FW_HDR_598:
@@ -663,8 +663,8 @@ void b43_rx(struct b43_wldev *dev, struc
const struct b43_rxhdr_fw4 *rxhdr = _rxhdr;
__le16 fctl;
u16 phystat0, phystat3;
- u16 uninitialized_var(chanstat), uninitialized_var(mactime);
- u32 uninitialized_var(macstat);
+ u16 chanstat, mactime;
+ u32 macstat;
u16 chanid;
int padding, rate_idx;
--- a/drivers/net/wireless/broadcom/b43legacy/debugfs.c
+++ b/drivers/net/wireless/broadcom/b43legacy/debugfs.c
@@ -203,7 +203,7 @@ static ssize_t b43legacy_debugfs_read(st
struct b43legacy_wldev *dev;
struct b43legacy_debugfs_fops *dfops;
struct b43legacy_dfs_file *dfile;
- ssize_t uninitialized_var(ret);
+ ssize_t ret;
char *buf;
const size_t bufsize = 1024 * 16; /* 16 KiB buffer */
const size_t buforder = get_order(bufsize);
--- a/drivers/net/wireless/broadcom/b43legacy/main.c
+++ b/drivers/net/wireless/broadcom/b43legacy/main.c
@@ -2612,7 +2612,7 @@ static void b43legacy_put_phy_into_reset
static int b43legacy_switch_phymode(struct b43legacy_wl *wl,
unsigned int new_mode)
{
- struct b43legacy_wldev *uninitialized_var(up_dev);
+ struct b43legacy_wldev *up_dev;
struct b43legacy_wldev *down_dev;
int err;
bool gmode = false;
--- a/drivers/net/wireless/intel/iwlegacy/3945.c
+++ b/drivers/net/wireless/intel/iwlegacy/3945.c
@@ -2115,7 +2115,7 @@ il3945_txpower_set_from_eeprom(struct il
/* set tx power value for all OFDM rates */
for (rate_idx = 0; rate_idx < IL_OFDM_RATES; rate_idx++) {
- s32 uninitialized_var(power_idx);
+ s32 power_idx;
int rc;
/* use channel group's clip-power table,
--- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
@@ -2784,7 +2784,7 @@ il4965_hdl_tx(struct il_priv *il, struct
struct ieee80211_tx_info *info;
struct il4965_tx_resp *tx_resp = (void *)&pkt->u.raw[0];
u32 status = le32_to_cpu(tx_resp->u.status);
- int uninitialized_var(tid);
+ int tid;
int sta_id;
int freed;
u8 *qc = NULL;
--- a/drivers/platform/x86/hdaps.c
+++ b/drivers/platform/x86/hdaps.c
@@ -378,7 +378,7 @@ static ssize_t hdaps_variance_show(struc
static ssize_t hdaps_temp1_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
- u8 uninitialized_var(temp);
+ u8 temp;
int ret;
ret = hdaps_readb_one(HDAPS_PORT_TEMP1, &temp);
@@ -391,7 +391,7 @@ static ssize_t hdaps_temp1_show(struct d
static ssize_t hdaps_temp2_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
- u8 uninitialized_var(temp);
+ u8 temp;
int ret;
ret = hdaps_readb_one(HDAPS_PORT_TEMP2, &temp);
--- a/drivers/scsi/dc395x.c
+++ b/drivers/scsi/dc395x.c
@@ -4275,7 +4275,7 @@ static int adapter_sg_tables_alloc(struc
const unsigned srbs_per_page = PAGE_SIZE/SEGMENTX_LEN;
int srb_idx = 0;
unsigned i = 0;
- struct SGentry *uninitialized_var(ptr);
+ struct SGentry *ptr;
for (i = 0; i < DC395x_MAX_SRB_CNT; i++)
acb->srb_array[i].segment_x = NULL;
--- a/drivers/scsi/pm8001/pm8001_hwi.c
+++ b/drivers/scsi/pm8001/pm8001_hwi.c
@@ -4174,7 +4174,7 @@ static int process_oq(struct pm8001_hba_
{
struct outbound_queue_table *circularQ;
void *pMsg1 = NULL;
- u8 uninitialized_var(bc);
+ u8 bc;
u32 ret = MPI_IO_STATUS_FAIL;
unsigned long flags;
--- a/drivers/scsi/pm8001/pm80xx_hwi.c
+++ b/drivers/scsi/pm8001/pm80xx_hwi.c
@@ -3811,7 +3811,7 @@ static int process_oq(struct pm8001_hba_
{
struct outbound_queue_table *circularQ;
void *pMsg1 = NULL;
- u8 uninitialized_var(bc);
+ u8 bc;
u32 ret = MPI_IO_STATUS_FAIL;
unsigned long flags;
u32 regval;
--- a/drivers/ssb/driver_chipcommon.c
+++ b/drivers/ssb/driver_chipcommon.c
@@ -119,7 +119,7 @@ void ssb_chipco_set_clockmode(struct ssb
static enum ssb_clksrc chipco_pctl_get_slowclksrc(struct ssb_chipcommon *cc)
{
struct ssb_bus *bus = cc->dev->bus;
- u32 uninitialized_var(tmp);
+ u32 tmp;
if (cc->dev->id.revision < 6) {
if (bus->bustype == SSB_BUSTYPE_SSB ||
@@ -149,7 +149,7 @@ static enum ssb_clksrc chipco_pctl_get_s
/* Get maximum or minimum (depending on get_max flag) slowclock frequency. */
static int chipco_pctl_clockfreqlimit(struct ssb_chipcommon *cc, int get_max)
{
- int uninitialized_var(limit);
+ int limit;
enum ssb_clksrc clocksrc;
int divisor = 1;
u32 tmp;
--- a/drivers/tty/cyclades.c
+++ b/drivers/tty/cyclades.c
@@ -3648,7 +3648,7 @@ static int cy_pci_probe(struct pci_dev *
struct cyclades_card *card;
void __iomem *addr0 = NULL, *addr2 = NULL;
char *card_name = NULL;
- u32 uninitialized_var(mailbox);
+ u32 mailbox;
unsigned int device_id, nchan = 0, card_no, i, j;
unsigned char plx_ver;
int retval, irq;
--- a/drivers/tty/isicom.c
+++ b/drivers/tty/isicom.c
@@ -1537,7 +1537,7 @@ static unsigned int card_count;
static int isicom_probe(struct pci_dev *pdev,
const struct pci_device_id *ent)
{
- unsigned int uninitialized_var(signature), index;
+ unsigned int signature, index;
int retval = -EPERM;
struct isi_board *board = NULL;
--- a/drivers/usb/musb/cppi_dma.c
+++ b/drivers/usb/musb/cppi_dma.c
@@ -1146,7 +1146,7 @@ irqreturn_t cppi_interrupt(int irq, void
struct musb_hw_ep *hw_ep = NULL;
u32 rx, tx;
int i, index;
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
cppi = container_of(musb->dma_controller, struct cppi, controller);
if (cppi->irq)
--- a/drivers/usb/storage/sddr55.c
+++ b/drivers/usb/storage/sddr55.c
@@ -553,8 +553,8 @@ static int sddr55_reset(struct us_data *
static unsigned long sddr55_get_capacity(struct us_data *us) {
- unsigned char uninitialized_var(manufacturerID);
- unsigned char uninitialized_var(deviceID);
+ unsigned char manufacturerID;
+ unsigned char deviceID;
int result;
struct sddr55_card_info *info = (struct sddr55_card_info *)us->extra;
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -828,7 +828,7 @@ static int get_rx_bufs(struct vhost_virt
/* len is always initialized before use since we are always called with
* datalen > 0.
*/
- u32 uninitialized_var(len);
+ u32 len;
while (datalen > 0 && headcount < quota) {
if (unlikely(seg >= UIO_MAXIOV)) {
@@ -885,7 +885,7 @@ static void handle_rx(struct vhost_net *
{
struct vhost_net_virtqueue *nvq = &net->vqs[VHOST_NET_VQ_RX];
struct vhost_virtqueue *vq = &nvq->vq;
- unsigned uninitialized_var(in), log;
+ unsigned in, log;
struct vhost_log *vq_log;
struct msghdr msg = {
.msg_name = NULL,
--- a/drivers/video/fbdev/matrox/matroxfb_maven.c
+++ b/drivers/video/fbdev/matrox/matroxfb_maven.c
@@ -299,7 +299,7 @@ static int matroxfb_mavenclock(const str
unsigned int* in, unsigned int* feed, unsigned int* post,
unsigned int* htotal2) {
unsigned int fvco;
- unsigned int uninitialized_var(p);
+ unsigned int p;
fvco = matroxfb_PLL_mavenclock(&maven1000_pll, ctl, htotal, vtotal, in, feed, &p, htotal2);
if (!fvco)
@@ -731,8 +731,8 @@ static int maven_find_exact_clocks(unsig
for (x = 0; x < 8; x++) {
unsigned int c;
- unsigned int uninitialized_var(a), uninitialized_var(b),
- uninitialized_var(h2);
+ unsigned int a, b,
+ h2;
unsigned int h = ht + 2 + x;
if (!matroxfb_mavenclock((m->mode == MATROXFB_OUTPUT_MODE_PAL) ? &maven_PAL : &maven_NTSC, h, vt, &a, &b, &c, &h2)) {
--- a/drivers/video/fbdev/pm3fb.c
+++ b/drivers/video/fbdev/pm3fb.c
@@ -821,9 +821,9 @@ static void pm3fb_write_mode(struct fb_i
wmb();
{
- unsigned char uninitialized_var(m); /* ClkPreScale */
- unsigned char uninitialized_var(n); /* ClkFeedBackScale */
- unsigned char uninitialized_var(p); /* ClkPostScale */
+ unsigned char m; /* ClkPreScale */
+ unsigned char n; /* ClkFeedBackScale */
+ unsigned char p; /* ClkPostScale */
unsigned long pixclock = PICOS2KHZ(info->var.pixclock);
(void)pm3fb_calculate_clock(pixclock, &m, &n, &p);
--- a/drivers/video/fbdev/riva/riva_hw.c
+++ b/drivers/video/fbdev/riva/riva_hw.c
@@ -1245,8 +1245,7 @@ int CalcStateExt
)
{
int pixelDepth;
- int uninitialized_var(VClk),uninitialized_var(m),
- uninitialized_var(n), uninitialized_var(p);
+ int VClk, m, n, p;
/*
* Save mode parameters.
--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -268,7 +268,7 @@ static inline int virtqueue_add(struct v
struct vring_virtqueue *vq = to_vvq(_vq);
struct scatterlist *sg;
struct vring_desc *desc;
- unsigned int i, n, avail, descs_used, uninitialized_var(prev), err_idx;
+ unsigned int i, n, avail, descs_used, prev, err_idx;
int head;
bool indirect;
--- a/fs/afs/dir.c
+++ b/fs/afs/dir.c
@@ -887,7 +887,7 @@ static struct dentry *afs_lookup(struct
static int afs_d_revalidate(struct dentry *dentry, unsigned int flags)
{
struct afs_vnode *vnode, *dir;
- struct afs_fid uninitialized_var(fid);
+ struct afs_fid fid;
struct dentry *parent;
struct inode *inode;
struct key *key;
--- a/fs/afs/security.c
+++ b/fs/afs/security.c
@@ -340,7 +340,7 @@ int afs_check_permit(struct afs_vnode *v
int afs_permission(struct inode *inode, int mask)
{
struct afs_vnode *vnode = AFS_FS_I(inode);
- afs_access_t uninitialized_var(access);
+ afs_access_t access;
struct key *key;
int ret;
--- a/fs/dlm/netlink.c
+++ b/fs/dlm/netlink.c
@@ -115,7 +115,7 @@ static void fill_data(struct dlm_lock_da
void dlm_timeout_warn(struct dlm_lkb *lkb)
{
- struct sk_buff *uninitialized_var(send_skb);
+ struct sk_buff *send_skb;
struct dlm_lock_data *data;
size_t size;
int rv;
--- a/fs/fat/dir.c
+++ b/fs/fat/dir.c
@@ -1287,7 +1287,7 @@ int fat_add_entries(struct inode *dir, v
struct super_block *sb = dir->i_sb;
struct msdos_sb_info *sbi = MSDOS_SB(sb);
struct buffer_head *bh, *prev, *bhs[3]; /* 32*slots (672bytes) */
- struct msdos_dir_entry *uninitialized_var(de);
+ struct msdos_dir_entry *de;
int err, free_slots, i, nr_bhs;
loff_t pos, i_pos;
--- a/fs/fuse/control.c
+++ b/fs/fuse/control.c
@@ -117,7 +117,7 @@ static ssize_t fuse_conn_max_background_
const char __user *buf,
size_t count, loff_t *ppos)
{
- unsigned uninitialized_var(val);
+ unsigned val;
ssize_t ret;
ret = fuse_conn_limit_write(file, buf, count, ppos, &val,
--- a/fs/fuse/cuse.c
+++ b/fs/fuse/cuse.c
@@ -269,7 +269,7 @@ static int cuse_parse_one(char **pp, cha
static int cuse_parse_devinfo(char *p, size_t len, struct cuse_devinfo *devinfo)
{
char *end = p + len;
- char *uninitialized_var(key), *uninitialized_var(val);
+ char *key, *val;
int rc;
while (true) {
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2774,7 +2774,7 @@ static void fuse_register_polled_file(st
{
spin_lock(&fc->lock);
if (RB_EMPTY_NODE(&ff->polled_node)) {
- struct rb_node **link, *uninitialized_var(parent);
+ struct rb_node **link, *parent;
link = fuse_find_polled_node(fc, ff->kh, &parent);
BUG_ON(*link);
--- a/fs/gfs2/aops.c
+++ b/fs/gfs2/aops.c
@@ -359,7 +359,7 @@ static int gfs2_write_cache_jdata(struct
int done = 0;
struct pagevec pvec;
int nr_pages;
- pgoff_t uninitialized_var(writeback_index);
+ pgoff_t writeback_index;
pgoff_t index;
pgoff_t end;
pgoff_t done_index;
--- a/fs/gfs2/bmap.c
+++ b/fs/gfs2/bmap.c
@@ -1754,7 +1754,7 @@ static int punch_hole(struct gfs2_inode
u64 lblock = (offset + (1 << bsize_shift) - 1) >> bsize_shift;
__u16 start_list[GFS2_MAX_META_HEIGHT];
__u16 __end_list[GFS2_MAX_META_HEIGHT], *end_list = NULL;
- unsigned int start_aligned, uninitialized_var(end_aligned);
+ unsigned int start_aligned, end_aligned;
unsigned int strip_h = ip->i_height - 1;
u32 btotal = 0;
int ret, state;
--- a/fs/hfsplus/unicode.c
+++ b/fs/hfsplus/unicode.c
@@ -398,7 +398,7 @@ int hfsplus_hash_dentry(const struct den
astr = str->name;
len = str->len;
while (len > 0) {
- int uninitialized_var(dsize);
+ int dsize;
size = asc2unichar(sb, astr, len, &c);
astr += size;
len -= size;
--- a/fs/isofs/namei.c
+++ b/fs/isofs/namei.c
@@ -153,8 +153,8 @@ isofs_find_entry(struct inode *dir, stru
struct dentry *isofs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags)
{
int found;
- unsigned long uninitialized_var(block);
- unsigned long uninitialized_var(offset);
+ unsigned long block;
+ unsigned long offset;
struct inode *inode;
struct page *page;
--- a/fs/jffs2/erase.c
+++ b/fs/jffs2/erase.c
@@ -401,7 +401,7 @@ static void jffs2_mark_erased_block(stru
{
size_t retlen;
int ret;
- uint32_t uninitialized_var(bad_offset);
+ uint32_t bad_offset;
switch (jffs2_block_check_erase(c, jeb, &bad_offset)) {
case -EAGAIN: goto refile;
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -347,7 +347,7 @@ static ssize_t write_unlock_fs(struct fi
static ssize_t write_filehandle(struct file *file, char *buf, size_t size)
{
char *dname, *path;
- int uninitialized_var(maxsize);
+ int maxsize;
char *mesg = buf;
int len;
struct auth_domain *dom;
--- a/fs/ocfs2/alloc.c
+++ b/fs/ocfs2/alloc.c
@@ -4722,7 +4722,7 @@ int ocfs2_insert_extent(handle_t *handle
struct ocfs2_alloc_context *meta_ac)
{
int status;
- int uninitialized_var(free_records);
+ int free_records;
struct buffer_head *last_eb_bh = NULL;
struct ocfs2_insert_type insert = {0, };
struct ocfs2_extent_rec rec;
@@ -7052,7 +7052,7 @@ int ocfs2_convert_inline_data_to_extents
int need_free = 0;
u32 bit_off, num;
handle_t *handle;
- u64 uninitialized_var(block);
+ u64 block;
struct ocfs2_inode_info *oi = OCFS2_I(inode);
struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
struct ocfs2_dinode *di = (struct ocfs2_dinode *)di_bh->b_data;
--- a/fs/ocfs2/dir.c
+++ b/fs/ocfs2/dir.c
@@ -866,9 +866,9 @@ static int ocfs2_dx_dir_lookup(struct in
u64 *ret_phys_blkno)
{
int ret = 0;
- unsigned int cend, uninitialized_var(clen);
- u32 uninitialized_var(cpos);
- u64 uninitialized_var(blkno);
+ unsigned int cend, clen;
+ u32 cpos;
+ u64 blkno;
u32 name_hash = hinfo->major_hash;
ret = ocfs2_dx_dir_lookup_rec(inode, el, name_hash, &cpos, &blkno,
@@ -912,7 +912,7 @@ static int ocfs2_dx_dir_search(const cha
struct ocfs2_dir_lookup_result *res)
{
int ret, i, found;
- u64 uninitialized_var(phys);
+ u64 phys;
struct buffer_head *dx_leaf_bh = NULL;
struct ocfs2_dx_leaf *dx_leaf;
struct ocfs2_dx_entry *dx_entry = NULL;
@@ -4420,9 +4420,9 @@ out:
int ocfs2_dx_dir_truncate(struct inode *dir, struct buffer_head *di_bh)
{
int ret;
- unsigned int uninitialized_var(clen);
- u32 major_hash = UINT_MAX, p_cpos, uninitialized_var(cpos);
- u64 uninitialized_var(blkno);
+ unsigned int clen;
+ u32 major_hash = UINT_MAX, p_cpos, cpos;
+ u64 blkno;
struct ocfs2_super *osb = OCFS2_SB(dir->i_sb);
struct buffer_head *dx_root_bh = NULL;
struct ocfs2_dx_root_block *dx_root;
--- a/fs/ocfs2/extent_map.c
+++ b/fs/ocfs2/extent_map.c
@@ -416,7 +416,7 @@ static int ocfs2_get_clusters_nocache(st
{
int i, ret, tree_height, len;
struct ocfs2_dinode *di;
- struct ocfs2_extent_block *uninitialized_var(eb);
+ struct ocfs2_extent_block *eb;
struct ocfs2_extent_list *el;
struct ocfs2_extent_rec *rec;
struct buffer_head *eb_bh = NULL;
@@ -613,7 +613,7 @@ int ocfs2_get_clusters(struct inode *ino
unsigned int *extent_flags)
{
int ret;
- unsigned int uninitialized_var(hole_len), flags = 0;
+ unsigned int hole_len, flags = 0;
struct buffer_head *di_bh = NULL;
struct ocfs2_extent_rec rec;
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -2506,7 +2506,7 @@ int ocfs2_create_inode_in_orphan(struct
struct buffer_head *new_di_bh = NULL;
struct ocfs2_alloc_context *inode_ac = NULL;
struct ocfs2_dir_lookup_result orphan_insert = { NULL, };
- u64 uninitialized_var(di_blkno), suballoc_loc;
+ u64 di_blkno, suballoc_loc;
u16 suballoc_bit;
status = ocfs2_inode_lock(dir, &parent_di_bh, 1);
--- a/fs/ocfs2/refcounttree.c
+++ b/fs/ocfs2/refcounttree.c
@@ -1069,7 +1069,7 @@ static int ocfs2_get_refcount_rec(struct
struct buffer_head **ret_bh)
{
int ret = 0, i, found;
- u32 low_cpos, uninitialized_var(cpos_end);
+ u32 low_cpos, cpos_end;
struct ocfs2_extent_list *el;
struct ocfs2_extent_rec *rec = NULL;
struct ocfs2_extent_block *eb = NULL;
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -1219,7 +1219,7 @@ static int ocfs2_xattr_block_get(struct
struct ocfs2_xattr_value_root *xv;
size_t size;
int ret = -ENODATA, name_offset, name_len, i;
- int uninitialized_var(block_off);
+ int block_off;
xs->bucket = ocfs2_xattr_bucket_new(inode);
if (!xs->bucket) {
--- a/fs/omfs/file.c
+++ b/fs/omfs/file.c
@@ -220,7 +220,7 @@ static int omfs_get_block(struct inode *
struct buffer_head *bh;
sector_t next, offset;
int ret;
- u64 uninitialized_var(new_block);
+ u64 new_block;
u32 max_extents;
int extent_count;
struct omfs_extent *oe;
--- a/fs/overlayfs/copy_up.c
+++ b/fs/overlayfs/copy_up.c
@@ -713,7 +713,7 @@ static int ovl_copy_up_meta_inode_data(s
struct path upperpath, datapath;
int err;
char *capability = NULL;
- ssize_t uninitialized_var(cap_size);
+ ssize_t cap_size;
ovl_path_upper(c->dentry, &upperpath);
if (WARN_ON(upperpath.dentry == NULL))
--- a/fs/ubifs/commit.c
+++ b/fs/ubifs/commit.c
@@ -564,11 +564,11 @@ out:
*/
int dbg_check_old_index(struct ubifs_info *c, struct ubifs_zbranch *zroot)
{
- int lnum, offs, len, err = 0, uninitialized_var(last_level), child_cnt;
+ int lnum, offs, len, err = 0, last_level, child_cnt;
int first = 1, iip;
struct ubifs_debug_info *d = c->dbg;
- union ubifs_key uninitialized_var(lower_key), upper_key, l_key, u_key;
- unsigned long long uninitialized_var(last_sqnum);
+ union ubifs_key lower_key, upper_key, l_key, u_key;
+ unsigned long long last_sqnum;
struct ubifs_idx_node *idx;
struct list_head list;
struct idx_node *i;
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -1294,7 +1294,7 @@ static int do_rename(struct inode *old_d
struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
struct timespec64 time;
- unsigned int uninitialized_var(saved_nlink);
+ unsigned int saved_nlink;
struct fscrypt_name old_nm, new_nm;
/*
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -234,7 +234,7 @@ static int write_begin_slow(struct addre
struct ubifs_info *c = inode->i_sb->s_fs_info;
pgoff_t index = pos >> PAGE_SHIFT;
struct ubifs_budget_req req = { .new_page = 1 };
- int uninitialized_var(err), appending = !!(pos + len > inode->i_size);
+ int err, appending = !!(pos + len > inode->i_size);
struct page *page;
dbg_gen("ino %lu, pos %llu, len %u, i_size %lld",
@@ -438,7 +438,7 @@ static int ubifs_write_begin(struct file
struct ubifs_info *c = inode->i_sb->s_fs_info;
struct ubifs_inode *ui = ubifs_inode(inode);
pgoff_t index = pos >> PAGE_SHIFT;
- int uninitialized_var(err), appending = !!(pos + len > inode->i_size);
+ int err, appending = !!(pos + len > inode->i_size);
int skipped_read = 0;
struct page *page;
--- a/fs/ubifs/journal.c
+++ b/fs/ubifs/journal.c
@@ -1355,7 +1355,7 @@ int ubifs_jnl_truncate(struct ubifs_info
union ubifs_key key, to_key;
struct ubifs_ino_node *ino;
struct ubifs_trun_node *trun;
- struct ubifs_data_node *uninitialized_var(dn);
+ struct ubifs_data_node *dn;
int err, dlen, len, lnum, offs, bit, sz, sync = IS_SYNC(inode);
struct ubifs_inode *ui = ubifs_inode(inode);
ino_t inum = inode->i_ino;
--- a/fs/ubifs/lpt.c
+++ b/fs/ubifs/lpt.c
@@ -287,7 +287,7 @@ uint32_t ubifs_unpack_bits(const struct
const int k = 32 - nrbits;
uint8_t *p = *addr;
int b = *pos;
- uint32_t uninitialized_var(val);
+ uint32_t val;
const int bytes = (nrbits + b + 7) >> 3;
ubifs_assert(c, nrbits > 0);
--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -936,7 +936,7 @@ static int fallible_resolve_collision(st
int adding)
{
struct ubifs_znode *o_znode = NULL, *znode = *zn;
- int uninitialized_var(o_n), err, cmp, unsure = 0, nn = *n;
+ int o_n, err, cmp, unsure = 0, nn = *n;
cmp = fallible_matches_name(c, &znode->zbranch[nn], nm);
if (unlikely(cmp < 0))
@@ -1558,8 +1558,8 @@ out:
*/
int ubifs_tnc_get_bu_keys(struct ubifs_info *c, struct bu_info *bu)
{
- int n, err = 0, lnum = -1, uninitialized_var(offs);
- int uninitialized_var(len);
+ int n, err = 0, lnum = -1, offs;
+ int len;
unsigned int block = key_block(c, &bu->key);
struct ubifs_znode *znode;
--- a/fs/ubifs/tnc_misc.c
+++ b/fs/ubifs/tnc_misc.c
@@ -138,8 +138,8 @@ int ubifs_search_zbranch(const struct ub
const struct ubifs_znode *znode,
const union ubifs_key *key, int *n)
{
- int beg = 0, end = znode->child_cnt, uninitialized_var(mid);
- int uninitialized_var(cmp);
+ int beg = 0, end = znode->child_cnt, mid;
+ int cmp;
const struct ubifs_zbranch *zbr = &znode->zbranch[0];
ubifs_assert(c, end > beg);
--- a/fs/udf/balloc.c
+++ b/fs/udf/balloc.c
@@ -555,7 +555,7 @@ static udf_pblk_t udf_table_new_block(st
udf_pblk_t newblock = 0;
uint32_t adsize;
uint32_t elen, goal_elen = 0;
- struct kernel_lb_addr eloc, uninitialized_var(goal_eloc);
+ struct kernel_lb_addr eloc, goal_eloc;
struct extent_position epos, goal_epos;
int8_t etype;
struct udf_inode_info *iinfo = UDF_I(table);
--- a/fs/xfs/xfs_bmap_util.c
+++ b/fs/xfs/xfs_bmap_util.c
@@ -130,7 +130,7 @@ xfs_bmap_rtalloc(
* pick an extent that will space things out in the rt area.
*/
if (ap->eof && ap->offset == 0) {
- xfs_rtblock_t uninitialized_var(rtx); /* realtime extent no */
+ xfs_rtblock_t rtx; /* realtime extent no */
error = xfs_rtpick_extent(mp, ap->tp, ralen, &rtx);
if (error)
--- a/kernel/async.c
+++ b/kernel/async.c
@@ -115,7 +115,7 @@ static void async_run_entry_fn(struct wo
struct async_entry *entry =
container_of(work, struct async_entry, work);
unsigned long flags;
- ktime_t uninitialized_var(calltime), delta, rettime;
+ ktime_t calltime, delta, rettime;
/* 1) run (and print duration) */
if (initcall_debug && system_state < SYSTEM_RUNNING) {
@@ -283,7 +283,7 @@ EXPORT_SYMBOL_GPL(async_synchronize_full
*/
void async_synchronize_cookie_domain(async_cookie_t cookie, struct async_domain *domain)
{
- ktime_t uninitialized_var(starttime), delta, endtime;
+ ktime_t starttime, delta, endtime;
if (initcall_debug && system_state < SYSTEM_RUNNING) {
pr_debug("async_waiting @ %i\n", task_pid_nr(current));
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1796,7 +1796,7 @@ struct audit_buffer *audit_log_start(str
{
struct audit_buffer *ab;
struct timespec64 t;
- unsigned int uninitialized_var(serial);
+ unsigned int serial;
if (audit_initialized != AUDIT_INITIALIZED)
return NULL;
--- a/kernel/dma/debug.c
+++ b/kernel/dma/debug.c
@@ -963,7 +963,7 @@ static int device_dma_allocations(struct
static int dma_debug_device_change(struct notifier_block *nb, unsigned long action, void *data)
{
struct device *dev = data;
- struct dma_debug_entry *uninitialized_var(entry);
+ struct dma_debug_entry *entry;
int count;
if (dma_debug_disabled())
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -10575,7 +10575,7 @@ SYSCALL_DEFINE5(perf_event_open,
struct perf_event *group_leader = NULL, *output_event = NULL;
struct perf_event *event, *sibling;
struct perf_event_attr attr;
- struct perf_event_context *ctx, *uninitialized_var(gctx);
+ struct perf_event_context *ctx, *gctx;
struct file *event_file = NULL;
struct fd group = {NULL, 0};
struct task_struct *task = NULL;
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -1887,7 +1887,7 @@ static void handle_swbp(struct pt_regs *
{
struct uprobe *uprobe;
unsigned long bp_vaddr;
- int uninitialized_var(is_swbp);
+ int is_swbp;
bp_vaddr = uprobe_get_swbp_addr(regs);
if (bp_vaddr == get_trampoline_vaddr())
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -140,7 +140,7 @@ static void __exit_signal(struct task_st
struct signal_struct *sig = tsk->signal;
bool group_dead = thread_group_leader(tsk);
struct sighand_struct *sighand;
- struct tty_struct *uninitialized_var(tty);
+ struct tty_struct *tty;
u64 utime, stime;
sighand = rcu_dereference_check(tsk->sighand,
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1398,7 +1398,7 @@ static int lookup_pi_state(u32 __user *u
static int lock_pi_update_atomic(u32 __user *uaddr, u32 uval, u32 newval)
{
int err;
- u32 uninitialized_var(curval);
+ u32 curval;
if (unlikely(should_fail_futex(true)))
return -EFAULT;
@@ -1569,7 +1569,7 @@ static void mark_wake_futex(struct wake_
*/
static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_state)
{
- u32 uninitialized_var(curval), newval;
+ u32 curval, newval;
struct task_struct *new_owner;
bool postunlock = false;
DEFINE_WAKE_Q(wake_q);
@@ -3083,7 +3083,7 @@ uaddr_faulted:
*/
static int futex_unlock_pi(u32 __user *uaddr, unsigned int flags)
{
- u32 uninitialized_var(curval), uval, vpid = task_pid_vnr(current);
+ u32 curval, uval, vpid = task_pid_vnr(current);
union futex_key key = FUTEX_KEY_INIT;
struct futex_hash_bucket *hb;
struct futex_q *top_waiter;
@@ -3558,7 +3558,7 @@ err_unlock:
static int handle_futex_death(u32 __user *uaddr, struct task_struct *curr,
bool pi, bool pending_op)
{
- u32 uval, uninitialized_var(nval), mval;
+ u32 uval, nval, mval;
int err;
/* Futex address must be 32bit aligned */
@@ -3688,7 +3688,7 @@ static void exit_robust_list(struct task
struct robust_list_head __user *head = curr->robust_list;
struct robust_list __user *entry, *next_entry, *pending;
unsigned int limit = ROBUST_LIST_LIMIT, pi, pip;
- unsigned int uninitialized_var(next_pi);
+ unsigned int next_pi;
unsigned long futex_offset;
int rc;
@@ -3987,7 +3987,7 @@ static void compat_exit_robust_list(stru
struct compat_robust_list_head __user *head = curr->compat_robust_list;
struct robust_list __user *entry, *next_entry, *pending;
unsigned int limit = ROBUST_LIST_LIMIT, pi, pip;
- unsigned int uninitialized_var(next_pi);
+ unsigned int next_pi;
compat_uptr_t uentry, next_uentry, upending;
compat_long_t futex_offset;
int rc;
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -1246,7 +1246,7 @@ static int noop_count(struct lock_list *
static unsigned long __lockdep_count_forward_deps(struct lock_list *this)
{
unsigned long count = 0;
- struct lock_list *uninitialized_var(target_entry);
+ struct lock_list *target_entry;
__bfs_forwards(this, (void *)&count, noop_count, &target_entry);
@@ -1274,7 +1274,7 @@ unsigned long lockdep_count_forward_deps
static unsigned long __lockdep_count_backward_deps(struct lock_list *this)
{
unsigned long count = 0;
- struct lock_list *uninitialized_var(target_entry);
+ struct lock_list *target_entry;
__bfs_backwards(this, (void *)&count, noop_count, &target_entry);
@@ -2662,7 +2662,7 @@ check_usage_backwards(struct task_struct
{
int ret;
struct lock_list root;
- struct lock_list *uninitialized_var(target_entry);
+ struct lock_list *target_entry;
root.parent = NULL;
root.class = hlock_class(this);
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -561,7 +561,7 @@ static void rb_wake_up_waiters(struct ir
*/
int ring_buffer_wait(struct ring_buffer *buffer, int cpu, bool full)
{
- struct ring_buffer_per_cpu *uninitialized_var(cpu_buffer);
+ struct ring_buffer_per_cpu *cpu_buffer;
DEFINE_WAIT(wait);
struct rb_irq_work *work;
int ret = 0;
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -1498,7 +1498,7 @@ void *radix_tree_tag_clear(struct radix_
{
struct radix_tree_node *node, *parent;
unsigned long maxindex;
- int uninitialized_var(offset);
+ int offset;
radix_tree_load_root(root, &node, &maxindex);
if (index > maxindex)
--- a/mm/frontswap.c
+++ b/mm/frontswap.c
@@ -447,7 +447,7 @@ static int __frontswap_shrink(unsigned l
void frontswap_shrink(unsigned long target_pages)
{
unsigned long pages_to_unuse = 0;
- int uninitialized_var(type), ret;
+ int type, ret;
/*
* we don't want to hold swap_lock while doing a very
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -2381,7 +2381,7 @@ next_mm:
static void ksm_do_scan(unsigned int scan_npages)
{
struct rmap_item *rmap_item;
- struct page *uninitialized_var(page);
+ struct page *page;
while (scan_npages-- && likely(!freezing(current))) {
cond_resched();
--- a/mm/memcontrol.c
+++ b/mm/memcontrol.c
@@ -919,7 +919,7 @@ struct mem_cgroup *mem_cgroup_iter(struc
struct mem_cgroup *prev,
struct mem_cgroup_reclaim_cookie *reclaim)
{
- struct mem_cgroup_reclaim_iter *uninitialized_var(iter);
+ struct mem_cgroup_reclaim_iter *iter;
struct cgroup_subsys_state *css = NULL;
struct mem_cgroup *memcg = NULL;
struct mem_cgroup *pos = NULL;
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -1147,7 +1147,7 @@ int do_migrate_pages(struct mm_struct *m
static struct page *new_page(struct page *page, unsigned long start)
{
struct vm_area_struct *vma;
- unsigned long uninitialized_var(address);
+ unsigned long address;
vma = find_vma(current->mm, start);
while (vma) {
@@ -1545,7 +1545,7 @@ static int kernel_get_mempolicy(int __us
unsigned long flags)
{
int err;
- int uninitialized_var(pval);
+ int pval;
nodemask_t nodes;
if (nmask != NULL && maxnode < nr_node_ids)
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -2283,7 +2283,7 @@ static struct pcpu_alloc_info * __init p
const size_t static_size = __per_cpu_end - __per_cpu_start;
int nr_groups = 1, nr_units = 0;
size_t size_sum, min_unit_size, alloc_size;
- int upa, max_upa, uninitialized_var(best_upa); /* units_per_alloc */
+ int upa, max_upa, best_upa; /* units_per_alloc */
int last_allocs, group, unit;
unsigned int cpu, tcpu;
struct pcpu_alloc_info *ai;
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1179,7 +1179,7 @@ static noinline int free_debug_processin
struct kmem_cache_node *n = get_node(s, page_to_nid(page));
void *object = head;
int cnt = 0;
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
int ret = 0;
spin_lock_irqsave(&n->list_lock, flags);
@@ -2826,7 +2826,7 @@ static void __slab_free(struct kmem_cach
struct page new;
unsigned long counters;
struct kmem_cache_node *n = NULL;
- unsigned long uninitialized_var(flags);
+ unsigned long flags;
stat(s, FREE_SLOWPATH);
--- a/mm/swap.c
+++ b/mm/swap.c
@@ -721,8 +721,8 @@ void release_pages(struct page **pages,
LIST_HEAD(pages_to_free);
struct pglist_data *locked_pgdat = NULL;
struct lruvec *lruvec;
- unsigned long uninitialized_var(flags);
- unsigned int uninitialized_var(lock_batch);
+ unsigned long flags;
+ unsigned int lock_batch;
for (i = 0; i < nr; i++) {
struct page *page = pages[i];
--- a/net/dccp/options.c
+++ b/net/dccp/options.c
@@ -60,7 +60,7 @@ int dccp_parse_options(struct sock *sk,
(dh->dccph_doff * 4);
struct dccp_options_received *opt_recv = &dp->dccps_options_received;
unsigned char opt, len;
- unsigned char *uninitialized_var(value);
+ unsigned char *value;
u32 elapsed_time;
__be32 opt_val;
int rc;
--- a/net/ipv4/netfilter/nf_socket_ipv4.c
+++ b/net/ipv4/netfilter/nf_socket_ipv4.c
@@ -96,11 +96,11 @@ nf_socket_get_sock_v4(struct net *net, s
struct sock *nf_sk_lookup_slow_v4(struct net *net, const struct sk_buff *skb,
const struct net_device *indev)
{
- __be32 uninitialized_var(daddr), uninitialized_var(saddr);
- __be16 uninitialized_var(dport), uninitialized_var(sport);
+ __be32 daddr, saddr;
+ __be16 dport, sport;
const struct iphdr *iph = ip_hdr(skb);
struct sk_buff *data_skb = NULL;
- u8 uninitialized_var(protocol);
+ u8 protocol;
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
enum ip_conntrack_info ctinfo;
struct nf_conn const *ct;
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -518,7 +518,7 @@ int ipv6_flowlabel_opt_get(struct sock *
int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
{
- int uninitialized_var(err);
+ int err;
struct net *net = sock_net(sk);
struct ipv6_pinfo *np = inet6_sk(sk);
struct in6_flowlabel_req freq;
--- a/net/ipv6/netfilter/nf_socket_ipv6.c
+++ b/net/ipv6/netfilter/nf_socket_ipv6.c
@@ -102,7 +102,7 @@ nf_socket_get_sock_v6(struct net *net, s
struct sock *nf_sk_lookup_slow_v6(struct net *net, const struct sk_buff *skb,
const struct net_device *indev)
{
- __be16 uninitialized_var(dport), uninitialized_var(sport);
+ __be16 dport, sport;
const struct in6_addr *daddr = NULL, *saddr = NULL;
struct ipv6hdr *iph = ipv6_hdr(skb), ipv6_var;
struct sk_buff *data_skb = NULL;
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -383,7 +383,7 @@ static int help(struct sk_buff *skb,
int ret;
u32 seq;
int dir = CTINFO2DIR(ctinfo);
- unsigned int uninitialized_var(matchlen), uninitialized_var(matchoff);
+ unsigned int matchlen, matchoff;
struct nf_ct_ftp_master *ct_ftp_info = nfct_help_data(ct);
struct nf_conntrack_expect *exp;
union nf_inet_addr *daddr;
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -637,7 +637,7 @@ nfulnl_log_packet(struct net *net,
struct nfnl_log_net *log = nfnl_log_pernet(net);
const struct nfnl_ct_hook *nfnl_ct = NULL;
struct nf_conn *ct = NULL;
- enum ip_conntrack_info uninitialized_var(ctinfo);
+ enum ip_conntrack_info ctinfo;
if (li_user && li_user->type == NF_LOG_TYPE_ULOG)
li = li_user;
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -392,7 +392,7 @@ nfqnl_build_packet_message(struct net *n
struct net_device *indev;
struct net_device *outdev;
struct nf_conn *ct = NULL;
- enum ip_conntrack_info uninitialized_var(ctinfo);
+ enum ip_conntrack_info ctinfo;
struct nfnl_ct_hook *nfnl_ct;
bool csum_verify;
char *secdata = NULL;
@@ -1191,7 +1191,7 @@ static int nfqnl_recv_verdict(struct net
struct nfqnl_instance *queue;
unsigned int verdict;
struct nf_queue_entry *entry;
- enum ip_conntrack_info uninitialized_var(ctinfo);
+ enum ip_conntrack_info ctinfo;
struct nfnl_ct_hook *nfnl_ct;
struct nf_conn *ct = NULL;
struct nfnl_queue_net *q = nfnl_queue_pernet(net);
--- a/net/sched/cls_flow.c
+++ b/net/sched/cls_flow.c
@@ -229,7 +229,7 @@ static u32 flow_get_skgid(const struct s
static u32 flow_get_vlan_tag(const struct sk_buff *skb)
{
- u16 uninitialized_var(tag);
+ u16 tag;
if (vlan_get_tag(skb, &tag) < 0)
return 0;
--- a/net/sched/sch_cake.c
+++ b/net/sched/sch_cake.c
@@ -1649,7 +1649,7 @@ static s32 cake_enqueue(struct sk_buff *
{
struct cake_sched_data *q = qdisc_priv(sch);
int len = qdisc_pkt_len(skb);
- int uninitialized_var(ret);
+ int ret;
struct sk_buff *ack = NULL;
ktime_t now = ktime_get();
struct cake_tin_data *b;
--- a/net/sched/sch_cbq.c
+++ b/net/sched/sch_cbq.c
@@ -365,7 +365,7 @@ cbq_enqueue(struct sk_buff *skb, struct
struct sk_buff **to_free)
{
struct cbq_sched_data *q = qdisc_priv(sch);
- int uninitialized_var(ret);
+ int ret;
struct cbq_class *cl = cbq_classify(skb, sch, &ret);
#ifdef CONFIG_NET_CLS_ACT
--- a/net/sched/sch_fq_codel.c
+++ b/net/sched/sch_fq_codel.c
@@ -192,7 +192,7 @@ static int fq_codel_enqueue(struct sk_bu
struct fq_codel_sched_data *q = qdisc_priv(sch);
unsigned int idx, prev_backlog, prev_qlen;
struct fq_codel_flow *flow;
- int uninitialized_var(ret);
+ int ret;
unsigned int pkt_len;
bool memory_limited;
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -353,7 +353,7 @@ sfq_enqueue(struct sk_buff *skb, struct
unsigned int hash, dropped;
sfq_index x, qlen;
struct sfq_slot *slot;
- int uninitialized_var(ret);
+ int ret;
struct sk_buff *head;
int delta;
--- a/sound/core/control_compat.c
+++ b/sound/core/control_compat.c
@@ -236,7 +236,7 @@ static int copy_ctl_value_from_user(stru
{
struct snd_ctl_elem_value32 __user *data32 = userdata;
int i, type, size;
- int uninitialized_var(count);
+ int count;
unsigned int indirect;
if (copy_from_user(&data->id, &data32->id, sizeof(data->id)))
--- a/sound/isa/sb/sb16_csp.c
+++ b/sound/isa/sb/sb16_csp.c
@@ -116,7 +116,7 @@ static void info_read(struct snd_info_en
int snd_sb_csp_new(struct snd_sb *chip, int device, struct snd_hwdep ** rhwdep)
{
struct snd_sb_csp *p;
- int uninitialized_var(version);
+ int version;
int err;
struct snd_hwdep *hw;
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -324,7 +324,7 @@ static void queue_pending_output_urbs(st
while (test_bit(EP_FLAG_RUNNING, &ep->flags)) {
unsigned long flags;
- struct snd_usb_packet_info *uninitialized_var(packet);
+ struct snd_usb_packet_info *packet;
struct snd_urb_ctx *ctx = NULL;
int err, i;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 009/323] md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 008/323] treewide: Remove uninitialized_var() usage Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 010/323] md/raid10: fix overflow of md/safe_mode_delay Greg Kroah-Hartman
` (317 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Nan, Yu Kuai, Song Liu,
Sasha Levin
From: Li Nan <linan122@huawei.com>
[ Upstream commit 301867b1c16805aebbc306aafa6ecdc68b73c7e5 ]
If we write a large number to md/bitmap_set_bits, md_bitmap_checkpage()
will return -EINVAL because 'page >= bitmap->pages', but the return value
was not checked immediately in md_bitmap_get_counter() in order to set
*blocks value and slab-out-of-bounds occurs.
Move check of 'page >= bitmap->pages' to md_bitmap_get_counter() and
return directly if true.
Fixes: ef4256733506 ("md/bitmap: optimise scanning of empty bitmaps.")
Signed-off-by: Li Nan <linan122@huawei.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230515134808.3936750-2-linan666@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index 1c4c462787198..7ca81e917aef4 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -53,14 +53,7 @@ __acquires(bitmap->lock)
{
unsigned char *mappage;
- if (page >= bitmap->pages) {
- /* This can happen if bitmap_start_sync goes beyond
- * End-of-device while looking for a whole page.
- * It is harmless.
- */
- return -EINVAL;
- }
-
+ WARN_ON_ONCE(page >= bitmap->pages);
if (bitmap->bp[page].hijacked) /* it's hijacked, don't try to alloc */
return 0;
@@ -1368,6 +1361,14 @@ __acquires(bitmap->lock)
sector_t csize;
int err;
+ if (page >= bitmap->pages) {
+ /*
+ * This can happen if bitmap_start_sync goes beyond
+ * End-of-device while looking for a whole page or
+ * user set a huge number to sysfs bitmap_set_bits.
+ */
+ return NULL;
+ }
err = md_bitmap_checkpage(bitmap, page, create, 0);
if (bitmap->bp[page].hijacked ||
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 010/323] md/raid10: fix overflow of md/safe_mode_delay
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 009/323] md/raid10: check slab-out-of-bounds in md_bitmap_get_counter Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 011/323] md/raid10: fix wrong setting of max_corr_read_errors Greg Kroah-Hartman
` (316 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Nan, Song Liu, Sasha Levin
From: Li Nan <linan122@huawei.com>
[ Upstream commit 6beb489b2eed25978523f379a605073f99240c50 ]
There is no input check when echo md/safe_mode_delay in safe_delay_store().
And msec might also overflow when HZ < 1000 in safe_delay_show(), Fix it by
checking overflow in safe_delay_store() and use unsigned long conversion in
safe_delay_show().
Fixes: 72e02075a33f ("md: factor out parsing of fixed-point numbers")
Signed-off-by: Li Nan <linan122@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230522072535.1523740-2-linan666@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index f8c111b369928..ad3e666b9d735 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -3671,8 +3671,9 @@ int strict_strtoul_scaled(const char *cp, unsigned long *res, int scale)
static ssize_t
safe_delay_show(struct mddev *mddev, char *page)
{
- int msec = (mddev->safemode_delay*1000)/HZ;
- return sprintf(page, "%d.%03d\n", msec/1000, msec%1000);
+ unsigned int msec = ((unsigned long)mddev->safemode_delay*1000)/HZ;
+
+ return sprintf(page, "%u.%03u\n", msec/1000, msec%1000);
}
static ssize_t
safe_delay_store(struct mddev *mddev, const char *cbuf, size_t len)
@@ -3684,7 +3685,7 @@ safe_delay_store(struct mddev *mddev, const char *cbuf, size_t len)
return -EINVAL;
}
- if (strict_strtoul_scaled(cbuf, &msec, 3) < 0)
+ if (strict_strtoul_scaled(cbuf, &msec, 3) < 0 || msec > UINT_MAX / HZ)
return -EINVAL;
if (msec == 0)
mddev->safemode_delay = 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 011/323] md/raid10: fix wrong setting of max_corr_read_errors
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 010/323] md/raid10: fix overflow of md/safe_mode_delay Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 012/323] md/raid10: fix io loss while replacement replace rdev Greg Kroah-Hartman
` (315 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Nan, Yu Kuai, Song Liu,
Sasha Levin
From: Li Nan <linan122@huawei.com>
[ Upstream commit f8b20a405428803bd9881881d8242c9d72c6b2b2 ]
There is no input check when echo md/max_read_errors and overflow might
occur. Add check of input number.
Fixes: 1e50915fe0bb ("raid: improve MD/raid10 handling of correctable read errors.")
Signed-off-by: Li Nan <linan122@huawei.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230522072535.1523740-3-linan666@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index ad3e666b9d735..2e23a898fc978 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -4337,6 +4337,8 @@ max_corrected_read_errors_store(struct mddev *mddev, const char *buf, size_t len
rv = kstrtouint(buf, 10, &n);
if (rv < 0)
return rv;
+ if (n > INT_MAX)
+ return -EINVAL;
atomic_set(&mddev->max_corr_read_errors, n);
return len;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 012/323] md/raid10: fix io loss while replacement replace rdev
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 011/323] md/raid10: fix wrong setting of max_corr_read_errors Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 013/323] irqchip/jcore-aic: Kill use of irq_create_strict_mappings() Greg Kroah-Hartman
` (314 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Nan, Yu Kuai, Song Liu,
Sasha Levin
From: Li Nan <linan122@huawei.com>
[ Upstream commit 2ae6aaf76912bae53c74b191569d2ab484f24bf3 ]
When removing a disk with replacement, the replacement will be used to
replace rdev. During this process, there is a brief window in which both
rdev and replacement are read as NULL in raid10_write_request(). This
will result in io not being submitted but it should be.
//remove //write
raid10_remove_disk raid10_write_request
mirror->rdev = NULL
read rdev -> NULL
mirror->rdev = mirror->replacement
mirror->replacement = NULL
read replacement -> NULL
Fix it by reading replacement first and rdev later, meanwhile, use smp_mb()
to prevent memory reordering.
Fixes: 475b0321a4df ("md/raid10: writes should get directed to replacement as well as original.")
Signed-off-by: Li Nan <linan122@huawei.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230602091839.743798-3-linan666@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index f6d2be1d23864..d46056b07c079 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -781,8 +781,16 @@ static struct md_rdev *read_balance(struct r10conf *conf,
disk = r10_bio->devs[slot].devnum;
rdev = rcu_dereference(conf->mirrors[disk].replacement);
if (rdev == NULL || test_bit(Faulty, &rdev->flags) ||
- r10_bio->devs[slot].addr + sectors > rdev->recovery_offset)
+ r10_bio->devs[slot].addr + sectors >
+ rdev->recovery_offset) {
+ /*
+ * Read replacement first to prevent reading both rdev
+ * and replacement as NULL during replacement replace
+ * rdev.
+ */
+ smp_mb();
rdev = rcu_dereference(conf->mirrors[disk].rdev);
+ }
if (rdev == NULL ||
test_bit(Faulty, &rdev->flags))
continue;
@@ -1400,9 +1408,15 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
for (i = 0; i < conf->copies; i++) {
int d = r10_bio->devs[i].devnum;
- struct md_rdev *rdev = rcu_dereference(conf->mirrors[d].rdev);
- struct md_rdev *rrdev = rcu_dereference(
- conf->mirrors[d].replacement);
+ struct md_rdev *rdev, *rrdev;
+
+ rrdev = rcu_dereference(conf->mirrors[d].replacement);
+ /*
+ * Read replacement first to prevent reading both rdev and
+ * replacement as NULL during replacement replace rdev.
+ */
+ smp_mb();
+ rdev = rcu_dereference(conf->mirrors[d].rdev);
if (rdev == rrdev)
rrdev = NULL;
if (rdev && unlikely(test_bit(Blocked, &rdev->flags))) {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 013/323] irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 012/323] md/raid10: fix io loss while replacement replace rdev Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 014/323] irqchip/jcore-aic: Fix missing allocation of IRQ descriptors Greg Kroah-Hartman
` (313 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marc Zyngier, Sasha Levin
From: Marc Zyngier <maz@kernel.org>
[ Upstream commit 5f8b938bd790cff6542c7fe3c1495c71f89fef1b ]
irq_create_strict_mappings() is a poor way to allow the use of
a linear IRQ domain as a legacy one. Let's be upfront about it.
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210406093557.1073423-4-maz@kernel.org
Stable-dep-of: 4848229494a3 ("irqchip/jcore-aic: Fix missing allocation of IRQ descriptors")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-jcore-aic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-jcore-aic.c b/drivers/irqchip/irq-jcore-aic.c
index 033bccb41455c..5f47d8ee4ae39 100644
--- a/drivers/irqchip/irq-jcore-aic.c
+++ b/drivers/irqchip/irq-jcore-aic.c
@@ -100,11 +100,11 @@ static int __init aic_irq_of_init(struct device_node *node,
jcore_aic.irq_unmask = noop;
jcore_aic.name = "AIC";
- domain = irq_domain_add_linear(node, dom_sz, &jcore_aic_irqdomain_ops,
+ domain = irq_domain_add_legacy(node, dom_sz - min_irq, min_irq, min_irq,
+ &jcore_aic_irqdomain_ops,
&jcore_aic);
if (!domain)
return -ENOMEM;
- irq_create_strict_mappings(domain, min_irq, min_irq, dom_sz - min_irq);
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 014/323] irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 013/323] irqchip/jcore-aic: Kill use of irq_create_strict_mappings() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 015/323] clocksource/drivers: Unify the names to timer-* format Greg Kroah-Hartman
` (312 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, John Paul Adrian Glaubitz,
Rob Landley, Marc Zyngier, Sasha Levin
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
[ Upstream commit 4848229494a323eeaab62eee5574ef9f7de80374 ]
The initialization function for the J-Core AIC aic_irq_of_init() is
currently missing the call to irq_alloc_descs() which allocates and
initializes all the IRQ descriptors. Add missing function call and
return the error code from irq_alloc_descs() in case the allocation
fails.
Fixes: 981b58f66cfc ("irqchip/jcore-aic: Add J-Core AIC driver")
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Tested-by: Rob Landley <rob@landley.net>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230510163343.43090-1-glaubitz@physik.fu-berlin.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-jcore-aic.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/irqchip/irq-jcore-aic.c b/drivers/irqchip/irq-jcore-aic.c
index 5f47d8ee4ae39..b9dcc8e78c750 100644
--- a/drivers/irqchip/irq-jcore-aic.c
+++ b/drivers/irqchip/irq-jcore-aic.c
@@ -68,6 +68,7 @@ static int __init aic_irq_of_init(struct device_node *node,
unsigned min_irq = JCORE_AIC2_MIN_HWIRQ;
unsigned dom_sz = JCORE_AIC_MAX_HWIRQ+1;
struct irq_domain *domain;
+ int ret;
pr_info("Initializing J-Core AIC\n");
@@ -100,6 +101,12 @@ static int __init aic_irq_of_init(struct device_node *node,
jcore_aic.irq_unmask = noop;
jcore_aic.name = "AIC";
+ ret = irq_alloc_descs(-1, min_irq, dom_sz - min_irq,
+ of_node_to_nid(node));
+
+ if (ret < 0)
+ return ret;
+
domain = irq_domain_add_legacy(node, dom_sz - min_irq, min_irq, min_irq,
&jcore_aic_irqdomain_ops,
&jcore_aic);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 015/323] clocksource/drivers: Unify the names to timer-* format
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 014/323] irqchip/jcore-aic: Fix missing allocation of IRQ descriptors Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 016/323] clocksource/drivers/cadence-ttc: Use ttc driver as platform driver Greg Kroah-Hartman
` (311 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König,
Vladimir Zapolskiy, Liviu Dudau, Daniel Lezcano, Sasha Levin
From: Daniel Lezcano <daniel.lezcano@linaro.org>
[ Upstream commit 9d8d47ea6ec6048abc75ccc4486aff1a7db1ff4b ]
In order to make some housekeeping in the directory, this patch renames
drivers to the timer-* format in order to unify their names.
There is no functional changes.
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Acked-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Stable-dep-of: 8b5bf64c89c7 ("clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
MAINTAINERS | 10 +++----
drivers/clocksource/Makefile | 26 +++++++++----------
...-armada-370-xp.c => timer-armada-370-xp.c} | 0
...adence_ttc_timer.c => timer-cadence-ttc.c} | 0
.../{time-efm32.c => timer-efm32.c} | 0
.../{fsl_ftm_timer.c => timer-fsl-ftm.c} | 0
.../{time-lpc32xx.c => timer-lpc32xx.c} | 0
.../{time-orion.c => timer-orion.c} | 0
.../clocksource/{owl-timer.c => timer-owl.c} | 0
.../{time-pistachio.c => timer-pistachio.c} | 0
.../{qcom-timer.c => timer-qcom.c} | 0
.../{versatile.c => timer-versatile.c} | 0
.../{vf_pit_timer.c => timer-vf-pit.c} | 0
.../{vt8500_timer.c => timer-vt8500.c} | 0
.../{zevio-timer.c => timer-zevio.c} | 0
15 files changed, 18 insertions(+), 18 deletions(-)
rename drivers/clocksource/{time-armada-370-xp.c => timer-armada-370-xp.c} (100%)
rename drivers/clocksource/{cadence_ttc_timer.c => timer-cadence-ttc.c} (100%)
rename drivers/clocksource/{time-efm32.c => timer-efm32.c} (100%)
rename drivers/clocksource/{fsl_ftm_timer.c => timer-fsl-ftm.c} (100%)
rename drivers/clocksource/{time-lpc32xx.c => timer-lpc32xx.c} (100%)
rename drivers/clocksource/{time-orion.c => timer-orion.c} (100%)
rename drivers/clocksource/{owl-timer.c => timer-owl.c} (100%)
rename drivers/clocksource/{time-pistachio.c => timer-pistachio.c} (100%)
rename drivers/clocksource/{qcom-timer.c => timer-qcom.c} (100%)
rename drivers/clocksource/{versatile.c => timer-versatile.c} (100%)
rename drivers/clocksource/{vf_pit_timer.c => timer-vf-pit.c} (100%)
rename drivers/clocksource/{vt8500_timer.c => timer-vt8500.c} (100%)
rename drivers/clocksource/{zevio-timer.c => timer-zevio.c} (100%)
diff --git a/MAINTAINERS b/MAINTAINERS
index 3d3d7f5d1c3f1..59003315a9597 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1180,7 +1180,7 @@ N: owl
F: arch/arm/mach-actions/
F: arch/arm/boot/dts/owl-*
F: arch/arm64/boot/dts/actions/
-F: drivers/clocksource/owl-*
+F: drivers/clocksource/timer-owl*
F: drivers/pinctrl/actions/*
F: drivers/soc/actions/
F: include/dt-bindings/power/owl-*
@@ -1603,7 +1603,7 @@ L: linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
S: Maintained
F: arch/arm/boot/dts/lpc43*
F: drivers/clk/nxp/clk-lpc18xx*
-F: drivers/clocksource/time-lpc32xx.c
+F: drivers/clocksource/timer-lpc32xx.c
F: drivers/i2c/busses/i2c-lpc2k.c
F: drivers/memory/pl172.c
F: drivers/mtd/spi-nor/nxp-spifi.c
@@ -2219,7 +2219,7 @@ F: arch/arm/mach-vexpress/
F: */*/vexpress*
F: */*/*/vexpress*
F: drivers/clk/versatile/clk-vexpress-osc.c
-F: drivers/clocksource/versatile.c
+F: drivers/clocksource/timer-versatile.c
N: mps2
ARM/VFP SUPPORT
@@ -2241,7 +2241,7 @@ M: Tony Prisk <linux@prisktech.co.nz>
L: linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
S: Maintained
F: arch/arm/mach-vt8500/
-F: drivers/clocksource/vt8500_timer.c
+F: drivers/clocksource/timer-vt8500.c
F: drivers/i2c/busses/i2c-wmt.c
F: drivers/mmc/host/wmt-sdmmc.c
F: drivers/pwm/pwm-vt8500.c
@@ -2306,7 +2306,7 @@ F: drivers/cpuidle/cpuidle-zynq.c
F: drivers/block/xsysace.c
N: zynq
N: xilinx
-F: drivers/clocksource/cadence_ttc_timer.c
+F: drivers/clocksource/timer-cadence-ttc.c
F: drivers/i2c/busses/i2c-cadence.c
F: drivers/mmc/host/sdhci-of-arasan.c
F: drivers/edac/synopsys_edac.c
diff --git a/drivers/clocksource/Makefile b/drivers/clocksource/Makefile
index db51b2427e8a6..e33b21d3f9d8b 100644
--- a/drivers/clocksource/Makefile
+++ b/drivers/clocksource/Makefile
@@ -23,8 +23,8 @@ obj-$(CONFIG_FTTMR010_TIMER) += timer-fttmr010.o
obj-$(CONFIG_ROCKCHIP_TIMER) += rockchip_timer.o
obj-$(CONFIG_CLKSRC_NOMADIK_MTU) += nomadik-mtu.o
obj-$(CONFIG_CLKSRC_DBX500_PRCMU) += clksrc-dbx500-prcmu.o
-obj-$(CONFIG_ARMADA_370_XP_TIMER) += time-armada-370-xp.o
-obj-$(CONFIG_ORION_TIMER) += time-orion.o
+obj-$(CONFIG_ARMADA_370_XP_TIMER) += timer-armada-370-xp.o
+obj-$(CONFIG_ORION_TIMER) += timer-orion.o
obj-$(CONFIG_BCM2835_TIMER) += bcm2835_timer.o
obj-$(CONFIG_CLPS711X_TIMER) += clps711x-timer.o
obj-$(CONFIG_ATLAS7_TIMER) += timer-atlas7.o
@@ -36,25 +36,25 @@ obj-$(CONFIG_SUN4I_TIMER) += sun4i_timer.o
obj-$(CONFIG_SUN5I_HSTIMER) += timer-sun5i.o
obj-$(CONFIG_MESON6_TIMER) += meson6_timer.o
obj-$(CONFIG_TEGRA_TIMER) += tegra20_timer.o
-obj-$(CONFIG_VT8500_TIMER) += vt8500_timer.o
-obj-$(CONFIG_NSPIRE_TIMER) += zevio-timer.o
+obj-$(CONFIG_VT8500_TIMER) += timer-vt8500.o
+obj-$(CONFIG_NSPIRE_TIMER) += timer-zevio.o
obj-$(CONFIG_BCM_KONA_TIMER) += bcm_kona_timer.o
-obj-$(CONFIG_CADENCE_TTC_TIMER) += cadence_ttc_timer.o
-obj-$(CONFIG_CLKSRC_EFM32) += time-efm32.o
+obj-$(CONFIG_CADENCE_TTC_TIMER) += timer-cadence-ttc.o
+obj-$(CONFIG_CLKSRC_EFM32) += timer-efm32.o
obj-$(CONFIG_CLKSRC_STM32) += timer-stm32.o
obj-$(CONFIG_CLKSRC_EXYNOS_MCT) += exynos_mct.o
-obj-$(CONFIG_CLKSRC_LPC32XX) += time-lpc32xx.o
+obj-$(CONFIG_CLKSRC_LPC32XX) += timer-lpc32xx.o
obj-$(CONFIG_CLKSRC_MPS2) += mps2-timer.o
obj-$(CONFIG_CLKSRC_SAMSUNG_PWM) += samsung_pwm_timer.o
-obj-$(CONFIG_FSL_FTM_TIMER) += fsl_ftm_timer.o
-obj-$(CONFIG_VF_PIT_TIMER) += vf_pit_timer.o
-obj-$(CONFIG_CLKSRC_QCOM) += qcom-timer.o
+obj-$(CONFIG_FSL_FTM_TIMER) += timer-fsl-ftm.o
+obj-$(CONFIG_VF_PIT_TIMER) += timer-vf-pit.o
+obj-$(CONFIG_CLKSRC_QCOM) += timer-qcom.o
obj-$(CONFIG_MTK_TIMER) += timer-mediatek.o
-obj-$(CONFIG_CLKSRC_PISTACHIO) += time-pistachio.o
+obj-$(CONFIG_CLKSRC_PISTACHIO) += timer-pistachio.o
obj-$(CONFIG_CLKSRC_TI_32K) += timer-ti-32k.o
obj-$(CONFIG_CLKSRC_NPS) += timer-nps.o
obj-$(CONFIG_OXNAS_RPS_TIMER) += timer-oxnas-rps.o
-obj-$(CONFIG_OWL_TIMER) += owl-timer.o
+obj-$(CONFIG_OWL_TIMER) += timer-owl.o
obj-$(CONFIG_SPRD_TIMER) += timer-sprd.o
obj-$(CONFIG_NPCM7XX_TIMER) += timer-npcm7xx.o
@@ -66,7 +66,7 @@ obj-$(CONFIG_ARM_TIMER_SP804) += timer-sp804.o
obj-$(CONFIG_ARCH_HAS_TICK_BROADCAST) += dummy_timer.o
obj-$(CONFIG_KEYSTONE_TIMER) += timer-keystone.o
obj-$(CONFIG_INTEGRATOR_AP_TIMER) += timer-integrator-ap.o
-obj-$(CONFIG_CLKSRC_VERSATILE) += versatile.o
+obj-$(CONFIG_CLKSRC_VERSATILE) += timer-versatile.o
obj-$(CONFIG_CLKSRC_MIPS_GIC) += mips-gic-timer.o
obj-$(CONFIG_CLKSRC_TANGO_XTAL) += tango_xtal.o
obj-$(CONFIG_CLKSRC_IMX_GPT) += timer-imx-gpt.o
diff --git a/drivers/clocksource/time-armada-370-xp.c b/drivers/clocksource/timer-armada-370-xp.c
similarity index 100%
rename from drivers/clocksource/time-armada-370-xp.c
rename to drivers/clocksource/timer-armada-370-xp.c
diff --git a/drivers/clocksource/cadence_ttc_timer.c b/drivers/clocksource/timer-cadence-ttc.c
similarity index 100%
rename from drivers/clocksource/cadence_ttc_timer.c
rename to drivers/clocksource/timer-cadence-ttc.c
diff --git a/drivers/clocksource/time-efm32.c b/drivers/clocksource/timer-efm32.c
similarity index 100%
rename from drivers/clocksource/time-efm32.c
rename to drivers/clocksource/timer-efm32.c
diff --git a/drivers/clocksource/fsl_ftm_timer.c b/drivers/clocksource/timer-fsl-ftm.c
similarity index 100%
rename from drivers/clocksource/fsl_ftm_timer.c
rename to drivers/clocksource/timer-fsl-ftm.c
diff --git a/drivers/clocksource/time-lpc32xx.c b/drivers/clocksource/timer-lpc32xx.c
similarity index 100%
rename from drivers/clocksource/time-lpc32xx.c
rename to drivers/clocksource/timer-lpc32xx.c
diff --git a/drivers/clocksource/time-orion.c b/drivers/clocksource/timer-orion.c
similarity index 100%
rename from drivers/clocksource/time-orion.c
rename to drivers/clocksource/timer-orion.c
diff --git a/drivers/clocksource/owl-timer.c b/drivers/clocksource/timer-owl.c
similarity index 100%
rename from drivers/clocksource/owl-timer.c
rename to drivers/clocksource/timer-owl.c
diff --git a/drivers/clocksource/time-pistachio.c b/drivers/clocksource/timer-pistachio.c
similarity index 100%
rename from drivers/clocksource/time-pistachio.c
rename to drivers/clocksource/timer-pistachio.c
diff --git a/drivers/clocksource/qcom-timer.c b/drivers/clocksource/timer-qcom.c
similarity index 100%
rename from drivers/clocksource/qcom-timer.c
rename to drivers/clocksource/timer-qcom.c
diff --git a/drivers/clocksource/versatile.c b/drivers/clocksource/timer-versatile.c
similarity index 100%
rename from drivers/clocksource/versatile.c
rename to drivers/clocksource/timer-versatile.c
diff --git a/drivers/clocksource/vf_pit_timer.c b/drivers/clocksource/timer-vf-pit.c
similarity index 100%
rename from drivers/clocksource/vf_pit_timer.c
rename to drivers/clocksource/timer-vf-pit.c
diff --git a/drivers/clocksource/vt8500_timer.c b/drivers/clocksource/timer-vt8500.c
similarity index 100%
rename from drivers/clocksource/vt8500_timer.c
rename to drivers/clocksource/timer-vt8500.c
diff --git a/drivers/clocksource/zevio-timer.c b/drivers/clocksource/timer-zevio.c
similarity index 100%
rename from drivers/clocksource/zevio-timer.c
rename to drivers/clocksource/timer-zevio.c
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 016/323] clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 015/323] clocksource/drivers: Unify the names to timer-* format Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 017/323] clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Greg Kroah-Hartman
` (310 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rajan Vaja, Michal Simek,
Daniel Lezcano, Sasha Levin
From: Rajan Vaja <rajan.vaja@xilinx.com>
[ Upstream commit f5ac896b6a23eb46681cdbef440c1d991b04e519 ]
Currently TTC driver is TIMER_OF_DECLARE type driver. Because of
that, TTC driver may be initialized before other clock drivers. If
TTC driver is dependent on that clock driver then initialization of
TTC driver will failed.
So use TTC driver as platform driver instead of using
TIMER_OF_DECLARE.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/1573122988-18399-1-git-send-email-rajan.vaja@xilinx.com
Stable-dep-of: 8b5bf64c89c7 ("clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-cadence-ttc.c | 26 +++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/drivers/clocksource/timer-cadence-ttc.c b/drivers/clocksource/timer-cadence-ttc.c
index a7eb858a84a0f..b1df0ded8f521 100644
--- a/drivers/clocksource/timer-cadence-ttc.c
+++ b/drivers/clocksource/timer-cadence-ttc.c
@@ -23,6 +23,8 @@
#include <linux/of_irq.h>
#include <linux/slab.h>
#include <linux/sched_clock.h>
+#include <linux/module.h>
+#include <linux/of_platform.h>
/*
* This driver configures the 2 16/32-bit count-up timers as follows:
@@ -472,13 +474,7 @@ static int __init ttc_setup_clockevent(struct clk *clk,
return err;
}
-/**
- * ttc_timer_init - Initialize the timer
- *
- * Initializes the timer hardware and register the clock source and clock event
- * timers with Linux kernal timer framework
- */
-static int __init ttc_timer_init(struct device_node *timer)
+static int __init ttc_timer_probe(struct platform_device *pdev)
{
unsigned int irq;
void __iomem *timer_baseaddr;
@@ -486,6 +482,7 @@ static int __init ttc_timer_init(struct device_node *timer)
static int initialized;
int clksel, ret;
u32 timer_width = 16;
+ struct device_node *timer = pdev->dev.of_node;
if (initialized)
return 0;
@@ -540,4 +537,17 @@ static int __init ttc_timer_init(struct device_node *timer)
return 0;
}
-TIMER_OF_DECLARE(ttc, "cdns,ttc", ttc_timer_init);
+static const struct of_device_id ttc_timer_of_match[] = {
+ {.compatible = "cdns,ttc"},
+ {},
+};
+
+MODULE_DEVICE_TABLE(of, ttc_timer_of_match);
+
+static struct platform_driver ttc_timer_driver = {
+ .driver = {
+ .name = "cdns_ttc_timer",
+ .of_match_table = ttc_timer_of_match,
+ },
+};
+builtin_platform_driver_probe(ttc_timer_driver, ttc_timer_probe);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 017/323] clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 016/323] clocksource/drivers/cadence-ttc: Use ttc driver as platform driver Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 018/323] PM: domains: fix integer overflow issues in genpd_parse_state() Greg Kroah-Hartman
` (309 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Feng Mingxi, Dongliang Mu,
Michal Simek, Daniel Lezcano, Sasha Levin
From: Feng Mingxi <m202271825@hust.edu.cn>
[ Upstream commit 8b5bf64c89c7100c921bd807ba39b2eb003061ab ]
Smatch reports:
drivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()
warn: 'timer_baseaddr' from of_iomap() not released on lines: 498,508,516.
timer_baseaddr may have the problem of not being released after use,
I replaced it with the devm_of_iomap() function and added the clk_put()
function to cleanup the "clk_ce" and "clk_cs".
Fixes: e932900a3279 ("arm: zynq: Use standard timer binding")
Fixes: 70504f311d4b ("clocksource/drivers/cadence_ttc: Convert init function to return error")
Signed-off-by: Feng Mingxi <m202271825@hust.edu.cn>
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Acked-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20230425065611.702917-1-m202271825@hust.edu.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/timer-cadence-ttc.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/clocksource/timer-cadence-ttc.c b/drivers/clocksource/timer-cadence-ttc.c
index b1df0ded8f521..16b9bfb257564 100644
--- a/drivers/clocksource/timer-cadence-ttc.c
+++ b/drivers/clocksource/timer-cadence-ttc.c
@@ -494,10 +494,10 @@ static int __init ttc_timer_probe(struct platform_device *pdev)
* and use it. Note that the event timer uses the interrupt and it's the
* 2nd TTC hence the irq_of_parse_and_map(,1)
*/
- timer_baseaddr = of_iomap(timer, 0);
- if (!timer_baseaddr) {
+ timer_baseaddr = devm_of_iomap(&pdev->dev, timer, 0, NULL);
+ if (IS_ERR(timer_baseaddr)) {
pr_err("ERROR: invalid timer base address\n");
- return -ENXIO;
+ return PTR_ERR(timer_baseaddr);
}
irq = irq_of_parse_and_map(timer, 1);
@@ -521,20 +521,27 @@ static int __init ttc_timer_probe(struct platform_device *pdev)
clk_ce = of_clk_get(timer, clksel);
if (IS_ERR(clk_ce)) {
pr_err("ERROR: timer input clock not found\n");
- return PTR_ERR(clk_ce);
+ ret = PTR_ERR(clk_ce);
+ goto put_clk_cs;
}
ret = ttc_setup_clocksource(clk_cs, timer_baseaddr, timer_width);
if (ret)
- return ret;
+ goto put_clk_ce;
ret = ttc_setup_clockevent(clk_ce, timer_baseaddr + 4, irq);
if (ret)
- return ret;
+ goto put_clk_ce;
pr_info("%s #0 at %p, irq=%d\n", timer->name, timer_baseaddr, irq);
return 0;
+
+put_clk_ce:
+ clk_put(clk_ce);
+put_clk_cs:
+ clk_put(clk_cs);
+ return ret;
}
static const struct of_device_id ttc_timer_of_match[] = {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 018/323] PM: domains: fix integer overflow issues in genpd_parse_state()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 017/323] clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 019/323] ARM: 9303/1: kprobes: avoid missing-declaration warnings Greg Kroah-Hartman
` (308 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich, Ulf Hansson,
Rafael J. Wysocki, Sasha Levin
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
[ Upstream commit e5d1c8722083f0332dcd3c85fa1273d85fb6bed8 ]
Currently, while calculating residency and latency values, right
operands may overflow if resulting values are big enough.
To prevent this, albeit unlikely case, play it safe and convert
right operands to left ones' type s64.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes: 30f604283e05 ("PM / Domains: Allow domain power states to be read from DT")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Acked-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/domain.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
index e865aa4b25047..b32d3cf4f670d 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -2433,10 +2433,10 @@ static int genpd_parse_state(struct genpd_power_state *genpd_state,
err = of_property_read_u32(state_node, "min-residency-us", &residency);
if (!err)
- genpd_state->residency_ns = 1000 * residency;
+ genpd_state->residency_ns = 1000LL * residency;
- genpd_state->power_on_latency_ns = 1000 * exit_latency;
- genpd_state->power_off_latency_ns = 1000 * entry_latency;
+ genpd_state->power_on_latency_ns = 1000LL * exit_latency;
+ genpd_state->power_off_latency_ns = 1000LL * entry_latency;
genpd_state->fwnode = &state_node->fwnode;
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 019/323] ARM: 9303/1: kprobes: avoid missing-declaration warnings
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 018/323] PM: domains: fix integer overflow issues in genpd_parse_state() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 020/323] evm: Complete description of evm_inode_setattr() Greg Kroah-Hartman
` (307 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu (Google), Kees Cook,
Arnd Bergmann, Russell King (Oracle), Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 1b9c3ddcec6a55e15d3e38e7405e2d078db02020 ]
checker_stack_use_t32strd() and kprobe_handler() can be made static since
they are not used from other files, while coverage_start_registers()
and __kprobes_test_case() are used from assembler code, and just need
a declaration to avoid a warning with the global definition.
arch/arm/probes/kprobes/checkers-common.c:43:18: error: no previous prototype for 'checker_stack_use_t32strd'
arch/arm/probes/kprobes/core.c:236:16: error: no previous prototype for 'kprobe_handler'
arch/arm/probes/kprobes/test-core.c:723:10: error: no previous prototype for 'coverage_start_registers'
arch/arm/probes/kprobes/test-core.c:918:14: error: no previous prototype for '__kprobes_test_case_start'
arch/arm/probes/kprobes/test-core.c:952:14: error: no previous prototype for '__kprobes_test_case_end_16'
arch/arm/probes/kprobes/test-core.c:967:14: error: no previous prototype for '__kprobes_test_case_end_32'
Fixes: 6624cf651f1a ("ARM: kprobes: collects stack consumption for store instructions")
Fixes: 454f3e132d05 ("ARM/kprobes: Remove jprobe arm implementation")
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/probes/kprobes/checkers-common.c | 2 +-
arch/arm/probes/kprobes/core.c | 2 +-
arch/arm/probes/kprobes/opt-arm.c | 2 --
arch/arm/probes/kprobes/test-core.c | 2 +-
arch/arm/probes/kprobes/test-core.h | 4 ++++
5 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/arm/probes/kprobes/checkers-common.c b/arch/arm/probes/kprobes/checkers-common.c
index 971119c294741..aa10e5e46ebb2 100644
--- a/arch/arm/probes/kprobes/checkers-common.c
+++ b/arch/arm/probes/kprobes/checkers-common.c
@@ -48,7 +48,7 @@ enum probes_insn checker_stack_use_imm_0xx(probes_opcode_t insn,
* Different from other insn uses imm8, the real addressing offset of
* STRD in T32 encoding should be imm8 * 4. See ARMARM description.
*/
-enum probes_insn checker_stack_use_t32strd(probes_opcode_t insn,
+static enum probes_insn checker_stack_use_t32strd(probes_opcode_t insn,
struct arch_probes_insn *asi,
const struct decode_header *h)
{
diff --git a/arch/arm/probes/kprobes/core.c b/arch/arm/probes/kprobes/core.c
index 62da8e2211e4b..0a7090a65bcad 100644
--- a/arch/arm/probes/kprobes/core.c
+++ b/arch/arm/probes/kprobes/core.c
@@ -239,7 +239,7 @@ singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
* kprobe, and that level is reserved for user kprobe handlers, so we can't
* risk encountering a new kprobe in an interrupt handler.
*/
-void __kprobes kprobe_handler(struct pt_regs *regs)
+static void __kprobes kprobe_handler(struct pt_regs *regs)
{
struct kprobe *p, *cur;
struct kprobe_ctlblk *kcb;
diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c
index cf08cb7267670..1516c340a0766 100644
--- a/arch/arm/probes/kprobes/opt-arm.c
+++ b/arch/arm/probes/kprobes/opt-arm.c
@@ -158,8 +158,6 @@ __arch_remove_optimized_kprobe(struct optimized_kprobe *op, int dirty)
}
}
-extern void kprobe_handler(struct pt_regs *regs);
-
static void
optimized_callback(struct optimized_kprobe *op, struct pt_regs *regs)
{
diff --git a/arch/arm/probes/kprobes/test-core.c b/arch/arm/probes/kprobes/test-core.c
index cc237fa9b90fb..1c86c5d980c5b 100644
--- a/arch/arm/probes/kprobes/test-core.c
+++ b/arch/arm/probes/kprobes/test-core.c
@@ -723,7 +723,7 @@ static const char coverage_register_lookup[16] = {
[REG_TYPE_NOSPPCX] = COVERAGE_ANY_REG | COVERAGE_SP,
};
-unsigned coverage_start_registers(const struct decode_header *h)
+static unsigned coverage_start_registers(const struct decode_header *h)
{
unsigned regs = 0;
int i;
diff --git a/arch/arm/probes/kprobes/test-core.h b/arch/arm/probes/kprobes/test-core.h
index 94285203e9f74..459ebda077139 100644
--- a/arch/arm/probes/kprobes/test-core.h
+++ b/arch/arm/probes/kprobes/test-core.h
@@ -456,3 +456,7 @@ void kprobe_thumb32_test_cases(void);
#else
void kprobe_arm_test_cases(void);
#endif
+
+void __kprobes_test_case_start(void);
+void __kprobes_test_case_end_16(void);
+void __kprobes_test_case_end_32(void);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 020/323] evm: Complete description of evm_inode_setattr()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 019/323] ARM: 9303/1: kprobes: avoid missing-declaration warnings Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 021/323] wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation Greg Kroah-Hartman
` (306 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roberto Sassu, Stefan Berger,
Mimi Zohar, Sasha Levin
From: Roberto Sassu <roberto.sassu@huawei.com>
[ Upstream commit b1de86d4248b273cb12c4cd7d20c08d459519f7d ]
Add the description for missing parameters of evm_inode_setattr() to
avoid the warning arising with W=n compile option.
Fixes: 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm") # v3.2+
Fixes: c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") # v6.3+
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/evm/evm_main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 6d1efe1359f17..9c036a41e7347 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -474,7 +474,9 @@ void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
/**
* evm_inode_setattr - prevent updating an invalid EVM extended attribute
+ * @idmap: idmap of the mount
* @dentry: pointer to the affected dentry
+ * @attr: iattr structure containing the new file attributes
*
* Permit update of file attributes when files have a valid EVM signature,
* except in the case of them having an immutable portable signature.
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 021/323] wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 020/323] evm: Complete description of evm_inode_setattr() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 022/323] wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx Greg Kroah-Hartman
` (305 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gregg Wonderly, Peter Seiderer,
Toke Høiland-Jørgensen, Simon Horman, Kalle Valo,
Sasha Levin
From: Peter Seiderer <ps.report@gmx.net>
[ Upstream commit 3e56c80931c7615250fe4bf83f93b57881969266 ]
Fix ath9k_hw_verify_hang()/ar9003_hw_detect_mac_hang() register offset
calculation (do not overflow the shift for the second register/queues
above five, use the register layout described in the comments above
ath9k_hw_verify_hang() instead).
Fixes: 222e04830ff0 ("ath9k: Fix MAC HW hang check for AR9003")
Reported-by: Gregg Wonderly <greggwonderly@seqtechllc.com>
Link: https://lore.kernel.org/linux-wireless/E3A9C354-0CB7-420C-ADEF-F0177FB722F4@seqtechllc.com/
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230422212423.26065-1-ps.report@gmx.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/ar9003_hw.c | 27 ++++++++++++++--------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_hw.c b/drivers/net/wireless/ath/ath9k/ar9003_hw.c
index 2fe12b0de5b4f..dea8a998fb622 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_hw.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_hw.c
@@ -1099,17 +1099,22 @@ static bool ath9k_hw_verify_hang(struct ath_hw *ah, unsigned int queue)
{
u32 dma_dbg_chain, dma_dbg_complete;
u8 dcu_chain_state, dcu_complete_state;
+ unsigned int dbg_reg, reg_offset;
int i;
- for (i = 0; i < NUM_STATUS_READS; i++) {
- if (queue < 6)
- dma_dbg_chain = REG_READ(ah, AR_DMADBG_4);
- else
- dma_dbg_chain = REG_READ(ah, AR_DMADBG_5);
+ if (queue < 6) {
+ dbg_reg = AR_DMADBG_4;
+ reg_offset = queue * 5;
+ } else {
+ dbg_reg = AR_DMADBG_5;
+ reg_offset = (queue - 6) * 5;
+ }
+ for (i = 0; i < NUM_STATUS_READS; i++) {
+ dma_dbg_chain = REG_READ(ah, dbg_reg);
dma_dbg_complete = REG_READ(ah, AR_DMADBG_6);
- dcu_chain_state = (dma_dbg_chain >> (5 * queue)) & 0x1f;
+ dcu_chain_state = (dma_dbg_chain >> reg_offset) & 0x1f;
dcu_complete_state = dma_dbg_complete & 0x3;
if ((dcu_chain_state != 0x6) || (dcu_complete_state != 0x1))
@@ -1128,6 +1133,7 @@ static bool ar9003_hw_detect_mac_hang(struct ath_hw *ah)
u8 dcu_chain_state, dcu_complete_state;
bool dcu_wait_frdone = false;
unsigned long chk_dcu = 0;
+ unsigned int reg_offset;
unsigned int i = 0;
dma_dbg_4 = REG_READ(ah, AR_DMADBG_4);
@@ -1139,12 +1145,15 @@ static bool ar9003_hw_detect_mac_hang(struct ath_hw *ah)
goto exit;
for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) {
- if (i < 6)
+ if (i < 6) {
chk_dbg = dma_dbg_4;
- else
+ reg_offset = i * 5;
+ } else {
chk_dbg = dma_dbg_5;
+ reg_offset = (i - 6) * 5;
+ }
- dcu_chain_state = (chk_dbg >> (5 * i)) & 0x1f;
+ dcu_chain_state = (chk_dbg >> reg_offset) & 0x1f;
if (dcu_chain_state == 0x6) {
dcu_wait_frdone = true;
chk_dcu |= BIT(i);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 022/323] wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 021/323] wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 023/323] samples/bpf: Fix buffer overflow in tcp_basertt Greg Kroah-Hartman
` (304 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin,
syzbot+f2cb6e0ffdb961921e4d
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit f24292e827088bba8de7158501ac25a59b064953 ]
For the reasons also described in commit b383e8abed41 ("wifi: ath9k: avoid
uninit memory read in ath9k_htc_rx_msg()"), ath9k_htc_rx_msg() should
validate pkt_len before accessing the SKB.
For example, the obtained SKB may have been badly constructed with
pkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr
but after being processed in ath9k_htc_rx_msg() and passed to
ath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI
command header which should be located inside its data payload.
Implement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit
memory can be referenced.
Tested on Qualcomm Atheros Communications AR9271 802.11n .
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Reported-and-tested-by: syzbot+f2cb6e0ffdb961921e4d@syzkaller.appspotmail.com
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230424183348.111355-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/wmi.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/wireless/ath/ath9k/wmi.c b/drivers/net/wireless/ath/ath9k/wmi.c
index e4ea6f5cc78ab..5e2a610df61cf 100644
--- a/drivers/net/wireless/ath/ath9k/wmi.c
+++ b/drivers/net/wireless/ath/ath9k/wmi.c
@@ -218,6 +218,10 @@ static void ath9k_wmi_ctrl_rx(void *priv, struct sk_buff *skb,
if (unlikely(wmi->stopped))
goto free_skb;
+ /* Validate the obtained SKB. */
+ if (unlikely(skb->len < sizeof(struct wmi_cmd_hdr)))
+ goto free_skb;
+
hdr = (struct wmi_cmd_hdr *) skb->data;
cmd_id = be16_to_cpu(hdr->command_id);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 023/323] samples/bpf: Fix buffer overflow in tcp_basertt
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 022/323] wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 024/323] wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() Greg Kroah-Hartman
` (303 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Pengcheng Yang, Alexei Starovoitov,
Sasha Levin
From: Pengcheng Yang <yangpc@wangsu.com>
[ Upstream commit f4dea9689c5fea3d07170c2cb0703e216f1a0922 ]
Using sizeof(nv) or strlen(nv)+1 is correct.
Fixes: c890063e4404 ("bpf: sample BPF_SOCKET_OPS_BASE_RTT program")
Signed-off-by: Pengcheng Yang <yangpc@wangsu.com>
Link: https://lore.kernel.org/r/1683276658-2860-1-git-send-email-yangpc@wangsu.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
samples/bpf/tcp_basertt_kern.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/samples/bpf/tcp_basertt_kern.c b/samples/bpf/tcp_basertt_kern.c
index 4bf4fc597db9a..653d233714ad0 100644
--- a/samples/bpf/tcp_basertt_kern.c
+++ b/samples/bpf/tcp_basertt_kern.c
@@ -54,7 +54,7 @@ int bpf_basertt(struct bpf_sock_ops *skops)
case BPF_SOCK_OPS_BASE_RTT:
n = bpf_getsockopt(skops, SOL_TCP, TCP_CONGESTION,
cong, sizeof(cong));
- if (!n && !__builtin_memcmp(cong, nv, sizeof(nv)+1)) {
+ if (!n && !__builtin_memcmp(cong, nv, sizeof(nv))) {
/* Set base_rtt to 80us */
rv = 80;
} else if (n) {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 024/323] wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 023/323] samples/bpf: Fix buffer overflow in tcp_basertt Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 025/323] nfc: constify several pointers to u8, char and sk_buff Greg Kroah-Hartman
` (302 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Simon Horman,
Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit d9aef04fcfa81ee4fb2804a21a3712b7bbd936af ]
The type of "mwifiex_adapter->nd_info" is "struct cfg80211_wowlan_nd_info",
not "struct cfg80211_wowlan_nd_match".
Use struct_size() to ease the computation of the needed size.
The current code over-allocates some memory, so is safe.
But it wastes 32 bytes.
Fixes: 7d7f07d8c5d3 ("mwifiex: add wowlan net-detect support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/7a6074fb056d2181e058a3cc6048d8155c20aec7.1683371982.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/scan.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index c9f6cd2919699..4f0e78ae3dbd0 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -2208,9 +2208,9 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv,
if (nd_config) {
adapter->nd_info =
- kzalloc(sizeof(struct cfg80211_wowlan_nd_match) +
- sizeof(struct cfg80211_wowlan_nd_match *) *
- scan_rsp->number_of_sets, GFP_ATOMIC);
+ kzalloc(struct_size(adapter->nd_info, matches,
+ scan_rsp->number_of_sets),
+ GFP_ATOMIC);
if (adapter->nd_info)
adapter->nd_info->n_matches = scan_rsp->number_of_sets;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 025/323] nfc: constify several pointers to u8, char and sk_buff
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 024/323] wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 026/323] nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Greg Kroah-Hartman
` (301 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Jakub Kicinski,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
[ Upstream commit 3df40eb3a2ea58bf404a38f15a7a2768e4762cb0 ]
Several functions receive pointers to u8, char or sk_buff but do not
modify the contents so make them const. This allows doing the same for
local variables and in total makes the code a little bit safer.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 0d9b41daa590 ("nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/nfc/nfc.h | 4 ++--
net/nfc/core.c | 4 ++--
net/nfc/hci/llc_shdlc.c | 10 ++++-----
net/nfc/llcp.h | 8 +++----
net/nfc/llcp_commands.c | 46 ++++++++++++++++++++++-------------------
net/nfc/llcp_core.c | 44 +++++++++++++++++++++------------------
net/nfc/nfc.h | 2 +-
7 files changed, 63 insertions(+), 55 deletions(-)
diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h
index bbdc73a3239df..8b86560b5cfb1 100644
--- a/include/net/nfc/nfc.h
+++ b/include/net/nfc/nfc.h
@@ -278,7 +278,7 @@ struct sk_buff *nfc_alloc_send_skb(struct nfc_dev *dev, struct sock *sk,
struct sk_buff *nfc_alloc_recv_skb(unsigned int size, gfp_t gfp);
int nfc_set_remote_general_bytes(struct nfc_dev *dev,
- u8 *gt, u8 gt_len);
+ const u8 *gt, u8 gt_len);
u8 *nfc_get_local_general_bytes(struct nfc_dev *dev, size_t *gb_len);
int nfc_fw_download_done(struct nfc_dev *dev, const char *firmware_name,
@@ -292,7 +292,7 @@ int nfc_dep_link_is_up(struct nfc_dev *dev, u32 target_idx,
u8 comm_mode, u8 rf_mode);
int nfc_tm_activated(struct nfc_dev *dev, u32 protocol, u8 comm_mode,
- u8 *gb, size_t gb_len);
+ const u8 *gb, size_t gb_len);
int nfc_tm_deactivated(struct nfc_dev *dev);
int nfc_tm_data_received(struct nfc_dev *dev, struct sk_buff *skb);
diff --git a/net/nfc/core.c b/net/nfc/core.c
index a84f824da051d..dd12ee46ac730 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -646,7 +646,7 @@ int nfc_disable_se(struct nfc_dev *dev, u32 se_idx)
return rc;
}
-int nfc_set_remote_general_bytes(struct nfc_dev *dev, u8 *gb, u8 gb_len)
+int nfc_set_remote_general_bytes(struct nfc_dev *dev, const u8 *gb, u8 gb_len)
{
pr_debug("dev_name=%s gb_len=%d\n", dev_name(&dev->dev), gb_len);
@@ -675,7 +675,7 @@ int nfc_tm_data_received(struct nfc_dev *dev, struct sk_buff *skb)
EXPORT_SYMBOL(nfc_tm_data_received);
int nfc_tm_activated(struct nfc_dev *dev, u32 protocol, u8 comm_mode,
- u8 *gb, size_t gb_len)
+ const u8 *gb, size_t gb_len)
{
int rc;
diff --git a/net/nfc/hci/llc_shdlc.c b/net/nfc/hci/llc_shdlc.c
index fe988936ad923..e6863c71f566d 100644
--- a/net/nfc/hci/llc_shdlc.c
+++ b/net/nfc/hci/llc_shdlc.c
@@ -134,7 +134,7 @@ static bool llc_shdlc_x_lteq_y_lt_z(int x, int y, int z)
return ((y >= x) || (y < z)) ? true : false;
}
-static struct sk_buff *llc_shdlc_alloc_skb(struct llc_shdlc *shdlc,
+static struct sk_buff *llc_shdlc_alloc_skb(const struct llc_shdlc *shdlc,
int payload_len)
{
struct sk_buff *skb;
@@ -148,7 +148,7 @@ static struct sk_buff *llc_shdlc_alloc_skb(struct llc_shdlc *shdlc,
}
/* immediately sends an S frame. */
-static int llc_shdlc_send_s_frame(struct llc_shdlc *shdlc,
+static int llc_shdlc_send_s_frame(const struct llc_shdlc *shdlc,
enum sframe_type sframe_type, int nr)
{
int r;
@@ -170,7 +170,7 @@ static int llc_shdlc_send_s_frame(struct llc_shdlc *shdlc,
}
/* immediately sends an U frame. skb may contain optional payload */
-static int llc_shdlc_send_u_frame(struct llc_shdlc *shdlc,
+static int llc_shdlc_send_u_frame(const struct llc_shdlc *shdlc,
struct sk_buff *skb,
enum uframe_modifier uframe_modifier)
{
@@ -372,7 +372,7 @@ static void llc_shdlc_connect_complete(struct llc_shdlc *shdlc, int r)
wake_up(shdlc->connect_wq);
}
-static int llc_shdlc_connect_initiate(struct llc_shdlc *shdlc)
+static int llc_shdlc_connect_initiate(const struct llc_shdlc *shdlc)
{
struct sk_buff *skb;
@@ -388,7 +388,7 @@ static int llc_shdlc_connect_initiate(struct llc_shdlc *shdlc)
return llc_shdlc_send_u_frame(shdlc, skb, U_FRAME_RSET);
}
-static int llc_shdlc_connect_send_ua(struct llc_shdlc *shdlc)
+static int llc_shdlc_connect_send_ua(const struct llc_shdlc *shdlc)
{
struct sk_buff *skb;
diff --git a/net/nfc/llcp.h b/net/nfc/llcp.h
index 1f68724d44d3b..a070a57fc1516 100644
--- a/net/nfc/llcp.h
+++ b/net/nfc/llcp.h
@@ -233,15 +233,15 @@ struct sock *nfc_llcp_accept_dequeue(struct sock *sk, struct socket *newsock);
/* TLV API */
int nfc_llcp_parse_gb_tlv(struct nfc_llcp_local *local,
- u8 *tlv_array, u16 tlv_array_len);
+ const u8 *tlv_array, u16 tlv_array_len);
int nfc_llcp_parse_connection_tlv(struct nfc_llcp_sock *sock,
- u8 *tlv_array, u16 tlv_array_len);
+ const u8 *tlv_array, u16 tlv_array_len);
/* Commands API */
void nfc_llcp_recv(void *data, struct sk_buff *skb, int err);
-u8 *nfc_llcp_build_tlv(u8 type, u8 *value, u8 value_length, u8 *tlv_length);
+u8 *nfc_llcp_build_tlv(u8 type, const u8 *value, u8 value_length, u8 *tlv_length);
struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdres_tlv(u8 tid, u8 sap);
-struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdreq_tlv(u8 tid, char *uri,
+struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdreq_tlv(u8 tid, const char *uri,
size_t uri_len);
void nfc_llcp_free_sdp_tlv(struct nfc_llcp_sdp_tlv *sdp);
void nfc_llcp_free_sdp_tlv_list(struct hlist_head *sdp_head);
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index d1fc019e932e0..6dcad7bcf20bb 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -27,7 +27,7 @@
#include "nfc.h"
#include "llcp.h"
-static u8 llcp_tlv_length[LLCP_TLV_MAX] = {
+static const u8 llcp_tlv_length[LLCP_TLV_MAX] = {
0,
1, /* VERSION */
2, /* MIUX */
@@ -41,7 +41,7 @@ static u8 llcp_tlv_length[LLCP_TLV_MAX] = {
};
-static u8 llcp_tlv8(u8 *tlv, u8 type)
+static u8 llcp_tlv8(const u8 *tlv, u8 type)
{
if (tlv[0] != type || tlv[1] != llcp_tlv_length[tlv[0]])
return 0;
@@ -49,7 +49,7 @@ static u8 llcp_tlv8(u8 *tlv, u8 type)
return tlv[2];
}
-static u16 llcp_tlv16(u8 *tlv, u8 type)
+static u16 llcp_tlv16(const u8 *tlv, u8 type)
{
if (tlv[0] != type || tlv[1] != llcp_tlv_length[tlv[0]])
return 0;
@@ -58,37 +58,37 @@ static u16 llcp_tlv16(u8 *tlv, u8 type)
}
-static u8 llcp_tlv_version(u8 *tlv)
+static u8 llcp_tlv_version(const u8 *tlv)
{
return llcp_tlv8(tlv, LLCP_TLV_VERSION);
}
-static u16 llcp_tlv_miux(u8 *tlv)
+static u16 llcp_tlv_miux(const u8 *tlv)
{
return llcp_tlv16(tlv, LLCP_TLV_MIUX) & 0x7ff;
}
-static u16 llcp_tlv_wks(u8 *tlv)
+static u16 llcp_tlv_wks(const u8 *tlv)
{
return llcp_tlv16(tlv, LLCP_TLV_WKS);
}
-static u16 llcp_tlv_lto(u8 *tlv)
+static u16 llcp_tlv_lto(const u8 *tlv)
{
return llcp_tlv8(tlv, LLCP_TLV_LTO);
}
-static u8 llcp_tlv_opt(u8 *tlv)
+static u8 llcp_tlv_opt(const u8 *tlv)
{
return llcp_tlv8(tlv, LLCP_TLV_OPT);
}
-static u8 llcp_tlv_rw(u8 *tlv)
+static u8 llcp_tlv_rw(const u8 *tlv)
{
return llcp_tlv8(tlv, LLCP_TLV_RW) & 0xf;
}
-u8 *nfc_llcp_build_tlv(u8 type, u8 *value, u8 value_length, u8 *tlv_length)
+u8 *nfc_llcp_build_tlv(u8 type, const u8 *value, u8 value_length, u8 *tlv_length)
{
u8 *tlv, length;
@@ -142,7 +142,7 @@ struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdres_tlv(u8 tid, u8 sap)
return sdres;
}
-struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdreq_tlv(u8 tid, char *uri,
+struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdreq_tlv(u8 tid, const char *uri,
size_t uri_len)
{
struct nfc_llcp_sdp_tlv *sdreq;
@@ -202,9 +202,10 @@ void nfc_llcp_free_sdp_tlv_list(struct hlist_head *head)
}
int nfc_llcp_parse_gb_tlv(struct nfc_llcp_local *local,
- u8 *tlv_array, u16 tlv_array_len)
+ const u8 *tlv_array, u16 tlv_array_len)
{
- u8 *tlv = tlv_array, type, length, offset = 0;
+ const u8 *tlv = tlv_array;
+ u8 type, length, offset = 0;
pr_debug("TLV array length %d\n", tlv_array_len);
@@ -251,9 +252,10 @@ int nfc_llcp_parse_gb_tlv(struct nfc_llcp_local *local,
}
int nfc_llcp_parse_connection_tlv(struct nfc_llcp_sock *sock,
- u8 *tlv_array, u16 tlv_array_len)
+ const u8 *tlv_array, u16 tlv_array_len)
{
- u8 *tlv = tlv_array, type, length, offset = 0;
+ const u8 *tlv = tlv_array;
+ u8 type, length, offset = 0;
pr_debug("TLV array length %d\n", tlv_array_len);
@@ -307,7 +309,7 @@ static struct sk_buff *llcp_add_header(struct sk_buff *pdu,
return pdu;
}
-static struct sk_buff *llcp_add_tlv(struct sk_buff *pdu, u8 *tlv,
+static struct sk_buff *llcp_add_tlv(struct sk_buff *pdu, const u8 *tlv,
u8 tlv_length)
{
/* XXX Add an skb length check */
@@ -401,9 +403,10 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
{
struct nfc_llcp_local *local;
struct sk_buff *skb;
- u8 *service_name_tlv = NULL, service_name_tlv_length;
- u8 *miux_tlv = NULL, miux_tlv_length;
- u8 *rw_tlv = NULL, rw_tlv_length, rw;
+ const u8 *service_name_tlv = NULL;
+ const u8 *miux_tlv = NULL;
+ const u8 *rw_tlv = NULL;
+ u8 service_name_tlv_length, miux_tlv_length, rw_tlv_length, rw;
int err;
u16 size = 0;
__be16 miux;
@@ -477,8 +480,9 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock)
{
struct nfc_llcp_local *local;
struct sk_buff *skb;
- u8 *miux_tlv = NULL, miux_tlv_length;
- u8 *rw_tlv = NULL, rw_tlv_length, rw;
+ const u8 *miux_tlv = NULL;
+ const u8 *rw_tlv = NULL;
+ u8 miux_tlv_length, rw_tlv_length, rw;
int err;
u16 size = 0;
__be16 miux;
diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c
index 3290f2275b857..bdc1a9d0965af 100644
--- a/net/nfc/llcp_core.c
+++ b/net/nfc/llcp_core.c
@@ -314,7 +314,7 @@ static char *wks[] = {
"urn:nfc:sn:snep",
};
-static int nfc_llcp_wks_sap(char *service_name, size_t service_name_len)
+static int nfc_llcp_wks_sap(const char *service_name, size_t service_name_len)
{
int sap, num_wks;
@@ -338,7 +338,7 @@ static int nfc_llcp_wks_sap(char *service_name, size_t service_name_len)
static
struct nfc_llcp_sock *nfc_llcp_sock_from_sn(struct nfc_llcp_local *local,
- u8 *sn, size_t sn_len)
+ const u8 *sn, size_t sn_len)
{
struct sock *sk;
struct nfc_llcp_sock *llcp_sock, *tmp_sock;
@@ -535,7 +535,7 @@ static int nfc_llcp_build_gb(struct nfc_llcp_local *local)
{
u8 *gb_cur, version, version_length;
u8 lto_length, wks_length, miux_length;
- u8 *version_tlv = NULL, *lto_tlv = NULL,
+ const u8 *version_tlv = NULL, *lto_tlv = NULL,
*wks_tlv = NULL, *miux_tlv = NULL;
__be16 wks = cpu_to_be16(local->local_wks);
u8 gb_len = 0;
@@ -625,7 +625,7 @@ u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len)
return local->gb;
}
-int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len)
+int nfc_llcp_set_remote_gb(struct nfc_dev *dev, const u8 *gb, u8 gb_len)
{
struct nfc_llcp_local *local;
@@ -652,27 +652,27 @@ int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len)
local->remote_gb_len - 3);
}
-static u8 nfc_llcp_dsap(struct sk_buff *pdu)
+static u8 nfc_llcp_dsap(const struct sk_buff *pdu)
{
return (pdu->data[0] & 0xfc) >> 2;
}
-static u8 nfc_llcp_ptype(struct sk_buff *pdu)
+static u8 nfc_llcp_ptype(const struct sk_buff *pdu)
{
return ((pdu->data[0] & 0x03) << 2) | ((pdu->data[1] & 0xc0) >> 6);
}
-static u8 nfc_llcp_ssap(struct sk_buff *pdu)
+static u8 nfc_llcp_ssap(const struct sk_buff *pdu)
{
return pdu->data[1] & 0x3f;
}
-static u8 nfc_llcp_ns(struct sk_buff *pdu)
+static u8 nfc_llcp_ns(const struct sk_buff *pdu)
{
return pdu->data[2] >> 4;
}
-static u8 nfc_llcp_nr(struct sk_buff *pdu)
+static u8 nfc_llcp_nr(const struct sk_buff *pdu)
{
return pdu->data[2] & 0xf;
}
@@ -814,7 +814,7 @@ static struct nfc_llcp_sock *nfc_llcp_connecting_sock_get(struct nfc_llcp_local
}
static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local,
- u8 *sn, size_t sn_len)
+ const u8 *sn, size_t sn_len)
{
struct nfc_llcp_sock *llcp_sock;
@@ -828,9 +828,10 @@ static struct nfc_llcp_sock *nfc_llcp_sock_get_sn(struct nfc_llcp_local *local,
return llcp_sock;
}
-static u8 *nfc_llcp_connect_sn(struct sk_buff *skb, size_t *sn_len)
+static const u8 *nfc_llcp_connect_sn(const struct sk_buff *skb, size_t *sn_len)
{
- u8 *tlv = &skb->data[2], type, length;
+ u8 type, length;
+ const u8 *tlv = &skb->data[2];
size_t tlv_array_len = skb->len - LLCP_HEADER_SIZE, offset = 0;
while (offset < tlv_array_len) {
@@ -888,7 +889,7 @@ static void nfc_llcp_recv_ui(struct nfc_llcp_local *local,
}
static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
- struct sk_buff *skb)
+ const struct sk_buff *skb)
{
struct sock *new_sk, *parent;
struct nfc_llcp_sock *sock, *new_sock;
@@ -906,7 +907,7 @@ static void nfc_llcp_recv_connect(struct nfc_llcp_local *local,
goto fail;
}
} else {
- u8 *sn;
+ const u8 *sn;
size_t sn_len;
sn = nfc_llcp_connect_sn(skb, &sn_len);
@@ -1125,7 +1126,7 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local *local,
}
static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
- struct sk_buff *skb)
+ const struct sk_buff *skb)
{
struct nfc_llcp_sock *llcp_sock;
struct sock *sk;
@@ -1168,7 +1169,8 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
nfc_llcp_sock_put(llcp_sock);
}
-static void nfc_llcp_recv_cc(struct nfc_llcp_local *local, struct sk_buff *skb)
+static void nfc_llcp_recv_cc(struct nfc_llcp_local *local,
+ const struct sk_buff *skb)
{
struct nfc_llcp_sock *llcp_sock;
struct sock *sk;
@@ -1201,7 +1203,8 @@ static void nfc_llcp_recv_cc(struct nfc_llcp_local *local, struct sk_buff *skb)
nfc_llcp_sock_put(llcp_sock);
}
-static void nfc_llcp_recv_dm(struct nfc_llcp_local *local, struct sk_buff *skb)
+static void nfc_llcp_recv_dm(struct nfc_llcp_local *local,
+ const struct sk_buff *skb)
{
struct nfc_llcp_sock *llcp_sock;
struct sock *sk;
@@ -1239,12 +1242,13 @@ static void nfc_llcp_recv_dm(struct nfc_llcp_local *local, struct sk_buff *skb)
}
static void nfc_llcp_recv_snl(struct nfc_llcp_local *local,
- struct sk_buff *skb)
+ const struct sk_buff *skb)
{
struct nfc_llcp_sock *llcp_sock;
- u8 dsap, ssap, *tlv, type, length, tid, sap;
+ u8 dsap, ssap, type, length, tid, sap;
+ const u8 *tlv;
u16 tlv_len, offset;
- char *service_name;
+ const char *service_name;
size_t service_name_len;
struct nfc_llcp_sdp_tlv *sdp;
HLIST_HEAD(llc_sdres_list);
diff --git a/net/nfc/nfc.h b/net/nfc/nfc.h
index 6c6f76b370b1e..c792165f523f1 100644
--- a/net/nfc/nfc.h
+++ b/net/nfc/nfc.h
@@ -60,7 +60,7 @@ void nfc_llcp_mac_is_up(struct nfc_dev *dev, u32 target_idx,
u8 comm_mode, u8 rf_mode);
int nfc_llcp_register_device(struct nfc_dev *dev);
void nfc_llcp_unregister_device(struct nfc_dev *dev);
-int nfc_llcp_set_remote_gb(struct nfc_dev *dev, u8 *gb, u8 gb_len);
+int nfc_llcp_set_remote_gb(struct nfc_dev *dev, const u8 *gb, u8 gb_len);
u8 *nfc_llcp_general_bytes(struct nfc_dev *dev, size_t *general_bytes_len);
int nfc_llcp_data_received(struct nfc_dev *dev, struct sk_buff *skb);
struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 026/323] nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 025/323] nfc: constify several pointers to u8, char and sk_buff Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 027/323] wifi: orinoco: Fix an error handling path in spectrum_cs_probe() Greg Kroah-Hartman
` (300 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, David S. Miller,
Sasha Levin
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 0d9b41daa5907756a31772d8af8ac5ff25cf17c1 ]
If sock->service_name is NULL, the local variable
service_name_tlv_length will not be assigned by nfc_llcp_build_tlv(),
later leading to using value frmo the stack. Smatch warning:
net/nfc/llcp_commands.c:442 nfc_llcp_send_connect() error: uninitialized symbol 'service_name_tlv_length'.
Fixes: de9e5aeb4f40 ("NFC: llcp: Fix usage of llcp_add_tlv()")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/nfc/llcp_commands.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index 6dcad7bcf20bb..737c7aa384f44 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -406,7 +406,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
const u8 *service_name_tlv = NULL;
const u8 *miux_tlv = NULL;
const u8 *rw_tlv = NULL;
- u8 service_name_tlv_length, miux_tlv_length, rw_tlv_length, rw;
+ u8 service_name_tlv_length = 0;
+ u8 miux_tlv_length, rw_tlv_length, rw;
int err;
u16 size = 0;
__be16 miux;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 027/323] wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 026/323] nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 028/323] wifi: orinoco: Fix an error handling path in orinoco_cs_probe() Greg Kroah-Hartman
` (299 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Simon Horman,
Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 925244325159824385209e3e0e3f91fa6bf0646c ]
Should spectrum_cs_config() fail, some resources need to be released as
already done in the remove function.
While at it, remove a useless and erroneous comment. The probe is
spectrum_cs_probe(), not spectrum_cs_attach().
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/c0bc0c21c58ca477fc5521607615bafbf2aef8eb.1684567733.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intersil/orinoco/spectrum_cs.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intersil/orinoco/spectrum_cs.c b/drivers/net/wireless/intersil/orinoco/spectrum_cs.c
index b60048c95e0a8..011c86e55923e 100644
--- a/drivers/net/wireless/intersil/orinoco/spectrum_cs.c
+++ b/drivers/net/wireless/intersil/orinoco/spectrum_cs.c
@@ -157,6 +157,7 @@ spectrum_cs_probe(struct pcmcia_device *link)
{
struct orinoco_private *priv;
struct orinoco_pccard *card;
+ int ret;
priv = alloc_orinocodev(sizeof(*card), &link->dev,
spectrum_cs_hard_reset,
@@ -169,8 +170,16 @@ spectrum_cs_probe(struct pcmcia_device *link)
card->p_dev = link;
link->priv = priv;
- return spectrum_cs_config(link);
-} /* spectrum_cs_attach */
+ ret = spectrum_cs_config(link);
+ if (ret)
+ goto err_free_orinocodev;
+
+ return 0;
+
+err_free_orinocodev:
+ free_orinocodev(priv);
+ return ret;
+}
static void spectrum_cs_detach(struct pcmcia_device *link)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 028/323] wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 027/323] wifi: orinoco: Fix an error handling path in spectrum_cs_probe() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 029/323] wifi: atmel: Fix an error handling path in atmel_probe() Greg Kroah-Hartman
` (298 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Kalle Valo,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 67a81d911c01225f426cc6bee2373df044c1a9b7 ]
Should orinoco_cs_config() fail, some resources need to be released as
already done in the remove function.
While at it, remove a useless and erroneous comment. The probe is
orinoco_cs_probe(), not orinoco_cs_attach().
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/e24735ce4d82901d5f7ea08419eea53bfdde3d65.1684568286.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intersil/orinoco/orinoco_cs.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_cs.c b/drivers/net/wireless/intersil/orinoco/orinoco_cs.c
index a956f965a1e5e..03bfd2482656c 100644
--- a/drivers/net/wireless/intersil/orinoco/orinoco_cs.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_cs.c
@@ -96,6 +96,7 @@ orinoco_cs_probe(struct pcmcia_device *link)
{
struct orinoco_private *priv;
struct orinoco_pccard *card;
+ int ret;
priv = alloc_orinocodev(sizeof(*card), &link->dev,
orinoco_cs_hard_reset, NULL);
@@ -107,8 +108,16 @@ orinoco_cs_probe(struct pcmcia_device *link)
card->p_dev = link;
link->priv = priv;
- return orinoco_cs_config(link);
-} /* orinoco_cs_attach */
+ ret = orinoco_cs_config(link);
+ if (ret)
+ goto err_free_orinocodev;
+
+ return 0;
+
+err_free_orinocodev:
+ free_orinocodev(priv);
+ return ret;
+}
static void orinoco_cs_detach(struct pcmcia_device *link)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 029/323] wifi: atmel: Fix an error handling path in atmel_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 028/323] wifi: orinoco: Fix an error handling path in orinoco_cs_probe() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 030/323] wl3501_cs: Fix a bunch of formatting issues related to function docs Greg Kroah-Hartman
` (297 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Simon Horman,
Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 6b92e4351a29af52c285fe235e6e4d1a75de04b2 ]
Should atmel_config() fail, some resources need to be released as already
done in the remove function.
While at it, remove a useless and erroneous comment. The probe is
atmel_probe(), not atmel_attach().
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/1e65f174607a83348034197fa7d603bab10ba4a9.1684569156.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/atmel/atmel_cs.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/atmel/atmel_cs.c b/drivers/net/wireless/atmel/atmel_cs.c
index 7afc9c5329fb1..f5fa1a95b0c15 100644
--- a/drivers/net/wireless/atmel/atmel_cs.c
+++ b/drivers/net/wireless/atmel/atmel_cs.c
@@ -73,6 +73,7 @@ struct local_info {
static int atmel_probe(struct pcmcia_device *p_dev)
{
struct local_info *local;
+ int ret;
dev_dbg(&p_dev->dev, "atmel_attach()\n");
@@ -83,8 +84,16 @@ static int atmel_probe(struct pcmcia_device *p_dev)
p_dev->priv = local;
- return atmel_config(p_dev);
-} /* atmel_attach */
+ ret = atmel_config(p_dev);
+ if (ret)
+ goto err_free_priv;
+
+ return 0;
+
+err_free_priv:
+ kfree(p_dev->priv);
+ return ret;
+}
static void atmel_detach(struct pcmcia_device *link)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 030/323] wl3501_cs: Fix a bunch of formatting issues related to function docs
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 029/323] wifi: atmel: Fix an error handling path in atmel_probe() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 031/323] wl3501_cs: Remove unnecessary NULL check Greg Kroah-Hartman
` (296 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kalle Valo, David S. Miller,
Jakub Kicinski, Fox Chen, de Melo, Gustavo Niemeyer,
linux-wireless, netdev, Lee Jones, Sasha Levin
From: Lee Jones <lee.jones@linaro.org>
[ Upstream commit 2307d0bc9d8b60299f255d1771ce0d997162a957 ]
Fixes the following W=1 kernel build warning(s):
In file included from drivers/net/wireless/wl3501_cs.c:57:
drivers/net/wireless/wl3501_cs.c:143: warning: Function parameter or member 'reg_domain' not described in 'iw_valid_channel'
drivers/net/wireless/wl3501_cs.c:143: warning: Function parameter or member 'channel' not described in 'iw_valid_channel'
drivers/net/wireless/wl3501_cs.c:162: warning: Function parameter or member 'reg_domain' not described in 'iw_default_channel'
drivers/net/wireless/wl3501_cs.c:248: warning: Function parameter or member 'this' not described in 'wl3501_set_to_wla'
drivers/net/wireless/wl3501_cs.c:270: warning: Function parameter or member 'this' not described in 'wl3501_get_from_wla'
drivers/net/wireless/wl3501_cs.c:467: warning: Function parameter or member 'this' not described in 'wl3501_send_pkt'
drivers/net/wireless/wl3501_cs.c:467: warning: Function parameter or member 'data' not described in 'wl3501_send_pkt'
drivers/net/wireless/wl3501_cs.c:467: warning: Function parameter or member 'len' not described in 'wl3501_send_pkt'
drivers/net/wireless/wl3501_cs.c:729: warning: Function parameter or member 'this' not described in 'wl3501_block_interrupt'
drivers/net/wireless/wl3501_cs.c:746: warning: Function parameter or member 'this' not described in 'wl3501_unblock_interrupt'
drivers/net/wireless/wl3501_cs.c:1124: warning: Function parameter or member 'irq' not described in 'wl3501_interrupt'
drivers/net/wireless/wl3501_cs.c:1124: warning: Function parameter or member 'dev_id' not described in 'wl3501_interrupt'
drivers/net/wireless/wl3501_cs.c:1257: warning: Function parameter or member 'dev' not described in 'wl3501_reset'
drivers/net/wireless/wl3501_cs.c:1420: warning: Function parameter or member 'link' not described in 'wl3501_detach'
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Fox Chen <mhchen@golf.ccl.itri.org.tw>
Cc: de Melo <acme@conectiva.com.br>
Cc: Gustavo Niemeyer <niemeyer@conectiva.com>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200826093401.1458456-21-lee.jones@linaro.org
Stable-dep-of: 391af06a02e7 ("wifi: wl3501_cs: Fix an error handling path in wl3501_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501_cs.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index cfde9b94b4b60..78c89e6421f97 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -133,8 +133,8 @@ static const struct {
/**
* iw_valid_channel - validate channel in regulatory domain
- * @reg_comain - regulatory domain
- * @channel - channel to validate
+ * @reg_comain: regulatory domain
+ * @channel: channel to validate
*
* Returns 0 if invalid in the specified regulatory domain, non-zero if valid.
*/
@@ -153,7 +153,7 @@ static int iw_valid_channel(int reg_domain, int channel)
/**
* iw_default_channel - get default channel for a regulatory domain
- * @reg_comain - regulatory domain
+ * @reg_domain: regulatory domain
*
* Returns the default channel for a regulatory domain
*/
@@ -236,6 +236,7 @@ static int wl3501_get_flash_mac_addr(struct wl3501_card *this)
/**
* wl3501_set_to_wla - Move 'size' bytes from PC to card
+ * @this: Card
* @dest: Card addressing space
* @src: PC addressing space
* @size: Bytes to move
@@ -258,6 +259,7 @@ static void wl3501_set_to_wla(struct wl3501_card *this, u16 dest, void *src,
/**
* wl3501_get_from_wla - Move 'size' bytes from card to PC
+ * @this: Card
* @src: Card addressing space
* @dest: PC addressing space
* @size: Bytes to move
@@ -454,7 +456,7 @@ static int wl3501_pwr_mgmt(struct wl3501_card *this, int suspend)
/**
* wl3501_send_pkt - Send a packet.
- * @this - card
+ * @this: Card
*
* Send a packet.
*
@@ -722,7 +724,7 @@ static void wl3501_mgmt_scan_confirm(struct wl3501_card *this, u16 addr)
/**
* wl3501_block_interrupt - Mask interrupt from SUTRO
- * @this - card
+ * @this: Card
*
* Mask interrupt from SUTRO. (i.e. SUTRO cannot interrupt the HOST)
* Return: 1 if interrupt is originally enabled
@@ -739,7 +741,7 @@ static int wl3501_block_interrupt(struct wl3501_card *this)
/**
* wl3501_unblock_interrupt - Enable interrupt from SUTRO
- * @this - card
+ * @this: Card
*
* Enable interrupt from SUTRO. (i.e. SUTRO can interrupt the HOST)
* Return: 1 if interrupt is originally enabled
@@ -1113,8 +1115,8 @@ static inline void wl3501_ack_interrupt(struct wl3501_card *this)
/**
* wl3501_interrupt - Hardware interrupt from card.
- * @irq - Interrupt number
- * @dev_id - net_device
+ * @irq: Interrupt number
+ * @dev_id: net_device
*
* We must acknowledge the interrupt as soon as possible, and block the
* interrupt from the same card immediately to prevent re-entry.
@@ -1252,7 +1254,7 @@ static int wl3501_close(struct net_device *dev)
/**
* wl3501_reset - Reset the SUTRO.
- * @dev - network device
+ * @dev: network device
*
* It is almost the same as wl3501_open(). In fact, we may just wl3501_close()
* and wl3501_open() again, but I wouldn't like to free_irq() when the driver
@@ -1415,7 +1417,7 @@ static struct iw_statistics *wl3501_get_wireless_stats(struct net_device *dev)
/**
* wl3501_detach - deletes a driver "instance"
- * @link - FILL_IN
+ * @link: FILL_IN
*
* This deletes a driver "instance". The device is de-registered with Card
* Services. If it has been released, all local data structures are freed.
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 031/323] wl3501_cs: Remove unnecessary NULL check
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 030/323] wl3501_cs: Fix a bunch of formatting issues related to function docs Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 032/323] wl3501_cs: Fix misspelling and provide missing documentation Greg Kroah-Hartman
` (295 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alex Dewar, Kalle Valo, Sasha Levin
From: Alex Dewar <alex.dewar90@gmail.com>
[ Upstream commit 1d2a85382282e7c77cbde5650335c3ffc6073fa1 ]
In wl3501_detach(), link->priv is checked for a NULL value before being
passed to free_netdev(). However, it cannot be NULL at this point as it
has already been passed to other functions, so just remove the check.
Addresses-Coverity: CID 710499: Null pointer dereferences (REVERSE_INULL)
Signed-off-by: Alex Dewar <alex.dewar90@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200926174558.9436-1-alex.dewar90@gmail.com
Stable-dep-of: 391af06a02e7 ("wifi: wl3501_cs: Fix an error handling path in wl3501_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501_cs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 78c89e6421f97..5b2383270627c 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -1438,9 +1438,7 @@ static void wl3501_detach(struct pcmcia_device *link)
wl3501_release(link);
unregister_netdev(dev);
-
- if (link->priv)
- free_netdev(link->priv);
+ free_netdev(dev);
}
static int wl3501_get_name(struct net_device *dev, struct iw_request_info *info,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 032/323] wl3501_cs: Fix misspelling and provide missing documentation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 031/323] wl3501_cs: Remove unnecessary NULL check Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 033/323] net: create netdev->dev_addr assignment helpers Greg Kroah-Hartman
` (294 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kalle Valo, David S. Miller,
Jakub Kicinski, Fox Chen, de Melo, Gustavo Niemeyer,
linux-wireless, netdev, Lee Jones, Sasha Levin
From: Lee Jones <lee.jones@linaro.org>
[ Upstream commit 8b8a6f8c3b50193d161c598a6784e721128d6dc3 ]
Fixes the following W=1 kernel build warning(s):
In file included from drivers/net/wireless/wl3501_cs.c:57:
drivers/net/wireless/wl3501_cs.c:143: warning: Function parameter or member 'reg_domain' not described in 'iw_valid_channel'
drivers/net/wireless/wl3501_cs.c:143: warning: Excess function parameter 'reg_comain' description in 'iw_valid_channel'
drivers/net/wireless/wl3501_cs.c:469: warning: Function parameter or member 'data' not described in 'wl3501_send_pkt'
drivers/net/wireless/wl3501_cs.c:469: warning: Function parameter or member 'len' not described in 'wl3501_send_pkt'
Cc: Kalle Valo <kvalo@codeaurora.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Fox Chen <mhchen@golf.ccl.itri.org.tw>
Cc: de Melo <acme@conectiva.com.br>
Cc: Gustavo Niemeyer <niemeyer@conectiva.com>
Cc: linux-wireless@vger.kernel.org
Cc: netdev@vger.kernel.org
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20201102112410.1049272-25-lee.jones@linaro.org
Stable-dep-of: 391af06a02e7 ("wifi: wl3501_cs: Fix an error handling path in wl3501_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501_cs.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 5b2383270627c..c6d1a320e244f 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -133,7 +133,7 @@ static const struct {
/**
* iw_valid_channel - validate channel in regulatory domain
- * @reg_comain: regulatory domain
+ * @reg_domain: regulatory domain
* @channel: channel to validate
*
* Returns 0 if invalid in the specified regulatory domain, non-zero if valid.
@@ -457,11 +457,9 @@ static int wl3501_pwr_mgmt(struct wl3501_card *this, int suspend)
/**
* wl3501_send_pkt - Send a packet.
* @this: Card
- *
- * Send a packet.
- *
- * data = Ethernet raw frame. (e.g. data[0] - data[5] is Dest MAC Addr,
+ * @data: Ethernet raw frame. (e.g. data[0] - data[5] is Dest MAC Addr,
* data[6] - data[11] is Src MAC Addr)
+ * @len: Packet length
* Ref: IEEE 802.11
*/
static int wl3501_send_pkt(struct wl3501_card *this, u8 *data, u16 len)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 033/323] net: create netdev->dev_addr assignment helpers
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 032/323] wl3501_cs: Fix misspelling and provide missing documentation Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 034/323] wl3501_cs: use eth_hw_addr_set() Greg Kroah-Hartman
` (293 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, David S. Miller,
Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 48eab831ae8b9f7002a533fa4235eed63ea1f1a3 ]
Recent work on converting address list to a tree made it obvious
we need an abstraction around writing netdev->dev_addr. Without
such abstraction updating the main device address is invisible
to the core.
Introduce a number of helpers which for now just wrap memcpy()
but in the future can make necessary changes to the address
tree.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 391af06a02e7 ("wifi: wl3501_cs: Fix an error handling path in wl3501_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/etherdevice.h | 12 ++++++++++++
include/linux/netdevice.h | 18 ++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/include/linux/etherdevice.h b/include/linux/etherdevice.h
index e1e9eff096d05..2932a40060c1d 100644
--- a/include/linux/etherdevice.h
+++ b/include/linux/etherdevice.h
@@ -291,6 +291,18 @@ static inline void ether_addr_copy(u8 *dst, const u8 *src)
#endif
}
+/**
+ * eth_hw_addr_set - Assign Ethernet address to a net_device
+ * @dev: pointer to net_device structure
+ * @addr: address to assign
+ *
+ * Assign given address to the net_device, addr_assign_type is not changed.
+ */
+static inline void eth_hw_addr_set(struct net_device *dev, const u8 *addr)
+{
+ ether_addr_copy(dev->dev_addr, addr);
+}
+
/**
* eth_hw_addr_inherit - Copy dev_addr from another net_device
* @dst: pointer to net_device to copy dev_addr to
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 90827d85265b0..7e9df3854420a 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -4079,6 +4079,24 @@ void __hw_addr_unsync_dev(struct netdev_hw_addr_list *list,
void __hw_addr_init(struct netdev_hw_addr_list *list);
/* Functions used for device addresses handling */
+static inline void
+__dev_addr_set(struct net_device *dev, const u8 *addr, size_t len)
+{
+ memcpy(dev->dev_addr, addr, len);
+}
+
+static inline void dev_addr_set(struct net_device *dev, const u8 *addr)
+{
+ __dev_addr_set(dev, addr, dev->addr_len);
+}
+
+static inline void
+dev_addr_mod(struct net_device *dev, unsigned int offset,
+ const u8 *addr, size_t len)
+{
+ memcpy(&dev->dev_addr[offset], addr, len);
+}
+
int dev_addr_add(struct net_device *dev, const unsigned char *addr,
unsigned char addr_type);
int dev_addr_del(struct net_device *dev, const unsigned char *addr,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 034/323] wl3501_cs: use eth_hw_addr_set()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 033/323] net: create netdev->dev_addr assignment helpers Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 035/323] wifi: wl3501_cs: Fix an error handling path in wl3501_probe() Greg Kroah-Hartman
` (292 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Kalle Valo,
Sasha Levin
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 18774612246d036c04ce9fee7f67192f96f48725 ]
Commit 406f42fa0d3c ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev->dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20211018235021.1279697-15-kuba@kernel.org
Stable-dep-of: 391af06a02e7 ("wifi: wl3501_cs: Fix an error handling path in wl3501_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501_cs.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index c6d1a320e244f..46188a83d8be8 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -1946,8 +1946,7 @@ static int wl3501_config(struct pcmcia_device *link)
goto failed;
}
- for (i = 0; i < 6; i++)
- dev->dev_addr[i] = ((char *)&this->mac_addr)[i];
+ eth_hw_addr_set(dev, this->mac_addr);
/* print probe information */
printk(KERN_INFO "%s: wl3501 @ 0x%3.3x, IRQ %d, "
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 035/323] wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 034/323] wl3501_cs: use eth_hw_addr_set() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 036/323] wifi: ray_cs: Utilize strnlen() in parse_addr() Greg Kroah-Hartman
` (291 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Simon Horman,
Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 391af06a02e7642039ac5f6c4b2c034ab0992b5d ]
Should wl3501_config() fail, some resources need to be released as already
done in the remove function.
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/7cc9c9316489b7d69b36aeb0edd3123538500b41.1684569865.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/wl3501_cs.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/wl3501_cs.c b/drivers/net/wireless/wl3501_cs.c
index 46188a83d8be8..4380c5d8fdd27 100644
--- a/drivers/net/wireless/wl3501_cs.c
+++ b/drivers/net/wireless/wl3501_cs.c
@@ -1863,6 +1863,7 @@ static int wl3501_probe(struct pcmcia_device *p_dev)
{
struct net_device *dev;
struct wl3501_card *this;
+ int ret;
/* The io structure describes IO port mapping */
p_dev->resource[0]->end = 16;
@@ -1874,8 +1875,7 @@ static int wl3501_probe(struct pcmcia_device *p_dev)
dev = alloc_etherdev(sizeof(struct wl3501_card));
if (!dev)
- goto out_link;
-
+ return -ENOMEM;
dev->netdev_ops = &wl3501_netdev_ops;
dev->watchdog_timeo = 5 * HZ;
@@ -1888,9 +1888,15 @@ static int wl3501_probe(struct pcmcia_device *p_dev)
netif_stop_queue(dev);
p_dev->priv = dev;
- return wl3501_config(p_dev);
-out_link:
- return -ENOMEM;
+ ret = wl3501_config(p_dev);
+ if (ret)
+ goto out_free_etherdev;
+
+ return 0;
+
+out_free_etherdev:
+ free_netdev(dev);
+ return ret;
}
static int wl3501_config(struct pcmcia_device *link)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 036/323] wifi: ray_cs: Utilize strnlen() in parse_addr()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 035/323] wifi: wl3501_cs: Fix an error handling path in wl3501_probe() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 037/323] wifi: ray_cs: Drop useless status variable " Greg Kroah-Hartman
` (290 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Kalle Valo,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 9e8e9187673cb24324f9165dd47b2b28f60b0b10 ]
Instead of doing simple operations and using an additional variable on stack,
utilize strnlen() and reuse len variable.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220603164414.48436-1-andriy.shevchenko@linux.intel.com
Stable-dep-of: 4f8d66a9fb2e ("wifi: ray_cs: Fix an error handling path in ray_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ray_cs.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
index 8704bae39e1bf..f15714f19d0ff 100644
--- a/drivers/net/wireless/ray_cs.c
+++ b/drivers/net/wireless/ray_cs.c
@@ -1651,31 +1651,29 @@ static void authenticate_timeout(struct timer_list *t)
/*===========================================================================*/
static int parse_addr(char *in_str, UCHAR *out)
{
+ int i, k;
int len;
- int i, j, k;
int status;
if (in_str == NULL)
return 0;
- if ((len = strlen(in_str)) < 2)
+ len = strnlen(in_str, ADDRLEN * 2 + 1) - 1;
+ if (len < 1)
return 0;
memset(out, 0, ADDRLEN);
status = 1;
- j = len - 1;
- if (j > 12)
- j = 12;
i = 5;
- while (j > 0) {
- if ((k = hex_to_bin(in_str[j--])) != -1)
+ while (len > 0) {
+ if ((k = hex_to_bin(in_str[len--])) != -1)
out[i] = k;
else
return 0;
- if (j == 0)
+ if (len == 0)
break;
- if ((k = hex_to_bin(in_str[j--])) != -1)
+ if ((k = hex_to_bin(in_str[len--])) != -1)
out[i] += k << 4;
else
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 037/323] wifi: ray_cs: Drop useless status variable in parse_addr()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 036/323] wifi: ray_cs: Utilize strnlen() in parse_addr() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 038/323] wifi: ray_cs: Fix an error handling path in ray_probe() Greg Kroah-Hartman
` (289 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Kalle Valo,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 4dfc63c002a555a2c3c34d89009532ad803be876 ]
The status variable assigned only once and used also only once.
Replace it's usage by actual value.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220603164414.48436-2-andriy.shevchenko@linux.intel.com
Stable-dep-of: 4f8d66a9fb2e ("wifi: ray_cs: Fix an error handling path in ray_probe()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ray_cs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
index f15714f19d0ff..e5cdcee04615f 100644
--- a/drivers/net/wireless/ray_cs.c
+++ b/drivers/net/wireless/ray_cs.c
@@ -1653,7 +1653,6 @@ static int parse_addr(char *in_str, UCHAR *out)
{
int i, k;
int len;
- int status;
if (in_str == NULL)
return 0;
@@ -1662,7 +1661,6 @@ static int parse_addr(char *in_str, UCHAR *out)
return 0;
memset(out, 0, ADDRLEN);
- status = 1;
i = 5;
while (len > 0) {
@@ -1680,7 +1678,7 @@ static int parse_addr(char *in_str, UCHAR *out)
if (!i--)
break;
}
- return status;
+ return 1;
}
/*===========================================================================*/
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 038/323] wifi: ray_cs: Fix an error handling path in ray_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 037/323] wifi: ray_cs: Drop useless status variable " Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 039/323] wifi: ath9k: dont allow to overwrite ENDPOINT0 attributes Greg Kroah-Hartman
` (288 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Simon Horman,
Kalle Valo, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 4f8d66a9fb2edcd05c1e563456a55a08910bfb37 ]
Should ray_config() fail, some resources need to be released as already
done in the remove function.
While at it, remove a useless and erroneous comment. The probe is
ray_probe(), not ray_attach().
Fixes: 15b99ac17295 ("[PATCH] pcmcia: add return value to _config() functions")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/8c544d18084f8b37dd108e844f7e79e85ff708ff.1684570373.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ray_cs.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/ray_cs.c b/drivers/net/wireless/ray_cs.c
index e5cdcee04615f..edc990d099789 100644
--- a/drivers/net/wireless/ray_cs.c
+++ b/drivers/net/wireless/ray_cs.c
@@ -282,13 +282,14 @@ static int ray_probe(struct pcmcia_device *p_dev)
{
ray_dev_t *local;
struct net_device *dev;
+ int ret;
dev_dbg(&p_dev->dev, "ray_attach()\n");
/* Allocate space for private device-specific data */
dev = alloc_etherdev(sizeof(ray_dev_t));
if (!dev)
- goto fail_alloc_dev;
+ return -ENOMEM;
local = netdev_priv(dev);
local->finder = p_dev;
@@ -325,11 +326,16 @@ static int ray_probe(struct pcmcia_device *p_dev)
timer_setup(&local->timer, NULL, 0);
this_device = p_dev;
- return ray_config(p_dev);
+ ret = ray_config(p_dev);
+ if (ret)
+ goto err_free_dev;
+
+ return 0;
-fail_alloc_dev:
- return -ENOMEM;
-} /* ray_attach */
+err_free_dev:
+ free_netdev(dev);
+ return ret;
+}
static void ray_detach(struct pcmcia_device *link)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 039/323] wifi: ath9k: dont allow to overwrite ENDPOINT0 attributes
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 038/323] wifi: ray_cs: Fix an error handling path in ray_probe() Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 040/323] wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown Greg Kroah-Hartman
` (287 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+b68fbebe56d8362907e8,
Fedor Pchelkin, Toke Høiland-Jørgensen, Kalle Valo,
Sasha Levin
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit 061b0cb9327b80d7a0f63a33e7c3e2a91a71f142 ]
A bad USB device is able to construct a service connection response
message with target endpoint being ENDPOINT0 which is reserved for
HTC_CTRL_RSVD_SVC and should not be modified to be used for any other
services.
Reject such service connection responses.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: fb9987d0f748 ("ath9k_htc: Support for AR9271 chipset.")
Reported-by: syzbot+b68fbebe56d8362907e8@syzkaller.appspotmail.com
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230516150427.79469-1-pchelkin@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/htc_hst.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c
index 6331c98088e03..d5e5f9cf4ca86 100644
--- a/drivers/net/wireless/ath/ath9k/htc_hst.c
+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c
@@ -114,7 +114,13 @@ static void htc_process_conn_rsp(struct htc_target *target,
if (svc_rspmsg->status == HTC_SERVICE_SUCCESS) {
epid = svc_rspmsg->endpoint_id;
- if (epid < 0 || epid >= ENDPOINT_MAX)
+
+ /* Check that the received epid for the endpoint to attach
+ * a new service is valid. ENDPOINT0 can't be used here as it
+ * is already reserved for HTC_CTRL_RSVD_SVC service and thus
+ * should not be modified.
+ */
+ if (epid <= ENDPOINT0 || epid >= ENDPOINT_MAX)
return;
service_id = be16_to_cpu(svc_rspmsg->service_id);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 040/323] wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 039/323] wifi: ath9k: dont allow to overwrite ENDPOINT0 attributes Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 041/323] watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config Greg Kroah-Hartman
` (286 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Simon Horman,
Kalle Valo, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit e74f562328b03fbe9cf438f958464dff3a644dfc ]
It makes no sense to set MMC_PM_KEEP_POWER in shutdown. The flag
indicates to the MMC subsystem to keep the slot powered on during
suspend, but in shutdown the slot should actually be powered off.
Drop this call.
Fixes: 063848c3e155 ("rsi: sdio: Add WOWLAN support for S5 shutdown state")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230527222859.273768-1-marex@denx.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/rsi/rsi_91x_sdio.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio.c b/drivers/net/wireless/rsi/rsi_91x_sdio.c
index 48efe83c58d89..409a3e8305763 100644
--- a/drivers/net/wireless/rsi/rsi_91x_sdio.c
+++ b/drivers/net/wireless/rsi/rsi_91x_sdio.c
@@ -1368,9 +1368,6 @@ static void rsi_shutdown(struct device *dev)
if (sdev->write_fail)
rsi_dbg(INFO_ZONE, "###### Device is not ready #######\n");
- if (rsi_set_sdio_pm_caps(adapter))
- rsi_dbg(INFO_ZONE, "Setting power management caps failed\n");
-
rsi_dbg(INFO_ZONE, "***** RSI module shut down *****\n");
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 041/323] watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 040/323] wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown Greg Kroah-Hartman
@ 2023-08-09 10:37 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 042/323] watchdog/perf: more properly prevent false positives with turbo modes Greg Kroah-Hartman
` (285 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:37 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Nicholas Piggin,
Petr Mladek, Andi Kleen, Catalin Marinas, Chen-Yu Tsai,
Christophe Leroy, Daniel Thompson, David S. Miller, Guenter Roeck,
Ian Rogers, Lecopzer Chen, Marc Zyngier, Mark Rutland,
Masayoshi Mizuma, Matthias Kaehlcke, Michael Ellerman,
Pingfan Liu, Randy Dunlap, Ravi V. Shankar, Ricardo Neri,
Stephane Eranian, Stephen Boyd, Sumit Garg, Tzung-Bi Shih,
Will Deacon, Colin Cross, Andrew Morton, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 5e008df11c55228a86a1bae692cc2002503572c9 ]
Patch series "watchdog/hardlockup: Add the buddy hardlockup detector", v5.
This patch series adds the "buddy" hardlockup detector. In brief, the
buddy hardlockup detector can detect hardlockups without arch-level
support by having CPUs checkup on a "buddy" CPU periodically.
Given the new design of this patch series, testing all combinations is
fairly difficult. I've attempted to make sure that all combinations of
CONFIG_ options are good, but it wouldn't surprise me if I missed
something. I apologize in advance and I'll do my best to fix any
problems that are found.
This patch (of 18):
The real watchdog_update_hrtimer_threshold() is defined in
kernel/watchdog_hld.c. That file is included if
CONFIG_HARDLOCKUP_DETECTOR_PERF and the function is defined in that file
if CONFIG_HARDLOCKUP_CHECK_TIMESTAMP.
The dummy version of the function in "nmi.h" didn't get that quite right.
While this doesn't appear to be a huge deal, it's nice to make it
consistent.
It doesn't break builds because CHECK_TIMESTAMP is only defined by x86 so
others don't get a double definition, and x86 uses perf lockup detector,
so it gets the out of line version.
Link: https://lkml.kernel.org/r/20230519101840.v5.18.Ia44852044cdcb074f387e80df6b45e892965d4a1@changeid
Link: https://lkml.kernel.org/r/20230519101840.v5.1.I8cbb2f4fa740528fcfade4f5439b6cdcdd059251@changeid
Fixes: 7edaeb6841df ("kernel/watchdog: Prevent false positives with turbo modes")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Chen-Yu Tsai <wens@csie.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Guenter Roeck <groeck@chromium.org>
Cc: Ian Rogers <irogers@google.com>
Cc: Lecopzer Chen <lecopzer.chen@mediatek.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Masayoshi Mizuma <msys.mizuma@gmail.com>
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Pingfan Liu <kernelfans@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: "Ravi V. Shankar" <ravi.v.shankar@intel.com>
Cc: Ricardo Neri <ricardo.neri@intel.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Stephen Boyd <swboyd@chromium.org>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Tzung-Bi Shih <tzungbi@chromium.org>
Cc: Will Deacon <will@kernel.org>
Cc: Colin Cross <ccross@android.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/nmi.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/nmi.h b/include/linux/nmi.h
index e972d1ae1ee63..6cb593d9ed08a 100644
--- a/include/linux/nmi.h
+++ b/include/linux/nmi.h
@@ -197,7 +197,7 @@ u64 hw_nmi_get_sample_period(int watchdog_thresh);
#endif
#if defined(CONFIG_HARDLOCKUP_CHECK_TIMESTAMP) && \
- defined(CONFIG_HARDLOCKUP_DETECTOR)
+ defined(CONFIG_HARDLOCKUP_DETECTOR_PERF)
void watchdog_update_hrtimer_threshold(u64 period);
#else
static inline void watchdog_update_hrtimer_threshold(u64 period) { }
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 042/323] watchdog/perf: more properly prevent false positives with turbo modes
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2023-08-09 10:37 ` [PATCH 4.19 041/323] watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 043/323] kexec: fix a memory leak in crash_shrink_memory() Greg Kroah-Hartman
` (284 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Andi Kleen,
Catalin Marinas, Chen-Yu Tsai, Christophe Leroy, Colin Cross,
Daniel Thompson, David S. Miller, Guenter Roeck, Ian Rogers,
Lecopzer Chen, Marc Zyngier, Mark Rutland, Masayoshi Mizuma,
Matthias Kaehlcke, Michael Ellerman, Nicholas Piggin, Petr Mladek,
Pingfan Liu, Randy Dunlap, Ravi V. Shankar, Ricardo Neri,
Stephane Eranian, Stephen Boyd, Sumit Garg, Tzung-Bi Shih,
Will Deacon, Andrew Morton, Sasha Levin
From: Douglas Anderson <dianders@chromium.org>
[ Upstream commit 4379e59fe5665cfda737e45b8bf2f05321ef049c ]
Currently, in the watchdog_overflow_callback() we first check to see if
the watchdog had been touched and _then_ we handle the workaround for
turbo mode. This order should be reversed.
Specifically, "touching" the hardlockup detector's watchdog should avoid
lockups being detected for one period that should be roughly the same
regardless of whether we're running turbo or not. That means that we
should do the extra accounting for turbo _before_ we look at (and clear)
the global indicating that we've been touched.
NOTE: this fix is made based on code inspection. I am not aware of any
reports where the old code would have generated false positives. That
being said, this order seems more correct and also makes it easier down
the line to share code with the "buddy" hardlockup detector.
Link: https://lkml.kernel.org/r/20230519101840.v5.2.I843b0d1de3e096ba111a179f3adb16d576bef5c7@changeid
Fixes: 7edaeb6841df ("kernel/watchdog: Prevent false positives with turbo modes")
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Chen-Yu Tsai <wens@csie.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Colin Cross <ccross@android.com>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Guenter Roeck <groeck@chromium.org>
Cc: Ian Rogers <irogers@google.com>
Cc: Lecopzer Chen <lecopzer.chen@mediatek.com>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Masayoshi Mizuma <msys.mizuma@gmail.com>
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Pingfan Liu <kernelfans@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: "Ravi V. Shankar" <ravi.v.shankar@intel.com>
Cc: Ricardo Neri <ricardo.neri@intel.com>
Cc: Stephane Eranian <eranian@google.com>
Cc: Stephen Boyd <swboyd@chromium.org>
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Tzung-Bi Shih <tzungbi@chromium.org>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/watchdog_hld.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/watchdog_hld.c b/kernel/watchdog_hld.c
index 71381168dedef..f8e460b4a59d5 100644
--- a/kernel/watchdog_hld.c
+++ b/kernel/watchdog_hld.c
@@ -114,14 +114,14 @@ static void watchdog_overflow_callback(struct perf_event *event,
/* Ensure the watchdog never gets throttled */
event->hw.interrupts = 0;
+ if (!watchdog_check_timestamp())
+ return;
+
if (__this_cpu_read(watchdog_nmi_touch) == true) {
__this_cpu_write(watchdog_nmi_touch, false);
return;
}
- if (!watchdog_check_timestamp())
- return;
-
/* check for a hardlockup
* This is done by making sure our timer interrupt
* is incrementing. The timer interrupt should have
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 043/323] kexec: fix a memory leak in crash_shrink_memory()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 042/323] watchdog/perf: more properly prevent false positives with turbo modes Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 044/323] memstick r592: make memstick_debug_get_tpc_name() static Greg Kroah-Hartman
` (283 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhen Lei, Baoquan He, Cong Wang,
Eric W. Biederman, Michael Holzheu, Andrew Morton, Sasha Levin
From: Zhen Lei <thunder.leizhen@huawei.com>
[ Upstream commit 1cba6c4309f03de570202c46f03df3f73a0d4c82 ]
Patch series "kexec: enable kexec_crash_size to support two crash kernel
regions".
When crashkernel=X fails to reserve region under 4G, it will fall back to
reserve region above 4G and a region of the default size will also be
reserved under 4G. Unfortunately, /sys/kernel/kexec_crash_size only
supports one crash kernel region now, the user cannot sense the low memory
reserved by reading /sys/kernel/kexec_crash_size. Also, low memory cannot
be freed by writing this file.
For example:
resource_size(crashk_res) = 512M
resource_size(crashk_low_res) = 256M
The result of 'cat /sys/kernel/kexec_crash_size' is 512M, but it should be
768M. When we execute 'echo 0 > /sys/kernel/kexec_crash_size', the size
of crashk_res becomes 0 and resource_size(crashk_low_res) is still 256 MB,
which is incorrect.
Since crashk_res manages the memory with high address and crashk_low_res
manages the memory with low address, crashk_low_res is shrunken only when
all crashk_res is shrunken. And because when there is only one crash
kernel region, crashk_res is always used. Therefore, if all crashk_res is
shrunken and crashk_low_res still exists, swap them.
This patch (of 6):
If the value of parameter 'new_size' is in the semi-open and semi-closed
interval (crashk_res.end - KEXEC_CRASH_MEM_ALIGN + 1, crashk_res.end], the
calculation result of ram_res is:
ram_res->start = crashk_res.end + 1
ram_res->end = crashk_res.end
The operation of insert_resource() fails, and ram_res is not added to
iomem_resource. As a result, the memory of the control block ram_res is
leaked.
In fact, on all architectures, the start address and size of crashk_res
are already aligned by KEXEC_CRASH_MEM_ALIGN. Therefore, we do not need
to round up crashk_res.start again. Instead, we should round up
'new_size' in advance.
Link: https://lkml.kernel.org/r/20230527123439.772-1-thunder.leizhen@huawei.com
Link: https://lkml.kernel.org/r/20230527123439.772-2-thunder.leizhen@huawei.com
Fixes: 6480e5a09237 ("kdump: add missing RAM resource in crash_shrink_memory()")
Fixes: 06a7f711246b ("kexec: premit reduction of the reserved memory size")
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Acked-by: Baoquan He <bhe@redhat.com>
Cc: Cong Wang <amwang@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/kexec_core.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index 6b3d7f7211dd6..3666d434a8f59 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -1020,6 +1020,7 @@ int crash_shrink_memory(unsigned long new_size)
start = crashk_res.start;
end = crashk_res.end;
old_size = (end == 0) ? 0 : end - start + 1;
+ new_size = roundup(new_size, KEXEC_CRASH_MEM_ALIGN);
if (new_size >= old_size) {
ret = (new_size == old_size) ? 0 : -EINVAL;
goto unlock;
@@ -1031,9 +1032,7 @@ int crash_shrink_memory(unsigned long new_size)
goto unlock;
}
- start = roundup(start, KEXEC_CRASH_MEM_ALIGN);
- end = roundup(start + new_size, KEXEC_CRASH_MEM_ALIGN);
-
+ end = start + new_size;
crash_free_reserved_phys_range(end, crashk_res.end);
if ((start == end) && (crashk_res.parent != NULL))
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 044/323] memstick r592: make memstick_debug_get_tpc_name() static
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 043/323] kexec: fix a memory leak in crash_shrink_memory() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 045/323] wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() Greg Kroah-Hartman
` (282 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Ulf Hansson,
Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 434587df9f7fd68575f99a889cc5f2efc2eaee5e ]
There are no other files referencing this function, apparently
it was left global to avoid an 'unused function' warning when
the only caller is left out. With a 'W=1' build, it causes
a 'missing prototype' warning though:
drivers/memstick/host/r592.c:47:13: error: no previous prototype for 'memstick_debug_get_tpc_name' [-Werror=missing-prototypes]
Annotate the function as 'static __maybe_unused' to avoid both
problems.
Fixes: 926341250102 ("memstick: add driver for Ricoh R5C592 card reader")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20230516202714.560929-1-arnd@kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/memstick/host/r592.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c
index edb1b5588b7a0..6360f5c6d3958 100644
--- a/drivers/memstick/host/r592.c
+++ b/drivers/memstick/host/r592.c
@@ -47,12 +47,10 @@ static const char *tpc_names[] = {
* memstick_debug_get_tpc_name - debug helper that returns string for
* a TPC number
*/
-const char *memstick_debug_get_tpc_name(int tpc)
+static __maybe_unused const char *memstick_debug_get_tpc_name(int tpc)
{
return tpc_names[tpc-1];
}
-EXPORT_SYMBOL(memstick_debug_get_tpc_name);
-
/* Read a register*/
static inline u32 r592_read_reg(struct r592_device *dev, int address)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 045/323] wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 044/323] memstick r592: make memstick_debug_get_tpc_name() static Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 046/323] wifi: ath9k: convert msecs to jiffies where needed Greg Kroah-Hartman
` (281 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Remi Pommarel, Nicolas Escande,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Remi Pommarel <repk@triplefau.lt>
[ Upstream commit 75086cc6dee046e3fbb3dba148b376d8802f83bc ]
On EDMA capable hardware, ath9k_txq_list_has_key() can enter infinite
loop if it is called while all txq_fifos have packets that use different
key that the one we are looking for. Fix it by exiting the loop if all
txq_fifos have been checked already.
Because this loop is called under spin_lock_bh() (see ath_txq_lock) it
causes the following rcu stall:
rcu: INFO: rcu_sched self-detected stall on CPU
ath10k_pci 0000:01:00.0: failed to read temperature -11
rcu: 1-....: (5254 ticks this GP) idle=189/1/0x4000000000000002 softirq=8442983/8442984 fqs=2579
(t=5257 jiffies g=17983297 q=334)
Task dump for CPU 1:
task:hostapd state:R running task stack: 0 pid: 297 ppid: 289 flags:0x0000000a
Call trace:
dump_backtrace+0x0/0x170
show_stack+0x1c/0x24
sched_show_task+0x140/0x170
dump_cpu_task+0x48/0x54
rcu_dump_cpu_stacks+0xf0/0x134
rcu_sched_clock_irq+0x8d8/0x9fc
update_process_times+0xa0/0xec
tick_sched_timer+0x5c/0xd0
__hrtimer_run_queues+0x154/0x320
hrtimer_interrupt+0x120/0x2f0
arch_timer_handler_virt+0x38/0x44
handle_percpu_devid_irq+0x9c/0x1e0
handle_domain_irq+0x64/0x90
gic_handle_irq+0x78/0xb0
call_on_irq_stack+0x28/0x38
do_interrupt_handler+0x54/0x5c
el1_interrupt+0x2c/0x4c
el1h_64_irq_handler+0x14/0x1c
el1h_64_irq+0x74/0x78
ath9k_txq_has_key+0x1bc/0x250 [ath9k]
ath9k_set_key+0x1cc/0x3dc [ath9k]
drv_set_key+0x78/0x170
ieee80211_key_replace+0x564/0x6cc
ieee80211_key_link+0x174/0x220
ieee80211_add_key+0x11c/0x300
nl80211_new_key+0x12c/0x330
genl_family_rcv_msg_doit+0xbc/0x11c
genl_rcv_msg+0xd8/0x1c4
netlink_rcv_skb+0x40/0x100
genl_rcv+0x3c/0x50
netlink_unicast+0x1ec/0x2c0
netlink_sendmsg+0x198/0x3c0
____sys_sendmsg+0x210/0x250
___sys_sendmsg+0x78/0xc4
__sys_sendmsg+0x4c/0x90
__arm64_sys_sendmsg+0x28/0x30
invoke_syscall.constprop.0+0x60/0x100
do_el0_svc+0x48/0xd0
el0_svc+0x14/0x50
el0t_64_sync_handler+0xa8/0xb0
el0t_64_sync+0x158/0x15c
This rcu stall is hard to reproduce as is, but changing ATH_TXFIFO_DEPTH
from 8 to 2 makes it reasonably easy to reproduce.
Fixes: ca2848022c12 ("ath9k: Postpone key cache entry deletion for TXQ frames reference it")
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Tested-by: Nicolas Escande <nico.escande@gmail.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230609093744.1985-1-repk@triplefau.lt
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/main.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
index ee1b9c39bad7a..e8e297a04d360 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -847,7 +847,7 @@ static bool ath9k_txq_list_has_key(struct list_head *txq_list, u32 keyix)
static bool ath9k_txq_has_key(struct ath_softc *sc, u32 keyix)
{
struct ath_hw *ah = sc->sc_ah;
- int i;
+ int i, j;
struct ath_txq *txq;
bool key_in_use = false;
@@ -865,8 +865,9 @@ static bool ath9k_txq_has_key(struct ath_softc *sc, u32 keyix)
if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) {
int idx = txq->txq_tailidx;
- while (!key_in_use &&
- !list_empty(&txq->txq_fifo[idx])) {
+ for (j = 0; !key_in_use &&
+ !list_empty(&txq->txq_fifo[idx]) &&
+ j < ATH_TXFIFO_DEPTH; j++) {
key_in_use = ath9k_txq_list_has_key(
&txq->txq_fifo[idx], keyix);
INCR(idx, ATH_TXFIFO_DEPTH);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 046/323] wifi: ath9k: convert msecs to jiffies where needed
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 045/323] wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 047/323] netlink: fix potential deadlock in netlink_set_err() Greg Kroah-Hartman
` (280 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit 2aa083acea9f61be3280184384551178f510ff51 ]
Since 'ieee80211_queue_delayed_work()' expects timeout in
jiffies and not milliseconds, 'msecs_to_jiffies()' should
be used in 'ath_restart_work()' and '__ath9k_flush()'.
Fixes: d63ffc45c5d3 ("ath9k: rename tx_complete_work to hw_check_work")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230613134655.248728-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
index e8e297a04d360..2fdf9858a73d9 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -200,7 +200,7 @@ void ath_cancel_work(struct ath_softc *sc)
void ath_restart_work(struct ath_softc *sc)
{
ieee80211_queue_delayed_work(sc->hw, &sc->hw_check_work,
- ATH_HW_CHECK_POLL_INT);
+ msecs_to_jiffies(ATH_HW_CHECK_POLL_INT));
if (AR_SREV_9340(sc->sc_ah) || AR_SREV_9330(sc->sc_ah))
ieee80211_queue_delayed_work(sc->hw, &sc->hw_pll_work,
@@ -2228,7 +2228,7 @@ void __ath9k_flush(struct ieee80211_hw *hw, u32 queues, bool drop,
}
ieee80211_queue_delayed_work(hw, &sc->hw_check_work,
- ATH_HW_CHECK_POLL_INT);
+ msecs_to_jiffies(ATH_HW_CHECK_POLL_INT));
}
static bool ath9k_tx_frames_pending(struct ieee80211_hw *hw)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 047/323] netlink: fix potential deadlock in netlink_set_err()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 046/323] wifi: ath9k: convert msecs to jiffies where needed Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 048/323] netlink: do not hard code device address lenth in fdb dumps Greg Kroah-Hartman
` (279 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+a7d200a347f912723e5c,
Eric Dumazet, Johannes Berg, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 8d61f926d42045961e6b65191c09e3678d86a9cf ]
syzbot reported a possible deadlock in netlink_set_err() [1]
A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs
for netlink_lock_table()") in netlink_lock_table()
This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()
which were not covered by cited commit.
[1]
WARNING: possible irq lock inversion dependency detected
6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted
syz-executor.2/23011 just changed the state of lock:
ffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612
but this lock was taken by another, SOFTIRQ-safe lock in the past:
(&local->queue_stop_reason_lock){..-.}-{2:2}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nl_table_lock);
local_irq_disable();
lock(&local->queue_stop_reason_lock);
lock(nl_table_lock);
<Interrupt>
lock(&local->queue_stop_reason_lock);
*** DEADLOCK ***
Fixes: 1d482e666b8e ("netlink: disable IRQs for netlink_lock_table()")
Reported-by: syzbot+a7d200a347f912723e5c@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=a7d200a347f912723e5c
Link: https://lore.kernel.org/netdev/000000000000e38d1605fea5747e@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20230621154337.1668594-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netlink/af_netlink.c | 5 +++--
net/netlink/diag.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 57fd9b7cfc75f..35ecaa93f213a 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1603,6 +1603,7 @@ static int do_one_set_err(struct sock *sk, struct netlink_set_err_data *p)
int netlink_set_err(struct sock *ssk, u32 portid, u32 group, int code)
{
struct netlink_set_err_data info;
+ unsigned long flags;
struct sock *sk;
int ret = 0;
@@ -1612,12 +1613,12 @@ int netlink_set_err(struct sock *ssk, u32 portid, u32 group, int code)
/* sk->sk_err wants a positive error value */
info.code = -code;
- read_lock(&nl_table_lock);
+ read_lock_irqsave(&nl_table_lock, flags);
sk_for_each_bound(sk, &nl_table[ssk->sk_protocol].mc_list)
ret += do_one_set_err(sk, &info);
- read_unlock(&nl_table_lock);
+ read_unlock_irqrestore(&nl_table_lock, flags);
return ret;
}
EXPORT_SYMBOL(netlink_set_err);
diff --git a/net/netlink/diag.c b/net/netlink/diag.c
index 7dda33b9b7849..83a0429805e9d 100644
--- a/net/netlink/diag.c
+++ b/net/netlink/diag.c
@@ -93,6 +93,7 @@ static int __netlink_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
struct net *net = sock_net(skb->sk);
struct netlink_diag_req *req;
struct netlink_sock *nlsk;
+ unsigned long flags;
struct sock *sk;
int num = 2;
int ret = 0;
@@ -151,7 +152,7 @@ static int __netlink_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
num++;
mc_list:
- read_lock(&nl_table_lock);
+ read_lock_irqsave(&nl_table_lock, flags);
sk_for_each_bound(sk, &tbl->mc_list) {
if (sk_hashed(sk))
continue;
@@ -172,7 +173,7 @@ static int __netlink_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
}
num++;
}
- read_unlock(&nl_table_lock);
+ read_unlock_irqrestore(&nl_table_lock, flags);
done:
cb->args[0] = num;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 048/323] netlink: do not hard code device address lenth in fdb dumps
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 047/323] netlink: fix potential deadlock in netlink_set_err() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 049/323] gtp: Fix use-after-free in __gtp_encap_destroy() Greg Kroah-Hartman
` (278 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, Jiri Pirko,
Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit aa5406950726e336c5c9585b09799a734b6e77bf ]
syzbot reports that some netdev devices do not have a six bytes
address [1]
Replace ETH_ALEN by dev->addr_len.
[1] (Case of a device where dev->addr_len = 4)
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
copyout+0xb8/0x100 lib/iov_iter.c:169
_copy_to_iter+0x6d8/0x1d00 lib/iov_iter.c:536
copy_to_iter include/linux/uio.h:206 [inline]
simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513
__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419
skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527
skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]
netlink_recvmsg+0x4ae/0x15a0 net/netlink/af_netlink.c:1970
sock_recvmsg_nosec net/socket.c:1019 [inline]
sock_recvmsg net/socket.c:1040 [inline]
____sys_recvmsg+0x283/0x7f0 net/socket.c:2722
___sys_recvmsg+0x223/0x840 net/socket.c:2764
do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858
__sys_recvmmsg net/socket.c:2937 [inline]
__do_sys_recvmmsg net/socket.c:2960 [inline]
__se_sys_recvmmsg net/socket.c:2953 [inline]
__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was stored to memory at:
__nla_put lib/nlattr.c:1009 [inline]
nla_put+0x1c6/0x230 lib/nlattr.c:1067
nlmsg_populate_fdb_fill+0x2b8/0x600 net/core/rtnetlink.c:4071
nlmsg_populate_fdb net/core/rtnetlink.c:4418 [inline]
ndo_dflt_fdb_dump+0x616/0x840 net/core/rtnetlink.c:4456
rtnl_fdb_dump+0x14ff/0x1fc0 net/core/rtnetlink.c:4629
netlink_dump+0x9d1/0x1310 net/netlink/af_netlink.c:2268
netlink_recvmsg+0xc5c/0x15a0 net/netlink/af_netlink.c:1995
sock_recvmsg_nosec+0x7a/0x120 net/socket.c:1019
____sys_recvmsg+0x664/0x7f0 net/socket.c:2720
___sys_recvmsg+0x223/0x840 net/socket.c:2764
do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858
__sys_recvmmsg net/socket.c:2937 [inline]
__do_sys_recvmmsg net/socket.c:2960 [inline]
__se_sys_recvmmsg net/socket.c:2953 [inline]
__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716
slab_alloc_node mm/slub.c:3451 [inline]
__kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490
kmalloc_trace+0x51/0x200 mm/slab_common.c:1057
kmalloc include/linux/slab.h:559 [inline]
__hw_addr_create net/core/dev_addr_lists.c:60 [inline]
__hw_addr_add_ex+0x2e5/0x9e0 net/core/dev_addr_lists.c:118
__dev_mc_add net/core/dev_addr_lists.c:867 [inline]
dev_mc_add+0x9a/0x130 net/core/dev_addr_lists.c:885
igmp6_group_added+0x267/0xbc0 net/ipv6/mcast.c:680
ipv6_mc_up+0x296/0x3b0 net/ipv6/mcast.c:2754
ipv6_mc_remap+0x1e/0x30 net/ipv6/mcast.c:2708
addrconf_type_change net/ipv6/addrconf.c:3731 [inline]
addrconf_notify+0x4d3/0x1d90 net/ipv6/addrconf.c:3699
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0xe4/0x430 kernel/notifier.c:461
call_netdevice_notifiers_info net/core/dev.c:1935 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1973 [inline]
call_netdevice_notifiers+0x1ee/0x2d0 net/core/dev.c:1987
bond_enslave+0xccd/0x53f0 drivers/net/bonding/bond_main.c:1906
do_set_master net/core/rtnetlink.c:2626 [inline]
rtnl_newlink_create net/core/rtnetlink.c:3460 [inline]
__rtnl_newlink net/core/rtnetlink.c:3660 [inline]
rtnl_newlink+0x378c/0x40e0 net/core/rtnetlink.c:3673
rtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6395
netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2546
rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6413
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0xf28/0x1230 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x122f/0x13d0 net/netlink/af_netlink.c:1913
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg net/socket.c:747 [inline]
____sys_sendmsg+0x999/0xd50 net/socket.c:2503
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2557
__sys_sendmsg net/socket.c:2586 [inline]
__do_sys_sendmsg net/socket.c:2595 [inline]
__se_sys_sendmsg net/socket.c:2593 [inline]
__x64_sys_sendmsg+0x304/0x490 net/socket.c:2593
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Bytes 2856-2857 of 3500 are uninitialized
Memory access of size 3500 starts at ffff888018d99104
Data copied to user address 0000000020000480
Fixes: d83b06036048 ("net: add fdb generic dump routine")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://lore.kernel.org/r/20230621174720.1845040-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/rtnetlink.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 2837cc03f69e2..79f62517e24a5 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -3436,7 +3436,7 @@ static int nlmsg_populate_fdb_fill(struct sk_buff *skb,
ndm->ndm_ifindex = dev->ifindex;
ndm->ndm_state = ndm_state;
- if (nla_put(skb, NDA_LLADDR, ETH_ALEN, addr))
+ if (nla_put(skb, NDA_LLADDR, dev->addr_len, addr))
goto nla_put_failure;
if (vid)
if (nla_put(skb, NDA_VLAN, sizeof(u16), &vid))
@@ -3450,10 +3450,10 @@ static int nlmsg_populate_fdb_fill(struct sk_buff *skb,
return -EMSGSIZE;
}
-static inline size_t rtnl_fdb_nlmsg_size(void)
+static inline size_t rtnl_fdb_nlmsg_size(const struct net_device *dev)
{
return NLMSG_ALIGN(sizeof(struct ndmsg)) +
- nla_total_size(ETH_ALEN) + /* NDA_LLADDR */
+ nla_total_size(dev->addr_len) + /* NDA_LLADDR */
nla_total_size(sizeof(u16)) + /* NDA_VLAN */
0;
}
@@ -3465,7 +3465,7 @@ static void rtnl_fdb_notify(struct net_device *dev, u8 *addr, u16 vid, int type,
struct sk_buff *skb;
int err = -ENOBUFS;
- skb = nlmsg_new(rtnl_fdb_nlmsg_size(), GFP_ATOMIC);
+ skb = nlmsg_new(rtnl_fdb_nlmsg_size(dev), GFP_ATOMIC);
if (!skb)
goto errout;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 049/323] gtp: Fix use-after-free in __gtp_encap_destroy().
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 048/323] netlink: do not hard code device address lenth in fdb dumps Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 050/323] lib/ts_bm: reset initial match offset for every block of text Greg Kroah-Hartman
` (277 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzkaller, Kuniyuki Iwashima,
Pablo Neira Ayuso, Jakub Kicinski, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit ce3aee7114c575fab32a5e9e939d4bbb3dcca79f ]
syzkaller reported use-after-free in __gtp_encap_destroy(). [0]
It shows the same process freed sk and touched it illegally.
Commit e198987e7dd7 ("gtp: fix suspicious RCU usage") added lock_sock()
and release_sock() in __gtp_encap_destroy() to protect sk->sk_user_data,
but release_sock() is called after sock_put() releases the last refcnt.
[0]:
BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: slab-use-after-free in atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]
BUG: KASAN: slab-use-after-free in queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]
BUG: KASAN: slab-use-after-free in do_raw_spin_lock include/linux/spinlock.h:186 [inline]
BUG: KASAN: slab-use-after-free in __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]
BUG: KASAN: slab-use-after-free in _raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178
Write of size 4 at addr ffff88800dbef398 by task syz-executor.2/2401
CPU: 1 PID: 2401 Comm: syz-executor.2 Not tainted 6.4.0-rc5-01219-gfa0e21fa4443 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x72/0xa0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:351 [inline]
print_report+0xcc/0x620 mm/kasan/report.c:462
kasan_report+0xb2/0xe0 mm/kasan/report.c:572
check_region_inline mm/kasan/generic.c:181 [inline]
kasan_check_range+0x39/0x1c0 mm/kasan/generic.c:187
instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:541 [inline]
queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]
do_raw_spin_lock include/linux/spinlock.h:186 [inline]
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]
_raw_spin_lock_bh+0x75/0xe0 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:355 [inline]
release_sock+0x1f/0x1a0 net/core/sock.c:3526
gtp_encap_disable_sock drivers/net/gtp.c:651 [inline]
gtp_encap_disable+0xb9/0x220 drivers/net/gtp.c:664
gtp_dev_uninit+0x19/0x50 drivers/net/gtp.c:728
unregister_netdevice_many_notify+0x97e/0x1520 net/core/dev.c:10841
rtnl_delete_link net/core/rtnetlink.c:3216 [inline]
rtnl_dellink+0x3c0/0xb30 net/core/rtnetlink.c:3268
rtnetlink_rcv_msg+0x450/0xb10 net/core/rtnetlink.c:6423
netlink_rcv_skb+0x15d/0x450 net/netlink/af_netlink.c:2548
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x700/0x930 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x91c/0xe30 net/netlink/af_netlink.c:1913
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0x1b7/0x200 net/socket.c:747
____sys_sendmsg+0x75a/0x990 net/socket.c:2493
___sys_sendmsg+0x11d/0x1c0 net/socket.c:2547
__sys_sendmsg+0xfe/0x1d0 net/socket.c:2576
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f1168b1fe5d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
RSP: 002b:00007f1167edccc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f1168b1fe5d
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
RBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f1168b80530 R15: 0000000000000000
</TASK>
Allocated by task 1483:
kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
__kasan_slab_alloc+0x59/0x70 mm/kasan/common.c:328
kasan_slab_alloc include/linux/kasan.h:186 [inline]
slab_post_alloc_hook mm/slab.h:711 [inline]
slab_alloc_node mm/slub.c:3451 [inline]
slab_alloc mm/slub.c:3459 [inline]
__kmem_cache_alloc_lru mm/slub.c:3466 [inline]
kmem_cache_alloc+0x16d/0x340 mm/slub.c:3475
sk_prot_alloc+0x5f/0x280 net/core/sock.c:2073
sk_alloc+0x34/0x6c0 net/core/sock.c:2132
inet6_create net/ipv6/af_inet6.c:192 [inline]
inet6_create+0x2c7/0xf20 net/ipv6/af_inet6.c:119
__sock_create+0x2a1/0x530 net/socket.c:1535
sock_create net/socket.c:1586 [inline]
__sys_socket_create net/socket.c:1623 [inline]
__sys_socket_create net/socket.c:1608 [inline]
__sys_socket+0x137/0x250 net/socket.c:1651
__do_sys_socket net/socket.c:1664 [inline]
__se_sys_socket net/socket.c:1662 [inline]
__x64_sys_socket+0x72/0xb0 net/socket.c:1662
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Freed by task 2401:
kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:521
____kasan_slab_free mm/kasan/common.c:236 [inline]
____kasan_slab_free mm/kasan/common.c:200 [inline]
__kasan_slab_free+0x10c/0x1b0 mm/kasan/common.c:244
kasan_slab_free include/linux/kasan.h:162 [inline]
slab_free_hook mm/slub.c:1781 [inline]
slab_free_freelist_hook mm/slub.c:1807 [inline]
slab_free mm/slub.c:3786 [inline]
kmem_cache_free+0xb4/0x490 mm/slub.c:3808
sk_prot_free net/core/sock.c:2113 [inline]
__sk_destruct+0x500/0x720 net/core/sock.c:2207
sk_destruct+0xc1/0xe0 net/core/sock.c:2222
__sk_free+0xed/0x3d0 net/core/sock.c:2233
sk_free+0x7c/0xa0 net/core/sock.c:2244
sock_put include/net/sock.h:1981 [inline]
__gtp_encap_destroy+0x165/0x1b0 drivers/net/gtp.c:634
gtp_encap_disable_sock drivers/net/gtp.c:651 [inline]
gtp_encap_disable+0xb9/0x220 drivers/net/gtp.c:664
gtp_dev_uninit+0x19/0x50 drivers/net/gtp.c:728
unregister_netdevice_many_notify+0x97e/0x1520 net/core/dev.c:10841
rtnl_delete_link net/core/rtnetlink.c:3216 [inline]
rtnl_dellink+0x3c0/0xb30 net/core/rtnetlink.c:3268
rtnetlink_rcv_msg+0x450/0xb10 net/core/rtnetlink.c:6423
netlink_rcv_skb+0x15d/0x450 net/netlink/af_netlink.c:2548
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x700/0x930 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x91c/0xe30 net/netlink/af_netlink.c:1913
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0x1b7/0x200 net/socket.c:747
____sys_sendmsg+0x75a/0x990 net/socket.c:2493
___sys_sendmsg+0x11d/0x1c0 net/socket.c:2547
__sys_sendmsg+0xfe/0x1d0 net/socket.c:2576
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc
The buggy address belongs to the object at ffff88800dbef300
which belongs to the cache UDPv6 of size 1344
The buggy address is located 152 bytes inside of
freed 1344-byte region [ffff88800dbef300, ffff88800dbef840)
The buggy address belongs to the physical page:
page:00000000d31bfed5 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800dbeed40 pfn:0xdbe8
head:00000000d31bfed5 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff888008ee0801
flags: 0x100000000010200(slab|head|node=0|zone=1)
page_type: 0xffffffff()
raw: 0100000000010200 ffff88800c7a3000 dead000000000122 0000000000000000
raw: ffff88800dbeed40 0000000080160015 00000001ffffffff ffff888008ee0801
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88800dbef280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88800dbef300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88800dbef380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88800dbef400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88800dbef480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Fixes: e198987e7dd7 ("gtp: fix suspicious RCU usage")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20230622213231.24651-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/gtp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
index e18d06cb2173c..2718b0507f713 100644
--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c
@@ -301,7 +301,9 @@ static void __gtp_encap_destroy(struct sock *sk)
gtp->sk1u = NULL;
udp_sk(sk)->encap_type = 0;
rcu_assign_sk_user_data(sk, NULL);
+ release_sock(sk);
sock_put(sk);
+ return;
}
release_sock(sk);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 050/323] lib/ts_bm: reset initial match offset for every block of text
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 049/323] gtp: Fix use-after-free in __gtp_encap_destroy() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 051/323] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value Greg Kroah-Hartman
` (276 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jeremy Sowden, Pablo Neira Ayuso,
Sasha Levin
From: Jeremy Sowden <jeremy@azazel.net>
[ Upstream commit 6f67fbf8192da80c4db01a1800c7fceaca9cf1f9 ]
The `shift` variable which indicates the offset in the string at which
to start matching the pattern is initialized to `bm->patlen - 1`, but it
is not reset when a new block is retrieved. This means the implemen-
tation may start looking at later and later positions in each successive
block and miss occurrences of the pattern at the beginning. E.g.,
consider a HTTP packet held in a non-linear skb, where the HTTP request
line occurs in the second block:
[... 52 bytes of packet headers ...]
GET /bmtest HTTP/1.1\r\nHost: www.example.com\r\n\r\n
and the pattern is "GET /bmtest".
Once the first block comprising the packet headers has been examined,
`shift` will be pointing to somewhere near the end of the block, and so
when the second block is examined the request line at the beginning will
be missed.
Reinitialize the variable for each new block.
Fixes: 8082e4ed0a61 ("[LIB]: Boyer-Moore extension for textsearch infrastructure strike #2")
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1390
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/ts_bm.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/ts_bm.c b/lib/ts_bm.c
index 9e66ee4020e90..5de382e79a45a 100644
--- a/lib/ts_bm.c
+++ b/lib/ts_bm.c
@@ -64,10 +64,12 @@ static unsigned int bm_find(struct ts_config *conf, struct ts_state *state)
struct ts_bm *bm = ts_config_priv(conf);
unsigned int i, text_len, consumed = state->offset;
const u8 *text;
- int shift = bm->patlen - 1, bs;
+ int bs;
const u8 icase = conf->flags & TS_IGNORECASE;
for (;;) {
+ int shift = bm->patlen - 1;
+
text_len = conf->get_next_block(consumed, &text, conf, state);
if (unlikely(text_len == 0))
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 051/323] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 050/323] lib/ts_bm: reset initial match offset for every block of text Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 052/323] ipvlan: Fix return value of ipvlan_queue_xmit() Greg Kroah-Hartman
` (275 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilia.Gavrilov, Simon Horman,
Florian Westphal, Pablo Neira Ayuso, Sasha Levin
From: Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
[ Upstream commit f188d30087480eab421cd8ca552fb15f55d57f4d ]
ct_sip_parse_numerical_param() returns only 0 or 1 now.
But process_register_request() and process_register_response() imply
checking for a negative value if parsing of a numerical header parameter
failed.
The invocation in nf_nat_sip() looks correct:
if (ct_sip_parse_numerical_param(...) > 0 &&
...) { ... }
Make the return value of the function ct_sip_parse_numerical_param()
a tristate to fix all the cases
a) return 1 if value is found; *val is set
b) return 0 if value is not found; *val is unchanged
c) return -1 on error; *val is undefined
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
Fixes: 0f32a40fc91a ("[NETFILTER]: nf_conntrack_sip: create signalling expectations")
Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_conntrack_sip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 046f118dea06b..d16aa43ebd4d6 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -605,7 +605,7 @@ int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
start += strlen(name);
*val = simple_strtoul(start, &end, 0);
if (start == end)
- return 0;
+ return -1;
if (matchoff && matchlen) {
*matchoff = start - dptr;
*matchlen = end - start;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 052/323] ipvlan: Fix return value of ipvlan_queue_xmit()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 051/323] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 053/323] netlink: Add __sock_i_ino() for __netlink_diag_dump() Greg Kroah-Hartman
` (274 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Cambda Zhu, Paolo Abeni, Sasha Levin
From: Cambda Zhu <cambda@linux.alibaba.com>
[ Upstream commit 8a9922e7be6d042fa00f894c376473b17a162b66 ]
ipvlan_queue_xmit() should return NET_XMIT_XXX, but
ipvlan_xmit_mode_l2/l3() returns rx_handler_result_t or NET_RX_XXX
in some cases. ipvlan_rcv_frame() will only return RX_HANDLER_CONSUMED
in ipvlan_xmit_mode_l2/l3() because 'local' is true. It's equal to
NET_XMIT_SUCCESS. But dev_forward_skb() can return NET_RX_SUCCESS or
NET_RX_DROP, and returning NET_RX_DROP(NET_XMIT_DROP) will increase
both ipvlan and ipvlan->phy_dev drops counter.
The skb to forward can be treated as xmitted successfully. This patch
makes ipvlan_queue_xmit() return NET_XMIT_SUCCESS for forward skb.
Fixes: 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.")
Signed-off-by: Cambda Zhu <cambda@linux.alibaba.com>
Link: https://lore.kernel.org/r/20230626093347.7492-1-cambda@linux.alibaba.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ipvlan/ipvlan_core.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
index eb80d277b56f5..6b6c5a7250a65 100644
--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -592,7 +592,8 @@ static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
consume_skb(skb);
return NET_XMIT_DROP;
}
- return ipvlan_rcv_frame(addr, &skb, true);
+ ipvlan_rcv_frame(addr, &skb, true);
+ return NET_XMIT_SUCCESS;
}
}
out:
@@ -618,7 +619,8 @@ static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
consume_skb(skb);
return NET_XMIT_DROP;
}
- return ipvlan_rcv_frame(addr, &skb, true);
+ ipvlan_rcv_frame(addr, &skb, true);
+ return NET_XMIT_SUCCESS;
}
}
skb = skb_share_check(skb, GFP_ATOMIC);
@@ -630,7 +632,8 @@ static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
* the skb for the main-dev. At the RX side we just return
* RX_PASS for it to be processed further on the stack.
*/
- return dev_forward_skb(ipvlan->phy_dev, skb);
+ dev_forward_skb(ipvlan->phy_dev, skb);
+ return NET_XMIT_SUCCESS;
} else if (is_multicast_ether_addr(eth->h_dest)) {
skb_reset_mac_header(skb);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 053/323] netlink: Add __sock_i_ino() for __netlink_diag_dump().
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 052/323] ipvlan: Fix return value of ipvlan_queue_xmit() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 054/323] radeon: avoid double free in ci_dpm_init() Greg Kroah-Hartman
` (273 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+5da61cf6a9bc1902d422,
Eric Dumazet, Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 25a9c8a4431c364f97f75558cb346d2ad3f53fbb ]
syzbot reported a warning in __local_bh_enable_ip(). [0]
Commit 8d61f926d420 ("netlink: fix potential deadlock in
netlink_set_err()") converted read_lock(&nl_table_lock) to
read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock.
However, __netlink_diag_dump() calls sock_i_ino() that uses
read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y,
read_unlock_bh() finally enables IRQ even though it should stay
disabled until the following read_unlock_irqrestore().
Using read_lock() in sock_i_ino() would trigger a lockdep splat
in another place that was fixed in commit f064af1e500a ("net: fix
a lockdep splat"), so let's add __sock_i_ino() that would be safe
to use under BH disabled.
[0]:
WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376
Modules linked in:
CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376
Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f
RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996
RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3
RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3
R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4
R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000
FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
sock_i_ino+0x83/0xa0 net/core/sock.c:2559
__netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171
netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207
netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269
__netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374
netlink_dump_start include/linux/netlink.h:329 [inline]
netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238
__sock_diag_cmd net/core/sock_diag.c:238 [inline]
sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269
netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547
sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0xde/0x190 net/socket.c:747
____sys_sendmsg+0x71c/0x900 net/socket.c:2503
___sys_sendmsg+0x110/0x1b0 net/socket.c:2557
__sys_sendmsg+0xf7/0x1c0 net/socket.c:2586
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5303aaabb9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()")
Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sock.h | 1 +
net/core/sock.c | 17 ++++++++++++++---
net/netlink/diag.c | 2 +-
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 616e84d1670df..72739f72e4b90 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1840,6 +1840,7 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
}
kuid_t sock_i_uid(struct sock *sk);
+unsigned long __sock_i_ino(struct sock *sk);
unsigned long sock_i_ino(struct sock *sk);
static inline kuid_t sock_net_uid(const struct net *net, const struct sock *sk)
diff --git a/net/core/sock.c b/net/core/sock.c
index 347a55519d0a5..5b31f3446fc7a 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1939,13 +1939,24 @@ kuid_t sock_i_uid(struct sock *sk)
}
EXPORT_SYMBOL(sock_i_uid);
-unsigned long sock_i_ino(struct sock *sk)
+unsigned long __sock_i_ino(struct sock *sk)
{
unsigned long ino;
- read_lock_bh(&sk->sk_callback_lock);
+ read_lock(&sk->sk_callback_lock);
ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
- read_unlock_bh(&sk->sk_callback_lock);
+ read_unlock(&sk->sk_callback_lock);
+ return ino;
+}
+EXPORT_SYMBOL(__sock_i_ino);
+
+unsigned long sock_i_ino(struct sock *sk)
+{
+ unsigned long ino;
+
+ local_bh_disable();
+ ino = __sock_i_ino(sk);
+ local_bh_enable();
return ino;
}
EXPORT_SYMBOL(sock_i_ino);
diff --git a/net/netlink/diag.c b/net/netlink/diag.c
index 83a0429805e9d..85ee4891c2c7f 100644
--- a/net/netlink/diag.c
+++ b/net/netlink/diag.c
@@ -167,7 +167,7 @@ static int __netlink_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
NLM_F_MULTI,
- sock_i_ino(sk)) < 0) {
+ __sock_i_ino(sk)) < 0) {
ret = 1;
break;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 054/323] radeon: avoid double free in ci_dpm_init()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 053/323] netlink: Add __sock_i_ino() for __netlink_diag_dump() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 055/323] Input: drv260x - sleep between polling GO bit Greg Kroah-Hartman
` (272 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich, Alex Deucher,
Sasha Levin, Natalia Petrova
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
[ Upstream commit 20c3dffdccbd494e0dd631d1660aeecbff6775f2 ]
Several calls to ci_dpm_fini() will attempt to free resources that
either have been freed before or haven't been allocated yet. This
may lead to undefined or dangerous behaviour.
For instance, if r600_parse_extended_power_table() fails, it might
call r600_free_extended_power_table() as will ci_dpm_fini() later
during error handling.
Fix this by only freeing pointers to objects previously allocated.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes: cc8dbbb4f62a ("drm/radeon: add dpm support for CI dGPUs (v2)")
Co-developed-by: Natalia Petrova <n.petrova@fintech.ru>
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/ci_dpm.c | 28 ++++++++++++++++++++--------
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/radeon/ci_dpm.c b/drivers/gpu/drm/radeon/ci_dpm.c
index 90c1afe498bea..ce8b14592b69b 100644
--- a/drivers/gpu/drm/radeon/ci_dpm.c
+++ b/drivers/gpu/drm/radeon/ci_dpm.c
@@ -5552,6 +5552,7 @@ static int ci_parse_power_table(struct radeon_device *rdev)
u8 frev, crev;
u8 *power_state_offset;
struct ci_ps *ps;
+ int ret;
if (!atom_parse_data_header(mode_info->atom_context, index, NULL,
&frev, &crev, &data_offset))
@@ -5581,11 +5582,15 @@ static int ci_parse_power_table(struct radeon_device *rdev)
non_clock_array_index = power_state->v2.nonClockInfoIndex;
non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *)
&non_clock_info_array->nonClockInfo[non_clock_array_index];
- if (!rdev->pm.power_state[i].clock_info)
- return -EINVAL;
+ if (!rdev->pm.power_state[i].clock_info) {
+ ret = -EINVAL;
+ goto err_free_ps;
+ }
ps = kzalloc(sizeof(struct ci_ps), GFP_KERNEL);
- if (ps == NULL)
- return -ENOMEM;
+ if (ps == NULL) {
+ ret = -ENOMEM;
+ goto err_free_ps;
+ }
rdev->pm.dpm.ps[i].ps_priv = ps;
ci_parse_pplib_non_clock_info(rdev, &rdev->pm.dpm.ps[i],
non_clock_info,
@@ -5625,6 +5630,12 @@ static int ci_parse_power_table(struct radeon_device *rdev)
}
return 0;
+
+err_free_ps:
+ for (i = 0; i < rdev->pm.dpm.num_ps; i++)
+ kfree(rdev->pm.dpm.ps[i].ps_priv);
+ kfree(rdev->pm.dpm.ps);
+ return ret;
}
static int ci_get_vbios_boot_values(struct radeon_device *rdev,
@@ -5713,25 +5724,26 @@ int ci_dpm_init(struct radeon_device *rdev)
ret = ci_get_vbios_boot_values(rdev, &pi->vbios_boot_state);
if (ret) {
- ci_dpm_fini(rdev);
+ kfree(rdev->pm.dpm.priv);
return ret;
}
ret = r600_get_platform_caps(rdev);
if (ret) {
- ci_dpm_fini(rdev);
+ kfree(rdev->pm.dpm.priv);
return ret;
}
ret = r600_parse_extended_power_table(rdev);
if (ret) {
- ci_dpm_fini(rdev);
+ kfree(rdev->pm.dpm.priv);
return ret;
}
ret = ci_parse_power_table(rdev);
if (ret) {
- ci_dpm_fini(rdev);
+ kfree(rdev->pm.dpm.priv);
+ r600_free_extended_power_table(rdev);
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 055/323] Input: drv260x - sleep between polling GO bit
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 054/323] radeon: avoid double free in ci_dpm_init() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 056/323] ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Greg Kroah-Hartman
` (271 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luca Weiss, Dmitry Torokhov,
Sasha Levin
From: Luca Weiss <luca@z3ntu.xyz>
[ Upstream commit efef661dfa6bf8cbafe4cd6a97433fcef0118967 ]
When doing the initial startup there's no need to poll without any
delay and spam the I2C bus.
Let's sleep 15ms between each attempt, which is the same time as used
in the vendor driver.
Fixes: 7132fe4f5687 ("Input: drv260x - add TI drv260x haptics driver")
Signed-off-by: Luca Weiss <luca@z3ntu.xyz>
Link: https://lore.kernel.org/r/20230430-drv260x-improvements-v1-2-1fb28b4cc698@z3ntu.xyz
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/drv260x.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/input/misc/drv260x.c b/drivers/input/misc/drv260x.c
index 17eb84ab4c0b7..fe3fbde989be2 100644
--- a/drivers/input/misc/drv260x.c
+++ b/drivers/input/misc/drv260x.c
@@ -443,6 +443,7 @@ static int drv260x_init(struct drv260x_data *haptics)
}
do {
+ usleep_range(15000, 15500);
error = regmap_read(haptics->regmap, DRV260X_GO, &cal_buf);
if (error) {
dev_err(&haptics->client->dev,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 056/323] ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 055/323] Input: drv260x - sleep between polling GO bit Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 057/323] Input: adxl34x - do not hardcode interrupt trigger type Greg Kroah-Hartman
` (270 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafał Miłecki,
Florian Fainelli, Sasha Levin
From: Rafał Miłecki <rafal@milecki.pl>
[ Upstream commit d3c8e2c5757153bbfad70019ec1decbca86f3def ]
There is no such property in the SPI controller binding documentation.
Also Linux driver doesn't look for it.
This fixes:
arch/arm/boot/dts/bcm4708-asus-rt-ac56u.dtb: spi@18029200: Unevaluated properties are not allowed ('clock-names' was unexpected)
From schema: Documentation/devicetree/bindings/spi/brcm,spi-bcm-qspi.yaml
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Link: https://lore.kernel.org/r/20230503122830.3200-1-zajec5@gmail.com
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/bcm5301x.dtsi | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/arm/boot/dts/bcm5301x.dtsi b/arch/arm/boot/dts/bcm5301x.dtsi
index 6edc4bd1e7eaf..a6406a347690e 100644
--- a/arch/arm/boot/dts/bcm5301x.dtsi
+++ b/arch/arm/boot/dts/bcm5301x.dtsi
@@ -468,7 +468,6 @@ spi@18029200 {
"spi_lr_session_done",
"spi_lr_overread";
clocks = <&iprocmed>;
- clock-names = "iprocmed";
num-cs = <2>;
#address-cells = <1>;
#size-cells = <0>;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 057/323] Input: adxl34x - do not hardcode interrupt trigger type
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 056/323] ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 058/323] drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Greg Kroah-Hartman
` (269 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Michael Hennerich,
Dmitry Torokhov, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit e96220bce5176ed2309f77f061dcc0430b82b25e ]
Instead of hardcoding IRQ trigger type to IRQF_TRIGGER_HIGH, let's
respect the settings specified in the firmware description.
Fixes: e27c729219ad ("Input: add driver for ADXL345/346 Digital Accelerometers")
Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Michael Hennerich <michael.hennerich@analog.com>
Link: https://lore.kernel.org/r/20230509203555.549158-1-marex@denx.de
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/misc/adxl34x.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/input/misc/adxl34x.c b/drivers/input/misc/adxl34x.c
index 3695dd7dbb9b4..ec0c91ec52277 100644
--- a/drivers/input/misc/adxl34x.c
+++ b/drivers/input/misc/adxl34x.c
@@ -811,8 +811,7 @@ struct adxl34x *adxl34x_probe(struct device *dev, int irq,
AC_WRITE(ac, POWER_CTL, 0);
err = request_threaded_irq(ac->irq, NULL, adxl34x_irq,
- IRQF_TRIGGER_HIGH | IRQF_ONESHOT,
- dev_name(dev), ac);
+ IRQF_ONESHOT, dev_name(dev), ac);
if (err) {
dev_err(dev, "irq %d busy?\n", ac->irq);
goto err_free_mem;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 058/323] drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 057/323] Input: adxl34x - do not hardcode interrupt trigger type Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 059/323] ARM: ep93xx: fix missing-prototype warnings Greg Kroah-Hartman
` (268 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dario Binacchi, Neil Armstrong,
Sasha Levin
From: Dario Binacchi <dario.binacchi@amarulasolutions.com>
[ Upstream commit f24b49550814fdee4a98b9552e35e243ccafd4a8 ]
The previous setting was related to the overall dimension and not to the
active display area.
In the "PHYSICAL SPECIFICATIONS" section, the datasheet shows the
following parameters:
----------------------------------------------------------
| Item | Specifications | unit |
----------------------------------------------------------
| Display area | 98.7 (W) x 57.5 (H) | mm |
----------------------------------------------------------
| Overall dimension | 105.5(W) x 67.2(H) x 4.96(D) | mm |
----------------------------------------------------------
Fixes: 966fea78adf2 ("drm/panel: simple: Add support for Ampire AM-480272H3TMQW-T01H")
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
[narmstrong: fixed Fixes commit id length]
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20230516085039.3797303-1-dario.binacchi@amarulasolutions.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/panel/panel-simple.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
index a424afdcc77a1..35771e0e69fa6 100644
--- a/drivers/gpu/drm/panel/panel-simple.c
+++ b/drivers/gpu/drm/panel/panel-simple.c
@@ -405,8 +405,8 @@ static const struct panel_desc ampire_am_480272h3tmqw_t01h = {
.num_modes = 1,
.bpc = 8,
.size = {
- .width = 105,
- .height = 67,
+ .width = 99,
+ .height = 58,
},
.bus_format = MEDIA_BUS_FMT_RGB888_1X24,
};
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 059/323] ARM: ep93xx: fix missing-prototype warnings
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 058/323] drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 060/323] ASoC: es8316: Increment max value for ALC Capture Target Volume control Greg Kroah-Hartman
` (267 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Sverdlin, Arnd Bergmann,
Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 419013740ea1e4343d8ade535d999f59fa28e460 ]
ep93xx_clocksource_read() is only called from the file it is declared in,
while ep93xx_timer_init() is declared in a header that is not included here.
arch/arm/mach-ep93xx/timer-ep93xx.c:120:13: error: no previous prototype for 'ep93xx_timer_init'
arch/arm/mach-ep93xx/timer-ep93xx.c:63:5: error: no previous prototype for 'ep93xx_clocksource_read'
Fixes: 000bc17817bf ("ARM: ep93xx: switch to GENERIC_CLOCKEVENTS")
Acked-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Link: https://lore.kernel.org/r/20230516153109.514251-3-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mach-ep93xx/timer-ep93xx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-ep93xx/timer-ep93xx.c b/arch/arm/mach-ep93xx/timer-ep93xx.c
index de998830f534f..b07956883e165 100644
--- a/arch/arm/mach-ep93xx/timer-ep93xx.c
+++ b/arch/arm/mach-ep93xx/timer-ep93xx.c
@@ -9,6 +9,7 @@
#include <linux/io.h>
#include <asm/mach/time.h>
#include "soc.h"
+#include "platform.h"
/*************************************************************************
* Timer handling for EP93xx
@@ -60,7 +61,7 @@ static u64 notrace ep93xx_read_sched_clock(void)
return ret;
}
-u64 ep93xx_clocksource_read(struct clocksource *c)
+static u64 ep93xx_clocksource_read(struct clocksource *c)
{
u64 ret;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 060/323] ASoC: es8316: Increment max value for ALC Capture Target Volume control
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 059/323] ARM: ep93xx: fix missing-prototype warnings Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 061/323] soc/fsl/qe: fix usb.c build errors Greg Kroah-Hartman
` (266 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cristian Ciocaltea, Mark Brown,
Sasha Levin
From: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
[ Upstream commit 6f073429037cd79d7311cd8236311c53f5ea8f01 ]
The following error occurs when trying to restore a previously saved
ALSA mixer state (tested on a Rock 5B board):
$ alsactl --no-ucm -f /tmp/asound.state store hw:Analog
$ alsactl --no-ucm -I -f /tmp/asound.state restore hw:Analog
alsactl: set_control:1475: Cannot write control '2:0:0:ALC Capture Target Volume:0' : Invalid argument
According to ES8316 datasheet, the register at address 0x2B, which is
related to the above mixer control, contains by default the value 0xB0.
Considering the corresponding ALC target bits (ALCLVL) are 7:4, the
control is initialized with 11, which is one step above the maximum
value allowed by the driver:
ALCLVL | dB gain
-------+--------
0000 | -16.5
0001 | -15.0
0010 | -13.5
.... | .....
0111 | -6.0
1000 | -4.5
1001 | -3.0
1010 | -1.5
.... | .....
1111 | -1.5
The tests performed using the VU meter feature (--vumeter=TYPE) of
arecord/aplay confirm the specs are correct and there is no measured
gain if the 1011-1111 range would have been mapped to 0 dB:
dB gain | VU meter %
--------+-----------
-6.0 | 30-31
-4.5 | 35-36
-3.0 | 42-43
-1.5 | 50-51
0.0 | 50-51
Increment the max value allowed for ALC Capture Target Volume control,
so that it matches the hardware default. Additionally, update the
related TLV to prevent an artificial extension of the dB gain range.
Fixes: b8b88b70875a ("ASoC: add es8316 codec driver")
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Link: https://lore.kernel.org/r/20230530181140.483936-2-cristian.ciocaltea@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/es8316.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/es8316.c b/sound/soc/codecs/es8316.c
index 57130edaf3aba..834e542021fee 100644
--- a/sound/soc/codecs/es8316.c
+++ b/sound/soc/codecs/es8316.c
@@ -45,7 +45,12 @@ static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(dac_vol_tlv, -9600, 50, 1);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(adc_vol_tlv, -9600, 50, 1);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(alc_max_gain_tlv, -650, 150, 0);
static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(alc_min_gain_tlv, -1200, 150, 0);
-static const SNDRV_CTL_TLVD_DECLARE_DB_SCALE(alc_target_tlv, -1650, 150, 0);
+
+static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(alc_target_tlv,
+ 0, 10, TLV_DB_SCALE_ITEM(-1650, 150, 0),
+ 11, 11, TLV_DB_SCALE_ITEM(-150, 0, 0),
+);
+
static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(hpmixer_gain_tlv,
0, 4, TLV_DB_SCALE_ITEM(-1200, 150, 0),
8, 11, TLV_DB_SCALE_ITEM(-450, 150, 0),
@@ -107,7 +112,7 @@ static const struct snd_kcontrol_new es8316_snd_controls[] = {
alc_max_gain_tlv),
SOC_SINGLE_TLV("ALC Capture Min Volume", ES8316_ADC_ALC2, 0, 28, 0,
alc_min_gain_tlv),
- SOC_SINGLE_TLV("ALC Capture Target Volume", ES8316_ADC_ALC3, 4, 10, 0,
+ SOC_SINGLE_TLV("ALC Capture Target Volume", ES8316_ADC_ALC3, 4, 11, 0,
alc_target_tlv),
SOC_SINGLE("ALC Capture Hold Time", ES8316_ADC_ALC3, 0, 10, 0),
SOC_SINGLE("ALC Capture Decay Time", ES8316_ADC_ALC4, 4, 10, 0),
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 061/323] soc/fsl/qe: fix usb.c build errors
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 060/323] ASoC: es8316: Increment max value for ALC Capture Target Volume control Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 062/323] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors Greg Kroah-Hartman
` (265 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, kernel test robot,
Michael Ellerman, Christophe Leroy, Leo Li, Masahiro Yamada,
Nicolas Schier, Qiang Zhao, linuxppc-dev, linux-arm-kernel,
Kumar Gala, Nicolas Schier, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 7b1a78babd0d2cd27aa07255dee0c2d7ac0f31e3 ]
Fix build errors in soc/fsl/qe/usb.c when QUICC_ENGINE is not set.
This happens when PPC_EP88XC is set, which selects CPM1 & CPM.
When CPM is set, USB_FSL_QE can be set without QUICC_ENGINE
being set. When USB_FSL_QE is set, QE_USB deafults to y, which
causes build errors when QUICC_ENGINE is not set. Making
QE_USB depend on QUICC_ENGINE prevents QE_USB from defaulting to y.
Fixes these build errors:
drivers/soc/fsl/qe/usb.o: in function `qe_usb_clock_set':
usb.c:(.text+0x1e): undefined reference to `qe_immr'
powerpc-linux-ld: usb.c:(.text+0x2a): undefined reference to `qe_immr'
powerpc-linux-ld: usb.c:(.text+0xbc): undefined reference to `qe_setbrg'
powerpc-linux-ld: usb.c:(.text+0xca): undefined reference to `cmxgcr_lock'
powerpc-linux-ld: usb.c:(.text+0xce): undefined reference to `cmxgcr_lock'
Fixes: 5e41486c408e ("powerpc/QE: add support for QE USB clocks routing")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/all/202301101500.pillNv6R-lkp@intel.com/
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Leo Li <leoyang.li@nxp.com>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nicolas Schier <nicolas@fjasle.eu>
Cc: Qiang Zhao <qiang.zhao@nxp.com>
Cc: linuxppc-dev <linuxppc-dev@lists.ozlabs.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Kumar Gala <galak@kernel.crashing.org>
Acked-by: Nicolas Schier <nicolas@jasle.eu>
Signed-off-by: Li Yang <leoyang.li@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/fsl/qe/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/soc/fsl/qe/Kconfig b/drivers/soc/fsl/qe/Kconfig
index fabba17e9d65b..7ec158e2acf91 100644
--- a/drivers/soc/fsl/qe/Kconfig
+++ b/drivers/soc/fsl/qe/Kconfig
@@ -37,6 +37,7 @@ config QE_TDM
config QE_USB
bool
+ depends on QUICC_ENGINE
default y if USB_FSL_QE
help
QE USB Controller support
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 062/323] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 061/323] soc/fsl/qe: fix usb.c build errors Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 063/323] arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 Greg Kroah-Hartman
` (264 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Brendan Cunningham, Patrick Kelsey,
Dennis Dalessandro, Jason Gunthorpe, Sasha Levin
From: Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
[ Upstream commit fd8958efe8779d3db19c9124fce593ce681ac709 ]
Fix three sources of error involving struct sdma_txreq.num_descs.
When _extend_sdma_tx_descs() extends the descriptor array, it uses the
value of tx->num_descs to determine how many existing entries from the
tx's original, internal descriptor array to copy to the newly allocated
one. As this value was incremented before the call, the copy loop will
access one entry past the internal descriptor array, copying its contents
into the corresponding slot in the new array.
If the call to _extend_sdma_tx_descs() fails, _pad_smda_tx_descs() then
invokes __sdma_tx_clean() which uses the value of tx->num_desc to drive a
loop that unmaps all descriptor entries in use. As this value was
incremented before the call, the unmap loop will invoke sdma_unmap_desc()
on a descriptor entry whose contents consist of whatever random data was
copied into it during (1), leading to cascading further calls into the
kernel and driver using arbitrary data.
_sdma_close_tx() was using tx->num_descs instead of tx->num_descs - 1.
Fix all of the above by:
- Only increment .num_descs after .descp is extended.
- Use .num_descs - 1 instead of .num_descs for last .descp entry.
Fixes: f4d26d81ad7f ("staging/rdma/hfi1: Add coalescing support for SDMA TX descriptors")
Link: https://lore.kernel.org/r/167656658879.2223096.10026561343022570690.stgit@awfm-02.cornelisnetworks.com
Signed-off-by: Brendan Cunningham <bcunningham@cornelisnetworks.com>
Signed-off-by: Patrick Kelsey <pat.kelsey@cornelisnetworks.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/hfi1/sdma.c | 4 ++--
drivers/infiniband/hw/hfi1/sdma.h | 15 +++++++--------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c
index 33ff9eca28f69..245f9505a9aca 100644
--- a/drivers/infiniband/hw/hfi1/sdma.c
+++ b/drivers/infiniband/hw/hfi1/sdma.c
@@ -3202,8 +3202,7 @@ int _pad_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx)
{
int rval = 0;
- tx->num_desc++;
- if ((unlikely(tx->num_desc == tx->desc_limit))) {
+ if ((unlikely(tx->num_desc + 1 == tx->desc_limit))) {
rval = _extend_sdma_tx_descs(dd, tx);
if (rval) {
__sdma_txclean(dd, tx);
@@ -3216,6 +3215,7 @@ int _pad_sdma_tx_descs(struct hfi1_devdata *dd, struct sdma_txreq *tx)
SDMA_MAP_NONE,
dd->sdma_pad_phys,
sizeof(u32) - (tx->packet_len & (sizeof(u32) - 1)));
+ tx->num_desc++;
_sdma_close_tx(dd, tx);
return rval;
}
diff --git a/drivers/infiniband/hw/hfi1/sdma.h b/drivers/infiniband/hw/hfi1/sdma.h
index 46c775f255d14..a3dd2f3d56cca 100644
--- a/drivers/infiniband/hw/hfi1/sdma.h
+++ b/drivers/infiniband/hw/hfi1/sdma.h
@@ -680,14 +680,13 @@ static inline void sdma_txclean(struct hfi1_devdata *dd, struct sdma_txreq *tx)
static inline void _sdma_close_tx(struct hfi1_devdata *dd,
struct sdma_txreq *tx)
{
- tx->descp[tx->num_desc].qw[0] |=
- SDMA_DESC0_LAST_DESC_FLAG;
- tx->descp[tx->num_desc].qw[1] |=
- dd->default_desc1;
+ u16 last_desc = tx->num_desc - 1;
+
+ tx->descp[last_desc].qw[0] |= SDMA_DESC0_LAST_DESC_FLAG;
+ tx->descp[last_desc].qw[1] |= dd->default_desc1;
if (tx->flags & SDMA_TXREQ_F_URGENT)
- tx->descp[tx->num_desc].qw[1] |=
- (SDMA_DESC1_HEAD_TO_HOST_FLAG |
- SDMA_DESC1_INT_REQ_FLAG);
+ tx->descp[last_desc].qw[1] |= (SDMA_DESC1_HEAD_TO_HOST_FLAG |
+ SDMA_DESC1_INT_REQ_FLAG);
}
static inline int _sdma_txadd_daddr(
@@ -704,6 +703,7 @@ static inline int _sdma_txadd_daddr(
type,
addr, len);
WARN_ON(len > tx->tlen);
+ tx->num_desc++;
tx->tlen -= len;
/* special cases for last */
if (!tx->tlen) {
@@ -715,7 +715,6 @@ static inline int _sdma_txadd_daddr(
_sdma_close_tx(dd, tx);
}
}
- tx->num_desc++;
return rval;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 063/323] arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 062/323] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 064/323] fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() Greg Kroah-Hartman
` (263 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wolfram Sang, Geert Uytterhoeven,
Sasha Levin
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit 1a2c4e5635177939a088d22fa35c6a7032725663 ]
The schematics are misleading, the flow control is for HSCIF1. We need
SCIF1 for GNSS/GPS which does not use flow control.
Fixes: c6c816e22bc8 ("arm64: dts: ulcb-kf: enable SCIF1")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20230525084823.4195-2-wsa+renesas@sang-engineering.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/renesas/ulcb-kf.dtsi | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/renesas/ulcb-kf.dtsi b/arch/arm64/boot/dts/renesas/ulcb-kf.dtsi
index 8bf3091a899c8..5abffdaf4077e 100644
--- a/arch/arm64/boot/dts/renesas/ulcb-kf.dtsi
+++ b/arch/arm64/boot/dts/renesas/ulcb-kf.dtsi
@@ -165,7 +165,7 @@ hscif0_pins: hscif0 {
};
scif1_pins: scif1 {
- groups = "scif1_data_b", "scif1_ctrl";
+ groups = "scif1_data_b";
function = "scif1";
};
@@ -178,7 +178,6 @@ usb0_pins: usb0 {
&scif1 {
pinctrl-0 = <&scif1_pins>;
pinctrl-names = "default";
- uart-has-rtscts;
status = "okay";
};
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 064/323] fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 063/323] arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 065/323] drm/radeon: fix possible division-by-zero errors Greg Kroah-Hartman
` (262 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Helge Deller,
Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 79a3908d1ea6c35157a6d907b1a9d8ec06015e7a ]
If 'mipid_detect()' fails, we must free 'md' to avoid a memory leak.
Fixes: 66d2f99d0bb5 ("omapfb: add support for MIPI-DCS compatible LCDs")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/omap/lcd_mipid.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/video/fbdev/omap/lcd_mipid.c b/drivers/video/fbdev/omap/lcd_mipid.c
index e3a85432f9266..5730355ee5986 100644
--- a/drivers/video/fbdev/omap/lcd_mipid.c
+++ b/drivers/video/fbdev/omap/lcd_mipid.c
@@ -576,11 +576,15 @@ static int mipid_spi_probe(struct spi_device *spi)
r = mipid_detect(md);
if (r < 0)
- return r;
+ goto free_md;
omapfb_register_panel(&md->panel);
return 0;
+
+free_md:
+ kfree(md);
+ return r;
}
static int mipid_spi_remove(struct spi_device *spi)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 065/323] drm/radeon: fix possible division-by-zero errors
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 064/323] fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 066/323] ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer Greg Kroah-Hartman
` (261 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nikita Zhandarovich, Alex Deucher,
Sasha Levin
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
[ Upstream commit 1becc57cd1a905e2aa0e1eca60d2a37744525c4a ]
Function rv740_get_decoded_reference_divider() may return 0 due to
unpredictable reference divider value calculated in
radeon_atom_get_clock_dividers(). This will lead to
division-by-zero error once that value is used as a divider
in calculating 'clk_s'.
While unlikely, this issue should nonetheless be prevented so add a
sanity check for such cases by testing 'decoded_ref' value against 0.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
v2: minor coding style fixes (Alex)
In practice this should actually happen as the vbios should be
properly populated.
Fixes: 66229b200598 ("drm/radeon/kms: add dpm support for rv7xx (v4)")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/radeon/cypress_dpm.c | 8 ++++++--
drivers/gpu/drm/radeon/ni_dpm.c | 8 ++++++--
drivers/gpu/drm/radeon/rv740_dpm.c | 8 ++++++--
3 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/radeon/cypress_dpm.c b/drivers/gpu/drm/radeon/cypress_dpm.c
index 3eb7899a4035b..2c637e04dfebc 100644
--- a/drivers/gpu/drm/radeon/cypress_dpm.c
+++ b/drivers/gpu/drm/radeon/cypress_dpm.c
@@ -558,8 +558,12 @@ static int cypress_populate_mclk_value(struct radeon_device *rdev,
ASIC_INTERNAL_MEMORY_SS, vco_freq)) {
u32 reference_clock = rdev->clock.mpll.reference_freq;
u32 decoded_ref = rv740_get_decoded_reference_divider(dividers.ref_div);
- u32 clk_s = reference_clock * 5 / (decoded_ref * ss.rate);
- u32 clk_v = ss.percentage *
+ u32 clk_s, clk_v;
+
+ if (!decoded_ref)
+ return -EINVAL;
+ clk_s = reference_clock * 5 / (decoded_ref * ss.rate);
+ clk_v = ss.percentage *
(0x4000 * dividers.whole_fb_div + 0x800 * dividers.frac_fb_div) / (clk_s * 625);
mpll_ss1 &= ~CLKV_MASK;
diff --git a/drivers/gpu/drm/radeon/ni_dpm.c b/drivers/gpu/drm/radeon/ni_dpm.c
index a7273c01de34b..2a9d415400f79 100644
--- a/drivers/gpu/drm/radeon/ni_dpm.c
+++ b/drivers/gpu/drm/radeon/ni_dpm.c
@@ -2239,8 +2239,12 @@ static int ni_populate_mclk_value(struct radeon_device *rdev,
ASIC_INTERNAL_MEMORY_SS, vco_freq)) {
u32 reference_clock = rdev->clock.mpll.reference_freq;
u32 decoded_ref = rv740_get_decoded_reference_divider(dividers.ref_div);
- u32 clk_s = reference_clock * 5 / (decoded_ref * ss.rate);
- u32 clk_v = ss.percentage *
+ u32 clk_s, clk_v;
+
+ if (!decoded_ref)
+ return -EINVAL;
+ clk_s = reference_clock * 5 / (decoded_ref * ss.rate);
+ clk_v = ss.percentage *
(0x4000 * dividers.whole_fb_div + 0x800 * dividers.frac_fb_div) / (clk_s * 625);
mpll_ss1 &= ~CLKV_MASK;
diff --git a/drivers/gpu/drm/radeon/rv740_dpm.c b/drivers/gpu/drm/radeon/rv740_dpm.c
index afd597ec50858..50290e93c79dc 100644
--- a/drivers/gpu/drm/radeon/rv740_dpm.c
+++ b/drivers/gpu/drm/radeon/rv740_dpm.c
@@ -251,8 +251,12 @@ int rv740_populate_mclk_value(struct radeon_device *rdev,
ASIC_INTERNAL_MEMORY_SS, vco_freq)) {
u32 reference_clock = rdev->clock.mpll.reference_freq;
u32 decoded_ref = rv740_get_decoded_reference_divider(dividers.ref_div);
- u32 clk_s = reference_clock * 5 / (decoded_ref * ss.rate);
- u32 clk_v = 0x40000 * ss.percentage *
+ u32 clk_s, clk_v;
+
+ if (!decoded_ref)
+ return -EINVAL;
+ clk_s = reference_clock * 5 / (decoded_ref * ss.rate);
+ clk_v = 0x40000 * ss.percentage *
(dividers.whole_fb_div + (dividers.frac_fb_div / 8)) / (clk_s * 10000);
mpll_ss1 &= ~CLKV_MASK;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 066/323] ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 065/323] drm/radeon: fix possible division-by-zero errors Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 067/323] scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() Greg Kroah-Hartman
` (260 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Su Hui, Takashi Iwai, Sasha Levin
From: Su Hui <suhui@nfschina.com>
[ Upstream commit 79597c8bf64ca99eab385115743131d260339da5 ]
smatch error:
sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:
we previously assumed 'rac97' could be null (see line 2072)
remove redundant assignment, return error if rac97 is NULL.
Fixes: da3cec35dd3c ("ALSA: Kill snd_assert() in sound/pci/*")
Signed-off-by: Su Hui <suhui@nfschina.com>
Link: https://lore.kernel.org/r/20230615021732.1972194-1-suhui@nfschina.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/ac97/ac97_codec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
index a276c4283c7bb..3f13666a01904 100644
--- a/sound/pci/ac97/ac97_codec.c
+++ b/sound/pci/ac97/ac97_codec.c
@@ -2026,8 +2026,8 @@ int snd_ac97_mixer(struct snd_ac97_bus *bus, struct snd_ac97_template *template,
.dev_disconnect = snd_ac97_dev_disconnect,
};
- if (rac97)
- *rac97 = NULL;
+ if (!rac97)
+ return -EINVAL;
if (snd_BUG_ON(!bus || !template))
return -EINVAL;
if (snd_BUG_ON(template->num >= 4))
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 067/323] scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 066/323] ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 068/323] PCI: Add pci_clear_master() stub for non-CONFIG_PCI Greg Kroah-Hartman
` (259 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuchen Yang, Dan Carpenter,
Martin K. Petersen, Sasha Levin
From: Yuchen Yang <u202114568@hust.edu.cn>
[ Upstream commit 2e2fe5ac695a00ab03cab4db1f4d6be07168ed9d ]
Smatch complains that:
tw_probe() warn: missing error code 'retval'
This patch adds error checking to tw_probe() to handle initialization
failure. If tw_reset_sequence() function returns a non-zero value, the
function will return -EINVAL to indicate initialization failure.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yuchen Yang <u202114568@hust.edu.cn>
Link: https://lore.kernel.org/r/20230505141259.7730-1-u202114568@hust.edu.cn
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/3w-xxxx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/3w-xxxx.c b/drivers/scsi/3w-xxxx.c
index 471366945bd4f..8a61e832607eb 100644
--- a/drivers/scsi/3w-xxxx.c
+++ b/drivers/scsi/3w-xxxx.c
@@ -2303,8 +2303,10 @@ static int tw_probe(struct pci_dev *pdev, const struct pci_device_id *dev_id)
TW_DISABLE_INTERRUPTS(tw_dev);
/* Initialize the card */
- if (tw_reset_sequence(tw_dev))
+ if (tw_reset_sequence(tw_dev)) {
+ retval = -EINVAL;
goto out_release_mem_region;
+ }
/* Set host specific parameters */
host->max_id = TW_MAX_UNITS;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 068/323] PCI: Add pci_clear_master() stub for non-CONFIG_PCI
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 067/323] scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 069/323] pinctrl: cherryview: Return correct value if pin in push-pull mode Greg Kroah-Hartman
` (258 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sui Jingfeng, Bjorn Helgaas,
Geert Uytterhoeven, Sasha Levin
From: Sui Jingfeng <suijingfeng@loongson.cn>
[ Upstream commit 2aa5ac633259843f656eb6ecff4cf01e8e810c5e ]
Add a pci_clear_master() stub when CONFIG_PCI is not set so drivers that
support both PCI and platform devices don't need #ifdefs or extra Kconfig
symbols for the PCI parts.
[bhelgaas: commit log]
Fixes: 6a479079c072 ("PCI: Add pci_clear_master() as opposite of pci_set_master()")
Link: https://lore.kernel.org/r/20230531102744.2354313-1-suijingfeng@loongson.cn
Signed-off-by: Sui Jingfeng <suijingfeng@loongson.cn>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/pci.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/linux/pci.h b/include/linux/pci.h
index 3e06e9790c255..1d1b0bfd51968 100644
--- a/include/linux/pci.h
+++ b/include/linux/pci.h
@@ -1643,6 +1643,7 @@ static inline struct pci_dev *pci_get_class(unsigned int class,
#define pci_dev_put(dev) do { } while (0)
static inline void pci_set_master(struct pci_dev *dev) { }
+static inline void pci_clear_master(struct pci_dev *dev) { }
static inline int pci_enable_device(struct pci_dev *dev) { return -EIO; }
static inline void pci_disable_device(struct pci_dev *dev) { }
static inline int pci_assign_resource(struct pci_dev *dev, int i)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 069/323] pinctrl: cherryview: Return correct value if pin in push-pull mode
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 068/323] PCI: Add pci_clear_master() stub for non-CONFIG_PCI Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 070/323] perf dwarf-aux: Fix off-by-one in die_get_varname() Greg Kroah-Hartman
` (257 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mika Westerberg, Andy Shevchenko,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 5835196a17be5cfdcad0b617f90cf4abe16951a4 ]
Currently the getter returns ENOTSUPP on pin configured in
the push-pull mode. Fix this by adding the missed switch case.
Fixes: ccdf81d08dbe ("pinctrl: cherryview: add option to set open-drain pin config")
Fixes: 6e08d6bbebeb ("pinctrl: Add Intel Cherryview/Braswell pin controller support")
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/intel/pinctrl-cherryview.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/pinctrl/intel/pinctrl-cherryview.c b/drivers/pinctrl/intel/pinctrl-cherryview.c
index 25932d2a71547..ef8eb42e4d383 100644
--- a/drivers/pinctrl/intel/pinctrl-cherryview.c
+++ b/drivers/pinctrl/intel/pinctrl-cherryview.c
@@ -1032,11 +1032,6 @@ static int chv_config_get(struct pinctrl_dev *pctldev, unsigned pin,
break;
- case PIN_CONFIG_DRIVE_OPEN_DRAIN:
- if (!(ctrl1 & CHV_PADCTRL1_ODEN))
- return -EINVAL;
- break;
-
case PIN_CONFIG_BIAS_HIGH_IMPEDANCE: {
u32 cfg;
@@ -1046,6 +1041,16 @@ static int chv_config_get(struct pinctrl_dev *pctldev, unsigned pin,
return -EINVAL;
break;
+
+ case PIN_CONFIG_DRIVE_PUSH_PULL:
+ if (ctrl1 & CHV_PADCTRL1_ODEN)
+ return -EINVAL;
+ break;
+
+ case PIN_CONFIG_DRIVE_OPEN_DRAIN:
+ if (!(ctrl1 & CHV_PADCTRL1_ODEN))
+ return -EINVAL;
+ break;
}
default:
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 070/323] perf dwarf-aux: Fix off-by-one in die_get_varname()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 069/323] pinctrl: cherryview: Return correct value if pin in push-pull mode Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 071/323] pinctrl: at91-pio4: check return value of devm_kasprintf() Greg Kroah-Hartman
` (256 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Namhyung Kim, Adrian Hunter,
Ian Rogers, Ingo Molnar, Jiri Olsa, Masami Hiramatsu,
Peter Zijlstra, Arnaldo Carvalho de Melo, Sasha Levin
From: Namhyung Kim <namhyung@kernel.org>
[ Upstream commit 3abfcfd847717d232e36963f31a361747c388fe7 ]
The die_get_varname() returns "(unknown_type)" string if it failed to
find a type for the variable. But it had a space before the opening
parenthesis and it made the closing parenthesis cut off due to the
off-by-one in the string length (14).
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Fixes: 88fd633cdfa19060 ("perf probe: No need to use formatting strbuf method")
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20230612234102.3909116-1-namhyung@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/util/dwarf-aux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c
index 6de57d9ee7cc2..db099dc20a682 100644
--- a/tools/perf/util/dwarf-aux.c
+++ b/tools/perf/util/dwarf-aux.c
@@ -1020,7 +1020,7 @@ int die_get_varname(Dwarf_Die *vr_die, struct strbuf *buf)
ret = die_get_typename(vr_die, buf);
if (ret < 0) {
pr_debug("Failed to get type, make it unknown.\n");
- ret = strbuf_add(buf, " (unknown_type)", 14);
+ ret = strbuf_add(buf, "(unknown_type)", 14);
}
return ret < 0 ? ret : strbuf_addf(buf, "\t%s", dwarf_diename(vr_die));
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 071/323] pinctrl: at91-pio4: check return value of devm_kasprintf()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 070/323] perf dwarf-aux: Fix off-by-one in die_get_varname() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 072/323] hwrng: virtio - add an internal buffer Greg Kroah-Hartman
` (255 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Andy Shevchenko,
Linus Walleij, Sasha Levin
From: Claudiu Beznea <claudiu.beznea@microchip.com>
[ Upstream commit f6fd5d4ff8ca0b24cee1af4130bcb1fa96b61aa0 ]
devm_kasprintf() returns a pointer to dynamically allocated memory.
Pointer could be NULL in case allocation fails. Check pointer validity.
Identified with coccinelle (kmerr.cocci script).
Fixes: 776180848b57 ("pinctrl: introduce driver for Atmel PIO4 controller")
Depends-on: 1c4e5c470a56 ("pinctrl: at91: use devm_kasprintf() to avoid potential leaks")
Depends-on: 5a8f9cf269e8 ("pinctrl: at91-pio4: use proper format specifier for unsigned int")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230615105333.585304-4-claudiu.beznea@microchip.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-at91-pio4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pinctrl/pinctrl-at91-pio4.c b/drivers/pinctrl/pinctrl-at91-pio4.c
index 5b883eb49ce92..cbbda24bf6a80 100644
--- a/drivers/pinctrl/pinctrl-at91-pio4.c
+++ b/drivers/pinctrl/pinctrl-at91-pio4.c
@@ -1024,6 +1024,8 @@ static int atmel_pinctrl_probe(struct platform_device *pdev)
/* Pin naming convention: P(bank_name)(bank_pin_number). */
pin_desc[i].name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "P%c%d",
bank + 'A', line);
+ if (!pin_desc[i].name)
+ return -ENOMEM;
group->name = group_names[i] = pin_desc[i].name;
group->pin = pin_desc[i].number;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 072/323] hwrng: virtio - add an internal buffer
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 071/323] pinctrl: at91-pio4: check return value of devm_kasprintf() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 073/323] hwrng: virtio - dont wait on cleanup Greg Kroah-Hartman
` (254 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Vivier, Michael S. Tsirkin,
Sasha Levin
From: Laurent Vivier <lvivier@redhat.com>
[ Upstream commit bf3175bc50a3754dc427e2f5046e17a9fafc8be7 ]
hwrng core uses two buffers that can be mixed in the
virtio-rng queue.
If the buffer is provided with wait=0 it is enqueued in the
virtio-rng queue but unused by the caller.
On the next call, core provides another buffer but the
first one is filled instead and the new one queued.
And the caller reads the data from the new one that is not
updated, and the data in the first one are lost.
To avoid this mix, virtio-rng needs to use its own unique
internal buffer at a cost of a data copy to the caller buffer.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Link: https://lore.kernel.org/r/20211028101111.128049-2-lvivier@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Stable-dep-of: ac52578d6e8d ("hwrng: virtio - Fix race on data_avail and actual data")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/virtio-rng.c | 43 ++++++++++++++++++++++-------
1 file changed, 33 insertions(+), 10 deletions(-)
diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
index 7abd604e938c2..999f523c80c1e 100644
--- a/drivers/char/hw_random/virtio-rng.c
+++ b/drivers/char/hw_random/virtio-rng.c
@@ -30,13 +30,20 @@ static DEFINE_IDA(rng_index_ida);
struct virtrng_info {
struct hwrng hwrng;
struct virtqueue *vq;
- struct completion have_data;
char name[25];
- unsigned int data_avail;
int index;
bool busy;
bool hwrng_register_done;
bool hwrng_removed;
+ /* data transfer */
+ struct completion have_data;
+ unsigned int data_avail;
+ /* minimal size returned by rng_buffer_size() */
+#if SMP_CACHE_BYTES < 32
+ u8 data[32];
+#else
+ u8 data[SMP_CACHE_BYTES];
+#endif
};
static void random_recv_done(struct virtqueue *vq)
@@ -51,14 +58,14 @@ static void random_recv_done(struct virtqueue *vq)
}
/* The host will fill any buffer we give it with sweet, sweet randomness. */
-static void register_buffer(struct virtrng_info *vi, u8 *buf, size_t size)
+static void register_buffer(struct virtrng_info *vi)
{
struct scatterlist sg;
- sg_init_one(&sg, buf, size);
+ sg_init_one(&sg, vi->data, sizeof(vi->data));
/* There should always be room for one buffer. */
- virtqueue_add_inbuf(vi->vq, &sg, 1, buf, GFP_KERNEL);
+ virtqueue_add_inbuf(vi->vq, &sg, 1, vi->data, GFP_KERNEL);
virtqueue_kick(vi->vq);
}
@@ -67,6 +74,8 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
{
int ret;
struct virtrng_info *vi = (struct virtrng_info *)rng->priv;
+ unsigned int chunk;
+ size_t read;
if (vi->hwrng_removed)
return -ENODEV;
@@ -74,19 +83,33 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
if (!vi->busy) {
vi->busy = true;
reinit_completion(&vi->have_data);
- register_buffer(vi, buf, size);
+ register_buffer(vi);
}
if (!wait)
return 0;
- ret = wait_for_completion_killable(&vi->have_data);
- if (ret < 0)
- return ret;
+ read = 0;
+ while (size != 0) {
+ ret = wait_for_completion_killable(&vi->have_data);
+ if (ret < 0)
+ return ret;
+
+ chunk = min_t(unsigned int, size, vi->data_avail);
+ memcpy(buf + read, vi->data, chunk);
+ read += chunk;
+ size -= chunk;
+ vi->data_avail = 0;
+
+ if (size != 0) {
+ reinit_completion(&vi->have_data);
+ register_buffer(vi);
+ }
+ }
vi->busy = false;
- return vi->data_avail;
+ return read;
}
static void virtio_cleanup(struct hwrng *rng)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 073/323] hwrng: virtio - dont wait on cleanup
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 072/323] hwrng: virtio - add an internal buffer Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 074/323] hwrng: virtio - dont waste entropy Greg Kroah-Hartman
` (253 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Vivier, Michael S. Tsirkin,
Sasha Levin
From: Laurent Vivier <lvivier@redhat.com>
[ Upstream commit 2bb31abdbe55742c89f4dc0cc26fcbc8467364f6 ]
When virtio-rng device was dropped by the hwrng core we were forced
to wait the buffer to come back from the device to not have
remaining ongoing operation that could spoil the buffer.
But now, as the buffer is internal to the virtio-rng we can release
the waiting loop immediately, the buffer will be retrieve and use
when the virtio-rng driver will be selected again.
This avoids to hang on an rng_current write command if the virtio-rng
device is blocked by a lack of entropy. This allows to select
another entropy source if the current one is empty.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Link: https://lore.kernel.org/r/20211028101111.128049-3-lvivier@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Stable-dep-of: ac52578d6e8d ("hwrng: virtio - Fix race on data_avail and actual data")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/virtio-rng.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
index 999f523c80c1e..9a3fbd2b41107 100644
--- a/drivers/char/hw_random/virtio-rng.c
+++ b/drivers/char/hw_random/virtio-rng.c
@@ -94,6 +94,11 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
ret = wait_for_completion_killable(&vi->have_data);
if (ret < 0)
return ret;
+ /* if vi->data_avail is 0, we have been interrupted
+ * by a cleanup, but buffer stays in the queue
+ */
+ if (vi->data_avail == 0)
+ return read;
chunk = min_t(unsigned int, size, vi->data_avail);
memcpy(buf + read, vi->data, chunk);
@@ -117,7 +122,7 @@ static void virtio_cleanup(struct hwrng *rng)
struct virtrng_info *vi = (struct virtrng_info *)rng->priv;
if (vi->busy)
- wait_for_completion(&vi->have_data);
+ complete(&vi->have_data);
}
static int probe_common(struct virtio_device *vdev)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 074/323] hwrng: virtio - dont waste entropy
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 073/323] hwrng: virtio - dont wait on cleanup Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 075/323] hwrng: virtio - always add a pending request Greg Kroah-Hartman
` (252 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Vivier, Michael S. Tsirkin,
Sasha Levin
From: Laurent Vivier <lvivier@redhat.com>
[ Upstream commit 5c8e933050044d6dd2a000f9a5756ae73cbe7c44 ]
if we don't use all the entropy available in the buffer, keep it
and use it later.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Link: https://lore.kernel.org/r/20211028101111.128049-4-lvivier@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Stable-dep-of: ac52578d6e8d ("hwrng: virtio - Fix race on data_avail and actual data")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/virtio-rng.c | 52 +++++++++++++++++++----------
1 file changed, 35 insertions(+), 17 deletions(-)
diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
index 9a3fbd2b41107..c88f175e60a4c 100644
--- a/drivers/char/hw_random/virtio-rng.c
+++ b/drivers/char/hw_random/virtio-rng.c
@@ -38,6 +38,7 @@ struct virtrng_info {
/* data transfer */
struct completion have_data;
unsigned int data_avail;
+ unsigned int data_idx;
/* minimal size returned by rng_buffer_size() */
#if SMP_CACHE_BYTES < 32
u8 data[32];
@@ -54,6 +55,9 @@ static void random_recv_done(struct virtqueue *vq)
if (!virtqueue_get_buf(vi->vq, &vi->data_avail))
return;
+ vi->data_idx = 0;
+ vi->busy = false;
+
complete(&vi->have_data);
}
@@ -70,6 +74,16 @@ static void register_buffer(struct virtrng_info *vi)
virtqueue_kick(vi->vq);
}
+static unsigned int copy_data(struct virtrng_info *vi, void *buf,
+ unsigned int size)
+{
+ size = min_t(unsigned int, size, vi->data_avail);
+ memcpy(buf, vi->data + vi->data_idx, size);
+ vi->data_idx += size;
+ vi->data_avail -= size;
+ return size;
+}
+
static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
{
int ret;
@@ -80,17 +94,29 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
if (vi->hwrng_removed)
return -ENODEV;
- if (!vi->busy) {
- vi->busy = true;
- reinit_completion(&vi->have_data);
- register_buffer(vi);
+ read = 0;
+
+ /* copy available data */
+ if (vi->data_avail) {
+ chunk = copy_data(vi, buf, size);
+ size -= chunk;
+ read += chunk;
}
if (!wait)
- return 0;
+ return read;
- read = 0;
+ /* We have already copied available entropy,
+ * so either size is 0 or data_avail is 0
+ */
while (size != 0) {
+ /* data_avail is 0 */
+ if (!vi->busy) {
+ /* no pending request, ask for more */
+ vi->busy = true;
+ reinit_completion(&vi->have_data);
+ register_buffer(vi);
+ }
ret = wait_for_completion_killable(&vi->have_data);
if (ret < 0)
return ret;
@@ -100,20 +126,11 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
if (vi->data_avail == 0)
return read;
- chunk = min_t(unsigned int, size, vi->data_avail);
- memcpy(buf + read, vi->data, chunk);
- read += chunk;
+ chunk = copy_data(vi, buf + read, size);
size -= chunk;
- vi->data_avail = 0;
-
- if (size != 0) {
- reinit_completion(&vi->have_data);
- register_buffer(vi);
- }
+ read += chunk;
}
- vi->busy = false;
-
return read;
}
@@ -173,6 +190,7 @@ static void remove_common(struct virtio_device *vdev)
vi->hwrng_removed = true;
vi->data_avail = 0;
+ vi->data_idx = 0;
complete(&vi->have_data);
vdev->config->reset(vdev);
vi->busy = false;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 075/323] hwrng: virtio - always add a pending request
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 074/323] hwrng: virtio - dont waste entropy Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 076/323] hwrng: virtio - Fix race on data_avail and actual data Greg Kroah-Hartman
` (251 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Vivier, Michael S. Tsirkin,
Sasha Levin
From: Laurent Vivier <lvivier@redhat.com>
[ Upstream commit 9a4b612d675b03f7fc9fa1957ca399c8223f3954 ]
If we ensure we have already some data available by enqueuing
again the buffer once data are exhausted, we can return what we
have without waiting for the device answer.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Link: https://lore.kernel.org/r/20211028101111.128049-5-lvivier@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Stable-dep-of: ac52578d6e8d ("hwrng: virtio - Fix race on data_avail and actual data")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/virtio-rng.c | 26 ++++++++++++--------------
1 file changed, 12 insertions(+), 14 deletions(-)
diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
index c88f175e60a4c..a84248c26fd7f 100644
--- a/drivers/char/hw_random/virtio-rng.c
+++ b/drivers/char/hw_random/virtio-rng.c
@@ -32,7 +32,6 @@ struct virtrng_info {
struct virtqueue *vq;
char name[25];
int index;
- bool busy;
bool hwrng_register_done;
bool hwrng_removed;
/* data transfer */
@@ -56,16 +55,18 @@ static void random_recv_done(struct virtqueue *vq)
return;
vi->data_idx = 0;
- vi->busy = false;
complete(&vi->have_data);
}
-/* The host will fill any buffer we give it with sweet, sweet randomness. */
-static void register_buffer(struct virtrng_info *vi)
+static void request_entropy(struct virtrng_info *vi)
{
struct scatterlist sg;
+ reinit_completion(&vi->have_data);
+ vi->data_avail = 0;
+ vi->data_idx = 0;
+
sg_init_one(&sg, vi->data, sizeof(vi->data));
/* There should always be room for one buffer. */
@@ -81,6 +82,8 @@ static unsigned int copy_data(struct virtrng_info *vi, void *buf,
memcpy(buf, vi->data + vi->data_idx, size);
vi->data_idx += size;
vi->data_avail -= size;
+ if (vi->data_avail == 0)
+ request_entropy(vi);
return size;
}
@@ -110,13 +113,7 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
* so either size is 0 or data_avail is 0
*/
while (size != 0) {
- /* data_avail is 0 */
- if (!vi->busy) {
- /* no pending request, ask for more */
- vi->busy = true;
- reinit_completion(&vi->have_data);
- register_buffer(vi);
- }
+ /* data_avail is 0 but a request is pending */
ret = wait_for_completion_killable(&vi->have_data);
if (ret < 0)
return ret;
@@ -138,8 +135,7 @@ static void virtio_cleanup(struct hwrng *rng)
{
struct virtrng_info *vi = (struct virtrng_info *)rng->priv;
- if (vi->busy)
- complete(&vi->have_data);
+ complete(&vi->have_data);
}
static int probe_common(struct virtio_device *vdev)
@@ -175,6 +171,9 @@ static int probe_common(struct virtio_device *vdev)
goto err_find;
}
+ /* we always have a pending entropy request */
+ request_entropy(vi);
+
return 0;
err_find:
@@ -193,7 +192,6 @@ static void remove_common(struct virtio_device *vdev)
vi->data_idx = 0;
complete(&vi->have_data);
vdev->config->reset(vdev);
- vi->busy = false;
if (vi->hwrng_register_done)
hwrng_unregister(&vi->hwrng);
vdev->config->del_vqs(vdev);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 076/323] hwrng: virtio - Fix race on data_avail and actual data
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 075/323] hwrng: virtio - always add a pending request Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 077/323] crypto: nx - fix build warnings when DEBUG_FS is not enabled Greg Kroah-Hartman
` (250 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+726dc8c62c3536431ceb,
Herbert Xu, Michael S. Tsirkin, Sasha Levin
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit ac52578d6e8d300dd50f790f29a24169b1edd26c ]
The virtio rng device kicks off a new entropy request whenever the
data available reaches zero. When a new request occurs at the end
of a read operation, that is, when the result of that request is
only needed by the next reader, then there is a race between the
writing of the new data and the next reader.
This is because there is no synchronisation whatsoever between the
writer and the reader.
Fix this by writing data_avail with smp_store_release and reading
it with smp_load_acquire when we first enter read. The subsequent
reads are safe because they're either protected by the first load
acquire, or by the completion mechanism.
Also remove the redundant zeroing of data_idx in random_recv_done
(data_idx must already be zero at this point) and data_avail in
request_entropy (ditto).
Reported-by: syzbot+726dc8c62c3536431ceb@syzkaller.appspotmail.com
Fixes: f7f510ec1957 ("virtio: An entropy device, as suggested by hpa.")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/hw_random/virtio-rng.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c
index a84248c26fd7f..58884d8752011 100644
--- a/drivers/char/hw_random/virtio-rng.c
+++ b/drivers/char/hw_random/virtio-rng.c
@@ -17,6 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include <asm/barrier.h>
#include <linux/err.h>
#include <linux/hw_random.h>
#include <linux/scatterlist.h>
@@ -49,13 +50,13 @@ struct virtrng_info {
static void random_recv_done(struct virtqueue *vq)
{
struct virtrng_info *vi = vq->vdev->priv;
+ unsigned int len;
/* We can get spurious callbacks, e.g. shared IRQs + virtio_pci. */
- if (!virtqueue_get_buf(vi->vq, &vi->data_avail))
+ if (!virtqueue_get_buf(vi->vq, &len))
return;
- vi->data_idx = 0;
-
+ smp_store_release(&vi->data_avail, len);
complete(&vi->have_data);
}
@@ -64,7 +65,6 @@ static void request_entropy(struct virtrng_info *vi)
struct scatterlist sg;
reinit_completion(&vi->have_data);
- vi->data_avail = 0;
vi->data_idx = 0;
sg_init_one(&sg, vi->data, sizeof(vi->data));
@@ -100,7 +100,7 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait)
read = 0;
/* copy available data */
- if (vi->data_avail) {
+ if (smp_load_acquire(&vi->data_avail)) {
chunk = copy_data(vi, buf, size);
size -= chunk;
read += chunk;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 077/323] crypto: nx - fix build warnings when DEBUG_FS is not enabled
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 076/323] hwrng: virtio - Fix race on data_avail and actual data Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 078/323] modpost: fix section mismatch message for R_ARM_ABS32 Greg Kroah-Hartman
` (249 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Breno Leitão,
Nayna Jain, Paulo Flabiano Smorigo, Herbert Xu, David S. Miller,
linux-crypto, Michael Ellerman, Nicholas Piggin, Christophe Leroy,
linuxppc-dev, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit b04b076fb56560b39d695ac3744db457e12278fd ]
Fix build warnings when DEBUG_FS is not enabled by using an empty
do-while loop instead of a value:
In file included from ../drivers/crypto/nx/nx.c:27:
../drivers/crypto/nx/nx.c: In function 'nx_register_algs':
../drivers/crypto/nx/nx.h:173:33: warning: statement with no effect [-Wunused-value]
173 | #define NX_DEBUGFS_INIT(drv) (0)
../drivers/crypto/nx/nx.c:573:9: note: in expansion of macro 'NX_DEBUGFS_INIT'
573 | NX_DEBUGFS_INIT(&nx_driver);
../drivers/crypto/nx/nx.c: In function 'nx_remove':
../drivers/crypto/nx/nx.h:174:33: warning: statement with no effect [-Wunused-value]
174 | #define NX_DEBUGFS_FINI(drv) (0)
../drivers/crypto/nx/nx.c:793:17: note: in expansion of macro 'NX_DEBUGFS_FINI'
793 | NX_DEBUGFS_FINI(&nx_driver);
Also, there is no need to build nx_debugfs.o when DEBUG_FS is not
enabled, so change the Makefile to accommodate that.
Fixes: ae0222b7289d ("powerpc/crypto: nx driver code supporting nx encryption")
Fixes: aef7b31c8833 ("powerpc/crypto: Build files for the nx device driver")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Breno Leitão <leitao@debian.org>
Cc: Nayna Jain <nayna@linux.ibm.com>
Cc: Paulo Flabiano Smorigo <pfsmorigo@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/nx/Makefile | 2 +-
drivers/crypto/nx/nx.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/nx/Makefile b/drivers/crypto/nx/Makefile
index 015155da59c29..76139865d7fa1 100644
--- a/drivers/crypto/nx/Makefile
+++ b/drivers/crypto/nx/Makefile
@@ -1,7 +1,6 @@
# SPDX-License-Identifier: GPL-2.0
obj-$(CONFIG_CRYPTO_DEV_NX_ENCRYPT) += nx-crypto.o
nx-crypto-objs := nx.o \
- nx_debugfs.o \
nx-aes-cbc.o \
nx-aes-ecb.o \
nx-aes-gcm.o \
@@ -11,6 +10,7 @@ nx-crypto-objs := nx.o \
nx-sha256.o \
nx-sha512.o
+nx-crypto-$(CONFIG_DEBUG_FS) += nx_debugfs.o
obj-$(CONFIG_CRYPTO_DEV_NX_COMPRESS_PSERIES) += nx-compress-pseries.o nx-compress.o
obj-$(CONFIG_CRYPTO_DEV_NX_COMPRESS_POWERNV) += nx-compress-powernv.o nx-compress.o
nx-compress-objs := nx-842.o
diff --git a/drivers/crypto/nx/nx.h b/drivers/crypto/nx/nx.h
index c3e54af18645c..ebad937a9545c 100644
--- a/drivers/crypto/nx/nx.h
+++ b/drivers/crypto/nx/nx.h
@@ -180,8 +180,8 @@ struct nx_sg *nx_walk_and_build(struct nx_sg *, unsigned int,
int nx_debugfs_init(struct nx_crypto_driver *);
void nx_debugfs_fini(struct nx_crypto_driver *);
#else
-#define NX_DEBUGFS_INIT(drv) (0)
-#define NX_DEBUGFS_FINI(drv) (0)
+#define NX_DEBUGFS_INIT(drv) do {} while (0)
+#define NX_DEBUGFS_FINI(drv) do {} while (0)
#endif
#define NX_PAGE_NUM(x) ((u64)(x) & 0xfffffffffffff000ULL)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 078/323] modpost: fix section mismatch message for R_ARM_ABS32
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 077/323] crypto: nx - fix build warnings when DEBUG_FS is not enabled Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 079/323] modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} Greg Kroah-Hartman
` (248 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit b7c63520f6703a25eebb4f8138fed764fcae1c6f ]
addend_arm_rel() processes R_ARM_ABS32 in a wrong way.
Here, test code.
[test code 1]
#include <linux/init.h>
int __initdata foo;
int get_foo(void) { return foo; }
If you compile it with ARM versatile_defconfig, modpost will show the
symbol name, (unknown).
WARNING: modpost: vmlinux.o: section mismatch in reference: get_foo (section: .text) -> (unknown) (section: .init.data)
(You need to use GNU linker instead of LLD to reproduce it.)
If you compile it for other architectures, modpost will show the correct
symbol name.
WARNING: modpost: vmlinux.o: section mismatch in reference: get_foo (section: .text) -> foo (section: .init.data)
For R_ARM_ABS32, addend_arm_rel() sets r->r_addend to a wrong value.
I just mimicked the code in arch/arm/kernel/module.c.
However, there is more difficulty for ARM.
Here, test code.
[test code 2]
#include <linux/init.h>
int __initdata foo;
int get_foo(void) { return foo; }
int __initdata bar;
int get_bar(void) { return bar; }
With this commit applied, modpost will show the following messages
for ARM versatile_defconfig:
WARNING: modpost: vmlinux.o: section mismatch in reference: get_foo (section: .text) -> foo (section: .init.data)
WARNING: modpost: vmlinux.o: section mismatch in reference: get_bar (section: .text) -> foo (section: .init.data)
The reference from 'get_bar' to 'foo' seems wrong.
I have no solution for this because it is true in assembly level.
In the following output, relocation at 0x1c is no longer associated
with 'bar'. The two relocation entries point to the same symbol, and
the offset to 'bar' is encoded in the instruction 'r0, [r3, #4]'.
Disassembly of section .text:
00000000 <get_foo>:
0: e59f3004 ldr r3, [pc, #4] @ c <get_foo+0xc>
4: e5930000 ldr r0, [r3]
8: e12fff1e bx lr
c: 00000000 .word 0x00000000
00000010 <get_bar>:
10: e59f3004 ldr r3, [pc, #4] @ 1c <get_bar+0xc>
14: e5930004 ldr r0, [r3, #4]
18: e12fff1e bx lr
1c: 00000000 .word 0x00000000
Relocation section '.rel.text' at offset 0x244 contains 2 entries:
Offset Info Type Sym.Value Sym. Name
0000000c 00000c02 R_ARM_ABS32 00000000 .init.data
0000001c 00000c02 R_ARM_ABS32 00000000 .init.data
When find_elf_symbol() gets into a situation where relsym->st_name is
zero, there is no guarantee to get the symbol name as written in C.
I am keeping the current logic because it is useful in many architectures,
but the symbol name is not always correct depending on the optimization.
I left some comments in find_tosym().
Fixes: 56a974fa2d59 ("kbuild: make better section mismatch reports on arm")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 8c2847ef4e422..41b1791a9463b 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1260,6 +1260,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
if (relsym->st_name != 0)
return relsym;
+ /*
+ * Strive to find a better symbol name, but the resulting name may not
+ * match the symbol referenced in the original code.
+ */
relsym_secindex = get_secindex(elf, relsym);
for (sym = elf->symtab_start; sym < elf->symtab_stop; sym++) {
if (get_secindex(elf, sym) != relsym_secindex)
@@ -1750,12 +1754,14 @@ static int addend_386_rel(struct elf_info *elf, Elf_Shdr *sechdr, Elf_Rela *r)
static int addend_arm_rel(struct elf_info *elf, Elf_Shdr *sechdr, Elf_Rela *r)
{
unsigned int r_typ = ELF_R_TYPE(r->r_info);
+ Elf_Sym *sym = elf->symtab_start + ELF_R_SYM(r->r_info);
+ void *loc = reloc_location(elf, sechdr, r);
+ uint32_t inst;
switch (r_typ) {
case R_ARM_ABS32:
- /* From ARM ABI: (S + A) | T */
- r->r_addend = (int)(long)
- (elf->symtab_start + ELF_R_SYM(r->r_info));
+ inst = TO_NATIVE(*(uint32_t *)loc);
+ r->r_addend = inst + sym->st_value;
break;
case R_ARM_PC24:
case R_ARM_CALL:
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 079/323] modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 078/323] modpost: fix section mismatch message for R_ARM_ABS32 Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 080/323] ARCv2: entry: comments about hardware auto-save on taken interrupts Greg Kroah-Hartman
` (247 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 56a24b8ce6a7f9c4a21b2276a8644f6f3d8fc14d ]
addend_arm_rel() processes R_ARM_PC24, R_ARM_CALL, R_ARM_JUMP24 in a
wrong way.
Here, test code.
[test code for R_ARM_JUMP24]
.section .init.text,"ax"
bar:
bx lr
.section .text,"ax"
.globl foo
foo:
b bar
[test code for R_ARM_CALL]
.section .init.text,"ax"
bar:
bx lr
.section .text,"ax"
.globl foo
foo:
push {lr}
bl bar
pop {pc}
If you compile it with ARM multi_v7_defconfig, modpost will show the
symbol name, (unknown).
WARNING: modpost: vmlinux.o: section mismatch in reference: foo (section: .text) -> (unknown) (section: .init.text)
(You need to use GNU linker instead of LLD to reproduce it.)
Fix the code to make modpost show the correct symbol name.
I imported (with adjustment) sign_extend32() from include/linux/bitops.h.
The '+8' is the compensation for pc-relative instruction. It is
documented in "ELF for the Arm Architecture" [1].
"If the relocation is pc-relative then compensation for the PC bias
(the PC value is 8 bytes ahead of the executing instruction in Arm
state and 4 bytes in Thumb state) must be encoded in the relocation
by the object producer."
[1]: https://github.com/ARM-software/abi-aa/blob/main/aaelf32/aaelf32.rst
Fixes: 56a974fa2d59 ("kbuild: make better section mismatch reports on arm")
Fixes: 6e2e340b59d2 ("ARM: 7324/1: modpost: Fix section warnings for ARM for many compilers")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 41b1791a9463b..2060a3fe9691d 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1751,12 +1751,20 @@ static int addend_386_rel(struct elf_info *elf, Elf_Shdr *sechdr, Elf_Rela *r)
#define R_ARM_THM_JUMP19 51
#endif
+static int32_t sign_extend32(int32_t value, int index)
+{
+ uint8_t shift = 31 - index;
+
+ return (int32_t)(value << shift) >> shift;
+}
+
static int addend_arm_rel(struct elf_info *elf, Elf_Shdr *sechdr, Elf_Rela *r)
{
unsigned int r_typ = ELF_R_TYPE(r->r_info);
Elf_Sym *sym = elf->symtab_start + ELF_R_SYM(r->r_info);
void *loc = reloc_location(elf, sechdr, r);
uint32_t inst;
+ int32_t offset;
switch (r_typ) {
case R_ARM_ABS32:
@@ -1766,6 +1774,10 @@ static int addend_arm_rel(struct elf_info *elf, Elf_Shdr *sechdr, Elf_Rela *r)
case R_ARM_PC24:
case R_ARM_CALL:
case R_ARM_JUMP24:
+ inst = TO_NATIVE(*(uint32_t *)loc);
+ offset = sign_extend32((inst & 0x00ffffff) << 2, 25);
+ r->r_addend = offset + sym->st_value + 8;
+ break;
case R_ARM_THM_CALL:
case R_ARM_THM_JUMP24:
case R_ARM_THM_JUMP19:
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 080/323] ARCv2: entry: comments about hardware auto-save on taken interrupts
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 079/323] modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 081/323] ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE Greg Kroah-Hartman
` (246 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vineet Gupta, Sasha Levin
From: Vineet Gupta <vgupta@synopsys.com>
[ Upstream commit 45869eb0c0afd72bd5ab2437d4b00915697c044a ]
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Stable-dep-of: 92e2921eeafd ("ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arc/include/asm/entry-arcv2.h | 78 ++++++++++++++++++++++++------
1 file changed, 62 insertions(+), 16 deletions(-)
diff --git a/arch/arc/include/asm/entry-arcv2.h b/arch/arc/include/asm/entry-arcv2.h
index 225e7df2d8ed8..1c3520d1fa420 100644
--- a/arch/arc/include/asm/entry-arcv2.h
+++ b/arch/arc/include/asm/entry-arcv2.h
@@ -7,15 +7,54 @@
#include <asm/irqflags-arcv2.h>
#include <asm/thread_info.h> /* For THREAD_SIZE */
+/*
+ * Interrupt/Exception stack layout (pt_regs) for ARCv2
+ * (End of struct aligned to end of page [unless nested])
+ *
+ * INTERRUPT EXCEPTION
+ *
+ * manual --------------------- manual
+ * | orig_r0 |
+ * | event/ECR |
+ * | bta |
+ * | user_r25 |
+ * | gp |
+ * | fp |
+ * | sp |
+ * | r12 |
+ * | r30 |
+ * | r58 |
+ * | r59 |
+ * hw autosave ---------------------
+ * optional | r0 |
+ * | r1 |
+ * ~ ~
+ * | r9 |
+ * | r10 |
+ * | r11 |
+ * | blink |
+ * | lpe |
+ * | lps |
+ * | lpc |
+ * | ei base |
+ * | ldi base |
+ * | jli base |
+ * ---------------------
+ * hw autosave | pc / eret |
+ * mandatory | stat32 / erstatus |
+ * ---------------------
+ */
+
/*------------------------------------------------------------------------*/
.macro INTERRUPT_PROLOGUE called_from
-
- ; Before jumping to Interrupt Vector, hardware micro-ops did following:
+ ; (A) Before jumping to Interrupt Vector, hardware micro-ops did following:
; 1. SP auto-switched to kernel mode stack
- ; 2. STATUS32.Z flag set to U mode at time of interrupt (U:1, K:0)
- ; 3. Auto saved: r0-r11, blink, LPE,LPS,LPC, JLI,LDI,EI, PC, STAT32
+ ; 2. STATUS32.Z flag set if in U mode at time of interrupt (U:1,K:0)
+ ; 3. Auto save: (mandatory) Push PC and STAT32 on stack
+ ; hardware does even if CONFIG_ARC_IRQ_NO_AUTOSAVE
+ ; 4. Auto save: (optional) r0-r11, blink, LPE,LPS,LPC, JLI,LDI,EI
;
- ; Now manually save: r12, sp, fp, gp, r25
+ ; (B) Manually saved some regs: r12,r25,r30, sp,fp,gp, ACCL pair
#ifdef CONFIG_ARC_IRQ_NO_AUTOSAVE
.ifnc \called_from, exception
@@ -57,14 +96,17 @@
; - U mode: retrieve it from AUX_USER_SP
; - K mode: add the offset from current SP where H/w starts auto push
;
- ; Utilize the fact that Z bit is set if Intr taken in U mode
+ ; 1. Utilize the fact that Z bit is set if Intr taken in U mode
+ ; 2. Upon entry SP is always saved (for any inspection, unwinding etc),
+ ; but on return, restored only if U mode
+
mov.nz r9, sp
- add.nz r9, r9, SZ_PT_REGS - PT_sp - 4
+ add.nz r9, r9, SZ_PT_REGS - PT_sp - 4 ; K mode SP
bnz 1f
- lr r9, [AUX_USER_SP]
+ lr r9, [AUX_USER_SP] ; U mode SP
1:
- PUSH r9 ; SP
+ PUSH r9 ; SP (pt_regs->sp)
PUSH fp
PUSH gp
@@ -85,6 +127,8 @@
/*------------------------------------------------------------------------*/
.macro INTERRUPT_EPILOGUE called_from
+ ; INPUT: r0 has STAT32 of calling context
+ ; INPUT: Z flag set if returning to K mode
.ifnc \called_from, exception
add sp, sp, 12 ; skip BTA/ECR/orig_r0 placeholderss
.endif
@@ -98,9 +142,10 @@
POP gp
POP fp
- ; Don't touch AUX_USER_SP if returning to K mode (Z bit set)
- ; (Z bit set on K mode is inverse of INTERRUPT_PROLOGUE)
- add.z sp, sp, 4
+ ; Restore SP (into AUX_USER_SP) only if returning to U mode
+ ; - for K mode, it will be implicitly restored as stack is unwound
+ ; - Z flag set on K is inverse of what hardware does on interrupt entry
+ ; but that doesn't really matter
bz 1f
POPAX AUX_USER_SP
@@ -145,11 +190,11 @@
/*------------------------------------------------------------------------*/
.macro EXCEPTION_PROLOGUE
- ; Before jumping to Exception Vector, hardware micro-ops did following:
+ ; (A) Before jumping to Exception Vector, hardware micro-ops did following:
; 1. SP auto-switched to kernel mode stack
- ; 2. STATUS32.Z flag set to U mode at time of interrupt (U:1,K:0)
+ ; 2. STATUS32.Z flag set if in U mode at time of exception (U:1,K:0)
;
- ; Now manually save the complete reg file
+ ; (B) Manually save the complete reg file below
PUSH r9 ; freeup a register: slot of erstatus
@@ -195,12 +240,13 @@
PUSHAX ecr ; r9 contains ECR, expected by EV_Trap
PUSH r0 ; orig_r0
+ ; OUTPUT: r9 has ECR
.endm
/*------------------------------------------------------------------------*/
.macro EXCEPTION_EPILOGUE
- ; Assumes r0 has PT_status32
+ ; INPUT: r0 has STAT32 of calling context
btst r0, STATUS_U_BIT ; Z flag set if K, used in INTERRUPT_EPILOGUE
add sp, sp, 8 ; orig_r0/ECR don't need restoring
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 081/323] ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 080/323] ARCv2: entry: comments about hardware auto-save on taken interrupts Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 082/323] ARCv2: entry: avoid a branch Greg Kroah-Hartman
` (245 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vineet Gupta, Sasha Levin
From: Vineet Gupta <vgupta@synopsys.com>
[ Upstream commit 23c0cbd0c75c3b564850294427fd2be2bc2a015b ]
Upon a taken interrupt/exception from User mode, HS hardware auto sets Z flag.
This helps shave a few instructions from EXCEPTION_PROLOGUE by eliding
re-reading ERSTATUS and some bit fiddling.
However TLB Miss Exception handler can clobber the CPU flags and still end
up in EXCEPTION_PROLOGUE in the slow path handling TLB handling case:
EV_TLBMissD
do_slow_path_pf
EV_TLBProtV (aliased to call_do_page_fault)
EXCEPTION_PROLOGUE
As a result, EXCEPTION_PROLOGUE need to "unclobber" the Z flag which this
patch changes. It is now pushed out to TLB Miss Exception handler.
The reasons beings:
- The flag restoration is only needed for slowpath TLB Miss Exception
handling, but currently being in EXCEPTION_PROLOGUE penalizes all
exceptions such as ProtV and syscall Trap, where Z flag is already
as expected.
- Pushing unclobber out to where it was clobbered is much cleaner and
also serves to document the fact.
- Makes EXCEPTION_PROLGUE similar to INTERRUPT_PROLOGUE so easier to
refactor the common parts which is what this series aims to do
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Stable-dep-of: 92e2921eeafd ("ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arc/include/asm/entry-arcv2.h | 8 --------
arch/arc/mm/tlbex.S | 11 +++++++++++
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/arch/arc/include/asm/entry-arcv2.h b/arch/arc/include/asm/entry-arcv2.h
index 1c3520d1fa420..3209a67629606 100644
--- a/arch/arc/include/asm/entry-arcv2.h
+++ b/arch/arc/include/asm/entry-arcv2.h
@@ -225,14 +225,6 @@
; -- for interrupts, regs above are auto-saved by h/w in that order --
; Now do what ISR prologue does (manually save r12, sp, fp, gp, r25)
- ;
- ; Set Z flag if this was from U mode (expected by INTERRUPT_PROLOGUE)
- ; Although H/w exception micro-ops do set Z flag for U mode (just like
- ; for interrupts), it could get clobbered in case we soft land here from
- ; a TLB Miss exception handler (tlbex.S)
-
- and r10, r10, STATUS_U_MASK
- xor.f 0, r10, STATUS_U_MASK
INTERRUPT_PROLOGUE exception
diff --git a/arch/arc/mm/tlbex.S b/arch/arc/mm/tlbex.S
index 0e1e47a67c736..e50cac799a518 100644
--- a/arch/arc/mm/tlbex.S
+++ b/arch/arc/mm/tlbex.S
@@ -396,6 +396,17 @@ EV_TLBMissD_fast_ret: ; additional label for VDK OS-kit instrumentation
;-------- Common routine to call Linux Page Fault Handler -----------
do_slow_path_pf:
+#ifdef CONFIG_ISA_ARCV2
+ ; Set Z flag if exception in U mode. Hardware micro-ops do this on any
+ ; taken interrupt/exception, and thus is already the case at the entry
+ ; above, but ensuing code would have already clobbered.
+ ; EXCEPTION_PROLOGUE called in slow path, relies on correct Z flag set
+
+ lr r2, [erstatus]
+ and r2, r2, STATUS_U_MASK
+ bxor.f 0, r2, STATUS_U_BIT
+#endif
+
; Restore the 4-scratch regs saved by fast path miss handler
TLBMISS_RESTORE_REGS
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 082/323] ARCv2: entry: avoid a branch
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 081/323] ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 083/323] ARCv2: entry: rewrite to enable use of double load/stores LDD/STD Greg Kroah-Hartman
` (244 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vineet Gupta, Sasha Levin
From: Vineet Gupta <vgupta@synopsys.com>
[ Upstream commit ab854bfcd310b5872fe12eb8d3f2c30fe427f8f7 ]
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Stable-dep-of: 92e2921eeafd ("ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arc/include/asm/entry-arcv2.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/arc/include/asm/entry-arcv2.h b/arch/arc/include/asm/entry-arcv2.h
index 3209a67629606..beaf655666cbd 100644
--- a/arch/arc/include/asm/entry-arcv2.h
+++ b/arch/arc/include/asm/entry-arcv2.h
@@ -100,12 +100,11 @@
; 2. Upon entry SP is always saved (for any inspection, unwinding etc),
; but on return, restored only if U mode
+ lr r9, [AUX_USER_SP] ; U mode SP
+
mov.nz r9, sp
add.nz r9, r9, SZ_PT_REGS - PT_sp - 4 ; K mode SP
- bnz 1f
- lr r9, [AUX_USER_SP] ; U mode SP
-1:
PUSH r9 ; SP (pt_regs->sp)
PUSH fp
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 083/323] ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 082/323] ARCv2: entry: avoid a branch Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 084/323] ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard Greg Kroah-Hartman
` (243 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vineet Gupta, Sasha Levin
From: Vineet Gupta <vgupta@synopsys.com>
[ Upstream commit a4880801a72ecc2dcdfa432f81a754f3e7438567 ]
- the motivation was to be remove blatent copy-paste due to hasty support
of CONFIG_ARC_IRQ_NO_AUTOSAVE support
- but with refactoring we could use LDD/STD to greatly optimize the code
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Stable-dep-of: 92e2921eeafd ("ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arc/include/asm/entry-arcv2.h | 297 ++++++++++++++---------------
arch/arc/include/asm/linkage.h | 18 ++
arch/arc/kernel/asm-offsets.c | 7 +
arch/arc/kernel/entry-arcv2.S | 4 +-
4 files changed, 167 insertions(+), 159 deletions(-)
diff --git a/arch/arc/include/asm/entry-arcv2.h b/arch/arc/include/asm/entry-arcv2.h
index beaf655666cbd..0733752ce7fe8 100644
--- a/arch/arc/include/asm/entry-arcv2.h
+++ b/arch/arc/include/asm/entry-arcv2.h
@@ -46,7 +46,8 @@
*/
/*------------------------------------------------------------------------*/
-.macro INTERRUPT_PROLOGUE called_from
+.macro INTERRUPT_PROLOGUE
+
; (A) Before jumping to Interrupt Vector, hardware micro-ops did following:
; 1. SP auto-switched to kernel mode stack
; 2. STATUS32.Z flag set if in U mode at time of interrupt (U:1,K:0)
@@ -57,39 +58,87 @@
; (B) Manually saved some regs: r12,r25,r30, sp,fp,gp, ACCL pair
#ifdef CONFIG_ARC_IRQ_NO_AUTOSAVE
-.ifnc \called_from, exception
- st.as r9, [sp, -10] ; save r9 in it's final stack slot
- sub sp, sp, 12 ; skip JLI, LDI, EI
-
- PUSH lp_count
- PUSHAX lp_start
- PUSHAX lp_end
- PUSH blink
-
- PUSH r11
- PUSH r10
-
- sub sp, sp, 4 ; skip r9
-
- PUSH r8
- PUSH r7
- PUSH r6
- PUSH r5
- PUSH r4
- PUSH r3
- PUSH r2
- PUSH r1
- PUSH r0
-.endif
-#endif
+ ; carve pt_regs on stack (case #3), PC/STAT32 already on stack
+ sub sp, sp, SZ_PT_REGS - 8
-#ifdef CONFIG_ARC_HAS_ACCL_REGS
- PUSH r59
- PUSH r58
+ __SAVE_REGFILE_HARD
+#else
+ ; carve pt_regs on stack (case #4), which grew partially already
+ sub sp, sp, PT_r0
#endif
- PUSH r30
- PUSH r12
+ __SAVE_REGFILE_SOFT
+.endm
+
+/*------------------------------------------------------------------------*/
+.macro EXCEPTION_PROLOGUE
+
+ ; (A) Before jumping to Exception Vector, hardware micro-ops did following:
+ ; 1. SP auto-switched to kernel mode stack
+ ; 2. STATUS32.Z flag set if in U mode at time of exception (U:1,K:0)
+ ;
+ ; (B) Manually save the complete reg file below
+
+ sub sp, sp, SZ_PT_REGS ; carve pt_regs
+
+ ; _HARD saves r10 clobbered by _SOFT as scratch hence comes first
+
+ __SAVE_REGFILE_HARD
+ __SAVE_REGFILE_SOFT
+
+ st r0, [sp] ; orig_r0
+
+ lr r10, [eret]
+ lr r11, [erstatus]
+ ST2 r10, r11, PT_ret
+
+ lr r10, [ecr]
+ lr r11, [erbta]
+ ST2 r10, r11, PT_event
+ mov r9, r10
+
+ ; OUTPUT: r9 has ECR
+.endm
+
+/*------------------------------------------------------------------------
+ * This macro saves the registers manually which would normally be autosaved
+ * by hardware on taken interrupts. It is used by
+ * - exception handlers (which don't have autosave)
+ * - interrupt autosave disabled due to CONFIG_ARC_IRQ_NO_AUTOSAVE
+ */
+.macro __SAVE_REGFILE_HARD
+
+ ST2 r0, r1, PT_r0
+ ST2 r2, r3, PT_r2
+ ST2 r4, r5, PT_r4
+ ST2 r6, r7, PT_r6
+ ST2 r8, r9, PT_r8
+ ST2 r10, r11, PT_r10
+
+ st blink, [sp, PT_blink]
+
+ lr r10, [lp_end]
+ lr r11, [lp_start]
+ ST2 r10, r11, PT_lpe
+
+ st lp_count, [sp, PT_lpc]
+
+ ; skip JLI, LDI, EI for now
+.endm
+
+/*------------------------------------------------------------------------
+ * This macros saves a bunch of other registers which can't be autosaved for
+ * various reasons:
+ * - r12: the last caller saved scratch reg since hardware saves in pairs so r0-r11
+ * - r30: free reg, used by gcc as scratch
+ * - ACCL/ACCH pair when they exist
+ */
+.macro __SAVE_REGFILE_SOFT
+
+ ST2 gp, fp, PT_r26 ; gp (r26), fp (r27)
+
+ st r12, [sp, PT_sp + 4]
+ st r30, [sp, PT_sp + 8]
; Saving pt_regs->sp correctly requires some extra work due to the way
; Auto stack switch works
@@ -100,46 +149,32 @@
; 2. Upon entry SP is always saved (for any inspection, unwinding etc),
; but on return, restored only if U mode
- lr r9, [AUX_USER_SP] ; U mode SP
+ lr r10, [AUX_USER_SP] ; U mode SP
- mov.nz r9, sp
- add.nz r9, r9, SZ_PT_REGS - PT_sp - 4 ; K mode SP
+ ; ISA requires ADD.nz to have same dest and src reg operands
+ mov.nz r10, sp
+ add.nz r10, r10, SZ_PT_REGS ; K mode SP
- PUSH r9 ; SP (pt_regs->sp)
-
- PUSH fp
- PUSH gp
+ st r10, [sp, PT_sp] ; SP (pt_regs->sp)
#ifdef CONFIG_ARC_CURR_IN_REG
- PUSH r25 ; user_r25
+ st r25, [sp, PT_user_r25]
GET_CURR_TASK_ON_CPU r25
-#else
- sub sp, sp, 4
#endif
-.ifnc \called_from, exception
- sub sp, sp, 12 ; BTA/ECR/orig_r0 placeholder per pt_regs
-.endif
+#ifdef CONFIG_ARC_HAS_ACCL_REGS
+ ST2 r58, r59, PT_sp + 12
+#endif
.endm
/*------------------------------------------------------------------------*/
-.macro INTERRUPT_EPILOGUE called_from
+.macro __RESTORE_REGFILE_SOFT
- ; INPUT: r0 has STAT32 of calling context
- ; INPUT: Z flag set if returning to K mode
-.ifnc \called_from, exception
- add sp, sp, 12 ; skip BTA/ECR/orig_r0 placeholderss
-.endif
-
-#ifdef CONFIG_ARC_CURR_IN_REG
- POP r25
-#else
- add sp, sp, 4
-#endif
+ LD2 gp, fp, PT_r26 ; gp (r26), fp (r27)
- POP gp
- POP fp
+ ld r12, [sp, PT_sp + 4]
+ ld r30, [sp, PT_sp + 8]
; Restore SP (into AUX_USER_SP) only if returning to U mode
; - for K mode, it will be implicitly restored as stack is unwound
@@ -147,129 +182,77 @@
; but that doesn't really matter
bz 1f
- POPAX AUX_USER_SP
+ ld r10, [sp, PT_sp] ; SP (pt_regs->sp)
+ sr r10, [AUX_USER_SP]
1:
- POP r12
- POP r30
-#ifdef CONFIG_ARC_HAS_ACCL_REGS
- POP r58
- POP r59
+#ifdef CONFIG_ARC_CURR_IN_REG
+ ld r25, [sp, PT_user_r25]
#endif
-#ifdef CONFIG_ARC_IRQ_NO_AUTOSAVE
-.ifnc \called_from, exception
- POP r0
- POP r1
- POP r2
- POP r3
- POP r4
- POP r5
- POP r6
- POP r7
- POP r8
- POP r9
- POP r10
- POP r11
-
- POP blink
- POPAX lp_end
- POPAX lp_start
-
- POP r9
- mov lp_count, r9
-
- add sp, sp, 12 ; skip JLI, LDI, EI
- ld.as r9, [sp, -10] ; reload r9 which got clobbered
-.endif
+#ifdef CONFIG_ARC_HAS_ACCL_REGS
+ LD2 r58, r59, PT_sp + 12
#endif
-
.endm
/*------------------------------------------------------------------------*/
-.macro EXCEPTION_PROLOGUE
+.macro __RESTORE_REGFILE_HARD
- ; (A) Before jumping to Exception Vector, hardware micro-ops did following:
- ; 1. SP auto-switched to kernel mode stack
- ; 2. STATUS32.Z flag set if in U mode at time of exception (U:1,K:0)
- ;
- ; (B) Manually save the complete reg file below
+ ld blink, [sp, PT_blink]
- PUSH r9 ; freeup a register: slot of erstatus
+ LD2 r10, r11, PT_lpe
+ sr r10, [lp_end]
+ sr r11, [lp_start]
- PUSHAX eret
- sub sp, sp, 12 ; skip JLI, LDI, EI
- PUSH lp_count
- PUSHAX lp_start
- PUSHAX lp_end
- PUSH blink
+ ld r10, [sp, PT_lpc] ; lp_count can't be target of LD
+ mov lp_count, r10
- PUSH r11
- PUSH r10
+ LD2 r0, r1, PT_r0
+ LD2 r2, r3, PT_r2
+ LD2 r4, r5, PT_r4
+ LD2 r6, r7, PT_r6
+ LD2 r8, r9, PT_r8
+ LD2 r10, r11, PT_r10
+.endm
- ld.as r9, [sp, 10] ; load stashed r9 (status32 stack slot)
- lr r10, [erstatus]
- st.as r10, [sp, 10] ; save status32 at it's right stack slot
- PUSH r9
- PUSH r8
- PUSH r7
- PUSH r6
- PUSH r5
- PUSH r4
- PUSH r3
- PUSH r2
- PUSH r1
- PUSH r0
+/*------------------------------------------------------------------------*/
+.macro INTERRUPT_EPILOGUE
- ; -- for interrupts, regs above are auto-saved by h/w in that order --
- ; Now do what ISR prologue does (manually save r12, sp, fp, gp, r25)
+ ; INPUT: r0 has STAT32 of calling context
+ ; INPUT: Z flag set if returning to K mode
- INTERRUPT_PROLOGUE exception
+ ; _SOFT clobbers r10 restored by _HARD hence the order
- PUSHAX erbta
- PUSHAX ecr ; r9 contains ECR, expected by EV_Trap
+ __RESTORE_REGFILE_SOFT
+
+#ifdef CONFIG_ARC_IRQ_NO_AUTOSAVE
+ __RESTORE_REGFILE_HARD
+ add sp, sp, SZ_PT_REGS - 8
+#else
+ add sp, sp, PT_r0
+#endif
- PUSH r0 ; orig_r0
- ; OUTPUT: r9 has ECR
.endm
/*------------------------------------------------------------------------*/
.macro EXCEPTION_EPILOGUE
; INPUT: r0 has STAT32 of calling context
- btst r0, STATUS_U_BIT ; Z flag set if K, used in INTERRUPT_EPILOGUE
-
- add sp, sp, 8 ; orig_r0/ECR don't need restoring
- POPAX erbta
-
- INTERRUPT_EPILOGUE exception
-
- POP r0
- POP r1
- POP r2
- POP r3
- POP r4
- POP r5
- POP r6
- POP r7
- POP r8
- POP r9
- POP r10
- POP r11
-
- POP blink
- POPAX lp_end
- POPAX lp_start
-
- POP r9
- mov lp_count, r9
-
- add sp, sp, 12 ; skip JLI, LDI, EI
- POPAX eret
- POPAX erstatus
-
- ld.as r9, [sp, -12] ; reload r9 which got clobbered
+
+ btst r0, STATUS_U_BIT ; Z flag set if K, used in restoring SP
+
+ ld r10, [sp, PT_event + 4]
+ sr r10, [erbta]
+
+ LD2 r10, r11, PT_ret
+ sr r10, [eret]
+ sr r11, [erstatus]
+
+ __RESTORE_REGFILE_SOFT
+ __RESTORE_REGFILE_HARD
+
+ add sp, sp, SZ_PT_REGS
.endm
.macro FAKE_RET_FROM_EXCPN
diff --git a/arch/arc/include/asm/linkage.h b/arch/arc/include/asm/linkage.h
index 07c8e1a6c56e2..f3d29d4840d58 100644
--- a/arch/arc/include/asm/linkage.h
+++ b/arch/arc/include/asm/linkage.h
@@ -13,6 +13,24 @@
#ifdef __ASSEMBLY__
+.macro ST2 e, o, off
+#ifdef CONFIG_ARC_HAS_LL64
+ std \e, [sp, \off]
+#else
+ st \e, [sp, \off]
+ st \o, [sp, \off+4]
+#endif
+.endm
+
+.macro LD2 e, o, off
+#ifdef CONFIG_ARC_HAS_LL64
+ ldd \e, [sp, \off]
+#else
+ ld \e, [sp, \off]
+ ld \o, [sp, \off+4]
+#endif
+.endm
+
#define ASM_NL ` /* use '`' to mark new line in macro */
#define __ALIGN .align 4
#define __ALIGN_STR __stringify(__ALIGN)
diff --git a/arch/arc/kernel/asm-offsets.c b/arch/arc/kernel/asm-offsets.c
index ecaf34e9235c2..e90dccecfd833 100644
--- a/arch/arc/kernel/asm-offsets.c
+++ b/arch/arc/kernel/asm-offsets.c
@@ -58,7 +58,14 @@ int main(void)
DEFINE(PT_r5, offsetof(struct pt_regs, r5));
DEFINE(PT_r6, offsetof(struct pt_regs, r6));
DEFINE(PT_r7, offsetof(struct pt_regs, r7));
+ DEFINE(PT_r8, offsetof(struct pt_regs, r8));
+ DEFINE(PT_r10, offsetof(struct pt_regs, r10));
+ DEFINE(PT_r26, offsetof(struct pt_regs, r26));
DEFINE(PT_ret, offsetof(struct pt_regs, ret));
+ DEFINE(PT_blink, offsetof(struct pt_regs, blink));
+ DEFINE(PT_lpe, offsetof(struct pt_regs, lp_end));
+ DEFINE(PT_lpc, offsetof(struct pt_regs, lp_count));
+ DEFINE(PT_user_r25, offsetof(struct pt_regs, user_r25));
DEFINE(SZ_CALLEE_REGS, sizeof(struct callee_regs));
DEFINE(SZ_PT_REGS, sizeof(struct pt_regs));
diff --git a/arch/arc/kernel/entry-arcv2.S b/arch/arc/kernel/entry-arcv2.S
index 562089d62d9d6..6cbf0ee8a20a7 100644
--- a/arch/arc/kernel/entry-arcv2.S
+++ b/arch/arc/kernel/entry-arcv2.S
@@ -70,7 +70,7 @@ reserved:
ENTRY(handle_interrupt)
- INTERRUPT_PROLOGUE irq
+ INTERRUPT_PROLOGUE
# irq control APIs local_irq_save/restore/disable/enable fiddle with
# global interrupt enable bits in STATUS32 (.IE for 1 prio, .E[] for 2 prio)
@@ -226,7 +226,7 @@ debug_marker_l1:
bset.nz r11, r11, AUX_IRQ_ACT_BIT_U ; NZ means U
sr r11, [AUX_IRQ_ACT]
- INTERRUPT_EPILOGUE irq
+ INTERRUPT_EPILOGUE
rtie
;####### Return from Exception / pure kernel mode #######
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 084/323] ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 083/323] ARCv2: entry: rewrite to enable use of double load/stores LDD/STD Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 085/323] USB: serial: option: add LARA-R6 01B PIDs Greg Kroah-Hartman
` (242 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Sasha Levin
From: Masahiro Yamada <masahiroy@kernel.org>
[ Upstream commit 92e2921eeafdfca9acd9b83f07d2b7ca099bac24 ]
ASM_NL is useful not only in *.S files but also in .c files for using
inline assembler in C code.
On ARC, however, ASM_NL is evaluated inconsistently. It is expanded to
a backquote (`) in *.S files, but a semicolon (;) in *.c files because
arch/arc/include/asm/linkage.h defines it inside #ifdef __ASSEMBLY__,
so the definition for C code falls back to the default value defined in
include/linux/linkage.h.
If ASM_NL is used in inline assembler in .c files, it will result in
wrong assembly code because a semicolon is not an instruction separator,
but the start of a comment for ARC.
Move ASM_NL (also __ALIGN and __ALIGN_STR) out of the #ifdef.
Fixes: 9df62f054406 ("arch: use ASM_NL instead of ';' for assembler new line character in the macro")
Fixes: 8d92e992a785 ("ARC: define __ALIGN_STR and __ALIGN symbols for ARC")
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arc/include/asm/linkage.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/arc/include/asm/linkage.h b/arch/arc/include/asm/linkage.h
index f3d29d4840d58..b89ca8b4d5975 100644
--- a/arch/arc/include/asm/linkage.h
+++ b/arch/arc/include/asm/linkage.h
@@ -11,6 +11,10 @@
#include <asm/dwarf.h>
+#define ASM_NL ` /* use '`' to mark new line in macro */
+#define __ALIGN .align 4
+#define __ALIGN_STR __stringify(__ALIGN)
+
#ifdef __ASSEMBLY__
.macro ST2 e, o, off
@@ -31,10 +35,6 @@
#endif
.endm
-#define ASM_NL ` /* use '`' to mark new line in macro */
-#define __ALIGN .align 4
-#define __ALIGN_STR __stringify(__ALIGN)
-
/* annotation for data we want in DCCM - if enabled in .config */
.macro ARCFP_DATA nm
#ifdef CONFIG_ARC_HAS_DCCM
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 085/323] USB: serial: option: add LARA-R6 01B PIDs
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 084/323] ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 086/323] block: change all __u32 annotations to __be32 in affs_hardblocks.h Greg Kroah-Hartman
` (241 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Davide Tronchin, Johan Hovold
From: Davide Tronchin <davide.tronchin.94@gmail.com>
commit ffa5f7a3bf28c1306eef85d4056539c2d4b8eb09 upstream.
The new LARA-R6 product variant identified by the "01B" string can be
configured (by AT interface) in three different USB modes:
* Default mode (Vendor ID: 0x1546 Product ID: 0x1311) with 4 serial
interfaces
* RmNet mode (Vendor ID: 0x1546 Product ID: 0x1312) with 4 serial
interfaces and 1 RmNet virtual network interface
* CDC-ECM mode (Vendor ID: 0x1546 Product ID: 0x1313) with 4 serial
interface and 1 CDC-ECM virtual network interface
The first 4 interfaces of all the 3 USB configurations (default, RmNet,
CDC-ECM) are the same.
In default mode LARA-R6 01B exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parser/alternative functions
In RmNet mode LARA-R6 01B exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parser/alternative functions
If 4: RMNET interface
In CDC-ECM mode LARA-R6 01B exposes the following interfaces:
If 0: Diagnostic
If 1: AT parser
If 2: AT parser
If 3: AT parser/alternative functions
If 4: CDC-ECM interface
Signed-off-by: Davide Tronchin <davide.tronchin.94@gmail.com>
Link: https://lore.kernel.org/r/20230622092921.12651-1-davide.tronchin.94@gmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1151,6 +1151,10 @@ static const struct usb_device_id option
{ USB_DEVICE(QUALCOMM_VENDOR_ID, 0x90fa),
.driver_info = RSVD(3) },
/* u-blox products */
+ { USB_DEVICE(UBLOX_VENDOR_ID, 0x1311) }, /* u-blox LARA-R6 01B */
+ { USB_DEVICE(UBLOX_VENDOR_ID, 0x1312), /* u-blox LARA-R6 01B (RMNET) */
+ .driver_info = RSVD(4) },
+ { USB_DEVICE_INTERFACE_CLASS(UBLOX_VENDOR_ID, 0x1313, 0xff) }, /* u-blox LARA-R6 01B (ECM) */
{ USB_DEVICE(UBLOX_VENDOR_ID, 0x1341) }, /* u-blox LARA-L6 */
{ USB_DEVICE(UBLOX_VENDOR_ID, 0x1342), /* u-blox LARA-L6 (RMNET) */
.driver_info = RSVD(4) },
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 086/323] block: change all __u32 annotations to __be32 in affs_hardblocks.h
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 085/323] USB: serial: option: add LARA-R6 01B PIDs Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 087/323] w1: fix loop in w1_fini() Greg Kroah-Hartman
` (240 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Steigerwald, Michael Schmitz,
Christoph Hellwig, Geert Uytterhoeven, Jens Axboe
From: Michael Schmitz <schmitzmic@gmail.com>
commit 95a55437dc49fb3342c82e61f5472a71c63d9ed0 upstream.
The Amiga partition parser module uses signed int for partition sector
address and count, which will overflow for disks larger than 1 TB.
Use u64 as type for sector address and size to allow using disks up to
2 TB without LBD support, and disks larger than 2 TB with LBD. The RBD
format allows to specify disk sizes up to 2^128 bytes (though native
OS limitations reduce this somewhat, to max 2^68 bytes), so check for
u64 overflow carefully to protect against overflowing sector_t.
This bug was reported originally in 2012, and the fix was created by
the RDB author, Joanne Dow <jdow@earthlink.net>. A patch had been
discussed and reviewed on linux-m68k at that time but never officially
submitted (now resubmitted as patch 1 of this series).
Patch 3 (this series) adds additional error checking and warning
messages. One of the error checks now makes use of the previously
unused rdb_CylBlocks field, which causes a 'sparse' warning
(cast to restricted __be32).
Annotate all 32 bit fields in affs_hardblocks.h as __be32, as the
on-disk format of RDB and partition blocks is always big endian.
Reported-by: Martin Steigerwald <Martin@lichtvoll.de>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=43511
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Message-ID: <201206192146.09327.Martin@lichtvoll.de>
Cc: <stable@vger.kernel.org> # 5.2
Signed-off-by: Michael Schmitz <schmitzmic@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/r/20230620201725.7020-3-schmitzmic@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/affs_hardblocks.h | 68 +++++++++++++++++------------------
1 file changed, 34 insertions(+), 34 deletions(-)
--- a/include/uapi/linux/affs_hardblocks.h
+++ b/include/uapi/linux/affs_hardblocks.h
@@ -7,42 +7,42 @@
/* Just the needed definitions for the RDB of an Amiga HD. */
struct RigidDiskBlock {
- __u32 rdb_ID;
+ __be32 rdb_ID;
__be32 rdb_SummedLongs;
- __s32 rdb_ChkSum;
- __u32 rdb_HostID;
+ __be32 rdb_ChkSum;
+ __be32 rdb_HostID;
__be32 rdb_BlockBytes;
- __u32 rdb_Flags;
- __u32 rdb_BadBlockList;
+ __be32 rdb_Flags;
+ __be32 rdb_BadBlockList;
__be32 rdb_PartitionList;
- __u32 rdb_FileSysHeaderList;
- __u32 rdb_DriveInit;
- __u32 rdb_Reserved1[6];
- __u32 rdb_Cylinders;
- __u32 rdb_Sectors;
- __u32 rdb_Heads;
- __u32 rdb_Interleave;
- __u32 rdb_Park;
- __u32 rdb_Reserved2[3];
- __u32 rdb_WritePreComp;
- __u32 rdb_ReducedWrite;
- __u32 rdb_StepRate;
- __u32 rdb_Reserved3[5];
- __u32 rdb_RDBBlocksLo;
- __u32 rdb_RDBBlocksHi;
- __u32 rdb_LoCylinder;
- __u32 rdb_HiCylinder;
- __u32 rdb_CylBlocks;
- __u32 rdb_AutoParkSeconds;
- __u32 rdb_HighRDSKBlock;
- __u32 rdb_Reserved4;
+ __be32 rdb_FileSysHeaderList;
+ __be32 rdb_DriveInit;
+ __be32 rdb_Reserved1[6];
+ __be32 rdb_Cylinders;
+ __be32 rdb_Sectors;
+ __be32 rdb_Heads;
+ __be32 rdb_Interleave;
+ __be32 rdb_Park;
+ __be32 rdb_Reserved2[3];
+ __be32 rdb_WritePreComp;
+ __be32 rdb_ReducedWrite;
+ __be32 rdb_StepRate;
+ __be32 rdb_Reserved3[5];
+ __be32 rdb_RDBBlocksLo;
+ __be32 rdb_RDBBlocksHi;
+ __be32 rdb_LoCylinder;
+ __be32 rdb_HiCylinder;
+ __be32 rdb_CylBlocks;
+ __be32 rdb_AutoParkSeconds;
+ __be32 rdb_HighRDSKBlock;
+ __be32 rdb_Reserved4;
char rdb_DiskVendor[8];
char rdb_DiskProduct[16];
char rdb_DiskRevision[4];
char rdb_ControllerVendor[8];
char rdb_ControllerProduct[16];
char rdb_ControllerRevision[4];
- __u32 rdb_Reserved5[10];
+ __be32 rdb_Reserved5[10];
};
#define IDNAME_RIGIDDISK 0x5244534B /* "RDSK" */
@@ -50,16 +50,16 @@ struct RigidDiskBlock {
struct PartitionBlock {
__be32 pb_ID;
__be32 pb_SummedLongs;
- __s32 pb_ChkSum;
- __u32 pb_HostID;
+ __be32 pb_ChkSum;
+ __be32 pb_HostID;
__be32 pb_Next;
- __u32 pb_Flags;
- __u32 pb_Reserved1[2];
- __u32 pb_DevFlags;
+ __be32 pb_Flags;
+ __be32 pb_Reserved1[2];
+ __be32 pb_DevFlags;
__u8 pb_DriveName[32];
- __u32 pb_Reserved2[15];
+ __be32 pb_Reserved2[15];
__be32 pb_Environment[17];
- __u32 pb_EReserved[15];
+ __be32 pb_EReserved[15];
};
#define IDNAME_PARTITION 0x50415254 /* "PART" */
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 087/323] w1: fix loop in w1_fini()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 086/323] block: change all __u32 annotations to __be32 in affs_hardblocks.h Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 088/323] sh: j2: Use ioremap() to translate device tree address into kernel memory Greg Kroah-Hartman
` (239 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Krzysztof Kozlowski,
Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit 83f3fcf96fcc7e5405b37d9424c7ef26bfa203f8 ]
The __w1_remove_master_device() function calls:
list_del(&dev->w1_master_entry);
So presumably this can cause an endless loop.
Fixes: 7785925dd8e0 ("[PATCH] w1: cleanups.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/w1/w1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index cb3650efc29cd..8db9ca241d99c 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -1237,10 +1237,10 @@ static int __init w1_init(void)
static void __exit w1_fini(void)
{
- struct w1_master *dev;
+ struct w1_master *dev, *n;
/* Set netlink removal messages and some cleanup */
- list_for_each_entry(dev, &w1_masters, w1_master_entry)
+ list_for_each_entry_safe(dev, n, &w1_masters, w1_master_entry)
__w1_remove_master_device(dev);
w1_fini_netlink();
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 088/323] sh: j2: Use ioremap() to translate device tree address into kernel memory
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 087/323] w1: fix loop in w1_fini() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 089/323] media: usb: Check az6007_read() return value Greg Kroah-Hartman
` (238 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Rob Landley,
John Paul Adrian Glaubitz, Sasha Levin
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
[ Upstream commit bc9d1f0cecd2407cfb2364a7d4be2f52d1d46a9d ]
Addresses the following warning when building j2_defconfig:
arch/sh/kernel/cpu/sh2/probe.c: In function 'scan_cache':
arch/sh/kernel/cpu/sh2/probe.c:24:16: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
24 | j2_ccr_base = (u32 __iomem *)of_flat_dt_translate_address(node);
|
Fixes: 5a846abad07f ("sh: add support for J-Core J2 processor")
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Rob Landley <rob@landley.net>
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://lore.kernel.org/r/20230503125746.331835-1-glaubitz@physik.fu-berlin.de
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/kernel/cpu/sh2/probe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sh/kernel/cpu/sh2/probe.c b/arch/sh/kernel/cpu/sh2/probe.c
index a5bd036426789..75dcb1d6bc62f 100644
--- a/arch/sh/kernel/cpu/sh2/probe.c
+++ b/arch/sh/kernel/cpu/sh2/probe.c
@@ -24,7 +24,7 @@ static int __init scan_cache(unsigned long node, const char *uname,
if (!of_flat_dt_is_compatible(node, "jcore,cache"))
return 0;
- j2_ccr_base = (u32 __iomem *)of_flat_dt_translate_address(node);
+ j2_ccr_base = ioremap(of_flat_dt_translate_address(node), 4);
return 1;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 089/323] media: usb: Check az6007_read() return value
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 088/323] sh: j2: Use ioremap() to translate device tree address into kernel memory Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 090/323] media: videodev2.h: Fix struct v4l2_input tuner index comment Greg Kroah-Hartman
` (237 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Daniil Dulov, Hans Verkuil,
Sasha Levin
From: Daniil Dulov <d.dulov@aladdin.ru>
[ Upstream commit fdaca63186f59fc664b346c45b76576624b48e57 ]
If az6007_read() returns error, there is no sence to continue.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 3af2f4f15a61 ("[media] az6007: Change the az6007 read/write routine parameter")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/dvb-usb-v2/az6007.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/dvb-usb-v2/az6007.c b/drivers/media/usb/dvb-usb-v2/az6007.c
index 746926364535d..8e914be5b7c5e 100644
--- a/drivers/media/usb/dvb-usb-v2/az6007.c
+++ b/drivers/media/usb/dvb-usb-v2/az6007.c
@@ -210,7 +210,8 @@ static int az6007_rc_query(struct dvb_usb_device *d)
unsigned code;
enum rc_proto proto;
- az6007_read(d, AZ6007_READ_IR, 0, 0, st->data, 10);
+ if (az6007_read(d, AZ6007_READ_IR, 0, 0, st->data, 10) < 0)
+ return -EIO;
if (st->data[1] == 0x44)
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 090/323] media: videodev2.h: Fix struct v4l2_input tuner index comment
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 089/323] media: usb: Check az6007_read() return value Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 091/323] media: usb: siano: Fix warning due to null work_func_t function pointer Greg Kroah-Hartman
` (236 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marek Vasut, Hans Verkuil,
Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 26ae58f65e64fa7ba61d64bae752e59e08380c6a ]
VIDIOC_ENUMINPUT documentation describes the tuner field of
struct v4l2_input as index:
Documentation/userspace-api/media/v4l/vidioc-enuminput.rst
"
* - __u32
- ``tuner``
- Capture devices can have zero or more tuners (RF demodulators).
When the ``type`` is set to ``V4L2_INPUT_TYPE_TUNER`` this is an
RF connector and this field identifies the tuner. It corresponds
to struct :c:type:`v4l2_tuner` field ``index``. For
details on tuners see :ref:`tuner`.
"
Drivers I could find also use the 'tuner' field as an index, e.g.:
drivers/media/pci/bt8xx/bttv-driver.c bttv_enum_input()
drivers/media/usb/go7007/go7007-v4l2.c vidioc_enum_input()
However, the UAPI comment claims this field is 'enum v4l2_tuner_type':
include/uapi/linux/videodev2.h
This field being 'enum v4l2_tuner_type' is unlikely as it seems to be
never used that way in drivers, and documentation confirms it. It seem
this comment got in accidentally in the commit which this patch fixes.
Fix the UAPI comment to stop confusion.
This was pointed out by Dmitry while reviewing VIDIOC_ENUMINPUT
support for strace.
Fixes: 6016af82eafc ("[media] v4l2: use __u32 rather than enums in ioctl() structs")
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/videodev2.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h
index ad6a633f5848a..ac22e7f062399 100644
--- a/include/uapi/linux/videodev2.h
+++ b/include/uapi/linux/videodev2.h
@@ -1510,7 +1510,7 @@ struct v4l2_input {
__u8 name[32]; /* Label */
__u32 type; /* Type of input */
__u32 audioset; /* Associated audios (bitfield) */
- __u32 tuner; /* enum v4l2_tuner_type */
+ __u32 tuner; /* Tuner index */
v4l2_std_id std;
__u32 status;
__u32 capabilities;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 091/323] media: usb: siano: Fix warning due to null work_func_t function pointer
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 090/323] media: videodev2.h: Fix struct v4l2_input tuner index comment Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 092/323] extcon: Fix kernel doc of property fields to avoid warnings Greg Kroah-Hartman
` (235 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+27b0b464864741b18b99,
Duoming Zhou, Hans Verkuil, Sasha Levin
From: Duoming Zhou <duoming@zju.edu.cn>
[ Upstream commit 6f489a966fbeb0da63d45c2c66a8957eab604bf6 ]
The previous commit ebad8e731c1c ("media: usb: siano: Fix use after
free bugs caused by do_submit_urb") adds cancel_work_sync() in
smsusb_stop_streaming(). But smsusb_stop_streaming() may be called,
even if the work_struct surb->wq has not been initialized. As a result,
the warning will occur. One of the processes that could lead to warning
is shown below:
smsusb_probe()
smsusb_init_device()
if (!dev->in_ep || !dev->out_ep || align < 0) {
smsusb_term_device(intf);
smsusb_stop_streaming()
cancel_work_sync(&dev->surbs[i].wq);
__cancel_work_timer()
__flush_work()
if (WARN_ON(!work->func)) // work->func is null
The log reported by syzbot is shown below:
WARNING: CPU: 0 PID: 897 at kernel/workqueue.c:3066 __flush_work+0x798/0xa80 kernel/workqueue.c:3063
Modules linked in:
CPU: 0 PID: 897 Comm: kworker/0:2 Not tainted 6.2.0-rc1-syzkaller #0
RIP: 0010:__flush_work+0x798/0xa80 kernel/workqueue.c:3066
...
RSP: 0018:ffffc9000464ebf8 EFLAGS: 00010246
RAX: 1ffff11002dbb420 RBX: 0000000000000021 RCX: 1ffffffff204fa4e
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff888016dda0e8
RBP: ffffc9000464ed98 R08: 0000000000000001 R09: ffffffff90253b2f
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888016dda0e8
R13: ffff888016dda0e8 R14: ffff888016dda100 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd4331efe8 CR3: 000000000b48e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__cancel_work_timer+0x315/0x460 kernel/workqueue.c:3160
smsusb_stop_streaming drivers/media/usb/siano/smsusb.c:182 [inline]
smsusb_term_device+0xda/0x2d0 drivers/media/usb/siano/smsusb.c:344
smsusb_init_device+0x400/0x9ce drivers/media/usb/siano/smsusb.c:419
smsusb_probe+0xbbd/0xc55 drivers/media/usb/siano/smsusb.c:567
...
This patch adds check before cancel_work_sync(). If surb->wq has not
been initialized, the cancel_work_sync() will not be executed.
Reported-by: syzbot+27b0b464864741b18b99@syzkaller.appspotmail.com
Fixes: ebad8e731c1c ("media: usb: siano: Fix use after free bugs caused by do_submit_urb")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/usb/siano/smsusb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/siano/smsusb.c b/drivers/media/usb/siano/smsusb.c
index 2df3d730ea768..cd706874899c3 100644
--- a/drivers/media/usb/siano/smsusb.c
+++ b/drivers/media/usb/siano/smsusb.c
@@ -190,7 +190,8 @@ static void smsusb_stop_streaming(struct smsusb_device_t *dev)
for (i = 0; i < MAX_URBS; i++) {
usb_kill_urb(&dev->surbs[i].urb);
- cancel_work_sync(&dev->surbs[i].wq);
+ if (dev->surbs[i].wq.func)
+ cancel_work_sync(&dev->surbs[i].wq);
if (dev->surbs[i].cb) {
smscore_putbuffer(dev->coredev, dev->surbs[i].cb);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 092/323] extcon: Fix kernel doc of property fields to avoid warnings
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 091/323] media: usb: siano: Fix warning due to null work_func_t function pointer Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 093/323] extcon: Fix kernel doc of property capability " Greg Kroah-Hartman
` (234 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Chanwoo Choi,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 7e77e0b7a9f4cdf91cb0950749b40c840ea63efc ]
Kernel documentation has to be synchronized with a code, otherwise
the validator is not happy:
Function parameter or member 'usb_propval' not described in 'extcon_cable'
Function parameter or member 'chg_propval' not described in 'extcon_cable'
Function parameter or member 'jack_propval' not described in 'extcon_cable'
Function parameter or member 'disp_propval' not described in 'extcon_cable'
Describe the fields added in the past.
Fixes: 067c1652e7a7 ("extcon: Add the support for extcon property according to extcon type")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index 4c70136c7aa3c..0607806ad46e8 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -204,6 +204,10 @@ static const struct __extcon_info {
* @attr_name: "name" sysfs entry
* @attr_state: "state" sysfs entry
* @attrs: the array pointing to attr_name and attr_state for attr_g
+ * @usb_propval: the array of USB connector properties
+ * @chg_propval: the array of charger connector properties
+ * @jack_propval: the array of jack connector properties
+ * @disp_propval: the array of display connector properties
*/
struct extcon_cable {
struct extcon_dev *edev;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 093/323] extcon: Fix kernel doc of property capability fields to avoid warnings
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 092/323] extcon: Fix kernel doc of property fields to avoid warnings Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 094/323] usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Greg Kroah-Hartman
` (233 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Chanwoo Choi,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 73346b9965ebda2feb7fef8629e9b28baee820e3 ]
Kernel documentation has to be synchronized with a code, otherwise
the validator is not happy:
Function parameter or member 'usb_bits' not described in 'extcon_cable'
Function parameter or member 'chg_bits' not described in 'extcon_cable'
Function parameter or member 'jack_bits' not described in 'extcon_cable'
Function parameter or member 'disp_bits' not described in 'extcon_cable'
Describe the fields added in the past.
Fixes: ceaa98f442cf ("extcon: Add the support for the capability of each property")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/extcon/extcon.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/extcon/extcon.c b/drivers/extcon/extcon.c
index 0607806ad46e8..84fc0e48bb0e8 100644
--- a/drivers/extcon/extcon.c
+++ b/drivers/extcon/extcon.c
@@ -208,6 +208,10 @@ static const struct __extcon_info {
* @chg_propval: the array of charger connector properties
* @jack_propval: the array of jack connector properties
* @disp_propval: the array of display connector properties
+ * @usb_bits: the bit array of the USB connector property capabilities
+ * @chg_bits: the bit array of the charger connector property capabilities
+ * @jack_bits: the bit array of the jack connector property capabilities
+ * @disp_bits: the bit array of the display connector property capabilities
*/
struct extcon_cable {
struct extcon_dev *edev;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 094/323] usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 093/323] extcon: Fix kernel doc of property capability " Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 095/323] mfd: rt5033: Drop rt5033-battery sub-device Greg Kroah-Hartman
` (232 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Li Yang, Dongliang Mu, Sasha Levin
From: Li Yang <lidaxian@hust.edu.cn>
[ Upstream commit 342161c11403ea00e9febc16baab1d883d589d04 ]
Smatch reports:
drivers/usb/phy/phy-tahvo.c: tahvo_usb_probe()
warn: missing unwind goto?
After geting irq, if ret < 0, it will return without error handling to
free memory.
Just add error handling to fix this problem.
Fixes: 0d45a1373e66 ("usb: phy: tahvo: add IRQ check")
Signed-off-by: Li Yang <lidaxian@hust.edu.cn>
Reviewed-by: Dongliang Mu <dzm91@hust.edu.cn>
Link: https://lore.kernel.org/r/20230420140832.9110-1-lidaxian@hust.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/phy/phy-tahvo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/phy/phy-tahvo.c b/drivers/usb/phy/phy-tahvo.c
index 60d390e28289f..2923a7f6952dc 100644
--- a/drivers/usb/phy/phy-tahvo.c
+++ b/drivers/usb/phy/phy-tahvo.c
@@ -398,7 +398,7 @@ static int tahvo_usb_probe(struct platform_device *pdev)
tu->irq = ret = platform_get_irq(pdev, 0);
if (ret < 0)
- return ret;
+ goto err_remove_phy;
ret = request_threaded_irq(tu->irq, NULL, tahvo_usb_vbus_interrupt,
IRQF_ONESHOT,
"tahvo-vbus", tu);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 095/323] mfd: rt5033: Drop rt5033-battery sub-device
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 094/323] usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 096/323] KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes Greg Kroah-Hartman
` (231 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephan Gerhold, Jakob Hauser,
Linus Walleij, Lee Jones, Sasha Levin
From: Stephan Gerhold <stephan@gerhold.net>
[ Upstream commit 43db1344e0f8c1eb687a1d6cd5b0de3009ab66cb ]
The fuel gauge in the RT5033 PMIC (rt5033-battery) has its own I2C bus
and interrupt lines. Therefore, it is not part of the MFD device
and needs to be specified separately in the device tree.
Fixes: 0b271258544b ("mfd: rt5033: Add Richtek RT5033 driver core.")
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Signed-off-by: Jakob Hauser <jahau@rocketmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/6a8a19bc67b5be3732882e8131ad2ffcb546ac03.1684182964.git.jahau@rocketmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/rt5033.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/mfd/rt5033.c b/drivers/mfd/rt5033.c
index 9bd089c563753..94cdad91c0657 100644
--- a/drivers/mfd/rt5033.c
+++ b/drivers/mfd/rt5033.c
@@ -44,9 +44,6 @@ static const struct mfd_cell rt5033_devs[] = {
{
.name = "rt5033-charger",
.of_compatible = "richtek,rt5033-charger",
- }, {
- .name = "rt5033-battery",
- .of_compatible = "richtek,rt5033-battery",
}, {
.name = "rt5033-led",
.of_compatible = "richtek,rt5033-led",
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 096/323] KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 095/323] mfd: rt5033: Drop rt5033-battery sub-device Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 097/323] mfd: intel-lpss: Add missing check for platform_get_resource Greg Kroah-Hartman
` (230 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nico Boehr, Claudio Imbrenda,
Janosch Frank, Sasha Levin
From: Nico Boehr <nrb@linux.ibm.com>
[ Upstream commit 285cff4c0454340a4dc53f46e67f2cb1c293bd74 ]
The KVM_S390_GET_CMMA_BITS ioctl may return incorrect values when userspace
specifies a start_gfn outside of memslots.
This can occur when a VM has multiple memslots with a hole in between:
+-----+----------+--------+--------+
| ... | Slot N-1 | <hole> | Slot N |
+-----+----------+--------+--------+
^ ^ ^ ^
| | | |
GFN A A+B | |
A+B+C |
A+B+C+D
When userspace specifies a GFN in [A+B, A+B+C), it would expect to get the
CMMA values of the first dirty page in Slot N. However, userspace may get a
start_gfn of A+B+C+D with a count of 0, hence completely skipping over any
dirty pages in slot N.
The error is in kvm_s390_next_dirty_cmma(), which assumes
gfn_to_memslot_approx() will return the memslot _below_ the specified GFN
when the specified GFN lies outside a memslot. In reality it may return
either the memslot below or above the specified GFN.
When a memslot above the specified GFN is returned this happens:
- ofs is calculated, but since the memslot's base_gfn is larger than the
specified cur_gfn, ofs will underflow to a huge number.
- ofs is passed to find_next_bit(). Since ofs will exceed the memslot's
number of pages, the number of pages in the memslot is returned,
completely skipping over all bits in the memslot userspace would be
interested in.
Fix this by resetting ofs to zero when a memslot _above_ cur_gfn is
returned (cur_gfn < ms->base_gfn).
Signed-off-by: Nico Boehr <nrb@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Fixes: afdad61615cc ("KVM: s390: Fix storage attributes migration with memory slots")
Message-Id: <20230324145424.293889-2-nrb@linux.ibm.com>
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kvm/kvm-s390.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 3aade928c18dd..92041d442d2e6 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1716,6 +1716,10 @@ static unsigned long kvm_s390_next_dirty_cmma(struct kvm_memslots *slots,
ms = slots->memslots + slotidx;
ofs = 0;
}
+
+ if (cur_gfn < ms->base_gfn)
+ ofs = 0;
+
ofs = find_next_bit(kvm_second_dirty_bitmap(ms), ms->npages, ofs);
while ((slotidx > 0) && (ofs >= ms->npages)) {
slotidx--;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 097/323] mfd: intel-lpss: Add missing check for platform_get_resource
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 096/323] KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 098/323] mfd: stmpe: Only disable the regulators if they are enabled Greg Kroah-Hartman
` (229 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Lee Jones,
Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit d918e0d5824495a75d00b879118b098fcab36fdb ]
Add the missing check for platform_get_resource and return error
if it fails.
Fixes: 4b45efe85263 ("mfd: Add support for Intel Sunrisepoint LPSS devices")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20230609014818.28475-1-jiasheng@iscas.ac.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/intel-lpss-acpi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mfd/intel-lpss-acpi.c b/drivers/mfd/intel-lpss-acpi.c
index fc44fb7c595bc..281ef5f52eb55 100644
--- a/drivers/mfd/intel-lpss-acpi.c
+++ b/drivers/mfd/intel-lpss-acpi.c
@@ -92,6 +92,9 @@ static int intel_lpss_acpi_probe(struct platform_device *pdev)
return -ENOMEM;
info->mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ if (!info->mem)
+ return -ENODEV;
+
info->irq = platform_get_irq(pdev, 0);
ret = intel_lpss_probe(&pdev->dev, info);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 098/323] mfd: stmpe: Only disable the regulators if they are enabled
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 097/323] mfd: intel-lpss: Add missing check for platform_get_resource Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 099/323] rtc: st-lpc: Release some resources in st_rtc_probe() in case of error Greg Kroah-Hartman
` (228 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET, Linus Walleij,
Lee Jones, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 104d32bd81f620bb9f67fbf7d1159c414e89f05f ]
In stmpe_probe(), if some regulator_enable() calls fail, probing continues
and there is only a dev_warn().
So, if stmpe_probe() is called the regulator may not be enabled. It is
cleaner to test it before calling regulator_disable() in the remove
function.
Fixes: 9c9e321455fb ("mfd: stmpe: add optional regulators")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/8de3aaf297931d655b9ad6aed548f4de8b85425a.1686998575.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mfd/stmpe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/mfd/stmpe.c b/drivers/mfd/stmpe.c
index 722ad2c368a56..d752c56d60e42 100644
--- a/drivers/mfd/stmpe.c
+++ b/drivers/mfd/stmpe.c
@@ -1428,9 +1428,9 @@ int stmpe_probe(struct stmpe_client_info *ci, enum stmpe_partnum partnum)
int stmpe_remove(struct stmpe *stmpe)
{
- if (!IS_ERR(stmpe->vio))
+ if (!IS_ERR(stmpe->vio) && regulator_is_enabled(stmpe->vio))
regulator_disable(stmpe->vio);
- if (!IS_ERR(stmpe->vcc))
+ if (!IS_ERR(stmpe->vcc) && regulator_is_enabled(stmpe->vcc))
regulator_disable(stmpe->vcc);
mfd_remove_devices(stmpe->dev);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 099/323] rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 098/323] mfd: stmpe: Only disable the regulators if they are enabled Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 100/323] sctp: fix potential deadlock on &net->sctp.addr_wq_lock Greg Kroah-Hartman
` (227 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe JAILLET,
Alexandre Belloni, Sasha Levin
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 06c6e1b01d9261f03629cefd1f3553503291e6cf ]
If an error occurs after clk_get(), the corresponding resources should be
released.
Use devm_clk_get() to fix it.
Fixes: b5b2bdfc2893 ("rtc: st: Add new driver for ST's LPC RTC")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Link: https://lore.kernel.org/r/866af6adbc7454a7b4505eb6c28fbdc86ccff39e.1686251455.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/rtc/rtc-st-lpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/rtc/rtc-st-lpc.c b/drivers/rtc/rtc-st-lpc.c
index e66439b6247a4..e8a8ca3545f00 100644
--- a/drivers/rtc/rtc-st-lpc.c
+++ b/drivers/rtc/rtc-st-lpc.c
@@ -239,7 +239,7 @@ static int st_rtc_probe(struct platform_device *pdev)
enable_irq_wake(rtc->irq);
disable_irq(rtc->irq);
- rtc->clk = clk_get(&pdev->dev, NULL);
+ rtc->clk = devm_clk_get(&pdev->dev, NULL);
if (IS_ERR(rtc->clk)) {
dev_err(&pdev->dev, "Unable to request clock\n");
return PTR_ERR(rtc->clk);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 100/323] sctp: fix potential deadlock on &net->sctp.addr_wq_lock
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 099/323] rtc: st-lpc: Release some resources in st_rtc_probe() in case of error Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 101/323] Add MODULE_FIRMWARE() for FIRMWARE_TG357766 Greg Kroah-Hartman
` (226 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chengfeng Ye, Xin Long, Paolo Abeni,
Sasha Levin
From: Chengfeng Ye <dg573847474@gmail.com>
[ Upstream commit 6feb37b3b06e9049e20dcf7e23998f92c9c5be9a ]
As &net->sctp.addr_wq_lock is also acquired by the timer
sctp_addr_wq_timeout_handler() in protocal.c, the same lock acquisition
at sctp_auto_asconf_init() seems should disable irq since it is called
from sctp_accept() under process context.
Possible deadlock scenario:
sctp_accept()
-> sctp_sock_migrate()
-> sctp_auto_asconf_init()
-> spin_lock(&net->sctp.addr_wq_lock)
<timer interrupt>
-> sctp_addr_wq_timeout_handler()
-> spin_lock_bh(&net->sctp.addr_wq_lock); (deadlock here)
This flaw was found using an experimental static analysis tool we are
developing for irq-related deadlock.
The tentative patch fix the potential deadlock by spin_lock_bh().
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Fixes: 34e5b0118685 ("sctp: delay auto_asconf init until binding the first addr")
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://lore.kernel.org/r/20230627120340.19432-1-dg573847474@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/socket.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index a68f3d6b72335..baa825751c393 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -380,9 +380,9 @@ static void sctp_auto_asconf_init(struct sctp_sock *sp)
struct net *net = sock_net(&sp->inet.sk);
if (net->sctp.default_auto_asconf) {
- spin_lock(&net->sctp.addr_wq_lock);
+ spin_lock_bh(&net->sctp.addr_wq_lock);
list_add_tail(&sp->auto_asconf_list, &net->sctp.auto_asconf_splist);
- spin_unlock(&net->sctp.addr_wq_lock);
+ spin_unlock_bh(&net->sctp.addr_wq_lock);
sp->do_auto_asconf = 1;
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 101/323] Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 100/323] sctp: fix potential deadlock on &net->sctp.addr_wq_lock Greg Kroah-Hartman
@ 2023-08-09 10:38 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 102/323] spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Greg Kroah-Hartman
` (225 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:38 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tobias Heider, Michael Chan,
Jakub Kicinski, Sasha Levin
From: Tobias Heider <me@tobhe.de>
[ Upstream commit 046f753da6143ee16452966915087ec8b0de3c70 ]
Fixes a bug where on the M1 mac mini initramfs-tools fails to
include the necessary firmware into the initrd.
Fixes: c4dab50697ff ("tg3: Download 57766 EEE service patch firmware")
Signed-off-by: Tobias Heider <me@tobhe.de>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/ZJt7LKzjdz8+dClx@tobhe.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/tg3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
index 2cf144bbef3ee..43b83a3a28049 100644
--- a/drivers/net/ethernet/broadcom/tg3.c
+++ b/drivers/net/ethernet/broadcom/tg3.c
@@ -235,6 +235,7 @@ MODULE_DESCRIPTION("Broadcom Tigon3 ethernet driver");
MODULE_LICENSE("GPL");
MODULE_VERSION(DRV_MODULE_VERSION);
MODULE_FIRMWARE(FIRMWARE_TG3);
+MODULE_FIRMWARE(FIRMWARE_TG357766);
MODULE_FIRMWARE(FIRMWARE_TG3TSO);
MODULE_FIRMWARE(FIRMWARE_TG3TSO5);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 102/323] spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2023-08-09 10:38 ` [PATCH 4.19 101/323] Add MODULE_FIRMWARE() for FIRMWARE_TG357766 Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 103/323] mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 Greg Kroah-Hartman
` (224 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Gorski, Kamal Dasu, Mark Brown,
Sasha Levin
From: Jonas Gorski <jonas.gorski@gmail.com>
[ Upstream commit 7c1f23ad34fcdace50275a6aa1e1969b41c6233f ]
If neither a "hif_mspi" nor "mspi" resource is present, the driver will
just early exit in probe but still return success. Apart from not doing
anything meaningful, this would then also lead to a null pointer access
on removal, as platform_get_drvdata() would return NULL, which it would
then try to dereference when trying to unregister the spi master.
Fix this by unconditionally calling devm_ioremap_resource(), as it can
handle a NULL res and will then return a viable ERR_PTR() if we get one.
The "return 0;" was previously a "goto qspi_resource_err;" where then
ret was returned, but since ret was still initialized to 0 at this place
this was a valid conversion in 63c5395bb7a9 ("spi: bcm-qspi: Fix
use-after-free on unbind"). The issue was not introduced by this commit,
only made more obvious.
Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Reviewed-by: Kamal Dasu <kamal.dasu@broadcom.com>
Link: https://lore.kernel.org/r/20230629134306.95823-1-jonas.gorski@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-bcm-qspi.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/drivers/spi/spi-bcm-qspi.c b/drivers/spi/spi-bcm-qspi.c
index 3f291db7b39a0..e3c69b6237708 100644
--- a/drivers/spi/spi-bcm-qspi.c
+++ b/drivers/spi/spi-bcm-qspi.c
@@ -1255,13 +1255,9 @@ int bcm_qspi_probe(struct platform_device *pdev,
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
"mspi");
- if (res) {
- qspi->base[MSPI] = devm_ioremap_resource(dev, res);
- if (IS_ERR(qspi->base[MSPI]))
- return PTR_ERR(qspi->base[MSPI]);
- } else {
- return 0;
- }
+ qspi->base[MSPI] = devm_ioremap_resource(dev, res);
+ if (IS_ERR(qspi->base[MSPI]))
+ return PTR_ERR(qspi->base[MSPI]);
res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "bspi");
if (res) {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 103/323] mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 102/323] spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 104/323] f2fs: fix error path handling in truncate_dnode() Greg Kroah-Hartman
` (223 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nishanth Menon, Jassi Brar,
Sasha Levin
From: Nishanth Menon <nm@ti.com>
[ Upstream commit 1b712f18c461bd75f018033a15cf381e712806b5 ]
Sec proxy/message manager data buffer is 60 bytes with the last of the
registers indicating transmission completion. This however poses a bit
of a challenge.
The backing memory for sec_proxy / message manager is regular memory,
and all sec proxy does is to trigger a burst of all 60 bytes of data
over to the target thread backing ring accelerator. It doesn't do a
memory scrub when it moves data out in the burst. When we transmit
multiple messages, remnants of previous message is also transmitted
which results in some random data being set in TISCI fields of
messages that have been expanded forward.
The entire concept of backward compatibility hinges on the fact that
the unused message fields remain 0x0 allowing for 0x0 value to be
specially considered when backward compatibility of message extension
is done.
So, instead of just writing the completion register, we continue
to fill the message buffer up with 0x0 (note: for partial message
involving completion, we already do this).
This allows us to scale and introduce ABI changes back also work with
other boot stages that may have left data in the internal memory.
While at this, be consistent and explicit with the data_reg pointer
increment.
Fixes: aace66b170ce ("mailbox: Introduce TI message manager driver")
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mailbox/ti-msgmgr.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/mailbox/ti-msgmgr.c b/drivers/mailbox/ti-msgmgr.c
index 01e9e462512b7..eb1e9771037f2 100644
--- a/drivers/mailbox/ti-msgmgr.c
+++ b/drivers/mailbox/ti-msgmgr.c
@@ -385,14 +385,20 @@ static int ti_msgmgr_send_data(struct mbox_chan *chan, void *data)
/* Ensure all unused data is 0 */
data_trail &= 0xFFFFFFFF >> (8 * (sizeof(u32) - trail_bytes));
writel(data_trail, data_reg);
- data_reg++;
+ data_reg += sizeof(u32);
}
+
/*
* 'data_reg' indicates next register to write. If we did not already
* write on tx complete reg(last reg), we must do so for transmit
+ * In addition, we also need to make sure all intermediate data
+ * registers(if any required), are reset to 0 for TISCI backward
+ * compatibility to be maintained.
*/
- if (data_reg <= qinst->queue_buff_end)
- writel(0, qinst->queue_buff_end);
+ while (data_reg <= qinst->queue_buff_end) {
+ writel(0, data_reg);
+ data_reg += sizeof(u32);
+ }
return 0;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 104/323] f2fs: fix error path handling in truncate_dnode()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 103/323] mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 105/323] powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y Greg Kroah-Hartman
` (222 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Chao Yu, Jaegeuk Kim, Sasha Levin
From: Chao Yu <chao@kernel.org>
[ Upstream commit 0135c482fa97e2fd8245cb462784112a00ed1211 ]
If truncate_node() fails in truncate_dnode(), it missed to call
f2fs_put_page(), fix it.
Fixes: 7735730d39d7 ("f2fs: fix to propagate error from __get_meta_page()")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/node.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 2c28f488ac2f0..9911f780e0136 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -879,8 +879,10 @@ static int truncate_dnode(struct dnode_of_data *dn)
dn->ofs_in_node = 0;
f2fs_truncate_data_blocks(dn);
err = truncate_node(dn);
- if (err)
+ if (err) {
+ f2fs_put_page(page, 1);
return err;
+ }
return 1;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 105/323] powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 104/323] f2fs: fix error path handling in truncate_dnode() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 106/323] net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode Greg Kroah-Hartman
` (221 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Pali Rohár,
Christophe Leroy, Michael Ellerman, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 39f49684036d24af800ff194c33c7b2653c591d7 ]
In a randconfig with CONFIG_SERIAL_CPM=m and
CONFIG_PPC_EARLY_DEBUG_CPM=y, there is a build error:
ERROR: modpost: "udbg_putc" [drivers/tty/serial/cpm_uart/cpm_uart.ko] undefined!
Prevent the build error by allowing PPC_EARLY_DEBUG_CPM only when
SERIAL_CPM=y.
Fixes: c374e00e17f1 ("[POWERPC] Add early debug console for CPM serial ports.")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230701054714.30512-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/Kconfig.debug | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index ffe0cf0f0bea2..923b3b794d13f 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -232,7 +232,7 @@ config PPC_EARLY_DEBUG_40x
config PPC_EARLY_DEBUG_CPM
bool "Early serial debugging for Freescale CPM-based serial ports"
- depends on SERIAL_CPM
+ depends on SERIAL_CPM=y
help
Select this to enable early debugging for Freescale chips
using a CPM-based serial port. This assumes that the bootwrapper
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 106/323] net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 105/323] powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 107/323] tcp: annotate data races in __tcp_oow_rate_limited() Greg Kroah-Hartman
` (220 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Ido Schimmel,
David S. Miller, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 6ca3c005d0604e8d2b439366e3923ea58db99641 ]
According to the synchronization rules for .ndo_get_stats() as seen in
Documentation/networking/netdevices.rst, acquiring a plain spin_lock()
should not be illegal, but the bridge driver implementation makes it so.
After running these commands, I am being faced with the following
lockdep splat:
$ ip link add link swp0 name macsec0 type macsec encrypt on && ip link set swp0 up
$ ip link add dev br0 type bridge vlan_filtering 1 && ip link set br0 up
$ ip link set macsec0 master br0 && ip link set macsec0 up
========================================================
WARNING: possible irq lock inversion dependency detected
6.4.0-04295-g31b577b4bd4a #603 Not tainted
--------------------------------------------------------
swapper/1/0 just changed the state of lock:
ffff6bd348724cd8 (&br->lock){+.-.}-{3:3}, at: br_forward_delay_timer_expired+0x34/0x198
but this lock took another, SOFTIRQ-unsafe lock in the past:
(&ocelot->stats_lock){+.+.}-{3:3}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Chain exists of:
&br->lock --> &br->hash_lock --> &ocelot->stats_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ocelot->stats_lock);
local_irq_disable();
lock(&br->lock);
lock(&br->hash_lock);
<Interrupt>
lock(&br->lock);
*** DEADLOCK ***
(details about the 3 locks skipped)
swp0 is instantiated by drivers/net/dsa/ocelot/felix.c, and this
only matters to the extent that its .ndo_get_stats64() method calls
spin_lock(&ocelot->stats_lock).
Documentation/locking/lockdep-design.rst says:
| A lock is irq-safe means it was ever used in an irq context, while a lock
| is irq-unsafe means it was ever acquired with irq enabled.
(...)
| Furthermore, the following usage based lock dependencies are not allowed
| between any two lock-classes::
|
| <hardirq-safe> -> <hardirq-unsafe>
| <softirq-safe> -> <softirq-unsafe>
Lockdep marks br->hash_lock as softirq-safe, because it is sometimes
taken in softirq context (for example br_fdb_update() which runs in
NET_RX softirq), and when it's not in softirq context it blocks softirqs
by using spin_lock_bh().
Lockdep marks ocelot->stats_lock as softirq-unsafe, because it never
blocks softirqs from running, and it is never taken from softirq
context. So it can always be interrupted by softirqs.
There is a call path through which a function that holds br->hash_lock:
fdb_add_hw_addr() will call a function that acquires ocelot->stats_lock:
ocelot_port_get_stats64(). This can be seen below:
ocelot_port_get_stats64+0x3c/0x1e0
felix_get_stats64+0x20/0x38
dsa_slave_get_stats64+0x3c/0x60
dev_get_stats+0x74/0x2c8
rtnl_fill_stats+0x4c/0x150
rtnl_fill_ifinfo+0x5cc/0x7b8
rtmsg_ifinfo_build_skb+0xe4/0x150
rtmsg_ifinfo+0x5c/0xb0
__dev_notify_flags+0x58/0x200
__dev_set_promiscuity+0xa0/0x1f8
dev_set_promiscuity+0x30/0x70
macsec_dev_change_rx_flags+0x68/0x88
__dev_set_promiscuity+0x1a8/0x1f8
__dev_set_rx_mode+0x74/0xa8
dev_uc_add+0x74/0xa0
fdb_add_hw_addr+0x68/0xd8
fdb_add_local+0xc4/0x110
br_fdb_add_local+0x54/0x88
br_add_if+0x338/0x4a0
br_add_slave+0x20/0x38
do_setlink+0x3a4/0xcb8
rtnl_newlink+0x758/0x9d0
rtnetlink_rcv_msg+0x2f0/0x550
netlink_rcv_skb+0x128/0x148
rtnetlink_rcv+0x24/0x38
the plain English explanation for it is:
The macsec0 bridge port is created without p->flags & BR_PROMISC,
because it is what br_manage_promisc() decides for a VLAN filtering
bridge with a single auto port.
As part of the br_add_if() procedure, br_fdb_add_local() is called for
the MAC address of the device, and this results in a call to
dev_uc_add() for macsec0 while the softirq-safe br->hash_lock is taken.
Because macsec0 does not have IFF_UNICAST_FLT, dev_uc_add() ends up
calling __dev_set_promiscuity() for macsec0, which is propagated by its
implementation, macsec_dev_change_rx_flags(), to the lower device: swp0.
This triggers the call path:
dev_set_promiscuity(swp0)
-> rtmsg_ifinfo()
-> dev_get_stats()
-> ocelot_port_get_stats64()
with a calling context that lockdep doesn't like (br->hash_lock held).
Normally we don't see this, because even though many drivers that can be
bridge ports don't support IFF_UNICAST_FLT, we need a driver that
(a) doesn't support IFF_UNICAST_FLT, *and*
(b) it forwards the IFF_PROMISC flag to another driver, and
(c) *that* driver implements ndo_get_stats64() using a softirq-unsafe
spinlock.
Condition (b) is necessary because the first __dev_set_rx_mode() calls
__dev_set_promiscuity() with "bool notify=false", and thus, the
rtmsg_ifinfo() code path won't be entered.
The same criteria also hold true for DSA switches which don't report
IFF_UNICAST_FLT. When the DSA master uses a spin_lock() in its
ndo_get_stats64() method, the same lockdep splat can be seen.
I think the deadlock possibility is real, even though I didn't reproduce
it, and I'm thinking of the following situation to support that claim:
fdb_add_hw_addr() runs on a CPU A, in a context with softirqs locally
disabled and br->hash_lock held, and may end up attempting to acquire
ocelot->stats_lock.
In parallel, ocelot->stats_lock is currently held by a thread B (say,
ocelot_check_stats_work()), which is interrupted while holding it by a
softirq which attempts to lock br->hash_lock.
Thread B cannot make progress because br->hash_lock is held by A. Whereas
thread A cannot make progress because ocelot->stats_lock is held by B.
When taking the issue at face value, the bridge can avoid that problem
by simply making the ports promiscuous from a code path with a saner
calling context (br->hash_lock not held). A bridge port without
IFF_UNICAST_FLT is going to become promiscuous as soon as we call
dev_uc_add() on it (which we do unconditionally), so why not be
preemptive and make it promiscuous right from the beginning, so as to
not be taken by surprise.
With this, we've broken the links between code that holds br->hash_lock
or br->lock and code that calls into the ndo_change_rx_flags() or
ndo_get_stats64() ops of the bridge port.
Fixes: 2796d0c648c9 ("bridge: Automatically manage port promiscuous mode.")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/bridge/br_if.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index b5fb2b682e191..ab539551b7d39 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -161,8 +161,9 @@ void br_manage_promisc(struct net_bridge *br)
* This lets us disable promiscuous mode and write
* this config to hw.
*/
- if (br->auto_cnt == 0 ||
- (br->auto_cnt == 1 && br_auto_port(p)))
+ if ((p->dev->priv_flags & IFF_UNICAST_FLT) &&
+ (br->auto_cnt == 0 ||
+ (br->auto_cnt == 1 && br_auto_port(p))))
br_port_clear_promisc(p);
else
br_port_set_promisc(p);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 107/323] tcp: annotate data races in __tcp_oow_rate_limited()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 106/323] net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 108/323] net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX Greg Kroah-Hartman
` (219 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David S. Miller,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 998127cdb4699b9d470a9348ffe9f1154346be5f ]
request sockets are lockless, __tcp_oow_rate_limited() could be called
on the same object from different cpus. This is harmless.
Add READ_ONCE()/WRITE_ONCE() annotations to avoid a KCSAN report.
Fixes: 4ce7e93cb3fe ("tcp: rate limit ACK sent by SYN_RECV request sockets")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_input.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index bd921fa7b9ab4..281f7799aeafc 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3429,8 +3429,11 @@ static int tcp_ack_update_window(struct sock *sk, const struct sk_buff *skb, u32
static bool __tcp_oow_rate_limited(struct net *net, int mib_idx,
u32 *last_oow_ack_time)
{
- if (*last_oow_ack_time) {
- s32 elapsed = (s32)(tcp_jiffies32 - *last_oow_ack_time);
+ /* Paired with the WRITE_ONCE() in this function. */
+ u32 val = READ_ONCE(*last_oow_ack_time);
+
+ if (val) {
+ s32 elapsed = (s32)(tcp_jiffies32 - val);
if (0 <= elapsed &&
elapsed < READ_ONCE(net->ipv4.sysctl_tcp_invalid_ratelimit)) {
@@ -3439,7 +3442,10 @@ static bool __tcp_oow_rate_limited(struct net *net, int mib_idx,
}
}
- *last_oow_ack_time = tcp_jiffies32;
+ /* Paired with the prior READ_ONCE() and with itself,
+ * as we might be lockless.
+ */
+ WRITE_ONCE(*last_oow_ack_time, tcp_jiffies32);
return false; /* not rate-limited: go ahead, send dupack now! */
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 108/323] net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 107/323] tcp: annotate data races in __tcp_oow_rate_limited() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 109/323] sh: dma: Fix DMA channel offset calculation Greg Kroah-Hartman
` (218 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lin Ma, Pedro Tammela, Paolo Abeni,
Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 30c45b5361d39b4b793780ffac5538090b9e2eb1 ]
The attribute TCA_PEDIT_PARMS_EX is not be included in pedit_policy and
one malicious user could fake a TCA_PEDIT_PARMS_EX whose length is
smaller than the intended sizeof(struct tc_pedit). Hence, the
dereference in tcf_pedit_init() could access dirty heap data.
static int tcf_pedit_init(...)
{
// ...
pattr = tb[TCA_PEDIT_PARMS]; // TCA_PEDIT_PARMS is included
if (!pattr)
pattr = tb[TCA_PEDIT_PARMS_EX]; // but this is not
// ...
parm = nla_data(pattr);
index = parm->index; // parm is able to be smaller than 4 bytes
// and this dereference gets dirty skb_buff
// data created in netlink_sendmsg
}
This commit adds TCA_PEDIT_PARMS_EX length in pedit_policy which avoid
the above case, just like the TCA_PEDIT_PARMS.
Fixes: 71d0ed7079df ("net/act_pedit: Support using offset relative to the conventional network headers")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Link: https://lore.kernel.org/r/20230703110842.590282-1-linma@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/act_pedit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c
index aeb8f84cbd9e2..255d4ecf62522 100644
--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@@ -29,6 +29,7 @@ static struct tc_action_ops act_pedit_ops;
static const struct nla_policy pedit_policy[TCA_PEDIT_MAX + 1] = {
[TCA_PEDIT_PARMS] = { .len = sizeof(struct tc_pedit) },
+ [TCA_PEDIT_PARMS_EX] = { .len = sizeof(struct tc_pedit) },
[TCA_PEDIT_KEYS_EX] = { .type = NLA_NESTED },
};
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 109/323] sh: dma: Fix DMA channel offset calculation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 108/323] net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 110/323] i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() Greg Kroah-Hartman
` (217 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Artur Rojek, Geert Uytterhoeven,
John Paul Adrian Glaubitz, Sasha Levin
From: Artur Rojek <contact@artur-rojek.eu>
[ Upstream commit e82e47584847129a20b8c9f4a1dcde09374fb0e0 ]
Various SoCs of the SH3, SH4 and SH4A family, which use this driver,
feature a differing number of DMA channels, which can be distributed
between up to two DMAC modules. The existing implementation fails to
correctly accommodate for all those variations, resulting in wrong
channel offset calculations and leading to kernel panics.
Rewrite dma_base_addr() in order to properly calculate channel offsets
in a DMAC module. Fix dmaor_read_reg() and dmaor_write_reg(), so that
the correct DMAC module base is selected for the DMAOR register.
Fixes: 7f47c7189b3e8f19 ("sh: dma: More legacy cpu dma chainsawing.")
Signed-off-by: Artur Rojek <contact@artur-rojek.eu>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Link: https://lore.kernel.org/r/20230527164452.64797-2-contact@artur-rojek.eu
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sh/drivers/dma/dma-sh.c | 37 +++++++++++++++++++++++-------------
1 file changed, 24 insertions(+), 13 deletions(-)
diff --git a/arch/sh/drivers/dma/dma-sh.c b/arch/sh/drivers/dma/dma-sh.c
index afde2a7d3eb35..e0679d8a9b34b 100644
--- a/arch/sh/drivers/dma/dma-sh.c
+++ b/arch/sh/drivers/dma/dma-sh.c
@@ -21,6 +21,18 @@
#include <cpu/dma-register.h>
#include <cpu/dma.h>
+/*
+ * Some of the SoCs feature two DMAC modules. In such a case, the channels are
+ * distributed equally among them.
+ */
+#ifdef SH_DMAC_BASE1
+#define SH_DMAC_NR_MD_CH (CONFIG_NR_ONCHIP_DMA_CHANNELS / 2)
+#else
+#define SH_DMAC_NR_MD_CH CONFIG_NR_ONCHIP_DMA_CHANNELS
+#endif
+
+#define SH_DMAC_CH_SZ 0x10
+
/*
* Define the default configuration for dual address memory-memory transfer.
* The 0x400 value represents auto-request, external->external.
@@ -32,7 +44,7 @@ static unsigned long dma_find_base(unsigned int chan)
unsigned long base = SH_DMAC_BASE0;
#ifdef SH_DMAC_BASE1
- if (chan >= 6)
+ if (chan >= SH_DMAC_NR_MD_CH)
base = SH_DMAC_BASE1;
#endif
@@ -43,13 +55,13 @@ static unsigned long dma_base_addr(unsigned int chan)
{
unsigned long base = dma_find_base(chan);
- /* Normalize offset calculation */
- if (chan >= 9)
- chan -= 6;
- if (chan >= 4)
- base += 0x10;
+ chan = (chan % SH_DMAC_NR_MD_CH) * SH_DMAC_CH_SZ;
+
+ /* DMAOR is placed inside the channel register space. Step over it. */
+ if (chan >= DMAOR)
+ base += SH_DMAC_CH_SZ;
- return base + (chan * 0x10);
+ return base + chan;
}
#ifdef CONFIG_SH_DMA_IRQ_MULTI
@@ -253,12 +265,11 @@ static int sh_dmac_get_dma_residue(struct dma_channel *chan)
#define NR_DMAOR 1
#endif
-/*
- * DMAOR bases are broken out amongst channel groups. DMAOR0 manages
- * channels 0 - 5, DMAOR1 6 - 11 (optional).
- */
-#define dmaor_read_reg(n) __raw_readw(dma_find_base((n)*6))
-#define dmaor_write_reg(n, data) __raw_writew(data, dma_find_base(n)*6)
+#define dmaor_read_reg(n) __raw_readw(dma_find_base((n) * \
+ SH_DMAC_NR_MD_CH) + DMAOR)
+#define dmaor_write_reg(n, data) __raw_writew(data, \
+ dma_find_base((n) * \
+ SH_DMAC_NR_MD_CH) + DMAOR)
static inline int dmaor_reset(int no)
{
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 110/323] i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 109/323] sh: dma: Fix DMA channel offset calculation Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 111/323] i2c: xiic: Dont try to handle more interrupt events after error Greg Kroah-Hartman
` (216 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Michal Simek,
Wolfram Sang, Sasha Levin
From: Marek Vasut <marex@denx.de>
[ Upstream commit 743e227a895923c37a333eb2ebf3e391f00c406d ]
The __xiic_start_xfer() manipulates the interrupt flags, xiic_wakeup()
may result in return from xiic_xfer() early. Defer both to the end of
the xiic_process() interrupt thread, so that they are executed after
all the other interrupt bits handling completed and once it completely
safe to perform changes to the interrupt bits in the hardware.
Signed-off-by: Marek Vasut <marex@denx.de>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Stable-dep-of: cb6e45c9a0ad ("i2c: xiic: Don't try to handle more interrupt events after error")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-xiic.c | 37 ++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c
index 03ce9b7d6456a..c7f74687282ea 100644
--- a/drivers/i2c/busses/i2c-xiic.c
+++ b/drivers/i2c/busses/i2c-xiic.c
@@ -362,6 +362,9 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
struct xiic_i2c *i2c = dev_id;
u32 pend, isr, ier;
u32 clr = 0;
+ int xfer_more = 0;
+ int wakeup_req = 0;
+ int wakeup_code = 0;
/* Get the interrupt Status from the IPIF. There is no clearing of
* interrupts in the IPIF. Interrupts must be cleared at the source.
@@ -398,10 +401,14 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
*/
xiic_reinit(i2c);
- if (i2c->rx_msg)
- xiic_wakeup(i2c, STATE_ERROR);
- if (i2c->tx_msg)
- xiic_wakeup(i2c, STATE_ERROR);
+ if (i2c->rx_msg) {
+ wakeup_req = 1;
+ wakeup_code = STATE_ERROR;
+ }
+ if (i2c->tx_msg) {
+ wakeup_req = 1;
+ wakeup_code = STATE_ERROR;
+ }
}
if (pend & XIIC_INTR_RX_FULL_MASK) {
/* Receive register/FIFO is full */
@@ -435,8 +442,7 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
i2c->tx_msg++;
dev_dbg(i2c->adap.dev.parent,
"%s will start next...\n", __func__);
-
- __xiic_start_xfer(i2c);
+ xfer_more = 1;
}
}
}
@@ -450,11 +456,13 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
if (!i2c->tx_msg)
goto out;
- if ((i2c->nmsgs == 1) && !i2c->rx_msg &&
- xiic_tx_space(i2c) == 0)
- xiic_wakeup(i2c, STATE_DONE);
+ wakeup_req = 1;
+
+ if (i2c->nmsgs == 1 && !i2c->rx_msg &&
+ xiic_tx_space(i2c) == 0)
+ wakeup_code = STATE_DONE;
else
- xiic_wakeup(i2c, STATE_ERROR);
+ wakeup_code = STATE_ERROR;
}
if (pend & (XIIC_INTR_TX_EMPTY_MASK | XIIC_INTR_TX_HALF_MASK)) {
/* Transmit register/FIFO is empty or ½ empty */
@@ -478,7 +486,7 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
if (i2c->nmsgs > 1) {
i2c->nmsgs--;
i2c->tx_msg++;
- __xiic_start_xfer(i2c);
+ xfer_more = 1;
} else {
xiic_irq_dis(i2c, XIIC_INTR_TX_HALF_MASK);
@@ -496,6 +504,13 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
dev_dbg(i2c->adap.dev.parent, "%s clr: 0x%x\n", __func__, clr);
xiic_setreg32(i2c, XIIC_IISR_OFFSET, clr);
+ if (xfer_more)
+ __xiic_start_xfer(i2c);
+ if (wakeup_req)
+ xiic_wakeup(i2c, wakeup_code);
+
+ WARN_ON(xfer_more && wakeup_req);
+
mutex_unlock(&i2c->lock);
return IRQ_HANDLED;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 111/323] i2c: xiic: Dont try to handle more interrupt events after error
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 110/323] i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 112/323] ALSA: jack: Fix mutex call in snd_jack_report() Greg Kroah-Hartman
` (215 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Robert Hancock, Andi Shyti,
Wolfram Sang, Sasha Levin
From: Robert Hancock <robert.hancock@calian.com>
[ Upstream commit cb6e45c9a0ad9e0f8664fd06db0227d185dc76ab ]
In xiic_process, it is possible that error events such as arbitration
lost or TX error can be raised in conjunction with other interrupt flags
such as TX FIFO empty or bus not busy. Error events result in the
controller being reset and the error returned to the calling request,
but the function could potentially try to keep handling the other
events, such as by writing more messages into the TX FIFO. Since the
transaction has already failed, this is not helpful and will just cause
issues.
This problem has been present ever since:
commit 7f9906bd7f72 ("i2c: xiic: Service all interrupts in isr")
which allowed non-error events to be handled after errors, but became
more obvious after:
commit 743e227a8959 ("i2c: xiic: Defer xiic_wakeup() and
__xiic_start_xfer() in xiic_process()")
which reworked the code to add a WARN_ON which triggers if both the
xfer_more and wakeup_req flags were set, since this combination is
not supposed to happen, but was occurring in this scenario.
Skip further interrupt handling after error flags are detected to avoid
this problem.
Fixes: 7f9906bd7f72 ("i2c: xiic: Service all interrupts in isr")
Signed-off-by: Robert Hancock <robert.hancock@calian.com>
Acked-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-xiic.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c
index c7f74687282ea..c1f85114ab812 100644
--- a/drivers/i2c/busses/i2c-xiic.c
+++ b/drivers/i2c/busses/i2c-xiic.c
@@ -409,6 +409,8 @@ static irqreturn_t xiic_process(int irq, void *dev_id)
wakeup_req = 1;
wakeup_code = STATE_ERROR;
}
+ /* don't try to handle other events */
+ goto out;
}
if (pend & XIIC_INTR_RX_FULL_MASK) {
/* Receive register/FIFO is full */
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 112/323] ALSA: jack: Fix mutex call in snd_jack_report()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 111/323] i2c: xiic: Dont try to handle more interrupt events after error Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 113/323] NFSD: add encoding of op_recall flag for write delegation Greg Kroah-Hartman
` (214 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter,
Amadeusz Sławiński, Takashi Iwai, Sasha Levin
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 89dbb335cb6a627a4067bc42caa09c8bc3326d40 ]
snd_jack_report() is supposed to be callable from an IRQ context, too,
and it's indeed used in that way from virtsnd driver. The fix for
input_dev race in commit 1b6a6fc5280e ("ALSA: jack: Access input_dev
under mutex"), however, introduced a mutex lock in snd_jack_report(),
and this resulted in a potential sleep-in-atomic.
For addressing that problem, this patch changes the relevant code to
use the object get/put and removes the mutex usage. That is,
snd_jack_report(), it takes input_get_device() and leaves with
input_put_device() for assuring the input_dev being assigned.
Although the whole mutex could be reduced, we keep it because it can
be still a protection for potential races between creation and
deletion.
Fixes: 1b6a6fc5280e ("ALSA: jack: Access input_dev under mutex")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/cf95f7fe-a748-4990-8378-000491b40329@moroto.mountain
Tested-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20230706155357.3470-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/core/jack.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/sound/core/jack.c b/sound/core/jack.c
index 074b15fcb0ac4..06e0fc7b64179 100644
--- a/sound/core/jack.c
+++ b/sound/core/jack.c
@@ -378,6 +378,7 @@ void snd_jack_report(struct snd_jack *jack, int status)
{
struct snd_jack_kctl *jack_kctl;
#ifdef CONFIG_SND_JACK_INPUT_DEV
+ struct input_dev *idev;
int i;
#endif
@@ -389,30 +390,28 @@ void snd_jack_report(struct snd_jack *jack, int status)
status & jack_kctl->mask_bits);
#ifdef CONFIG_SND_JACK_INPUT_DEV
- mutex_lock(&jack->input_dev_lock);
- if (!jack->input_dev) {
- mutex_unlock(&jack->input_dev_lock);
+ idev = input_get_device(jack->input_dev);
+ if (!idev)
return;
- }
for (i = 0; i < ARRAY_SIZE(jack->key); i++) {
int testbit = SND_JACK_BTN_0 >> i;
if (jack->type & testbit)
- input_report_key(jack->input_dev, jack->key[i],
+ input_report_key(idev, jack->key[i],
status & testbit);
}
for (i = 0; i < ARRAY_SIZE(jack_switch_types); i++) {
int testbit = 1 << i;
if (jack->type & testbit)
- input_report_switch(jack->input_dev,
+ input_report_switch(idev,
jack_switch_types[i],
status & testbit);
}
- input_sync(jack->input_dev);
- mutex_unlock(&jack->input_dev_lock);
+ input_sync(idev);
+ input_put_device(idev);
#endif /* CONFIG_SND_JACK_INPUT_DEV */
}
EXPORT_SYMBOL(snd_jack_report);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 113/323] NFSD: add encoding of op_recall flag for write delegation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 112/323] ALSA: jack: Fix mutex call in snd_jack_report() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 114/323] mmc: core: disable TRIM on Kingston EMMC04G-M627 Greg Kroah-Hartman
` (213 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dai Ngo, Jeff Layton, Chuck Lever
From: Dai Ngo <dai.ngo@oracle.com>
commit 58f5d894006d82ed7335e1c37182fbc5f08c2f51 upstream.
Modified nfsd4_encode_open to encode the op_recall flag properly
for OPEN result with write delegation granted.
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4xdr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -3403,7 +3403,7 @@ nfsd4_encode_open(struct nfsd4_compoundr
p = xdr_reserve_space(xdr, 32);
if (!p)
return nfserr_resource;
- *p++ = cpu_to_be32(0);
+ *p++ = cpu_to_be32(open->op_recall);
/*
* TODO: space_limit's in delegations
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 114/323] mmc: core: disable TRIM on Kingston EMMC04G-M627
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 113/323] NFSD: add encoding of op_recall flag for write delegation Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 115/323] mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M Greg Kroah-Hartman
` (212 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Robert Marko, Ulf Hansson
From: Robert Marko <robimarko@gmail.com>
commit f1738a1f816233e6dfc2407f24a31d596643fd90 upstream.
It seems that Kingston EMMC04G-M627 despite advertising TRIM support does
not work when the core is trying to use REQ_OP_WRITE_ZEROES.
We are seeing I/O errors in OpenWrt under 6.1 on Zyxel NBG7815 that we did
not previously have and tracked it down to REQ_OP_WRITE_ZEROES.
Trying to use fstrim seems to also throw errors like:
[93010.835112] I/O error, dev loop0, sector 16902 op 0x3:(DISCARD) flags 0x800 phys_seg 1 prio class 2
Disabling TRIM makes the error go away, so lets add a quirk for this eMMC
to disable TRIM.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230619193621.437358-1-robimarko@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/quirks.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/mmc/core/quirks.h
+++ b/drivers/mmc/core/quirks.h
@@ -91,6 +91,13 @@ static const struct mmc_fixup mmc_blk_fi
MMC_QUIRK_SEC_ERASE_TRIM_BROKEN),
/*
+ * Kingston EMMC04G-M627 advertises TRIM but it does not seems to
+ * support being used to offload WRITE_ZEROES.
+ */
+ MMC_FIXUP("M62704", CID_MANFID_KINGSTON, 0x0100, add_quirk_mmc,
+ MMC_QUIRK_TRIM_BROKEN),
+
+ /*
* On Some Kingston eMMCs, performing trim can result in
* unrecoverable data conrruption occasionally due to a firmware bug.
*/
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 115/323] mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 114/323] mmc: core: disable TRIM on Kingston EMMC04G-M627 Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 116/323] bcache: Remove unnecessary NULL point check in node allocations Greg Kroah-Hartman
` (211 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Robert Marko, Ulf Hansson
From: Robert Marko <robimarko@gmail.com>
commit dbfbddcddcebc9ce8a08757708d4e4a99d238e44 upstream.
It seems that Micron MTFC4GACAJCN-1M despite advertising TRIM support does
not work when the core is trying to use REQ_OP_WRITE_ZEROES.
We are seeing the following errors in OpenWrt under 6.1 on Qnap Qhora 301W
that we did not previously have and tracked it down to REQ_OP_WRITE_ZEROES:
[ 18.085950] I/O error, dev loop0, sector 596 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2
Disabling TRIM makes the error go away, so lets add a quirk for this eMMC
to disable TRIM.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230530213259.1776512-1-robimarko@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/quirks.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/mmc/core/quirks.h
+++ b/drivers/mmc/core/quirks.h
@@ -98,6 +98,13 @@ static const struct mmc_fixup mmc_blk_fi
MMC_QUIRK_TRIM_BROKEN),
/*
+ * Micron MTFC4GACAJCN-1M advertises TRIM but it does not seems to
+ * support being used to offload WRITE_ZEROES.
+ */
+ MMC_FIXUP("Q2J54A", CID_MANFID_MICRON, 0x014e, add_quirk_mmc,
+ MMC_QUIRK_TRIM_BROKEN),
+
+ /*
* On Some Kingston eMMCs, performing trim can result in
* unrecoverable data conrruption occasionally due to a firmware bug.
*/
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 116/323] bcache: Remove unnecessary NULL point check in node allocations
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 115/323] mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 117/323] integrity: Fix possible multiple allocation in integrity_inode_get() Greg Kroah-Hartman
` (210 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheng Wang, Coly Li, Jens Axboe
From: Zheng Wang <zyytlz.wz@163.com>
commit 028ddcac477b691dd9205c92f991cc15259d033e upstream.
Due to the previous fix of __bch_btree_node_alloc, the return value will
never be a NULL pointer. So IS_ERR is enough to handle the failure
situation. Fix it by replacing IS_ERR_OR_NULL check by an IS_ERR check.
Fixes: cafe56359144 ("bcache: A block layer cache")
Cc: stable@vger.kernel.org
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Coly Li <colyli@suse.de>
Link: https://lore.kernel.org/r/20230615121223.22502-5-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/bcache/btree.c | 10 +++++-----
drivers/md/bcache/super.c | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1174,7 +1174,7 @@ static struct btree *btree_node_alloc_re
{
struct btree *n = bch_btree_node_alloc(b->c, op, b->level, b->parent);
- if (!IS_ERR_OR_NULL(n)) {
+ if (!IS_ERR(n)) {
mutex_lock(&n->write_lock);
bch_btree_sort_into(&b->keys, &n->keys, &b->c->sort);
bkey_copy_key(&n->key, &b->key);
@@ -1377,7 +1377,7 @@ static int btree_gc_coalesce(struct btre
memset(new_nodes, 0, sizeof(new_nodes));
closure_init_stack(&cl);
- while (nodes < GC_MERGE_NODES && !IS_ERR_OR_NULL(r[nodes].b))
+ while (nodes < GC_MERGE_NODES && !IS_ERR(r[nodes].b))
keys += r[nodes++].keys;
blocks = btree_default_blocks(b->c) * 2 / 3;
@@ -1389,7 +1389,7 @@ static int btree_gc_coalesce(struct btre
for (i = 0; i < nodes; i++) {
new_nodes[i] = btree_node_alloc_replacement(r[i].b, NULL);
- if (IS_ERR_OR_NULL(new_nodes[i]))
+ if (IS_ERR(new_nodes[i]))
goto out_nocoalesce;
}
@@ -1524,7 +1524,7 @@ out_nocoalesce:
atomic_dec(&b->c->prio_blocked);
for (i = 0; i < nodes; i++)
- if (!IS_ERR_OR_NULL(new_nodes[i])) {
+ if (!IS_ERR(new_nodes[i])) {
btree_node_free(new_nodes[i]);
rw_unlock(true, new_nodes[i]);
}
@@ -1706,7 +1706,7 @@ static int bch_btree_gc_root(struct btre
if (should_rewrite) {
n = btree_node_alloc_replacement(b, NULL);
- if (!IS_ERR_OR_NULL(n)) {
+ if (!IS_ERR(n)) {
bch_btree_node_write_sync(n);
bch_btree_set_root(n);
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -1576,7 +1576,7 @@ static void cache_set_flush(struct closu
if (!IS_ERR_OR_NULL(c->gc_thread))
kthread_stop(c->gc_thread);
- if (!IS_ERR_OR_NULL(c->root))
+ if (!IS_ERR(c->root))
list_add(&c->root->list, &c->btree_cache);
/* Should skip this if we're unregistering because of an error */
@@ -1921,7 +1921,7 @@ static int run_cache_set(struct cache_se
err = "cannot allocate new btree root";
c->root = __bch_btree_node_alloc(c, NULL, 0, true, NULL);
- if (IS_ERR_OR_NULL(c->root))
+ if (IS_ERR(c->root))
goto err;
mutex_lock(&c->root->write_lock);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 117/323] integrity: Fix possible multiple allocation in integrity_inode_get()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 116/323] bcache: Remove unnecessary NULL point check in node allocations Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 118/323] jffs2: reduce stack usage in jffs2_build_xattr_subsystem() Greg Kroah-Hartman
` (209 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tianjia Zhang, Dmitry Kasatkin,
Mimi Zohar
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
commit 9df6a4870dc371136e90330cfbbc51464ee66993 upstream.
When integrity_inode_get() is querying and inserting the cache, there
is a conditional race in the concurrent environment.
The race condition is the result of not properly implementing
"double-checked locking". In this case, it first checks to see if the
iint cache record exists before taking the lock, but doesn't check
again after taking the integrity_iint_lock.
Fixes: bf2276d10ce5 ("ima: allocating iint improvements")
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/integrity/iint.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -46,12 +46,10 @@ static struct integrity_iint_cache *__in
else if (inode > iint->inode)
n = n->rb_right;
else
- break;
+ return iint;
}
- if (!n)
- return NULL;
- return iint;
+ return NULL;
}
/*
@@ -116,10 +114,15 @@ struct integrity_iint_cache *integrity_i
parent = *p;
test_iint = rb_entry(parent, struct integrity_iint_cache,
rb_node);
- if (inode < test_iint->inode)
+ if (inode < test_iint->inode) {
p = &(*p)->rb_left;
- else
+ } else if (inode > test_iint->inode) {
p = &(*p)->rb_right;
+ } else {
+ write_unlock(&integrity_iint_lock);
+ kmem_cache_free(iint_cache, iint);
+ return test_iint;
+ }
}
iint->inode = inode;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 118/323] jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 117/323] integrity: Fix possible multiple allocation in integrity_inode_get() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 119/323] btrfs: fix race when deleting quota root from the dirty cow roots list Greg Kroah-Hartman
` (208 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tim Gardner, kernel test robot,
Ron Economos, Nathan Chancellor, Nick Desaulniers,
Fabian Frederick, Christian Marangi, Christian Brauner
From: Fabian Frederick <fabf@skynet.be>
commit 1168f095417643f663caa341211e117db552989f upstream.
Use kcalloc() for allocation/flush of 128 pointers table to
reduce stack usage.
Function now returns -ENOMEM or 0 on success.
stackusage
Before:
./fs/jffs2/xattr.c:775 jffs2_build_xattr_subsystem 1208
dynamic,bounded
After:
./fs/jffs2/xattr.c:775 jffs2_build_xattr_subsystem 192
dynamic,bounded
Also update definition when CONFIG_JFFS2_FS_XATTR is not enabled
Tested with an MTD mount point and some user set/getfattr.
Many current target on OpenWRT also suffer from a compilation warning
(that become an error with CONFIG_WERROR) with the following output:
fs/jffs2/xattr.c: In function 'jffs2_build_xattr_subsystem':
fs/jffs2/xattr.c:887:1: error: the frame size of 1088 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
887 | }
| ^
Using dynamic allocation fix this compilation warning.
Fixes: c9f700f840bd ("[JFFS2][XATTR] using 'delete marker' for xdatum/xref deletion")
Reported-by: Tim Gardner <tim.gardner@canonical.com>
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Ron Economos <re@w6rz.net>
Reported-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Cc: stable@vger.kernel.org
Message-Id: <20230506045612.16616-1-ansuelsmth@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jffs2/build.c | 5 ++++-
fs/jffs2/xattr.c | 13 +++++++++----
fs/jffs2/xattr.h | 4 ++--
3 files changed, 15 insertions(+), 7 deletions(-)
--- a/fs/jffs2/build.c
+++ b/fs/jffs2/build.c
@@ -211,7 +211,10 @@ static int jffs2_build_filesystem(struct
ic->scan_dents = NULL;
cond_resched();
}
- jffs2_build_xattr_subsystem(c);
+ ret = jffs2_build_xattr_subsystem(c);
+ if (ret)
+ goto exit;
+
c->flags &= ~JFFS2_SB_FLAG_BUILDING;
dbg_fsbuild("FS build complete\n");
--- a/fs/jffs2/xattr.c
+++ b/fs/jffs2/xattr.c
@@ -772,10 +772,10 @@ void jffs2_clear_xattr_subsystem(struct
}
#define XREF_TMPHASH_SIZE (128)
-void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
+int jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
{
struct jffs2_xattr_ref *ref, *_ref;
- struct jffs2_xattr_ref *xref_tmphash[XREF_TMPHASH_SIZE];
+ struct jffs2_xattr_ref **xref_tmphash;
struct jffs2_xattr_datum *xd, *_xd;
struct jffs2_inode_cache *ic;
struct jffs2_raw_node_ref *raw;
@@ -784,9 +784,12 @@ void jffs2_build_xattr_subsystem(struct
BUG_ON(!(c->flags & JFFS2_SB_FLAG_BUILDING));
+ xref_tmphash = kcalloc(XREF_TMPHASH_SIZE,
+ sizeof(struct jffs2_xattr_ref *), GFP_KERNEL);
+ if (!xref_tmphash)
+ return -ENOMEM;
+
/* Phase.1 : Merge same xref */
- for (i=0; i < XREF_TMPHASH_SIZE; i++)
- xref_tmphash[i] = NULL;
for (ref=c->xref_temp; ref; ref=_ref) {
struct jffs2_xattr_ref *tmp;
@@ -884,6 +887,8 @@ void jffs2_build_xattr_subsystem(struct
"%u of xref (%u dead, %u orphan) found.\n",
xdatum_count, xdatum_unchecked_count, xdatum_orphan_count,
xref_count, xref_dead_count, xref_orphan_count);
+ kfree(xref_tmphash);
+ return 0;
}
struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c,
--- a/fs/jffs2/xattr.h
+++ b/fs/jffs2/xattr.h
@@ -71,7 +71,7 @@ static inline int is_xattr_ref_dead(stru
#ifdef CONFIG_JFFS2_FS_XATTR
extern void jffs2_init_xattr_subsystem(struct jffs2_sb_info *c);
-extern void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c);
+extern int jffs2_build_xattr_subsystem(struct jffs2_sb_info *c);
extern void jffs2_clear_xattr_subsystem(struct jffs2_sb_info *c);
extern struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c,
@@ -103,7 +103,7 @@ extern ssize_t jffs2_listxattr(struct de
#else
#define jffs2_init_xattr_subsystem(c)
-#define jffs2_build_xattr_subsystem(c)
+#define jffs2_build_xattr_subsystem(c) (0)
#define jffs2_clear_xattr_subsystem(c)
#define jffs2_xattr_do_crccheck_inode(c, ic)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 119/323] btrfs: fix race when deleting quota root from the dirty cow roots list
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 118/323] jffs2: reduce stack usage in jffs2_build_xattr_subsystem() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 120/323] ARM: orion5x: fix d2net gpio initialization Greg Kroah-Hartman
` (207 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Filipe Manana, David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit b31cb5a6eb7a48b0a7bfdf06832b1fd5088d8c79 upstream.
When disabling quotas we are deleting the quota root from the list
fs_info->dirty_cowonly_roots without taking the lock that protects it,
which is struct btrfs_fs_info::trans_lock. This unsynchronized list
manipulation may cause chaos if there's another concurrent manipulation
of this list, such as when adding a root to it with
ctree.c:add_root_to_dirty_list().
This can result in all sorts of weird failures caused by a race, such as
the following crash:
[337571.278245] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP PTI
[337571.278933] CPU: 1 PID: 115447 Comm: btrfs Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1
[337571.279153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[337571.279572] RIP: 0010:commit_cowonly_roots+0x11f/0x250 [btrfs]
[337571.279928] Code: 85 38 06 00 (...)
[337571.280363] RSP: 0018:ffff9f63446efba0 EFLAGS: 00010206
[337571.280582] RAX: ffff942d98ec2638 RBX: ffff9430b82b4c30 RCX: 0000000449e1c000
[337571.280798] RDX: dead000000000100 RSI: ffff9430021e4900 RDI: 0000000000036070
[337571.281015] RBP: ffff942d98ec2000 R08: ffff942d98ec2000 R09: 000000000000015b
[337571.281254] R10: 0000000000000009 R11: 0000000000000001 R12: ffff942fe8fbf600
[337571.281476] R13: ffff942dabe23040 R14: ffff942dabe20800 R15: ffff942d92cf3b48
[337571.281723] FS: 00007f478adb7340(0000) GS:ffff94349fa40000(0000) knlGS:0000000000000000
[337571.281950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[337571.282184] CR2: 00007f478ab9a3d5 CR3: 000000001e02c001 CR4: 0000000000370ee0
[337571.282416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[337571.282647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[337571.282874] Call Trace:
[337571.283101] <TASK>
[337571.283327] ? __die_body+0x1b/0x60
[337571.283570] ? die_addr+0x39/0x60
[337571.283796] ? exc_general_protection+0x22e/0x430
[337571.284022] ? asm_exc_general_protection+0x22/0x30
[337571.284251] ? commit_cowonly_roots+0x11f/0x250 [btrfs]
[337571.284531] btrfs_commit_transaction+0x42e/0xf90 [btrfs]
[337571.284803] ? _raw_spin_unlock+0x15/0x30
[337571.285031] ? release_extent_buffer+0x103/0x130 [btrfs]
[337571.285305] reset_balance_state+0x152/0x1b0 [btrfs]
[337571.285578] btrfs_balance+0xa50/0x11e0 [btrfs]
[337571.285864] ? __kmem_cache_alloc_node+0x14a/0x410
[337571.286086] btrfs_ioctl+0x249a/0x3320 [btrfs]
[337571.286358] ? mod_objcg_state+0xd2/0x360
[337571.286577] ? refill_obj_stock+0xb0/0x160
[337571.286798] ? seq_release+0x25/0x30
[337571.287016] ? __rseq_handle_notify_resume+0x3ba/0x4b0
[337571.287235] ? percpu_counter_add_batch+0x2e/0xa0
[337571.287455] ? __x64_sys_ioctl+0x88/0xc0
[337571.287675] __x64_sys_ioctl+0x88/0xc0
[337571.287901] do_syscall_64+0x38/0x90
[337571.288126] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[337571.288352] RIP: 0033:0x7f478aaffe9b
So fix this by locking struct btrfs_fs_info::trans_lock before deleting
the quota root from that list.
Fixes: bed92eae26cc ("Btrfs: qgroup implementation and prototypes")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -1115,7 +1115,9 @@ int btrfs_quota_disable(struct btrfs_fs_
goto end_trans;
}
+ spin_lock(&fs_info->trans_lock);
list_del("a_root->dirty_list);
+ spin_unlock(&fs_info->trans_lock);
btrfs_tree_lock(quota_root->node);
clean_tree_block(fs_info, quota_root->node);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 120/323] ARM: orion5x: fix d2net gpio initialization
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 119/323] btrfs: fix race when deleting quota root from the dirty cow roots list Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 121/323] spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg Greg Kroah-Hartman
` (206 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andrew Lunn, Arnd Bergmann
From: Arnd Bergmann <arnd@arndb.de>
commit f8ef1233939495c405a9faa4bd1ae7d3f581bae4 upstream.
The DT version of this board has a custom file with the gpio
device. However, it does nothing because the d2net_init()
has no caller or prototype:
arch/arm/mach-orion5x/board-d2net.c:101:13: error: no previous prototype for 'd2net_init'
Call it from the board-dt file as intended.
Fixes: 94b0bd366e36 ("ARM: orion5x: convert d2net to Device Tree")
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230516153109.514251-10-arnd@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/mach-orion5x/board-dt.c | 3 +++
arch/arm/mach-orion5x/common.h | 6 ++++++
2 files changed, 9 insertions(+)
--- a/arch/arm/mach-orion5x/board-dt.c
+++ b/arch/arm/mach-orion5x/board-dt.c
@@ -63,6 +63,9 @@ static void __init orion5x_dt_init(void)
if (of_machine_is_compatible("maxtor,shared-storage-2"))
mss2_init();
+ if (of_machine_is_compatible("lacie,d2-network"))
+ d2net_init();
+
of_platform_default_populate(NULL, orion5x_auxdata_lookup, NULL);
}
--- a/arch/arm/mach-orion5x/common.h
+++ b/arch/arm/mach-orion5x/common.h
@@ -75,6 +75,12 @@ extern void mss2_init(void);
static inline void mss2_init(void) {}
#endif
+#ifdef CONFIG_MACH_D2NET_DT
+void d2net_init(void);
+#else
+static inline void d2net_init(void) {}
+#endif
+
/*****************************************************************************
* Helpers to access Orion registers
****************************************************************************/
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 121/323] spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 120/323] ARM: orion5x: fix d2net gpio initialization Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 122/323] spi: spi-fsl-spi: relax message sanity checking a little Greg Kroah-Hartman
` (205 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rasmus Villemoes, Mark Brown,
Christophe Leroy
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
commit 24c363623361b430fb79459ca922e816e6f48603 upstream.
__spi_validate() in the generic SPI code sets ->speed_hz and
->bits_per_word to non-zero values, so this condition is always true.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-fsl-spi.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--- a/drivers/spi/spi-fsl-spi.c
+++ b/drivers/spi/spi-fsl-spi.c
@@ -387,12 +387,10 @@ static int fsl_spi_do_one_msg(struct spi
cs_change = 1;
status = -EINVAL;
list_for_each_entry(t, &m->transfers, transfer_list) {
- if (t->bits_per_word || t->speed_hz) {
- if (cs_change)
- status = fsl_spi_setup_transfer(spi, t);
- if (status < 0)
- break;
- }
+ if (cs_change)
+ status = fsl_spi_setup_transfer(spi, t);
+ if (status < 0)
+ break;
if (cs_change) {
fsl_spi_chipselect(spi, BITBANG_CS_ACTIVE);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 122/323] spi: spi-fsl-spi: relax message sanity checking a little
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 121/323] spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 123/323] spi: spi-fsl-spi: allow changing bits_per_word while CS is still active Greg Kroah-Hartman
` (204 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rasmus Villemoes, Mark Brown,
Christophe Leroy
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
commit 17ecffa289489e8442306bbc62ebb964e235cdad upstream.
The comment says that we should not allow changes (to
bits_per_word/speed_hz) while CS is active, and indeed the code below
does fsl_spi_setup_transfer() when the ->cs_change of the previous
spi_transfer was set (and for the very first transfer).
So the sanity checking is a bit too strict - we can change it to
follow the same logic as is used by the actual transfer loop.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-fsl-spi.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/spi/spi-fsl-spi.c
+++ b/drivers/spi/spi-fsl-spi.c
@@ -373,13 +373,15 @@ static int fsl_spi_do_one_msg(struct spi
}
/* Don't allow changes if CS is active */
- first = list_first_entry(&m->transfers, struct spi_transfer,
- transfer_list);
+ cs_change = 1;
list_for_each_entry(t, &m->transfers, transfer_list) {
+ if (cs_change)
+ first = t;
+ cs_change = t->cs_change;
if ((first->bits_per_word != t->bits_per_word) ||
(first->speed_hz != t->speed_hz)) {
dev_err(&spi->dev,
- "bits_per_word/speed_hz should be same for the same SPI transfer\n");
+ "bits_per_word/speed_hz cannot change while CS is active\n");
return -EINVAL;
}
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 123/323] spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 122/323] spi: spi-fsl-spi: relax message sanity checking a little Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 124/323] netfilter: nf_tables: fix nat hook table deletion Greg Kroah-Hartman
` (203 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rasmus Villemoes, Mark Brown,
Christophe Leroy
From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
commit a798a7086c38d91d304132c194cff9f02197f5cd upstream.
Commit c9bfcb315104 (spi_mpc83xx: much improved driver) introduced
logic to ensure bits_per_word and speed_hz stay the same for a series
of spi_transfers with CS active, arguing that
The current driver may cause glitches on SPI CLK line since one
must disable the SPI controller before changing any HW settings.
This sounds quite reasonable. So this is a quite naive attempt at
relaxing this sanity checking to only ensure that speed_hz is
constant - in the faint hope that if we do not causes changes to the
clock-related fields of the SPMODE register (DIV16 and PM), those
glitches won't appear.
The purpose of this change is to allow automatically optimizing large
transfers to use 32 bits-per-word; taking one interrupt for every byte
is extremely slow.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/spi/spi-fsl-spi.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/spi/spi-fsl-spi.c
+++ b/drivers/spi/spi-fsl-spi.c
@@ -339,7 +339,7 @@ static int fsl_spi_do_one_msg(struct spi
struct spi_transfer *t, *first;
unsigned int cs_change;
const int nsecs = 50;
- int status;
+ int status, last_bpw;
/*
* In CPU mode, optimize large byte transfers to use larger
@@ -378,21 +378,22 @@ static int fsl_spi_do_one_msg(struct spi
if (cs_change)
first = t;
cs_change = t->cs_change;
- if ((first->bits_per_word != t->bits_per_word) ||
- (first->speed_hz != t->speed_hz)) {
+ if (first->speed_hz != t->speed_hz) {
dev_err(&spi->dev,
- "bits_per_word/speed_hz cannot change while CS is active\n");
+ "speed_hz cannot change while CS is active\n");
return -EINVAL;
}
}
+ last_bpw = -1;
cs_change = 1;
status = -EINVAL;
list_for_each_entry(t, &m->transfers, transfer_list) {
- if (cs_change)
+ if (cs_change || last_bpw != t->bits_per_word)
status = fsl_spi_setup_transfer(spi, t);
if (status < 0)
break;
+ last_bpw = t->bits_per_word;
if (cs_change) {
fsl_spi_chipselect(spi, BITBANG_CS_ACTIVE);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 124/323] netfilter: nf_tables: fix nat hook table deletion
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 123/323] spi: spi-fsl-spi: allow changing bits_per_word while CS is still active Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 125/323] netfilter: nf_tables: add rescheduling points during loop detection walks Greg Kroah-Hartman
` (202 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel
Cc: Greg Kroah-Hartman, patches, syzbot+2570f2c036e3da5db176,
Florian Westphal, Pablo Neira Ayuso
From: Florian Westphal <fw@strlen.de>
[ 1e9451cbda456a170518b2bfd643e2cb980880bf ]
sybot came up with following transaction:
add table ip syz0
add chain ip syz0 syz2 { type nat hook prerouting priority 0; policy accept; }
add table ip syz0 { flags dormant; }
delete chain ip syz0 syz2
delete table ip syz0
which yields:
hook not found, pf 2 num 0
WARNING: CPU: 0 PID: 6775 at net/netfilter/core.c:413 __nf_unregister_net_hook+0x3e6/0x4a0 net/netfilter/core.c:413
[..]
nft_unregister_basechain_hooks net/netfilter/nf_tables_api.c:206 [inline]
nft_table_disable net/netfilter/nf_tables_api.c:835 [inline]
nf_tables_table_disable net/netfilter/nf_tables_api.c:868 [inline]
nf_tables_commit+0x32d3/0x4d70 net/netfilter/nf_tables_api.c:7550
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:486 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:544 [inline]
nfnetlink_rcv+0x14a5/0x1e50 net/netfilter/nfnetlink.c:562
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
Problem is that when I added ability to override base hook registration
to make nat basechains register with the nat core instead of netfilter
core, I forgot to update nft_table_disable() to use that instead of
the 'raw' hook register interface.
In syzbot transaction, the basechain is of 'nat' type. Its registered
with the nat core. The switch to 'dormant mode' attempts to delete from
netfilter core instead.
After updating nft_table_disable/enable to use the correct helper,
nft_(un)register_basechain_hooks can be folded into the only remaining
caller.
Because nft_trans_table_enable() won't do anything when the DORMANT flag
is set, remove the flag first, then re-add it in case re-enablement
fails, else this patch breaks sequence:
add table ip x { flags dormant; }
/* add base chains */
add table ip x
The last 'add' will remove the dormant flags, but won't have any other
effect -- base chains are not registered.
Then, next 'set dormant flag' will create another 'hook not found'
splat.
Reported-by: syzbot+2570f2c036e3da5db176@syzkaller.appspotmail.com
Fixes: 4e25ceb80b58 ("netfilter: nf_tables: allow chain type to override hook register")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 1e9451cbda456a170518b2bfd643e2cb980880bf)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -743,7 +743,7 @@ static void nft_table_disable(struct net
if (cnt && i++ == cnt)
break;
- nf_unregister_net_hook(net, &nft_base_chain(chain)->ops);
+ nf_tables_unregister_hook(net, table, chain);
}
}
@@ -758,7 +758,7 @@ static int nf_tables_table_enable(struct
if (!nft_is_base_chain(chain))
continue;
- err = nf_register_net_hook(net, &nft_base_chain(chain)->ops);
+ err = nf_tables_register_hook(net, table, chain);
if (err < 0)
goto err;
@@ -802,11 +802,12 @@ static int nf_tables_updtable(struct nft
nft_trans_table_enable(trans) = false;
} else if (!(flags & NFT_TABLE_F_DORMANT) &&
ctx->table->flags & NFT_TABLE_F_DORMANT) {
+ ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
ret = nf_tables_table_enable(ctx->net, ctx->table);
- if (ret >= 0) {
- ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
+ if (ret >= 0)
nft_trans_table_enable(trans) = true;
- }
+ else
+ ctx->table->flags |= NFT_TABLE_F_DORMANT;
}
if (ret < 0)
goto err;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 125/323] netfilter: nf_tables: add rescheduling points during loop detection walks
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 124/323] netfilter: nf_tables: fix nat hook table deletion Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 126/323] netfilter: nftables: add helper function to set the base sequence number Greg Kroah-Hartman
` (201 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso
From: Florian Westphal <fw@strlen.de>
[ 81ea010667417ef3f218dfd99b69769fe66c2b67 ]
Add explicit rescheduling points during ruleset walk.
Switching to a faster algorithm is possible but this is a much
smaller change, suitable for nf tree.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1460
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2552,6 +2552,8 @@ int nft_chain_validate(const struct nft_
if (err < 0)
return err;
}
+
+ cond_resched();
}
return 0;
@@ -6956,9 +6958,13 @@ static int nf_tables_check_loops(const s
break;
}
}
+
+ cond_resched();
}
list_for_each_entry(set, &ctx->table->sets, list) {
+ cond_resched();
+
if (!nft_is_active_next(ctx->net, set))
continue;
if (!(set->flags & NFT_SET_MAP) ||
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 126/323] netfilter: nftables: add helper function to set the base sequence number
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 125/323] netfilter: nf_tables: add rescheduling points during loop detection walks Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 127/323] netfilter: add helper function to set up the nfnetlink header and use it Greg Kroah-Hartman
` (200 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 802b805162a1b7d8391c40ac8a878e9e63287aff ]
This patch adds a helper function to calculate the base sequence number
field that is stored in the nfnetlink header. Use the helper function
whenever possible.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -561,6 +561,11 @@ nf_tables_chain_type_lookup(struct net *
return ERR_PTR(-ENOENT);
}
+static __be16 nft_base_seq(const struct net *net)
+{
+ return htons(net->nft.base_seq & 0xffff);
+}
+
static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
.len = NFT_TABLE_MAXNAMELEN - 1 },
@@ -583,7 +588,7 @@ static int nf_tables_fill_table_info(str
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
@@ -1218,7 +1223,7 @@ static int nf_tables_fill_chain_info(str
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_string(skb, NFTA_CHAIN_TABLE, table->name))
goto nla_put_failure;
@@ -2265,7 +2270,7 @@ static int nf_tables_fill_rule_info(stru
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_string(skb, NFTA_RULE_TABLE, table->name))
goto nla_put_failure;
@@ -3176,7 +3181,7 @@ static int nf_tables_fill_set(struct sk_
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = ctx->family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(ctx->net);
if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
goto nla_put_failure;
@@ -4032,7 +4037,7 @@ static int nf_tables_dump_set(struct sk_
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = table->family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_string(skb, NFTA_SET_ELEM_LIST_TABLE, table->name))
goto nla_put_failure;
@@ -4104,7 +4109,7 @@ static int nf_tables_fill_setelem_info(s
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = ctx->family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(ctx->net);
if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
goto nla_put_failure;
@@ -5152,7 +5157,7 @@ static int nf_tables_fill_obj_info(struc
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_string(skb, NFTA_OBJ_TABLE, table->name) ||
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
@@ -5813,7 +5818,7 @@ static int nf_tables_fill_flowtable_info
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
@@ -6051,7 +6056,7 @@ static int nf_tables_fill_gen_info(struc
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = AF_UNSPEC;
nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
+ nfmsg->res_id = nft_base_seq(net);
if (nla_put_be32(skb, NFTA_GEN_ID, htonl(net->nft.base_seq)) ||
nla_put_be32(skb, NFTA_GEN_PROC_PID, htonl(task_pid_nr(current))) ||
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 127/323] netfilter: add helper function to set up the nfnetlink header and use it
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 126/323] netfilter: nftables: add helper function to set the base sequence number Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 128/323] netfilter: nf_tables: use net_generic infra for transaction data Greg Kroah-Hartman
` (199 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 19c28b1374fb1073a9ec873a6c10bf5f16b10b9d ]
This patch adds a helper function to set up the netlink and nfnetlink headers.
Update existing codebase to use it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/netfilter/nfnetlink.h | 27 +++++++++
net/netfilter/ipset/ip_set_core.c | 17 +----
net/netfilter/nf_conntrack_netlink.c | 77 +++++++-------------------
net/netfilter/nf_tables_api.c | 102 +++++++++--------------------------
net/netfilter/nf_tables_trace.c | 9 ---
net/netfilter/nfnetlink_acct.c | 11 +--
net/netfilter/nfnetlink_cthelper.c | 11 +--
net/netfilter/nfnetlink_cttimeout.c | 22 ++-----
net/netfilter/nfnetlink_log.c | 11 +--
net/netfilter/nfnetlink_queue.c | 12 +---
net/netfilter/nft_compat.c | 11 +--
11 files changed, 102 insertions(+), 208 deletions(-)
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -49,6 +49,33 @@ static inline u16 nfnl_msg_type(u8 subsy
return subsys << 8 | msg_type;
}
+static inline void nfnl_fill_hdr(struct nlmsghdr *nlh, u8 family, u8 version,
+ __be16 res_id)
+{
+ struct nfgenmsg *nfmsg;
+
+ nfmsg = nlmsg_data(nlh);
+ nfmsg->nfgen_family = family;
+ nfmsg->version = version;
+ nfmsg->res_id = res_id;
+}
+
+static inline struct nlmsghdr *nfnl_msg_put(struct sk_buff *skb, u32 portid,
+ u32 seq, int type, int flags,
+ u8 family, u8 version,
+ __be16 res_id)
+{
+ struct nlmsghdr *nlh;
+
+ nlh = nlmsg_put(skb, portid, seq, type, sizeof(struct nfgenmsg), flags);
+ if (!nlh)
+ return NULL;
+
+ nfnl_fill_hdr(nlh, family, version, res_id);
+
+ return nlh;
+}
+
void nfnl_lock(__u8 subsys_id);
void nfnl_unlock(__u8 subsys_id);
#ifdef CONFIG_PROVE_LOCKING
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -791,20 +791,9 @@ static struct nlmsghdr *
start_msg(struct sk_buff *skb, u32 portid, u32 seq, unsigned int flags,
enum ipset_cmd cmd)
{
- struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
-
- nlh = nlmsg_put(skb, portid, seq, nfnl_msg_type(NFNL_SUBSYS_IPSET, cmd),
- sizeof(*nfmsg), flags);
- if (!nlh)
- return NULL;
-
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = NFPROTO_IPV4;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
- return nlh;
+ return nfnl_msg_put(skb, portid, seq,
+ nfnl_msg_type(NFNL_SUBSYS_IPSET, cmd), flags,
+ NFPROTO_IPV4, NFNETLINK_V0, 0);
}
/* Create a set */
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -517,20 +517,15 @@ ctnetlink_fill_info(struct sk_buff *skb,
{
const struct nf_conntrack_zone *zone;
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
struct nlattr *nest_parms;
unsigned int flags = portid ? NLM_F_MULTI : 0, event;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_NEW);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, nf_ct_l3num(ct),
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = nf_ct_l3num(ct);
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
zone = nf_ct_zone(ct);
nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED);
@@ -687,7 +682,6 @@ ctnetlink_conntrack_event(unsigned int e
const struct nf_conntrack_zone *zone;
struct net *net;
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
struct nlattr *nest_parms;
struct nf_conn *ct = item->ct;
struct sk_buff *skb;
@@ -717,15 +711,11 @@ ctnetlink_conntrack_event(unsigned int e
goto errout;
type = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, type);
- nlh = nlmsg_put(skb, item->portid, 0, type, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, item->portid, 0, type, flags, nf_ct_l3num(ct),
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = nf_ct_l3num(ct);
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
zone = nf_ct_zone(ct);
nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG | NLA_F_NESTED);
@@ -2170,20 +2160,15 @@ ctnetlink_ct_stat_cpu_fill_info(struct s
__u16 cpu, const struct ip_conntrack_stat *st)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0, event;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_STATS_CPU);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, htons(cpu));
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(cpu);
-
if (nla_put_be32(skb, CTA_STATS_FOUND, htonl(st->found)) ||
nla_put_be32(skb, CTA_STATS_INVALID, htonl(st->invalid)) ||
nla_put_be32(skb, CTA_STATS_IGNORE, htonl(st->ignore)) ||
@@ -2254,20 +2239,15 @@ ctnetlink_stat_ct_fill_info(struct sk_bu
struct net *net)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0, event;
unsigned int nr_conntracks = atomic_read(&net->ct.count);
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET_STATS);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_be32(skb, CTA_STATS_GLOBAL_ENTRIES, htonl(nr_conntracks)))
goto nla_put_failure;
@@ -2780,19 +2760,14 @@ ctnetlink_exp_fill_info(struct sk_buff *
int event, const struct nf_conntrack_expect *exp)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_EXP, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags,
+ exp->tuple.src.l3num, NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = exp->tuple.src.l3num;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (ctnetlink_exp_dump_expect(skb, exp) < 0)
goto nla_put_failure;
@@ -2812,7 +2787,6 @@ ctnetlink_expect_event(unsigned int even
struct nf_conntrack_expect *exp = item->exp;
struct net *net = nf_ct_exp_net(exp);
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
struct sk_buff *skb;
unsigned int type, group;
int flags = 0;
@@ -2835,15 +2809,11 @@ ctnetlink_expect_event(unsigned int even
goto errout;
type = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_EXP, type);
- nlh = nlmsg_put(skb, item->portid, 0, type, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, item->portid, 0, type, flags,
+ exp->tuple.src.l3num, NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = exp->tuple.src.l3num;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (ctnetlink_exp_dump_expect(skb, exp) < 0)
goto nla_put_failure;
@@ -3413,20 +3383,15 @@ ctnetlink_exp_stat_fill_info(struct sk_b
const struct ip_conntrack_stat *st)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0, event;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_EXP_GET_STATS_CPU);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, htons(cpu));
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(cpu);
-
if (nla_put_be32(skb, CTA_STATS_EXP_NEW, htonl(st->expect_new)) ||
nla_put_be32(skb, CTA_STATS_EXP_CREATE, htonl(st->expect_create)) ||
nla_put_be32(skb, CTA_STATS_EXP_DELETE, htonl(st->expect_delete)))
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -578,18 +578,13 @@ static int nf_tables_fill_table_info(str
int family, const struct nft_table *table)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, family,
+ NFNETLINK_V0, nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use)) ||
@@ -1213,18 +1208,13 @@ static int nf_tables_fill_chain_info(str
const struct nft_chain *chain)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, family,
+ NFNETLINK_V0, nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_string(skb, NFTA_CHAIN_TABLE, table->name))
goto nla_put_failure;
if (nla_put_be64(skb, NFTA_CHAIN_HANDLE, cpu_to_be64(chain->handle),
@@ -2257,21 +2247,16 @@ static int nf_tables_fill_rule_info(stru
const struct nft_rule *rule)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
const struct nft_expr *expr, *next;
struct nlattr *list;
const struct nft_rule *prule;
u16 type = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, type, sizeof(struct nfgenmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, type, flags, family, NFNETLINK_V0,
+ nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_string(skb, NFTA_RULE_TABLE, table->name))
goto nla_put_failure;
if (nla_put_string(skb, NFTA_RULE_CHAIN, chain->name))
@@ -3166,23 +3151,17 @@ static __be64 nf_jiffies64_to_msecs(u64
static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx,
const struct nft_set *set, u16 event, u16 flags)
{
- struct nfgenmsg *nfmsg;
struct nlmsghdr *nlh;
struct nlattr *desc;
u32 portid = ctx->portid;
u32 seq = ctx->seq;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg),
- flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, ctx->family,
+ NFNETLINK_V0, nft_base_seq(ctx->net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = ctx->family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(ctx->net);
-
if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
goto nla_put_failure;
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
@@ -3996,7 +3975,6 @@ static int nf_tables_dump_set(struct sk_
struct nft_set *set;
struct nft_set_dump_args args;
bool set_found = false;
- struct nfgenmsg *nfmsg;
struct nlmsghdr *nlh;
struct nlattr *nest;
u32 portid, seq;
@@ -4029,16 +4007,11 @@ static int nf_tables_dump_set(struct sk_
portid = NETLINK_CB(cb->skb).portid;
seq = cb->nlh->nlmsg_seq;
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg),
- NLM_F_MULTI);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, NLM_F_MULTI,
+ table->family, NFNETLINK_V0, nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = table->family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_string(skb, NFTA_SET_ELEM_LIST_TABLE, table->name))
goto nla_put_failure;
if (nla_put_string(skb, NFTA_SET_ELEM_LIST_SET, set->name))
@@ -4095,22 +4068,16 @@ static int nf_tables_fill_setelem_info(s
const struct nft_set *set,
const struct nft_set_elem *elem)
{
- struct nfgenmsg *nfmsg;
struct nlmsghdr *nlh;
struct nlattr *nest;
int err;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg),
- flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, ctx->family,
+ NFNETLINK_V0, nft_base_seq(ctx->net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = ctx->family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(ctx->net);
-
if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
goto nla_put_failure;
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
@@ -5146,19 +5113,14 @@ static int nf_tables_fill_obj_info(struc
int family, const struct nft_table *table,
struct nft_object *obj, bool reset)
{
- struct nfgenmsg *nfmsg;
struct nlmsghdr *nlh;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, family,
+ NFNETLINK_V0, nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_string(skb, NFTA_OBJ_TABLE, table->name) ||
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
@@ -5806,20 +5768,15 @@ static int nf_tables_fill_flowtable_info
struct nft_flowtable *flowtable)
{
struct nlattr *nest, *nest_devs;
- struct nfgenmsg *nfmsg;
struct nlmsghdr *nlh;
int i;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, family,
+ NFNETLINK_V0, nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
@@ -6045,19 +6002,14 @@ static int nf_tables_fill_gen_info(struc
u32 portid, u32 seq)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
char buf[TASK_COMM_LEN];
int event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWGEN);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), 0);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, 0, AF_UNSPEC,
+ NFNETLINK_V0, nft_base_seq(net));
+ if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = nft_base_seq(net);
-
if (nla_put_be32(skb, NFTA_GEN_ID, htonl(net->nft.base_seq)) ||
nla_put_be32(skb, NFTA_GEN_PROC_PID, htonl(task_pid_nr(current))) ||
nla_put_string(skb, NFTA_GEN_PROC_NAME, get_task_comm(buf, current)))
--- a/net/netfilter/nf_tables_trace.c
+++ b/net/netfilter/nf_tables_trace.c
@@ -186,7 +186,6 @@ static bool nft_trace_have_verdict_chain
void nft_trace_notify(struct nft_traceinfo *info)
{
const struct nft_pktinfo *pkt = info->pkt;
- struct nfgenmsg *nfmsg;
struct nlmsghdr *nlh;
struct sk_buff *skb;
unsigned int size;
@@ -222,15 +221,11 @@ void nft_trace_notify(struct nft_tracein
return;
event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_TRACE);
- nlh = nlmsg_put(skb, 0, 0, event, sizeof(struct nfgenmsg), 0);
+ nlh = nfnl_msg_put(skb, 0, 0, event, 0, info->basechain->type->family,
+ NFNETLINK_V0, 0);
if (!nlh)
goto nla_put_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = info->basechain->type->family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_be32(skb, NFTA_TRACE_NFPROTO, htonl(nft_pf(pkt))))
goto nla_put_failure;
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -135,21 +135,16 @@ nfnl_acct_fill_info(struct sk_buff *skb,
int event, struct nf_acct *acct)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0;
u64 pkts, bytes;
u32 old_flags;
event = nfnl_msg_type(NFNL_SUBSYS_ACCT, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_string(skb, NFACCT_NAME, acct->name))
goto nla_put_failure;
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -532,20 +532,15 @@ nfnl_cthelper_fill_info(struct sk_buff *
int event, struct nf_conntrack_helper *helper)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0;
int status;
event = nfnl_msg_type(NFNL_SUBSYS_CTHELPER, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_string(skb, NFCTH_NAME, helper->name))
goto nla_put_failure;
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -164,20 +164,15 @@ ctnl_timeout_fill_info(struct sk_buff *s
int event, struct ctnl_timeout *timeout)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0;
const struct nf_conntrack_l4proto *l4proto = timeout->timeout.l4proto;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_string(skb, CTA_TIMEOUT_NAME, timeout->name) ||
nla_put_be16(skb, CTA_TIMEOUT_L3PROTO,
htons(timeout->timeout.l3num)) ||
@@ -396,19 +391,14 @@ cttimeout_default_fill_info(struct net *
const unsigned int *timeouts)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = AF_UNSPEC;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_be16(skb, CTA_TIMEOUT_L3PROTO, htons(l4proto->l3proto)) ||
nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, l4proto->l4proto))
goto nla_put_failure;
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -404,20 +404,15 @@ __build_packet_message(struct nfnl_log_n
{
struct nfulnl_msg_packet_hdr pmsg;
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
sk_buff_data_t old_tail = inst->skb->tail;
struct sock *sk;
const unsigned char *hwhdrp;
- nlh = nlmsg_put(inst->skb, 0, 0,
- nfnl_msg_type(NFNL_SUBSYS_ULOG, NFULNL_MSG_PACKET),
- sizeof(struct nfgenmsg), 0);
+ nlh = nfnl_msg_put(inst->skb, 0, 0,
+ nfnl_msg_type(NFNL_SUBSYS_ULOG, NFULNL_MSG_PACKET),
+ 0, pf, NFNETLINK_V0, htons(inst->group_num));
if (!nlh)
return -1;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = pf;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(inst->group_num);
memset(&pmsg, 0, sizeof(pmsg));
pmsg.hw_protocol = skb->protocol;
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -387,7 +387,6 @@ nfqnl_build_packet_message(struct net *n
struct nlattr *nla;
struct nfqnl_msg_packet_hdr *pmsg;
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
struct sk_buff *entskb = entry->skb;
struct net_device *indev;
struct net_device *outdev;
@@ -473,18 +472,15 @@ nfqnl_build_packet_message(struct net *n
goto nlmsg_failure;
}
- nlh = nlmsg_put(skb, 0, 0,
- nfnl_msg_type(NFNL_SUBSYS_QUEUE, NFQNL_MSG_PACKET),
- sizeof(struct nfgenmsg), 0);
+ nlh = nfnl_msg_put(skb, 0, 0,
+ nfnl_msg_type(NFNL_SUBSYS_QUEUE, NFQNL_MSG_PACKET),
+ 0, entry->state.pf, NFNETLINK_V0,
+ htons(queue->queue_num));
if (!nlh) {
skb_tx_error(entskb);
kfree_skb(skb);
goto nlmsg_failure;
}
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = entry->state.pf;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = htons(queue->queue_num);
nla = __nla_reserve(skb, NFQA_PACKET_HDR, sizeof(*pmsg));
pmsg = nla_data(nla);
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -575,19 +575,14 @@ nfnl_compat_fill_info(struct sk_buff *sk
int rev, int target)
{
struct nlmsghdr *nlh;
- struct nfgenmsg *nfmsg;
unsigned int flags = portid ? NLM_F_MULTI : 0;
event = nfnl_msg_type(NFNL_SUBSYS_NFT_COMPAT, event);
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
- if (nlh == NULL)
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, family,
+ NFNETLINK_V0, 0);
+ if (!nlh)
goto nlmsg_failure;
- nfmsg = nlmsg_data(nlh);
- nfmsg->nfgen_family = family;
- nfmsg->version = NFNETLINK_V0;
- nfmsg->res_id = 0;
-
if (nla_put_string(skb, NFTA_COMPAT_NAME, name) ||
nla_put_be32(skb, NFTA_COMPAT_REV, htonl(rev)) ||
nla_put_be32(skb, NFTA_COMPAT_TYPE, htonl(target)))
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 128/323] netfilter: nf_tables: use net_generic infra for transaction data
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 127/323] netfilter: add helper function to set up the nfnetlink header and use it Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 129/323] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Greg Kroah-Hartman
` (198 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 0854db2aaef3fcdd3498a9d299c60adea2aa3dc6 ]
This moves all nf_tables pernet data from struct net to a net_generic
extension, with the exception of the gencursor.
The latter is used in the data path and also outside of the nf_tables
core. All others are only used from the configuration plane.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/nf_tables.h | 10 +
include/net/netns/nftables.h | 5
net/netfilter/nf_tables_api.c | 303 +++++++++++++++++++++++---------------
net/netfilter/nft_chain_filter.c | 11 +
net/netfilter/nft_dynset.c | 6
5 files changed, 210 insertions(+), 125 deletions(-)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1409,4 +1409,14 @@ struct nft_trans_flowtable {
int __init nft_chain_filter_init(void);
void nft_chain_filter_fini(void);
+struct nftables_pernet {
+ struct list_head tables;
+ struct list_head commit_list;
+ struct list_head module_list;
+ struct list_head notify_list;
+ struct mutex commit_mutex;
+ unsigned int base_seq;
+ u8 validate_state;
+};
+
#endif /* _NET_NF_TABLES_H */
--- a/include/net/netns/nftables.h
+++ b/include/net/netns/nftables.h
@@ -5,12 +5,7 @@
#include <linux/list.h>
struct netns_nftables {
- struct list_head tables;
- struct list_head commit_list;
- struct mutex commit_mutex;
- unsigned int base_seq;
u8 gencursor;
- u8 validate_state;
};
#endif
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -22,10 +22,13 @@
#include <net/netfilter/nf_tables_core.h>
#include <net/netfilter/nf_tables.h>
#include <net/net_namespace.h>
+#include <net/netns/generic.h>
#include <net/sock.h>
#define NFT_MODULE_AUTOLOAD_LIMIT (MODULE_NAME_LEN - sizeof("nft-expr-255-"))
+unsigned int nf_tables_net_id __read_mostly;
+
static LIST_HEAD(nf_tables_expressions);
static LIST_HEAD(nf_tables_objects);
static LIST_HEAD(nf_tables_flowtables);
@@ -53,7 +56,9 @@ static const struct rhashtable_params nf
static void nft_validate_state_update(struct net *net, u8 new_validate_state)
{
- switch (net->nft.validate_state) {
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
+
+ switch (nft_net->validate_state) {
case NFT_VALIDATE_SKIP:
WARN_ON_ONCE(new_validate_state == NFT_VALIDATE_DO);
break;
@@ -64,7 +69,7 @@ static void nft_validate_state_update(st
return;
}
- net->nft.validate_state = new_validate_state;
+ nft_net->validate_state = new_validate_state;
}
static void nft_ctx_init(struct nft_ctx *ctx,
@@ -117,13 +122,15 @@ static void nft_trans_destroy(struct nft
static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
{
+ struct nftables_pernet *nft_net;
struct net *net = ctx->net;
struct nft_trans *trans;
if (!nft_set_is_anonymous(set))
return;
- list_for_each_entry_reverse(trans, &net->nft.commit_list, list) {
+ nft_net = net_generic(net, nf_tables_net_id);
+ list_for_each_entry_reverse(trans, &nft_net->commit_list, list) {
switch (trans->msg_type) {
case NFT_MSG_NEWSET:
if (nft_trans_set(trans) == set)
@@ -137,6 +144,14 @@ static void nft_set_trans_bind(const str
}
}
+static void nft_trans_commit_list_add_tail(struct net *net, struct nft_trans *trans)
+{
+ struct nftables_pernet *nft_net;
+
+ nft_net = net_generic(net, nf_tables_net_id);
+ list_add_tail(&trans->list, &nft_net->commit_list);
+}
+
static int nf_tables_register_hook(struct net *net,
const struct nft_table *table,
struct nft_chain *chain)
@@ -187,7 +202,7 @@ static int nft_trans_table_add(struct nf
if (msg_type == NFT_MSG_NEWTABLE)
nft_activate_next(ctx->net, ctx->table);
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
}
@@ -214,7 +229,7 @@ static int nft_trans_chain_add(struct nf
if (msg_type == NFT_MSG_NEWCHAIN)
nft_activate_next(ctx->net, ctx->chain);
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
}
@@ -287,7 +302,7 @@ static struct nft_trans *nft_trans_rule_
ntohl(nla_get_be32(ctx->nla[NFTA_RULE_ID]));
}
nft_trans_rule(trans) = rule;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return trans;
}
@@ -342,7 +357,7 @@ static int nft_trans_set_add(const struc
nft_activate_next(ctx->net, set);
}
nft_trans_set(trans) = set;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
}
@@ -374,7 +389,7 @@ static int nft_trans_obj_add(struct nft_
nft_activate_next(ctx->net, obj);
nft_trans_obj(trans) = obj;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
}
@@ -407,7 +422,7 @@ static int nft_trans_flowtable_add(struc
nft_activate_next(ctx->net, flowtable);
nft_trans_flowtable(trans) = flowtable;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
}
@@ -435,12 +450,14 @@ static struct nft_table *nft_table_looku
const struct nlattr *nla,
u8 family, u8 genmask)
{
+ struct nftables_pernet *nft_net;
struct nft_table *table;
if (nla == NULL)
return ERR_PTR(-EINVAL);
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ nft_net = net_generic(net, nf_tables_net_id);
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (!nla_strcmp(nla, table->name) &&
table->family == family &&
nft_active_genmask(table, genmask))
@@ -454,9 +471,11 @@ static struct nft_table *nft_table_looku
const struct nlattr *nla,
u8 genmask)
{
+ struct nftables_pernet *nft_net;
struct nft_table *table;
- list_for_each_entry(table, &net->nft.tables, list) {
+ nft_net = net_generic(net, nf_tables_net_id);
+ list_for_each_entry(table, &nft_net->tables, list) {
if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
nft_active_genmask(table, genmask))
return table;
@@ -509,11 +528,13 @@ __nf_tables_chain_type_lookup(const stru
static void nft_request_module(struct net *net, const char *fmt, ...)
{
char module_name[MODULE_NAME_LEN];
+ struct nftables_pernet *nft_net;
LIST_HEAD(commit_list);
va_list args;
int ret;
- list_splice_init(&net->nft.commit_list, &commit_list);
+ nft_net = net_generic(net, nf_tables_net_id);
+ list_splice_init(&nft_net->commit_list, &commit_list);
va_start(args, fmt);
ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
@@ -521,12 +542,12 @@ static void nft_request_module(struct ne
if (ret >= MODULE_NAME_LEN)
return;
- mutex_unlock(&net->nft.commit_mutex);
+ mutex_unlock(&nft_net->commit_mutex);
request_module("%s", module_name);
- mutex_lock(&net->nft.commit_mutex);
+ mutex_lock(&nft_net->commit_mutex);
- WARN_ON_ONCE(!list_empty(&net->nft.commit_list));
- list_splice(&commit_list, &net->nft.commit_list);
+ WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
+ list_splice(&commit_list, &nft_net->commit_list);
}
#endif
@@ -563,7 +584,9 @@ nf_tables_chain_type_lookup(struct net *
static __be16 nft_base_seq(const struct net *net)
{
- return htons(net->nft.base_seq & 0xffff);
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
+
+ return htons(nft_net->base_seq & 0xffff);
}
static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
@@ -631,15 +654,17 @@ static int nf_tables_dump_tables(struct
struct netlink_callback *cb)
{
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
+ struct nftables_pernet *nft_net;
const struct nft_table *table;
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
rcu_read_lock();
- cb->seq = net->nft.base_seq;
+ nft_net = net_generic(net, nf_tables_net_id);
+ cb->seq = nft_net->base_seq;
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (family != NFPROTO_UNSPEC && family != table->family)
continue;
@@ -813,7 +838,7 @@ static int nf_tables_updtable(struct nft
goto err;
nft_trans_table_update(trans) = true;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
err:
nft_trans_destroy(trans);
@@ -848,6 +873,7 @@ static int nf_tables_newtable(struct net
const struct nlattr * const nla[],
struct netlink_ext_ack *extack)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
@@ -857,7 +883,7 @@ static int nf_tables_newtable(struct net
struct nft_ctx ctx;
int err;
- lockdep_assert_held(&net->nft.commit_mutex);
+ lockdep_assert_held(&nft_net->commit_mutex);
attr = nla[NFTA_TABLE_NAME];
table = nft_table_lookup(net, attr, family, genmask);
if (IS_ERR(table)) {
@@ -907,7 +933,7 @@ static int nf_tables_newtable(struct net
if (err < 0)
goto err_trans;
- list_add_tail_rcu(&table->list, &net->nft.tables);
+ list_add_tail_rcu(&table->list, &nft_net->tables);
return 0;
err_trans:
rhltable_destroy(&table->chains_ht);
@@ -987,11 +1013,12 @@ out:
static int nft_flush(struct nft_ctx *ctx, int family)
{
+ struct nftables_pernet *nft_net = net_generic(ctx->net, nf_tables_net_id);
struct nft_table *table, *nt;
const struct nlattr * const *nla = ctx->nla;
int err = 0;
- list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
+ list_for_each_entry_safe(table, nt, &nft_net->tables, list) {
if (family != AF_UNSPEC && table->family != family)
continue;
@@ -1105,7 +1132,9 @@ nft_chain_lookup_byhandle(const struct n
static bool lockdep_commit_lock_is_held(struct net *net)
{
#ifdef CONFIG_PROVE_LOCKING
- return lockdep_is_held(&net->nft.commit_mutex);
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
+
+ return lockdep_is_held(&nft_net->commit_mutex);
#else
return true;
#endif
@@ -1302,11 +1331,13 @@ static int nf_tables_dump_chains(struct
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
+ struct nftables_pernet *nft_net;
rcu_read_lock();
- cb->seq = net->nft.base_seq;
+ nft_net = net_generic(net, nf_tables_net_id);
+ cb->seq = nft_net->base_seq;
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (family != NFPROTO_UNSPEC && family != table->family)
continue;
@@ -1499,12 +1530,13 @@ static int nft_chain_parse_hook(struct n
struct nft_chain_hook *hook, u8 family,
bool autoload)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nlattr *ha[NFTA_HOOK_MAX + 1];
const struct nft_chain_type *type;
struct net_device *dev;
int err;
- lockdep_assert_held(&net->nft.commit_mutex);
+ lockdep_assert_held(&nft_net->commit_mutex);
lockdep_nfnl_nft_mutex_not_held();
err = nla_parse_nested(ha, NFTA_HOOK_MAX, nla[NFTA_CHAIN_HOOK],
@@ -1773,6 +1805,7 @@ static int nf_tables_updchain(struct nft
if (nla[NFTA_CHAIN_HANDLE] &&
nla[NFTA_CHAIN_NAME]) {
+ struct nftables_pernet *nft_net = net_generic(ctx->net, nf_tables_net_id);
struct nft_trans *tmp;
char *name;
@@ -1782,7 +1815,7 @@ static int nf_tables_updchain(struct nft
goto err;
err = -EEXIST;
- list_for_each_entry(tmp, &ctx->net->nft.commit_list, list) {
+ list_for_each_entry(tmp, &nft_net->commit_list, list) {
if (tmp->msg_type == NFT_MSG_NEWCHAIN &&
tmp->ctx.table == table &&
nft_trans_chain_update(tmp) &&
@@ -1795,7 +1828,7 @@ static int nf_tables_updchain(struct nft
nft_trans_chain_name(trans) = name;
}
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
err:
@@ -1809,6 +1842,7 @@ static int nf_tables_newchain(struct net
const struct nlattr * const nla[],
struct netlink_ext_ack *extack)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
@@ -1819,7 +1853,7 @@ static int nf_tables_newchain(struct net
struct nft_ctx ctx;
u64 handle = 0;
- lockdep_assert_held(&net->nft.commit_mutex);
+ lockdep_assert_held(&nft_net->commit_mutex);
table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask);
if (IS_ERR(table)) {
@@ -2342,11 +2376,13 @@ static int nf_tables_dump_rules(struct s
unsigned int idx = 0, s_idx = cb->args[0];
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
+ struct nftables_pernet *nft_net;
rcu_read_lock();
- cb->seq = net->nft.base_seq;
+ nft_net = net_generic(net, nf_tables_net_id);
+ cb->seq = nft_net->base_seq;
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (family != NFPROTO_UNSPEC && family != table->family)
continue;
@@ -2499,7 +2535,6 @@ static void nf_tables_rule_destroy(const
{
struct nft_expr *expr, *next;
- lockdep_assert_held(&ctx->net->nft.commit_mutex);
/*
* Careful: some expressions might not be initialized in case this
* is called on error from nf_tables_newrule().
@@ -2579,6 +2614,7 @@ static int nf_tables_newrule(struct net
const struct nlattr * const nla[],
struct netlink_ext_ack *extack)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
struct nft_expr_info *info = NULL;
@@ -2595,7 +2631,7 @@ static int nf_tables_newrule(struct net
int err, rem;
u64 handle, pos_handle;
- lockdep_assert_held(&net->nft.commit_mutex);
+ lockdep_assert_held(&nft_net->commit_mutex);
table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask);
if (IS_ERR(table)) {
@@ -2743,7 +2779,7 @@ static int nf_tables_newrule(struct net
kvfree(info);
chain->use++;
- if (net->nft.validate_state == NFT_VALIDATE_DO)
+ if (nft_net->validate_state == NFT_VALIDATE_DO)
return nft_table_validate(net, table);
return 0;
@@ -2765,10 +2801,11 @@ static struct nft_rule *nft_rule_lookup_
const struct nft_chain *chain,
const struct nlattr *nla)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
u32 id = ntohl(nla_get_be32(nla));
struct nft_trans *trans;
- list_for_each_entry(trans, &net->nft.commit_list, list) {
+ list_for_each_entry(trans, &nft_net->commit_list, list) {
struct nft_rule *rule = nft_trans_rule(trans);
if (trans->msg_type == NFT_MSG_NEWRULE &&
@@ -2887,12 +2924,13 @@ nft_select_set_ops(const struct nft_ctx
const struct nft_set_desc *desc,
enum nft_set_policies policy)
{
+ struct nftables_pernet *nft_net = net_generic(ctx->net, nf_tables_net_id);
const struct nft_set_ops *ops, *bops;
struct nft_set_estimate est, best;
const struct nft_set_type *type;
u32 flags = 0;
- lockdep_assert_held(&ctx->net->nft.commit_mutex);
+ lockdep_assert_held(&nft_net->commit_mutex);
lockdep_nfnl_nft_mutex_not_held();
#ifdef CONFIG_MODULES
if (list_empty(&nf_tables_set_types)) {
@@ -3038,10 +3076,11 @@ static struct nft_set *nft_set_lookup_by
const struct nft_table *table,
const struct nlattr *nla, u8 genmask)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nft_trans *trans;
u32 id = ntohl(nla_get_be32(nla));
- list_for_each_entry(trans, &net->nft.commit_list, list) {
+ list_for_each_entry(trans, &nft_net->commit_list, list) {
if (trans->msg_type == NFT_MSG_NEWSET) {
struct nft_set *set = nft_trans_set(trans);
@@ -3257,14 +3296,16 @@ static int nf_tables_dump_sets(struct sk
struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2];
struct net *net = sock_net(skb->sk);
struct nft_ctx *ctx = cb->data, ctx_set;
+ struct nftables_pernet *nft_net;
if (cb->args[1])
return skb->len;
rcu_read_lock();
- cb->seq = net->nft.base_seq;
+ nft_net = net_generic(net, nf_tables_net_id);
+ cb->seq = nft_net->base_seq;
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (ctx->family != NFPROTO_UNSPEC &&
ctx->family != table->family)
continue;
@@ -3971,6 +4012,7 @@ static int nf_tables_dump_set(struct sk_
{
struct nft_set_dump_ctx *dump_ctx = cb->data;
struct net *net = sock_net(skb->sk);
+ struct nftables_pernet *nft_net;
struct nft_table *table;
struct nft_set *set;
struct nft_set_dump_args args;
@@ -3981,7 +4023,8 @@ static int nf_tables_dump_set(struct sk_
int event;
rcu_read_lock();
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ nft_net = net_generic(net, nf_tables_net_id);
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
dump_ctx->ctx.family != table->family)
continue;
@@ -4571,7 +4614,7 @@ static int nft_add_set_elem(struct nft_c
}
nft_trans_elem(trans) = elem;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
err6:
@@ -4596,6 +4639,7 @@ static int nf_tables_newsetelem(struct n
const struct nlattr * const nla[],
struct netlink_ext_ack *extack)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
u8 genmask = nft_genmask_next(net);
const struct nlattr *attr;
struct nft_set *set;
@@ -4625,7 +4669,7 @@ static int nf_tables_newsetelem(struct n
return err;
}
- if (net->nft.validate_state == NFT_VALIDATE_DO)
+ if (nft_net->validate_state == NFT_VALIDATE_DO)
return nft_table_validate(net, ctx.table);
return 0;
@@ -4738,7 +4782,7 @@ static int nft_del_setelem(struct nft_ct
nft_set_elem_deactivate(ctx->net, set, &elem);
nft_trans_elem(trans) = elem;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
fail_ops:
@@ -4772,7 +4816,7 @@ static int nft_flush_set(const struct nf
nft_set_elem_deactivate(ctx->net, set, elem);
nft_trans_elem_set(trans) = set;
nft_trans_elem(trans) = *elem;
- list_add_tail(&trans->list, &ctx->net->nft.commit_list);
+ nft_trans_commit_list_add_tail(ctx->net, trans);
return 0;
err1:
@@ -5151,6 +5195,7 @@ static int nf_tables_dump_obj(struct sk_
struct nft_obj_filter *filter = cb->data;
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
+ struct nftables_pernet *nft_net;
struct nft_object *obj;
bool reset = false;
@@ -5158,9 +5203,10 @@ static int nf_tables_dump_obj(struct sk_
reset = true;
rcu_read_lock();
- cb->seq = net->nft.base_seq;
+ nft_net = net_generic(net, nf_tables_net_id);
+ cb->seq = nft_net->base_seq;
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (family != NFPROTO_UNSPEC && family != table->family)
continue;
@@ -5826,12 +5872,14 @@ static int nf_tables_dump_flowtable(stru
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
+ struct nftables_pernet *nft_net;
const struct nft_table *table;
rcu_read_lock();
- cb->seq = net->nft.base_seq;
+ nft_net = net_generic(net, nf_tables_net_id);
+ cb->seq = nft_net->base_seq;
- list_for_each_entry_rcu(table, &net->nft.tables, list) {
+ list_for_each_entry_rcu(table, &nft_net->tables, list) {
if (family != NFPROTO_UNSPEC && family != table->family)
continue;
@@ -6001,6 +6049,7 @@ static void nf_tables_flowtable_destroy(
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
u32 portid, u32 seq)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nlmsghdr *nlh;
char buf[TASK_COMM_LEN];
int event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWGEN);
@@ -6010,7 +6059,7 @@ static int nf_tables_fill_gen_info(struc
if (!nlh)
goto nla_put_failure;
- if (nla_put_be32(skb, NFTA_GEN_ID, htonl(net->nft.base_seq)) ||
+ if (nla_put_be32(skb, NFTA_GEN_ID, htonl(nft_net->base_seq)) ||
nla_put_be32(skb, NFTA_GEN_PROC_PID, htonl(task_pid_nr(current))) ||
nla_put_string(skb, NFTA_GEN_PROC_NAME, get_task_comm(buf, current)))
goto nla_put_failure;
@@ -6043,6 +6092,7 @@ static int nf_tables_flowtable_event(str
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
struct nft_flowtable *flowtable;
+ struct nftables_pernet *nft_net;
struct nft_table *table;
struct net *net;
@@ -6050,13 +6100,14 @@ static int nf_tables_flowtable_event(str
return 0;
net = dev_net(dev);
- mutex_lock(&net->nft.commit_mutex);
- list_for_each_entry(table, &net->nft.tables, list) {
+ nft_net = net_generic(net, nf_tables_net_id);
+ mutex_lock(&nft_net->commit_mutex);
+ list_for_each_entry(table, &nft_net->tables, list) {
list_for_each_entry(flowtable, &table->flowtables, list) {
nft_flowtable_event(event, dev, flowtable);
}
}
- mutex_unlock(&net->nft.commit_mutex);
+ mutex_unlock(&nft_net->commit_mutex);
return NOTIFY_DONE;
}
@@ -6237,16 +6288,17 @@ static const struct nfnl_callback nf_tab
static int nf_tables_validate(struct net *net)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nft_table *table;
- switch (net->nft.validate_state) {
+ switch (nft_net->validate_state) {
case NFT_VALIDATE_SKIP:
break;
case NFT_VALIDATE_NEED:
nft_validate_state_update(net, NFT_VALIDATE_DO);
/* fall through */
case NFT_VALIDATE_DO:
- list_for_each_entry(table, &net->nft.tables, list) {
+ list_for_each_entry(table, &nft_net->tables, list) {
if (nft_table_validate(net, table) < 0)
return -EAGAIN;
}
@@ -6323,14 +6375,15 @@ static void nft_commit_release(struct nf
static void nf_tables_commit_release(struct net *net)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nft_trans *trans, *next;
- if (list_empty(&net->nft.commit_list))
+ if (list_empty(&nft_net->commit_list))
return;
synchronize_rcu();
- list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
+ list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
list_del(&trans->list);
nft_commit_release(trans);
}
@@ -6369,9 +6422,10 @@ static int nf_tables_commit_chain_prepar
static void nf_tables_commit_chain_prepare_cancel(struct net *net)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nft_trans *trans, *next;
- list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
+ list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
struct nft_chain *chain = trans->ctx.chain;
if (trans->msg_type == NFT_MSG_NEWRULE ||
@@ -6463,6 +6517,7 @@ static void nft_chain_del(struct nft_cha
static int nf_tables_commit(struct net *net, struct sk_buff *skb)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nft_trans *trans, *next;
struct nft_trans_elem *te;
struct nft_chain *chain;
@@ -6473,7 +6528,7 @@ static int nf_tables_commit(struct net *
return -EAGAIN;
/* 1. Allocate space for next generation rules_gen_X[] */
- list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
+ list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
int ret;
if (trans->msg_type == NFT_MSG_NEWRULE ||
@@ -6489,7 +6544,7 @@ static int nf_tables_commit(struct net *
}
/* step 2. Make rules_gen_X visible to packet path */
- list_for_each_entry(table, &net->nft.tables, list) {
+ list_for_each_entry(table, &nft_net->tables, list) {
list_for_each_entry(chain, &table->chains, list)
nf_tables_commit_chain(net, chain);
}
@@ -6498,12 +6553,13 @@ static int nf_tables_commit(struct net *
* Bump generation counter, invalidate any dump in progress.
* Cannot fail after this point.
*/
- while (++net->nft.base_seq == 0);
+ while (++nft_net->base_seq == 0)
+ ;
/* step 3. Start new generation, rules_gen_X now in use. */
net->nft.gencursor = nft_gencursor_next(net);
- list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
+ list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
switch (trans->msg_type) {
case NFT_MSG_NEWTABLE:
if (nft_trans_table_update(trans)) {
@@ -6624,7 +6680,7 @@ static int nf_tables_commit(struct net *
nf_tables_commit_release(net);
nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
- mutex_unlock(&net->nft.commit_mutex);
+ mutex_unlock(&nft_net->commit_mutex);
return 0;
}
@@ -6660,10 +6716,11 @@ static void nf_tables_abort_release(stru
static int __nf_tables_abort(struct net *net)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
struct nft_trans *trans, *next;
struct nft_trans_elem *te;
- list_for_each_entry_safe_reverse(trans, next, &net->nft.commit_list,
+ list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list,
list) {
switch (trans->msg_type) {
case NFT_MSG_NEWTABLE:
@@ -6770,7 +6827,7 @@ static int __nf_tables_abort(struct net
synchronize_rcu();
list_for_each_entry_safe_reverse(trans, next,
- &net->nft.commit_list, list) {
+ &nft_net->commit_list, list) {
list_del(&trans->list);
nf_tables_abort_release(trans);
}
@@ -6780,22 +6837,24 @@ static int __nf_tables_abort(struct net
static int nf_tables_abort(struct net *net, struct sk_buff *skb)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
int ret = __nf_tables_abort(net);
- mutex_unlock(&net->nft.commit_mutex);
+ mutex_unlock(&nft_net->commit_mutex);
return ret;
}
static bool nf_tables_valid_genid(struct net *net, u32 genid)
{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
bool genid_ok;
- mutex_lock(&net->nft.commit_mutex);
+ mutex_lock(&nft_net->commit_mutex);
- genid_ok = genid == 0 || net->nft.base_seq == genid;
+ genid_ok = genid == 0 || nft_net->base_seq == genid;
if (!genid_ok)
- mutex_unlock(&net->nft.commit_mutex);
+ mutex_unlock(&nft_net->commit_mutex);
/* else, commit mutex has to be released by commit or abort function */
return genid_ok;
@@ -7353,10 +7412,9 @@ int __nft_release_basechain(struct nft_c
}
EXPORT_SYMBOL_GPL(__nft_release_basechain);
-static void __nft_release_tables(struct net *net)
+static void __nft_release_table(struct net *net, struct nft_table *table)
{
struct nft_flowtable *flowtable, *nf;
- struct nft_table *table, *nt;
struct nft_chain *chain, *nc;
struct nft_object *obj, *ne;
struct nft_rule *rule, *nr;
@@ -7366,71 +7424,84 @@ static void __nft_release_tables(struct
.family = NFPROTO_NETDEV,
};
- list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
- ctx.family = table->family;
+ ctx.family = table->family;
- list_for_each_entry(chain, &table->chains, list)
- nf_tables_unregister_hook(net, table, chain);
- /* No packets are walking on these chains anymore. */
- ctx.table = table;
- list_for_each_entry(chain, &table->chains, list) {
- ctx.chain = chain;
- list_for_each_entry_safe(rule, nr, &chain->rules, list) {
- list_del(&rule->list);
- chain->use--;
- nf_tables_rule_release(&ctx, rule);
- }
- }
- list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
- list_del(&flowtable->list);
- table->use--;
- nf_tables_flowtable_destroy(flowtable);
- }
- list_for_each_entry_safe(set, ns, &table->sets, list) {
- list_del(&set->list);
- table->use--;
- nft_set_destroy(set);
- }
- list_for_each_entry_safe(obj, ne, &table->objects, list) {
- list_del(&obj->list);
- table->use--;
- nft_obj_destroy(&ctx, obj);
- }
- list_for_each_entry_safe(chain, nc, &table->chains, list) {
- ctx.chain = chain;
- nft_chain_del(chain);
- table->use--;
- nf_tables_chain_destroy(&ctx);
+ list_for_each_entry(chain, &table->chains, list)
+ nf_tables_unregister_hook(net, table, chain);
+ /* No packets are walking on these chains anymore. */
+ ctx.table = table;
+ list_for_each_entry(chain, &table->chains, list) {
+ ctx.chain = chain;
+ list_for_each_entry_safe(rule, nr, &chain->rules, list) {
+ list_del(&rule->list);
+ chain->use--;
+ nf_tables_rule_release(&ctx, rule);
}
- list_del(&table->list);
- nf_tables_table_destroy(&ctx);
}
+ list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
+ list_del(&flowtable->list);
+ table->use--;
+ nf_tables_flowtable_destroy(flowtable);
+ }
+ list_for_each_entry_safe(set, ns, &table->sets, list) {
+ list_del(&set->list);
+ table->use--;
+ nft_set_destroy(set);
+ }
+ list_for_each_entry_safe(obj, ne, &table->objects, list) {
+ list_del(&obj->list);
+ table->use--;
+ nft_obj_destroy(&ctx, obj);
+ }
+ list_for_each_entry_safe(chain, nc, &table->chains, list) {
+ ctx.chain = chain;
+ nft_chain_del(chain);
+ table->use--;
+ nf_tables_chain_destroy(&ctx);
+ }
+ list_del(&table->list);
+ nf_tables_table_destroy(&ctx);
+}
+
+static void __nft_release_tables(struct net *net)
+{
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
+ struct nft_table *table, *nt;
+
+ list_for_each_entry_safe(table, nt, &nft_net->tables, list)
+ __nft_release_table(net, table);
}
static int __net_init nf_tables_init_net(struct net *net)
{
- INIT_LIST_HEAD(&net->nft.tables);
- INIT_LIST_HEAD(&net->nft.commit_list);
- mutex_init(&net->nft.commit_mutex);
- net->nft.base_seq = 1;
- net->nft.validate_state = NFT_VALIDATE_SKIP;
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
+
+ INIT_LIST_HEAD(&nft_net->tables);
+ INIT_LIST_HEAD(&nft_net->commit_list);
+ mutex_init(&nft_net->commit_mutex);
+ nft_net->base_seq = 1;
+ nft_net->validate_state = NFT_VALIDATE_SKIP;
return 0;
}
static void __net_exit nf_tables_exit_net(struct net *net)
{
- mutex_lock(&net->nft.commit_mutex);
- if (!list_empty(&net->nft.commit_list))
+ struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
+
+ mutex_lock(&nft_net->commit_mutex);
+ if (!list_empty(&nft_net->commit_list))
__nf_tables_abort(net);
__nft_release_tables(net);
- mutex_unlock(&net->nft.commit_mutex);
- WARN_ON_ONCE(!list_empty(&net->nft.tables));
+ mutex_unlock(&nft_net->commit_mutex);
+ WARN_ON_ONCE(!list_empty(&nft_net->tables));
}
static struct pernet_operations nf_tables_net_ops = {
.init = nf_tables_init_net,
.exit = nf_tables_exit_net,
+ .id = &nf_tables_net_id,
+ .size = sizeof(struct nftables_pernet),
};
static int __init nf_tables_module_init(void)
--- a/net/netfilter/nft_chain_filter.c
+++ b/net/netfilter/nft_chain_filter.c
@@ -2,6 +2,7 @@
#include <linux/kernel.h>
#include <linux/netdevice.h>
#include <net/net_namespace.h>
+#include <net/netns/generic.h>
#include <net/netfilter/nf_tables.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
@@ -10,6 +11,8 @@
#include <net/netfilter/nf_tables_ipv4.h>
#include <net/netfilter/nf_tables_ipv6.h>
+extern unsigned int nf_tables_net_id;
+
#ifdef CONFIG_NF_TABLES_IPV4
static unsigned int nft_do_chain_ipv4(void *priv,
struct sk_buff *skb,
@@ -315,6 +318,7 @@ static int nf_tables_netdev_event(struct
unsigned long event, void *ptr)
{
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
+ struct nftables_pernet *nft_net;
struct nft_table *table;
struct nft_chain *chain, *nr;
struct nft_ctx ctx = {
@@ -325,8 +329,9 @@ static int nf_tables_netdev_event(struct
event != NETDEV_CHANGENAME)
return NOTIFY_DONE;
- mutex_lock(&ctx.net->nft.commit_mutex);
- list_for_each_entry(table, &ctx.net->nft.tables, list) {
+ nft_net = net_generic(ctx.net, nf_tables_net_id);
+ mutex_lock(&nft_net->commit_mutex);
+ list_for_each_entry(table, &nft_net->tables, list) {
if (table->family != NFPROTO_NETDEV)
continue;
@@ -340,7 +345,7 @@ static int nf_tables_netdev_event(struct
nft_netdev_event(event, dev, &ctx);
}
}
- mutex_unlock(&ctx.net->nft.commit_mutex);
+ mutex_unlock(&nft_net->commit_mutex);
return NOTIFY_DONE;
}
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -15,6 +15,9 @@
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables_core.h>
+#include <net/netns/generic.h>
+
+extern unsigned int nf_tables_net_id;
struct nft_dynset {
struct nft_set *set;
@@ -112,13 +115,14 @@ static int nft_dynset_init(const struct
const struct nft_expr *expr,
const struct nlattr * const tb[])
{
+ struct nftables_pernet *nft_net = net_generic(ctx->net, nf_tables_net_id);
struct nft_dynset *priv = nft_expr_priv(expr);
u8 genmask = nft_genmask_next(ctx->net);
struct nft_set *set;
u64 timeout;
int err;
- lockdep_assert_held(&ctx->net->nft.commit_mutex);
+ lockdep_assert_held(&nft_net->commit_mutex);
if (tb[NFTA_DYNSET_SET_NAME] == NULL ||
tb[NFTA_DYNSET_OP] == NULL ||
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 129/323] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 128/323] netfilter: nf_tables: use net_generic infra for transaction data Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 130/323] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain Greg Kroah-Hartman
` (197 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 1240eb93f0616b21c675416516ff3d74798fdc97 ]
In case of error when adding a new rule that refers to an anonymous set,
deactivate expressions via NFT_TRANS_PREPARE state, not NFT_TRANS_RELEASE.
Thus, the lookup expression marks anonymous sets as inactive in the next
generation to ensure it is not reachable in this transaction anymore and
decrement the set refcount as introduced by c1592a89942e ("netfilter:
nf_tables: deactivate anonymous set from preparation phase"). The abort
step takes care of undoing the anonymous set.
This is also consistent with rule deletion, where NFT_TRANS_PREPARE is
used. Note that this error path is exercised in the preparation step of
the commit protocol. This patch replaces nf_tables_rule_release() by the
deactivate and destroy calls, this time with NFT_TRANS_PREPARE.
Due to this incorrect error handling, it is possible to access a
dangling pointer to the anonymous set that remains in the transaction
list.
[1009.379054] BUG: KASAN: use-after-free in nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379106] Read of size 8 at addr ffff88816c4c8020 by task nft-rule-add/137110
[1009.379116] CPU: 7 PID: 137110 Comm: nft-rule-add Not tainted 6.4.0-rc4+ #256
[1009.379128] Call Trace:
[1009.379132] <TASK>
[1009.379135] dump_stack_lvl+0x33/0x50
[1009.379146] ? nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379191] print_address_description.constprop.0+0x27/0x300
[1009.379201] kasan_report+0x107/0x120
[1009.379210] ? nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379255] nft_set_lookup_global+0x147/0x1a0 [nf_tables]
[1009.379302] nft_lookup_init+0xa5/0x270 [nf_tables]
[1009.379350] nf_tables_newrule+0x698/0xe50 [nf_tables]
[1009.379397] ? nf_tables_rule_release+0xe0/0xe0 [nf_tables]
[1009.379441] ? kasan_unpoison+0x23/0x50
[1009.379450] nfnetlink_rcv_batch+0x97c/0xd90 [nfnetlink]
[1009.379470] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
[1009.379485] ? __alloc_skb+0xb8/0x1e0
[1009.379493] ? __alloc_skb+0xb8/0x1e0
[1009.379502] ? entry_SYSCALL_64_after_hwframe+0x46/0xb0
[1009.379509] ? unwind_get_return_address+0x2a/0x40
[1009.379517] ? write_profile+0xc0/0xc0
[1009.379524] ? avc_lookup+0x8f/0xc0
[1009.379532] ? __rcu_read_unlock+0x43/0x60
Fixes: 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2784,7 +2784,8 @@ static int nf_tables_newrule(struct net
return 0;
err2:
- nf_tables_rule_release(&ctx, rule);
+ nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE);
+ nf_tables_rule_destroy(&ctx, rule);
err1:
for (i = 0; i < n; i++) {
if (info[i].ops) {
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 130/323] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 129/323] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 131/323] netfilter: nf_tables: reject unbound anonymous set before commit phase Greg Kroah-Hartman
` (196 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 26b5a5712eb85e253724e56a54c17f8519bd8e4e ]
Add a new state to deal with rule expressions deactivation from the
newrule error path, otherwise the anonymous set remains in the list in
inactive state for the next generation. Mark the set/chain transaction
as unbound so the abort path releases this object, set it as inactive in
the next generation so it is not reachable anymore from this transaction
and reference counter is dropped.
Fixes: 1240eb93f061 ("netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/nf_tables.h | 1 +
net/netfilter/nf_tables_api.c | 26 ++++++++++++++++++++++----
2 files changed, 23 insertions(+), 4 deletions(-)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -736,6 +736,7 @@ struct nft_expr_type {
enum nft_trans_phase {
NFT_TRANS_PREPARE,
+ NFT_TRANS_PREPARE_ERROR,
NFT_TRANS_ABORT,
NFT_TRANS_COMMIT,
NFT_TRANS_RELEASE
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -120,7 +120,8 @@ static void nft_trans_destroy(struct nft
kfree(trans);
}
-static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
+static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,
+ bool bind)
{
struct nftables_pernet *nft_net;
struct net *net = ctx->net;
@@ -134,16 +135,26 @@ static void nft_set_trans_bind(const str
switch (trans->msg_type) {
case NFT_MSG_NEWSET:
if (nft_trans_set(trans) == set)
- nft_trans_set_bound(trans) = true;
+ nft_trans_set_bound(trans) = bind;
break;
case NFT_MSG_NEWSETELEM:
if (nft_trans_elem_set(trans) == set)
- nft_trans_elem_set_bound(trans) = true;
+ nft_trans_elem_set_bound(trans) = bind;
break;
}
}
}
+static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
+{
+ return __nft_set_trans_bind(ctx, set, true);
+}
+
+static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set)
+{
+ return __nft_set_trans_bind(ctx, set, false);
+}
+
static void nft_trans_commit_list_add_tail(struct net *net, struct nft_trans *trans)
{
struct nftables_pernet *nft_net;
@@ -2784,7 +2795,7 @@ static int nf_tables_newrule(struct net
return 0;
err2:
- nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE);
+ nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE_ERROR);
nf_tables_rule_destroy(&ctx, rule);
err1:
for (i = 0; i < n; i++) {
@@ -3809,6 +3820,13 @@ void nf_tables_deactivate_set(const stru
enum nft_trans_phase phase)
{
switch (phase) {
+ case NFT_TRANS_PREPARE_ERROR:
+ nft_set_trans_unbind(ctx, set);
+ if (nft_set_is_anonymous(set))
+ nft_deactivate_next(ctx->net, set);
+
+ set->use--;
+ break;
case NFT_TRANS_PREPARE:
if (nft_set_is_anonymous(set))
nft_deactivate_next(ctx->net, set);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 131/323] netfilter: nf_tables: reject unbound anonymous set before commit phase
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 130/323] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 132/323] netfilter: nf_tables: unbind non-anonymous set if rule construction fails Greg Kroah-Hartman
` (195 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 938154b93be8cd611ddfd7bafc1849f3c4355201 ]
Add a new list to track set transaction and to check for unbound
anonymous sets before entering the commit phase.
Bail out at the end of the transaction handling if an anonymous set
remains unbound.
Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/nf_tables.h | 3 +++
net/netfilter/nf_tables_api.c | 33 ++++++++++++++++++++++++++++++---
2 files changed, 33 insertions(+), 3 deletions(-)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1320,12 +1320,14 @@ static inline void nft_set_elem_clear_bu
* struct nft_trans - nf_tables object update in transaction
*
* @list: used internally
+ * @binding_list: list of objects with possible bindings
* @msg_type: message type
* @ctx: transaction context
* @data: internal information related to the transaction
*/
struct nft_trans {
struct list_head list;
+ struct list_head binding_list;
int msg_type;
struct nft_ctx ctx;
char data[0];
@@ -1413,6 +1415,7 @@ void nft_chain_filter_fini(void);
struct nftables_pernet {
struct list_head tables;
struct list_head commit_list;
+ struct list_head binding_list;
struct list_head module_list;
struct list_head notify_list;
struct mutex commit_mutex;
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -102,6 +102,7 @@ static struct nft_trans *nft_trans_alloc
return NULL;
INIT_LIST_HEAD(&trans->list);
+ INIT_LIST_HEAD(&trans->binding_list);
trans->msg_type = msg_type;
trans->ctx = *ctx;
@@ -114,9 +115,15 @@ static struct nft_trans *nft_trans_alloc
return nft_trans_alloc_gfp(ctx, msg_type, size, GFP_KERNEL);
}
-static void nft_trans_destroy(struct nft_trans *trans)
+static void nft_trans_list_del(struct nft_trans *trans)
{
list_del(&trans->list);
+ list_del(&trans->binding_list);
+}
+
+static void nft_trans_destroy(struct nft_trans *trans)
+{
+ nft_trans_list_del(trans);
kfree(trans);
}
@@ -160,6 +167,13 @@ static void nft_trans_commit_list_add_ta
struct nftables_pernet *nft_net;
nft_net = net_generic(net, nf_tables_net_id);
+ switch (trans->msg_type) {
+ case NFT_MSG_NEWSET:
+ if (nft_set_is_anonymous(nft_trans_set(trans)))
+ list_add_tail(&trans->binding_list, &nft_net->binding_list);
+ break;
+ }
+
list_add_tail(&trans->list, &nft_net->commit_list);
}
@@ -6403,7 +6417,7 @@ static void nf_tables_commit_release(str
synchronize_rcu();
list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
- list_del(&trans->list);
+ nft_trans_list_del(trans);
nft_commit_release(trans);
}
}
@@ -6542,6 +6556,18 @@ static int nf_tables_commit(struct net *
struct nft_chain *chain;
struct nft_table *table;
+ list_for_each_entry(trans, &nft_net->binding_list, binding_list) {
+ switch (trans->msg_type) {
+ case NFT_MSG_NEWSET:
+ if (nft_set_is_anonymous(nft_trans_set(trans)) &&
+ !nft_trans_set_bound(trans)) {
+ pr_warn_once("nftables ruleset with unbound set\n");
+ return -EINVAL;
+ }
+ break;
+ }
+ }
+
/* 0. Validate ruleset, otherwise roll back for error reporting. */
if (nf_tables_validate(net) < 0)
return -EAGAIN;
@@ -6847,7 +6873,7 @@ static int __nf_tables_abort(struct net
list_for_each_entry_safe_reverse(trans, next,
&nft_net->commit_list, list) {
- list_del(&trans->list);
+ nft_trans_list_del(trans);
nf_tables_abort_release(trans);
}
@@ -7497,6 +7523,7 @@ static int __net_init nf_tables_init_net
INIT_LIST_HEAD(&nft_net->tables);
INIT_LIST_HEAD(&nft_net->commit_list);
+ INIT_LIST_HEAD(&nft_net->binding_list);
mutex_init(&nft_net->commit_mutex);
nft_net->base_seq = 1;
nft_net->validate_state = NFT_VALIDATE_SKIP;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 132/323] netfilter: nf_tables: unbind non-anonymous set if rule construction fails
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 131/323] netfilter: nf_tables: reject unbound anonymous set before commit phase Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 133/323] netfilter: nf_tables: fix scheduling-while-atomic splat Greg Kroah-Hartman
` (194 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ 3e70489721b6c870252c9082c496703677240f53 ]
Otherwise a dangling reference to a rule object that is gone remains
in the set binding list.
Fixes: 26b5a5712eb8 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3838,6 +3838,8 @@ void nf_tables_deactivate_set(const stru
nft_set_trans_unbind(ctx, set);
if (nft_set_is_anonymous(set))
nft_deactivate_next(ctx->net, set);
+ else
+ list_del_rcu(&binding->list);
set->use--;
break;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 133/323] netfilter: nf_tables: fix scheduling-while-atomic splat
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 132/323] netfilter: nf_tables: unbind non-anonymous set if rule construction fails Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 134/323] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free Greg Kroah-Hartman
` (193 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable, netfilter-devel
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Pablo Neira Ayuso
From: Florian Westphal <fw@strlen.de>
[ 2024439bd5ceb145eeeb428b2a59e9b905153ac3 ]
nf_tables_check_loops() can be called from rhashtable list
walk so cond_resched() cannot be used here.
Fixes: 81ea01066741 ("netfilter: nf_tables: add rescheduling points during loop detection walks")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 4 ----
1 file changed, 4 deletions(-)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7021,13 +7021,9 @@ static int nf_tables_check_loops(const s
break;
}
}
-
- cond_resched();
}
list_for_each_entry(set, &ctx->table->sets, list) {
- cond_resched();
-
if (!nft_is_active_next(ctx->net, set))
continue;
if (!(set->flags & NFT_SET_MAP) ||
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 134/323] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 133/323] netfilter: nf_tables: fix scheduling-while-atomic splat Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 135/323] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval Greg Kroah-Hartman
` (192 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florent Revest, Florian Westphal,
Pablo Neira Ayuso
From: Florent Revest <revest@chromium.org>
commit 6eef7a2b933885a17679eb8ed0796ddf0ee5309b upstream.
If nf_conntrack_init_start() fails (for example due to a
register_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()
clean-up path frees the nf_ct_helper_hash map.
When built with NF_CONNTRACK=y, further netfilter modules (e.g:
netfilter_conntrack_ftp) can still be loaded and call
nf_conntrack_helpers_register(), independently of whether nf_conntrack
initialized correctly. This accesses the nf_ct_helper_hash dangling
pointer and causes a uaf, possibly leading to random memory corruption.
This patch guards nf_conntrack_helper_register() from accessing a freed
or uninitialized nf_ct_helper_hash pointer and fixes possible
uses-after-free when loading a conntrack module.
Cc: stable@vger.kernel.org
Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure")
Signed-off-by: Florent Revest <revest@chromium.org>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_helper.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -400,6 +400,9 @@ int nf_conntrack_helper_register(struct
BUG_ON(me->expect_class_max >= NF_CT_MAX_EXPECT_CLASSES);
BUG_ON(strlen(me->name) > NF_CT_HELPER_NAME_LEN - 1);
+ if (!nf_ct_helper_hash)
+ return -ENOENT;
+
if (me->expect_policy->max_expected > NF_CT_EXPECT_MAX_CNT)
return -EINVAL;
@@ -570,4 +573,5 @@ void nf_conntrack_helper_fini(void)
{
nf_ct_extend_unregister(&helper_extend);
kvfree(nf_ct_helper_hash);
+ nf_ct_helper_hash = NULL;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 135/323] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 134/323] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 136/323] net: lan743x: Dont sleep in atomic context Greg Kroah-Hartman
` (191 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Thadeu Lima de Souza Cascardo,
Florian Westphal, Pablo Neira Ayuso
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
commit caf3ef7468f7534771b5c44cd8dbd6f7f87c2cbd upstream.
When evaluating byteorder expressions with size 2, a union with 32-bit and
16-bit members is used. Since the 16-bit members are aligned to 32-bit,
the array accesses will be out-of-bounds.
It may lead to a stack-out-of-bounds access like the one below:
[ 23.095215] ==================================================================
[ 23.095625] BUG: KASAN: stack-out-of-bounds in nft_byteorder_eval+0x13c/0x320
[ 23.096020] Read of size 2 at addr ffffc90000007948 by task ping/115
[ 23.096358]
[ 23.096456] CPU: 0 PID: 115 Comm: ping Not tainted 6.4.0+ #413
[ 23.096770] Call Trace:
[ 23.096910] <IRQ>
[ 23.097030] dump_stack_lvl+0x60/0xc0
[ 23.097218] print_report+0xcf/0x630
[ 23.097388] ? nft_byteorder_eval+0x13c/0x320
[ 23.097577] ? kasan_addr_to_slab+0xd/0xc0
[ 23.097760] ? nft_byteorder_eval+0x13c/0x320
[ 23.097949] kasan_report+0xc9/0x110
[ 23.098106] ? nft_byteorder_eval+0x13c/0x320
[ 23.098298] __asan_load2+0x83/0xd0
[ 23.098453] nft_byteorder_eval+0x13c/0x320
[ 23.098659] nft_do_chain+0x1c8/0xc50
[ 23.098852] ? __pfx_nft_do_chain+0x10/0x10
[ 23.099078] ? __kasan_check_read+0x11/0x20
[ 23.099295] ? __pfx___lock_acquire+0x10/0x10
[ 23.099535] ? __pfx___lock_acquire+0x10/0x10
[ 23.099745] ? __kasan_check_read+0x11/0x20
[ 23.099929] nft_do_chain_ipv4+0xfe/0x140
[ 23.100105] ? __pfx_nft_do_chain_ipv4+0x10/0x10
[ 23.100327] ? lock_release+0x204/0x400
[ 23.100515] ? nf_hook.constprop.0+0x340/0x550
[ 23.100779] nf_hook_slow+0x6c/0x100
[ 23.100977] ? __pfx_nft_do_chain_ipv4+0x10/0x10
[ 23.101223] nf_hook.constprop.0+0x334/0x550
[ 23.101443] ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 23.101677] ? __pfx_nf_hook.constprop.0+0x10/0x10
[ 23.101882] ? __pfx_ip_rcv_finish+0x10/0x10
[ 23.102071] ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 23.102291] ? rcu_read_lock_held+0x4b/0x70
[ 23.102481] ip_local_deliver+0xbb/0x110
[ 23.102665] ? __pfx_ip_rcv+0x10/0x10
[ 23.102839] ip_rcv+0x199/0x2a0
[ 23.102980] ? __pfx_ip_rcv+0x10/0x10
[ 23.103140] __netif_receive_skb_one_core+0x13e/0x150
[ 23.103362] ? __pfx___netif_receive_skb_one_core+0x10/0x10
[ 23.103647] ? mark_held_locks+0x48/0xa0
[ 23.103819] ? process_backlog+0x36c/0x380
[ 23.103999] __netif_receive_skb+0x23/0xc0
[ 23.104179] process_backlog+0x91/0x380
[ 23.104350] __napi_poll.constprop.0+0x66/0x360
[ 23.104589] ? net_rx_action+0x1cb/0x610
[ 23.104811] net_rx_action+0x33e/0x610
[ 23.105024] ? _raw_spin_unlock+0x23/0x50
[ 23.105257] ? __pfx_net_rx_action+0x10/0x10
[ 23.105485] ? mark_held_locks+0x48/0xa0
[ 23.105741] __do_softirq+0xfa/0x5ab
[ 23.105956] ? __dev_queue_xmit+0x765/0x1c00
[ 23.106193] do_softirq.part.0+0x49/0xc0
[ 23.106423] </IRQ>
[ 23.106547] <TASK>
[ 23.106670] __local_bh_enable_ip+0xf5/0x120
[ 23.106903] __dev_queue_xmit+0x789/0x1c00
[ 23.107131] ? __pfx___dev_queue_xmit+0x10/0x10
[ 23.107381] ? find_held_lock+0x8e/0xb0
[ 23.107585] ? lock_release+0x204/0x400
[ 23.107798] ? neigh_resolve_output+0x185/0x350
[ 23.108049] ? mark_held_locks+0x48/0xa0
[ 23.108265] ? neigh_resolve_output+0x185/0x350
[ 23.108514] neigh_resolve_output+0x246/0x350
[ 23.108753] ? neigh_resolve_output+0x246/0x350
[ 23.109003] ip_finish_output2+0x3c3/0x10b0
[ 23.109250] ? __pfx_ip_finish_output2+0x10/0x10
[ 23.109510] ? __pfx_nf_hook+0x10/0x10
[ 23.109732] __ip_finish_output+0x217/0x390
[ 23.109978] ip_finish_output+0x2f/0x130
[ 23.110207] ip_output+0xc9/0x170
[ 23.110404] ip_push_pending_frames+0x1a0/0x240
[ 23.110652] raw_sendmsg+0x102e/0x19e0
[ 23.110871] ? __pfx_raw_sendmsg+0x10/0x10
[ 23.111093] ? lock_release+0x204/0x400
[ 23.111304] ? __mod_lruvec_page_state+0x148/0x330
[ 23.111567] ? find_held_lock+0x8e/0xb0
[ 23.111777] ? find_held_lock+0x8e/0xb0
[ 23.111993] ? __rcu_read_unlock+0x7c/0x2f0
[ 23.112225] ? aa_sk_perm+0x18a/0x550
[ 23.112431] ? filemap_map_pages+0x4f1/0x900
[ 23.112665] ? __pfx_aa_sk_perm+0x10/0x10
[ 23.112880] ? find_held_lock+0x8e/0xb0
[ 23.113098] inet_sendmsg+0xa0/0xb0
[ 23.113297] ? inet_sendmsg+0xa0/0xb0
[ 23.113500] ? __pfx_inet_sendmsg+0x10/0x10
[ 23.113727] sock_sendmsg+0xf4/0x100
[ 23.113924] ? move_addr_to_kernel.part.0+0x4f/0xa0
[ 23.114190] __sys_sendto+0x1d4/0x290
[ 23.114391] ? __pfx___sys_sendto+0x10/0x10
[ 23.114621] ? __pfx_mark_lock.part.0+0x10/0x10
[ 23.114869] ? lock_release+0x204/0x400
[ 23.115076] ? find_held_lock+0x8e/0xb0
[ 23.115287] ? rcu_is_watching+0x23/0x60
[ 23.115503] ? __rseq_handle_notify_resume+0x6e2/0x860
[ 23.115778] ? __kasan_check_write+0x14/0x30
[ 23.116008] ? blkcg_maybe_throttle_current+0x8d/0x770
[ 23.116285] ? mark_held_locks+0x28/0xa0
[ 23.116503] ? do_syscall_64+0x37/0x90
[ 23.116713] __x64_sys_sendto+0x7f/0xb0
[ 23.116924] do_syscall_64+0x59/0x90
[ 23.117123] ? irqentry_exit_to_user_mode+0x25/0x30
[ 23.117387] ? irqentry_exit+0x77/0xb0
[ 23.117593] ? exc_page_fault+0x92/0x140
[ 23.117806] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 23.118081] RIP: 0033:0x7f744aee2bba
[ 23.118282] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[ 23.119237] RSP: 002b:00007ffd04a7c9f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 23.119644] RAX: ffffffffffffffda RBX: 00007ffd04a7e0a0 RCX: 00007f744aee2bba
[ 23.120023] RDX: 0000000000000040 RSI: 000056488e9e6300 RDI: 0000000000000003
[ 23.120413] RBP: 000056488e9e6300 R08: 00007ffd04a80320 R09: 0000000000000010
[ 23.120809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040
[ 23.121219] R13: 00007ffd04a7dc38 R14: 00007ffd04a7ca00 R15: 00007ffd04a7e0a0
[ 23.121617] </TASK>
[ 23.121749]
[ 23.121845] The buggy address belongs to the virtual mapping at
[ 23.121845] [ffffc90000000000, ffffc90000009000) created by:
[ 23.121845] irq_init_percpu_irqstack+0x1cf/0x270
[ 23.122707]
[ 23.122803] The buggy address belongs to the physical page:
[ 23.123104] page:0000000072ac19f0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24a09
[ 23.123609] flags: 0xfffffc0001000(reserved|node=0|zone=1|lastcpupid=0x1fffff)
[ 23.123998] page_type: 0xffffffff()
[ 23.124194] raw: 000fffffc0001000 ffffea0000928248 ffffea0000928248 0000000000000000
[ 23.124610] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 23.125023] page dumped because: kasan: bad access detected
[ 23.125326]
[ 23.125421] Memory state around the buggy address:
[ 23.125682] ffffc90000007800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.126072] ffffc90000007880: 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 f2 f2 00
[ 23.126455] >ffffc90000007900: 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00
[ 23.126840] ^
[ 23.127138] ffffc90000007980: 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3
[ 23.127522] ffffc90000007a00: f3 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 23.127906] ==================================================================
[ 23.128324] Disabling lock debugging due to kernel taint
Using simple s16 pointers for the 16-bit accesses fixes the problem. For
the 32-bit accesses, src and dst can be used directly.
Fixes: 96518518cc41 ("netfilter: add nftables")
Cc: stable@vger.kernel.org
Reported-by: Tanguy DUBROCA (@SidewayRE) from @Synacktiv working with ZDI
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nft_byteorder.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/net/netfilter/nft_byteorder.c
+++ b/net/netfilter/nft_byteorder.c
@@ -33,11 +33,11 @@ static void nft_byteorder_eval(const str
const struct nft_byteorder *priv = nft_expr_priv(expr);
u32 *src = ®s->data[priv->sreg];
u32 *dst = ®s->data[priv->dreg];
- union { u32 u32; u16 u16; } *s, *d;
+ u16 *s16, *d16;
unsigned int i;
- s = (void *)src;
- d = (void *)dst;
+ s16 = (void *)src;
+ d16 = (void *)dst;
switch (priv->size) {
case 8: {
@@ -63,11 +63,11 @@ static void nft_byteorder_eval(const str
switch (priv->op) {
case NFT_BYTEORDER_NTOH:
for (i = 0; i < priv->len / 4; i++)
- d[i].u32 = ntohl((__force __be32)s[i].u32);
+ dst[i] = ntohl((__force __be32)src[i]);
break;
case NFT_BYTEORDER_HTON:
for (i = 0; i < priv->len / 4; i++)
- d[i].u32 = (__force __u32)htonl(s[i].u32);
+ dst[i] = (__force __u32)htonl(src[i]);
break;
}
break;
@@ -75,11 +75,11 @@ static void nft_byteorder_eval(const str
switch (priv->op) {
case NFT_BYTEORDER_NTOH:
for (i = 0; i < priv->len / 2; i++)
- d[i].u16 = ntohs((__force __be16)s[i].u16);
+ d16[i] = ntohs((__force __be16)s16[i]);
break;
case NFT_BYTEORDER_HTON:
for (i = 0; i < priv->len / 2; i++)
- d[i].u16 = (__force __u16)htons(s[i].u16);
+ d16[i] = (__force __u16)htons(s16[i]);
break;
}
break;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 136/323] net: lan743x: Dont sleep in atomic context
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 135/323] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 137/323] workqueue: clean up WORK_* constant types, clarify masking Greg Kroah-Hartman
` (190 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bryan Whitehead, UNGLinuxDriver,
Moritz Fischer, Andrew Lunn, Paolo Abeni
From: Moritz Fischer <moritzf@google.com>
commit 7a8227b2e76be506b2ac64d2beac950ca04892a5 upstream.
dev_set_rx_mode() grabs a spin_lock, and the lan743x implementation
proceeds subsequently to go to sleep using readx_poll_timeout().
Introduce a helper wrapping the readx_poll_timeout_atomic() function
and use it to replace the calls to readx_polL_timeout().
Fixes: 23f0703c125b ("lan743x: Add main source files for new lan743x driver")
Cc: stable@vger.kernel.org
Cc: Bryan Whitehead <bryan.whitehead@microchip.com>
Cc: UNGLinuxDriver@microchip.com
Signed-off-by: Moritz Fischer <moritzf@google.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20230627035000.1295254-1-moritzf@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/microchip/lan743x_main.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
--- a/drivers/net/ethernet/microchip/lan743x_main.c
+++ b/drivers/net/ethernet/microchip/lan743x_main.c
@@ -80,6 +80,18 @@ static int lan743x_csr_light_reset(struc
!(data & HW_CFG_LRST_), 100000, 10000000);
}
+static int lan743x_csr_wait_for_bit_atomic(struct lan743x_adapter *adapter,
+ int offset, u32 bit_mask,
+ int target_value, int udelay_min,
+ int udelay_max, int count)
+{
+ u32 data;
+
+ return readx_poll_timeout_atomic(LAN743X_CSR_READ_OP, offset, data,
+ target_value == !!(data & bit_mask),
+ udelay_max, udelay_min * count);
+}
+
static int lan743x_csr_wait_for_bit(struct lan743x_adapter *adapter,
int offset, u32 bit_mask,
int target_value, int usleep_min,
@@ -675,8 +687,8 @@ static int lan743x_dp_write(struct lan74
u32 dp_sel;
int i;
- if (lan743x_csr_wait_for_bit(adapter, DP_SEL, DP_SEL_DPRDY_,
- 1, 40, 100, 100))
+ if (lan743x_csr_wait_for_bit_atomic(adapter, DP_SEL, DP_SEL_DPRDY_,
+ 1, 40, 100, 100))
return -EIO;
dp_sel = lan743x_csr_read(adapter, DP_SEL);
dp_sel &= ~DP_SEL_MASK_;
@@ -687,8 +699,9 @@ static int lan743x_dp_write(struct lan74
lan743x_csr_write(adapter, DP_ADDR, addr + i);
lan743x_csr_write(adapter, DP_DATA_0, buf[i]);
lan743x_csr_write(adapter, DP_CMD, DP_CMD_WRITE_);
- if (lan743x_csr_wait_for_bit(adapter, DP_SEL, DP_SEL_DPRDY_,
- 1, 40, 100, 100))
+ if (lan743x_csr_wait_for_bit_atomic(adapter, DP_SEL,
+ DP_SEL_DPRDY_,
+ 1, 40, 100, 100))
return -EIO;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 137/323] workqueue: clean up WORK_* constant types, clarify masking
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 136/323] net: lan743x: Dont sleep in atomic context Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 138/323] net: mvneta: fix txq_map in case of txq_number==1 Greg Kroah-Hartman
` (189 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Airlie, Arnd Bergmann,
Tejun Heo, Nick Desaulniers, Nathan Chancellor, Linus Torvalds
From: Linus Torvalds <torvalds@linux-foundation.org>
commit afa4bb778e48d79e4a642ed41e3b4e0de7489a6c upstream.
Dave Airlie reports that gcc-13.1.1 has started complaining about some
of the workqueue code in 32-bit arm builds:
kernel/workqueue.c: In function ‘get_work_pwq’:
kernel/workqueue.c:713:24: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
713 | return (void *)(data & WORK_STRUCT_WQ_DATA_MASK);
| ^
[ ... a couple of other cases ... ]
and while it's not immediately clear exactly why gcc started complaining
about it now, I suspect it's some C23-induced enum type handlign fixup in
gcc-13 is the cause.
Whatever the reason for starting to complain, the code and data types
are indeed disgusting enough that the complaint is warranted.
The wq code ends up creating various "helper constants" (like that
WORK_STRUCT_WQ_DATA_MASK) using an enum type, which is all kinds of
confused. The mask needs to be 'unsigned long', not some unspecified
enum type.
To make matters worse, the actual "mask and cast to a pointer" is
repeated a couple of times, and the cast isn't even always done to the
right pointer, but - as the error case above - to a 'void *' with then
the compiler finishing the job.
That's now how we roll in the kernel.
So create the masks using the proper types rather than some ambiguous
enumeration, and use a nice helper that actually does the type
conversion in one well-defined place.
Incidentally, this magically makes clang generate better code. That,
admittedly, is really just a sign of clang having been seriously
confused before, and cleaning up the typing unconfuses the compiler too.
Reported-by: Dave Airlie <airlied@gmail.com>
Link: https://lore.kernel.org/lkml/CAPM=9twNnV4zMCvrPkw3H-ajZOH-01JVh_kDrxdPYQErz8ZTdA@mail.gmail.com/
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Tejun Heo <tj@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/workqueue.h | 15 ++++++++-------
kernel/workqueue.c | 13 ++++++++-----
2 files changed, 16 insertions(+), 12 deletions(-)
--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -73,7 +73,6 @@ enum {
WORK_OFFQ_FLAG_BASE = WORK_STRUCT_COLOR_SHIFT,
__WORK_OFFQ_CANCELING = WORK_OFFQ_FLAG_BASE,
- WORK_OFFQ_CANCELING = (1 << __WORK_OFFQ_CANCELING),
/*
* When a work item is off queue, its high bits point to the last
@@ -84,12 +83,6 @@ enum {
WORK_OFFQ_POOL_SHIFT = WORK_OFFQ_FLAG_BASE + WORK_OFFQ_FLAG_BITS,
WORK_OFFQ_LEFT = BITS_PER_LONG - WORK_OFFQ_POOL_SHIFT,
WORK_OFFQ_POOL_BITS = WORK_OFFQ_LEFT <= 31 ? WORK_OFFQ_LEFT : 31,
- WORK_OFFQ_POOL_NONE = (1LU << WORK_OFFQ_POOL_BITS) - 1,
-
- /* convenience constants */
- WORK_STRUCT_FLAG_MASK = (1UL << WORK_STRUCT_FLAG_BITS) - 1,
- WORK_STRUCT_WQ_DATA_MASK = ~WORK_STRUCT_FLAG_MASK,
- WORK_STRUCT_NO_POOL = (unsigned long)WORK_OFFQ_POOL_NONE << WORK_OFFQ_POOL_SHIFT,
/* bit mask for work_busy() return values */
WORK_BUSY_PENDING = 1 << 0,
@@ -99,6 +92,14 @@ enum {
WORKER_DESC_LEN = 24,
};
+/* Convenience constants - of type 'unsigned long', not 'enum'! */
+#define WORK_OFFQ_CANCELING (1ul << __WORK_OFFQ_CANCELING)
+#define WORK_OFFQ_POOL_NONE ((1ul << WORK_OFFQ_POOL_BITS) - 1)
+#define WORK_STRUCT_NO_POOL (WORK_OFFQ_POOL_NONE << WORK_OFFQ_POOL_SHIFT)
+
+#define WORK_STRUCT_FLAG_MASK ((1ul << WORK_STRUCT_FLAG_BITS) - 1)
+#define WORK_STRUCT_WQ_DATA_MASK (~WORK_STRUCT_FLAG_MASK)
+
struct work_struct {
atomic_long_t data;
struct list_head entry;
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -680,12 +680,17 @@ static void clear_work_data(struct work_
set_work_data(work, WORK_STRUCT_NO_POOL, 0);
}
+static inline struct pool_workqueue *work_struct_pwq(unsigned long data)
+{
+ return (struct pool_workqueue *)(data & WORK_STRUCT_WQ_DATA_MASK);
+}
+
static struct pool_workqueue *get_work_pwq(struct work_struct *work)
{
unsigned long data = atomic_long_read(&work->data);
if (data & WORK_STRUCT_PWQ)
- return (void *)(data & WORK_STRUCT_WQ_DATA_MASK);
+ return work_struct_pwq(data);
else
return NULL;
}
@@ -713,8 +718,7 @@ static struct worker_pool *get_work_pool
assert_rcu_or_pool_mutex();
if (data & WORK_STRUCT_PWQ)
- return ((struct pool_workqueue *)
- (data & WORK_STRUCT_WQ_DATA_MASK))->pool;
+ return work_struct_pwq(data)->pool;
pool_id = data >> WORK_OFFQ_POOL_SHIFT;
if (pool_id == WORK_OFFQ_POOL_NONE)
@@ -735,8 +739,7 @@ static int get_work_pool_id(struct work_
unsigned long data = atomic_long_read(&work->data);
if (data & WORK_STRUCT_PWQ)
- return ((struct pool_workqueue *)
- (data & WORK_STRUCT_WQ_DATA_MASK))->pool->id;
+ return work_struct_pwq(data)->pool->id;
return data >> WORK_OFFQ_POOL_SHIFT;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 138/323] net: mvneta: fix txq_map in case of txq_number==1
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 137/323] workqueue: clean up WORK_* constant types, clarify masking Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 139/323] vrf: Increment Icmp6InMsgs on the original netdev Greg Kroah-Hartman
` (188 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Klaus Kudielka, Michal Kubiak,
Paolo Abeni, Sasha Levin
From: Klaus Kudielka <klaus.kudielka@gmail.com>
[ Upstream commit 21327f81db6337c8843ce755b01523c7d3df715b ]
If we boot with mvneta.txq_number=1, the txq_map is set incorrectly:
MVNETA_CPU_TXQ_ACCESS(1) refers to TX queue 1, but only TX queue 0 is
initialized. Fix this.
Fixes: 50bf8cb6fc9c ("net: mvneta: Configure XPS support")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Link: https://lore.kernel.org/r/20230705053712.3914-1-klaus.kudielka@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/marvell/mvneta.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
index f1a4b11ce0d19..512f9cd68070a 100644
--- a/drivers/net/ethernet/marvell/mvneta.c
+++ b/drivers/net/ethernet/marvell/mvneta.c
@@ -1415,7 +1415,7 @@ static void mvneta_defaults_set(struct mvneta_port *pp)
*/
if (txq_number == 1)
txq_map = (cpu == pp->rxq_def) ?
- MVNETA_CPU_TXQ_ACCESS(1) : 0;
+ MVNETA_CPU_TXQ_ACCESS(0) : 0;
} else {
txq_map = MVNETA_CPU_TXQ_ACCESS_ALL_MASK;
@@ -3665,7 +3665,7 @@ static void mvneta_percpu_elect(struct mvneta_port *pp)
*/
if (txq_number == 1)
txq_map = (cpu == elected_cpu) ?
- MVNETA_CPU_TXQ_ACCESS(1) : 0;
+ MVNETA_CPU_TXQ_ACCESS(0) : 0;
else
txq_map = mvreg_read(pp, MVNETA_CPU_MAP(cpu)) &
MVNETA_CPU_TXQ_ACCESS_ALL_MASK;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 139/323] vrf: Increment Icmp6InMsgs on the original netdev
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 138/323] net: mvneta: fix txq_map in case of txq_number==1 Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 140/323] icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev() Greg Kroah-Hartman
` (187 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephen Suryaputra, David Ahern,
David S. Miller, Sasha Levin
From: Stephen Suryaputra <ssuryaextr@gmail.com>
[ Upstream commit e1ae5c2ea4783b1fd87be250f9fcc9d9e1a6ba3f ]
Get the ingress interface and increment ICMP counters based on that
instead of skb->dev when the the dev is a VRF device.
This is a follow up on the following message:
https://www.spinics.net/lists/netdev/msg560268.html
v2: Avoid changing skb->dev since it has unintended effect for local
delivery (David Ahern).
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 2aaa8a15de73 ("icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/addrconf.h | 16 ++++++++++++++++
net/ipv6/icmp.c | 17 +++++++++++------
net/ipv6/reassembly.c | 4 ++--
3 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index db2a87981dd46..9583d3bbab039 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -340,6 +340,22 @@ static inline struct inet6_dev *__in6_dev_get(const struct net_device *dev)
return rcu_dereference_rtnl(dev->ip6_ptr);
}
+/**
+ * __in6_dev_stats_get - get inet6_dev pointer for stats
+ * @dev: network device
+ * @skb: skb for original incoming interface if neeeded
+ *
+ * Caller must hold rcu_read_lock or RTNL, because this function
+ * does not take a reference on the inet6_dev.
+ */
+static inline struct inet6_dev *__in6_dev_stats_get(const struct net_device *dev,
+ const struct sk_buff *skb)
+{
+ if (netif_is_l3_master(dev))
+ dev = dev_get_by_index_rcu(dev_net(dev), inet6_iif(skb));
+ return __in6_dev_get(dev);
+}
+
/**
* __in6_dev_get_safely - get inet6_dev pointer from netdevice
* @dev: network device
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index fbc8746371b6d..1b86a2e03d049 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -395,23 +395,28 @@ static struct dst_entry *icmpv6_route_lookup(struct net *net,
return ERR_PTR(err);
}
-static int icmp6_iif(const struct sk_buff *skb)
+static struct net_device *icmp6_dev(const struct sk_buff *skb)
{
- int iif = skb->dev->ifindex;
+ struct net_device *dev = skb->dev;
/* for local traffic to local address, skb dev is the loopback
* device. Check if there is a dst attached to the skb and if so
* get the real device index. Same is needed for replies to a link
* local address on a device enslaved to an L3 master device
*/
- if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
+ if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
const struct rt6_info *rt6 = skb_rt6_info(skb);
if (rt6)
- iif = rt6->rt6i_idev->dev->ifindex;
+ dev = rt6->rt6i_idev->dev;
}
- return iif;
+ return dev;
+}
+
+static int icmp6_iif(const struct sk_buff *skb)
+{
+ return icmp6_dev(skb)->ifindex;
}
/*
@@ -800,7 +805,7 @@ void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
static int icmpv6_rcv(struct sk_buff *skb)
{
struct net *net = dev_net(skb->dev);
- struct net_device *dev = skb->dev;
+ struct net_device *dev = icmp6_dev(skb);
struct inet6_dev *idev = __in6_dev_get(dev);
const struct in6_addr *saddr, *daddr;
struct icmp6hdr *hdr;
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 60dfd0d118512..b596727f04978 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -302,7 +302,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb,
skb_network_header_len(skb));
rcu_read_lock();
- __IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
+ __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMOKS);
rcu_read_unlock();
fq->q.fragments = NULL;
fq->q.rb_fragments = RB_ROOT;
@@ -317,7 +317,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb,
net_dbg_ratelimited("ip6_frag_reasm: no memory for reassembly\n");
out_fail:
rcu_read_lock();
- __IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
+ __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMFAILS);
rcu_read_unlock();
inet_frag_kill(&fq->q);
return -1;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 140/323] icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 139/323] vrf: Increment Icmp6InMsgs on the original netdev Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 141/323] udp6: fix udp6_ehashfn() typo Greg Kroah-Hartman
` (186 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Yufen, Kuniyuki Iwashima,
David Ahern, Eric Dumazet, David S. Miller, Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 2aaa8a15de73874847d62eb595c6683bface80fd ]
With some IPv6 Ext Hdr (RPL, SRv6, etc.), we can send a packet that
has the link-local address as src and dst IP and will be forwarded to
an external IP in the IPv6 Ext Hdr.
For example, the script below generates a packet whose src IP is the
link-local address and dst is updated to 11::.
# for f in $(find /proc/sys/net/ -name *seg6_enabled*); do echo 1 > $f; done
# python3
>>> from socket import *
>>> from scapy.all import *
>>>
>>> SRC_ADDR = DST_ADDR = "fe80::5054:ff:fe12:3456"
>>>
>>> pkt = IPv6(src=SRC_ADDR, dst=DST_ADDR)
>>> pkt /= IPv6ExtHdrSegmentRouting(type=4, addresses=["11::", "22::"], segleft=1)
>>>
>>> sk = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW)
>>> sk.sendto(bytes(pkt), (DST_ADDR, 0))
For such a packet, we call ip6_route_input() to look up a route for the
next destination in these three functions depending on the header type.
* ipv6_rthdr_rcv()
* ipv6_rpl_srh_rcv()
* ipv6_srh_rcv()
If no route is found, ip6_null_entry is set to skb, and the following
dst_input(skb) calls ip6_pkt_drop().
Finally, in icmp6_dev(), we dereference skb_rt6_info(skb)->rt6i_idev->dev
as the input device is the loopback interface. Then, we have to check if
skb_rt6_info(skb)->rt6i_idev is NULL or not to avoid NULL pointer deref
for ip6_null_entry.
BUG: kernel NULL pointer dereference, address: 0000000000000000
PF: supervisor read access in kernel mode
PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 0 PID: 157 Comm: python3 Not tainted 6.4.0-11996-gb121d614371c #35
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:icmp6_send (net/ipv6/icmp.c:436 net/ipv6/icmp.c:503)
Code: fe ff ff 48 c7 40 30 c0 86 5d 83 e8 c6 44 1c 00 e9 c8 fc ff ff 49 8b 46 58 48 83 e0 fe 0f 84 4a fb ff ff 48 8b 80 d0 00 00 00 <48> 8b 00 44 8b 88 e0 00 00 00 e9 34 fb ff ff 4d 85 ed 0f 85 69 01
RSP: 0018:ffffc90000003c70 EFLAGS: 00000286
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000000000e0
RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff888006d72a18
RBP: ffffc90000003d80 R08: 0000000000000000 R09: 0000000000000001
R10: ffffc90000003d98 R11: 0000000000000040 R12: ffff888006d72a10
R13: 0000000000000000 R14: ffff8880057fb800 R15: ffffffff835d86c0
FS: 00007f9dc72ee740(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000057b2000 CR4: 00000000007506f0
PKRU: 55555554
Call Trace:
<IRQ>
ip6_pkt_drop (net/ipv6/route.c:4513)
ipv6_rthdr_rcv (net/ipv6/exthdrs.c:640 net/ipv6/exthdrs.c:686)
ip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:437 (discriminator 5))
ip6_input_finish (./include/linux/rcupdate.h:781 net/ipv6/ip6_input.c:483)
__netif_receive_skb_one_core (net/core/dev.c:5455)
process_backlog (./include/linux/rcupdate.h:781 net/core/dev.c:5895)
__napi_poll (net/core/dev.c:6460)
net_rx_action (net/core/dev.c:6529 net/core/dev.c:6660)
__do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554)
do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)
</IRQ>
<TASK>
__local_bh_enable_ip (kernel/softirq.c:381)
__dev_queue_xmit (net/core/dev.c:4231)
ip6_finish_output2 (./include/net/neighbour.h:544 net/ipv6/ip6_output.c:135)
rawv6_sendmsg (./include/net/dst.h:458 ./include/linux/netfilter.h:303 net/ipv6/raw.c:656 net/ipv6/raw.c:914)
sock_sendmsg (net/socket.c:725 net/socket.c:748)
__sys_sendto (net/socket.c:2134)
__x64_sys_sendto (net/socket.c:2146 net/socket.c:2142 net/socket.c:2142)
do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
RIP: 0033:0x7f9dc751baea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
RSP: 002b:00007ffe98712c38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007ffe98712cf8 RCX: 00007f9dc751baea
RDX: 0000000000000060 RSI: 00007f9dc6460b90 RDI: 0000000000000003
RBP: 00007f9dc56e8be0 R08: 00007ffe98712d70 R09: 000000000000001c
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: ffffffffc4653600 R14: 0000000000000001 R15: 00007f9dc6af5d1b
</TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:icmp6_send (net/ipv6/icmp.c:436 net/ipv6/icmp.c:503)
Code: fe ff ff 48 c7 40 30 c0 86 5d 83 e8 c6 44 1c 00 e9 c8 fc ff ff 49 8b 46 58 48 83 e0 fe 0f 84 4a fb ff ff 48 8b 80 d0 00 00 00 <48> 8b 00 44 8b 88 e0 00 00 00 e9 34 fb ff ff 4d 85 ed 0f 85 69 01
RSP: 0018:ffffc90000003c70 EFLAGS: 00000286
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000000000e0
RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff888006d72a18
RBP: ffffc90000003d80 R08: 0000000000000000 R09: 0000000000000001
R10: ffffc90000003d98 R11: 0000000000000040 R12: ffff888006d72a10
R13: 0000000000000000 R14: ffff8880057fb800 R15: ffffffff835d86c0
FS: 00007f9dc72ee740(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000057b2000 CR4: 00000000007506f0
PKRU: 55555554
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: disabled
Fixes: 4832c30d5458 ("net: ipv6: put host and anycast routes on device with address")
Reported-by: Wang Yufen <wangyufen@huawei.com>
Closes: https://lore.kernel.org/netdev/c41403a9-c2f6-3b7e-0c96-e1901e605cd0@huawei.com/
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/icmp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 1b86a2e03d049..bfafd7649ccb3 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -407,7 +407,10 @@ static struct net_device *icmp6_dev(const struct sk_buff *skb)
if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
const struct rt6_info *rt6 = skb_rt6_info(skb);
- if (rt6)
+ /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
+ * and ip6_null_entry could be set to skb if no route is found.
+ */
+ if (rt6 && rt6->rt6i_idev)
dev = rt6->rt6i_idev->dev;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 141/323] udp6: fix udp6_ehashfn() typo
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 140/323] icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 142/323] ntb: idt: Fix error handling in idt_pci_driver_init() Greg Kroah-Hartman
` (185 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Amit Klein, Eric Dumazet,
Willy Tarreau, Willem de Bruijn, David Ahern,
Hannes Frederic Sowa, David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 51d03e2f2203e76ed02d33fb5ffbb5fc85ffaf54 ]
Amit Klein reported that udp6_ehash_secret was initialized but never used.
Fixes: 1bbdceef1e53 ("inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once")
Reported-by: Amit Klein <aksecurity@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: David Ahern <dsahern@kernel.org>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/udp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 9274603514e54..cf0bbe2e3a79f 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -99,7 +99,7 @@ static u32 udp6_ehashfn(const struct net *net,
fhash = __ipv6_addr_jhash(faddr, udp_ipv6_hash_secret);
return __inet6_ehashfn(lhash, lport, fhash, fport,
- udp_ipv6_hash_secret + net_hash_mix(net));
+ udp6_ehash_secret + net_hash_mix(net));
}
int udp_v6_get_port(struct sock *sk, unsigned short snum)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 142/323] ntb: idt: Fix error handling in idt_pci_driver_init()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 141/323] udp6: fix udp6_ehashfn() typo Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 143/323] NTB: amd: Fix error handling in amd_ntb_pci_driver_init() Greg Kroah-Hartman
` (184 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Can, Jon Mason, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit c012968259b451dc4db407f2310fe131eaefd800 ]
A problem about ntb_hw_idt create debugfs failed is triggered with the
following log given:
[ 1236.637636] IDT PCI-E Non-Transparent Bridge Driver 2.0
[ 1236.639292] debugfs: Directory 'ntb_hw_idt' with parent '/' already present!
The reason is that idt_pci_driver_init() returns pci_register_driver()
directly without checking its return value, if pci_register_driver()
failed, it returns without destroy the newly created debugfs, resulting
the debugfs of ntb_hw_idt can never be created later.
idt_pci_driver_init()
debugfs_create_dir() # create debugfs directory
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when pci_register_driver() returns error.
Fixes: bf2a952d31d2 ("NTB: Add IDT 89HPESxNTx PCIe-switches support")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ntb/hw/idt/ntb_hw_idt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/ntb/hw/idt/ntb_hw_idt.c b/drivers/ntb/hw/idt/ntb_hw_idt.c
index a67ef23e81bca..82e08f583980b 100644
--- a/drivers/ntb/hw/idt/ntb_hw_idt.c
+++ b/drivers/ntb/hw/idt/ntb_hw_idt.c
@@ -2692,6 +2692,7 @@ static struct pci_driver idt_pci_driver = {
static int __init idt_pci_driver_init(void)
{
+ int ret;
pr_info("%s %s\n", NTB_DESC, NTB_VER);
/* Create the top DebugFS directory if the FS is initialized */
@@ -2699,7 +2700,11 @@ static int __init idt_pci_driver_init(void)
dbgfs_topdir = debugfs_create_dir(KBUILD_MODNAME, NULL);
/* Register the NTB hardware driver to handle the PCI device */
- return pci_register_driver(&idt_pci_driver);
+ ret = pci_register_driver(&idt_pci_driver);
+ if (ret)
+ debugfs_remove_recursive(dbgfs_topdir);
+
+ return ret;
}
module_init(idt_pci_driver_init);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 143/323] NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 142/323] ntb: idt: Fix error handling in idt_pci_driver_init() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 144/323] ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Greg Kroah-Hartman
` (183 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuan Can, Jon Mason, Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 98af0a33c1101c29b3ce4f0cf4715fd927c717f9 ]
A problem about ntb_hw_amd create debugfs failed is triggered with the
following log given:
[ 618.431232] AMD(R) PCI-E Non-Transparent Bridge Driver 1.0
[ 618.433284] debugfs: Directory 'ntb_hw_amd' with parent '/' already present!
The reason is that amd_ntb_pci_driver_init() returns pci_register_driver()
directly without checking its return value, if pci_register_driver()
failed, it returns without destroy the newly created debugfs, resulting
the debugfs of ntb_hw_amd can never be created later.
amd_ntb_pci_driver_init()
debugfs_create_dir() # create debugfs directory
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when pci_register_driver() returns error.
Fixes: a1b3695820aa ("NTB: Add support for AMD PCI-Express Non-Transparent Bridge")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ntb/hw/amd/ntb_hw_amd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/ntb/hw/amd/ntb_hw_amd.c b/drivers/ntb/hw/amd/ntb_hw_amd.c
index 0b1fbb5dba9b6..7de7616803935 100644
--- a/drivers/ntb/hw/amd/ntb_hw_amd.c
+++ b/drivers/ntb/hw/amd/ntb_hw_amd.c
@@ -1139,12 +1139,17 @@ static struct pci_driver amd_ntb_pci_driver = {
static int __init amd_ntb_pci_driver_init(void)
{
+ int ret;
pr_info("%s %s\n", NTB_DESC, NTB_VER);
if (debugfs_initialized())
debugfs_dir = debugfs_create_dir(KBUILD_MODNAME, NULL);
- return pci_register_driver(&amd_ntb_pci_driver);
+ ret = pci_register_driver(&amd_ntb_pci_driver);
+ if (ret)
+ debugfs_remove_recursive(debugfs_dir);
+
+ return ret;
}
module_init(amd_ntb_pci_driver_init);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 144/323] ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 143/323] NTB: amd: Fix error handling in amd_ntb_pci_driver_init() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 145/323] NTB: ntb_transport: fix possible memory leak while device_register() fails Greg Kroah-Hartman
` (182 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuan Can, Dave Jiang, Jon Mason,
Sasha Levin
From: Yuan Can <yuancan@huawei.com>
[ Upstream commit 4c3c796aca02883ad35bb117468938cc4022ca41 ]
A problem about ntb_hw_intel create debugfs failed is triggered with the
following log given:
[ 273.112733] Intel(R) PCI-E Non-Transparent Bridge Driver 2.0
[ 273.115342] debugfs: Directory 'ntb_hw_intel' with parent '/' already present!
The reason is that intel_ntb_pci_driver_init() returns
pci_register_driver() directly without checking its return value, if
pci_register_driver() failed, it returns without destroy the newly created
debugfs, resulting the debugfs of ntb_hw_intel can never be created later.
intel_ntb_pci_driver_init()
debugfs_create_dir() # create debugfs directory
pci_register_driver()
driver_register()
bus_add_driver()
priv = kzalloc(...) # OOM happened
# return without destroy debugfs directory
Fix by removing debugfs when pci_register_driver() returns error.
Fixes: e26a5843f7f5 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: Yuan Can <yuancan@huawei.com>
Acked-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ntb/hw/intel/ntb_hw_gen1.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/ntb/hw/intel/ntb_hw_gen1.c b/drivers/ntb/hw/intel/ntb_hw_gen1.c
index 2ad263f708da7..084bd1d1ac1dc 100644
--- a/drivers/ntb/hw/intel/ntb_hw_gen1.c
+++ b/drivers/ntb/hw/intel/ntb_hw_gen1.c
@@ -2052,12 +2052,17 @@ static struct pci_driver intel_ntb_pci_driver = {
static int __init intel_ntb_pci_driver_init(void)
{
+ int ret;
pr_info("%s %s\n", NTB_DESC, NTB_VER);
if (debugfs_initialized())
debugfs_dir = debugfs_create_dir(KBUILD_MODNAME, NULL);
- return pci_register_driver(&intel_ntb_pci_driver);
+ ret = pci_register_driver(&intel_ntb_pci_driver);
+ if (ret)
+ debugfs_remove_recursive(debugfs_dir);
+
+ return ret;
}
module_init(intel_ntb_pci_driver_init);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 145/323] NTB: ntb_transport: fix possible memory leak while device_register() fails
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 144/323] ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 146/323] NTB: ntb_tool: Add check for devm_kcalloc Greg Kroah-Hartman
` (181 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yang Yingliang, Dave Jiang,
Jon Mason, Sasha Levin
From: Yang Yingliang <yangyingliang@huawei.com>
[ Upstream commit 8623ccbfc55d962e19a3537652803676ad7acb90 ]
If device_register() returns error, the name allocated by
dev_set_name() need be freed. As comment of device_register()
says, it should use put_device() to give up the reference in
the error path. So fix this by calling put_device(), then the
name can be freed in kobject_cleanup(), and client_dev is freed
in ntb_transport_client_release().
Fixes: fce8a7bb5b4b ("PCI-Express Non-Transparent Bridge Support")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ntb/ntb_transport.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/ntb/ntb_transport.c b/drivers/ntb/ntb_transport.c
index 9398959664769..2d647a1cd0ee5 100644
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -393,7 +393,7 @@ int ntb_transport_register_client_dev(char *device_name)
rc = device_register(dev);
if (rc) {
- kfree(client_dev);
+ put_device(dev);
goto err;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 146/323] NTB: ntb_tool: Add check for devm_kcalloc
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 145/323] NTB: ntb_transport: fix possible memory leak while device_register() fails Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 147/323] ipv6/addrconf: fix a potential refcount underflow for idev Greg Kroah-Hartman
` (180 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiasheng Jiang, Serge Semin,
Dave Jiang, Jon Mason, Sasha Levin
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
[ Upstream commit 2790143f09938776a3b4f69685b380bae8fd06c7 ]
As the devm_kcalloc may return NULL pointer,
it should be better to add check for the return
value, as same as the others.
Fixes: 7f46c8b3a552 ("NTB: ntb_tool: Add full multi-port NTB API support")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ntb/test/ntb_tool.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/ntb/test/ntb_tool.c b/drivers/ntb/test/ntb_tool.c
index 6301aa413c3b8..1f64146546221 100644
--- a/drivers/ntb/test/ntb_tool.c
+++ b/drivers/ntb/test/ntb_tool.c
@@ -998,6 +998,8 @@ static int tool_init_mws(struct tool_ctx *tc)
tc->peers[pidx].outmws =
devm_kcalloc(&tc->ntb->dev, tc->peers[pidx].outmw_cnt,
sizeof(*tc->peers[pidx].outmws), GFP_KERNEL);
+ if (tc->peers[pidx].outmws == NULL)
+ return -ENOMEM;
for (widx = 0; widx < tc->peers[pidx].outmw_cnt; widx++) {
tc->peers[pidx].outmws[widx].pidx = pidx;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 147/323] ipv6/addrconf: fix a potential refcount underflow for idev
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 146/323] NTB: ntb_tool: Add check for devm_kcalloc Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 148/323] wifi: airo: avoid uninitialized warning in airo_get_rate() Greg Kroah-Hartman
` (179 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Ziyang Xuan,
David S. Miller, Sasha Levin
From: Ziyang Xuan <william.xuanziyang@huawei.com>
[ Upstream commit 06a0716949c22e2aefb648526580671197151acc ]
Now in addrconf_mod_rs_timer(), reference idev depends on whether
rs_timer is not pending. Then modify rs_timer timeout.
There is a time gap in [1], during which if the pending rs_timer
becomes not pending. It will miss to hold idev, but the rs_timer
is activated. Thus rs_timer callback function addrconf_rs_timer()
will be executed and put idev later without holding idev. A refcount
underflow issue for idev can be caused by this.
if (!timer_pending(&idev->rs_timer))
in6_dev_hold(idev);
<--------------[1]
mod_timer(&idev->rs_timer, jiffies + when);
To fix the issue, hold idev if mod_timer() return 0.
Fixes: b7b1bfce0bb6 ("ipv6: split duplicate address detection and router solicitation timer")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f261c6d7f1f28..23edc325f70be 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -316,9 +316,8 @@ static void addrconf_del_dad_work(struct inet6_ifaddr *ifp)
static void addrconf_mod_rs_timer(struct inet6_dev *idev,
unsigned long when)
{
- if (!timer_pending(&idev->rs_timer))
+ if (!mod_timer(&idev->rs_timer, jiffies + when))
in6_dev_hold(idev);
- mod_timer(&idev->rs_timer, jiffies + when);
}
static void addrconf_mod_dad_work(struct inet6_ifaddr *ifp,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 148/323] wifi: airo: avoid uninitialized warning in airo_get_rate()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 147/323] ipv6/addrconf: fix a potential refcount underflow for idev Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 149/323] net/sched: make psched_mtu() RTNL-less safe Greg Kroah-Hartman
` (178 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Geert Uytterhoeven,
Jakub Kicinski, Sasha Levin
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 9373771aaed17f5c2c38485f785568abe3a9f8c1 ]
Quieten a gcc (11.3.0) build error or warning by checking the function
call status and returning -EBUSY if the function call failed.
This is similar to what several other wireless drivers do for the
SIOCGIWRATE ioctl call when there is a locking problem.
drivers/net/wireless/cisco/airo.c: error: 'status_rid.currentXmitRate' is used uninitialized [-Werror=uninitialized]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/r/39abf2c7-24a-f167-91da-ed4c5435d1c4@linux-m68k.org
Link: https://lore.kernel.org/r/20230709133154.26206-1-rdunlap@infradead.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/cisco/airo.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c
index 5a6ee0b014da0..a01b42c7c07ac 100644
--- a/drivers/net/wireless/cisco/airo.c
+++ b/drivers/net/wireless/cisco/airo.c
@@ -6100,8 +6100,11 @@ static int airo_get_rate(struct net_device *dev,
{
struct airo_info *local = dev->ml_priv;
StatusRid status_rid; /* Card status info */
+ int ret;
- readStatusRid(local, &status_rid, 1);
+ ret = readStatusRid(local, &status_rid, 1);
+ if (ret)
+ return -EBUSY;
vwrq->value = le16_to_cpu(status_rid.currentXmitRate) * 500000;
/* If more than one rate, set auto */
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 149/323] net/sched: make psched_mtu() RTNL-less safe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 148/323] wifi: airo: avoid uninitialized warning in airo_get_rate() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 150/323] pinctrl: amd: Fix mistake in handling clearing pins at startup Greg Kroah-Hartman
` (177 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Pedro Tammela,
Simon Horman, Jakub Kicinski, Sasha Levin
From: Pedro Tammela <pctammela@mojatatu.com>
[ Upstream commit 150e33e62c1fa4af5aaab02776b6c3812711d478 ]
Eric Dumazet says[1]:
-------
Speaking of psched_mtu(), I see that net/sched/sch_pie.c is using it
without holding RTNL, so dev->mtu can be changed underneath.
KCSAN could issue a warning.
-------
Annotate dev->mtu with READ_ONCE() so KCSAN don't issue a warning.
[1] https://lore.kernel.org/all/CANn89iJoJO5VtaJ-2=_d2aOQhb0Xw8iBT_Cxqp2HyuS-zj6azw@mail.gmail.com/
v1 -> v2: Fix commit message
Fixes: d4b36210c2e6 ("net: pkt_sched: PIE AQM scheme")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230711021634.561598-1-pctammela@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/pkt_sched.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h
index e09ea6917c061..83a16f3bd6e6a 100644
--- a/include/net/pkt_sched.h
+++ b/include/net/pkt_sched.h
@@ -131,7 +131,7 @@ extern const struct nla_policy rtm_tca_policy[TCA_MAX + 1];
*/
static inline unsigned int psched_mtu(const struct net_device *dev)
{
- return dev->mtu + dev->hard_header_len;
+ return READ_ONCE(dev->mtu) + dev->hard_header_len;
}
static inline struct net *qdisc_net(struct Qdisc *q)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 150/323] pinctrl: amd: Fix mistake in handling clearing pins at startup
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 149/323] net/sched: make psched_mtu() RTNL-less safe Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 151/323] pinctrl: amd: Detect internal GPIO0 debounce handling Greg Kroah-Hartman
` (176 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Linus Walleij
From: Mario Limonciello <mario.limonciello@amd.com>
commit a855724dc08b8cb0c13ab1e065a4922f1e5a7552 upstream.
commit 4e5a04be88fe ("pinctrl: amd: disable and mask interrupts on probe")
had a mistake in loop iteration 63 that it would clear offset 0xFC instead
of 0x100. Offset 0xFC is actually `WAKE_INT_MASTER_REG`. This was
clearing bits 13 and 15 from the register which significantly changed the
expected handling for some platforms for GPIO0.
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217315
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20230421120625.3366-3-mario.limonciello@amd.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinctrl-amd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/pinctrl/pinctrl-amd.c
+++ b/drivers/pinctrl/pinctrl-amd.c
@@ -794,9 +794,9 @@ static void amd_gpio_irq_init(struct amd
raw_spin_lock_irqsave(&gpio_dev->lock, flags);
- pin_reg = readl(gpio_dev->base + i * 4);
+ pin_reg = readl(gpio_dev->base + pin * 4);
pin_reg &= ~mask;
- writel(pin_reg, gpio_dev->base + i * 4);
+ writel(pin_reg, gpio_dev->base + pin * 4);
raw_spin_unlock_irqrestore(&gpio_dev->lock, flags);
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 151/323] pinctrl: amd: Detect internal GPIO0 debounce handling
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 150/323] pinctrl: amd: Fix mistake in handling clearing pins at startup Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 152/323] pinctrl: amd: Only use special debounce behavior for GPIO 0 Greg Kroah-Hartman
` (175 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Linus Walleij
From: Mario Limonciello <mario.limonciello@amd.com>
commit 968ab9261627fa305307e3935ca1a32fcddd36cb upstream.
commit 4e5a04be88fe ("pinctrl: amd: disable and mask interrupts on probe")
had a mistake in loop iteration 63 that it would clear offset 0xFC instead
of 0x100. Offset 0xFC is actually `WAKE_INT_MASTER_REG`. This was
clearing bits 13 and 15 from the register which significantly changed the
expected handling for some platforms for GPIO0.
commit b26cd9325be4 ("pinctrl: amd: Disable and mask interrupts on resume")
actually fixed this bug, but lead to regressions on Lenovo Z13 and some
other systems. This is because there was no handling in the driver for bit
15 debounce behavior.
Quoting a public BKDG:
```
EnWinBlueBtn. Read-write. Reset: 0. 0=GPIO0 detect debounced power button;
Power button override is 4 seconds. 1=GPIO0 detect debounced power button
in S3/S5/S0i3, and detect "pressed less than 2 seconds" and "pressed 2~10
seconds" in S0; Power button override is 10 seconds
```
Cross referencing the same master register in Windows it's obvious that
Windows doesn't use debounce values in this configuration. So align the
Linux driver to do this as well. This fixes wake on lid when
WAKE_INT_MASTER_REG is properly programmed.
Cc: stable@vger.kernel.org
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217315
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20230421120625.3366-2-mario.limonciello@amd.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinctrl-amd.c | 7 +++++++
drivers/pinctrl/pinctrl-amd.h | 1 +
2 files changed, 8 insertions(+)
--- a/drivers/pinctrl/pinctrl-amd.c
+++ b/drivers/pinctrl/pinctrl-amd.c
@@ -127,6 +127,12 @@ static int amd_gpio_set_debounce(struct
struct amd_gpio *gpio_dev = gpiochip_get_data(gc);
raw_spin_lock_irqsave(&gpio_dev->lock, flags);
+
+ /* Use special handling for Pin0 debounce */
+ pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG);
+ if (pin_reg & INTERNAL_GPIO0_DEBOUNCE)
+ debounce = 0;
+
pin_reg = readl(gpio_dev->base + offset * 4);
if (debounce) {
@@ -216,6 +222,7 @@ static void amd_gpio_dbg_show(struct seq
char *output_value;
char *output_enable;
+ seq_printf(s, "WAKE_INT_MASTER_REG: 0x%08x\n", readl(gpio_dev->base + WAKE_INT_MASTER_REG));
for (bank = 0; bank < gpio_dev->hwbank_num; bank++) {
seq_printf(s, "GPIO bank%d\t", bank);
--- a/drivers/pinctrl/pinctrl-amd.h
+++ b/drivers/pinctrl/pinctrl-amd.h
@@ -21,6 +21,7 @@
#define AMD_GPIO_PINS_BANK3 32
#define WAKE_INT_MASTER_REG 0xfc
+#define INTERNAL_GPIO0_DEBOUNCE (1 << 15)
#define EOI_MASK (1 << 29)
#define WAKE_INT_STATUS_REG0 0x2f8
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 152/323] pinctrl: amd: Only use special debounce behavior for GPIO 0
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 151/323] pinctrl: amd: Detect internal GPIO0 debounce handling Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 153/323] tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Greg Kroah-Hartman
` (174 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Visser, Mario Limonciello,
Linus Walleij
From: Mario Limonciello <mario.limonciello@amd.com>
commit 0d5ace1a07f7e846d0f6d972af60d05515599d0b upstream.
It's uncommon to use debounce on any other pin, but technically
we should only set debounce to 0 when working off GPIO0.
Cc: stable@vger.kernel.org
Tested-by: Jan Visser <starquake@linuxeverywhere.org>
Fixes: 968ab9261627 ("pinctrl: amd: Detect internal GPIO0 debounce handling")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20230705133005.577-2-mario.limonciello@amd.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pinctrl/pinctrl-amd.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/pinctrl/pinctrl-amd.c
+++ b/drivers/pinctrl/pinctrl-amd.c
@@ -129,9 +129,11 @@ static int amd_gpio_set_debounce(struct
raw_spin_lock_irqsave(&gpio_dev->lock, flags);
/* Use special handling for Pin0 debounce */
- pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG);
- if (pin_reg & INTERNAL_GPIO0_DEBOUNCE)
- debounce = 0;
+ if (offset == 0) {
+ pin_reg = readl(gpio_dev->base + WAKE_INT_MASTER_REG);
+ if (pin_reg & INTERNAL_GPIO0_DEBOUNCE)
+ debounce = 0;
+ }
pin_reg = readl(gpio_dev->base + offset * 4);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 153/323] tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 152/323] pinctrl: amd: Only use special debounce behavior for GPIO 0 Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 154/323] net: bcmgenet: Ensure MDIO unregistration has clocks enabled Greg Kroah-Hartman
` (173 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Berger, Jarkko Sakkinen,
Jarkko Sakkinen
From: Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>
commit f4032d615f90970d6c3ac1d9c0bce3351eb4445c upstream.
/dev/vtpmx is made visible before 'workqueue' is initialized, which can
lead to a memory corruption in the worst case scenario.
Address this by initializing 'workqueue' as the very first step of the
driver initialization.
Cc: stable@vger.kernel.org
Fixes: 6f99612e2500 ("tpm: Proxy driver for supporting multiple emulated TPMs")
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_vtpm_proxy.c | 30 +++++++-----------------------
1 file changed, 7 insertions(+), 23 deletions(-)
--- a/drivers/char/tpm/tpm_vtpm_proxy.c
+++ b/drivers/char/tpm/tpm_vtpm_proxy.c
@@ -700,37 +700,21 @@ static struct miscdevice vtpmx_miscdev =
.fops = &vtpmx_fops,
};
-static int vtpmx_init(void)
-{
- return misc_register(&vtpmx_miscdev);
-}
-
-static void vtpmx_cleanup(void)
-{
- misc_deregister(&vtpmx_miscdev);
-}
-
static int __init vtpm_module_init(void)
{
int rc;
- rc = vtpmx_init();
- if (rc) {
- pr_err("couldn't create vtpmx device\n");
- return rc;
- }
-
workqueue = create_workqueue("tpm-vtpm");
if (!workqueue) {
pr_err("couldn't create workqueue\n");
- rc = -ENOMEM;
- goto err_vtpmx_cleanup;
+ return -ENOMEM;
}
- return 0;
-
-err_vtpmx_cleanup:
- vtpmx_cleanup();
+ rc = misc_register(&vtpmx_miscdev);
+ if (rc) {
+ pr_err("couldn't create vtpmx device\n");
+ destroy_workqueue(workqueue);
+ }
return rc;
}
@@ -738,7 +722,7 @@ err_vtpmx_cleanup:
static void __exit vtpm_module_exit(void)
{
destroy_workqueue(workqueue);
- vtpmx_cleanup();
+ misc_deregister(&vtpmx_miscdev);
}
module_init(vtpm_module_init);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 154/323] net: bcmgenet: Ensure MDIO unregistration has clocks enabled
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 153/323] tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 155/323] SUNRPC: Fix UAF in svc_tcp_listen_data_ready() Greg Kroah-Hartman
` (172 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Fainelli, Andrew Lunn,
Jakub Kicinski
From: Florian Fainelli <florian.fainelli@broadcom.com>
commit 1b5ea7ffb7a3bdfffb4b7f40ce0d20a3372ee405 upstream.
With support for Ethernet PHY LEDs having been added, while
unregistering a MDIO bus and its child device liks PHYs there may be
"late" accesses to the MDIO bus. One typical use case is setting the PHY
LEDs brightness to OFF for instance.
We need to ensure that the MDIO bus controller remains entirely
functional since it runs off the main GENET adapter clock.
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20230617155500.4005881-1-andrew@lunn.ch/
Fixes: 9a4e79697009 ("net: bcmgenet: utilize generic Broadcom UniMAC MDIO controller driver")
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20230622103107.1760280-1-florian.fainelli@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
+++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
@@ -620,5 +620,7 @@ void bcmgenet_mii_exit(struct net_device
if (of_phy_is_fixed_link(dn))
of_phy_deregister_fixed_link(dn);
of_node_put(priv->phy_dn);
+ clk_prepare_enable(priv->clk);
platform_device_unregister(priv->mii_pdev);
+ clk_disable_unprepare(priv->clk);
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 155/323] SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 154/323] net: bcmgenet: Ensure MDIO unregistration has clocks enabled Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 156/323] perf intel-pt: Fix CYC timestamps after standalone CBR Greg Kroah-Hartman
` (171 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ding Hui, Chuck Lever
From: Ding Hui <dinghui@sangfor.com.cn>
commit fc80fc2d4e39137869da3150ee169b40bf879287 upstream.
After the listener svc_sock is freed, and before invoking svc_tcp_accept()
for the established child sock, there is a window that the newsock
retaining a freed listener svc_sock in sk_user_data which cloning from
parent. In the race window, if data is received on the newsock, we will
observe use-after-free report in svc_tcp_listen_data_ready().
Reproduce by two tasks:
1. while :; do rpc.nfsd 0 ; rpc.nfsd; done
2. while :; do echo "" | ncat -4 127.0.0.1 2049 ; done
KASAN report:
==================================================================
BUG: KASAN: slab-use-after-free in svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]
Read of size 8 at addr ffff888139d96228 by task nc/102553
CPU: 7 PID: 102553 Comm: nc Not tainted 6.3.0+ #18
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Call Trace:
<IRQ>
dump_stack_lvl+0x33/0x50
print_address_description.constprop.0+0x27/0x310
print_report+0x3e/0x70
kasan_report+0xae/0xe0
svc_tcp_listen_data_ready+0x1cf/0x1f0 [sunrpc]
tcp_data_queue+0x9f4/0x20e0
tcp_rcv_established+0x666/0x1f60
tcp_v4_do_rcv+0x51c/0x850
tcp_v4_rcv+0x23fc/0x2e80
ip_protocol_deliver_rcu+0x62/0x300
ip_local_deliver_finish+0x267/0x350
ip_local_deliver+0x18b/0x2d0
ip_rcv+0x2fb/0x370
__netif_receive_skb_one_core+0x166/0x1b0
process_backlog+0x24c/0x5e0
__napi_poll+0xa2/0x500
net_rx_action+0x854/0xc90
__do_softirq+0x1bb/0x5de
do_softirq+0xcb/0x100
</IRQ>
<TASK>
...
</TASK>
Allocated by task 102371:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x7b/0x90
svc_setup_socket+0x52/0x4f0 [sunrpc]
svc_addsock+0x20d/0x400 [sunrpc]
__write_ports_addfd+0x209/0x390 [nfsd]
write_ports+0x239/0x2c0 [nfsd]
nfsctl_transaction_write+0xac/0x110 [nfsd]
vfs_write+0x1c3/0xae0
ksys_write+0xed/0x1c0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Freed by task 102551:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x2a/0x50
__kasan_slab_free+0x106/0x190
__kmem_cache_free+0x133/0x270
svc_xprt_free+0x1e2/0x350 [sunrpc]
svc_xprt_destroy_all+0x25a/0x440 [sunrpc]
nfsd_put+0x125/0x240 [nfsd]
nfsd_svc+0x2cb/0x3c0 [nfsd]
write_threads+0x1ac/0x2a0 [nfsd]
nfsctl_transaction_write+0xac/0x110 [nfsd]
vfs_write+0x1c3/0xae0
ksys_write+0xed/0x1c0
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Fix the UAF by simply doing nothing in svc_tcp_listen_data_ready()
if state != TCP_LISTEN, that will avoid dereferencing svsk for all
child socket.
Link: https://lore.kernel.org/lkml/20230507091131.23540-1-dinghui@sangfor.com.cn/
Fixes: fa9251afc33c ("SUNRPC: Call the default socket callbacks instead of open coding")
Signed-off-by: Ding Hui <dinghui@sangfor.com.cn>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/svcsock.c | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -757,12 +757,6 @@ static void svc_tcp_listen_data_ready(st
dprintk("svc: socket %p TCP (listen) state change %d\n",
sk, sk->sk_state);
- if (svsk) {
- /* Refer to svc_setup_socket() for details. */
- rmb();
- svsk->sk_odata(sk);
- }
-
/*
* This callback may called twice when a new connection
* is established as a child socket inherits everything
@@ -771,15 +765,20 @@ static void svc_tcp_listen_data_ready(st
* when one of child sockets become ESTABLISHED.
* 2) data_ready method of the child socket may be called
* when it receives data before the socket is accepted.
- * In case of 2, we should ignore it silently.
+ * In case of 2, we should ignore it silently and DO NOT
+ * dereference svsk.
*/
- if (sk->sk_state == TCP_LISTEN) {
- if (svsk) {
- set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
- svc_xprt_enqueue(&svsk->sk_xprt);
- } else
- printk("svc: socket %p: no user data\n", sk);
- }
+ if (sk->sk_state != TCP_LISTEN)
+ return;
+
+ if (svsk) {
+ /* Refer to svc_setup_socket() for details. */
+ rmb();
+ svsk->sk_odata(sk);
+ set_bit(XPT_CONN, &svsk->sk_xprt.xpt_flags);
+ svc_xprt_enqueue(&svsk->sk_xprt);
+ } else
+ printk("svc: socket %p: no user data\n", sk);
}
/*
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 156/323] perf intel-pt: Fix CYC timestamps after standalone CBR
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 155/323] SUNRPC: Fix UAF in svc_tcp_listen_data_ready() Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 157/323] ext4: fix wrong unit use in ext4_mb_clear_bb Greg Kroah-Hartman
` (170 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Adrian Hunter, Ian Rogers, Jiri Olsa,
Namhyung Kim, Arnaldo Carvalho de Melo
From: Adrian Hunter <adrian.hunter@intel.com>
commit 430635a0ef1ce958b7b4311f172694ece2c692b8 upstream.
After a standalone CBR (not associated with TSC), update the cycles
reference timestamp and reset the cycle count, so that CYC timestamps
are calculated relative to that point with the new frequency.
Fixes: cc33618619cefc6d ("perf tools: Add Intel PT support for decoding CYC packets")
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230403154831.8651-2-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -1499,6 +1499,8 @@ static void intel_pt_calc_cbr(struct int
decoder->cbr = cbr;
decoder->cbr_cyc_to_tsc = decoder->max_non_turbo_ratio_fp / cbr;
+ decoder->cyc_ref_timestamp = decoder->timestamp;
+ decoder->cycle_cnt = 0;
}
static void intel_pt_calc_cyc_timestamp(struct intel_pt_decoder *decoder)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 157/323] ext4: fix wrong unit use in ext4_mb_clear_bb
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 156/323] perf intel-pt: Fix CYC timestamps after standalone CBR Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 158/323] ext4: only update i_reserved_data_blocks on successful block allocation Greg Kroah-Hartman
` (169 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kemeng Shi, stable, Ojaswin Mujoo,
Theodore Tso
From: Kemeng Shi <shikemeng@huaweicloud.com>
commit 247c3d214c23dfeeeb892e91a82ac1188bdaec9f upstream.
Function ext4_issue_discard need count in cluster. Pass count_clusters
instead of count to fix the mismatch.
Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Cc: stable@kernel.org
Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://lore.kernel.org/r/20230603150327.3596033-11-shikemeng@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/mballoc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -4948,8 +4948,8 @@ do_more:
* them with group lock_held
*/
if (test_opt(sb, DISCARD)) {
- err = ext4_issue_discard(sb, block_group, bit, count,
- NULL);
+ err = ext4_issue_discard(sb, block_group, bit,
+ count_clusters, NULL);
if (err && err != -EOPNOTSUPP)
ext4_msg(sb, KERN_WARNING, "discard request in"
" group:%d block:%d count:%lu failed"
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 158/323] ext4: only update i_reserved_data_blocks on successful block allocation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 157/323] ext4: fix wrong unit use in ext4_mb_clear_bb Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 159/323] jfs: jfs_dmap: Validate db_l2nbperpage while mounting Greg Kroah-Hartman
` (168 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Baokun Li, Jan Kara,
Theodore Tso
From: Baokun Li <libaokun1@huawei.com>
commit de25d6e9610a8b30cce9bbb19b50615d02ebca02 upstream.
In our fault injection test, we create an ext4 file, migrate it to
non-extent based file, then punch a hole and finally trigger a WARN_ON
in the ext4_da_update_reserve_space():
EXT4-fs warning (device sda): ext4_da_update_reserve_space:369:
ino 14, used 11 with only 10 reserved data blocks
When writing back a non-extent based file, if we enable delalloc, the
number of reserved blocks will be subtracted from the number of blocks
mapped by ext4_ind_map_blocks(), and the extent status tree will be
updated. We update the extent status tree by first removing the old
extent_status and then inserting the new extent_status. If the block range
we remove happens to be in an extent, then we need to allocate another
extent_status with ext4_es_alloc_extent().
use old to remove to add new
|----------|------------|------------|
old extent_status
The problem is that the allocation of a new extent_status failed due to a
fault injection, and __es_shrink() did not get free memory, resulting in
a return of -ENOMEM. Then do_writepages() retries after receiving -ENOMEM,
we map to the same extent again, and the number of reserved blocks is again
subtracted from the number of blocks in that extent. Since the blocks in
the same extent are subtracted twice, we end up triggering WARN_ON at
ext4_da_update_reserve_space() because used > ei->i_reserved_data_blocks.
For non-extent based file, we update the number of reserved blocks after
ext4_ind_map_blocks() is executed, which causes a problem that when we call
ext4_ind_map_blocks() to create a block, it doesn't always create a block,
but we always reduce the number of reserved blocks. So we move the logic
for updating reserved blocks to ext4_ind_map_blocks() to ensure that the
number of reserved blocks is updated only after we do succeed in allocating
some new blocks.
Fixes: 5f634d064c70 ("ext4: Fix quota accounting error with fallocate")
Cc: stable@kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230424033846.4732-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/indirect.c | 8 ++++++++
fs/ext4/inode.c | 10 ----------
2 files changed, 8 insertions(+), 10 deletions(-)
--- a/fs/ext4/indirect.c
+++ b/fs/ext4/indirect.c
@@ -642,6 +642,14 @@ int ext4_ind_map_blocks(handle_t *handle
ext4_update_inode_fsync_trans(handle, inode, 1);
count = ar.len;
+
+ /*
+ * Update reserved blocks/metadata blocks after successful block
+ * allocation which had been deferred till now.
+ */
+ if (flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE)
+ ext4_da_update_reserve_space(inode, count, 1);
+
got_it:
map->m_flags |= EXT4_MAP_MAPPED;
map->m_pblk = le32_to_cpu(chain[depth-1].key);
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -668,16 +668,6 @@ found:
*/
ext4_clear_inode_state(inode, EXT4_STATE_EXT_MIGRATE);
}
-
- /*
- * Update reserved blocks/metadata blocks after successful
- * block allocation which had been deferred till now. We don't
- * support fallocate for non extent files. So we can update
- * reserve space here.
- */
- if ((retval > 0) &&
- (flags & EXT4_GET_BLOCKS_DELALLOC_RESERVE))
- ext4_da_update_reserve_space(inode, retval, 1);
}
if (retval > 0) {
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 159/323] jfs: jfs_dmap: Validate db_l2nbperpage while mounting
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 158/323] ext4: only update i_reserved_data_blocks on successful block allocation Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 160/323] PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Greg Kroah-Hartman
` (167 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dave Kleikamp, Siddh Raman Pant,
syzbot+d2cd27dcf8e04b232eb2
From: Siddh Raman Pant <code@siddh.me>
commit 11509910c599cbd04585ec35a6d5e1a0053d84c1 upstream.
In jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block
number inside dbFree(). db_l2nbperpage, which is the log2 number of
blocks per page, is passed as an argument to BLKTODMAP which uses it
for shifting.
Syzbot reported a shift out-of-bounds crash because db_l2nbperpage is
too big. This happens because the large value is set without any
validation in dbMount() at line 181.
Thus, make sure that db_l2nbperpage is correct while mounting.
Max number of blocks per page = Page size / Min block size
=> log2(Max num_block per page) = log2(Page size / Min block size)
= log2(Page size) - log2(Min block size)
=> Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE
Reported-and-tested-by: syzbot+d2cd27dcf8e04b232eb2@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=2a70a453331db32ed491f5cbb07e81bf2d225715
Cc: stable@vger.kernel.org
Suggested-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Siddh Raman Pant <code@siddh.me>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/jfs/jfs_dmap.c | 6 ++++++
fs/jfs/jfs_filsys.h | 2 ++
2 files changed, 8 insertions(+)
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -191,7 +191,13 @@ int dbMount(struct inode *ipbmap)
dbmp_le = (struct dbmap_disk *) mp->data;
bmp->db_mapsize = le64_to_cpu(dbmp_le->dn_mapsize);
bmp->db_nfree = le64_to_cpu(dbmp_le->dn_nfree);
+
bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage);
+ if (bmp->db_l2nbperpage > L2PSIZE - L2MINBLOCKSIZE) {
+ err = -EINVAL;
+ goto err_release_metapage;
+ }
+
bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
if (!bmp->db_numag) {
err = -EINVAL;
--- a/fs/jfs/jfs_filsys.h
+++ b/fs/jfs/jfs_filsys.h
@@ -135,7 +135,9 @@
#define NUM_INODE_PER_IAG INOSPERIAG
#define MINBLOCKSIZE 512
+#define L2MINBLOCKSIZE 9
#define MAXBLOCKSIZE 4096
+#define L2MAXBLOCKSIZE 12
#define MAXFILESIZE ((s64)1 << 52)
#define JFS_LINK_MAX 0xffffffff
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 160/323] PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 159/323] jfs: jfs_dmap: Validate db_l2nbperpage while mounting Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 161/323] PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Greg Kroah-Hartman
` (166 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ondrej Zary, Bjorn Helgaas
From: Ondrej Zary <linux@zary.sk>
commit 9e30fd26f43b89cb6b4e850a86caa2e50dedb454 upstream.
The quirk for Elo i2 introduced in commit 92597f97a40b ("PCI/PM: Avoid
putting Elo i2 PCIe Ports in D3cold") is also needed by EloPOS E2/S2/H2
which uses the same Continental Z2 board.
Change the quirk to match the board instead of system.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215715
Link: https://lore.kernel.org/r/20230614074253.22318-1-linux@zary.sk
Signed-off-by: Ondrej Zary <linux@zary.sk>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -2521,13 +2521,13 @@ static const struct dmi_system_id bridge
{
/*
* Downstream device is not accessible after putting a root port
- * into D3cold and back into D0 on Elo i2.
+ * into D3cold and back into D0 on Elo Continental Z2 board
*/
- .ident = "Elo i2",
+ .ident = "Elo Continental Z2",
.matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "Elo Touch Solutions"),
- DMI_MATCH(DMI_PRODUCT_NAME, "Elo i2"),
- DMI_MATCH(DMI_PRODUCT_VERSION, "RevB"),
+ DMI_MATCH(DMI_BOARD_VENDOR, "Elo Touch Solutions"),
+ DMI_MATCH(DMI_BOARD_NAME, "Geminilake"),
+ DMI_MATCH(DMI_BOARD_VERSION, "Continental Z2"),
},
},
#endif
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 161/323] PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 160/323] PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Greg Kroah-Hartman
@ 2023-08-09 10:39 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 162/323] PCI: qcom: Disable write access to read only registers for IP v2.3.3 Greg Kroah-Hartman
` (165 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:39 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Adriaanse, Robin Murphy,
Bjorn Helgaas, Christoph Hellwig
From: Robin Murphy <robin.murphy@arm.com>
commit 88d341716b83abd355558523186ca488918627ee upstream.
Marvell's own product brief implies the 92xx series are a closely related
family, and sure enough it turns out that 9235 seems to need the same quirk
as the other three, although possibly only when certain ports are used.
Link: https://lore.kernel.org/linux-iommu/2a699a99-545c-1324-e052-7d2f41fed1ae@yahoo.co.uk/
Link: https://lore.kernel.org/r/731507e05d70239aec96fcbfab6e65d8ce00edd2.1686157165.git.robin.murphy@arm.com
Reported-by: Jason Adriaanse <jason_a69@yahoo.co.uk>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/quirks.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4074,6 +4074,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_M
/* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c49 */
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9230,
quirk_dma_func1_alias);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9235,
+ quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_TTI, 0x0642,
quirk_dma_func1_alias);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_TTI, 0x0645,
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 162/323] PCI: qcom: Disable write access to read only registers for IP v2.3.3
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2023-08-09 10:39 ` [PATCH 4.19 161/323] PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 163/323] PCI: rockchip: Assert PCI Configuration Enable bit after probe Greg Kroah-Hartman
` (164 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam,
Lorenzo Pieralisi
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
commit a33d700e8eea76c62120cb3dbf5e01328f18319a upstream.
In the post init sequence of v2.9.0, write access to read only registers
are not disabled after updating the registers. Fix it by disabling the
access after register update.
Link: https://lore.kernel.org/r/20230619150408.8468-2-manivannan.sadhasivam@linaro.org
Fixes: 5d76117f070d ("PCI: qcom: Add support for IPQ8074 PCIe controller")
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -758,6 +758,8 @@ static int qcom_pcie_get_resources_2_4_0
if (IS_ERR(res->phy_ahb_reset))
return PTR_ERR(res->phy_ahb_reset);
+ dw_pcie_dbi_ro_wr_dis(pci);
+
return 0;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 163/323] PCI: rockchip: Assert PCI Configuration Enable bit after probe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 162/323] PCI: qcom: Disable write access to read only registers for IP v2.3.3 Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 164/323] PCI: rockchip: Write PCI Device ID to correct register Greg Kroah-Hartman
` (163 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Rick Wertenbroek,
Lorenzo Pieralisi
From: Rick Wertenbroek <rick.wertenbroek@gmail.com>
commit f397fd4ac1fa3afcabd8cee030f953ccaed2a364 upstream.
Assert PCI Configuration Enable bit after probe. When this bit is left to
0 in the endpoint mode, the RK3399 PCIe endpoint core will generate
configuration request retry status (CRS) messages back to the root complex.
Assert this bit after probe to allow the RK3399 PCIe endpoint core to reply
to configuration requests from the root complex.
This is documented in section 17.5.8.1.2 of the RK3399 TRM.
Link: https://lore.kernel.org/r/20230418074700.1083505-4-rick.wertenbroek@gmail.com
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Tested-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Rick Wertenbroek <rick.wertenbroek@gmail.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-rockchip-ep.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/pci/controller/pcie-rockchip-ep.c
+++ b/drivers/pci/controller/pcie-rockchip-ep.c
@@ -620,6 +620,9 @@ static int rockchip_pcie_ep_probe(struct
ep->irq_pci_addr = ROCKCHIP_PCIE_EP_DUMMY_IRQ_ADDR;
+ rockchip_pcie_write(rockchip, PCIE_CLIENT_CONF_ENABLE,
+ PCIE_CLIENT_CONFIG);
+
return 0;
err_epc_mem_exit:
pci_epc_mem_exit(epc);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 164/323] PCI: rockchip: Write PCI Device ID to correct register
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 163/323] PCI: rockchip: Assert PCI Configuration Enable bit after probe Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 165/323] PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked Greg Kroah-Hartman
` (162 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Rick Wertenbroek,
Lorenzo Pieralisi
From: Rick Wertenbroek <rick.wertenbroek@gmail.com>
commit 1f1c42ece18de365c976a060f3c8eb481b038e3a upstream.
Write PCI Device ID (DID) to the correct register. The Device ID was not
updated through the correct register. Device ID was written to a read-only
register and therefore did not work. The Device ID is now set through the
correct register. This is documented in the RK3399 TRM section 17.6.6.1.1
Link: https://lore.kernel.org/r/20230418074700.1083505-3-rick.wertenbroek@gmail.com
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Tested-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Rick Wertenbroek <rick.wertenbroek@gmail.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-rockchip-ep.c | 6 ++++--
drivers/pci/controller/pcie-rockchip.h | 2 ++
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/pci/controller/pcie-rockchip-ep.c
+++ b/drivers/pci/controller/pcie-rockchip-ep.c
@@ -124,6 +124,7 @@ static void rockchip_pcie_prog_ep_ob_atu
static int rockchip_pcie_ep_write_header(struct pci_epc *epc, u8 fn,
struct pci_epf_header *hdr)
{
+ u32 reg;
struct rockchip_pcie_ep *ep = epc_get_drvdata(epc);
struct rockchip_pcie *rockchip = &ep->rockchip;
@@ -136,8 +137,9 @@ static int rockchip_pcie_ep_write_header
PCIE_CORE_CONFIG_VENDOR);
}
- rockchip_pcie_write(rockchip, hdr->deviceid << 16,
- ROCKCHIP_PCIE_EP_FUNC_BASE(fn) + PCI_VENDOR_ID);
+ reg = rockchip_pcie_read(rockchip, PCIE_EP_CONFIG_DID_VID);
+ reg = (reg & 0xFFFF) | (hdr->deviceid << 16);
+ rockchip_pcie_write(rockchip, reg, PCIE_EP_CONFIG_DID_VID);
rockchip_pcie_write(rockchip,
hdr->revid |
--- a/drivers/pci/controller/pcie-rockchip.h
+++ b/drivers/pci/controller/pcie-rockchip.h
@@ -132,6 +132,8 @@
#define PCIE_RC_RP_ATS_BASE 0x400000
#define PCIE_RC_CONFIG_NORMAL_BASE 0x800000
#define PCIE_RC_CONFIG_BASE 0xa00000
+#define PCIE_EP_CONFIG_BASE 0xa00000
+#define PCIE_EP_CONFIG_DID_VID (PCIE_EP_CONFIG_BASE + 0x00)
#define PCIE_RC_CONFIG_RID_CCR (PCIE_RC_CONFIG_BASE + 0x08)
#define PCIE_RC_CONFIG_SCC_SHIFT 16
#define PCIE_RC_CONFIG_DCR (PCIE_RC_CONFIG_BASE + 0xc4)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 165/323] PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 164/323] PCI: rockchip: Write PCI Device ID to correct register Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 166/323] PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core Greg Kroah-Hartman
` (161 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Rick Wertenbroek,
Lorenzo Pieralisi
From: Rick Wertenbroek <rick.wertenbroek@gmail.com>
commit 9dd3c7c4c8c3f7f010d9cdb7c3f42506d93c9527 upstream.
The RK3399 PCIe controller should wait until the PHY PLLs are locked.
Add poll and timeout to wait for PHY PLLs to be locked. If they cannot
be locked generate error message and jump to error handler. Accessing
registers in the PHY clock domain when PLLs are not locked causes hang
The PHY PLLs status is checked through a side channel register.
This is documented in the TRM section 17.5.8.1 "PCIe Initialization
Sequence".
Link: https://lore.kernel.org/r/20230418074700.1083505-5-rick.wertenbroek@gmail.com
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Tested-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Rick Wertenbroek <rick.wertenbroek@gmail.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-rockchip.c | 17 +++++++++++++++++
drivers/pci/controller/pcie-rockchip.h | 2 ++
2 files changed, 19 insertions(+)
--- a/drivers/pci/controller/pcie-rockchip.c
+++ b/drivers/pci/controller/pcie-rockchip.c
@@ -14,6 +14,7 @@
#include <linux/clk.h>
#include <linux/delay.h>
#include <linux/gpio/consumer.h>
+#include <linux/iopoll.h>
#include <linux/of_pci.h>
#include <linux/phy/phy.h>
#include <linux/platform_device.h>
@@ -154,6 +155,12 @@ int rockchip_pcie_parse_dt(struct rockch
}
EXPORT_SYMBOL_GPL(rockchip_pcie_parse_dt);
+#define rockchip_pcie_read_addr(addr) rockchip_pcie_read(rockchip, addr)
+/* 100 ms max wait time for PHY PLLs to lock */
+#define RK_PHY_PLL_LOCK_TIMEOUT_US 100000
+/* Sleep should be less than 20ms */
+#define RK_PHY_PLL_LOCK_SLEEP_US 1000
+
int rockchip_pcie_init_port(struct rockchip_pcie *rockchip)
{
struct device *dev = rockchip->dev;
@@ -255,6 +262,16 @@ int rockchip_pcie_init_port(struct rockc
}
}
+ err = readx_poll_timeout(rockchip_pcie_read_addr,
+ PCIE_CLIENT_SIDE_BAND_STATUS,
+ regs, !(regs & PCIE_CLIENT_PHY_ST),
+ RK_PHY_PLL_LOCK_SLEEP_US,
+ RK_PHY_PLL_LOCK_TIMEOUT_US);
+ if (err) {
+ dev_err(dev, "PHY PLLs could not lock, %d\n", err);
+ goto err_power_off_phy;
+ }
+
/*
* Please don't reorder the deassert sequence of the following
* four reset pins.
--- a/drivers/pci/controller/pcie-rockchip.h
+++ b/drivers/pci/controller/pcie-rockchip.h
@@ -37,6 +37,8 @@
#define PCIE_CLIENT_MODE_EP HIWORD_UPDATE(0x0040, 0)
#define PCIE_CLIENT_GEN_SEL_1 HIWORD_UPDATE(0x0080, 0)
#define PCIE_CLIENT_GEN_SEL_2 HIWORD_UPDATE_BIT(0x0080)
+#define PCIE_CLIENT_SIDE_BAND_STATUS (PCIE_CLIENT_BASE + 0x20)
+#define PCIE_CLIENT_PHY_ST BIT(12)
#define PCIE_CLIENT_DEBUG_OUT_0 (PCIE_CLIENT_BASE + 0x3c)
#define PCIE_CLIENT_DEBUG_LTSSM_MASK GENMASK(5, 0)
#define PCIE_CLIENT_DEBUG_LTSSM_L1 0x18
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 166/323] PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 165/323] PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 167/323] PCI: rockchip: Use u32 variable to access 32-bit registers Greg Kroah-Hartman
` (160 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Rick Wertenbroek,
Lorenzo Pieralisi
From: Rick Wertenbroek <rick.wertenbroek@gmail.com>
commit 166e89d99dd85a856343cca51eee781b793801f2 upstream.
Fix legacy IRQ generation for RK3399 PCIe endpoint core according to
the technical reference manual (TRM). Assert and deassert legacy
interrupt (INTx) through the legacy interrupt control register
("PCIE_CLIENT_LEGACY_INT_CTRL") instead of manually generating a PCIe
message. The generation of the legacy interrupt was tested and validated
with the PCIe endpoint test driver.
Link: https://lore.kernel.org/r/20230418074700.1083505-8-rick.wertenbroek@gmail.com
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Tested-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Rick Wertenbroek <rick.wertenbroek@gmail.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-rockchip-ep.c | 45 +++++++-----------------------
drivers/pci/controller/pcie-rockchip.h | 6 +++-
2 files changed, 16 insertions(+), 35 deletions(-)
--- a/drivers/pci/controller/pcie-rockchip-ep.c
+++ b/drivers/pci/controller/pcie-rockchip-ep.c
@@ -346,48 +346,25 @@ static int rockchip_pcie_ep_get_msi(stru
}
static void rockchip_pcie_ep_assert_intx(struct rockchip_pcie_ep *ep, u8 fn,
- u8 intx, bool is_asserted)
+ u8 intx, bool do_assert)
{
struct rockchip_pcie *rockchip = &ep->rockchip;
- u32 r = ep->max_regions - 1;
- u32 offset;
- u32 status;
- u8 msg_code;
-
- if (unlikely(ep->irq_pci_addr != ROCKCHIP_PCIE_EP_PCI_LEGACY_IRQ_ADDR ||
- ep->irq_pci_fn != fn)) {
- rockchip_pcie_prog_ep_ob_atu(rockchip, fn, r,
- AXI_WRAPPER_NOR_MSG,
- ep->irq_phys_addr, 0, 0);
- ep->irq_pci_addr = ROCKCHIP_PCIE_EP_PCI_LEGACY_IRQ_ADDR;
- ep->irq_pci_fn = fn;
- }
intx &= 3;
- if (is_asserted) {
+
+ if (do_assert) {
ep->irq_pending |= BIT(intx);
- msg_code = ROCKCHIP_PCIE_MSG_CODE_ASSERT_INTA + intx;
+ rockchip_pcie_write(rockchip,
+ PCIE_CLIENT_INT_IN_ASSERT |
+ PCIE_CLIENT_INT_PEND_ST_PEND,
+ PCIE_CLIENT_LEGACY_INT_CTRL);
} else {
ep->irq_pending &= ~BIT(intx);
- msg_code = ROCKCHIP_PCIE_MSG_CODE_DEASSERT_INTA + intx;
+ rockchip_pcie_write(rockchip,
+ PCIE_CLIENT_INT_IN_DEASSERT |
+ PCIE_CLIENT_INT_PEND_ST_NORMAL,
+ PCIE_CLIENT_LEGACY_INT_CTRL);
}
-
- status = rockchip_pcie_read(rockchip,
- ROCKCHIP_PCIE_EP_FUNC_BASE(fn) +
- ROCKCHIP_PCIE_EP_CMD_STATUS);
- status &= ROCKCHIP_PCIE_EP_CMD_STATUS_IS;
-
- if ((status != 0) ^ (ep->irq_pending != 0)) {
- status ^= ROCKCHIP_PCIE_EP_CMD_STATUS_IS;
- rockchip_pcie_write(rockchip, status,
- ROCKCHIP_PCIE_EP_FUNC_BASE(fn) +
- ROCKCHIP_PCIE_EP_CMD_STATUS);
- }
-
- offset =
- ROCKCHIP_PCIE_MSG_ROUTING(ROCKCHIP_PCIE_MSG_ROUTING_LOCAL_INTX) |
- ROCKCHIP_PCIE_MSG_CODE(msg_code) | ROCKCHIP_PCIE_MSG_NO_DATA;
- writel(0, ep->irq_cpu_addr + offset);
}
static int rockchip_pcie_ep_send_legacy_irq(struct rockchip_pcie_ep *ep, u8 fn,
--- a/drivers/pci/controller/pcie-rockchip.h
+++ b/drivers/pci/controller/pcie-rockchip.h
@@ -37,6 +37,11 @@
#define PCIE_CLIENT_MODE_EP HIWORD_UPDATE(0x0040, 0)
#define PCIE_CLIENT_GEN_SEL_1 HIWORD_UPDATE(0x0080, 0)
#define PCIE_CLIENT_GEN_SEL_2 HIWORD_UPDATE_BIT(0x0080)
+#define PCIE_CLIENT_LEGACY_INT_CTRL (PCIE_CLIENT_BASE + 0x0c)
+#define PCIE_CLIENT_INT_IN_ASSERT HIWORD_UPDATE_BIT(0x0002)
+#define PCIE_CLIENT_INT_IN_DEASSERT HIWORD_UPDATE(0x0002, 0)
+#define PCIE_CLIENT_INT_PEND_ST_PEND HIWORD_UPDATE_BIT(0x0001)
+#define PCIE_CLIENT_INT_PEND_ST_NORMAL HIWORD_UPDATE(0x0001, 0)
#define PCIE_CLIENT_SIDE_BAND_STATUS (PCIE_CLIENT_BASE + 0x20)
#define PCIE_CLIENT_PHY_ST BIT(12)
#define PCIE_CLIENT_DEBUG_OUT_0 (PCIE_CLIENT_BASE + 0x3c)
@@ -234,7 +239,6 @@
#define ROCKCHIP_PCIE_EP_MSI_CTRL_ME BIT(16)
#define ROCKCHIP_PCIE_EP_MSI_CTRL_MASK_MSI_CAP BIT(24)
#define ROCKCHIP_PCIE_EP_DUMMY_IRQ_ADDR 0x1
-#define ROCKCHIP_PCIE_EP_PCI_LEGACY_IRQ_ADDR 0x3
#define ROCKCHIP_PCIE_EP_FUNC_BASE(fn) (((fn) << 12) & GENMASK(19, 12))
#define ROCKCHIP_PCIE_AT_IB_EP_FUNC_BAR_ADDR0(fn, bar) \
(PCIE_RC_RP_ATS_BASE + 0x0840 + (fn) * 0x0040 + (bar) * 0x0008)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 167/323] PCI: rockchip: Use u32 variable to access 32-bit registers
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 166/323] PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 168/323] misc: pci_endpoint_test: Free IRQs before removing the device Greg Kroah-Hartman
` (159 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Rick Wertenbroek,
Lorenzo Pieralisi
From: Rick Wertenbroek <rick.wertenbroek@gmail.com>
commit 8962b2cb39119cbda4fc69a1f83957824f102f81 upstream.
Previously u16 variables were used to access 32-bit registers, this
resulted in not all of the data being read from the registers. Also
the left shift of more than 16-bits would result in moving data out
of the variable. Use u32 variables to access 32-bit registers
Link: https://lore.kernel.org/r/20230418074700.1083505-10-rick.wertenbroek@gmail.com
Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller")
Tested-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Rick Wertenbroek <rick.wertenbroek@gmail.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/controller/pcie-rockchip-ep.c | 10 +++++-----
drivers/pci/controller/pcie-rockchip.h | 1 +
2 files changed, 6 insertions(+), 5 deletions(-)
--- a/drivers/pci/controller/pcie-rockchip-ep.c
+++ b/drivers/pci/controller/pcie-rockchip-ep.c
@@ -313,15 +313,15 @@ static int rockchip_pcie_ep_set_msi(stru
{
struct rockchip_pcie_ep *ep = epc_get_drvdata(epc);
struct rockchip_pcie *rockchip = &ep->rockchip;
- u16 flags;
+ u32 flags;
flags = rockchip_pcie_read(rockchip,
ROCKCHIP_PCIE_EP_FUNC_BASE(fn) +
ROCKCHIP_PCIE_EP_MSI_CTRL_REG);
flags &= ~ROCKCHIP_PCIE_EP_MSI_CTRL_MMC_MASK;
flags |=
- ((multi_msg_cap << 1) << ROCKCHIP_PCIE_EP_MSI_CTRL_MMC_OFFSET) |
- PCI_MSI_FLAGS_64BIT;
+ (multi_msg_cap << ROCKCHIP_PCIE_EP_MSI_CTRL_MMC_OFFSET) |
+ (PCI_MSI_FLAGS_64BIT << ROCKCHIP_PCIE_EP_MSI_FLAGS_OFFSET);
flags &= ~ROCKCHIP_PCIE_EP_MSI_CTRL_MASK_MSI_CAP;
rockchip_pcie_write(rockchip, flags,
ROCKCHIP_PCIE_EP_FUNC_BASE(fn) +
@@ -333,7 +333,7 @@ static int rockchip_pcie_ep_get_msi(stru
{
struct rockchip_pcie_ep *ep = epc_get_drvdata(epc);
struct rockchip_pcie *rockchip = &ep->rockchip;
- u16 flags;
+ u32 flags;
flags = rockchip_pcie_read(rockchip,
ROCKCHIP_PCIE_EP_FUNC_BASE(fn) +
@@ -394,7 +394,7 @@ static int rockchip_pcie_ep_send_msi_irq
u8 interrupt_num)
{
struct rockchip_pcie *rockchip = &ep->rockchip;
- u16 flags, mme, data, data_mask;
+ u32 flags, mme, data, data_mask;
u8 msi_count;
u64 pci_addr, pci_addr_mask = 0xff;
--- a/drivers/pci/controller/pcie-rockchip.h
+++ b/drivers/pci/controller/pcie-rockchip.h
@@ -232,6 +232,7 @@
#define ROCKCHIP_PCIE_EP_CMD_STATUS 0x4
#define ROCKCHIP_PCIE_EP_CMD_STATUS_IS BIT(19)
#define ROCKCHIP_PCIE_EP_MSI_CTRL_REG 0x90
+#define ROCKCHIP_PCIE_EP_MSI_FLAGS_OFFSET 16
#define ROCKCHIP_PCIE_EP_MSI_CTRL_MMC_OFFSET 17
#define ROCKCHIP_PCIE_EP_MSI_CTRL_MMC_MASK GENMASK(19, 17)
#define ROCKCHIP_PCIE_EP_MSI_CTRL_MME_OFFSET 20
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 168/323] misc: pci_endpoint_test: Free IRQs before removing the device
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 167/323] PCI: rockchip: Use u32 variable to access 32-bit registers Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 169/323] misc: pci_endpoint_test: Re-init completion for every test Greg Kroah-Hartman
` (158 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam
From: Damien Le Moal <dlemoal@kernel.org>
commit f61b7634a3249d12b9daa36ffbdb9965b6f24c6c upstream.
In pci_endpoint_test_remove(), freeing the IRQs after removing the device
creates a small race window for IRQs to be received with the test device
memory already released, causing the IRQ handler to access invalid memory,
resulting in an oops.
Free the device IRQs before removing the device to avoid this issue.
Link: https://lore.kernel.org/r/20230415023542.77601-15-dlemoal@kernel.org
Fixes: e03327122e2c ("pci_endpoint_test: Add 2 ioctl commands")
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/pci_endpoint_test.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -785,6 +785,9 @@ static void pci_endpoint_test_remove(str
if (id < 0)
return;
+ pci_endpoint_test_release_irq(test);
+ pci_endpoint_test_free_irq_vectors(test);
+
misc_deregister(&test->miscdev);
kfree(misc_device->name);
ida_simple_remove(&pci_endpoint_test_ida, id);
@@ -793,9 +796,6 @@ static void pci_endpoint_test_remove(str
pci_iounmap(pdev, test->bar[bar]);
}
- pci_endpoint_test_release_irq(test);
- pci_endpoint_test_free_irq_vectors(test);
-
pci_release_regions(pdev);
pci_disable_device(pdev);
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 169/323] misc: pci_endpoint_test: Re-init completion for every test
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 168/323] misc: pci_endpoint_test: Free IRQs before removing the device Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 170/323] md/raid0: add discard support for the original layout Greg Kroah-Hartman
` (157 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Lorenzo Pieralisi,
Bjorn Helgaas, Manivannan Sadhasivam
From: Damien Le Moal <dlemoal@kernel.org>
commit fb620ae73b70c2f57b9d3e911fc24c024ba2324f upstream.
The irq_raised completion used to detect the end of a test case is
initialized when the test device is probed, but never reinitialized again
before a test case. As a result, the irq_raised completion synchronization
is effective only for the first ioctl test case executed. Any subsequent
call to wait_for_completion() by another ioctl() call will immediately
return, potentially too early, leading to false positive failures.
Fix this by reinitializing the irq_raised completion before starting a new
ioctl() test command.
Link: https://lore.kernel.org/r/20230415023542.77601-16-dlemoal@kernel.org
Fixes: 2c156ac71c6b ("misc: Add host side PCI driver for PCI test function device")
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/pci_endpoint_test.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -601,6 +601,10 @@ static long pci_endpoint_test_ioctl(stru
struct pci_dev *pdev = test->pdev;
mutex_lock(&test->mutex);
+
+ reinit_completion(&test->irq_raised);
+ test->last_irq = -ENODATA;
+
switch (cmd) {
case PCITEST_BAR:
bar = arg;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 170/323] md/raid0: add discard support for the original layout
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 169/323] misc: pci_endpoint_test: Re-init completion for every test Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 171/323] fs: dlm: return positive pid value for F_GETLK Greg Kroah-Hartman
` (156 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, NeilBrown, Song Liu, Jason Baron
From: Jason Baron <jbaron@akamai.com>
commit e836007089ba8fdf24e636ef2b007651fb4582e6 upstream.
We've found that using raid0 with the 'original' layout and discard
enabled with different disk sizes (such that at least two zones are
created) can result in data corruption. This is due to the fact that
the discard handling in 'raid0_handle_discard()' assumes the 'alternate'
layout. We've seen this corruption using ext4 but other filesystems are
likely susceptible as well.
More specifically, while multiple zones are necessary to create the
corruption, the corruption may not occur with multiple zones if they
layout in such a way the layout matches what the 'alternate' layout
would have produced. Thus, not all raid0 devices with the 'original'
layout, different size disks and discard enabled will encounter this
corruption.
The 3.14 kernel inadvertently changed the raid0 disk layout for different
size disks. Thus, running a pre-3.14 kernel and post-3.14 kernel on the
same raid0 array could corrupt data. This lead to the creation of the
'original' layout (to match the pre-3.14 layout) and the 'alternate' layout
(to match the post 3.14 layout) in the 5.4 kernel time frame and an option
to tell the kernel which layout to use (since it couldn't be autodetected).
However, when the 'original' layout was added back to 5.4 discard support
for the 'original' layout was not added leading this issue.
I've been able to reliably reproduce the corruption with the following
test case:
1. create raid0 array with different size disks using original layout
2. mkfs
3. mount -o discard
4. create lots of files
5. remove 1/2 the files
6. fstrim -a (or just the mount point for the raid0 array)
7. umount
8. fsck -fn /dev/md0 (spews all sorts of corruptions)
Let's fix this by adding proper discard support to the 'original' layout.
The fix 'maps' the 'original' layout disks to the order in which they are
read/written such that we can compare the disks in the same way that the
current 'alternate' layout does. A 'disk_shift' field is added to
'struct strip_zone'. This could be computed on the fly in
raid0_handle_discard() but by adding this field, we save some computation
in the discard path.
Note we could also potentially fix this by re-ordering the disks in the
zones that follow the first one, and then always read/writing them using
the 'alternate' layout. However, that is seen as a more substantial change,
and we are attempting the least invasive fix at this time to remedy the
corruption.
I've verified the change using the reproducer mentioned above. Typically,
the corruption is seen after less than 3 iterations, while the patch has
run 500+ iterations.
Cc: NeilBrown <neilb@suse.de>
Cc: Song Liu <song@kernel.org>
Fixes: c84a1372df92 ("md/raid0: avoid RAID0 data corruption due to layout confusion.")
Cc: stable@vger.kernel.org
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230623180523.1901230-1-jbaron@akamai.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/raid0.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++-------
drivers/md/raid0.h | 1
2 files changed, 55 insertions(+), 8 deletions(-)
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -296,6 +296,18 @@ static int create_strip_zones(struct mdd
goto abort;
}
+ if (conf->layout == RAID0_ORIG_LAYOUT) {
+ for (i = 1; i < conf->nr_strip_zones; i++) {
+ sector_t first_sector = conf->strip_zone[i-1].zone_end;
+
+ sector_div(first_sector, mddev->chunk_sectors);
+ zone = conf->strip_zone + i;
+ /* disk_shift is first disk index used in the zone */
+ zone->disk_shift = sector_div(first_sector,
+ zone->nb_dev);
+ }
+ }
+
pr_debug("md/raid0:%s: done.\n", mdname(mddev));
*private_conf = conf;
@@ -482,6 +494,20 @@ static inline int is_io_in_chunk_boundar
}
}
+/*
+ * Convert disk_index to the disk order in which it is read/written.
+ * For example, if we have 4 disks, they are numbered 0,1,2,3. If we
+ * write the disks starting at disk 3, then the read/write order would
+ * be disk 3, then 0, then 1, and then disk 2 and we want map_disk_shift()
+ * to map the disks as follows 0,1,2,3 => 1,2,3,0. So disk 0 would map
+ * to 1, 1 to 2, 2 to 3, and 3 to 0. That way we can compare disks in
+ * that 'output' space to understand the read/write disk ordering.
+ */
+static int map_disk_shift(int disk_index, int num_disks, int disk_shift)
+{
+ return ((disk_index + num_disks - disk_shift) % num_disks);
+}
+
static void raid0_handle_discard(struct mddev *mddev, struct bio *bio)
{
struct r0conf *conf = mddev->private;
@@ -495,7 +521,9 @@ static void raid0_handle_discard(struct
sector_t end_disk_offset;
unsigned int end_disk_index;
unsigned int disk;
+ sector_t orig_start, orig_end;
+ orig_start = start;
zone = find_zone(conf, &start);
if (bio_end_sector(bio) > zone->zone_end) {
@@ -509,6 +537,7 @@ static void raid0_handle_discard(struct
} else
end = bio_end_sector(bio);
+ orig_end = end;
if (zone != conf->strip_zone)
end = end - zone[-1].zone_end;
@@ -520,13 +549,26 @@ static void raid0_handle_discard(struct
last_stripe_index = end;
sector_div(last_stripe_index, stripe_size);
- start_disk_index = (int)(start - first_stripe_index * stripe_size) /
- mddev->chunk_sectors;
+ /* In the first zone the original and alternate layouts are the same */
+ if ((conf->layout == RAID0_ORIG_LAYOUT) && (zone != conf->strip_zone)) {
+ sector_div(orig_start, mddev->chunk_sectors);
+ start_disk_index = sector_div(orig_start, zone->nb_dev);
+ start_disk_index = map_disk_shift(start_disk_index,
+ zone->nb_dev,
+ zone->disk_shift);
+ sector_div(orig_end, mddev->chunk_sectors);
+ end_disk_index = sector_div(orig_end, zone->nb_dev);
+ end_disk_index = map_disk_shift(end_disk_index,
+ zone->nb_dev, zone->disk_shift);
+ } else {
+ start_disk_index = (int)(start - first_stripe_index * stripe_size) /
+ mddev->chunk_sectors;
+ end_disk_index = (int)(end - last_stripe_index * stripe_size) /
+ mddev->chunk_sectors;
+ }
start_disk_offset = ((int)(start - first_stripe_index * stripe_size) %
mddev->chunk_sectors) +
first_stripe_index * mddev->chunk_sectors;
- end_disk_index = (int)(end - last_stripe_index * stripe_size) /
- mddev->chunk_sectors;
end_disk_offset = ((int)(end - last_stripe_index * stripe_size) %
mddev->chunk_sectors) +
last_stripe_index * mddev->chunk_sectors;
@@ -535,18 +577,22 @@ static void raid0_handle_discard(struct
sector_t dev_start, dev_end;
struct bio *discard_bio = NULL;
struct md_rdev *rdev;
+ int compare_disk;
+
+ compare_disk = map_disk_shift(disk, zone->nb_dev,
+ zone->disk_shift);
- if (disk < start_disk_index)
+ if (compare_disk < start_disk_index)
dev_start = (first_stripe_index + 1) *
mddev->chunk_sectors;
- else if (disk > start_disk_index)
+ else if (compare_disk > start_disk_index)
dev_start = first_stripe_index * mddev->chunk_sectors;
else
dev_start = start_disk_offset;
- if (disk < end_disk_index)
+ if (compare_disk < end_disk_index)
dev_end = (last_stripe_index + 1) * mddev->chunk_sectors;
- else if (disk > end_disk_index)
+ else if (compare_disk > end_disk_index)
dev_end = last_stripe_index * mddev->chunk_sectors;
else
dev_end = end_disk_offset;
--- a/drivers/md/raid0.h
+++ b/drivers/md/raid0.h
@@ -6,6 +6,7 @@ struct strip_zone {
sector_t zone_end; /* Start of the next zone (in sectors) */
sector_t dev_start; /* Zone offset in real dev (in sectors) */
int nb_dev; /* # of devices attached to the zone */
+ int disk_shift; /* start disk for the original layout */
};
/* Linux 3.14 (20d0189b101) made an unintended change to
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 171/323] fs: dlm: return positive pid value for F_GETLK
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 170/323] md/raid0: add discard support for the original layout Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 172/323] serial: atmel: dont enable IRQs prematurely Greg Kroah-Hartman
` (155 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Aring, David Teigland
From: Alexander Aring <aahringo@redhat.com>
commit 92655fbda5c05950a411eaabc19e025e86e2a291 upstream.
The GETLK pid values have all been negated since commit 9d5b86ac13c5
("fs/locks: Remove fl_nspid and use fs-specific l_pid for remote locks").
Revert this for local pids, and leave in place negative pids for remote
owners.
Cc: stable@vger.kernel.org
Fixes: 9d5b86ac13c5 ("fs/locks: Remove fl_nspid and use fs-specific l_pid for remote locks")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/dlm/plock.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -366,7 +366,9 @@ int dlm_posix_get(dlm_lockspace_t *locks
locks_init_lock(fl);
fl->fl_type = (op->info.ex) ? F_WRLCK : F_RDLCK;
fl->fl_flags = FL_POSIX;
- fl->fl_pid = -op->info.pid;
+ fl->fl_pid = op->info.pid;
+ if (op->info.nodeid != dlm_our_nodeid())
+ fl->fl_pid = -fl->fl_pid;
fl->fl_start = op->info.start;
fl->fl_end = op->info.end;
rv = 0;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 172/323] serial: atmel: dont enable IRQs prematurely
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 171/323] fs: dlm: return positive pid value for F_GETLK Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 173/323] hwrng: imx-rngc - fix the timeout for init and self check Greg Kroah-Hartman
` (154 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Jiri Slaby,
Richard Genoud, stable
From: Dan Carpenter <dan.carpenter@linaro.org>
commit 27a826837ec9a3e94cc44bd9328b8289b0fcecd7 upstream.
The atmel_complete_tx_dma() function disables IRQs at the start
of the function by calling spin_lock_irqsave(&port->lock, flags);
There is no need to disable them a second time using the
spin_lock_irq() function and, in fact, doing so is a bug because
it will enable IRQs prematurely when we call spin_unlock_irq().
Just use spin_lock/unlock() instead without disabling or enabling
IRQs.
Fixes: 08f738be88bb ("serial: at91: add tx dma support")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Acked-by: Richard Genoud <richard.genoud@gmail.com>
Link: https://lore.kernel.org/r/cb7c39a9-c004-4673-92e1-be4e34b85368@moroto.mountain
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/atmel_serial.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -791,11 +791,11 @@ static void atmel_complete_tx_dma(void *
port->icount.tx += atmel_port->tx_len;
- spin_lock_irq(&atmel_port->lock_tx);
+ spin_lock(&atmel_port->lock_tx);
async_tx_ack(atmel_port->desc_tx);
atmel_port->cookie_tx = -EINVAL;
atmel_port->desc_tx = NULL;
- spin_unlock_irq(&atmel_port->lock_tx);
+ spin_unlock(&atmel_port->lock_tx);
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
uart_write_wakeup(port);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 173/323] hwrng: imx-rngc - fix the timeout for init and self check
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 172/323] serial: atmel: dont enable IRQs prematurely Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 174/323] ceph: dont let check_caps skip sending responses for revoke msgs Greg Kroah-Hartman
` (153 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Martin Kaiser, Herbert Xu
From: Martin Kaiser <martin@kaiser.cx>
commit d744ae7477190967a3ddc289e2cd4ae59e8b1237 upstream.
Fix the timeout that is used for the initialisation and for the self
test. wait_for_completion_timeout expects a timeout in jiffies, but
RNGC_TIMEOUT is in milliseconds. Call msecs_to_jiffies to do the
conversion.
Cc: stable@vger.kernel.org
Fixes: 1d5449445bd0 ("hwrng: mx-rngc - add a driver for Freescale RNGC")
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hw_random/imx-rngc.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/char/hw_random/imx-rngc.c
+++ b/drivers/char/hw_random/imx-rngc.c
@@ -105,7 +105,7 @@ static int imx_rngc_self_test(struct imx
cmd = readl(rngc->base + RNGC_COMMAND);
writel(cmd | RNGC_CMD_SELF_TEST, rngc->base + RNGC_COMMAND);
- ret = wait_for_completion_timeout(&rngc->rng_op_done, RNGC_TIMEOUT);
+ ret = wait_for_completion_timeout(&rngc->rng_op_done, msecs_to_jiffies(RNGC_TIMEOUT));
if (!ret) {
imx_rngc_irq_mask_clear(rngc);
return -ETIMEDOUT;
@@ -188,9 +188,7 @@ static int imx_rngc_init(struct hwrng *r
cmd = readl(rngc->base + RNGC_COMMAND);
writel(cmd | RNGC_CMD_SEED, rngc->base + RNGC_COMMAND);
- ret = wait_for_completion_timeout(&rngc->rng_op_done,
- RNGC_TIMEOUT);
-
+ ret = wait_for_completion_timeout(&rngc->rng_op_done, msecs_to_jiffies(RNGC_TIMEOUT));
if (!ret) {
imx_rngc_irq_mask_clear(rngc);
return -ETIMEDOUT;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 174/323] ceph: dont let check_caps skip sending responses for revoke msgs
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 173/323] hwrng: imx-rngc - fix the timeout for init and self check Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 175/323] meson saradc: fix clock divider mask length Greg Kroah-Hartman
` (152 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Xiubo Li, Milind Changire,
Patrick Donnelly, Ilya Dryomov
From: Xiubo Li <xiubli@redhat.com>
commit 257e6172ab36ebbe295a6c9ee9a9dd0fe54c1dc2 upstream.
If a client sends out a cap update dropping caps with the prior 'seq'
just before an incoming cap revoke request, then the client may drop
the revoke because it believes it's already released the requested
capabilities.
This causes the MDS to wait indefinitely for the client to respond
to the revoke. It's therefore always a good idea to ack the cap
revoke request with the bumped up 'seq'.
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/61782
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/caps.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -3285,6 +3285,15 @@ static void handle_cap_grant(struct inod
}
BUG_ON(cap->issued & ~cap->implemented);
+ /* don't let check_caps skip sending a response to MDS for revoke msgs */
+ if (le32_to_cpu(grant->op) == CEPH_CAP_OP_REVOKE) {
+ cap->mds_wanted = 0;
+ if (cap == ci->i_auth_cap)
+ check_caps = 1; /* check auth cap only */
+ else
+ check_caps = 2; /* check all caps */
+ }
+
if (extra_info->inline_version > 0 &&
extra_info->inline_version >= ci->i_inline_version) {
ci->i_inline_version = extra_info->inline_version;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 175/323] meson saradc: fix clock divider mask length
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 174/323] ceph: dont let check_caps skip sending responses for revoke msgs Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 176/323] Revert "8250: add support for ASIX devices with a FIFO bug" Greg Kroah-Hartman
` (151 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, George Stark, Andy Shevchenko,
Martin Blumenstingl, Jonathan Cameron
From: George Stark <gnstark@sberdevices.ru>
commit c57fa0037024c92c2ca34243e79e857da5d2c0a9 upstream.
According to the datasheets of supported meson SoCs length of ADC_CLK_DIV
field is 6-bit. Although all supported SoCs have the register
with that field documented later SoCs use external clock rather than
ADC internal clock so this patch affects only meson8 family (S8* SoCs).
Fixes: 3adbf3427330 ("iio: adc: add a driver for the SAR ADC found in Amlogic Meson SoCs")
Signed-off-by: George Stark <GNStark@sberdevices.ru>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Link: https://lore.kernel.org/r/20230606165357.42417-1-gnstark@sberdevices.ru
Cc: <stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/adc/meson_saradc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/adc/meson_saradc.c
+++ b/drivers/iio/adc/meson_saradc.c
@@ -75,7 +75,7 @@
#define MESON_SAR_ADC_REG3_PANEL_DETECT_COUNT_MASK GENMASK(20, 18)
#define MESON_SAR_ADC_REG3_PANEL_DETECT_FILTER_TB_MASK GENMASK(17, 16)
#define MESON_SAR_ADC_REG3_ADC_CLK_DIV_SHIFT 10
- #define MESON_SAR_ADC_REG3_ADC_CLK_DIV_WIDTH 5
+ #define MESON_SAR_ADC_REG3_ADC_CLK_DIV_WIDTH 6
#define MESON_SAR_ADC_REG3_BLOCK_DLY_SEL_MASK GENMASK(9, 8)
#define MESON_SAR_ADC_REG3_BLOCK_DLY_MASK GENMASK(7, 0)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 176/323] Revert "8250: add support for ASIX devices with a FIFO bug"
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 175/323] meson saradc: fix clock divider mask length Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 177/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Greg Kroah-Hartman
` (150 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Jiaqing Zhao,
Andy Shevchenko
From: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
commit a82d62f708545d22859584e0e0620da8e3759bbc upstream.
This reverts commit eb26dfe8aa7eeb5a5aa0b7574550125f8aa4c3b3.
Commit eb26dfe8aa7e ("8250: add support for ASIX devices with a FIFO
bug") merged on Jul 13, 2012 adds a quirk for PCI_VENDOR_ID_ASIX
(0x9710). But that ID is the same as PCI_VENDOR_ID_NETMOS defined in
1f8b061050c7 ("[PATCH] Netmos parallel/serial/combo support") merged
on Mar 28, 2005. In pci_serial_quirks array, the NetMos entry always
takes precedence over the ASIX entry even since it was initially
merged, code in that commit is always unreachable.
In my tests, adding the FIFO workaround to pci_netmos_init() makes no
difference, and the vendor driver also does not have such workaround.
Given that the code was never used for over a decade, it's safe to
revert it.
Also, the real PCI_VENDOR_ID_ASIX should be 0x125b, which is used on
their newer AX99100 PCIe serial controllers released on 2016. The FIFO
workaround should not be intended for these newer controllers, and it
was never implemented in vendor driver.
Fixes: eb26dfe8aa7e ("8250: add support for ASIX devices with a FIFO bug")
Cc: stable <stable@kernel.org>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230619155743.827859-1-jiaqing.zhao@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250.h | 1 -
drivers/tty/serial/8250/8250_pci.c | 19 -------------------
drivers/tty/serial/8250/8250_port.c | 11 +++--------
include/linux/serial_8250.h | 1 -
4 files changed, 3 insertions(+), 29 deletions(-)
--- a/drivers/tty/serial/8250/8250.h
+++ b/drivers/tty/serial/8250/8250.h
@@ -85,7 +85,6 @@ struct serial8250_config {
#define UART_BUG_TXEN (1 << 1) /* UART has buggy TX IIR status */
#define UART_BUG_NOMSR (1 << 2) /* UART has buggy MSR status bits (Au1x00) */
#define UART_BUG_THRE (1 << 3) /* UART has buggy THRE reassertion */
-#define UART_BUG_PARITY (1 << 4) /* UART mishandles parity if FIFO enabled */
#ifdef CONFIG_SERIAL_8250_SHARE_IRQ
--- a/drivers/tty/serial/8250/8250_pci.c
+++ b/drivers/tty/serial/8250/8250_pci.c
@@ -1049,14 +1049,6 @@ static int pci_oxsemi_tornado_init(struc
return number_uarts;
}
-static int pci_asix_setup(struct serial_private *priv,
- const struct pciserial_board *board,
- struct uart_8250_port *port, int idx)
-{
- port->bugs |= UART_BUG_PARITY;
- return pci_default_setup(priv, board, port, idx);
-}
-
/* Quatech devices have their own extra interface features */
struct quatech_feature {
@@ -1683,7 +1675,6 @@ pci_wch_ch38x_setup(struct serial_privat
#define PCI_DEVICE_ID_WCH_CH355_4S 0x7173
#define PCI_VENDOR_ID_AGESTAR 0x5372
#define PCI_DEVICE_ID_AGESTAR_9375 0x6872
-#define PCI_VENDOR_ID_ASIX 0x9710
#define PCI_DEVICE_ID_BROADCOM_TRUMANAGE 0x160a
#define PCI_DEVICE_ID_AMCC_ADDIDATA_APCI7800 0x818e
@@ -2455,16 +2446,6 @@ static struct pci_serial_quirk pci_seria
.setup = pci_wch_ch38x_setup,
},
/*
- * ASIX devices with FIFO bug
- */
- {
- .vendor = PCI_VENDOR_ID_ASIX,
- .device = PCI_ANY_ID,
- .subvendor = PCI_ANY_ID,
- .subdevice = PCI_ANY_ID,
- .setup = pci_asix_setup,
- },
- /*
* Broadcom TruManage (NetXtreme)
*/
{
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -2617,11 +2617,8 @@ static unsigned char serial8250_compute_
if (c_cflag & CSTOPB)
cval |= UART_LCR_STOP;
- if (c_cflag & PARENB) {
+ if (c_cflag & PARENB)
cval |= UART_LCR_PARITY;
- if (up->bugs & UART_BUG_PARITY)
- up->fifo_bug = true;
- }
if (!(c_cflag & PARODD))
cval |= UART_LCR_EPAR;
#ifdef CMSPAR
@@ -2735,8 +2732,7 @@ serial8250_do_set_termios(struct uart_po
up->lcr = cval; /* Save computed LCR */
if (up->capabilities & UART_CAP_FIFO && port->fifosize > 1) {
- /* NOTE: If fifo_bug is not set, a user can set RX_trigger. */
- if ((baud < 2400 && !up->dma) || up->fifo_bug) {
+ if (baud < 2400 && !up->dma) {
up->fcr &= ~UART_FCR_TRIGGER_MASK;
up->fcr |= UART_FCR_TRIGGER_1;
}
@@ -3072,8 +3068,7 @@ static int do_set_rxtrig(struct tty_port
struct uart_8250_port *up = up_to_u8250p(uport);
int rxtrig;
- if (!(up->capabilities & UART_CAP_FIFO) || uport->fifosize <= 1 ||
- up->fifo_bug)
+ if (!(up->capabilities & UART_CAP_FIFO) || uport->fifosize <= 1)
return -EINVAL;
rxtrig = bytes_to_fcr_rxtrig(up, bytes);
--- a/include/linux/serial_8250.h
+++ b/include/linux/serial_8250.h
@@ -99,7 +99,6 @@ struct uart_8250_port {
struct list_head list; /* ports on this IRQ */
u32 capabilities; /* port capabilities */
unsigned short bugs; /* port bugs */
- bool fifo_bug; /* min RX trigger if enabled */
unsigned int tx_loadsz; /* transmit fifo load size */
unsigned char acr;
unsigned char fcr;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 177/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 176/323] Revert "8250: add support for ASIX devices with a FIFO bug" Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 178/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk Greg Kroah-Hartman
` (149 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Andi Shyti,
Christophe JAILLET, Jiri Slaby
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit a9c09546e903f1068acfa38e1ee18bded7114b37 upstream.
If clk_get_rate() fails, the clk that has just been allocated needs to be
freed.
Cc: <stable@vger.kernel.org> # v3.3+
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Message-ID: <e4baf6039368f52e5a5453982ddcb9a330fc689e.1686412569.git.christophe.jaillet@wanadoo.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/samsung.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
@@ -1199,8 +1199,12 @@ static unsigned int s3c24xx_serial_getcl
continue;
rate = clk_get_rate(clk);
- if (!rate)
+ if (!rate) {
+ dev_err(ourport->port.dev,
+ "Failed to get clock rate for %s.\n", clkname);
+ clk_put(clk);
continue;
+ }
if (ourport->info->has_divslot) {
unsigned long div = rate / req_baud;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 178/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 177/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 179/323] ring-buffer: Fix deadloop issue on reading trace_pipe Greg Kroah-Hartman
` (148 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Andi Shyti,
Christophe JAILLET, Jiri Slaby
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
commit 832e231cff476102e8204a9e7bddfe5c6154a375 upstream.
When the best clk is searched, we iterate over all possible clk.
If we find a better match, the previous one, if any, needs to be freed.
If a better match has already been found, we still need to free the new
one, otherwise it leaks.
Cc: <stable@vger.kernel.org> # v3.3+
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Fixes: 5f5a7a5578c5 ("serial: samsung: switch to clkdev based clock lookup")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Message-ID: <cf3e0053d2fc7391b2d906a86cd01a5ef15fb9dc.1686412569.git.christophe.jaillet@wanadoo.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/samsung.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
@@ -1230,10 +1230,18 @@ static unsigned int s3c24xx_serial_getcl
calc_deviation = -calc_deviation;
if (calc_deviation < deviation) {
+ /*
+ * If we find a better clk, release the previous one, if
+ * any.
+ */
+ if (!IS_ERR(*best_clk))
+ clk_put(*best_clk);
*best_clk = clk;
best_quot = quot;
*clk_num = cnt;
deviation = calc_deviation;
+ } else {
+ clk_put(clk);
}
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 179/323] ring-buffer: Fix deadloop issue on reading trace_pipe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 178/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 180/323] xtensa: ISS: fix call to split_if_spec Greg Kroah-Hartman
` (147 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Zheng Yejian,
Steven Rostedt (Google)
From: Zheng Yejian <zhengyejian1@huawei.com>
commit 7e42907f3a7b4ce3a2d1757f6d78336984daf8f5 upstream.
Soft lockup occurs when reading file 'trace_pipe':
watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]
[...]
RIP: 0010:ring_buffer_empty_cpu+0xed/0x170
RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb
RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218
RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f
R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901
R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000
[...]
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__find_next_entry+0x1a8/0x4b0
? peek_next_entry+0x250/0x250
? down_write+0xa5/0x120
? down_write_killable+0x130/0x130
trace_find_next_entry_inc+0x3b/0x1d0
tracing_read_pipe+0x423/0xae0
? tracing_splice_read_pipe+0xcb0/0xcb0
vfs_read+0x16b/0x490
ksys_read+0x105/0x210
? __ia32_sys_pwrite64+0x200/0x200
? switch_fpu_return+0x108/0x220
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x61/0xc6
Through the vmcore, I found it's because in tracing_read_pipe(),
ring_buffer_empty_cpu() found some buffer is not empty but then it
cannot read anything due to "rb_num_of_entries() == 0" always true,
Then it infinitely loop the procedure due to user buffer not been
filled, see following code path:
tracing_read_pipe() {
... ...
waitagain:
tracing_wait_pipe() // 1. find non-empty buffer here
trace_find_next_entry_inc() // 2. loop here try to find an entry
__find_next_entry()
ring_buffer_empty_cpu(); // 3. find non-empty buffer
peek_next_entry() // 4. but peek always return NULL
ring_buffer_peek()
rb_buffer_peek()
rb_get_reader_page()
// 5. because rb_num_of_entries() == 0 always true here
// then return NULL
// 6. user buffer not been filled so goto 'waitgain'
// and eventually leads to an deadloop in kernel!!!
}
By some analyzing, I found that when resetting ringbuffer, the 'entries'
of its pages are not all cleared (see rb_reset_cpu()). Then when reducing
the ringbuffer, and if some reduced pages exist dirty 'entries' data, they
will be added into 'cpu_buffer->overrun' (see rb_remove_pages()), which
cause wrong 'overrun' count and eventually cause the deadloop issue.
To fix it, we need to clear every pages in rb_reset_cpu().
Link: https://lore.kernel.org/linux-trace-kernel/20230708225144.3785600-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Fixes: a5fb833172eca ("ring-buffer: Fix uninitialized read_stamp")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -4408,28 +4408,34 @@ unsigned long ring_buffer_size(struct ri
}
EXPORT_SYMBOL_GPL(ring_buffer_size);
+static void rb_clear_buffer_page(struct buffer_page *page)
+{
+ local_set(&page->write, 0);
+ local_set(&page->entries, 0);
+ rb_init_page(page->page);
+ page->read = 0;
+}
+
static void
rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
{
+ struct buffer_page *page;
+
rb_head_page_deactivate(cpu_buffer);
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
- local_set(&cpu_buffer->head_page->write, 0);
- local_set(&cpu_buffer->head_page->entries, 0);
- local_set(&cpu_buffer->head_page->page->commit, 0);
-
- cpu_buffer->head_page->read = 0;
+ rb_clear_buffer_page(cpu_buffer->head_page);
+ list_for_each_entry(page, cpu_buffer->pages, list) {
+ rb_clear_buffer_page(page);
+ }
cpu_buffer->tail_page = cpu_buffer->head_page;
cpu_buffer->commit_page = cpu_buffer->head_page;
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
- local_set(&cpu_buffer->reader_page->write, 0);
- local_set(&cpu_buffer->reader_page->entries, 0);
- local_set(&cpu_buffer->reader_page->page->commit, 0);
- cpu_buffer->reader_page->read = 0;
+ rb_clear_buffer_page(cpu_buffer->reader_page);
local_set(&cpu_buffer->entries_bytes, 0);
local_set(&cpu_buffer->overrun, 0);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 180/323] xtensa: ISS: fix call to split_if_spec
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 179/323] ring-buffer: Fix deadloop issue on reading trace_pipe Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 181/323] scsi: qla2xxx: Wait for io return on terminate rport Greg Kroah-Hartman
` (146 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Max Filippov
From: Max Filippov <jcmvbkbc@gmail.com>
commit bc8d5916541fa19ca5bc598eb51a5f78eb891a36 upstream.
split_if_spec expects a NULL-pointer as an end marker for the argument
list, but tuntap_probe never supplied that terminating NULL. As a result
incorrectly formatted interface specification string may cause a crash
because of the random memory access. Fix that by adding NULL terminator
to the split_if_spec argument list.
Cc: stable@vger.kernel.org
Fixes: 7282bee78798 ("[PATCH] xtensa: Architecture support for Tensilica Xtensa Part 8")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/xtensa/platforms/iss/network.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/xtensa/platforms/iss/network.c
+++ b/arch/xtensa/platforms/iss/network.c
@@ -236,7 +236,7 @@ static int tuntap_probe(struct iss_net_p
init += sizeof(TRANSPORT_TUNTAP_NAME) - 1;
if (*init == ',') {
- rem = split_if_spec(init + 1, &mac_str, &dev_name);
+ rem = split_if_spec(init + 1, &mac_str, &dev_name, NULL);
if (rem != NULL) {
pr_err("%s: extra garbage on specification : '%s'\n",
dev->name, rem);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 181/323] scsi: qla2xxx: Wait for io return on terminate rport
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 180/323] xtensa: ISS: fix call to split_if_spec Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 182/323] scsi: qla2xxx: Fix potential NULL pointer dereference Greg Kroah-Hartman
` (145 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
From: Quinn Tran <qutran@marvell.com>
commit fc0cba0c7be8261a1625098bd1d695077ec621c9 upstream.
System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230428075339.32551-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_attr.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -1800,6 +1800,7 @@ static void
qla2x00_terminate_rport_io(struct fc_rport *rport)
{
fc_port_t *fcport = *(fc_port_t **)rport->dd_data;
+ scsi_qla_host_t *vha;
if (!fcport)
return;
@@ -1809,9 +1810,12 @@ qla2x00_terminate_rport_io(struct fc_rpo
if (test_bit(ABORT_ISP_ACTIVE, &fcport->vha->dpc_flags))
return;
+ vha = fcport->vha;
if (unlikely(pci_channel_offline(fcport->vha->hw->pdev))) {
qla2x00_abort_all_cmds(fcport->vha, DID_NO_CONNECT << 16);
+ qla2x00_eh_wait_for_pending_commands(fcport->vha, fcport->d_id.b24,
+ 0, WAIT_TARGET);
return;
}
/*
@@ -1826,6 +1830,15 @@ qla2x00_terminate_rport_io(struct fc_rpo
else
qla2x00_port_logout(fcport->vha, fcport);
}
+
+ /* check for any straggling io left behind */
+ if (qla2x00_eh_wait_for_pending_commands(fcport->vha, fcport->d_id.b24, 0, WAIT_TARGET)) {
+ ql_log(ql_log_warn, vha, 0x300b,
+ "IO not return. Resetting. \n");
+ set_bit(ISP_ABORT_NEEDED, &vha->dpc_flags);
+ qla2xxx_wake_dpc(vha);
+ qla2x00_wait_for_chip_reset(vha);
+ }
}
static int
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 182/323] scsi: qla2xxx: Fix potential NULL pointer dereference
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 181/323] scsi: qla2xxx: Wait for io return on terminate rport Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 183/323] scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Greg Kroah-Hartman
` (144 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bikash Hazarika, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
From: Bikash Hazarika <bhazarika@marvell.com>
commit 464ea494a40c6e3e0e8f91dd325408aaf21515ba upstream.
Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate
pointer before dereferencing the pointer.
Cc: stable@vger.kernel.org
Signed-off-by: Bikash Hazarika <bhazarika@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230607113843.37185-3-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_iocb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -603,7 +603,8 @@ qla24xx_build_scsi_type_6_iocbs(srb_t *s
*((uint32_t *)(&cmd_pkt->entry_type)) = cpu_to_le32(COMMAND_TYPE_6);
/* No data transfer */
- if (!scsi_bufflen(cmd) || cmd->sc_data_direction == DMA_NONE) {
+ if (!scsi_bufflen(cmd) || cmd->sc_data_direction == DMA_NONE ||
+ tot_dsds == 0) {
cmd_pkt->byte_count = cpu_to_le32(0);
return 0;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 183/323] scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 182/323] scsi: qla2xxx: Fix potential NULL pointer dereference Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 184/323] scsi: qla2xxx: Pointer may be dereferenced Greg Kroah-Hartman
` (143 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nilesh Javali, Himanshu Madhani,
Martin K. Petersen
From: Nilesh Javali <njavali@marvell.com>
commit af73f23a27206ffb3c477cac75b5fcf03410556e upstream.
Klocwork reported warning of rport maybe NULL and will be dereferenced.
rport returned by call to fc_bsg_to_rport() could be NULL and dereferenced.
Check valid rport returned by fc_bsg_to_rport().
Cc: stable@vger.kernel.org
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230607113843.37185-5-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_bsg.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/scsi/qla2xxx/qla_bsg.c
+++ b/drivers/scsi/qla2xxx/qla_bsg.c
@@ -264,6 +264,10 @@ qla2x00_process_els(struct bsg_job *bsg_
if (bsg_request->msgcode == FC_BSG_RPT_ELS) {
rport = fc_bsg_to_rport(bsg_job);
+ if (!rport) {
+ rval = -ENOMEM;
+ goto done;
+ }
fcport = *(fc_port_t **) rport->dd_data;
host = rport_to_shost(rport);
vha = shost_priv(host);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 184/323] scsi: qla2xxx: Pointer may be dereferenced
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 183/323] scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 185/323] drm/atomic: Fix potential use-after-free in nonblocking commits Greg Kroah-Hartman
` (142 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shreyas Deodhar, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
From: Shreyas Deodhar <sdeodhar@marvell.com>
commit 00eca15319d9ce8c31cdf22f32a3467775423df4 upstream.
Klocwork tool reported pointer 'rport' returned from call to function
fc_bsg_to_rport() may be NULL and will be dereferenced.
Add a fix to validate rport before dereferencing.
Cc: stable@vger.kernel.org
Signed-off-by: Shreyas Deodhar <sdeodhar@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230607113843.37185-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_bsg.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/scsi/qla2xxx/qla_bsg.c
+++ b/drivers/scsi/qla2xxx/qla_bsg.c
@@ -2488,6 +2488,8 @@ qla24xx_bsg_request(struct bsg_job *bsg_
if (bsg_request->msgcode == FC_BSG_RPT_ELS) {
rport = fc_bsg_to_rport(bsg_job);
+ if (!rport)
+ return ret;
host = rport_to_shost(rport);
vha = shost_priv(host);
} else {
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 185/323] drm/atomic: Fix potential use-after-free in nonblocking commits
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 184/323] scsi: qla2xxx: Pointer may be dereferenced Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 186/323] tracing/histograms: Add histograms to hist_vars if they have referenced variables Greg Kroah-Hartman
` (141 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, shanzhulig, Maxime Ripard,
Maarten Lankhorst, Thomas Zimmermann, David Airlie, stable,
Daniel Vetter, Daniel Vetter, Linus Torvalds
From: Daniel Vetter <daniel.vetter@ffwll.ch>
commit 4e076c73e4f6e90816b30fcd4a0d7ab365087255 upstream.
This requires a bit of background. Properly done a modeset driver's
unload/remove sequence should be
drm_dev_unplug();
drm_atomic_helper_shutdown();
drm_dev_put();
The trouble is that the drm_dev_unplugged() checks are by design racy,
they do not synchronize against all outstanding ioctl. This is because
those ioctl could block forever (both for modeset and for driver
specific ioctls), leading to deadlocks in hotunplug. Instead the code
sections that touch the hardware need to be annotated with
drm_dev_enter/exit, to avoid accessing hardware resources after the
unload/remove has finished.
To avoid use-after-free issues all the involved userspace visible
objects are supposed to hold a reference on the underlying drm_device,
like drm_file does.
The issue now is that we missed one, the atomic modeset ioctl can be run
in a nonblocking fashion, and in that case it cannot rely on the implied
drm_device reference provided by the ioctl calling context. This can
result in a use-after-free if an nonblocking atomic commit is carefully
raced against a driver unload.
Fix this by unconditionally grabbing a drm_device reference for any
drm_atomic_state structures. Strictly speaking this isn't required for
blocking commits and TEST_ONLY calls, but it's the simpler approach.
Thanks to shanzhulig for the initial idea of grabbing an unconditional
reference, I just added comments, a condensed commit message and fixed a
minor potential issue in where exactly we drop the final reference.
Reported-by: shanzhulig <shanzhulig@gmail.com>
Suggested-by: shanzhulig <shanzhulig@gmail.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: David Airlie <airlied@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_atomic.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/drm_atomic.c
+++ b/drivers/gpu/drm/drm_atomic.c
@@ -91,6 +91,12 @@ drm_atomic_state_init(struct drm_device
if (!state->planes)
goto fail;
+ /*
+ * Because drm_atomic_state can be committed asynchronously we need our
+ * own reference and cannot rely on the on implied by drm_file in the
+ * ioctl call.
+ */
+ drm_dev_get(dev);
state->dev = dev;
DRM_DEBUG_ATOMIC("Allocated atomic state %p\n", state);
@@ -250,7 +256,8 @@ EXPORT_SYMBOL(drm_atomic_state_clear);
void __drm_atomic_state_free(struct kref *ref)
{
struct drm_atomic_state *state = container_of(ref, typeof(*state), ref);
- struct drm_mode_config *config = &state->dev->mode_config;
+ struct drm_device *dev = state->dev;
+ struct drm_mode_config *config = &dev->mode_config;
drm_atomic_state_clear(state);
@@ -262,6 +269,8 @@ void __drm_atomic_state_free(struct kref
drm_atomic_state_default_release(state);
kfree(state);
}
+
+ drm_dev_put(dev);
}
EXPORT_SYMBOL(__drm_atomic_state_free);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 186/323] tracing/histograms: Add histograms to hist_vars if they have referenced variables
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 185/323] drm/atomic: Fix potential use-after-free in nonblocking commits Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 187/323] perf probe: Add test for regression introduced by switch to die_get_decl_file() Greg Kroah-Hartman
` (140 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mohamed Khalfella,
Steven Rostedt (Google)
From: Mohamed Khalfella <mkhalfella@purestorage.com>
commit 6018b585e8c6fa7d85d4b38d9ce49a5b67be7078 upstream.
Hist triggers can have referenced variables without having direct
variables fields. This can be the case if referenced variables are added
for trigger actions. In this case the newly added references will not
have field variables. Not taking such referenced variables into
consideration can result in a bug where it would be possible to remove
hist trigger with variables being refenced. This will result in a bug
that is easily reproducable like so
$ cd /sys/kernel/tracing
$ echo 'synthetic_sys_enter char[] comm; long id' >> synthetic_events
$ echo 'hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname' >> events/raw_syscalls/sys_enter/trigger
$ echo 'hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)' >> events/raw_syscalls/sys_enter/trigger
$ echo '!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname' >> events/raw_syscalls/sys_enter/trigger
[ 100.263533] ==================================================================
[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180
[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439
[ 100.266320]
[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4
[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014
[ 100.268561] Call Trace:
[ 100.268902] <TASK>
[ 100.269189] dump_stack_lvl+0x4c/0x70
[ 100.269680] print_report+0xc5/0x600
[ 100.270165] ? resolve_var_refs+0xc7/0x180
[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0
[ 100.271389] ? resolve_var_refs+0xc7/0x180
[ 100.271913] kasan_report+0xbd/0x100
[ 100.272380] ? resolve_var_refs+0xc7/0x180
[ 100.272920] __asan_load8+0x71/0xa0
[ 100.273377] resolve_var_refs+0xc7/0x180
[ 100.273888] event_hist_trigger+0x749/0x860
[ 100.274505] ? kasan_save_stack+0x2a/0x50
[ 100.275024] ? kasan_set_track+0x29/0x40
[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10
[ 100.276138] ? ksys_write+0xd1/0x170
[ 100.276607] ? do_syscall_64+0x3c/0x90
[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 100.277771] ? destroy_hist_data+0x446/0x470
[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860
[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10
[ 100.279627] ? __kasan_check_write+0x18/0x20
[ 100.280177] ? mutex_unlock+0x85/0xd0
[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10
[ 100.281200] ? kfree+0x7b/0x120
[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0
[ 100.282197] ? event_trigger_write+0xac/0x100
[ 100.282764] ? __kasan_slab_free+0x16/0x20
[ 100.283293] ? __kmem_cache_free+0x153/0x2f0
[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250
[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10
[ 100.285221] ? event_trigger_write+0xbc/0x100
[ 100.285781] ? __kasan_check_read+0x15/0x20
[ 100.286321] ? __bitmap_weight+0x66/0xa0
[ 100.286833] ? _find_next_bit+0x46/0xe0
[ 100.287334] ? task_mm_cid_work+0x37f/0x450
[ 100.287872] event_triggers_call+0x84/0x150
[ 100.288408] trace_event_buffer_commit+0x339/0x430
[ 100.289073] ? ring_buffer_event_data+0x3f/0x60
[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0
[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0
[ 100.298653] syscall_enter_from_user_mode+0x32/0x40
[ 100.301808] do_syscall_64+0x1a/0x90
[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 100.307775] RIP: 0033:0x7f686c75c1cb
[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48
[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
[ 100.321200] RAX: ffffffffffffffda RBX: 000055f566469ea0 RCX: 00007f686c75c1cb
[ 100.324631] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000000a
[ 100.328104] RBP: 00007ffc60137ac0 R08: 00007f686c818460 R09: 000000000000000a
[ 100.331509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009
[ 100.334992] R13: 0000000000000007 R14: 000000000000000a R15: 0000000000000007
[ 100.338381] </TASK>
We hit the bug because when second hist trigger has was created
has_hist_vars() returned false because hist trigger did not have
variables. As a result of that save_hist_vars() was not called to add
the trigger to trace_array->hist_vars. Later on when we attempted to
remove the first histogram find_any_var_ref() failed to detect it is
being used because it did not find the second trigger in hist_vars list.
With this change we wait until trigger actions are created so we can take
into consideration if hist trigger has variable references. Also, now we
check the return value of save_hist_vars() and fail trigger creation if
save_hist_vars() fails.
Link: https://lore.kernel.org/linux-trace-kernel/20230712223021.636335-1-mkhalfella@purestorage.com
Cc: stable@vger.kernel.org
Fixes: 067fe038e70f6 ("tracing: Add variable reference handling to hist triggers")
Signed-off-by: Mohamed Khalfella <mkhalfella@purestorage.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_hist.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -5787,13 +5787,15 @@ static int event_hist_trigger_func(struc
if (get_named_trigger_data(trigger_data))
goto enable;
- if (has_hist_vars(hist_data))
- save_hist_vars(hist_data);
-
ret = create_actions(hist_data, file);
if (ret)
goto out_unreg;
+ if (has_hist_vars(hist_data) || hist_data->n_var_refs) {
+ if (save_hist_vars(hist_data))
+ goto out_unreg;
+ }
+
ret = tracing_map_init(hist_data->map);
if (ret)
goto out_unreg;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 187/323] perf probe: Add test for regression introduced by switch to die_get_decl_file()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 186/323] tracing/histograms: Add histograms to hist_vars if they have referenced variables Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 188/323] fuse: revalidate: dont invalidate if interrupted Greg Kroah-Hartman
` (139 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Georg Müller,
Masami Hiramatsu (Google), Adrian Hunter, Alexander Shishkin,
Ian Rogers, Ingo Molnar, Jiri Olsa, Mark Rutland, Namhyung Kim,
Peter Zijlstra, regressions, Arnaldo Carvalho de Melo
From: Georg Müller <georgmueller@gmx.net>
commit 56cbeacf143530576905623ac72ae0964f3293a6 upstream.
This patch adds a test to validate that 'perf probe' works for binaries
where DWARF info is split into multiple CUs
Signed-off-by: Georg Müller <georgmueller@gmx.net>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: regressions@lists.linux.dev
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230628084551.1860532-5-georgmueller@gmx.net
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/tests/shell/test_uprobe_from_different_cu.sh | 77 ++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100755 tools/perf/tests/shell/test_uprobe_from_different_cu.sh
--- /dev/null
+++ b/tools/perf/tests/shell/test_uprobe_from_different_cu.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+# test perf probe of function from different CU
+# SPDX-License-Identifier: GPL-2.0
+
+set -e
+
+temp_dir=$(mktemp -d /tmp/perf-uprobe-different-cu-sh.XXXXXXXXXX)
+
+cleanup()
+{
+ trap - EXIT TERM INT
+ if [[ "${temp_dir}" =~ ^/tmp/perf-uprobe-different-cu-sh.*$ ]]; then
+ echo "--- Cleaning up ---"
+ perf probe -x ${temp_dir}/testfile -d foo
+ rm -f "${temp_dir}/"*
+ rmdir "${temp_dir}"
+ fi
+}
+
+trap_cleanup()
+{
+ cleanup
+ exit 1
+}
+
+trap trap_cleanup EXIT TERM INT
+
+cat > ${temp_dir}/testfile-foo.h << EOF
+struct t
+{
+ int *p;
+ int c;
+};
+
+extern int foo (int i, struct t *t);
+EOF
+
+cat > ${temp_dir}/testfile-foo.c << EOF
+#include "testfile-foo.h"
+
+int
+foo (int i, struct t *t)
+{
+ int j, res = 0;
+ for (j = 0; j < i && j < t->c; j++)
+ res += t->p[j];
+
+ return res;
+}
+EOF
+
+cat > ${temp_dir}/testfile-main.c << EOF
+#include "testfile-foo.h"
+
+static struct t g;
+
+int
+main (int argc, char **argv)
+{
+ int i;
+ int j[argc];
+ g.c = argc;
+ g.p = j;
+ for (i = 0; i < argc; i++)
+ j[i] = (int) argv[i][0];
+ return foo (3, &g);
+}
+EOF
+
+gcc -g -Og -flto -c ${temp_dir}/testfile-foo.c -o ${temp_dir}/testfile-foo.o
+gcc -g -Og -c ${temp_dir}/testfile-main.c -o ${temp_dir}/testfile-main.o
+gcc -g -Og -o ${temp_dir}/testfile ${temp_dir}/testfile-foo.o ${temp_dir}/testfile-main.o
+
+perf probe -x ${temp_dir}/testfile --funcs foo
+perf probe -x ${temp_dir}/testfile foo
+
+cleanup
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 188/323] fuse: revalidate: dont invalidate if interrupted
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 187/323] perf probe: Add test for regression introduced by switch to die_get_decl_file() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 189/323] can: bcm: Fix UAF in bcm_proc_show() Greg Kroah-Hartman
` (138 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xu Rongbo, Miklos Szeredi
From: Miklos Szeredi <mszeredi@redhat.com>
commit a9d1c4c6df0e568207907c04aed9e7beb1294c42 upstream.
If the LOOKUP request triggered from fuse_dentry_revalidate() is
interrupted, then the dentry will be invalidated, possibly resulting in
submounts being unmounted.
Reported-by: Xu Rongbo <xurongbo@baidu.com>
Closes: https://lore.kernel.org/all/CAJfpegswN_CJJ6C3RZiaK6rpFmNyWmXfaEpnQUJ42KCwNF5tWw@mail.gmail.com/
Fixes: 9e6268db496a ("[PATCH] FUSE - read-write operations")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/fuse/dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -232,7 +232,7 @@ static int fuse_dentry_revalidate(struct
spin_unlock(&fc->lock);
}
kfree(forget);
- if (ret == -ENOMEM)
+ if (ret == -ENOMEM || ret == -EINTR)
goto out;
if (ret || fuse_invalid_attr(&outarg.attr) ||
(outarg.attr.mode ^ inode->i_mode) & S_IFMT)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 189/323] can: bcm: Fix UAF in bcm_proc_show()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 188/323] fuse: revalidate: dont invalidate if interrupted Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 190/323] ext4: correct inline offset when handling xattrs in inode body Greg Kroah-Hartman
` (137 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, YueHaibing, Oliver Hartkopp,
Marc Kleine-Budde
From: YueHaibing <yuehaibing@huawei.com>
commit 55c3b96074f3f9b0aee19bf93cd71af7516582bb upstream.
BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80
Read of size 8 at addr ffff888155846230 by task cat/7862
CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xd5/0x150
print_report+0xc1/0x5e0
kasan_report+0xba/0xf0
bcm_proc_show+0x969/0xa80
seq_read_iter+0x4f6/0x1260
seq_read+0x165/0x210
proc_reg_read+0x227/0x300
vfs_read+0x1d5/0x8d0
ksys_read+0x11e/0x240
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Allocated by task 7846:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x9e/0xa0
bcm_sendmsg+0x264b/0x44e0
sock_sendmsg+0xda/0x180
____sys_sendmsg+0x735/0x920
___sys_sendmsg+0x11d/0x1b0
__sys_sendmsg+0xfa/0x1d0
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 7846:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x27/0x40
____kasan_slab_free+0x161/0x1c0
slab_free_freelist_hook+0x119/0x220
__kmem_cache_free+0xb4/0x2e0
rcu_core+0x809/0x1bd0
bcm_op is freed before procfs entry be removed in bcm_release(),
this lead to bcm_proc_show() may read the freed bcm_op.
Fixes: ffd980f976e7 ("[CAN]: Add broadcast manager (bcm) protocol")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Link: https://lore.kernel.org/all/20230715092543.15548-1-yuehaibing@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/bcm.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1520,6 +1520,12 @@ static int bcm_release(struct socket *so
lock_sock(sk);
+#if IS_ENABLED(CONFIG_PROC_FS)
+ /* remove procfs entry */
+ if (net->can.bcmproc_dir && bo->bcm_proc_read)
+ remove_proc_entry(bo->procname, net->can.bcmproc_dir);
+#endif /* CONFIG_PROC_FS */
+
list_for_each_entry_safe(op, next, &bo->tx_ops, list)
bcm_remove_op(op);
@@ -1555,12 +1561,6 @@ static int bcm_release(struct socket *so
list_for_each_entry_safe(op, next, &bo->rx_ops, list)
bcm_remove_op(op);
-#if IS_ENABLED(CONFIG_PROC_FS)
- /* remove procfs entry */
- if (net->can.bcmproc_dir && bo->bcm_proc_read)
- remove_proc_entry(bo->procname, net->can.bcmproc_dir);
-#endif /* CONFIG_PROC_FS */
-
/* remove device reference */
if (bo->bound) {
bo->bound = 0;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 190/323] ext4: correct inline offset when handling xattrs in inode body
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 189/323] can: bcm: Fix UAF in bcm_proc_show() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 191/323] debugobjects: Recheck debug_objects_enabled before reporting Greg Kroah-Hartman
` (136 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Eric Whitney, Theodore Tso
From: Eric Whitney <enwlinux@gmail.com>
commit 6909cf5c4101214f4305a62d582a5b93c7e1eb9a upstream.
When run on a file system where the inline_data feature has been
enabled, xfstests generic/269, generic/270, and generic/476 cause ext4
to emit error messages indicating that inline directory entries are
corrupted. This occurs because the inline offset used to locate
inline directory entries in the inode body is not updated when an
xattr in that shared region is deleted and the region is shifted in
memory to recover the space it occupied. If the deleted xattr precedes
the system.data attribute, which points to the inline directory entries,
that attribute will be moved further up in the region. The inline
offset continues to point to whatever is located in system.data's former
location, with unfortunate effects when used to access directory entries
or (presumably) inline data in the inode body.
Cc: stable@kernel.org
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Link: https://lore.kernel.org/r/20230522181520.1570360-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/xattr.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1767,6 +1767,20 @@ static int ext4_xattr_set_entry(struct e
memmove(here, (void *)here + size,
(void *)last - (void *)here + sizeof(__u32));
memset(last, 0, size);
+
+ /*
+ * Update i_inline_off - moved ibody region might contain
+ * system.data attribute. Handling a failure here won't
+ * cause other complications for setting an xattr.
+ */
+ if (!is_block && ext4_has_inline_data(inode)) {
+ ret = ext4_find_inline_data_nolock(inode);
+ if (ret) {
+ ext4_warning_inode(inode,
+ "unable to update i_inline_off");
+ goto out;
+ }
+ }
} else if (s->not_found) {
/* Insert new name. */
size_t size = EXT4_XATTR_LEN(name_len);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 191/323] debugobjects: Recheck debug_objects_enabled before reporting
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 190/323] ext4: correct inline offset when handling xattrs in inode body Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 192/323] nbd: Add the maximum limit of allocated index in nbd_dev_add Greg Kroah-Hartman
` (135 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Thomas Gleixner,
Tetsuo Handa, Sasha Levin
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit 8b64d420fe2450f82848178506d3e3a0bd195539 ]
syzbot is reporting false a positive ODEBUG message immediately after
ODEBUG was disabled due to OOM.
[ 1062.309646][T22911] ODEBUG: Out of memory. ODEBUG disabled
[ 1062.886755][ T5171] ------------[ cut here ]------------
[ 1062.892770][ T5171] ODEBUG: assert_init not available (active state 0) object: ffffc900056afb20 object type: timer_list hint: process_timeout+0x0/0x40
CPU 0 [ T5171] CPU 1 [T22911]
-------------- --------------
debug_object_assert_init() {
if (!debug_objects_enabled)
return;
db = get_bucket(addr);
lookup_object_or_alloc() {
debug_objects_enabled = 0;
return NULL;
}
debug_objects_oom() {
pr_warn("Out of memory. ODEBUG disabled\n");
// all buckets get emptied here, and
}
lookup_object_or_alloc(addr, db, descr, false, true) {
// this bucket is already empty.
return ERR_PTR(-ENOENT);
}
// Emits false positive warning.
debug_print_object(&o, "assert_init");
}
Recheck debug_object_enabled in debug_print_object() to avoid that.
Reported-by: syzbot <syzbot+7937ba6a50bdd00fffdf@syzkaller.appspotmail.com>
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/492fe2ae-5141-d548-ebd5-62f5fe2e57f7@I-love.SAKURA.ne.jp
Closes: https://syzkaller.appspot.com/bug?extid=7937ba6a50bdd00fffdf
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/debugobjects.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 5f23d896df55a..62d095fd0c52a 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -371,6 +371,15 @@ static void debug_print_object(struct debug_obj *obj, char *msg)
struct debug_obj_descr *descr = obj->descr;
static int limit;
+ /*
+ * Don't report if lookup_object_or_alloc() by the current thread
+ * failed because lookup_object_or_alloc()/debug_objects_oom() by a
+ * concurrent thread turned off debug_objects_enabled and cleared
+ * the hash buckets.
+ */
+ if (!debug_objects_enabled)
+ return;
+
if (limit < 5 && descr != descr_test) {
void *hint = descr->debug_hint ?
descr->debug_hint(obj->object) : NULL;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 192/323] nbd: Add the maximum limit of allocated index in nbd_dev_add
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 191/323] debugobjects: Recheck debug_objects_enabled before reporting Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 193/323] md: fix data corruption for raid456 when reshape restart while grow up Greg Kroah-Hartman
` (134 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhong Jinghua, Christoph Hellwig,
Jens Axboe, Sasha Levin
From: Zhong Jinghua <zhongjinghua@huawei.com>
[ Upstream commit f12bc113ce904777fd6ca003b473b427782b3dde ]
If the index allocated by idr_alloc greater than MINORMASK >> part_shift,
the device number will overflow, resulting in failure to create a block
device.
Fix it by imiting the size of the max allocation.
Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20230605122159.2134384-1-zhongjinghua@huaweicloud.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/block/nbd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
index 28024248a7b53..5a07964a1e676 100644
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -1646,7 +1646,8 @@ static int nbd_dev_add(int index)
if (err == -ENOSPC)
err = -EEXIST;
} else {
- err = idr_alloc(&nbd_index_idr, nbd, 0, 0, GFP_KERNEL);
+ err = idr_alloc(&nbd_index_idr, nbd, 0,
+ (MINORMASK >> part_shift) + 1, GFP_KERNEL);
if (err >= 0)
index = err;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 193/323] md: fix data corruption for raid456 when reshape restart while grow up
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 192/323] nbd: Add the maximum limit of allocated index in nbd_dev_add Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 194/323] md/raid10: prevent soft lockup while flush writes Greg Kroah-Hartman
` (133 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Neuwirth, Yu Kuai, Song Liu,
Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 873f50ece41aad5c4f788a340960c53774b5526e ]
Currently, if reshape is interrupted, echo "reshape" to sync_action will
restart reshape from scratch, for example:
echo frozen > sync_action
echo reshape > sync_action
This will corrupt data before reshape_position if the array is growing,
fix the problem by continue reshape from reshape_position.
Reported-by: Peter Neuwirth <reddunur@online.de>
Link: https://lore.kernel.org/linux-raid/e2f96772-bfbc-f43b-6da1-f520e5164536@online.de/
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230512015610.821290-3-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 2e23a898fc978..6b074c2202d5a 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -4639,11 +4639,21 @@ action_store(struct mddev *mddev, const char *page, size_t len)
return -EINVAL;
err = mddev_lock(mddev);
if (!err) {
- if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))
+ if (test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)) {
err = -EBUSY;
- else {
+ } else if (mddev->reshape_position == MaxSector ||
+ mddev->pers->check_reshape == NULL ||
+ mddev->pers->check_reshape(mddev)) {
clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
err = mddev->pers->start_reshape(mddev);
+ } else {
+ /*
+ * If reshape is still in progress, and
+ * md_check_recovery() can continue to reshape,
+ * don't restart reshape because data can be
+ * corrupted for raid456.
+ */
+ clear_bit(MD_RECOVERY_FROZEN, &mddev->recovery);
}
mddev_unlock(mddev);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 194/323] md/raid10: prevent soft lockup while flush writes
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 193/323] md: fix data corruption for raid456 when reshape restart while grow up Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 195/323] posix-timers: Ensure timer ID search-loop limit is valid Greg Kroah-Hartman
` (132 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Kuai, Song Liu, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 010444623e7f4da6b4a4dd603a7da7469981e293 ]
Currently, there is no limit for raid1/raid10 plugged bio. While flushing
writes, raid1 has cond_resched() while raid10 doesn't, and too many
writes can cause soft lockup.
Follow up soft lockup can be triggered easily with writeback test for
raid10 with ramdisks:
watchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293]
Call Trace:
<TASK>
call_rcu+0x16/0x20
put_object+0x41/0x80
__delete_object+0x50/0x90
delete_object_full+0x2b/0x40
kmemleak_free+0x46/0xa0
slab_free_freelist_hook.constprop.0+0xed/0x1a0
kmem_cache_free+0xfd/0x300
mempool_free_slab+0x1f/0x30
mempool_free+0x3a/0x100
bio_free+0x59/0x80
bio_put+0xcf/0x2c0
free_r10bio+0xbf/0xf0
raid_end_bio_io+0x78/0xb0
one_write_done+0x8a/0xa0
raid10_end_write_request+0x1b4/0x430
bio_endio+0x175/0x320
brd_submit_bio+0x3b9/0x9b7 [brd]
__submit_bio+0x69/0xe0
submit_bio_noacct_nocheck+0x1e6/0x5a0
submit_bio_noacct+0x38c/0x7e0
flush_pending_writes+0xf0/0x240
raid10d+0xac/0x1ed0
Fix the problem by adding cond_resched() to raid10 like what raid1 did.
Note that unlimited plugged bio still need to be optimized, for example,
in the case of lots of dirty pages writeback, this will take lots of
memory and io will spend a long time in plug, hence io latency is bad.
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20230529131106.2123367-2-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid10.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index d46056b07c079..bee694be20132 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -942,6 +942,7 @@ static void flush_pending_writes(struct r10conf *conf)
else
generic_make_request(bio);
bio = next;
+ cond_resched();
}
blk_finish_plug(&plug);
} else
@@ -1127,6 +1128,7 @@ static void raid10_unplug(struct blk_plug_cb *cb, bool from_schedule)
else
generic_make_request(bio);
bio = next;
+ cond_resched();
}
kfree(plug);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 195/323] posix-timers: Ensure timer ID search-loop limit is valid
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 194/323] md/raid10: prevent soft lockup while flush writes Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 196/323] sched/fair: Dont balance task to its current running CPU Greg Kroah-Hartman
` (131 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+5c54bd3eb218bb595aa9,
Dmitry Vyukov, Thomas Gleixner, Frederic Weisbecker, Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 8ce8849dd1e78dadcee0ec9acbd259d239b7069f ]
posix_timer_add() tries to allocate a posix timer ID by starting from the
cached ID which was stored by the last successful allocation.
This is done in a loop searching the ID space for a free slot one by
one. The loop has to terminate when the search wrapped around to the
starting point.
But that's racy vs. establishing the starting point. That is read out
lockless, which leads to the following problem:
CPU0 CPU1
posix_timer_add()
start = sig->posix_timer_id;
lock(hash_lock);
... posix_timer_add()
if (++sig->posix_timer_id < 0)
start = sig->posix_timer_id;
sig->posix_timer_id = 0;
So CPU1 can observe a negative start value, i.e. -1, and the loop break
never happens because the condition can never be true:
if (sig->posix_timer_id == start)
break;
While this is unlikely to ever turn into an endless loop as the ID space is
huge (INT_MAX), the racy read of the start value caught the attention of
KCSAN and Dmitry unearthed that incorrectness.
Rewrite it so that all id operations are under the hash lock.
Reported-by: syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Link: https://lore.kernel.org/r/87bkhzdn6g.ffs@tglx
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sched/signal.h | 2 +-
kernel/time/posix-timers.c | 31 ++++++++++++++++++-------------
2 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h
index 660d78c9af6c8..6a55b30ae742b 100644
--- a/include/linux/sched/signal.h
+++ b/include/linux/sched/signal.h
@@ -127,7 +127,7 @@ struct signal_struct {
#ifdef CONFIG_POSIX_TIMERS
/* POSIX.1b Interval Timers */
- int posix_timer_id;
+ unsigned int next_posix_timer_id;
struct list_head posix_timers;
/* ITIMER_REAL timer for the process */
diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
index 1234868b3b03e..8768ce2c4bf52 100644
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -159,25 +159,30 @@ static struct k_itimer *posix_timer_by_id(timer_t id)
static int posix_timer_add(struct k_itimer *timer)
{
struct signal_struct *sig = current->signal;
- int first_free_id = sig->posix_timer_id;
struct hlist_head *head;
- int ret = -ENOENT;
+ unsigned int cnt, id;
- do {
+ /*
+ * FIXME: Replace this by a per signal struct xarray once there is
+ * a plan to handle the resulting CRIU regression gracefully.
+ */
+ for (cnt = 0; cnt <= INT_MAX; cnt++) {
spin_lock(&hash_lock);
- head = &posix_timers_hashtable[hash(sig, sig->posix_timer_id)];
- if (!__posix_timers_find(head, sig, sig->posix_timer_id)) {
+ id = sig->next_posix_timer_id;
+
+ /* Write the next ID back. Clamp it to the positive space */
+ sig->next_posix_timer_id = (id + 1) & INT_MAX;
+
+ head = &posix_timers_hashtable[hash(sig, id)];
+ if (!__posix_timers_find(head, sig, id)) {
hlist_add_head_rcu(&timer->t_hash, head);
- ret = sig->posix_timer_id;
+ spin_unlock(&hash_lock);
+ return id;
}
- if (++sig->posix_timer_id < 0)
- sig->posix_timer_id = 0;
- if ((sig->posix_timer_id == first_free_id) && (ret == -ENOENT))
- /* Loop over all possible ids completed */
- ret = -EAGAIN;
spin_unlock(&hash_lock);
- } while (ret == -ENOENT);
- return ret;
+ }
+ /* POSIX return code when no timer ID could be allocated */
+ return -EAGAIN;
}
static inline void unlock_timer(struct k_itimer *timr, unsigned long flags)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 196/323] sched/fair: Dont balance task to its current running CPU
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 195/323] posix-timers: Ensure timer ID search-loop limit is valid Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 197/323] bpf: Address KCSAN report on bpf_lru_list Greg Kroah-Hartman
` (130 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vincent Guittot, Yicong Yang,
Peter Zijlstra (Intel), Sasha Levin
From: Yicong Yang <yangyicong@hisilicon.com>
[ Upstream commit 0dd37d6dd33a9c23351e6115ae8cdac7863bc7de ]
We've run into the case that the balancer tries to balance a migration
disabled task and trigger the warning in set_task_cpu() like below:
------------[ cut here ]------------
WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240
Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 <...snip>
CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.1.0-rc4+ #1
Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021
pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : set_task_cpu+0x188/0x240
lr : load_balance+0x5d0/0xc60
sp : ffff80000803bc70
x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040
x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001
x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78
x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000
x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000
x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530
x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e
x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a
x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001
Call trace:
set_task_cpu+0x188/0x240
load_balance+0x5d0/0xc60
rebalance_domains+0x26c/0x380
_nohz_idle_balance.isra.0+0x1e0/0x370
run_rebalance_domains+0x6c/0x80
__do_softirq+0x128/0x3d8
____do_softirq+0x18/0x24
call_on_irq_stack+0x2c/0x38
do_softirq_own_stack+0x24/0x3c
__irq_exit_rcu+0xcc/0xf4
irq_exit_rcu+0x18/0x24
el1_interrupt+0x4c/0xe4
el1h_64_irq_handler+0x18/0x2c
el1h_64_irq+0x74/0x78
arch_cpu_idle+0x18/0x4c
default_idle_call+0x58/0x194
do_idle+0x244/0x2b0
cpu_startup_entry+0x30/0x3c
secondary_start_kernel+0x14c/0x190
__secondary_switched+0xb0/0xb4
---[ end trace 0000000000000000 ]---
Further investigation shows that the warning is superfluous, the migration
disabled task is just going to be migrated to its current running CPU.
This is because that on load balance if the dst_cpu is not allowed by the
task, we'll re-select a new_dst_cpu as a candidate. If no task can be
balanced to dst_cpu we'll try to balance the task to the new_dst_cpu
instead. In this case when the migration disabled task is not on CPU it
only allows to run on its current CPU, load balance will select its
current CPU as new_dst_cpu and later triggers the warning above.
The new_dst_cpu is chosen from the env->dst_grpmask. Currently it
contains CPUs in sched_group_span() and if we have overlapped groups it's
possible to run into this case. This patch makes env->dst_grpmask of
group_balance_mask() which exclude any CPUs from the busiest group and
solve the issue. For balancing in a domain with no overlapped groups
the behaviour keeps same as before.
Suggested-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lore.kernel.org/r/20230530082507.10444-1-yangyicong@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/sched/fair.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
index eb67f42fb96ba..09f82c84474b8 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -8721,7 +8721,7 @@ static int load_balance(int this_cpu, struct rq *this_rq,
.sd = sd,
.dst_cpu = this_cpu,
.dst_rq = this_rq,
- .dst_grpmask = sched_group_span(sd->groups),
+ .dst_grpmask = group_balance_mask(sd->groups),
.idle = idle,
.loop_break = sched_nr_migrate_break,
.cpus = cpus,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 197/323] bpf: Address KCSAN report on bpf_lru_list
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 196/323] sched/fair: Dont balance task to its current running CPU Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 198/323] wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Greg Kroah-Hartman
` (129 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+ebe648a84e8784763f82,
Martin KaFai Lau, Yonghong Song, Alexei Starovoitov, Sasha Levin
From: Martin KaFai Lau <martin.lau@kernel.org>
[ Upstream commit ee9fd0ac3017c4313be91a220a9ac4c99dde7ad4 ]
KCSAN reported a data-race when accessing node->ref.
Although node->ref does not have to be accurate,
take this chance to use a more common READ_ONCE() and WRITE_ONCE()
pattern instead of data_race().
There is an existing bpf_lru_node_is_ref() and bpf_lru_node_set_ref().
This patch also adds bpf_lru_node_clear_ref() to do the
WRITE_ONCE(node->ref, 0) also.
==================================================================
BUG: KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem
write to 0xffff888137038deb of 1 bytes by task 11240 on cpu 1:
__bpf_lru_node_move kernel/bpf/bpf_lru_list.c:113 [inline]
__bpf_lru_list_rotate_active kernel/bpf/bpf_lru_list.c:149 [inline]
__bpf_lru_list_rotate+0x1bf/0x750 kernel/bpf/bpf_lru_list.c:240
bpf_lru_list_pop_free_to_local kernel/bpf/bpf_lru_list.c:329 [inline]
bpf_common_lru_pop_free kernel/bpf/bpf_lru_list.c:447 [inline]
bpf_lru_pop_free+0x638/0xe20 kernel/bpf/bpf_lru_list.c:499
prealloc_lru_pop kernel/bpf/hashtab.c:290 [inline]
__htab_lru_percpu_map_update_elem+0xe7/0x820 kernel/bpf/hashtab.c:1316
bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313
bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200
generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687
bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
__sys_bpf+0x338/0x810
__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
read to 0xffff888137038deb of 1 bytes by task 11241 on cpu 0:
bpf_lru_node_set_ref kernel/bpf/bpf_lru_list.h:70 [inline]
__htab_lru_percpu_map_update_elem+0x2f1/0x820 kernel/bpf/hashtab.c:1332
bpf_percpu_hash_update+0x5e/0x90 kernel/bpf/hashtab.c:2313
bpf_map_update_value+0x2a9/0x370 kernel/bpf/syscall.c:200
generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1687
bpf_map_do_batch+0x2d9/0x3d0 kernel/bpf/syscall.c:4534
__sys_bpf+0x338/0x810
__do_sys_bpf kernel/bpf/syscall.c:5096 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5094 [inline]
__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5094
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x01 -> 0x00
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 11241 Comm: syz-executor.3 Not tainted 6.3.0-rc7-syzkaller-00136-g6a66fdd29ea1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
==================================================================
Reported-by: syzbot+ebe648a84e8784763f82@syzkaller.appspotmail.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20230511043748.1384166-1-martin.lau@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/bpf_lru_list.c | 21 +++++++++++++--------
kernel/bpf/bpf_lru_list.h | 7 ++-----
2 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/kernel/bpf/bpf_lru_list.c b/kernel/bpf/bpf_lru_list.c
index 9b5eeff72fd37..39a0e768adc39 100644
--- a/kernel/bpf/bpf_lru_list.c
+++ b/kernel/bpf/bpf_lru_list.c
@@ -44,7 +44,12 @@ static struct list_head *local_pending_list(struct bpf_lru_locallist *loc_l)
/* bpf_lru_node helpers */
static bool bpf_lru_node_is_ref(const struct bpf_lru_node *node)
{
- return node->ref;
+ return READ_ONCE(node->ref);
+}
+
+static void bpf_lru_node_clear_ref(struct bpf_lru_node *node)
+{
+ WRITE_ONCE(node->ref, 0);
}
static void bpf_lru_list_count_inc(struct bpf_lru_list *l,
@@ -92,7 +97,7 @@ static void __bpf_lru_node_move_in(struct bpf_lru_list *l,
bpf_lru_list_count_inc(l, tgt_type);
node->type = tgt_type;
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
list_move(&node->list, &l->lists[tgt_type]);
}
@@ -113,7 +118,7 @@ static void __bpf_lru_node_move(struct bpf_lru_list *l,
bpf_lru_list_count_inc(l, tgt_type);
node->type = tgt_type;
}
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
/* If the moving node is the next_inactive_rotation candidate,
* move the next_inactive_rotation pointer also.
@@ -356,7 +361,7 @@ static void __local_list_add_pending(struct bpf_lru *lru,
*(u32 *)((void *)node + lru->hash_offset) = hash;
node->cpu = cpu;
node->type = BPF_LRU_LOCAL_LIST_T_PENDING;
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
list_add(&node->list, local_pending_list(loc_l));
}
@@ -422,7 +427,7 @@ static struct bpf_lru_node *bpf_percpu_lru_pop_free(struct bpf_lru *lru,
if (!list_empty(free_list)) {
node = list_first_entry(free_list, struct bpf_lru_node, list);
*(u32 *)((void *)node + lru->hash_offset) = hash;
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
__bpf_lru_node_move(l, node, BPF_LRU_LIST_T_INACTIVE);
}
@@ -525,7 +530,7 @@ static void bpf_common_lru_push_free(struct bpf_lru *lru,
}
node->type = BPF_LRU_LOCAL_LIST_T_FREE;
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
list_move(&node->list, local_free_list(loc_l));
raw_spin_unlock_irqrestore(&loc_l->lock, flags);
@@ -571,7 +576,7 @@ static void bpf_common_lru_populate(struct bpf_lru *lru, void *buf,
node = (struct bpf_lru_node *)(buf + node_offset);
node->type = BPF_LRU_LIST_T_FREE;
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
list_add(&node->list, &l->lists[BPF_LRU_LIST_T_FREE]);
buf += elem_size;
}
@@ -597,7 +602,7 @@ static void bpf_percpu_lru_populate(struct bpf_lru *lru, void *buf,
node = (struct bpf_lru_node *)(buf + node_offset);
node->cpu = cpu;
node->type = BPF_LRU_LIST_T_FREE;
- node->ref = 0;
+ bpf_lru_node_clear_ref(node);
list_add(&node->list, &l->lists[BPF_LRU_LIST_T_FREE]);
i++;
buf += elem_size;
diff --git a/kernel/bpf/bpf_lru_list.h b/kernel/bpf/bpf_lru_list.h
index 7d4f89b7cb841..08da78b59f0b9 100644
--- a/kernel/bpf/bpf_lru_list.h
+++ b/kernel/bpf/bpf_lru_list.h
@@ -66,11 +66,8 @@ struct bpf_lru {
static inline void bpf_lru_node_set_ref(struct bpf_lru_node *node)
{
- /* ref is an approximation on access frequency. It does not
- * have to be very accurate. Hence, no protection is used.
- */
- if (!node->ref)
- node->ref = 1;
+ if (!READ_ONCE(node->ref))
+ WRITE_ONCE(node->ref, 1);
}
int bpf_lru_init(struct bpf_lru *lru, bool percpu, u32 hash_offset,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 198/323] wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 197/323] bpf: Address KCSAN report on bpf_lru_list Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 199/323] wifi: iwlwifi: mvm: avoid baid size integer overflow Greg Kroah-Hartman
` (128 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gustavo A. R. Silva, Simon Horman,
Johannes Berg, Sasha Levin
From: Gustavo A. R. Silva <gustavoars@kernel.org>
[ Upstream commit 71e7552c90db2a2767f5c17c7ec72296b0d92061 ]
-Wstringop-overflow is legitimately warning us about extra_size
pontentially being zero at some point, hence potenially ending
up _allocating_ zero bytes of memory for extra pointer and then
trying to access such object in a call to copy_from_user().
Fix this by adding a sanity check to ensure we never end up
trying to allocate zero bytes of data for extra pointer, before
continue executing the rest of the code in the function.
Address the following -Wstringop-overflow warning seen when built
m68k architecture with allyesconfig configuration:
from net/wireless/wext-core.c:11:
In function '_copy_from_user',
inlined from 'copy_from_user' at include/linux/uaccess.h:183:7,
inlined from 'ioctl_standard_iw_point' at net/wireless/wext-core.c:825:7:
arch/m68k/include/asm/string.h:48:25: warning: '__builtin_memset' writing 1 or more bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
48 | #define memset(d, c, n) __builtin_memset(d, c, n)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/uaccess.h:153:17: note: in expansion of macro 'memset'
153 | memset(to + (n - res), 0, res);
| ^~~~~~
In function 'kmalloc',
inlined from 'kzalloc' at include/linux/slab.h:694:9,
inlined from 'ioctl_standard_iw_point' at net/wireless/wext-core.c:819:10:
include/linux/slab.h:577:16: note: at offset 1 into destination object of size 0 allocated by '__kmalloc'
577 | return __kmalloc(size, flags);
| ^~~~~~~~~~~~~~~~~~~~~~
This help with the ongoing efforts to globally enable
-Wstringop-overflow.
Link: https://github.com/KSPP/linux/issues/315
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/ZItSlzvIpjdjNfd8@work
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/wext-core.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
index 76a80a41615be..a57f54bc0e1a7 100644
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
@@ -796,6 +796,12 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
}
}
+ /* Sanity-check to ensure we never end up _allocating_ zero
+ * bytes of data for extra.
+ */
+ if (extra_size <= 0)
+ return -EFAULT;
+
/* kzalloc() ensures NULL-termination for essid_compat. */
extra = kzalloc(extra_size, GFP_KERNEL);
if (!extra)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 199/323] wifi: iwlwifi: mvm: avoid baid size integer overflow
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 198/323] wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 200/323] igb: Fix igb_down hung on surprise removal Greg Kroah-Hartman
` (127 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Roee Goldfiner, Johannes Berg,
Gregory Greenman, Sasha Levin
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 1a528ab1da324d078ec60283c34c17848580df24 ]
Roee reported various hard-to-debug crashes with pings in
EHT aggregation scenarios. Enabling KASAN showed that we
access the BAID allocation out of bounds, and looking at
the code a bit shows that since the reorder buffer entry
(struct iwl_mvm_reorder_buf_entry) is 128 bytes if debug
such as lockdep is enabled, then staring from an agg size
512 we overflow the size calculation, and allocate a much
smaller structure than we should, causing slab corruption
once we initialize this.
Fix this by simply using u32 instead of u16.
Reported-by: Roee Goldfiner <roee.h.goldfiner@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230620125813.f428c856030d.I2c2bb808e945adb71bc15f5b2bac2d8957ea90eb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
index 373ace38edab7..83883ce7f55dc 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c
@@ -2237,7 +2237,7 @@ int iwl_mvm_sta_rx_agg(struct iwl_mvm *mvm, struct ieee80211_sta *sta,
}
if (iwl_mvm_has_new_rx_api(mvm) && start) {
- u16 reorder_buf_size = buf_size * sizeof(baid_data->entries[0]);
+ u32 reorder_buf_size = buf_size * sizeof(baid_data->entries[0]);
/* sparse doesn't like the __align() so don't check */
#ifndef __CHECKER__
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 200/323] igb: Fix igb_down hung on surprise removal
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 199/323] wifi: iwlwifi: mvm: avoid baid size integer overflow Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 201/323] spi: bcm63xx: fix max prepend length Greg Kroah-Hartman
` (126 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ying Hsu, Tony Nguyen, Simon Horman,
Jakub Kicinski, Sasha Levin, Pucha Himasekhar Reddy
From: Ying Hsu <yinghsu@chromium.org>
[ Upstream commit 004d25060c78fc31f66da0fa439c544dda1ac9d5 ]
In a setup where a Thunderbolt hub connects to Ethernet and a display
through USB Type-C, users may experience a hung task timeout when they
remove the cable between the PC and the Thunderbolt hub.
This is because the igb_down function is called multiple times when
the Thunderbolt hub is unplugged. For example, the igb_io_error_detected
triggers the first call, and the igb_remove triggers the second call.
The second call to igb_down will block at napi_synchronize.
Here's the call trace:
__schedule+0x3b0/0xddb
? __mod_timer+0x164/0x5d3
schedule+0x44/0xa8
schedule_timeout+0xb2/0x2a4
? run_local_timers+0x4e/0x4e
msleep+0x31/0x38
igb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4]
__igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4]
igb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4]
__dev_close_many+0x95/0xec
dev_close_many+0x6e/0x103
unregister_netdevice_many+0x105/0x5b1
unregister_netdevice_queue+0xc2/0x10d
unregister_netdev+0x1c/0x23
igb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4]
pci_device_remove+0x3f/0x9c
device_release_driver_internal+0xfe/0x1b4
pci_stop_bus_device+0x5b/0x7f
pci_stop_bus_device+0x30/0x7f
pci_stop_bus_device+0x30/0x7f
pci_stop_and_remove_bus_device+0x12/0x19
pciehp_unconfigure_device+0x76/0xe9
pciehp_disable_slot+0x6e/0x131
pciehp_handle_presence_or_link_change+0x7a/0x3f7
pciehp_ist+0xbe/0x194
irq_thread_fn+0x22/0x4d
? irq_thread+0x1fd/0x1fd
irq_thread+0x17b/0x1fd
? irq_forced_thread_fn+0x5f/0x5f
kthread+0x142/0x153
? __irq_get_irqchip_state+0x46/0x46
? kthread_associate_blkcg+0x71/0x71
ret_from_fork+0x1f/0x30
In this case, igb_io_error_detected detaches the network interface
and requests a PCIE slot reset, however, the PCIE reset callback is
not being invoked and thus the Ethernet connection breaks down.
As the PCIE error in this case is a non-fatal one, requesting a
slot reset can be avoided.
This patch fixes the task hung issue and preserves Ethernet
connection by ignoring non-fatal PCIE errors.
Signed-off-by: Ying Hsu <yinghsu@chromium.org>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230620174732.4145155-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/igb/igb_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 6f9d563deb6ba..be51179089852 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -9059,6 +9059,11 @@ static pci_ers_result_t igb_io_error_detected(struct pci_dev *pdev,
struct net_device *netdev = pci_get_drvdata(pdev);
struct igb_adapter *adapter = netdev_priv(netdev);
+ if (state == pci_channel_io_normal) {
+ dev_warn(&pdev->dev, "Non-correctable non-fatal error reported.\n");
+ return PCI_ERS_RESULT_CAN_RECOVER;
+ }
+
netif_device_detach(netdev);
if (state == pci_channel_io_perm_failure)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 201/323] spi: bcm63xx: fix max prepend length
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 200/323] igb: Fix igb_down hung on surprise removal Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 202/323] fbdev: imxfb: warn about invalid left/right margin Greg Kroah-Hartman
` (125 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jonas Gorski, Mark Brown,
Sasha Levin
From: Jonas Gorski <jonas.gorski@gmail.com>
[ Upstream commit 5158814cbb37bbb38344b3ecddc24ba2ed0365f2 ]
The command word is defined as following:
/* Command */
#define SPI_CMD_COMMAND_SHIFT 0
#define SPI_CMD_DEVICE_ID_SHIFT 4
#define SPI_CMD_PREPEND_BYTE_CNT_SHIFT 8
#define SPI_CMD_ONE_BYTE_SHIFT 11
#define SPI_CMD_ONE_WIRE_SHIFT 12
If the prepend byte count field starts at bit 8, and the next defined
bit is SPI_CMD_ONE_BYTE at bit 11, it can be at most 3 bits wide, and
thus the max value is 7, not 15.
Fixes: b17de076062a ("spi/bcm63xx: work around inability to keep CS up")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Link: https://lore.kernel.org/r/20230629071453.62024-1-jonas.gorski@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-bcm63xx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/spi/spi-bcm63xx.c b/drivers/spi/spi-bcm63xx.c
index bfe5754768f97..cc6ec3fb5bfdf 100644
--- a/drivers/spi/spi-bcm63xx.c
+++ b/drivers/spi/spi-bcm63xx.c
@@ -134,7 +134,7 @@ enum bcm63xx_regs_spi {
SPI_MSG_DATA_SIZE,
};
-#define BCM63XX_SPI_MAX_PREPEND 15
+#define BCM63XX_SPI_MAX_PREPEND 7
#define BCM63XX_SPI_MAX_CS 8
#define BCM63XX_SPI_BUS_NUM 0
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 202/323] fbdev: imxfb: warn about invalid left/right margin
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 201/323] spi: bcm63xx: fix max prepend length Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 203/323] pinctrl: amd: Use amd_pinconf_set() for all config options Greg Kroah-Hartman
` (124 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Kaiser, Helge Deller,
Sasha Levin
From: Martin Kaiser <martin@kaiser.cx>
[ Upstream commit 4e47382fbca916d7db95cbf9e2d7ca2e9d1ca3fe ]
Warn about invalid var->left_margin or var->right_margin. Their values
are read from the device tree.
We store var->left_margin-3 and var->right_margin-1 in register
fields. These fields should be >= 0.
Fixes: 7e8549bcee00 ("imxfb: Fix margin settings")
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/imxfb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/imxfb.c b/drivers/video/fbdev/imxfb.c
index c4eb8661f7516..8ec260ed9a6f6 100644
--- a/drivers/video/fbdev/imxfb.c
+++ b/drivers/video/fbdev/imxfb.c
@@ -601,10 +601,10 @@ static int imxfb_activate_var(struct fb_var_screeninfo *var, struct fb_info *inf
if (var->hsync_len < 1 || var->hsync_len > 64)
printk(KERN_ERR "%s: invalid hsync_len %d\n",
info->fix.id, var->hsync_len);
- if (var->left_margin > 255)
+ if (var->left_margin < 3 || var->left_margin > 255)
printk(KERN_ERR "%s: invalid left_margin %d\n",
info->fix.id, var->left_margin);
- if (var->right_margin > 255)
+ if (var->right_margin < 1 || var->right_margin > 255)
printk(KERN_ERR "%s: invalid right_margin %d\n",
info->fix.id, var->right_margin);
if (var->yres < 1 || var->yres > ymax_mask)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 203/323] pinctrl: amd: Use amd_pinconf_set() for all config options
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 202/323] fbdev: imxfb: warn about invalid left/right margin Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 204/323] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() Greg Kroah-Hartman
` (123 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nik P, Nathan Schulte,
Friedrich Vock, dridri85, Jan Visser, Mario Limonciello,
Andy Shevchenko, Linus Walleij, Sasha Levin
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 635a750d958e158e17af0f524bedc484b27fbb93 ]
On ASUS TUF A16 it is reported that the ITE5570 ACPI device connected to
GPIO 7 is causing an interrupt storm. This issue doesn't happen on
Windows.
Comparing the GPIO register configuration between Windows and Linux
bit 20 has been configured as a pull up on Windows, but not on Linux.
Checking GPIO declaration from the firmware it is clear it *should* have
been a pull up on Linux as well.
```
GpioInt (Level, ActiveLow, Exclusive, PullUp, 0x0000,
"\\_SB.GPIO", 0x00, ResourceConsumer, ,)
{ // Pin list
0x0007
}
```
On Linux amd_gpio_set_config() is currently only used for programming
the debounce. Actually the GPIO core calls it with all the arguments
that are supported by a GPIO, pinctrl-amd just responds `-ENOTSUPP`.
To solve this issue expand amd_gpio_set_config() to support the other
arguments amd_pinconf_set() supports, namely `PIN_CONFIG_BIAS_PULL_DOWN`,
`PIN_CONFIG_BIAS_PULL_UP`, and `PIN_CONFIG_DRIVE_STRENGTH`.
Reported-by: Nik P <npliashechnikov@gmail.com>
Reported-by: Nathan Schulte <nmschulte@gmail.com>
Reported-by: Friedrich Vock <friedrich.vock@gmx.de>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217336
Reported-by: dridri85@gmail.com
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217493
Link: https://lore.kernel.org/linux-input/20230530154058.17594-1-friedrich.vock@gmx.de/
Tested-by: Jan Visser <starquake@linuxeverywhere.org>
Fixes: 2956b5d94a76 ("pinctrl / gpio: Introduce .set_config() callback for GPIO chips")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230705133005.577-3-mario.limonciello@amd.com
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/pinctrl-amd.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/drivers/pinctrl/pinctrl-amd.c b/drivers/pinctrl/pinctrl-amd.c
index d5f5661de13c6..c140ee16fe7c8 100644
--- a/drivers/pinctrl/pinctrl-amd.c
+++ b/drivers/pinctrl/pinctrl-amd.c
@@ -190,18 +190,6 @@ static int amd_gpio_set_debounce(struct gpio_chip *gc, unsigned offset,
return ret;
}
-static int amd_gpio_set_config(struct gpio_chip *gc, unsigned offset,
- unsigned long config)
-{
- u32 debounce;
-
- if (pinconf_to_config_param(config) != PIN_CONFIG_INPUT_DEBOUNCE)
- return -ENOTSUPP;
-
- debounce = pinconf_to_config_argument(config);
- return amd_gpio_set_debounce(gc, offset, debounce);
-}
-
#ifdef CONFIG_DEBUG_FS
static void amd_gpio_dbg_show(struct seq_file *s, struct gpio_chip *gc)
{
@@ -686,7 +674,7 @@ static int amd_pinconf_get(struct pinctrl_dev *pctldev,
}
static int amd_pinconf_set(struct pinctrl_dev *pctldev, unsigned int pin,
- unsigned long *configs, unsigned num_configs)
+ unsigned long *configs, unsigned int num_configs)
{
int i;
u32 arg;
@@ -776,6 +764,20 @@ static int amd_pinconf_group_set(struct pinctrl_dev *pctldev,
return 0;
}
+static int amd_gpio_set_config(struct gpio_chip *gc, unsigned int pin,
+ unsigned long config)
+{
+ struct amd_gpio *gpio_dev = gpiochip_get_data(gc);
+
+ if (pinconf_to_config_param(config) == PIN_CONFIG_INPUT_DEBOUNCE) {
+ u32 debounce = pinconf_to_config_argument(config);
+
+ return amd_gpio_set_debounce(gc, pin, debounce);
+ }
+
+ return amd_pinconf_set(gpio_dev->pctrl, pin, &config, 1);
+}
+
static const struct pinconf_ops amd_pinconf_ops = {
.pin_config_get = amd_pinconf_get,
.pin_config_set = amd_pinconf_set,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 204/323] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 203/323] pinctrl: amd: Use amd_pinconf_set() for all config options Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 205/323] net:ipv6: check return value of pskb_trim() Greg Kroah-Hartman
` (122 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Tanmay Patil, Siddharth Vadapalli,
David S. Miller, Sasha Levin
From: Tanmay Patil <t-patil@ti.com>
[ Upstream commit b685f1a58956fa36cc01123f253351b25bfacfda ]
CPSW ALE has 75 bit ALE entries which are stored within three 32 bit words.
The cpsw_ale_get_field() and cpsw_ale_set_field() functions assume that the
field will be strictly contained within one word. However, this is not
guaranteed to be the case and it is possible for ALE field entries to span
across up to two words at the most.
Fix the methods to handle getting/setting fields spanning up to two words.
Fixes: db82173f23c5 ("netdev: driver: ethernet: add cpsw address lookup engine support")
Signed-off-by: Tanmay Patil <t-patil@ti.com>
[s-vadapalli@ti.com: rephrased commit message and added Fixes tag]
Signed-off-by: Siddharth Vadapalli <s-vadapalli@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/cpsw_ale.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/ti/cpsw_ale.c b/drivers/net/ethernet/ti/cpsw_ale.c
index c245629a38c76..6cb98760bc84e 100644
--- a/drivers/net/ethernet/ti/cpsw_ale.c
+++ b/drivers/net/ethernet/ti/cpsw_ale.c
@@ -67,23 +67,37 @@
static inline int cpsw_ale_get_field(u32 *ale_entry, u32 start, u32 bits)
{
- int idx;
+ int idx, idx2;
+ u32 hi_val = 0;
idx = start / 32;
+ idx2 = (start + bits - 1) / 32;
+ /* Check if bits to be fetched exceed a word */
+ if (idx != idx2) {
+ idx2 = 2 - idx2; /* flip */
+ hi_val = ale_entry[idx2] << ((idx2 * 32) - start);
+ }
start -= idx * 32;
idx = 2 - idx; /* flip */
- return (ale_entry[idx] >> start) & BITMASK(bits);
+ return (hi_val + (ale_entry[idx] >> start)) & BITMASK(bits);
}
static inline void cpsw_ale_set_field(u32 *ale_entry, u32 start, u32 bits,
u32 value)
{
- int idx;
+ int idx, idx2;
value &= BITMASK(bits);
- idx = start / 32;
+ idx = start / 32;
+ idx2 = (start + bits - 1) / 32;
+ /* Check if bits to be set exceed a word */
+ if (idx != idx2) {
+ idx2 = 2 - idx2; /* flip */
+ ale_entry[idx2] &= ~(BITMASK(bits + start - (idx2 * 32)));
+ ale_entry[idx2] |= (value >> ((idx2 * 32) - start));
+ }
start -= idx * 32;
- idx = 2 - idx; /* flip */
+ idx = 2 - idx; /* flip */
ale_entry[idx] &= ~(BITMASK(bits) << start);
ale_entry[idx] |= (value << start);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 205/323] net:ipv6: check return value of pskb_trim()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 204/323] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 206/323] Revert "tcp: avoid the lookup process failing to get sk in ehash table" Greg Kroah-Hartman
` (121 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuanjun Gong, David Ahern,
Kuniyuki Iwashima, David S. Miller, Sasha Levin
From: Yuanjun Gong <ruc_gongyuanjun@163.com>
[ Upstream commit 4258faa130be4ea43e5e2d839467da421b8ff274 ]
goto tx_err if an unexpected result is returned by pskb_tirm()
in ip6erspan_tunnel_xmit().
Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ip6_gre.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 45c304b51b2b7..aa8ada354a399 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -960,7 +960,8 @@ static netdev_tx_t ip6erspan_tunnel_xmit(struct sk_buff *skb,
goto tx_err;
if (skb->len > dev->mtu + dev->hard_header_len) {
- pskb_trim(skb, dev->mtu + dev->hard_header_len);
+ if (pskb_trim(skb, dev->mtu + dev->hard_header_len))
+ goto tx_err;
truncate = true;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 206/323] Revert "tcp: avoid the lookup process failing to get sk in ehash table"
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 205/323] net:ipv6: check return value of pskb_trim() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 207/323] fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Greg Kroah-Hartman
` (120 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Jakub Kicinski,
Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 81b3ade5d2b98ad6e0a473b0e1e420a801275592 ]
This reverts commit 3f4ca5fafc08881d7a57daa20449d171f2887043.
Commit 3f4ca5fafc08 ("tcp: avoid the lookup process failing to get sk in
ehash table") reversed the order in how a socket is inserted into ehash
to fix an issue that ehash-lookup could fail when reqsk/full sk/twsk are
swapped. However, it introduced another lookup failure.
The full socket in ehash is allocated from a slab with SLAB_TYPESAFE_BY_RCU
and does not have SOCK_RCU_FREE, so the socket could be reused even while
it is being referenced on another CPU doing RCU lookup.
Let's say a socket is reused and inserted into the same hash bucket during
lookup. After the blamed commit, a new socket is inserted at the end of
the list. If that happens, we will skip sockets placed after the previous
position of the reused socket, resulting in ehash lookup failure.
As described in Documentation/RCU/rculist_nulls.rst, we should insert a
new socket at the head of the list to avoid such an issue.
This issue, the swap-lookup-failure, and another variant reported in [0]
can all be handled properly by adding a locked ehash lookup suggested by
Eric Dumazet [1].
However, this issue could occur for every packet, thus more likely than
the other two races, so let's revert the change for now.
Link: https://lore.kernel.org/netdev/20230606064306.9192-1-duanmuquan@baidu.com/ [0]
Link: https://lore.kernel.org/netdev/CANn89iK8snOz8TYOhhwfimC7ykYA78GA3Nyv8x06SZYa1nKdyA@mail.gmail.com/ [1]
Fixes: 3f4ca5fafc08 ("tcp: avoid the lookup process failing to get sk in ehash table")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230717215918.15723-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/inet_hashtables.c | 17 ++---------------
net/ipv4/inet_timewait_sock.c | 8 ++++----
2 files changed, 6 insertions(+), 19 deletions(-)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 5a272d09b8248..c6d670cd872f0 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -579,20 +579,8 @@ bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk)
spin_lock(lock);
if (osk) {
WARN_ON_ONCE(sk->sk_hash != osk->sk_hash);
- ret = sk_hashed(osk);
- if (ret) {
- /* Before deleting the node, we insert a new one to make
- * sure that the look-up-sk process would not miss either
- * of them and that at least one node would exist in ehash
- * table all the time. Otherwise there's a tiny chance
- * that lookup process could find nothing in ehash table.
- */
- __sk_nulls_add_node_tail_rcu(sk, list);
- sk_nulls_del_node_init_rcu(osk);
- }
- goto unlock;
- }
- if (found_dup_sk) {
+ ret = sk_nulls_del_node_init_rcu(osk);
+ } else if (found_dup_sk) {
*found_dup_sk = inet_ehash_lookup_by_sk(sk, list);
if (*found_dup_sk)
ret = false;
@@ -601,7 +589,6 @@ bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk)
if (ret)
__sk_nulls_add_node_rcu(sk, list);
-unlock:
spin_unlock(lock);
return ret;
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index fedd19c22b392..88c5069b5d20c 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -80,10 +80,10 @@ void inet_twsk_put(struct inet_timewait_sock *tw)
}
EXPORT_SYMBOL_GPL(inet_twsk_put);
-static void inet_twsk_add_node_tail_rcu(struct inet_timewait_sock *tw,
- struct hlist_nulls_head *list)
+static void inet_twsk_add_node_rcu(struct inet_timewait_sock *tw,
+ struct hlist_nulls_head *list)
{
- hlist_nulls_add_tail_rcu(&tw->tw_node, list);
+ hlist_nulls_add_head_rcu(&tw->tw_node, list);
}
static void inet_twsk_add_bind_node(struct inet_timewait_sock *tw,
@@ -119,7 +119,7 @@ void inet_twsk_hashdance(struct inet_timewait_sock *tw, struct sock *sk,
spin_lock(lock);
- inet_twsk_add_node_tail_rcu(tw, &ehead->chain);
+ inet_twsk_add_node_rcu(tw, &ehead->chain);
/* Step 3: Remove SK from hash chain */
if (__sk_nulls_del_node_init_rcu(sk))
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 207/323] fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 206/323] Revert "tcp: avoid the lookup process failing to get sk in ehash table" Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 208/323] llc: Dont drop packet from non-root netns Greg Kroah-Hartman
` (119 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Shurong, Helge Deller,
Sasha Levin
From: Zhang Shurong <zhang_shurong@foxmail.com>
[ Upstream commit 4e88761f5f8c7869f15a2046b1a1116f4fab4ac8 ]
This func misses checking for platform_get_irq()'s call and may passes the
negative error codes to request_irq(), which takes unsigned IRQ #,
causing it to fail with -EINVAL, overriding an original error code.
Fix this by stop calling request_irq() with invalid IRQ #s.
Fixes: 1630d85a8312 ("au1200fb: fix hardcoded IRQ")
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/au1200fb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/video/fbdev/au1200fb.c b/drivers/video/fbdev/au1200fb.c
index f8e83a9519189..593c390e98629 100644
--- a/drivers/video/fbdev/au1200fb.c
+++ b/drivers/video/fbdev/au1200fb.c
@@ -1744,6 +1744,9 @@ static int au1200fb_drv_probe(struct platform_device *dev)
/* Now hook interrupt too */
irq = platform_get_irq(dev, 0);
+ if (irq < 0)
+ return irq;
+
ret = request_irq(irq, au1200fb_handle_irq,
IRQF_SHARED, "lcd", (void *)dev);
if (ret) {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 208/323] llc: Dont drop packet from non-root netns.
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 207/323] fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 209/323] netfilter: nf_tables: fix spurious set element insertion failure Greg Kroah-Hartman
` (118 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kuniyuki Iwashima, Paolo Abeni,
Sasha Levin
From: Kuniyuki Iwashima <kuniyu@amazon.com>
[ Upstream commit 6631463b6e6673916d2481f692938f393148aa82 ]
Now these upper layer protocol handlers can be called from llc_rcv()
as sap->rcv_func(), which is registered by llc_sap_open().
* function which is passed to register_8022_client()
-> no in-kernel user calls register_8022_client().
* snap_rcv()
`- proto->rcvfunc() : registered by register_snap_client()
-> aarp_rcv() and atalk_rcv() drop packets from non-root netns
* stp_pdu_rcv()
`- garp_protos[]->rcv() : registered by stp_proto_register()
-> garp_pdu_rcv() and br_stp_rcv() are netns-aware
So, we can safely remove the netns restriction in llc_rcv().
Fixes: e730c15519d0 ("[NET]: Make packet reception network namespace safe")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/llc/llc_input.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 82cb93f66b9bd..f9e801cc50f5e 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -162,9 +162,6 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
void (*sta_handler)(struct sk_buff *skb);
void (*sap_handler)(struct llc_sap *sap, struct sk_buff *skb);
- if (!net_eq(dev_net(dev), &init_net))
- goto drop;
-
/*
* When the interface is in promisc. mode, drop all the crap that it
* receives, do not try to analyse it.
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 209/323] netfilter: nf_tables: fix spurious set element insertion failure
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 208/323] llc: Dont drop packet from non-root netns Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 210/323] netfilter: nf_tables: cant schedule in nft_chain_validate Greg Kroah-Hartman
` (117 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Florian Westphal, Sasha Levin
From: Florian Westphal <fw@strlen.de>
[ Upstream commit ddbd8be68941985f166f5107109a90ce13147c44 ]
On some platforms there is a padding hole in the nft_verdict
structure, between the verdict code and the chain pointer.
On element insertion, if the new element clashes with an existing one and
NLM_F_EXCL flag isn't set, we want to ignore the -EEXIST error as long as
the data associated with duplicated element is the same as the existing
one. The data equality check uses memcmp.
For normal data (NFT_DATA_VALUE) this works fine, but for NFT_DATA_VERDICT
padding area leads to spurious failure even if the verdict data is the
same.
This then makes the insertion fail with 'already exists' error, even
though the new "key : data" matches an existing entry and userspace
told the kernel that it doesn't want to receive an error indication.
Fixes: c016c7e45ddf ("netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 16405e71a6780..f25b6337f150a 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7248,6 +7248,9 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
if (!tb[NFTA_VERDICT_CODE])
return -EINVAL;
+
+ /* zero padding hole for memcmp */
+ memset(data, 0, sizeof(*data));
data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE]));
switch (data->verdict.code) {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 210/323] netfilter: nf_tables: cant schedule in nft_chain_validate
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 209/323] netfilter: nf_tables: fix spurious set element insertion failure Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 211/323] net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX Greg Kroah-Hartman
` (116 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Florian Westphal, Sasha Levin
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 314c82841602a111c04a7210c21dc77e0d560242 ]
Can be called via nft set element list iteration, which may acquire
rcu and/or bh read lock (depends on set type).
BUG: sleeping function called from invalid context at net/netfilter/nf_tables_api.c:3353
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1232, name: nft
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
2 locks held by nft/1232:
#0: ffff8881180e3ea8 (&nft_net->commit_mutex){+.+.}-{3:3}, at: nf_tables_valid_genid
#1: ffffffff83f5f540 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire
Call Trace:
nft_chain_validate
nft_lookup_validate_setelem
nft_pipapo_walk
nft_lookup_validate
nft_chain_validate
nft_immediate_validate
nft_chain_validate
nf_tables_validate
nf_tables_abort
No choice but to move it to nf_tables_validate().
Fixes: 81ea01066741 ("netfilter: nf_tables: add rescheduling points during loop detection walks")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nf_tables_api.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f25b6337f150a..115bc79ec9055 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2602,8 +2602,6 @@ int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain)
if (err < 0)
return err;
}
-
- cond_resched();
}
return 0;
@@ -2627,6 +2625,8 @@ static int nft_table_validate(struct net *net, const struct nft_table *table)
err = nft_chain_validate(&ctx, chain);
if (err < 0)
return err;
+
+ cond_resched();
}
return 0;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 211/323] net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 210/323] netfilter: nf_tables: cant schedule in nft_chain_validate Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 212/323] tcp: annotate data-races around tp->linger2 Greg Kroah-Hartman
` (115 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cambda Zhu, David S. Miller,
Sasha Levin
From: Cambda Zhu <cambda@linux.alibaba.com>
[ Upstream commit f0628c524fd188c3f9418e12478dfdfadacba815 ]
This patch changes the behavior of TCP_LINGER2 about its limit. The
sysctl_tcp_fin_timeout used to be the limit of TCP_LINGER2 but now it's
only the default value. A new macro named TCP_FIN_TIMEOUT_MAX is added
as the limit of TCP_LINGER2, which is 2 minutes.
Since TCP_LINGER2 used sysctl_tcp_fin_timeout as the default value
and the limit in the past, the system administrator cannot set the
default value for most of sockets and let some sockets have a greater
timeout. It might be a mistake that let the sysctl to be the limit of
the TCP_LINGER2. Maybe we can add a new sysctl to set the max of
TCP_LINGER2, but FIN-WAIT-2 timeout is usually no need to be too long
and 2 minutes are legal considering TCP specs.
Changes in v3:
- Remove the new socket option and change the TCP_LINGER2 behavior so
that the timeout can be set to value between sysctl_tcp_fin_timeout
and 2 minutes.
Changes in v2:
- Add int overflow check for the new socket option.
Changes in v1:
- Add a new socket option to set timeout greater than
sysctl_tcp_fin_timeout.
Signed-off-by: Cambda Zhu <cambda@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 9df5335ca974 ("tcp: annotate data-races around tp->linger2")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/tcp.h | 1 +
net/ipv4/tcp.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 81300a04b5808..22cca858f2678 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -128,6 +128,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo);
* to combine FIN-WAIT-2 timeout with
* TIME-WAIT timer.
*/
+#define TCP_FIN_TIMEOUT_MAX (120 * HZ) /* max TCP_LINGER2 value (two minutes) */
#define TCP_DELACK_MAX ((unsigned)(HZ/5)) /* maximal time to delay before sending an ACK */
#if HZ >= 100
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index cb96775fc86f6..9f3cdcbbb7590 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3001,8 +3001,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
case TCP_LINGER2:
if (val < 0)
tp->linger2 = -1;
- else if (val > net->ipv4.sysctl_tcp_fin_timeout / HZ)
- tp->linger2 = 0;
+ else if (val > TCP_FIN_TIMEOUT_MAX / HZ)
+ tp->linger2 = TCP_FIN_TIMEOUT_MAX;
else
tp->linger2 = val * HZ;
break;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 212/323] tcp: annotate data-races around tp->linger2
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 211/323] net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 213/323] tcp: annotate data-races around rskq_defer_accept Greg Kroah-Hartman
` (114 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 9df5335ca974e688389c875546e5819778a80d59 ]
do_tcp_getsockopt() reads tp->linger2 while another cpu
might change its value.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230719212857.3943972-8-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 9f3cdcbbb7590..4711963413a49 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3000,11 +3000,11 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
case TCP_LINGER2:
if (val < 0)
- tp->linger2 = -1;
+ WRITE_ONCE(tp->linger2, -1);
else if (val > TCP_FIN_TIMEOUT_MAX / HZ)
- tp->linger2 = TCP_FIN_TIMEOUT_MAX;
+ WRITE_ONCE(tp->linger2, TCP_FIN_TIMEOUT_MAX);
else
- tp->linger2 = val * HZ;
+ WRITE_ONCE(tp->linger2, val * HZ);
break;
case TCP_DEFER_ACCEPT:
@@ -3401,7 +3401,7 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
val = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;
break;
case TCP_LINGER2:
- val = tp->linger2;
+ val = READ_ONCE(tp->linger2);
if (val >= 0)
val = (val ? : READ_ONCE(net->ipv4.sysctl_tcp_fin_timeout)) / HZ;
break;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 213/323] tcp: annotate data-races around rskq_defer_accept
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 212/323] tcp: annotate data-races around tp->linger2 Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 214/323] tcp: annotate data-races around tp->notsent_lowat Greg Kroah-Hartman
` (113 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit ae488c74422fb1dcd807c0201804b3b5e8a322a3 ]
do_tcp_getsockopt() reads rskq_defer_accept while another cpu
might change its value.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230719212857.3943972-9-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 4711963413a49..853a33bf8863e 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3009,9 +3009,9 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
case TCP_DEFER_ACCEPT:
/* Translate value in seconds to number of retransmits */
- icsk->icsk_accept_queue.rskq_defer_accept =
- secs_to_retrans(val, TCP_TIMEOUT_INIT / HZ,
- TCP_RTO_MAX / HZ);
+ WRITE_ONCE(icsk->icsk_accept_queue.rskq_defer_accept,
+ secs_to_retrans(val, TCP_TIMEOUT_INIT / HZ,
+ TCP_RTO_MAX / HZ));
break;
case TCP_WINDOW_CLAMP:
@@ -3406,8 +3406,9 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
val = (val ? : READ_ONCE(net->ipv4.sysctl_tcp_fin_timeout)) / HZ;
break;
case TCP_DEFER_ACCEPT:
- val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
- TCP_TIMEOUT_INIT / HZ, TCP_RTO_MAX / HZ);
+ val = READ_ONCE(icsk->icsk_accept_queue.rskq_defer_accept);
+ val = retrans_to_secs(val, TCP_TIMEOUT_INIT / HZ,
+ TCP_RTO_MAX / HZ);
break;
case TCP_WINDOW_CLAMP:
val = tp->window_clamp;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 214/323] tcp: annotate data-races around tp->notsent_lowat
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 213/323] tcp: annotate data-races around rskq_defer_accept Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 215/323] tcp: annotate data-races around fastopenq.max_qlen Greg Kroah-Hartman
` (112 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 1aeb87bc1440c5447a7fa2d6e3c2cca52cbd206b ]
tp->notsent_lowat can be read locklessly from do_tcp_getsockopt()
and tcp_poll().
Fixes: c9bee3b7fdec ("tcp: TCP_NOTSENT_LOWAT socket option")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230719212857.3943972-10-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/tcp.h | 6 +++++-
net/ipv4/tcp.c | 4 ++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 22cca858f2678..c6c48409e7b42 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1883,7 +1883,11 @@ void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr);
static inline u32 tcp_notsent_lowat(const struct tcp_sock *tp)
{
struct net *net = sock_net((struct sock *)tp);
- return tp->notsent_lowat ?: READ_ONCE(net->ipv4.sysctl_tcp_notsent_lowat);
+ u32 val;
+
+ val = READ_ONCE(tp->notsent_lowat);
+
+ return val ?: READ_ONCE(net->ipv4.sysctl_tcp_notsent_lowat);
}
/* @wake is one when sk_stream_write_space() calls us.
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 853a33bf8863e..373bf3d3be592 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3099,7 +3099,7 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
err = tcp_repair_set_window(tp, optval, optlen);
break;
case TCP_NOTSENT_LOWAT:
- tp->notsent_lowat = val;
+ WRITE_ONCE(tp->notsent_lowat, val);
sk->sk_write_space(sk);
break;
case TCP_INQ:
@@ -3569,7 +3569,7 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
val = tcp_time_stamp_raw() + tp->tsoffset;
break;
case TCP_NOTSENT_LOWAT:
- val = tp->notsent_lowat;
+ val = READ_ONCE(tp->notsent_lowat);
break;
case TCP_INQ:
val = tp->recvmsg_inq;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 215/323] tcp: annotate data-races around fastopenq.max_qlen
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 214/323] tcp: annotate data-races around tp->notsent_lowat Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 216/323] tracing/histograms: Return an error if we fail to add histogram to hist_vars list Greg Kroah-Hartman
` (111 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Jakub Kicinski,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 70f360dd7042cb843635ece9d28335a4addff9eb ]
This field can be read locklessly.
Fixes: 1536e2857bd3 ("tcp: Add a TCP_FASTOPEN socket option to get a max backlog on its listner")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230719212857.3943972-12-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/tcp.h | 2 +-
net/ipv4/tcp.c | 2 +-
net/ipv4/tcp_fastopen.c | 6 ++++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 621ab5a7fb8fa..0d63a428e6f9c 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -460,7 +460,7 @@ static inline void fastopen_queue_tune(struct sock *sk, int backlog)
struct request_sock_queue *queue = &inet_csk(sk)->icsk_accept_queue;
int somaxconn = READ_ONCE(sock_net(sk)->core.sysctl_somaxconn);
- queue->fastopenq.max_qlen = min_t(unsigned int, backlog, somaxconn);
+ WRITE_ONCE(queue->fastopenq.max_qlen, min_t(unsigned int, backlog, somaxconn));
}
static inline void tcp_move_syn(struct tcp_sock *tp,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 373bf3d3be592..00648a478c6a5 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3554,7 +3554,7 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
break;
case TCP_FASTOPEN:
- val = icsk->icsk_accept_queue.fastopenq.max_qlen;
+ val = READ_ONCE(icsk->icsk_accept_queue.fastopenq.max_qlen);
break;
case TCP_FASTOPEN_CONNECT:
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index f726591de7c7a..f7bb78b443fa9 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -276,6 +276,7 @@ static struct sock *tcp_fastopen_create_child(struct sock *sk,
static bool tcp_fastopen_queue_check(struct sock *sk)
{
struct fastopen_queue *fastopenq;
+ int max_qlen;
/* Make sure the listener has enabled fastopen, and we don't
* exceed the max # of pending TFO requests allowed before trying
@@ -288,10 +289,11 @@ static bool tcp_fastopen_queue_check(struct sock *sk)
* temporarily vs a server not supporting Fast Open at all.
*/
fastopenq = &inet_csk(sk)->icsk_accept_queue.fastopenq;
- if (fastopenq->max_qlen == 0)
+ max_qlen = READ_ONCE(fastopenq->max_qlen);
+ if (max_qlen == 0)
return false;
- if (fastopenq->qlen >= fastopenq->max_qlen) {
+ if (fastopenq->qlen >= max_qlen) {
struct request_sock *req1;
spin_lock(&fastopenq->lock);
req1 = fastopenq->rskq_rst_head;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 216/323] tracing/histograms: Return an error if we fail to add histogram to hist_vars list
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 215/323] tcp: annotate data-races around fastopenq.max_qlen Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 217/323] gpio: tps68470: Make tps68470_gpio_output() always set the initial value Greg Kroah-Hartman
` (110 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mohamed Khalfella,
Steven Rostedt (Google)
From: Mohamed Khalfella <mkhalfella@purestorage.com>
commit 4b8b3905165ef98386a3c06f196c85d21292d029 upstream.
Commit 6018b585e8c6 ("tracing/histograms: Add histograms to hist_vars if
they have referenced variables") added a check to fail histogram creation
if save_hist_vars() failed to add histogram to hist_vars list. But the
commit failed to set ret to failed return code before jumping to
unregister histogram, fix it.
Link: https://lore.kernel.org/linux-trace-kernel/20230714203341.51396-1-mkhalfella@purestorage.com
Cc: stable@vger.kernel.org
Fixes: 6018b585e8c6 ("tracing/histograms: Add histograms to hist_vars if they have referenced variables")
Signed-off-by: Mohamed Khalfella <mkhalfella@purestorage.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_hist.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -5792,7 +5792,8 @@ static int event_hist_trigger_func(struc
goto out_unreg;
if (has_hist_vars(hist_data) || hist_data->n_var_refs) {
- if (save_hist_vars(hist_data))
+ ret = save_hist_vars(hist_data);
+ if (ret)
goto out_unreg;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 217/323] gpio: tps68470: Make tps68470_gpio_output() always set the initial value
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 216/323] tracing/histograms: Return an error if we fail to add histogram to hist_vars list Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 218/323] bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set Greg Kroah-Hartman
` (109 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Daniel Scally,
Sakari Ailus, Hans de Goede, Bartosz Golaszewski, Sasha Levin
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 5a7adc6c1069ce31ef4f606ae9c05592c80a6ab5 ]
Make tps68470_gpio_output() call tps68470_gpio_set() for output-only pins
too, so that the initial value passed to gpiod_direction_output() is
honored for these pins too.
Fixes: 275b13a65547 ("gpio: Add support for TPS68470 GPIOs")
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com>
Tested-by: Daniel Scally <dan.scally@ideasonboard.com>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpio/gpio-tps68470.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpio/gpio-tps68470.c b/drivers/gpio/gpio-tps68470.c
index aff6e504c6668..9704cff9b4aa3 100644
--- a/drivers/gpio/gpio-tps68470.c
+++ b/drivers/gpio/gpio-tps68470.c
@@ -91,13 +91,13 @@ static int tps68470_gpio_output(struct gpio_chip *gc, unsigned int offset,
struct tps68470_gpio_data *tps68470_gpio = gpiochip_get_data(gc);
struct regmap *regmap = tps68470_gpio->tps68470_regmap;
+ /* Set the initial value */
+ tps68470_gpio_set(gc, offset, value);
+
/* rest are always outputs */
if (offset >= TPS68470_N_REGULAR_GPIO)
return 0;
- /* Set the initial value */
- tps68470_gpio_set(gc, offset, value);
-
return regmap_update_bits(regmap, TPS68470_GPIO_CTL_REG_A(offset),
TPS68470_GPIO_MODE_MASK,
TPS68470_GPIO_MODE_OUT_CMOS);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 218/323] bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 217/323] gpio: tps68470: Make tps68470_gpio_output() always set the initial value Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 219/323] bcache: remove int n from parameter list of bch_bucket_alloc_set() Greg Kroah-Hartman
` (108 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shenghui Wang, Coly Li, Jens Axboe,
Sasha Levin
From: Shenghui Wang <shhuiw@foxmail.com>
[ Upstream commit 8792099f9ad487cf381f4e8199ff2158ba0f6eb5 ]
Current cache_set has MAX_CACHES_PER_SET caches most, and the macro
is used for
"
struct cache *cache_by_alloc[MAX_CACHES_PER_SET];
"
in the define of struct cache_set.
Use MAX_CACHES_PER_SET instead of magic number 8 in
__bch_bucket_alloc_set.
Signed-off-by: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 80fca8a10b60 ("bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
index 46794cac167e7..a1df0d95151c6 100644
--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -497,7 +497,7 @@ int __bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve,
return -1;
lockdep_assert_held(&c->bucket_lock);
- BUG_ON(!n || n > c->caches_loaded || n > 8);
+ BUG_ON(!n || n > c->caches_loaded || n > MAX_CACHES_PER_SET);
bkey_init(k);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 219/323] bcache: remove int n from parameter list of bch_bucket_alloc_set()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 218/323] bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 220/323] bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent Greg Kroah-Hartman
` (107 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Coly Li, Hannes Reinecke, Jens Axboe,
Sasha Levin
From: Coly Li <colyli@suse.de>
[ Upstream commit 17e4aed8309ff28670271546c2c3263eb12f5eb6 ]
The parameter 'int n' from bch_bucket_alloc_set() is not cleared
defined. From the code comments n is the number of buckets to alloc, but
from the code itself 'n' is the maximum cache to iterate. Indeed all the
locations where bch_bucket_alloc_set() is called, 'n' is alwasy 1.
This patch removes the confused and unnecessary 'int n' from parameter
list of bch_bucket_alloc_set(), and explicitly allocates only 1 bucket
for its caller.
Signed-off-by: Coly Li <colyli@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Stable-dep-of: 80fca8a10b60 ("bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/alloc.c | 35 +++++++++++++++--------------------
drivers/md/bcache/bcache.h | 4 ++--
drivers/md/bcache/btree.c | 2 +-
drivers/md/bcache/super.c | 2 +-
4 files changed, 19 insertions(+), 24 deletions(-)
diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c
index a1df0d95151c6..5310e1f4a2826 100644
--- a/drivers/md/bcache/alloc.c
+++ b/drivers/md/bcache/alloc.c
@@ -49,7 +49,7 @@
*
* bch_bucket_alloc() allocates a single bucket from a specific cache.
*
- * bch_bucket_alloc_set() allocates one or more buckets from different caches
+ * bch_bucket_alloc_set() allocates one bucket from different caches
* out of a cache set.
*
* free_some_buckets() drives all the processes described above. It's called
@@ -488,34 +488,29 @@ void bch_bucket_free(struct cache_set *c, struct bkey *k)
}
int __bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve,
- struct bkey *k, int n, bool wait)
+ struct bkey *k, bool wait)
{
- int i;
+ struct cache *ca;
+ long b;
/* No allocation if CACHE_SET_IO_DISABLE bit is set */
if (unlikely(test_bit(CACHE_SET_IO_DISABLE, &c->flags)))
return -1;
lockdep_assert_held(&c->bucket_lock);
- BUG_ON(!n || n > c->caches_loaded || n > MAX_CACHES_PER_SET);
bkey_init(k);
- /* sort by free space/prio of oldest data in caches */
-
- for (i = 0; i < n; i++) {
- struct cache *ca = c->cache_by_alloc[i];
- long b = bch_bucket_alloc(ca, reserve, wait);
+ ca = c->cache_by_alloc[0];
+ b = bch_bucket_alloc(ca, reserve, wait);
+ if (b == -1)
+ goto err;
- if (b == -1)
- goto err;
+ k->ptr[0] = MAKE_PTR(ca->buckets[b].gen,
+ bucket_to_sector(c, b),
+ ca->sb.nr_this_dev);
- k->ptr[i] = MAKE_PTR(ca->buckets[b].gen,
- bucket_to_sector(c, b),
- ca->sb.nr_this_dev);
-
- SET_KEY_PTRS(k, i + 1);
- }
+ SET_KEY_PTRS(k, 1);
return 0;
err:
@@ -525,12 +520,12 @@ int __bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve,
}
int bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve,
- struct bkey *k, int n, bool wait)
+ struct bkey *k, bool wait)
{
int ret;
mutex_lock(&c->bucket_lock);
- ret = __bch_bucket_alloc_set(c, reserve, k, n, wait);
+ ret = __bch_bucket_alloc_set(c, reserve, k, wait);
mutex_unlock(&c->bucket_lock);
return ret;
}
@@ -638,7 +633,7 @@ bool bch_alloc_sectors(struct cache_set *c,
spin_unlock(&c->data_bucket_lock);
- if (bch_bucket_alloc_set(c, watermark, &alloc.key, 1, wait))
+ if (bch_bucket_alloc_set(c, watermark, &alloc.key, wait))
return false;
spin_lock(&c->data_bucket_lock);
diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
index 6a380ed4919a0..e81d783109847 100644
--- a/drivers/md/bcache/bcache.h
+++ b/drivers/md/bcache/bcache.h
@@ -952,9 +952,9 @@ void bch_bucket_free(struct cache_set *c, struct bkey *k);
long bch_bucket_alloc(struct cache *ca, unsigned int reserve, bool wait);
int __bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve,
- struct bkey *k, int n, bool wait);
+ struct bkey *k, bool wait);
int bch_bucket_alloc_set(struct cache_set *c, unsigned int reserve,
- struct bkey *k, int n, bool wait);
+ struct bkey *k, bool wait);
bool bch_alloc_sectors(struct cache_set *c, struct bkey *k,
unsigned int sectors, unsigned int write_point,
unsigned int write_prio, bool wait);
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index ca0c6592a425e..40eea56b9c900 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1129,7 +1129,7 @@ struct btree *__bch_btree_node_alloc(struct cache_set *c, struct btree_op *op,
mutex_lock(&c->bucket_lock);
retry:
- if (__bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, 1, wait))
+ if (__bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, wait))
goto err;
bkey_put(c, &k.key);
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
index 43bedd3795fc8..4b076f7f184be 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
@@ -423,7 +423,7 @@ static int __uuid_write(struct cache_set *c)
closure_init_stack(&cl);
lockdep_assert_held(&bch_register_lock);
- if (bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, 1, true))
+ if (bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, true))
return 1;
SET_KEY_SIZE(&k.key, c->sb.bucket_size);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 220/323] bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 219/323] bcache: remove int n from parameter list of bch_bucket_alloc_set() Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 221/323] btrfs: fix extent buffer leak after tree mod log failure at split_node() Greg Kroah-Hartman
` (106 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Coly Li, Jens Axboe,
Sasha Levin
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 80fca8a10b604afad6c14213fdfd816c4eda3ee4 ]
In some specific situations, the return value of __bch_btree_node_alloc
may be NULL. This may lead to a potential NULL pointer dereference in
caller function like a calling chain :
btree_split->bch_btree_node_alloc->__bch_btree_node_alloc.
Fix it by initializing the return value in __bch_btree_node_alloc.
Fixes: cafe56359144 ("bcache: A block layer cache")
Cc: stable@vger.kernel.org
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Signed-off-by: Coly Li <colyli@suse.de>
Link: https://lore.kernel.org/r/20230615121223.22502-6-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/bcache/btree.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index 40eea56b9c900..71d670934a07e 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1125,10 +1125,12 @@ struct btree *__bch_btree_node_alloc(struct cache_set *c, struct btree_op *op,
struct btree *parent)
{
BKEY_PADDED(key) k;
- struct btree *b = ERR_PTR(-EAGAIN);
+ struct btree *b;
mutex_lock(&c->bucket_lock);
retry:
+ /* return ERR_PTR(-EAGAIN) when it fails */
+ b = ERR_PTR(-EAGAIN);
if (__bch_bucket_alloc_set(c, RESERVE_BTREE, &k.key, wait))
goto err;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 221/323] btrfs: fix extent buffer leak after tree mod log failure at split_node()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 220/323] bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent Greg Kroah-Hartman
@ 2023-08-09 10:40 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 222/323] ext4: rename journal_dev to s_journal_dev inside ext4_sb_info Greg Kroah-Hartman
` (105 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:40 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Filipe Manana,
David Sterba, Sasha Levin
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit ede600e497b1461d06d22a7d17703d9096868bc3 ]
At split_node(), if we fail to log the tree mod log copy operation, we
return without unlocking the split extent buffer we just allocated and
without decrementing the reference we own on it. Fix this by unlocking
it and decrementing the ref count before returning.
Fixes: 5de865eebb83 ("Btrfs: fix tree mod logging")
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ctree.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 34d56f0fa7501..e48c6d7a860f4 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -3590,6 +3590,8 @@ static noinline int split_node(struct btrfs_trans_handle *trans,
ret = tree_mod_log_eb_copy(fs_info, split, c, 0, mid, c_nritems - mid);
if (ret) {
+ btrfs_tree_unlock(split);
+ free_extent_buffer(split);
btrfs_abort_transaction(trans, ret);
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 222/323] ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2023-08-09 10:40 ` [PATCH 4.19 221/323] btrfs: fix extent buffer leak after tree mod log failure at split_node() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 223/323] ext4: Fix reusing stale buffer heads from last failed mounting Greg Kroah-Hartman
` (104 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chunguang Xu, Andreas Dilger,
Ritesh Harjani, Theodore Tso, Sasha Levin
From: Chunguang Xu <brookxu@tencent.com>
[ Upstream commit ee7ed3aa0f08621dbf897d2a98dc6f2c7e7d0335 ]
Rename journal_dev to s_journal_dev inside ext4_sb_info, keep
the naming rules consistent with other variables, which is
convenient for code reading and writing.
Signed-off-by: Chunguang Xu <brookxu@tencent.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Ritesh Harjani <riteshh@linux.ibm.com>
Link: https://lore.kernel.org/r/1600916623-544-1-git-send-email-brookxu@tencent.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Stable-dep-of: 26fb5290240d ("ext4: Fix reusing stale buffer heads from last failed mounting")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ext4.h | 2 +-
fs/ext4/fsmap.c | 8 ++++----
fs/ext4/super.c | 14 +++++++-------
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 19e2a52d1e5a1..909f231a387d7 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1412,7 +1412,7 @@ struct ext4_sb_info {
unsigned long s_commit_interval;
u32 s_max_batch_time;
u32 s_min_batch_time;
- struct block_device *journal_bdev;
+ struct block_device *s_journal_bdev;
#ifdef CONFIG_QUOTA
/* Names of quota files with journalled quota */
char __rcu *s_qf_names[EXT4_MAXQUOTAS];
diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c
index 6b52ace1463c2..69c76327792e0 100644
--- a/fs/ext4/fsmap.c
+++ b/fs/ext4/fsmap.c
@@ -576,8 +576,8 @@ static bool ext4_getfsmap_is_valid_device(struct super_block *sb,
if (fm->fmr_device == 0 || fm->fmr_device == UINT_MAX ||
fm->fmr_device == new_encode_dev(sb->s_bdev->bd_dev))
return true;
- if (EXT4_SB(sb)->journal_bdev &&
- fm->fmr_device == new_encode_dev(EXT4_SB(sb)->journal_bdev->bd_dev))
+ if (EXT4_SB(sb)->s_journal_bdev &&
+ fm->fmr_device == new_encode_dev(EXT4_SB(sb)->s_journal_bdev->bd_dev))
return true;
return false;
}
@@ -647,9 +647,9 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_fsmap_head *head,
memset(handlers, 0, sizeof(handlers));
handlers[0].gfd_dev = new_encode_dev(sb->s_bdev->bd_dev);
handlers[0].gfd_fn = ext4_getfsmap_datadev;
- if (EXT4_SB(sb)->journal_bdev) {
+ if (EXT4_SB(sb)->s_journal_bdev) {
handlers[1].gfd_dev = new_encode_dev(
- EXT4_SB(sb)->journal_bdev->bd_dev);
+ EXT4_SB(sb)->s_journal_bdev->bd_dev);
handlers[1].gfd_fn = ext4_getfsmap_logdev;
}
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index ce5abd25eb99c..da7ca0b73e4b4 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -905,10 +905,10 @@ static void ext4_blkdev_put(struct block_device *bdev)
static void ext4_blkdev_remove(struct ext4_sb_info *sbi)
{
struct block_device *bdev;
- bdev = sbi->journal_bdev;
+ bdev = sbi->s_journal_bdev;
if (bdev) {
ext4_blkdev_put(bdev);
- sbi->journal_bdev = NULL;
+ sbi->s_journal_bdev = NULL;
}
}
@@ -1032,14 +1032,14 @@ static void ext4_put_super(struct super_block *sb)
sync_blockdev(sb->s_bdev);
invalidate_bdev(sb->s_bdev);
- if (sbi->journal_bdev && sbi->journal_bdev != sb->s_bdev) {
+ if (sbi->s_journal_bdev && sbi->s_journal_bdev != sb->s_bdev) {
/*
* Invalidate the journal device's buffers. We don't want them
* floating about in memory - the physical journal device may
* hotswapped, and it breaks the `ro-after' testing code.
*/
- sync_blockdev(sbi->journal_bdev);
- invalidate_bdev(sbi->journal_bdev);
+ sync_blockdev(sbi->s_journal_bdev);
+ invalidate_bdev(sbi->s_journal_bdev);
ext4_blkdev_remove(sbi);
}
if (sbi->s_ea_inode_cache) {
@@ -3537,7 +3537,7 @@ int ext4_calculate_overhead(struct super_block *sb)
* Add the internal journal blocks whether the journal has been
* loaded or not
*/
- if (sbi->s_journal && !sbi->journal_bdev)
+ if (sbi->s_journal && !sbi->s_journal_bdev)
overhead += EXT4_NUM_B2C(sbi, sbi->s_journal->j_maxlen);
else if (ext4_has_feature_journal(sb) && !sbi->s_journal && j_inum) {
/* j_inum for internal journal is non-zero */
@@ -4848,7 +4848,7 @@ static journal_t *ext4_get_dev_journal(struct super_block *sb,
be32_to_cpu(journal->j_superblock->s_nr_users));
goto out_journal;
}
- EXT4_SB(sb)->journal_bdev = bdev;
+ EXT4_SB(sb)->s_journal_bdev = bdev;
ext4_init_journal_params(sb, journal);
return journal;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 223/323] ext4: Fix reusing stale buffer heads from last failed mounting
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 222/323] ext4: rename journal_dev to s_journal_dev inside ext4_sb_info Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 224/323] PCI: Rework pcie_retrain_link() wait loop Greg Kroah-Hartman
` (103 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhihao Cheng, Jan Kara, Theodore Tso,
Sasha Levin
From: Zhihao Cheng <chengzhihao1@huawei.com>
[ Upstream commit 26fb5290240dc31cae99b8b4dd2af7f46dfcba6b ]
Following process makes ext4 load stale buffer heads from last failed
mounting in a new mounting operation:
mount_bdev
ext4_fill_super
| ext4_load_and_init_journal
| ext4_load_journal
| jbd2_journal_load
| load_superblock
| journal_get_superblock
| set_buffer_verified(bh) // buffer head is verified
| jbd2_journal_recover // failed caused by EIO
| goto failed_mount3a // skip 'sb->s_root' initialization
deactivate_locked_super
kill_block_super
generic_shutdown_super
if (sb->s_root)
// false, skip ext4_put_super->invalidate_bdev->
// invalidate_mapping_pages->mapping_evict_folio->
// filemap_release_folio->try_to_free_buffers, which
// cannot drop buffer head.
blkdev_put
blkdev_put_whole
if (atomic_dec_and_test(&bdev->bd_openers))
// false, systemd-udev happens to open the device. Then
// blkdev_flush_mapping->kill_bdev->truncate_inode_pages->
// truncate_inode_folio->truncate_cleanup_folio->
// folio_invalidate->block_invalidate_folio->
// filemap_release_folio->try_to_free_buffers will be skipped,
// dropping buffer head is missed again.
Second mount:
ext4_fill_super
ext4_load_and_init_journal
ext4_load_journal
ext4_get_journal
jbd2_journal_init_inode
journal_init_common
bh = getblk_unmovable
bh = __find_get_block // Found stale bh in last failed mounting
journal->j_sb_buffer = bh
jbd2_journal_load
load_superblock
journal_get_superblock
if (buffer_verified(bh))
// true, skip journal->j_format_version = 2, value is 0
jbd2_journal_recover
do_one_pass
next_log_block += count_tags(journal, bh)
// According to journal_tag_bytes(), 'tag_bytes' calculating is
// affected by jbd2_has_feature_csum3(), jbd2_has_feature_csum3()
// returns false because 'j->j_format_version >= 2' is not true,
// then we get wrong next_log_block. The do_one_pass may exit
// early whenoccuring non JBD2_MAGIC_NUMBER in 'next_log_block'.
The filesystem is corrupted here, journal is partially replayed, and
new journal sequence number actually is already used by last mounting.
The invalidate_bdev() can drop all buffer heads even racing with bare
reading block device(eg. systemd-udev), so we can fix it by invalidating
bdev in error handling path in __ext4_fill_super().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217171
Fixes: 25ed6e8a54df ("jbd2: enable journal clients to enable v2 checksumming")
Cc: stable@vger.kernel.org # v3.5
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230315013128.3911115-2-chengzhihao1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index da7ca0b73e4b4..926063a6d2321 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -907,6 +907,12 @@ static void ext4_blkdev_remove(struct ext4_sb_info *sbi)
struct block_device *bdev;
bdev = sbi->s_journal_bdev;
if (bdev) {
+ /*
+ * Invalidate the journal device's buffers. We don't want them
+ * floating about in memory - the physical journal device may
+ * hotswapped, and it breaks the `ro-after' testing code.
+ */
+ invalidate_bdev(bdev);
ext4_blkdev_put(bdev);
sbi->s_journal_bdev = NULL;
}
@@ -1033,13 +1039,7 @@ static void ext4_put_super(struct super_block *sb)
sync_blockdev(sb->s_bdev);
invalidate_bdev(sb->s_bdev);
if (sbi->s_journal_bdev && sbi->s_journal_bdev != sb->s_bdev) {
- /*
- * Invalidate the journal device's buffers. We don't want them
- * floating about in memory - the physical journal device may
- * hotswapped, and it breaks the `ro-after' testing code.
- */
sync_blockdev(sbi->s_journal_bdev);
- invalidate_bdev(sbi->s_journal_bdev);
ext4_blkdev_remove(sbi);
}
if (sbi->s_ea_inode_cache) {
@@ -4673,6 +4673,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
ext4_blkdev_remove(sbi);
brelse(bh);
out_fail:
+ invalidate_bdev(sb->s_bdev);
sb->s_fs_info = NULL;
kfree(sbi->s_blockgroup_lock);
out_free_base:
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 224/323] PCI: Rework pcie_retrain_link() wait loop
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 223/323] ext4: Fix reusing stale buffer heads from last failed mounting Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 225/323] PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() Greg Kroah-Hartman
` (102 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Mätje, Bjorn Helgaas,
Andy Shevchenko, Sasha Levin
From: Stefan Mätje <stefan.maetje@esd.eu>
[ Upstream commit 658eec837b11fbfab9082ebf8da24d94cefa47c0 ]
Transform wait code to a "do {} while (time_before())" loop as recommended
by reviewer. No functional change intended.
Signed-off-by: Stefan Mätje <stefan.maetje@esd.eu>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Stable-dep-of: e7e39756363a ("PCI/ASPM: Avoid link retraining race")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/aspm.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index 279f9f0197b01..598e246fa70ed 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -206,7 +206,7 @@ static void pcie_clkpm_cap_init(struct pcie_link_state *link, int blacklist)
static bool pcie_retrain_link(struct pcie_link_state *link)
{
struct pci_dev *parent = link->pdev;
- unsigned long start_jiffies;
+ unsigned long end_jiffies;
u16 reg16;
pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16);
@@ -223,15 +223,13 @@ static bool pcie_retrain_link(struct pcie_link_state *link)
}
/* Wait for link training end. Break out after waiting for timeout */
- start_jiffies = jiffies;
- for (;;) {
+ end_jiffies = jiffies + LINK_RETRAIN_TIMEOUT;
+ do {
pcie_capability_read_word(parent, PCI_EXP_LNKSTA, ®16);
if (!(reg16 & PCI_EXP_LNKSTA_LT))
break;
- if (time_after(jiffies, start_jiffies + LINK_RETRAIN_TIMEOUT))
- break;
msleep(1);
- }
+ } while (time_before(jiffies, end_jiffies));
return !(reg16 & PCI_EXP_LNKSTA_LT);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 225/323] PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 224/323] PCI: Rework pcie_retrain_link() wait loop Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 226/323] PCI/ASPM: Factor out pcie_wait_for_retrain() Greg Kroah-Hartman
` (101 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Bjorn Helgaas, Sasha Levin
From: Bjorn Helgaas <bhelgaas@google.com>
[ Upstream commit f5297a01ee805d7fa569d288ed65fc0f9ac9b03d ]
"pcie_retrain_link" is not a question with a true/false answer, so "bool"
isn't quite the right return type. Return 0 for success or -ETIMEDOUT if
the retrain failed. No functional change intended.
[bhelgaas: based on Ilpo's patch below]
Link: https://lore.kernel.org/r/20230502083923.34562-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Stable-dep-of: e7e39756363a ("PCI/ASPM: Avoid link retraining race")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/aspm.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index 598e246fa70ed..86bf1356cfa3f 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -203,7 +203,7 @@ static void pcie_clkpm_cap_init(struct pcie_link_state *link, int blacklist)
link->clkpm_disable = blacklist ? 1 : 0;
}
-static bool pcie_retrain_link(struct pcie_link_state *link)
+static int pcie_retrain_link(struct pcie_link_state *link)
{
struct pci_dev *parent = link->pdev;
unsigned long end_jiffies;
@@ -230,7 +230,9 @@ static bool pcie_retrain_link(struct pcie_link_state *link)
break;
msleep(1);
} while (time_before(jiffies, end_jiffies));
- return !(reg16 & PCI_EXP_LNKSTA_LT);
+ if (reg16 & PCI_EXP_LNKSTA_LT)
+ return -ETIMEDOUT;
+ return 0;
}
/*
@@ -299,15 +301,15 @@ static void pcie_aspm_configure_common_clock(struct pcie_link_state *link)
reg16 &= ~PCI_EXP_LNKCTL_CCC;
pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16);
- if (pcie_retrain_link(link))
- return;
+ if (pcie_retrain_link(link)) {
- /* Training failed. Restore common clock configurations */
- pci_err(parent, "ASPM: Could not configure common clock\n");
- list_for_each_entry(child, &linkbus->devices, bus_list)
- pcie_capability_write_word(child, PCI_EXP_LNKCTL,
+ /* Training failed. Restore common clock configurations */
+ pci_err(parent, "ASPM: Could not configure common clock\n");
+ list_for_each_entry(child, &linkbus->devices, bus_list)
+ pcie_capability_write_word(child, PCI_EXP_LNKCTL,
child_reg[PCI_FUNC(child->devfn)]);
- pcie_capability_write_word(parent, PCI_EXP_LNKCTL, parent_reg);
+ pcie_capability_write_word(parent, PCI_EXP_LNKCTL, parent_reg);
+ }
}
/* Convert L0s latency encoding to ns */
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 226/323] PCI/ASPM: Factor out pcie_wait_for_retrain()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 225/323] PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 227/323] PCI/ASPM: Avoid link retraining race Greg Kroah-Hartman
` (100 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ilpo Järvinen, Bjorn Helgaas,
Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit 9c7f136433d26592cb4d9cd00b4e15c33d9797c6 ]
Factor pcie_wait_for_retrain() out from pcie_retrain_link(). No functional
change intended.
[bhelgaas: split out from
https: //lore.kernel.org/r/20230502083923.34562-1-ilpo.jarvinen@linux.intel.com]
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Stable-dep-of: e7e39756363a ("PCI/ASPM: Avoid link retraining race")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/aspm.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index 86bf1356cfa3f..7b1fb6cb16fba 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -203,10 +203,26 @@ static void pcie_clkpm_cap_init(struct pcie_link_state *link, int blacklist)
link->clkpm_disable = blacklist ? 1 : 0;
}
+static int pcie_wait_for_retrain(struct pci_dev *pdev)
+{
+ unsigned long end_jiffies;
+ u16 reg16;
+
+ /* Wait for Link Training to be cleared by hardware */
+ end_jiffies = jiffies + LINK_RETRAIN_TIMEOUT;
+ do {
+ pcie_capability_read_word(pdev, PCI_EXP_LNKSTA, ®16);
+ if (!(reg16 & PCI_EXP_LNKSTA_LT))
+ return 0;
+ msleep(1);
+ } while (time_before(jiffies, end_jiffies));
+
+ return -ETIMEDOUT;
+}
+
static int pcie_retrain_link(struct pcie_link_state *link)
{
struct pci_dev *parent = link->pdev;
- unsigned long end_jiffies;
u16 reg16;
pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16);
@@ -222,17 +238,7 @@ static int pcie_retrain_link(struct pcie_link_state *link)
pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16);
}
- /* Wait for link training end. Break out after waiting for timeout */
- end_jiffies = jiffies + LINK_RETRAIN_TIMEOUT;
- do {
- pcie_capability_read_word(parent, PCI_EXP_LNKSTA, ®16);
- if (!(reg16 & PCI_EXP_LNKSTA_LT))
- break;
- msleep(1);
- } while (time_before(jiffies, end_jiffies));
- if (reg16 & PCI_EXP_LNKSTA_LT)
- return -ETIMEDOUT;
- return 0;
+ return pcie_wait_for_retrain(parent);
}
/*
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 227/323] PCI/ASPM: Avoid link retraining race
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 226/323] PCI/ASPM: Factor out pcie_wait_for_retrain() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 228/323] dlm: cleanup plock_op vs plock_xop Greg Kroah-Hartman
` (99 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Ilpo Järvinen,
Bjorn Helgaas, Sasha Levin
From: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
[ Upstream commit e7e39756363ad5bd83ddeae1063193d0f13870fd ]
PCIe r6.0.1, sec 7.5.3.7, recommends setting the link control parameters,
then waiting for the Link Training bit to be clear before setting the
Retrain Link bit.
This avoids a race where the LTSSM may not use the updated parameters if it
is already in the midst of link training because of other normal link
activity.
Wait for the Link Training bit to be clear before toggling the Retrain Link
bit to ensure that the LTSSM uses the updated link control parameters.
[bhelgaas: commit log, return 0 (success)/-ETIMEDOUT instead of bool for
both pcie_wait_for_retrain() and the existing pcie_retrain_link()]
Suggested-by: Lukas Wunner <lukas@wunner.de>
Fixes: 7d715a6c1ae5 ("PCI: add PCI Express ASPM support")
Link: https://lore.kernel.org/r/20230502083923.34562-1-ilpo.jarvinen@linux.intel.com
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/aspm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index 7b1fb6cb16fba..eec62f7377f48 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -223,8 +223,19 @@ static int pcie_wait_for_retrain(struct pci_dev *pdev)
static int pcie_retrain_link(struct pcie_link_state *link)
{
struct pci_dev *parent = link->pdev;
+ int rc;
u16 reg16;
+ /*
+ * Ensure the updated LNKCTL parameters are used during link
+ * training by checking that there is no ongoing link training to
+ * avoid LTSSM race as recommended in Implementation Note at the
+ * end of PCIe r6.0.1 sec 7.5.3.7.
+ */
+ rc = pcie_wait_for_retrain(parent);
+ if (rc)
+ return rc;
+
pcie_capability_read_word(parent, PCI_EXP_LNKCTL, ®16);
reg16 |= PCI_EXP_LNKCTL_RL;
pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 228/323] dlm: cleanup plock_op vs plock_xop
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 227/323] PCI/ASPM: Avoid link retraining race Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 229/323] dlm: rearrange async condition return Greg Kroah-Hartman
` (98 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Aring, David Teigland,
Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit bcbb4ba6c9ba81e6975b642a2cade68044cd8a66 ]
Lately the different casting between plock_op and plock_xop and list
holders which was involved showed some issues which were hard to see.
This patch removes the "plock_xop" structure and introduces a
"struct plock_async_data". This structure will be set in "struct plock_op"
in case of asynchronous lock handling as the original "plock_xop" was
made for. There is no need anymore to cast pointers around for
additional fields in case of asynchronous lock handling. As disadvantage
another allocation was introduces but only needed in the asynchronous
case which is currently only used in combination with nfs lockd.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Stable-dep-of: 59e45c758ca1 ("fs: dlm: interrupt posix locks only when process is killed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/plock.c | 77 ++++++++++++++++++++++++++++++--------------------
1 file changed, 46 insertions(+), 31 deletions(-)
diff --git a/fs/dlm/plock.c b/fs/dlm/plock.c
index 505cfe669762e..7912ef3706e26 100644
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -22,20 +22,20 @@ static struct list_head recv_list;
static wait_queue_head_t send_wq;
static wait_queue_head_t recv_wq;
-struct plock_op {
- struct list_head list;
- int done;
- struct dlm_plock_info info;
- int (*callback)(struct file_lock *fl, int result);
-};
-
-struct plock_xop {
- struct plock_op xop;
+struct plock_async_data {
void *fl;
void *file;
struct file_lock flc;
+ int (*callback)(struct file_lock *fl, int result);
};
+struct plock_op {
+ struct list_head list;
+ int done;
+ struct dlm_plock_info info;
+ /* if set indicates async handling */
+ struct plock_async_data *data;
+};
static inline void set_version(struct dlm_plock_info *info)
{
@@ -61,6 +61,12 @@ static int check_version(struct dlm_plock_info *info)
return 0;
}
+static void dlm_release_plock_op(struct plock_op *op)
+{
+ kfree(op->data);
+ kfree(op);
+}
+
static void send_op(struct plock_op *op)
{
set_version(&op->info);
@@ -104,22 +110,21 @@ static void do_unlock_close(struct dlm_ls *ls, u64 number,
int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
int cmd, struct file_lock *fl)
{
+ struct plock_async_data *op_data;
struct dlm_ls *ls;
struct plock_op *op;
- struct plock_xop *xop;
int rv;
ls = dlm_find_lockspace_local(lockspace);
if (!ls)
return -EINVAL;
- xop = kzalloc(sizeof(*xop), GFP_NOFS);
- if (!xop) {
+ op = kzalloc(sizeof(*op), GFP_NOFS);
+ if (!op) {
rv = -ENOMEM;
goto out;
}
- op = &xop->xop;
op->info.optype = DLM_PLOCK_OP_LOCK;
op->info.pid = fl->fl_pid;
op->info.ex = (fl->fl_type == F_WRLCK);
@@ -128,22 +133,32 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
op->info.number = number;
op->info.start = fl->fl_start;
op->info.end = fl->fl_end;
+ /* async handling */
if (fl->fl_lmops && fl->fl_lmops->lm_grant) {
+ op_data = kzalloc(sizeof(*op_data), GFP_NOFS);
+ if (!op_data) {
+ dlm_release_plock_op(op);
+ rv = -ENOMEM;
+ goto out;
+ }
+
/* fl_owner is lockd which doesn't distinguish
processes on the nfs client */
op->info.owner = (__u64) fl->fl_pid;
- op->callback = fl->fl_lmops->lm_grant;
- locks_init_lock(&xop->flc);
- locks_copy_lock(&xop->flc, fl);
- xop->fl = fl;
- xop->file = file;
+ op_data->callback = fl->fl_lmops->lm_grant;
+ locks_init_lock(&op_data->flc);
+ locks_copy_lock(&op_data->flc, fl);
+ op_data->fl = fl;
+ op_data->file = file;
+
+ op->data = op_data;
} else {
op->info.owner = (__u64)(long) fl->fl_owner;
}
send_op(op);
- if (!op->callback) {
+ if (!op->data) {
rv = wait_event_interruptible(recv_wq, (op->done != 0));
if (rv == -ERESTARTSYS) {
log_debug(ls, "dlm_posix_lock: wait killed %llx",
@@ -151,7 +166,7 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
spin_lock(&ops_lock);
list_del(&op->list);
spin_unlock(&ops_lock);
- kfree(xop);
+ dlm_release_plock_op(op);
do_unlock_close(ls, number, file, fl);
goto out;
}
@@ -176,7 +191,7 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
(unsigned long long)number);
}
- kfree(xop);
+ dlm_release_plock_op(op);
out:
dlm_put_lockspace(ls);
return rv;
@@ -186,11 +201,11 @@ EXPORT_SYMBOL_GPL(dlm_posix_lock);
/* Returns failure iff a successful lock operation should be canceled */
static int dlm_plock_callback(struct plock_op *op)
{
+ struct plock_async_data *op_data = op->data;
struct file *file;
struct file_lock *fl;
struct file_lock *flc;
int (*notify)(struct file_lock *fl, int result) = NULL;
- struct plock_xop *xop = (struct plock_xop *)op;
int rv = 0;
spin_lock(&ops_lock);
@@ -202,10 +217,10 @@ static int dlm_plock_callback(struct plock_op *op)
spin_unlock(&ops_lock);
/* check if the following 2 are still valid or make a copy */
- file = xop->file;
- flc = &xop->flc;
- fl = xop->fl;
- notify = op->callback;
+ file = op_data->file;
+ flc = &op_data->flc;
+ fl = op_data->fl;
+ notify = op_data->callback;
if (op->info.rv) {
notify(fl, op->info.rv);
@@ -236,7 +251,7 @@ static int dlm_plock_callback(struct plock_op *op)
}
out:
- kfree(xop);
+ dlm_release_plock_op(op);
return rv;
}
@@ -306,7 +321,7 @@ int dlm_posix_unlock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
rv = 0;
out_free:
- kfree(op);
+ dlm_release_plock_op(op);
out:
dlm_put_lockspace(ls);
fl->fl_flags = fl_flags;
@@ -374,7 +389,7 @@ int dlm_posix_get(dlm_lockspace_t *lockspace, u64 number, struct file *file,
rv = 0;
}
- kfree(op);
+ dlm_release_plock_op(op);
out:
dlm_put_lockspace(ls);
return rv;
@@ -410,7 +425,7 @@ static ssize_t dev_read(struct file *file, char __user *u, size_t count,
(the process did not make an unlock call). */
if (op->info.flags & DLM_PLOCK_FL_CLOSE)
- kfree(op);
+ dlm_release_plock_op(op);
if (copy_to_user(u, &info, sizeof(info)))
return -EFAULT;
@@ -442,7 +457,7 @@ static ssize_t dev_write(struct file *file, const char __user *u, size_t count,
op->info.owner == info.owner) {
list_del_init(&op->list);
memcpy(&op->info, &info, sizeof(info));
- if (op->callback)
+ if (op->data)
do_callback = 1;
else
op->done = 1;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 229/323] dlm: rearrange async condition return
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 228/323] dlm: cleanup plock_op vs plock_xop Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 230/323] fs: dlm: interrupt posix locks only when process is killed Greg Kroah-Hartman
` (97 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Aring, David Teigland,
Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit a800ba77fd285c6391a82819867ac64e9ab3af46 ]
This patch moves the return of FILE_LOCK_DEFERRED a little bit earlier
than checking afterwards again if the request was an asynchronous request.
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Stable-dep-of: 59e45c758ca1 ("fs: dlm: interrupt posix locks only when process is killed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/plock.c | 27 +++++++++++++--------------
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/fs/dlm/plock.c b/fs/dlm/plock.c
index 7912ef3706e26..54ed11013d062 100644
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -152,26 +152,25 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
op_data->file = file;
op->data = op_data;
+
+ send_op(op);
+ rv = FILE_LOCK_DEFERRED;
+ goto out;
} else {
op->info.owner = (__u64)(long) fl->fl_owner;
}
send_op(op);
- if (!op->data) {
- rv = wait_event_interruptible(recv_wq, (op->done != 0));
- if (rv == -ERESTARTSYS) {
- log_debug(ls, "dlm_posix_lock: wait killed %llx",
- (unsigned long long)number);
- spin_lock(&ops_lock);
- list_del(&op->list);
- spin_unlock(&ops_lock);
- dlm_release_plock_op(op);
- do_unlock_close(ls, number, file, fl);
- goto out;
- }
- } else {
- rv = FILE_LOCK_DEFERRED;
+ rv = wait_event_interruptible(recv_wq, (op->done != 0));
+ if (rv == -ERESTARTSYS) {
+ log_debug(ls, "%s: wait killed %llx", __func__,
+ (unsigned long long)number);
+ spin_lock(&ops_lock);
+ list_del(&op->list);
+ spin_unlock(&ops_lock);
+ dlm_release_plock_op(op);
+ do_unlock_close(ls, number, file, fl);
goto out;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 230/323] fs: dlm: interrupt posix locks only when process is killed
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 229/323] dlm: rearrange async condition return Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 231/323] ftrace: Add information on number of page groups allocated Greg Kroah-Hartman
` (96 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Aring, David Teigland,
Sasha Levin
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 59e45c758ca1b9893ac923dd63536da946ac333b ]
If a posix lock request is waiting for a result from user space
(dlm_controld), do not let it be interrupted unless the process
is killed. This reverts commit a6b1533e9a57 ("dlm: make posix locks
interruptible"). The problem with the interruptible change is
that all locks were cleared on any signal interrupt. If a signal
was received that did not terminate the process, the process
could continue running after all its dlm posix locks had been
cleared. A future patch will add cancelation to allow proper
interruption.
Cc: stable@vger.kernel.org
Fixes: a6b1533e9a57 ("dlm: make posix locks interruptible")
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/plock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/dlm/plock.c b/fs/dlm/plock.c
index 54ed11013d062..9fef426ce6f41 100644
--- a/fs/dlm/plock.c
+++ b/fs/dlm/plock.c
@@ -162,7 +162,7 @@ int dlm_posix_lock(dlm_lockspace_t *lockspace, u64 number, struct file *file,
send_op(op);
- rv = wait_event_interruptible(recv_wq, (op->done != 0));
+ rv = wait_event_killable(recv_wq, (op->done != 0));
if (rv == -ERESTARTSYS) {
log_debug(ls, "%s: wait killed %llx", __func__,
(unsigned long long)number);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 231/323] ftrace: Add information on number of page groups allocated
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 230/323] fs: dlm: interrupt posix locks only when process is killed Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 232/323] ftrace: Check if pages were allocated before calling free_pages() Greg Kroah-Hartman
` (95 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Steven Rostedt (VMware), Sasha Levin
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
[ Upstream commit da537f0aef1372c5204356a7df06be8769467b7b ]
Looking for ways to shrink the size of the dyn_ftrace structure, knowing the
information about how many pages and the number of groups of those pages, is
useful in working out the best ways to save on memory.
This adds one info print on how many groups of pages were used to allocate
the ftrace dyn_ftrace structures, and also shows the number of pages and
groups in the dyn_ftrace_total_info (which is used for debugging).
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26efd79c4624 ("ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ftrace.c | 14 ++++++++++++++
kernel/trace/trace.c | 21 +++++++++++++++------
kernel/trace/trace.h | 2 ++
3 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 5c0463dbe16ee..48ab4d750c650 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -2915,6 +2915,8 @@ static void ftrace_shutdown_sysctl(void)
static u64 ftrace_update_time;
unsigned long ftrace_update_tot_cnt;
+unsigned long ftrace_number_of_pages;
+unsigned long ftrace_number_of_groups;
static inline int ops_traces_mod(struct ftrace_ops *ops)
{
@@ -3039,6 +3041,9 @@ static int ftrace_allocate_records(struct ftrace_page *pg, int count)
goto again;
}
+ ftrace_number_of_pages += 1 << order;
+ ftrace_number_of_groups++;
+
cnt = (PAGE_SIZE << order) / ENTRY_SIZE;
pg->size = cnt;
@@ -3094,6 +3099,8 @@ ftrace_allocate_pages(unsigned long num_to_init)
start_pg = pg->next;
kfree(pg);
pg = start_pg;
+ ftrace_number_of_pages -= 1 << order;
+ ftrace_number_of_groups--;
}
pr_info("ftrace: FAILED to allocate memory for functions\n");
return NULL;
@@ -5839,6 +5846,8 @@ void ftrace_release_mod(struct module *mod)
free_pages((unsigned long)pg->records, order);
tmp_page = pg->next;
kfree(pg);
+ ftrace_number_of_pages -= 1 << order;
+ ftrace_number_of_groups--;
}
}
@@ -6184,6 +6193,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr)
*last_pg = pg->next;
order = get_count_order(pg->size / ENTRIES_PER_PAGE);
free_pages((unsigned long)pg->records, order);
+ ftrace_number_of_pages -= 1 << order;
+ ftrace_number_of_groups--;
kfree(pg);
pg = container_of(last_pg, struct ftrace_page, next);
if (!(*last_pg))
@@ -6239,6 +6250,9 @@ void __init ftrace_init(void)
__start_mcount_loc,
__stop_mcount_loc);
+ pr_info("ftrace: allocated %ld pages with %ld groups\n",
+ ftrace_number_of_pages, ftrace_number_of_groups);
+
set_ftrace_early_filters();
return;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 98abff0462366..9da7b10e56d23 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -7107,14 +7107,23 @@ static ssize_t
tracing_read_dyn_info(struct file *filp, char __user *ubuf,
size_t cnt, loff_t *ppos)
{
- unsigned long *p = filp->private_data;
- char buf[64]; /* Not too big for a shallow stack */
+ ssize_t ret;
+ char *buf;
int r;
- r = scnprintf(buf, 63, "%ld", *p);
- buf[r++] = '\n';
+ /* 256 should be plenty to hold the amount needed */
+ buf = kmalloc(256, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
- return simple_read_from_buffer(ubuf, cnt, ppos, buf, r);
+ r = scnprintf(buf, 256, "%ld pages:%ld groups: %ld\n",
+ ftrace_update_tot_cnt,
+ ftrace_number_of_pages,
+ ftrace_number_of_groups);
+
+ ret = simple_read_from_buffer(ubuf, cnt, ppos, buf, r);
+ kfree(buf);
+ return ret;
}
static const struct file_operations tracing_dyn_info_fops = {
@@ -8246,7 +8255,7 @@ static __init int tracer_init_tracefs(void)
#ifdef CONFIG_DYNAMIC_FTRACE
trace_create_file("dyn_ftrace_total_info", 0444, d_tracer,
- &ftrace_update_tot_cnt, &tracing_dyn_info_fops);
+ NULL, &tracing_dyn_info_fops);
#endif
create_trace_instances(d_tracer);
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 0923d1b18d1fb..f4d83b552a477 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -748,6 +748,8 @@ extern void trace_event_follow_fork(struct trace_array *tr, bool enable);
#ifdef CONFIG_DYNAMIC_FTRACE
extern unsigned long ftrace_update_tot_cnt;
+extern unsigned long ftrace_number_of_pages;
+extern unsigned long ftrace_number_of_groups;
void ftrace_init_trace_array(struct trace_array *tr);
#else
static inline void ftrace_init_trace_array(struct trace_array *tr) { }
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 232/323] ftrace: Check if pages were allocated before calling free_pages()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 231/323] ftrace: Add information on number of page groups allocated Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 233/323] ftrace: Store the order of pages allocated in ftrace_page Greg Kroah-Hartman
` (94 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Abaci Robot, Steven Rostedt (VMware),
Sasha Levin
From: Steven Rostedt (VMware) <rostedt@goodmis.org>
[ Upstream commit 59300b36f85f254260c81d9dd09195fa49eb0f98 ]
It is possible that on error pg->size can be zero when getting its order,
which would return a -1 value. It is dangerous to pass in an order of -1
to free_pages(). Check if order is greater than or equal to zero before
calling free_pages().
Link: https://lore.kernel.org/lkml/20210330093916.432697c7@gandalf.local.home/
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26efd79c4624 ("ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ftrace.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 48ab4d750c650..1b92a22086f50 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -3095,7 +3095,8 @@ ftrace_allocate_pages(unsigned long num_to_init)
pg = start_pg;
while (pg) {
order = get_count_order(pg->size / ENTRIES_PER_PAGE);
- free_pages((unsigned long)pg->records, order);
+ if (order >= 0)
+ free_pages((unsigned long)pg->records, order);
start_pg = pg->next;
kfree(pg);
pg = start_pg;
@@ -5843,7 +5844,8 @@ void ftrace_release_mod(struct module *mod)
clear_mod_from_hashes(pg);
order = get_count_order(pg->size / ENTRIES_PER_PAGE);
- free_pages((unsigned long)pg->records, order);
+ if (order >= 0)
+ free_pages((unsigned long)pg->records, order);
tmp_page = pg->next;
kfree(pg);
ftrace_number_of_pages -= 1 << order;
@@ -6192,7 +6194,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr)
if (!pg->index) {
*last_pg = pg->next;
order = get_count_order(pg->size / ENTRIES_PER_PAGE);
- free_pages((unsigned long)pg->records, order);
+ if (order >= 0)
+ free_pages((unsigned long)pg->records, order);
ftrace_number_of_pages -= 1 << order;
ftrace_number_of_groups--;
kfree(pg);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 233/323] ftrace: Store the order of pages allocated in ftrace_page
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 232/323] ftrace: Check if pages were allocated before calling free_pages() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 234/323] ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Greg Kroah-Hartman
` (93 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linus Torvalds,
Steven Rostedt (VMware), Sasha Levin
From: Linus Torvalds <torvalds@linux-foundation.org>
[ Upstream commit db42523b4f3e83ff86b53cdda219a9767c8b047f ]
Instead of saving the size of the records field of the ftrace_page, store
the order it uses to allocate the pages, as that is what is needed to know
in order to free the pages. This simplifies the code.
Link: https://lore.kernel.org/lkml/CAHk-=whyMxheOqXAORt9a7JK9gc9eHTgCJ55Pgs4p=X3RrQubQ@mail.gmail.com/
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[ change log written by Steven Rostedt ]
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Stable-dep-of: 26efd79c4624 ("ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ftrace.c | 35 +++++++++++++++++------------------
1 file changed, 17 insertions(+), 18 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 1b92a22086f50..6b1ba7f510e2c 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1124,7 +1124,7 @@ struct ftrace_page {
struct ftrace_page *next;
struct dyn_ftrace *records;
int index;
- int size;
+ int order;
};
#define ENTRY_SIZE sizeof(struct dyn_ftrace)
@@ -3045,7 +3045,7 @@ static int ftrace_allocate_records(struct ftrace_page *pg, int count)
ftrace_number_of_groups++;
cnt = (PAGE_SIZE << order) / ENTRY_SIZE;
- pg->size = cnt;
+ pg->order = order;
if (cnt > count)
cnt = count;
@@ -3058,7 +3058,6 @@ ftrace_allocate_pages(unsigned long num_to_init)
{
struct ftrace_page *start_pg;
struct ftrace_page *pg;
- int order;
int cnt;
if (!num_to_init)
@@ -3094,13 +3093,13 @@ ftrace_allocate_pages(unsigned long num_to_init)
free_pages:
pg = start_pg;
while (pg) {
- order = get_count_order(pg->size / ENTRIES_PER_PAGE);
- if (order >= 0)
- free_pages((unsigned long)pg->records, order);
+ if (pg->records) {
+ free_pages((unsigned long)pg->records, pg->order);
+ ftrace_number_of_pages -= 1 << pg->order;
+ }
start_pg = pg->next;
kfree(pg);
pg = start_pg;
- ftrace_number_of_pages -= 1 << order;
ftrace_number_of_groups--;
}
pr_info("ftrace: FAILED to allocate memory for functions\n");
@@ -5642,6 +5641,7 @@ static int ftrace_process_locs(struct module *mod,
p = start;
pg = start_pg;
while (p < end) {
+ unsigned long end_offset;
addr = ftrace_call_adjust(*p++);
/*
* Some architecture linkers will pad between
@@ -5652,7 +5652,8 @@ static int ftrace_process_locs(struct module *mod,
if (!addr)
continue;
- if (pg->index == pg->size) {
+ end_offset = (pg->index+1) * sizeof(pg->records[0]);
+ if (end_offset > PAGE_SIZE << pg->order) {
/* We should have allocated enough */
if (WARN_ON(!pg->next))
break;
@@ -5792,7 +5793,6 @@ void ftrace_release_mod(struct module *mod)
struct ftrace_page **last_pg;
struct ftrace_page *tmp_page = NULL;
struct ftrace_page *pg;
- int order;
mutex_lock(&ftrace_lock);
@@ -5843,12 +5843,12 @@ void ftrace_release_mod(struct module *mod)
/* Needs to be called outside of ftrace_lock */
clear_mod_from_hashes(pg);
- order = get_count_order(pg->size / ENTRIES_PER_PAGE);
- if (order >= 0)
- free_pages((unsigned long)pg->records, order);
+ if (pg->records) {
+ free_pages((unsigned long)pg->records, pg->order);
+ ftrace_number_of_pages -= 1 << pg->order;
+ }
tmp_page = pg->next;
kfree(pg);
- ftrace_number_of_pages -= 1 << order;
ftrace_number_of_groups--;
}
}
@@ -6155,7 +6155,6 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr)
struct ftrace_mod_map *mod_map = NULL;
struct ftrace_init_func *func, *func_next;
struct list_head clear_hash;
- int order;
INIT_LIST_HEAD(&clear_hash);
@@ -6193,10 +6192,10 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr)
ftrace_update_tot_cnt--;
if (!pg->index) {
*last_pg = pg->next;
- order = get_count_order(pg->size / ENTRIES_PER_PAGE);
- if (order >= 0)
- free_pages((unsigned long)pg->records, order);
- ftrace_number_of_pages -= 1 << order;
+ if (pg->records) {
+ free_pages((unsigned long)pg->records, pg->order);
+ ftrace_number_of_pages -= 1 << pg->order;
+ }
ftrace_number_of_groups--;
kfree(pg);
pg = container_of(last_pg, struct ftrace_page, next);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 234/323] ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 233/323] ftrace: Store the order of pages allocated in ftrace_page Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 235/323] scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c Greg Kroah-Hartman
` (92 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Steven Rostedt, Zheng Yejian,
Sasha Levin
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit 26efd79c4624294e553aeaa3439c646729bad084 ]
As comments in ftrace_process_locs(), there may be NULL pointers in
mcount_loc section:
> Some architecture linkers will pad between
> the different mcount_loc sections of different
> object files to satisfy alignments.
> Skip any NULL pointers.
After commit 20e5227e9f55 ("ftrace: allow NULL pointers in mcount_loc"),
NULL pointers will be accounted when allocating ftrace pages but skipped
before adding into ftrace pages, this may result in some pages not being
used. Then after commit 706c81f87f84 ("ftrace: Remove extra helper
functions"), warning may occur at:
WARN_ON(pg->next);
To fix it, only warn for case that no pointers skipped but pages not used
up, then free those unused pages after releasing ftrace_lock.
Link: https://lore.kernel.org/linux-trace-kernel/20230712060452.3175675-1-zhengyejian1@huawei.com
Cc: stable@vger.kernel.org
Fixes: 706c81f87f84 ("ftrace: Remove extra helper functions")
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ftrace.c | 45 +++++++++++++++++++++++++++++--------------
1 file changed, 31 insertions(+), 14 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 6b1ba7f510e2c..81f5c9c85d066 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -3053,6 +3053,22 @@ static int ftrace_allocate_records(struct ftrace_page *pg, int count)
return cnt;
}
+static void ftrace_free_pages(struct ftrace_page *pages)
+{
+ struct ftrace_page *pg = pages;
+
+ while (pg) {
+ if (pg->records) {
+ free_pages((unsigned long)pg->records, pg->order);
+ ftrace_number_of_pages -= 1 << pg->order;
+ }
+ pages = pg->next;
+ kfree(pg);
+ pg = pages;
+ ftrace_number_of_groups--;
+ }
+}
+
static struct ftrace_page *
ftrace_allocate_pages(unsigned long num_to_init)
{
@@ -3091,17 +3107,7 @@ ftrace_allocate_pages(unsigned long num_to_init)
return start_pg;
free_pages:
- pg = start_pg;
- while (pg) {
- if (pg->records) {
- free_pages((unsigned long)pg->records, pg->order);
- ftrace_number_of_pages -= 1 << pg->order;
- }
- start_pg = pg->next;
- kfree(pg);
- pg = start_pg;
- ftrace_number_of_groups--;
- }
+ ftrace_free_pages(start_pg);
pr_info("ftrace: FAILED to allocate memory for functions\n");
return NULL;
}
@@ -5593,9 +5599,11 @@ static int ftrace_process_locs(struct module *mod,
unsigned long *start,
unsigned long *end)
{
+ struct ftrace_page *pg_unuse = NULL;
struct ftrace_page *start_pg;
struct ftrace_page *pg;
struct dyn_ftrace *rec;
+ unsigned long skipped = 0;
unsigned long count;
unsigned long *p;
unsigned long addr;
@@ -5649,8 +5657,10 @@ static int ftrace_process_locs(struct module *mod,
* object files to satisfy alignments.
* Skip any NULL pointers.
*/
- if (!addr)
+ if (!addr) {
+ skipped++;
continue;
+ }
end_offset = (pg->index+1) * sizeof(pg->records[0]);
if (end_offset > PAGE_SIZE << pg->order) {
@@ -5664,8 +5674,10 @@ static int ftrace_process_locs(struct module *mod,
rec->ip = addr;
}
- /* We should have used all pages */
- WARN_ON(pg->next);
+ if (pg->next) {
+ pg_unuse = pg->next;
+ pg->next = NULL;
+ }
/* Assign the last page to ftrace_pages */
ftrace_pages = pg;
@@ -5687,6 +5699,11 @@ static int ftrace_process_locs(struct module *mod,
out:
mutex_unlock(&ftrace_lock);
+ /* We should have used all pages unless we skipped some */
+ if (pg_unuse) {
+ WARN_ON(!skipped);
+ ftrace_free_pages(pg_unuse);
+ }
return ret;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 235/323] scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 234/323] ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 236/323] scsi: qla2xxx: Array index may go out of bound Greg Kroah-Hartman
` (91 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hulk Robot, Himanshu Madhani,
Nilesh Javali, Ye Bin, Martin K. Petersen, Sasha Levin
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit 250bd00923c72c846092271a9e51ee373db081b6 ]
Fix the following warnings:
[drivers/scsi/qla2xxx/qla_os.c:4882]: (warning) %ld in format string (no. 2)
requires 'long' but the argument type is 'unsigned long'.
[drivers/scsi/qla2xxx/qla_os.c:5011]: (warning) %ld in format string (no. 1)
requires 'long' but the argument type is 'unsigned long'.
Link: https://lore.kernel.org/r/20200930022515.2862532-3-yebin10@huawei.com
Reported-by: Hulk Robot <hulkci@huawei.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Ye Bin <yebin10@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Stable-dep-of: d721b591b95c ("scsi: qla2xxx: Array index may go out of bound")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_os.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 7863ad1390f8a..73f3e51ce9798 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -4604,7 +4604,7 @@ struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *sht,
}
INIT_DELAYED_WORK(&vha->scan.scan_work, qla_scan_work_fn);
- sprintf(vha->host_str, "%s_%ld", QLA2XXX_DRIVER_NAME, vha->host_no);
+ sprintf(vha->host_str, "%s_%lu", QLA2XXX_DRIVER_NAME, vha->host_no);
ql_dbg(ql_dbg_init, vha, 0x0041,
"Allocated the host=%p hw=%p vha=%p dev_name=%s",
vha->host, vha->hw, vha,
@@ -4735,7 +4735,7 @@ qla2x00_uevent_emit(struct scsi_qla_host *vha, u32 code)
switch (code) {
case QLA_UEVENT_CODE_FW_DUMP:
- snprintf(event_string, sizeof(event_string), "FW_DUMP=%ld",
+ snprintf(event_string, sizeof(event_string), "FW_DUMP=%lu",
vha->host_no);
break;
default:
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 236/323] scsi: qla2xxx: Array index may go out of bound
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 235/323] scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 237/323] ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Greg Kroah-Hartman
` (90 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bikash Hazarika, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen, Sasha Levin
From: Nilesh Javali <njavali@marvell.com>
[ Upstream commit d721b591b95cf3f290f8a7cbe90aa2ee0368388d ]
Klocwork reports array 'vha->host_str' of size 16 may use index value(s)
16..19. Use snprintf() instead of sprintf().
Cc: stable@vger.kernel.org
Co-developed-by: Bikash Hazarika <bhazarika@marvell.com>
Signed-off-by: Bikash Hazarika <bhazarika@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230607113843.37185-2-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/qla2xxx/qla_os.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 73f3e51ce9798..4580774b2c3e7 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -4604,7 +4604,8 @@ struct scsi_qla_host *qla2x00_create_host(struct scsi_host_template *sht,
}
INIT_DELAYED_WORK(&vha->scan.scan_work, qla_scan_work_fn);
- sprintf(vha->host_str, "%s_%lu", QLA2XXX_DRIVER_NAME, vha->host_no);
+ snprintf(vha->host_str, sizeof(vha->host_str), "%s_%lu",
+ QLA2XXX_DRIVER_NAME, vha->host_no);
ql_dbg(ql_dbg_init, vha, 0x0041,
"Allocated the host=%p hw=%p vha=%p dev_name=%s",
vha->host, vha->hw, vha,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 237/323] ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 236/323] scsi: qla2xxx: Array index may go out of bound Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 238/323] i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() Greg Kroah-Hartman
` (89 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Chao Yu, Theodore Tso,
Sasha Levin
From: Chao Yu <chao@kernel.org>
[ Upstream commit c4d13222afd8a64bf11bc7ec68645496ee8b54b9 ]
freeze_bdev() can fail due to a lot of reasons, it needs to check its
reason before later process.
Fixes: 783d94854499 ("ext4: add EXT4_IOC_GOINGDOWN ioctl")
Cc: stable@kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Link: https://lore.kernel.org/r/20230606073203.1310389-1-chao@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/ioctl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index b930e8d559d41..43e036f0b661d 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -561,6 +561,7 @@ static int ext4_shutdown(struct super_block *sb, unsigned long arg)
{
struct ext4_sb_info *sbi = EXT4_SB(sb);
__u32 flags;
+ struct super_block *ret;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -579,7 +580,9 @@ static int ext4_shutdown(struct super_block *sb, unsigned long arg)
switch (flags) {
case EXT4_GOING_FLAGS_DEFAULT:
- freeze_bdev(sb->s_bdev);
+ ret = freeze_bdev(sb->s_bdev);
+ if (IS_ERR(ret))
+ return PTR_ERR(ret);
set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
thaw_bdev(sb->s_bdev, sb);
break;
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 238/323] i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 237/323] ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 239/323] phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() Greg Kroah-Hartman
` (88 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wang Ming, Tony Nguyen, Sasha Levin,
Pucha Himasekhar Reddy
From: Wang Ming <machel@vivo.com>
[ Upstream commit 043b1f185fb0f3939b7427f634787706f45411c4 ]
The debugfs_create_dir() function returns error pointers.
It never returns NULL. Most incorrect error checks were fixed,
but the one in i40e_dbg_init() was forgotten.
Fix the remaining error check.
Fixes: 02e9c290814c ("i40e: debugfs interface")
Signed-off-by: Wang Ming <machel@vivo.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
index a66492b9403c4..5b82c89330e30 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_debugfs.c
@@ -1798,7 +1798,7 @@ void i40e_dbg_pf_exit(struct i40e_pf *pf)
void i40e_dbg_init(void)
{
i40e_dbg_root = debugfs_create_dir(i40e_driver_name, NULL);
- if (!i40e_dbg_root)
+ if (IS_ERR(i40e_dbg_root))
pr_info("init of debugfs failed\n");
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 239/323] phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 238/323] i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 240/323] ethernet: atheros: fix return value check in atl1e_tso_csum() Greg Kroah-Hartman
` (87 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Harshit Mogalapalli,
Vinod Koul, Sasha Levin
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit 13c088cf3657d70893d75cf116be937f1509cc0f ]
The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM.
In the for loop, 'i' is used as the index for array 'priv->ports[]'
with a check (i > INNO_PHY_PORT_NUM) which indicates that
INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop.
This > comparison needs to be changed to >=, otherwise it potentially leads
to an out of bounds write on the next iteration through the loop
Fixes: ba8b0ee81fbb ("phy: add inno-usb2-phy driver for hi3798cv200 SoC")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20230721090558.3588613-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/hisilicon/phy-hisi-inno-usb2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/phy/hisilicon/phy-hisi-inno-usb2.c b/drivers/phy/hisilicon/phy-hisi-inno-usb2.c
index 524381249a2b8..b51e19402ab0c 100644
--- a/drivers/phy/hisilicon/phy-hisi-inno-usb2.c
+++ b/drivers/phy/hisilicon/phy-hisi-inno-usb2.c
@@ -167,7 +167,7 @@ static int hisi_inno_phy_probe(struct platform_device *pdev)
phy_set_drvdata(phy, &priv->ports[i]);
i++;
- if (i > INNO_PHY_PORT_NUM) {
+ if (i >= INNO_PHY_PORT_NUM) {
dev_warn(dev, "Support %d ports in maximum\n", i);
break;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 240/323] ethernet: atheros: fix return value check in atl1e_tso_csum()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 239/323] phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 241/323] ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address Greg Kroah-Hartman
` (86 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuanjun Gong, Simon Horman,
Jakub Kicinski, Sasha Levin
From: Yuanjun Gong <ruc_gongyuanjun@163.com>
[ Upstream commit 69a184f7a372aac588babfb0bd681aaed9779f5b ]
in atl1e_tso_csum, it should check the return value of pskb_trim(),
and return an error code if an unexpected value is returned
by pskb_trim().
Fixes: a6a5325239c2 ("atl1e: Atheros L1E Gigabit Ethernet driver")
Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230720144219.39285-1-ruc_gongyuanjun@163.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
index 3164aad29bcf8..e4d58c7aeaf82 100644
--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
@@ -1651,8 +1651,11 @@ static int atl1e_tso_csum(struct atl1e_adapter *adapter,
real_len = (((unsigned char *)ip_hdr(skb) - skb->data)
+ ntohs(ip_hdr(skb)->tot_len));
- if (real_len < skb->len)
- pskb_trim(skb, real_len);
+ if (real_len < skb->len) {
+ err = pskb_trim(skb, real_len);
+ if (err)
+ return err;
+ }
hdr_len = (skb_transport_offset(skb) + tcp_hdrlen(skb));
if (unlikely(skb->len == hdr_len)) {
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 241/323] ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 240/323] ethernet: atheros: fix return value check in atl1e_tso_csum() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 242/323] tcp: Reduce chance of collisions in inet6_hashfn() Greg Kroah-Hartman
` (85 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Pirko, Xiao Ma,
Maciej Żenczykowski, David Ahern, Jakub Kicinski,
Sasha Levin
From: Maciej Żenczykowski <maze@google.com>
[ Upstream commit 69172f0bcb6a09110c5d2a6d792627f5095a9018 ]
currently on 6.4 net/main:
# ip link add dummy1 type dummy
# echo 1 > /proc/sys/net/ipv6/conf/dummy1/use_tempaddr
# ip link set dummy1 up
# ip -6 addr add 2000::1/64 mngtmpaddr dev dummy1
# ip -6 addr show dev dummy1
11: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet6 2000::44f3:581c:8ca:3983/64 scope global temporary dynamic
valid_lft 604800sec preferred_lft 86172sec
inet6 2000::1/64 scope global mngtmpaddr
valid_lft forever preferred_lft forever
inet6 fe80::e8a8:a6ff:fed5:56d4/64 scope link
valid_lft forever preferred_lft forever
# ip -6 addr del 2000::44f3:581c:8ca:3983/64 dev dummy1
(can wait a few seconds if you want to, the above delete isn't [directly] the problem)
# ip -6 addr show dev dummy1
11: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet6 2000::1/64 scope global mngtmpaddr
valid_lft forever preferred_lft forever
inet6 fe80::e8a8:a6ff:fed5:56d4/64 scope link
valid_lft forever preferred_lft forever
# ip -6 addr del 2000::1/64 mngtmpaddr dev dummy1
# ip -6 addr show dev dummy1
11: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
inet6 2000::81c9:56b7:f51a:b98f/64 scope global temporary dynamic
valid_lft 604797sec preferred_lft 86169sec
inet6 fe80::e8a8:a6ff:fed5:56d4/64 scope link
valid_lft forever preferred_lft forever
This patch prevents this new 'global temporary dynamic' address from being
created by the deletion of the related (same subnet prefix) 'mngtmpaddr'
(which is triggered by there already being no temporary addresses).
Cc: Jiri Pirko <jiri@resnulli.us>
Fixes: 53bd67491537 ("ipv6 addrconf: introduce IFA_F_MANAGETEMPADDR to tell kernel to manage temporary addresses")
Reported-by: Xiao Ma <xiaom@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20230720160022.1887942-1-maze@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/addrconf.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 23edc325f70be..5c5c5736f6892 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2488,12 +2488,18 @@ static void manage_tempaddrs(struct inet6_dev *idev,
ipv6_ifa_notify(0, ift);
}
- if ((create || list_empty(&idev->tempaddr_list)) &&
- idev->cnf.use_tempaddr > 0) {
+ /* Also create a temporary address if it's enabled but no temporary
+ * address currently exists.
+ * However, we get called with valid_lft == 0, prefered_lft == 0, create == false
+ * as part of cleanup (ie. deleting the mngtmpaddr).
+ * We don't want that to result in creating a new temporary ip address.
+ */
+ if (list_empty(&idev->tempaddr_list) && (valid_lft || prefered_lft))
+ create = true;
+
+ if (create && idev->cnf.use_tempaddr > 0) {
/* When a new public address is created as described
* in [ADDRCONF], also create a new temporary address.
- * Also create a temporary address if it's enabled but
- * no temporary address currently exists.
*/
read_unlock_bh(&idev->lock);
ipv6_create_tempaddr(ifp, NULL, false);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 242/323] tcp: Reduce chance of collisions in inet6_hashfn().
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 241/323] ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 243/323] bonding: reset bonds flags when down link is P2P device Greg Kroah-Hartman
` (84 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stewart Smith, Samuel Mendoza-Jonas,
Eric Dumazet, Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Stewart Smith <trawets@amazon.com>
[ Upstream commit d11b0df7ddf1831f3e170972f43186dad520bfcc ]
For both IPv4 and IPv6 incoming TCP connections are tracked in a hash
table with a hash over the source & destination addresses and ports.
However, the IPv6 hash is insufficient and can lead to a high rate of
collisions.
The IPv6 hash used an XOR to fit everything into the 96 bits for the
fast jenkins hash, meaning it is possible for an external entity to
ensure the hash collides, thus falling back to a linear search in the
bucket, which is slow.
We take the approach of hash the full length of IPv6 address in
__ipv6_addr_jhash() so that all users can benefit from a more secure
version.
While this may look like it adds overhead, the reality of modern CPUs
means that this is unmeasurable in real world scenarios.
In simulating with llvm-mca, the increase in cycles for the hashing
code was ~16 cycles on Skylake (from a base of ~155), and an extra ~9
on Nehalem (base of ~173).
In commit dd6d2910c5e0 ("netfilter: conntrack: switch to siphash")
netfilter switched from a jenkins hash to a siphash, but even the faster
hsiphash is a more significant overhead (~20-30%) in some preliminary
testing. So, in this patch, we keep to the more conservative approach to
ensure we don't add much overhead per SYN.
In testing, this results in a consistently even spread across the
connection buckets. In both testing and real-world scenarios, we have
not found any measurable performance impact.
Fixes: 08dcdbf6a7b9 ("ipv6: use a stronger hash for tcp")
Signed-off-by: Stewart Smith <trawets@amazon.com>
Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230721222410.17914-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/ipv6.h | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 0c883249814cc..3a55a0931ed86 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -602,12 +602,8 @@ static inline u32 ipv6_addr_hash(const struct in6_addr *a)
/* more secured version of ipv6_addr_hash() */
static inline u32 __ipv6_addr_jhash(const struct in6_addr *a, const u32 initval)
{
- u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1];
-
- return jhash_3words(v,
- (__force u32)a->s6_addr32[2],
- (__force u32)a->s6_addr32[3],
- initval);
+ return jhash2((__force const u32 *)a->s6_addr32,
+ ARRAY_SIZE(a->s6_addr32), initval);
}
static inline bool ipv6_addr_loopback(const struct in6_addr *a)
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 243/323] bonding: reset bonds flags when down link is P2P device
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 242/323] tcp: Reduce chance of collisions in inet6_hashfn() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 244/323] team: reset teams " Greg Kroah-Hartman
` (83 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liang Li, Hangbin Liu, Paolo Abeni,
Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit da19a2b967cf1e2c426f50d28550d1915214a81d ]
When adding a point to point downlink to the bond, we neglected to reset
the bond's flags, which were still using flags like BROADCAST and
MULTICAST. Consequently, this would initiate ARP/DAD for P2P downlink
interfaces, such as when adding a GRE device to the bonding.
To address this issue, let's reset the bond's flags for P2P interfaces.
Before fix:
7: gre0@NONE: <POINTOPOINT,NOARP,SLAVE,UP,LOWER_UP> mtu 1500 qdisc noqueue master bond0 state UNKNOWN group default qlen 1000
link/gre6 2006:70:10::1 peer 2006:70:10::2 permaddr 167f:18:f188::
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/gre6 2006:70:10::1 brd 2006:70:10::2
inet6 fe80::200:ff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
After fix:
7: gre0@NONE: <POINTOPOINT,NOARP,SLAVE,UP,LOWER_UP> mtu 1500 qdisc noqueue master bond2 state UNKNOWN group default qlen 1000
link/gre6 2006:70:10::1 peer 2006:70:10::2 permaddr c29e:557a:e9d9::
8: bond0: <POINTOPOINT,NOARP,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/gre6 2006:70:10::1 peer 2006:70:10::2
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
Reported-by: Liang Li <liali@redhat.com>
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2221438
Fixes: 872254dd6b1f ("net/bonding: Enable bonding to enslave non ARPHRD_ETHER")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/bonding/bond_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 4e4adacb5c2c1..47e02c5342b28 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1128,6 +1128,11 @@ static void bond_setup_by_slave(struct net_device *bond_dev,
memcpy(bond_dev->broadcast, slave_dev->broadcast,
slave_dev->addr_len);
+
+ if (slave_dev->flags & IFF_POINTOPOINT) {
+ bond_dev->flags &= ~(IFF_BROADCAST | IFF_MULTICAST);
+ bond_dev->flags |= (IFF_POINTOPOINT | IFF_NOARP);
+ }
}
/* On bonding slaves other than the currently active slave, suppress
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 244/323] team: reset teams flags when down link is P2P device
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 243/323] bonding: reset bonds flags when down link is P2P device Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 245/323] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 Greg Kroah-Hartman
` (82 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Liang Li, Hangbin Liu, Paolo Abeni,
Sasha Levin
From: Hangbin Liu <liuhangbin@gmail.com>
[ Upstream commit fa532bee17d15acf8bba4bc8e2062b7a093ba801 ]
When adding a point to point downlink to team device, we neglected to reset
the team's flags, which were still using flags like BROADCAST and
MULTICAST. Consequently, this would initiate ARP/DAD for P2P downlink
interfaces, such as when adding a GRE device to team device. Fix this by
remove multicast/broadcast flags and add p2p and noarp flags.
After removing the none ethernet interface and adding an ethernet interface
to team, we need to reset team interface flags. Unlike bonding interface,
team do not need restore IFF_MASTER, IFF_SLAVE flags.
Reported-by: Liang Li <liali@redhat.com>
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2221438
Fixes: 1d76efe1577b ("team: add support for non-ethernet devices")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/team/team.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 2410f08e2bb5c..d80bc5f59b3fc 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -2103,6 +2103,15 @@ static void team_setup_by_port(struct net_device *dev,
dev->mtu = port_dev->mtu;
memcpy(dev->broadcast, port_dev->broadcast, port_dev->addr_len);
eth_hw_addr_inherit(dev, port_dev);
+
+ if (port_dev->flags & IFF_POINTOPOINT) {
+ dev->flags &= ~(IFF_BROADCAST | IFF_MULTICAST);
+ dev->flags |= (IFF_POINTOPOINT | IFF_NOARP);
+ } else if ((port_dev->flags & (IFF_BROADCAST | IFF_MULTICAST)) ==
+ (IFF_BROADCAST | IFF_MULTICAST)) {
+ dev->flags |= (IFF_BROADCAST | IFF_MULTICAST);
+ dev->flags &= ~(IFF_POINTOPOINT | IFF_NOARP);
+ }
}
static int team_dev_type_check_change(struct net_device *dev,
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 245/323] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 244/323] team: reset teams " Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 246/323] net/sched: mqprio: refactor nlattr parsing to a separate function Greg Kroah-Hartman
` (81 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxim Mikityanskiy, Hans de Goede,
Sasha Levin
From: Maxim Mikityanskiy <maxtram95@gmail.com>
[ Upstream commit ad084a6d99bc182bf109c190c808e2ea073ec57b ]
Only the HW rfkill state is toggled on laptops with quirks->ec_read_only
(so far only MSI Wind U90/U100). There are, however, a few issues with
the implementation:
1. The initial HW state is always unblocked, regardless of the actual
state on boot, because msi_init_rfkill only sets the SW state,
regardless of ec_read_only.
2. The initial SW state corresponds to the actual state on boot, but it
can't be changed afterwards, because set_device_state returns
-EOPNOTSUPP. It confuses the userspace, making Wi-Fi and/or Bluetooth
unusable if it was blocked on boot, and breaking the airplane mode if
the rfkill was unblocked on boot.
Address the above issues by properly initializing the HW state on
ec_read_only laptops and by allowing the userspace to toggle the SW
state. Don't set the SW state ourselves and let the userspace fully
control it. Toggling the SW state is a no-op, however, it allows the
userspace to properly toggle the airplane mode. The actual SW radio
disablement is handled by the corresponding rtl818x_pci and btusb
drivers that have their own rfkills.
Tested on MSI Wind U100 Plus, BIOS ver 1.0G, EC ver 130.
Fixes: 0816392b97d4 ("msi-laptop: merge quirk tables to one")
Fixes: 0de6575ad0a8 ("msi-laptop: Add MSI Wind U90/U100 support")
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Link: https://lore.kernel.org/r/20230721145423.161057-1-maxtram95@gmail.com
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/msi-laptop.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
index 42b31c549db00..1781e67781a55 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -223,7 +223,7 @@ static ssize_t set_device_state(const char *buf, size_t count, u8 mask)
return -EINVAL;
if (quirks->ec_read_only)
- return -EOPNOTSUPP;
+ return 0;
/* read current device state */
result = ec_read(MSI_STANDARD_EC_COMMAND_ADDRESS, &rdata);
@@ -854,15 +854,15 @@ static bool msi_laptop_i8042_filter(unsigned char data, unsigned char str,
static void msi_init_rfkill(struct work_struct *ignored)
{
if (rfk_wlan) {
- rfkill_set_sw_state(rfk_wlan, !wlan_s);
+ msi_rfkill_set_state(rfk_wlan, !wlan_s);
rfkill_wlan_set(NULL, !wlan_s);
}
if (rfk_bluetooth) {
- rfkill_set_sw_state(rfk_bluetooth, !bluetooth_s);
+ msi_rfkill_set_state(rfk_bluetooth, !bluetooth_s);
rfkill_bluetooth_set(NULL, !bluetooth_s);
}
if (rfk_threeg) {
- rfkill_set_sw_state(rfk_threeg, !threeg_s);
+ msi_rfkill_set_state(rfk_threeg, !threeg_s);
rfkill_threeg_set(NULL, !threeg_s);
}
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 246/323] net/sched: mqprio: refactor nlattr parsing to a separate function
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 245/323] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 247/323] net/sched: mqprio: add extack to mqprio_parse_nlattr() Greg Kroah-Hartman
` (80 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Jacob Keller,
Simon Horman, David S. Miller, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit feb2cf3dcfb930aec2ca65c66d1365543d5ba943 ]
mqprio_init() is quite large and unwieldy to add more code to.
Split the netlink attribute parsing to a dedicated function.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 6c58c8816abb ("net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_mqprio.c | 114 +++++++++++++++++++++++------------------
1 file changed, 63 insertions(+), 51 deletions(-)
diff --git a/net/sched/sch_mqprio.c b/net/sched/sch_mqprio.c
index 64d7f876d7de2..7726d8f623027 100644
--- a/net/sched/sch_mqprio.c
+++ b/net/sched/sch_mqprio.c
@@ -132,6 +132,67 @@ static int parse_attr(struct nlattr *tb[], int maxtype, struct nlattr *nla,
return 0;
}
+static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
+ struct nlattr *opt)
+{
+ struct mqprio_sched *priv = qdisc_priv(sch);
+ struct nlattr *tb[TCA_MQPRIO_MAX + 1];
+ struct nlattr *attr;
+ int i, rem, err;
+
+ err = parse_attr(tb, TCA_MQPRIO_MAX, opt, mqprio_policy,
+ sizeof(*qopt));
+ if (err < 0)
+ return err;
+
+ if (!qopt->hw)
+ return -EINVAL;
+
+ if (tb[TCA_MQPRIO_MODE]) {
+ priv->flags |= TC_MQPRIO_F_MODE;
+ priv->mode = *(u16 *)nla_data(tb[TCA_MQPRIO_MODE]);
+ }
+
+ if (tb[TCA_MQPRIO_SHAPER]) {
+ priv->flags |= TC_MQPRIO_F_SHAPER;
+ priv->shaper = *(u16 *)nla_data(tb[TCA_MQPRIO_SHAPER]);
+ }
+
+ if (tb[TCA_MQPRIO_MIN_RATE64]) {
+ if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
+ return -EINVAL;
+ i = 0;
+ nla_for_each_nested(attr, tb[TCA_MQPRIO_MIN_RATE64],
+ rem) {
+ if (nla_type(attr) != TCA_MQPRIO_MIN_RATE64)
+ return -EINVAL;
+ if (i >= qopt->num_tc)
+ break;
+ priv->min_rate[i] = *(u64 *)nla_data(attr);
+ i++;
+ }
+ priv->flags |= TC_MQPRIO_F_MIN_RATE;
+ }
+
+ if (tb[TCA_MQPRIO_MAX_RATE64]) {
+ if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
+ return -EINVAL;
+ i = 0;
+ nla_for_each_nested(attr, tb[TCA_MQPRIO_MAX_RATE64],
+ rem) {
+ if (nla_type(attr) != TCA_MQPRIO_MAX_RATE64)
+ return -EINVAL;
+ if (i >= qopt->num_tc)
+ break;
+ priv->max_rate[i] = *(u64 *)nla_data(attr);
+ i++;
+ }
+ priv->flags |= TC_MQPRIO_F_MAX_RATE;
+ }
+
+ return 0;
+}
+
static int mqprio_init(struct Qdisc *sch, struct nlattr *opt,
struct netlink_ext_ack *extack)
{
@@ -141,9 +202,6 @@ static int mqprio_init(struct Qdisc *sch, struct nlattr *opt,
struct Qdisc *qdisc;
int i, err = -EOPNOTSUPP;
struct tc_mqprio_qopt *qopt = NULL;
- struct nlattr *tb[TCA_MQPRIO_MAX + 1];
- struct nlattr *attr;
- int rem;
int len;
BUILD_BUG_ON(TC_MAX_QUEUE != TC_QOPT_MAX_QUEUE);
@@ -168,55 +226,9 @@ static int mqprio_init(struct Qdisc *sch, struct nlattr *opt,
len = nla_len(opt) - NLA_ALIGN(sizeof(*qopt));
if (len > 0) {
- err = parse_attr(tb, TCA_MQPRIO_MAX, opt, mqprio_policy,
- sizeof(*qopt));
- if (err < 0)
+ err = mqprio_parse_nlattr(sch, qopt, opt);
+ if (err)
return err;
-
- if (!qopt->hw)
- return -EINVAL;
-
- if (tb[TCA_MQPRIO_MODE]) {
- priv->flags |= TC_MQPRIO_F_MODE;
- priv->mode = *(u16 *)nla_data(tb[TCA_MQPRIO_MODE]);
- }
-
- if (tb[TCA_MQPRIO_SHAPER]) {
- priv->flags |= TC_MQPRIO_F_SHAPER;
- priv->shaper = *(u16 *)nla_data(tb[TCA_MQPRIO_SHAPER]);
- }
-
- if (tb[TCA_MQPRIO_MIN_RATE64]) {
- if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
- return -EINVAL;
- i = 0;
- nla_for_each_nested(attr, tb[TCA_MQPRIO_MIN_RATE64],
- rem) {
- if (nla_type(attr) != TCA_MQPRIO_MIN_RATE64)
- return -EINVAL;
- if (i >= qopt->num_tc)
- break;
- priv->min_rate[i] = *(u64 *)nla_data(attr);
- i++;
- }
- priv->flags |= TC_MQPRIO_F_MIN_RATE;
- }
-
- if (tb[TCA_MQPRIO_MAX_RATE64]) {
- if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
- return -EINVAL;
- i = 0;
- nla_for_each_nested(attr, tb[TCA_MQPRIO_MAX_RATE64],
- rem) {
- if (nla_type(attr) != TCA_MQPRIO_MAX_RATE64)
- return -EINVAL;
- if (i >= qopt->num_tc)
- break;
- priv->max_rate[i] = *(u64 *)nla_data(attr);
- i++;
- }
- priv->flags |= TC_MQPRIO_F_MAX_RATE;
- }
}
/* pre-allocate qdisc, attachment can't fail */
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 247/323] net/sched: mqprio: add extack to mqprio_parse_nlattr()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 246/323] net/sched: mqprio: refactor nlattr parsing to a separate function Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 248/323] net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 Greg Kroah-Hartman
` (79 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Ferenc Fejes,
Simon Horman, Jamal Hadi Salim, Jakub Kicinski, Sasha Levin
From: Vladimir Oltean <vladimir.oltean@nxp.com>
[ Upstream commit 57f21bf85400abadac0cb2a4db5de1d663f8863f ]
Netlink attribute parsing in mqprio is a minesweeper game, with many
options having the possibility of being passed incorrectly and the user
being none the wiser.
Try to make errors less sour by giving user space some information
regarding what went wrong.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Ferenc Fejes <fejes@inf.elte.hu>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 6c58c8816abb ("net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_mqprio.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/net/sched/sch_mqprio.c b/net/sched/sch_mqprio.c
index 7726d8f623027..c9bdb4476a5bc 100644
--- a/net/sched/sch_mqprio.c
+++ b/net/sched/sch_mqprio.c
@@ -133,7 +133,8 @@ static int parse_attr(struct nlattr *tb[], int maxtype, struct nlattr *nla,
}
static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
- struct nlattr *opt)
+ struct nlattr *opt,
+ struct netlink_ext_ack *extack)
{
struct mqprio_sched *priv = qdisc_priv(sch);
struct nlattr *tb[TCA_MQPRIO_MAX + 1];
@@ -145,8 +146,11 @@ static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
if (err < 0)
return err;
- if (!qopt->hw)
+ if (!qopt->hw) {
+ NL_SET_ERR_MSG(extack,
+ "mqprio TCA_OPTIONS can only contain netlink attributes in hardware mode");
return -EINVAL;
+ }
if (tb[TCA_MQPRIO_MODE]) {
priv->flags |= TC_MQPRIO_F_MODE;
@@ -159,13 +163,19 @@ static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
}
if (tb[TCA_MQPRIO_MIN_RATE64]) {
- if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
+ if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE) {
+ NL_SET_ERR_MSG_ATTR(extack, tb[TCA_MQPRIO_MIN_RATE64],
+ "min_rate accepted only when shaper is in bw_rlimit mode");
return -EINVAL;
+ }
i = 0;
nla_for_each_nested(attr, tb[TCA_MQPRIO_MIN_RATE64],
rem) {
- if (nla_type(attr) != TCA_MQPRIO_MIN_RATE64)
+ if (nla_type(attr) != TCA_MQPRIO_MIN_RATE64) {
+ NL_SET_ERR_MSG_ATTR(extack, attr,
+ "Attribute type expected to be TCA_MQPRIO_MIN_RATE64");
return -EINVAL;
+ }
if (i >= qopt->num_tc)
break;
priv->min_rate[i] = *(u64 *)nla_data(attr);
@@ -175,13 +185,19 @@ static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
}
if (tb[TCA_MQPRIO_MAX_RATE64]) {
- if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
+ if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE) {
+ NL_SET_ERR_MSG_ATTR(extack, tb[TCA_MQPRIO_MAX_RATE64],
+ "max_rate accepted only when shaper is in bw_rlimit mode");
return -EINVAL;
+ }
i = 0;
nla_for_each_nested(attr, tb[TCA_MQPRIO_MAX_RATE64],
rem) {
- if (nla_type(attr) != TCA_MQPRIO_MAX_RATE64)
+ if (nla_type(attr) != TCA_MQPRIO_MAX_RATE64) {
+ NL_SET_ERR_MSG_ATTR(extack, attr,
+ "Attribute type expected to be TCA_MQPRIO_MAX_RATE64");
return -EINVAL;
+ }
if (i >= qopt->num_tc)
break;
priv->max_rate[i] = *(u64 *)nla_data(attr);
@@ -226,7 +242,7 @@ static int mqprio_init(struct Qdisc *sch, struct nlattr *opt,
len = nla_len(opt) - NLA_ALIGN(sizeof(*qopt));
if (len > 0) {
- err = mqprio_parse_nlattr(sch, qopt, opt);
+ err = mqprio_parse_nlattr(sch, qopt, opt, extack);
if (err)
return err;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 248/323] net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 247/323] net/sched: mqprio: add extack to mqprio_parse_nlattr() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 249/323] benet: fix return value check in be_lancer_xmit_workarounds() Greg Kroah-Hartman
` (78 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Victor Nogueira, Lin Ma,
Jakub Kicinski, Sasha Levin
From: Lin Ma <linma@zju.edu.cn>
[ Upstream commit 6c58c8816abb7b93b21fa3b1d0c1726402e5e568 ]
The nla_for_each_nested parsing in function mqprio_parse_nlattr() does
not check the length of the nested attribute. This can lead to an
out-of-attribute read and allow a malformed nlattr (e.g., length 0) to
be viewed as 8 byte integer and passed to priv->max_rate/min_rate.
This patch adds the check based on nla_len() when check the nla_type(),
which ensures that the length of these two attribute must equals
sizeof(u64).
Fixes: 4e8b86c06269 ("mqprio: Introduce new hardware offload mode and shaper in mqprio")
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230725024227.426561-1-linma@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_mqprio.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/net/sched/sch_mqprio.c b/net/sched/sch_mqprio.c
index c9bdb4476a5bc..c0ab1e38e80c6 100644
--- a/net/sched/sch_mqprio.c
+++ b/net/sched/sch_mqprio.c
@@ -176,6 +176,13 @@ static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
"Attribute type expected to be TCA_MQPRIO_MIN_RATE64");
return -EINVAL;
}
+
+ if (nla_len(attr) != sizeof(u64)) {
+ NL_SET_ERR_MSG_ATTR(extack, attr,
+ "Attribute TCA_MQPRIO_MIN_RATE64 expected to have 8 bytes length");
+ return -EINVAL;
+ }
+
if (i >= qopt->num_tc)
break;
priv->min_rate[i] = *(u64 *)nla_data(attr);
@@ -198,6 +205,13 @@ static int mqprio_parse_nlattr(struct Qdisc *sch, struct tc_mqprio_qopt *qopt,
"Attribute type expected to be TCA_MQPRIO_MAX_RATE64");
return -EINVAL;
}
+
+ if (nla_len(attr) != sizeof(u64)) {
+ NL_SET_ERR_MSG_ATTR(extack, attr,
+ "Attribute TCA_MQPRIO_MAX_RATE64 expected to have 8 bytes length");
+ return -EINVAL;
+ }
+
if (i >= qopt->num_tc)
break;
priv->max_rate[i] = *(u64 *)nla_data(attr);
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 249/323] benet: fix return value check in be_lancer_xmit_workarounds()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 248/323] net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 250/323] RDMA/mlx4: Make check for invalid flags stricter Greg Kroah-Hartman
` (77 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yuanjun Gong, Paolo Abeni,
Sasha Levin
From: Yuanjun Gong <ruc_gongyuanjun@163.com>
[ Upstream commit 5c85f7065718a949902b238a6abd8fc907c5d3e0 ]
in be_lancer_xmit_workarounds(), it should go to label 'tx_drop'
if an unexpected value is returned by pskb_trim().
Fixes: 93040ae5cc8d ("be2net: Fix to trim skb for padded vlan packets to workaround an ASIC Bug")
Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Link: https://lore.kernel.org/r/20230725032726.15002-1-ruc_gongyuanjun@163.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/emulex/benet/be_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
index 8603df2ae1736..d0d9a420f557e 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
@@ -1139,7 +1139,8 @@ static struct sk_buff *be_lancer_xmit_workarounds(struct be_adapter *adapter,
(lancer_chip(adapter) || BE3_chip(adapter) ||
skb_vlan_tag_present(skb)) && is_ipv4_pkt(skb)) {
ip = (struct iphdr *)ip_hdr(skb);
- pskb_trim(skb, eth_hdr_len + ntohs(ip->tot_len));
+ if (unlikely(pskb_trim(skb, eth_hdr_len + ntohs(ip->tot_len))))
+ goto tx_drop;
}
/* If vlan tag is already inlined in the packet, skip HW VLAN
--
2.39.2
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 250/323] RDMA/mlx4: Make check for invalid flags stricter
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 249/323] benet: fix return value check in be_lancer_xmit_workarounds() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 251/323] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() Greg Kroah-Hartman
` (76 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Leon Romanovsky,
Sasha Levin
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit d64b1ee12a168030fbb3e0aebf7bce49e9a07589 ]
This code is trying to ensure that only the flags specified in the list
are allowed. The problem is that ucmd->rx_hash_fields_mask is a u64 and
the flags are an enum which is treated as a u32 in this context. That
means the test doesn't check whether the highest 32 bits are zero.
Fixes: 4d02ebd9bbbd ("IB/mlx4: Fix RSS hash fields restrictions")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/233ed975-982d-422a-b498-410f71d8a101@moroto.mountain
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/hw/mlx4/qp.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/infiniband/hw/mlx4/qp.c b/drivers/infiniband/hw/mlx4/qp.c
index 98aa1ba48ef51..b48596e174d65 100644
--- a/drivers/infiniband/hw/mlx4/qp.c
+++ b/drivers/infiniband/hw/mlx4/qp.c
@@ -554,15 +554,15 @@ static int set_qp_rss(struct mlx4_ib_dev *dev, struct mlx4_ib_rss *rss_ctx,
return (-EOPNOTSUPP);
}
- if (ucmd->rx_hash_fields_mask & ~(MLX4_IB_RX_HASH_SRC_IPV4 |
- MLX4_IB_RX_HASH_DST_IPV4 |
- MLX4_IB_RX_HASH_SRC_IPV6 |
- MLX4_IB_RX_HASH_DST_IPV6 |
- MLX4_IB_RX_HASH_SRC_PORT_TCP |
- MLX4_IB_RX_HASH_DST_PORT_TCP |
- MLX4_IB_RX_HASH_SRC_PORT_UDP |
- MLX4_IB_RX_HASH_DST_PORT_UDP |
- MLX4_IB_RX_HASH_INNER)) {
+ if (ucmd->rx_hash_fields_mask & ~(u64)(MLX4_IB_RX_HASH_SRC_IPV4 |
+ MLX4_IB_RX_HASH_DST_IPV4 |
+ MLX4_IB_RX_HASH_SRC_IPV6 |
+ MLX4_IB_RX_HASH_DST_IPV6 |
+ MLX4_IB_RX_HASH_SRC_PORT_TCP |
+ MLX4_IB_RX_HASH_DST_PORT_TCP |
+ MLX4_IB_RX_HASH_SRC_PORT_UDP |
+ MLX4_IB_RX_HASH_DST_PORT_UDP |
+ MLX4_IB_RX_HASH_INNER)) {
pr_debug("RX Hash fields_mask has unsupported mask (0x%llx)\n",
ucmd->rx_hash_fields_mask);
return (-EOPNOTSUPP);
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 251/323] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 250/323] RDMA/mlx4: Make check for invalid flags stricter Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 252/323] ASoC: fsl_spdif: Silence output on stop Greg Kroah-Hartman
` (75 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Gaosheng Cui, Dmitry Baryshkov,
Abhinav Kumar, Akhil P Oommen, Rob Clark, Sasha Levin
From: Gaosheng Cui <cuigaosheng1@huawei.com>
[ Upstream commit 6e8a996563ecbe68e49c49abd4aaeef69f11f2dc ]
The msm_gem_get_vaddr() returns an ERR_PTR() on failure, and a null
is catastrophic here, so we should use IS_ERR_OR_NULL() to check
the return value.
Fixes: 6a8bd08d0465 ("drm/msm: add sudo flag to submit ioctl")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Reviewed-by: Akhil P Oommen <quic_akhilpo@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/547712/
Signed-off-by: Rob Clark <robdclark@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
index ba513018534e3..1bdba8cc25d3e 100644
--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
+++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c
@@ -173,7 +173,7 @@ static void a5xx_submit_in_rb(struct msm_gpu *gpu, struct msm_gem_submit *submit
* since we've already mapped it once in
* submit_reloc()
*/
- if (WARN_ON(!ptr))
+ if (WARN_ON(IS_ERR_OR_NULL(ptr)))
return;
for (i = 0; i < dwords; i++) {
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 252/323] ASoC: fsl_spdif: Silence output on stop
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 251/323] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 253/323] block: Fix a source code comment in include/uapi/linux/blkzoned.h Greg Kroah-Hartman
` (74 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matus Gajdos, Fabio Estevam,
Mark Brown, Sasha Levin
From: Matus Gajdos <matuszpd@gmail.com>
[ Upstream commit 0e4c2b6b0c4a4b4014d9424c27e5e79d185229c5 ]
Clear TX registers on stop to prevent the SPDIF interface from sending
last written word over and over again.
Fixes: a2388a498ad2 ("ASoC: fsl: Add S/PDIF CPU DAI driver")
Signed-off-by: Matus Gajdos <matuszpd@gmail.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20230719164729.19969-1-matuszpd@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/fsl/fsl_spdif.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sound/soc/fsl/fsl_spdif.c b/sound/soc/fsl/fsl_spdif.c
index 740b90df44bb5..0a1ba64ed63cf 100644
--- a/sound/soc/fsl/fsl_spdif.c
+++ b/sound/soc/fsl/fsl_spdif.c
@@ -614,6 +614,8 @@ static int fsl_spdif_trigger(struct snd_pcm_substream *substream,
case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
regmap_update_bits(regmap, REG_SPDIF_SCR, dmaen, 0);
regmap_update_bits(regmap, REG_SPDIF_SIE, intr, 0);
+ regmap_write(regmap, REG_SPDIF_STL, 0x0);
+ regmap_write(regmap, REG_SPDIF_STR, 0x0);
break;
default:
return -EINVAL;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 253/323] block: Fix a source code comment in include/uapi/linux/blkzoned.h
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 252/323] ASoC: fsl_spdif: Silence output on stop Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 254/323] dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths Greg Kroah-Hartman
` (73 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hannes Reinecke, Damien Le Moal,
Bart Van Assche, Jens Axboe, Sasha Levin
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit e0933b526fbfd937c4a8f4e35fcdd49f0e22d411 ]
Fix the symbolic names for zone conditions in the blkzoned.h header
file.
Cc: Hannes Reinecke <hare@suse.de>
Cc: Damien Le Moal <dlemoal@kernel.org>
Fixes: 6a0cb1bc106f ("block: Implement support for zoned block devices")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Link: https://lore.kernel.org/r/20230706201422.3987341-1-bvanassche@acm.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/blkzoned.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/uapi/linux/blkzoned.h b/include/uapi/linux/blkzoned.h
index ff5a5db8906a7..2f3a0cca4b78b 100644
--- a/include/uapi/linux/blkzoned.h
+++ b/include/uapi/linux/blkzoned.h
@@ -51,13 +51,13 @@ enum blk_zone_type {
*
* The Zone Condition state machine in the ZBC/ZAC standards maps the above
* deinitions as:
- * - ZC1: Empty | BLK_ZONE_EMPTY
+ * - ZC1: Empty | BLK_ZONE_COND_EMPTY
* - ZC2: Implicit Open | BLK_ZONE_COND_IMP_OPEN
* - ZC3: Explicit Open | BLK_ZONE_COND_EXP_OPEN
- * - ZC4: Closed | BLK_ZONE_CLOSED
- * - ZC5: Full | BLK_ZONE_FULL
- * - ZC6: Read Only | BLK_ZONE_READONLY
- * - ZC7: Offline | BLK_ZONE_OFFLINE
+ * - ZC4: Closed | BLK_ZONE_COND_CLOSED
+ * - ZC5: Full | BLK_ZONE_COND_FULL
+ * - ZC6: Read Only | BLK_ZONE_COND_READONLY
+ * - ZC7: Offline | BLK_ZONE_COND_OFFLINE
*
* Conditions 0x5 to 0xC are reserved by the current ZBC/ZAC spec and should
* be considered invalid.
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 254/323] dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 253/323] block: Fix a source code comment in include/uapi/linux/blkzoned.h Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 255/323] ata: pata_ns87415: mark ns87560_tf_read static Greg Kroah-Hartman
` (72 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Yu Kuai, Mike Snitzer, Sasha Levin
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit bae3028799dc4f1109acc4df37c8ff06f2d8f1a0 ]
In the error paths 'bad_stripe_cache' and 'bad_check_reshape',
'reconfig_mutex' is still held after raid_ctr() returns.
Fixes: 9dbd1aa3a81c ("dm raid: add reshaping support to the target")
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-raid.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
index 5c45100f6d53e..72aa5097b68ff 100644
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -3289,15 +3289,19 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
/* Try to adjust the raid4/5/6 stripe cache size to the stripe size */
if (rs_is_raid456(rs)) {
r = rs_set_raid456_stripe_cache(rs);
- if (r)
+ if (r) {
+ mddev_unlock(&rs->md);
goto bad_stripe_cache;
+ }
}
/* Now do an early reshape check */
if (test_bit(RT_FLAG_RESHAPE_RS, &rs->runtime_flags)) {
r = rs_check_reshape(rs);
- if (r)
+ if (r) {
+ mddev_unlock(&rs->md);
goto bad_check_reshape;
+ }
/* Restore new, ctr requested layout to perform check */
rs_config_restore(rs, &rs_layout);
@@ -3306,6 +3310,7 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv)
r = rs->md.pers->check_reshape(&rs->md);
if (r) {
ti->error = "Reshape check failed";
+ mddev_unlock(&rs->md);
goto bad_check_reshape;
}
}
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 255/323] ata: pata_ns87415: mark ns87560_tf_read static
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 254/323] dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 256/323] ring-buffer: Fix wrong stat of cpu_buffer->read Greg Kroah-Hartman
` (71 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sergey Shtylyov, Serge Semin,
Arnd Bergmann, Damien Le Moal, Sasha Levin
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 3fc2febb0f8ffae354820c1772ec008733237cfa ]
The global function triggers a warning because of the missing prototype
drivers/ata/pata_ns87415.c:263:6: warning: no previous prototype for 'ns87560_tf_read' [-Wmissing-prototypes]
263 | void ns87560_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
There are no other references to this, so just make it static.
Fixes: c4b5b7b6c4423 ("pata_ns87415: Initial cut at 87415/87560 IDE support")
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Reviewed-by: Serge Semin <fancer.lancer@gmail.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/pata_ns87415.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/ata/pata_ns87415.c b/drivers/ata/pata_ns87415.c
index 84c6b225b56e9..9ee4aefca8675 100644
--- a/drivers/ata/pata_ns87415.c
+++ b/drivers/ata/pata_ns87415.c
@@ -260,7 +260,7 @@ static u8 ns87560_check_status(struct ata_port *ap)
* LOCKING:
* Inherited from caller.
*/
-void ns87560_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
+static void ns87560_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
{
struct ata_ioports *ioaddr = &ap->ioaddr;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 256/323] ring-buffer: Fix wrong stat of cpu_buffer->read
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 255/323] ata: pata_ns87415: mark ns87560_tf_read static Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 257/323] tracing: Fix warning in trace_buffered_event_disable() Greg Kroah-Hartman
` (70 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, vnagarnaik, Zheng Yejian,
Steven Rostedt (Google), Sasha Levin
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit 2d093282b0d4357373497f65db6a05eb0c28b7c8 ]
When pages are removed in rb_remove_pages(), 'cpu_buffer->read' is set
to 0 in order to make sure any read iterators reset themselves. However,
this will mess 'entries' stating, see following steps:
# cd /sys/kernel/tracing/
# 1. Enlarge ring buffer prepare for later reducing:
# echo 20 > per_cpu/cpu0/buffer_size_kb
# 2. Write a log into ring buffer of cpu0:
# taskset -c 0 echo "hello1" > trace_marker
# 3. Read the log:
# cat per_cpu/cpu0/trace_pipe
<...>-332 [000] ..... 62.406844: tracing_mark_write: hello1
# 4. Stop reading and see the stats, now 0 entries, and 1 event readed:
# cat per_cpu/cpu0/stats
entries: 0
[...]
read events: 1
# 5. Reduce the ring buffer
# echo 7 > per_cpu/cpu0/buffer_size_kb
# 6. Now entries became unexpected 1 because actually no entries!!!
# cat per_cpu/cpu0/stats
entries: 1
[...]
read events: 0
To fix it, introduce 'page_removed' field to count total removed pages
since last reset, then use it to let read iterators reset themselves
instead of changing the 'read' pointer.
Link: https://lore.kernel.org/linux-trace-kernel/20230724054040.3489499-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Cc: <vnagarnaik@google.com>
Fixes: 83f40318dab0 ("ring-buffer: Make removal of ring buffer pages atomic")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 211a8163c9bb5..c8a7de7a1d635 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -493,6 +493,8 @@ struct ring_buffer_per_cpu {
unsigned long read_bytes;
u64 write_stamp;
u64 read_stamp;
+ /* pages removed since last reset */
+ unsigned long pages_removed;
/* ring buffer pages to update, > 0 to add, < 0 to remove */
long nr_pages_to_update;
struct list_head new_pages; /* new pages to add */
@@ -528,6 +530,7 @@ struct ring_buffer_iter {
struct buffer_page *head_page;
struct buffer_page *cache_reader_page;
unsigned long cache_read;
+ unsigned long cache_pages_removed;
u64 read_stamp;
};
@@ -1514,6 +1517,8 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
to_remove = rb_list_head(to_remove)->next;
head_bit |= (unsigned long)to_remove & RB_PAGE_HEAD;
}
+ /* Read iterators need to reset themselves when some pages removed */
+ cpu_buffer->pages_removed += nr_removed;
next_page = rb_list_head(to_remove)->next;
@@ -1535,12 +1540,6 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned long nr_pages)
cpu_buffer->head_page = list_entry(next_page,
struct buffer_page, list);
- /*
- * change read pointer to make sure any read iterators reset
- * themselves
- */
- cpu_buffer->read = 0;
-
/* pages are removed, resume tracing and then free the pages */
atomic_dec(&cpu_buffer->record_disabled);
raw_spin_unlock_irq(&cpu_buffer->reader_lock);
@@ -3582,6 +3581,7 @@ static void rb_iter_reset(struct ring_buffer_iter *iter)
iter->cache_reader_page = iter->head_page;
iter->cache_read = cpu_buffer->read;
+ iter->cache_pages_removed = cpu_buffer->pages_removed;
if (iter->head)
iter->read_stamp = cpu_buffer->read_stamp;
@@ -4022,12 +4022,13 @@ rb_iter_peek(struct ring_buffer_iter *iter, u64 *ts)
buffer = cpu_buffer->buffer;
/*
- * Check if someone performed a consuming read to
- * the buffer. A consuming read invalidates the iterator
- * and we need to reset the iterator in this case.
+ * Check if someone performed a consuming read to the buffer
+ * or removed some pages from the buffer. In these cases,
+ * iterator was invalidated and we need to reset it.
*/
if (unlikely(iter->cache_read != cpu_buffer->read ||
- iter->cache_reader_page != cpu_buffer->reader_page))
+ iter->cache_reader_page != cpu_buffer->reader_page ||
+ iter->cache_pages_removed != cpu_buffer->pages_removed))
rb_iter_reset(iter);
again:
@@ -4454,6 +4455,7 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->last_overrun = 0;
rb_head_page_activate(cpu_buffer);
+ cpu_buffer->pages_removed = 0;
}
/**
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 257/323] tracing: Fix warning in trace_buffered_event_disable()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 256/323] ring-buffer: Fix wrong stat of cpu_buffer->read Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 258/323] USB: serial: option: support Quectel EM060K_128 Greg Kroah-Hartman
` (69 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, mhiramat, Zheng Yejian,
Steven Rostedt (Google), Sasha Levin
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit dea499781a1150d285c62b26659f62fb00824fce ]
Warning happened in trace_buffered_event_disable() at
WARN_ON_ONCE(!trace_buffered_event_ref)
Call Trace:
? __warn+0xa5/0x1b0
? trace_buffered_event_disable+0x189/0x1b0
__ftrace_event_enable_disable+0x19e/0x3e0
free_probe_data+0x3b/0xa0
unregister_ftrace_function_probe_func+0x6b8/0x800
event_enable_func+0x2f0/0x3d0
ftrace_process_regex.isra.0+0x12d/0x1b0
ftrace_filter_write+0xe6/0x140
vfs_write+0x1c9/0x6f0
[...]
The cause of the warning is in __ftrace_event_enable_disable(),
trace_buffered_event_enable() was called once while
trace_buffered_event_disable() was called twice.
Reproduction script show as below, for analysis, see the comments:
```
#!/bin/bash
cd /sys/kernel/tracing/
# 1. Register a 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was set;
# 2) trace_buffered_event_enable() was called first time;
echo 'cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
# 2. Enable the event registered, then:
# 1) SOFT_DISABLED_BIT was cleared;
# 2) trace_buffered_event_disable() was called first time;
echo 1 > events/initcall/initcall_finish/enable
# 3. Try to call into cmdline_proc_show(), then SOFT_DISABLED_BIT was
# set again!!!
cat /proc/cmdline
# 4. Unregister the 'disable_event' command, then:
# 1) SOFT_DISABLED_BIT was cleared again;
# 2) trace_buffered_event_disable() was called second time!!!
echo '!cmdline_proc_show:disable_event:initcall:initcall_finish' > \
set_ftrace_filter
```
To fix it, IIUC, we can change to call trace_buffered_event_enable() at
fist time soft-mode enabled, and call trace_buffered_event_disable() at
last time soft-mode disabled.
Link: https://lore.kernel.org/linux-trace-kernel/20230726095804.920457-1-zhengyejian1@huawei.com
Cc: <mhiramat@kernel.org>
Fixes: 0fc1b09ff1ff ("tracing: Use temp buffer when filtering events")
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_events.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index d2f9146d1ad74..a3dc6c126b3ee 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -372,7 +372,6 @@ static int __ftrace_event_enable_disable(struct trace_event_file *file,
{
struct trace_event_call *call = file->event_call;
struct trace_array *tr = file->tr;
- unsigned long file_flags = file->flags;
int ret = 0;
int disable;
@@ -396,6 +395,8 @@ static int __ftrace_event_enable_disable(struct trace_event_file *file,
break;
disable = file->flags & EVENT_FILE_FL_SOFT_DISABLED;
clear_bit(EVENT_FILE_FL_SOFT_MODE_BIT, &file->flags);
+ /* Disable use of trace_buffered_event */
+ trace_buffered_event_disable();
} else
disable = !(file->flags & EVENT_FILE_FL_SOFT_MODE);
@@ -434,6 +435,8 @@ static int __ftrace_event_enable_disable(struct trace_event_file *file,
if (atomic_inc_return(&file->sm_ref) > 1)
break;
set_bit(EVENT_FILE_FL_SOFT_MODE_BIT, &file->flags);
+ /* Enable use of trace_buffered_event */
+ trace_buffered_event_enable();
}
if (!(file->flags & EVENT_FILE_FL_ENABLED)) {
@@ -473,15 +476,6 @@ static int __ftrace_event_enable_disable(struct trace_event_file *file,
break;
}
- /* Enable or disable use of trace_buffered_event */
- if ((file_flags & EVENT_FILE_FL_SOFT_DISABLED) !=
- (file->flags & EVENT_FILE_FL_SOFT_DISABLED)) {
- if (file->flags & EVENT_FILE_FL_SOFT_DISABLED)
- trace_buffered_event_enable();
- else
- trace_buffered_event_disable();
- }
-
return ret;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 258/323] USB: serial: option: support Quectel EM060K_128
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 257/323] tracing: Fix warning in trace_buffered_event_disable() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 259/323] USB: serial: option: add Quectel EC200A module support Greg Kroah-Hartman
` (68 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jerry Meng, Johan Hovold
From: Jerry Meng <jerry-meng@foxmail.com>
commit 4f7cab49cecee16120d27c1734cfdf3d6c0e5329 upstream.
EM060K_128 is EM060K's sub-model, having the same name "Quectel EM060K-GL"
MBIM + GNSS + DIAG + NMEA + AT + QDSS + DPL
T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=0128 Rev= 5.04
S: Manufacturer=Quectel
S: Product=Quectel EM060K-GL
S: SerialNumber=f6fa08b6
C:* #Ifs= 8 Cfg#= 1 Atr=a0 MxPwr=500mA
A: FirstIf#= 0 IfCount= 2 Cls=02(comm.) Sub=0e Prot=00
I:* If#= 0 Alt= 0 #EPs= 1 Cls=02(comm.) Sub=0e Prot=00 Driver=cdc_mbim
E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 0 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
I:* If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=40 Driver=option
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=70 Driver=(none)
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 7 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
E: Ad=8f(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Signed-off-by: Jerry Meng <jerry-meng@foxmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -251,6 +251,7 @@ static void option_instat_callback(struc
#define QUECTEL_PRODUCT_EM061K_LTA 0x0123
#define QUECTEL_PRODUCT_EM061K_LMS 0x0124
#define QUECTEL_PRODUCT_EC25 0x0125
+#define QUECTEL_PRODUCT_EM060K_128 0x0128
#define QUECTEL_PRODUCT_EG91 0x0191
#define QUECTEL_PRODUCT_EG95 0x0195
#define QUECTEL_PRODUCT_BG96 0x0296
@@ -1197,6 +1198,9 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0x00, 0x40) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K, 0xff, 0xff, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K_128, 0xff, 0xff, 0x30) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K_128, 0xff, 0x00, 0x40) },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM060K_128, 0xff, 0xff, 0x40) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LCN, 0xff, 0xff, 0x30) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LCN, 0xff, 0x00, 0x40) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM061K_LCN, 0xff, 0xff, 0x40) },
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 259/323] USB: serial: option: add Quectel EC200A module support
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 258/323] USB: serial: option: support Quectel EM060K_128 Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 260/323] USB: serial: simple: add Kaufmann RKS+CAN VCP Greg Kroah-Hartman
` (67 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mohsen Tahmasebi, Mostafa Ghofrani,
Johan Hovold
From: Mohsen Tahmasebi <moh53n@moh53n.ir>
commit 857ea9005806e2a458016880278f98715873e977 upstream.
Add Quectel EC200A "DIAG, AT, MODEM":
0x6005: ECM / RNDIS + DIAG + AT + MODEM
T: Bus=01 Lev=01 Prnt=02 Port=05 Cnt=01 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=2c7c ProdID=6005 Rev=03.18
S: Manufacturer=Android
S: Product=Android
S: SerialNumber=0000
C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether
E: Ad=87(I) Atr=03(Int.) MxPS= 64 Ivl=4096ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
E: Ad=0c(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=0b(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=03(Int.) MxPS= 64 Ivl=4096ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=0a(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 64 Ivl=4096ms
Signed-off-by: Mohsen Tahmasebi <moh53n@moh53n.ir>
Tested-by: Mostafa Ghofrani <mostafaghrr@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/option.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -269,6 +269,7 @@ static void option_instat_callback(struc
#define QUECTEL_PRODUCT_RM520N 0x0801
#define QUECTEL_PRODUCT_EC200U 0x0901
#define QUECTEL_PRODUCT_EC200S_CN 0x6002
+#define QUECTEL_PRODUCT_EC200A 0x6005
#define QUECTEL_PRODUCT_EM061K_LWW 0x6008
#define QUECTEL_PRODUCT_EM061K_LCN 0x6009
#define QUECTEL_PRODUCT_EC200T 0x6026
@@ -1229,6 +1230,7 @@ static const struct usb_device_id option
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_RM520N, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, 0x0900, 0xff, 0, 0), /* RM500U-CN */
.driver_info = ZLP },
+ { USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC200A, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC200U, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC200S_CN, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC200T, 0xff, 0, 0) },
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 260/323] USB: serial: simple: add Kaufmann RKS+CAN VCP
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 259/323] USB: serial: option: add Quectel EC200A module support Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 261/323] USB: serial: simple: sort driver entries Greg Kroah-Hartman
` (66 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kaufmann Automotive GmbH,
Oliver Neukum, Johan Hovold
From: Oliver Neukum <oneukum@suse.com>
commit dd92c8a1f99bcd166204ffc219ea5a23dd65d64f upstream.
Add the device and product ID for this CAN bus interface / license
dongle. The device is usable either directly from user space or can be
attached to a kernel CAN interface with slcan_attach.
Reported-by: Kaufmann Automotive GmbH <info@kaufmann-automotive.ch>
Tested-by: Kaufmann Automotive GmbH <info@kaufmann-automotive.ch>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
[ johan: amend commit message and move entries in sort order ]
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/usb-serial-simple.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/usb/serial/usb-serial-simple.c
+++ b/drivers/usb/serial/usb-serial-simple.c
@@ -63,6 +63,11 @@ DEVICE(flashloader, FLASHLOADER_IDS);
0x01) }
DEVICE(google, GOOGLE_IDS);
+/* KAUFMANN RKS+CAN VCP */
+#define KAUFMANN_IDS() \
+ { USB_DEVICE(0x16d0, 0x0870) }
+DEVICE(kaufmann, KAUFMANN_IDS);
+
/* Libtransistor USB console */
#define LIBTRANSISTOR_IDS() \
{ USB_DEVICE(0x1209, 0x8b00) }
@@ -124,6 +129,7 @@ static struct usb_serial_driver * const
&funsoft_device,
&flashloader_device,
&google_device,
+ &kaufmann_device,
&libtransistor_device,
&vivopay_device,
&moto_modem_device,
@@ -142,6 +148,7 @@ static const struct usb_device_id id_tab
FUNSOFT_IDS(),
FLASHLOADER_IDS(),
GOOGLE_IDS(),
+ KAUFMANN_IDS(),
LIBTRANSISTOR_IDS(),
VIVOPAY_IDS(),
MOTO_IDS(),
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 261/323] USB: serial: simple: sort driver entries
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 260/323] USB: serial: simple: add Kaufmann RKS+CAN VCP Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 262/323] can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED Greg Kroah-Hartman
` (65 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Johan Hovold
From: Johan Hovold <johan@kernel.org>
commit d245aedc00775c4d7265a9f4522cc4e1fd34d102 upstream.
Sort the driver symbols alphabetically in order to make it more obvious
where new driver entries should be added.
Cc: stable@vger.kernel.org
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/serial/usb-serial-simple.c | 66 ++++++++++++++++-----------------
1 file changed, 33 insertions(+), 33 deletions(-)
--- a/drivers/usb/serial/usb-serial-simple.c
+++ b/drivers/usb/serial/usb-serial-simple.c
@@ -38,16 +38,6 @@ static struct usb_serial_driver vendor##
{ USB_DEVICE(0x0a21, 0x8001) } /* MMT-7305WW */
DEVICE(carelink, CARELINK_IDS);
-/* ZIO Motherboard USB driver */
-#define ZIO_IDS() \
- { USB_DEVICE(0x1CBE, 0x0103) }
-DEVICE(zio, ZIO_IDS);
-
-/* Funsoft Serial USB driver */
-#define FUNSOFT_IDS() \
- { USB_DEVICE(0x1404, 0xcddc) }
-DEVICE(funsoft, FUNSOFT_IDS);
-
/* Infineon Flashloader driver */
#define FLASHLOADER_IDS() \
{ USB_DEVICE_INTERFACE_CLASS(0x058b, 0x0041, USB_CLASS_CDC_DATA) }, \
@@ -55,6 +45,11 @@ DEVICE(funsoft, FUNSOFT_IDS);
{ USB_DEVICE(0x8087, 0x0801) }
DEVICE(flashloader, FLASHLOADER_IDS);
+/* Funsoft Serial USB driver */
+#define FUNSOFT_IDS() \
+ { USB_DEVICE(0x1404, 0xcddc) }
+DEVICE(funsoft, FUNSOFT_IDS);
+
/* Google Serial USB SubClass */
#define GOOGLE_IDS() \
{ USB_VENDOR_AND_INTERFACE_INFO(0x18d1, \
@@ -63,6 +58,11 @@ DEVICE(flashloader, FLASHLOADER_IDS);
0x01) }
DEVICE(google, GOOGLE_IDS);
+/* HP4x (48/49) Generic Serial driver */
+#define HP4X_IDS() \
+ { USB_DEVICE(0x03f0, 0x0121) }
+DEVICE(hp4x, HP4X_IDS);
+
/* KAUFMANN RKS+CAN VCP */
#define KAUFMANN_IDS() \
{ USB_DEVICE(0x16d0, 0x0870) }
@@ -73,11 +73,6 @@ DEVICE(kaufmann, KAUFMANN_IDS);
{ USB_DEVICE(0x1209, 0x8b00) }
DEVICE(libtransistor, LIBTRANSISTOR_IDS);
-/* ViVOpay USB Serial Driver */
-#define VIVOPAY_IDS() \
- { USB_DEVICE(0x1d5f, 0x1004) } /* ViVOpay 8800 */
-DEVICE(vivopay, VIVOPAY_IDS);
-
/* Motorola USB Phone driver */
#define MOTO_IDS() \
{ USB_DEVICE(0x05c6, 0x3197) }, /* unknown Motorola phone */ \
@@ -106,10 +101,10 @@ DEVICE(nokia, NOKIA_IDS);
{ USB_DEVICE(0x09d7, 0x0100) } /* NovAtel FlexPack GPS */
DEVICE_N(novatel_gps, NOVATEL_IDS, 3);
-/* HP4x (48/49) Generic Serial driver */
-#define HP4X_IDS() \
- { USB_DEVICE(0x03f0, 0x0121) }
-DEVICE(hp4x, HP4X_IDS);
+/* Siemens USB/MPI adapter */
+#define SIEMENS_IDS() \
+ { USB_DEVICE(0x908, 0x0004) }
+DEVICE(siemens_mpi, SIEMENS_IDS);
/* Suunto ANT+ USB Driver */
#define SUUNTO_IDS() \
@@ -117,47 +112,52 @@ DEVICE(hp4x, HP4X_IDS);
{ USB_DEVICE(0x0fcf, 0x1009) } /* Dynastream ANT USB-m Stick */
DEVICE(suunto, SUUNTO_IDS);
-/* Siemens USB/MPI adapter */
-#define SIEMENS_IDS() \
- { USB_DEVICE(0x908, 0x0004) }
-DEVICE(siemens_mpi, SIEMENS_IDS);
+/* ViVOpay USB Serial Driver */
+#define VIVOPAY_IDS() \
+ { USB_DEVICE(0x1d5f, 0x1004) } /* ViVOpay 8800 */
+DEVICE(vivopay, VIVOPAY_IDS);
+
+/* ZIO Motherboard USB driver */
+#define ZIO_IDS() \
+ { USB_DEVICE(0x1CBE, 0x0103) }
+DEVICE(zio, ZIO_IDS);
/* All of the above structures mushed into two lists */
static struct usb_serial_driver * const serial_drivers[] = {
&carelink_device,
- &zio_device,
- &funsoft_device,
&flashloader_device,
+ &funsoft_device,
&google_device,
+ &hp4x_device,
&kaufmann_device,
&libtransistor_device,
- &vivopay_device,
&moto_modem_device,
&motorola_tetra_device,
&nokia_device,
&novatel_gps_device,
- &hp4x_device,
- &suunto_device,
&siemens_mpi_device,
+ &suunto_device,
+ &vivopay_device,
+ &zio_device,
NULL
};
static const struct usb_device_id id_table[] = {
CARELINK_IDS(),
- ZIO_IDS(),
- FUNSOFT_IDS(),
FLASHLOADER_IDS(),
+ FUNSOFT_IDS(),
GOOGLE_IDS(),
+ HP4X_IDS(),
KAUFMANN_IDS(),
LIBTRANSISTOR_IDS(),
- VIVOPAY_IDS(),
MOTO_IDS(),
MOTOROLA_TETRA_IDS(),
NOKIA_IDS(),
NOVATEL_IDS(),
- HP4X_IDS(),
- SUUNTO_IDS(),
SIEMENS_IDS(),
+ SUUNTO_IDS(),
+ VIVOPAY_IDS(),
+ ZIO_IDS(),
{ },
};
MODULE_DEVICE_TABLE(usb, id_table);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 262/323] can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 261/323] USB: serial: simple: sort driver entries Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 263/323] Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" Greg Kroah-Hartman
` (64 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Marc Kleine-Budde
From: Marc Kleine-Budde <mkl@pengutronix.de>
commit f8a2da6ec2417cca169fa85a8ab15817bccbb109 upstream.
After an initial link up the CAN device is in ERROR-ACTIVE mode. Due
to a missing CAN_STATE_STOPPED in gs_can_close() it doesn't change to
STOPPED after a link down:
| ip link set dev can0 up
| ip link set dev can0 down
| ip --details link show can0
| 13: can0: <NOARP,ECHO> mtu 16 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 10
| link/can promiscuity 0 allmulti 0 minmtu 0 maxmtu 0
| can state ERROR-ACTIVE restart-ms 1000
Add missing assignment of CAN_STATE_STOPPED in gs_can_close().
Cc: stable@vger.kernel.org
Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices")
Link: https://lore.kernel.org/all/20230718-gs_usb-fix-can-state-v1-1-f19738ae2c23@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/usb/gs_usb.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/can/usb/gs_usb.c
+++ b/drivers/net/can/usb/gs_usb.c
@@ -740,6 +740,8 @@ static int gs_can_close(struct net_devic
usb_kill_anchored_urbs(&dev->tx_submitted);
atomic_set(&dev->active_tx_urbs, 0);
+ dev->can.state = CAN_STATE_STOPPED;
+
/* reset the device */
rc = gs_cmd_reset(dev);
if (rc < 0)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 263/323] Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 262/323] can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 264/323] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Greg Kroah-Hartman
` (63 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mauro Ribeiro, Krzysztof Kozlowski,
Thinh Nguyen, Jakub Vanek
From: Jakub Vanek <linuxtardis@gmail.com>
commit 734ae15ab95a18d3d425fc9cb38b7a627d786f08 upstream.
This reverts commit b138e23d3dff90c0494925b4c1874227b81bddf7.
AutoRetry has been found to sometimes cause controller freezes when
communicating with buggy USB devices.
This controller feature allows the controller in host mode to send
non-terminating/burst retry ACKs instead of terminating retry ACKs
to devices when a transaction error (CRC error or overflow) occurs.
Unfortunately, if the USB device continues to respond with a CRC error,
the controller will not complete endpoint-related commands while it
keeps trying to auto-retry. [3] The xHCI driver will notice this once
it tries to abort the transfer using a Stop Endpoint command and
does not receive a completion in time. [1]
This situation is reported to dmesg:
[sda] tag#29 uas_eh_abort_handler 0 uas-tag 1 inflight: CMD IN
[sda] tag#29 CDB: opcode=0x28 28 00 00 69 42 80 00 00 48 00
xhci-hcd: xHCI host not responding to stop endpoint command
xhci-hcd: xHCI host controller not responding, assume dead
xhci-hcd: HC died; cleaning up
Some users observed this problem on an Odroid HC2 with the JMS578
USB3-to-SATA bridge. The issue can be triggered by starting
a read-heavy workload on an attached SSD. After a while, the host
controller would die and the SSD would disappear from the system. [1]
Further analysis by Synopsys determined that controller revisions
other than the one in Odroid HC2 are also affected by this.
The recommended solution was to disable AutoRetry altogether.
This change does not have a noticeable performance impact. [2]
Revert the enablement commit. This will keep the AutoRetry bit in
the default state configured during SoC design [2].
Fixes: b138e23d3dff ("usb: dwc3: core: Enable AutoRetry feature in the controller")
Link: https://lore.kernel.org/r/a21f34c04632d250cd0a78c7c6f4a1c9c7a43142.camel@gmail.com/ [1]
Link: https://lore.kernel.org/r/20230711214834.kyr6ulync32d4ktk@synopsys.com/ [2]
Link: https://lore.kernel.org/r/20230712225518.2smu7wse6djc7l5o@synopsys.com/ [3]
Cc: stable@vger.kernel.org
Cc: Mauro Ribeiro <mauro.ribeiro@hardkernel.com>
Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Suggested-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Jakub Vanek <linuxtardis@gmail.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20230714122419.27741-1-linuxtardis@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 16 ----------------
drivers/usb/dwc3/core.h | 3 ---
2 files changed, 19 deletions(-)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -993,22 +993,6 @@ static int dwc3_core_init(struct dwc3 *d
dwc3_writel(dwc->regs, DWC3_GUCTL1, reg);
}
- if (dwc->dr_mode == USB_DR_MODE_HOST ||
- dwc->dr_mode == USB_DR_MODE_OTG) {
- reg = dwc3_readl(dwc->regs, DWC3_GUCTL);
-
- /*
- * Enable Auto retry Feature to make the controller operating in
- * Host mode on seeing transaction errors(CRC errors or internal
- * overrun scenerios) on IN transfers to reply to the device
- * with a non-terminating retry ACK (i.e, an ACK transcation
- * packet with Retry=1 & Nump != 0)
- */
- reg |= DWC3_GUCTL_HSTINAUTORETRY;
-
- dwc3_writel(dwc->regs, DWC3_GUCTL, reg);
- }
-
/*
* Must config both number of packets and max burst settings to enable
* RX and/or TX threshold.
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -238,9 +238,6 @@
#define DWC3_GCTL_GBLHIBERNATIONEN BIT(1)
#define DWC3_GCTL_DSBLCLKGTNG BIT(0)
-/* Global User Control Register */
-#define DWC3_GUCTL_HSTINAUTORETRY BIT(14)
-
/* Global User Control 1 Register */
#define DWC3_GUCTL1_PARKMODE_DISABLE_SS BIT(17)
#define DWC3_GUCTL1_TX_IPGAP_LINECHECK_DIS BIT(28)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 264/323] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 263/323] Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 265/323] usb: dwc3: dont reset device side if dwc3 was configured as host-only Greg Kroah-Hartman
` (62 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Gratian Crisan,
Hans de Goede
From: Gratian Crisan <gratian.crisan@ni.com>
commit b32b8f2b9542d8039f5468303a6ca78c1b5611a5 upstream.
Hardware based on the Bay Trail / BYT SoCs require an external ULPI phy for
USB device-mode. The phy chip usually has its 'reset' and 'chip select'
lines connected to GPIOs described by ACPI fwnodes in the DSDT table.
Because of hardware with missing ACPI resources for the 'reset' and 'chip
select' GPIOs commit 5741022cbdf3 ("usb: dwc3: pci: Add GPIO lookup table
on platforms without ACPI GPIO resources") introduced a fallback
gpiod_lookup_table with hard-coded mappings for Bay Trail devices.
However there are existing Bay Trail based devices, like the National
Instruments cRIO-903x series, where the phy chip has its 'reset' and
'chip-select' lines always asserted in hardware via resistor pull-ups. On
this hardware the phy chip is always enabled and the ACPI dsdt table is
missing information not only for the 'chip-select' and 'reset' lines but
also for the BYT GPIO controller itself "INT33FC".
With the introduction of the gpiod_lookup_table initializing the USB
device-mode on these hardware now errors out. The error comes from the
gpiod_get_optional() calls in dwc3_pci_quirks() which will now return an
-ENOENT error due to the missing ACPI entry for the INT33FC gpio controller
used in the aforementioned table.
This hardware used to work before because gpiod_get_optional() will return
NULL instead of -ENOENT if no GPIO has been assigned to the requested
function. The dwc3_pci_quirks() code for setting the 'cs' and 'reset' GPIOs
was then skipped (due to the NULL return). This is the correct behavior in
cases where the phy chip is hardwired and there are no GPIOs to control.
Since the gpiod_lookup_table relies on the presence of INT33FC fwnode
in ACPI tables only add the table if we know the entry for the INT33FC
gpio controller is present. This allows Bay Trail based devices with
hardwired dwc3 ULPI phys to continue working.
Fixes: 5741022cbdf3 ("usb: dwc3: pci: Add GPIO lookup table on platforms without ACPI GPIO resources")
Cc: stable <stable@kernel.org>
Signed-off-by: Gratian Crisan <gratian.crisan@ni.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20230726184555.218091-2-gratian.crisan@ni.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-pci.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -171,10 +171,12 @@ static int dwc3_pci_quirks(struct dwc3_p
/*
* A lot of BYT devices lack ACPI resource entries for
- * the GPIOs, add a fallback mapping to the reference
+ * the GPIOs. If the ACPI entry for the GPIO controller
+ * is present add a fallback mapping to the reference
* design GPIOs which all boards seem to use.
*/
- gpiod_add_lookup_table(&platform_bytcr_gpios);
+ if (acpi_dev_present("INT33FC", NULL, -1))
+ gpiod_add_lookup_table(&platform_bytcr_gpios);
/*
* These GPIOs will turn on the USB2 PHY. Note that we have to
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 265/323] usb: dwc3: dont reset device side if dwc3 was configured as host-only
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 264/323] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 266/323] usb: ohci-at91: Fix the unhandle interrupt when resume Greg Kroah-Hartman
` (61 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Jisheng Zhang, Thinh Nguyen
From: Jisheng Zhang <jszhang@kernel.org>
commit e835c0a4e23c38531dcee5ef77e8d1cf462658c7 upstream.
Commit c4a5153e87fd ("usb: dwc3: core: Power-off core/PHYs on
system_suspend in host mode") replaces check for HOST only dr_mode with
current_dr_role. But during booting, the current_dr_role isn't
initialized, thus the device side reset is always issued even if dwc3
was configured as host-only. What's more, on some platforms with host
only dwc3, aways issuing device side reset by accessing device register
block can cause kernel panic.
Fixes: c4a5153e87fd ("usb: dwc3: core: Power-off core/PHYs on system_suspend in host mode")
Cc: stable <stable@kernel.org>
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20230627162018.739-1-jszhang@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -242,9 +242,9 @@ static int dwc3_core_soft_reset(struct d
/*
* We're resetting only the device side because, if we're in host mode,
* XHCI driver will reset the host block. If dwc3 was configured for
- * host-only mode, then we can return early.
+ * host-only mode or current role is host, then we can return early.
*/
- if (dwc->current_dr_role == DWC3_GCTL_PRTCAP_HOST)
+ if (dwc->dr_mode == USB_DR_MODE_HOST || dwc->current_dr_role == DWC3_GCTL_PRTCAP_HOST)
return 0;
reg = dwc3_readl(dwc->regs, DWC3_DCTL);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 266/323] usb: ohci-at91: Fix the unhandle interrupt when resume
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 265/323] usb: dwc3: dont reset device side if dwc3 was configured as host-only Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 267/323] USB: quirks: add quirk for Focusrite Scarlett Greg Kroah-Hartman
` (60 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Guiting Shen, stable, Alan Stern
From: Guiting Shen <aarongt.shen@gmail.com>
commit c55afcbeaa7a6f4fffdbc999a9bf3f0b29a5186f upstream.
The ohci_hcd_at91_drv_suspend() sets ohci->rh_state to OHCI_RH_HALTED when
suspend which will let the ohci_irq() skip the interrupt after resume. And
nobody to handle this interrupt.
According to the comment in ohci_hcd_at91_drv_suspend(), it need to reset
when resume from suspend(MEM) to fix by setting "hibernated" argument of
ohci_resume().
Signed-off-by: Guiting Shen <aarongt.shen@gmail.com>
Cc: stable <stable@kernel.org>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20230626152713.18950-1-aarongt.shen@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/ohci-at91.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/ohci-at91.c
+++ b/drivers/usb/host/ohci-at91.c
@@ -642,7 +642,13 @@ ohci_hcd_at91_drv_resume(struct device *
at91_start_clock(ohci_at91);
- ohci_resume(hcd, false);
+ /*
+ * According to the comment in ohci_hcd_at91_drv_suspend()
+ * we need to do a reset if the 48Mhz clock was stopped,
+ * that is, if ohci_at91->wakeup is clear. Tell ohci_resume()
+ * to reset in this case by setting its "hibernated" flag.
+ */
+ ohci_resume(hcd, !ohci_at91->wakeup);
ohci_at91_port_suspend(ohci_at91->sfr_regmap, 0);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 267/323] USB: quirks: add quirk for Focusrite Scarlett
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 266/323] usb: ohci-at91: Fix the unhandle interrupt when resume Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 268/323] usb: xhci-mtk: set the dma max_seg_size Greg Kroah-Hartman
` (59 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Łukasz Bartosik, stable
From: Łukasz Bartosik <lb@semihalf.com>
commit 9dc162e22387080e2d06de708b89920c0e158c9a upstream.
The Focusrite Scarlett audio device does not behave correctly during
resumes. Below is what happens during every resume (captured with
Beagle 5000):
<Suspend>
<Resume>
<Reset>/<Chirp J>/<Tiny J>
<Reset/Target disconnected>
<High Speed>
The Scarlett disconnects and is enumerated again.
However from time to time it drops completely off the USB bus during
resume. Below is captured occurrence of such an event:
<Suspend>
<Resume>
<Reset>/<Chirp J>/<Tiny J>
<Reset>/<Chirp K>/<Tiny K>
<High Speed>
<Corrupted packet>
<Reset/Target disconnected>
To fix the condition a user has to unplug and plug the device again.
With USB_QUIRK_RESET_RESUME applied ("usbcore.quirks=1235:8211:b")
for the Scarlett audio device the issue still reproduces.
Applying USB_QUIRK_DISCONNECT_SUSPEND ("usbcore.quirks=1235:8211:m")
fixed the issue and the Scarlett audio device didn't drop off the USB
bus for ~5000 suspend/resume cycles where originally issue reproduced in
~100 or less suspend/resume cycles.
Signed-off-by: Łukasz Bartosik <lb@semihalf.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/20230724112911.1802577-1-lb@semihalf.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/quirks.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -437,6 +437,10 @@ static const struct usb_device_id usb_qu
/* novation SoundControl XL */
{ USB_DEVICE(0x1235, 0x0061), .driver_info = USB_QUIRK_RESET_RESUME },
+ /* Focusrite Scarlett Solo USB */
+ { USB_DEVICE(0x1235, 0x8211), .driver_info =
+ USB_QUIRK_DISCONNECT_SUSPEND },
+
/* Huawei 4G LTE module */
{ USB_DEVICE(0x12d1, 0x15bb), .driver_info =
USB_QUIRK_DISCONNECT_SUSPEND },
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 268/323] usb: xhci-mtk: set the dma max_seg_size
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 267/323] USB: quirks: add quirk for Focusrite Scarlett Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 269/323] Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group Greg Kroah-Hartman
` (58 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Zubin Mithra,
Ricardo Ribalda
From: Ricardo Ribalda <ribalda@chromium.org>
commit 9fd10829a9eb482e192a845675ecc5480e0bfa10 upstream.
Allow devices to have dma operations beyond 64K, and avoid warnings such
as:
DMA-API: xhci-mtk 11200000.usb: mapping sg segment longer than device claims to support [len=98304] [max=65536]
Fixes: 0cbd4b34cda9 ("xhci: mediatek: support MTK xHCI host controller")
Cc: stable <stable@kernel.org>
Tested-by: Zubin Mithra <zsm@chromium.org>
Reported-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
Link: https://lore.kernel.org/r/20230628-mtk-usb-v2-1-c8c34eb9f229@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-mtk.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/host/xhci-mtk.c
+++ b/drivers/usb/host/xhci-mtk.c
@@ -538,6 +538,7 @@ static int xhci_mtk_probe(struct platfor
}
device_init_wakeup(dev, true);
+ dma_set_max_seg_size(dev, UINT_MAX);
xhci = hcd_to_xhci(hcd);
xhci->main_hcd = hcd;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 269/323] Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 268/323] usb: xhci-mtk: set the dma max_seg_size Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 270/323] Documentation: security-bugs.rst: clarify CVE handling Greg Kroah-Hartman
` (57 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Kees Cook
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4fee0915e649bd0cea56dece6d96f8f4643df33c upstream.
Because the linux-distros group forces reporters to release information
about reported bugs, and they impose arbitrary deadlines in having those
bugs fixed despite not actually being kernel developers, the kernel
security team recommends not interacting with them at all as this just
causes confusion and the early-release of reported security problems.
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/2023063020-throat-pantyhose-f110@gregkh
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/admin-guide/security-bugs.rst | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
--- a/Documentation/admin-guide/security-bugs.rst
+++ b/Documentation/admin-guide/security-bugs.rst
@@ -56,20 +56,18 @@ information submitted to the security li
of the report are treated confidentially even after the embargo has been
lifted, in perpetuity.
-Coordination
-------------
+Coordination with other groups
+------------------------------
-Fixes for sensitive bugs, such as those that might lead to privilege
-escalations, may need to be coordinated with the private
-<linux-distros@vs.openwall.org> mailing list so that distribution vendors
-are well prepared to issue a fixed kernel upon public disclosure of the
-upstream fix. Distros will need some time to test the proposed patch and
-will generally request at least a few days of embargo, and vendor update
-publication prefers to happen Tuesday through Thursday. When appropriate,
-the security team can assist with this coordination, or the reporter can
-include linux-distros from the start. In this case, remember to prefix
-the email Subject line with "[vs]" as described in the linux-distros wiki:
-<http://oss-security.openwall.org/wiki/mailing-lists/distros#how-to-use-the-lists>
+The kernel security team strongly recommends that reporters of potential
+security issues NEVER contact the "linux-distros" mailing list until
+AFTER discussing it with the kernel security team. Do not Cc: both
+lists at once. You may contact the linux-distros mailing list after a
+fix has been agreed on and you fully understand the requirements that
+doing so will impose on you and the kernel community.
+
+The different lists have different goals and the linux-distros rules do
+not contribute to actually fixing any potential security problems.
CVE assignment
--------------
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 270/323] Documentation: security-bugs.rst: clarify CVE handling
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 269/323] Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 271/323] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Greg Kroah-Hartman
` (56 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3c1897ae4b6bc7cc586eda2feaa2cd68325ec29c upstream.
The kernel security team does NOT assign CVEs, so document that properly
and provide the "if you want one, ask MITRE for it" response that we
give on a weekly basis in the document, so we don't have to constantly
say it to everyone who asks.
Link: https://lore.kernel.org/r/2023063022-retouch-kerosene-7e4a@gregkh
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/admin-guide/security-bugs.rst | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--- a/Documentation/admin-guide/security-bugs.rst
+++ b/Documentation/admin-guide/security-bugs.rst
@@ -72,13 +72,12 @@ not contribute to actually fixing any po
CVE assignment
--------------
-The security team does not normally assign CVEs, nor do we require them
-for reports or fixes, as this can needlessly complicate the process and
-may delay the bug handling. If a reporter wishes to have a CVE identifier
-assigned ahead of public disclosure, they will need to contact the private
-linux-distros list, described above. When such a CVE identifier is known
-before a patch is provided, it is desirable to mention it in the commit
-message if the reporter agrees.
+The security team does not assign CVEs, nor do we require them for
+reports or fixes, as this can needlessly complicate the process and may
+delay the bug handling. If a reporter wishes to have a CVE identifier
+assigned, they should find one by themselves, for example by contacting
+MITRE directly. However under no circumstances will a patch inclusion
+be delayed to wait for a CVE identifier to arrive.
Non-disclosure agreements
-------------------------
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 271/323] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 270/323] Documentation: security-bugs.rst: clarify CVE handling Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 272/323] hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled Greg Kroah-Hartman
` (55 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Zhang Shurong, Dan Carpenter
From: Zhang Shurong <zhang_shurong@foxmail.com>
commit 5f1c7031e044cb2fba82836d55cc235e2ad619dc upstream.
The "exc->key_len" is a u16 that comes from the user. If it's over
IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
Fixes: b121d84882b9 ("staging: ks7010: simplify calls to memcpy()")
Cc: stable <stable@kernel.org>
Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/tencent_5153B668C0283CAA15AA518325346E026A09@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/ks7010/ks_wlan_net.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/staging/ks7010/ks_wlan_net.c
+++ b/drivers/staging/ks7010/ks_wlan_net.c
@@ -1584,8 +1584,10 @@ static int ks_wlan_set_encode_ext(struct
commit |= SME_WEP_FLAG;
}
if (enc->key_len) {
- memcpy(&key->key_val[0], &enc->key[0], enc->key_len);
- key->key_len = enc->key_len;
+ int key_len = clamp_val(enc->key_len, 0, IW_ENCODING_TOKEN_MAX);
+
+ memcpy(&key->key_val[0], &enc->key[0], key_len);
+ key->key_len = key_len;
commit |= (SME_WEP_VAL1 << index);
}
break;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 272/323] hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 271/323] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 273/323] btrfs: check for commit error at btrfs_attach_transaction_barrier() Greg Kroah-Hartman
` (54 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gilles Buloz, Guenter Roeck
From: Gilles Buloz <Gilles.Buloz@kontron.com>
commit 54685abe660a59402344d5045ce08c43c6a5ac42 upstream.
Because of hex value 0x46 used instead of decimal 46, the temp6
(PECI1) temperature is always declared visible and then displayed
even if disabled in the chip
Signed-off-by: Gilles Buloz <gilles.buloz@kontron.com>
Link: https://lore.kernel.org/r/DU0PR10MB62526435ADBC6A85243B90E08002A@DU0PR10MB6252.EURPRD10.PROD.OUTLOOK.COM
Fixes: fcdc5739dce03 ("hwmon: (nct7802) add temperature sensor type attribute")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hwmon/nct7802.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/hwmon/nct7802.c
+++ b/drivers/hwmon/nct7802.c
@@ -698,7 +698,7 @@ static umode_t nct7802_temp_is_visible(s
if (index >= 38 && index < 46 && !(reg & 0x01)) /* PECI 0 */
return 0;
- if (index >= 0x46 && (!(reg & 0x02))) /* PECI 1 */
+ if (index >= 46 && !(reg & 0x02)) /* PECI 1 */
return 0;
return attr->mode;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 273/323] btrfs: check for commit error at btrfs_attach_transaction_barrier()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 272/323] hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 274/323] tpm_tis: Explicitly check for error code Greg Kroah-Hartman
` (53 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Filipe Manana,
David Sterba
From: Filipe Manana <fdmanana@suse.com>
commit b28ff3a7d7e97456fd86b68d24caa32e1cfa7064 upstream.
btrfs_attach_transaction_barrier() is used to get a handle pointing to the
current running transaction if the transaction has not started its commit
yet (its state is < TRANS_STATE_COMMIT_START). If the transaction commit
has started, then we wait for the transaction to commit and finish before
returning - however we completely ignore if the transaction was aborted
due to some error during its commit, we simply return ERR_PT(-ENOENT),
which makes the caller assume everything is fine and no errors happened.
This could make an fsync return success (0) to user space when in fact we
had a transaction abort and the target inode changes were therefore not
persisted.
Fix this by checking for the return value from btrfs_wait_for_commit(),
and if it returned an error, return it back to the caller.
Fixes: d4edf39bd5db ("Btrfs: fix uncompleted transaction")
CC: stable@vger.kernel.org # 4.19+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/transaction.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -703,8 +703,13 @@ btrfs_attach_transaction_barrier(struct
trans = start_transaction(root, 0, TRANS_ATTACH,
BTRFS_RESERVE_NO_FLUSH, true);
- if (trans == ERR_PTR(-ENOENT))
- btrfs_wait_for_commit(root->fs_info, 0);
+ if (trans == ERR_PTR(-ENOENT)) {
+ int ret;
+
+ ret = btrfs_wait_for_commit(root->fs_info, 0);
+ if (ret)
+ return ERR_PTR(ret);
+ }
return trans;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 274/323] tpm_tis: Explicitly check for error code
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 273/323] btrfs: check for commit error at btrfs_attach_transaction_barrier() Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 275/323] irq-bcm6345-l1: Do not assume a fixed block to cpu mapping Greg Kroah-Hartman
` (52 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Steffen, Jarkko Sakkinen
From: Alexander Steffen <Alexander.Steffen@infineon.com>
commit 513253f8c293c0c8bd46d09d337fc892bf8f9f48 upstream.
recv_data either returns the number of received bytes, or a negative value
representing an error code. Adding the return value directly to the total
number of received bytes therefore looks a little weird, since it might add
a negative error code to a sum of bytes.
The following check for size < expected usually makes the function return
ETIME in that case, so it does not cause too many problems in practice. But
to make the code look cleaner and because the caller might still be
interested in the original error code, explicitly check for the presence of
an error code and pass that through.
Cc: stable@vger.kernel.org
Fixes: cb5354253af2 ("[PATCH] tpm: spacing cleanups 2")
Signed-off-by: Alexander Steffen <Alexander.Steffen@infineon.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/tpm/tpm_tis_core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -270,6 +270,7 @@ static int tpm_tis_recv(struct tpm_chip
int size = 0;
int status;
u32 expected;
+ int rc;
if (count < TPM_HEADER_SIZE) {
size = -EIO;
@@ -289,8 +290,13 @@ static int tpm_tis_recv(struct tpm_chip
goto out;
}
- size += recv_data(chip, &buf[TPM_HEADER_SIZE],
- expected - TPM_HEADER_SIZE);
+ rc = recv_data(chip, &buf[TPM_HEADER_SIZE],
+ expected - TPM_HEADER_SIZE);
+ if (rc < 0) {
+ size = rc;
+ goto out;
+ }
+ size += rc;
if (size < expected) {
dev_err(&chip->dev, "Unable to read remainder of result\n");
size = -ETIME;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 275/323] irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 274/323] tpm_tis: Explicitly check for error code Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 276/323] serial: 8250_dw: split Synopsys DesignWare 8250 common functions Greg Kroah-Hartman
` (51 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jonas Gorski,
Philippe Mathieu-Daudé, Florian Fainelli, Marc Zyngier,
Sasha Levin
From: Jonas Gorski <jonas.gorski@gmail.com>
[ Upstream commit 55ad24857341c36616ecc1d9580af5626c226cf1 ]
The irq to block mapping is fixed, and interrupts from the first block
will always be routed to the first parent IRQ. But the parent interrupts
themselves can be routed to any available CPU.
This is used by the bootloader to map the first parent interrupt to the
boot CPU, regardless wether the boot CPU is the first one or the second
one.
When booting from the second CPU, the assumption that the first block's
IRQ is mapped to the first CPU breaks, and the system hangs because
interrupts do not get routed correctly.
Fix this by passing the appropriate bcm6434_l1_cpu to the interrupt
handler instead of the chip itself, so the handler always has the right
block.
Fixes: c7c42ec2baa1 ("irqchips/bmips: Add bcm6345-l1 interrupt controller")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20230629072620.62527-1-jonas.gorski@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-bcm6345-l1.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/drivers/irqchip/irq-bcm6345-l1.c b/drivers/irqchip/irq-bcm6345-l1.c
index 31ea6332ecb83..60dc64b4ac6d2 100644
--- a/drivers/irqchip/irq-bcm6345-l1.c
+++ b/drivers/irqchip/irq-bcm6345-l1.c
@@ -85,6 +85,7 @@ struct bcm6345_l1_chip {
};
struct bcm6345_l1_cpu {
+ struct bcm6345_l1_chip *intc;
void __iomem *map_base;
unsigned int parent_irq;
u32 enable_cache[];
@@ -118,17 +119,11 @@ static inline unsigned int cpu_for_irq(struct bcm6345_l1_chip *intc,
static void bcm6345_l1_irq_handle(struct irq_desc *desc)
{
- struct bcm6345_l1_chip *intc = irq_desc_get_handler_data(desc);
- struct bcm6345_l1_cpu *cpu;
+ struct bcm6345_l1_cpu *cpu = irq_desc_get_handler_data(desc);
+ struct bcm6345_l1_chip *intc = cpu->intc;
struct irq_chip *chip = irq_desc_get_chip(desc);
unsigned int idx;
-#ifdef CONFIG_SMP
- cpu = intc->cpus[cpu_logical_map(smp_processor_id())];
-#else
- cpu = intc->cpus[0];
-#endif
-
chained_irq_enter(chip, desc);
for (idx = 0; idx < intc->n_words; idx++) {
@@ -260,6 +255,7 @@ static int __init bcm6345_l1_init_one(struct device_node *dn,
if (!cpu)
return -ENOMEM;
+ cpu->intc = intc;
cpu->map_base = ioremap(res.start, sz);
if (!cpu->map_base)
return -ENOMEM;
@@ -275,7 +271,7 @@ static int __init bcm6345_l1_init_one(struct device_node *dn,
return -EINVAL;
}
irq_set_chained_handler_and_data(cpu->parent_irq,
- bcm6345_l1_irq_handle, intc);
+ bcm6345_l1_irq_handle, cpu);
return 0;
}
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 276/323] serial: 8250_dw: split Synopsys DesignWare 8250 common functions
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 275/323] irq-bcm6345-l1: Do not assume a fixed block to cpu mapping Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 277/323] serial: 8250_dw: Preserve original value of DLF register Greg Kroah-Hartman
` (50 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Heikki Krogerus,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit 136e0ab99b22378e3ff7d54f799a3a329316e869 ]
We would like to use same functions in the couple of drivers for
Synopsys DesignWare 8250 UART. Split them from 8250_dw into new brand
library module which users will select explicitly.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20190806094322.64987-3-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 748c5ea8b879 ("serial: 8250_dw: Preserve original value of DLF register")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_dwlib.c | 126 +++++++++++++++++++++++++++
drivers/tty/serial/8250/8250_dwlib.h | 19 ++++
drivers/tty/serial/8250/Kconfig | 3 +
drivers/tty/serial/8250/Makefile | 1 +
4 files changed, 149 insertions(+)
create mode 100644 drivers/tty/serial/8250/8250_dwlib.c
create mode 100644 drivers/tty/serial/8250/8250_dwlib.h
diff --git a/drivers/tty/serial/8250/8250_dwlib.c b/drivers/tty/serial/8250/8250_dwlib.c
new file mode 100644
index 0000000000000..6d6a78eead3ef
--- /dev/null
+++ b/drivers/tty/serial/8250/8250_dwlib.c
@@ -0,0 +1,126 @@
+// SPDX-License-Identifier: GPL-2.0+
+/* Synopsys DesignWare 8250 library. */
+
+#include <linux/bitops.h>
+#include <linux/device.h>
+#include <linux/io.h>
+#include <linux/kernel.h>
+#include <linux/serial_8250.h>
+#include <linux/serial_core.h>
+
+#include "8250_dwlib.h"
+
+/* Offsets for the DesignWare specific registers */
+#define DW_UART_DLF 0xc0 /* Divisor Latch Fraction Register */
+#define DW_UART_CPR 0xf4 /* Component Parameter Register */
+#define DW_UART_UCV 0xf8 /* UART Component Version */
+
+/* Component Parameter Register bits */
+#define DW_UART_CPR_ABP_DATA_WIDTH (3 << 0)
+#define DW_UART_CPR_AFCE_MODE (1 << 4)
+#define DW_UART_CPR_THRE_MODE (1 << 5)
+#define DW_UART_CPR_SIR_MODE (1 << 6)
+#define DW_UART_CPR_SIR_LP_MODE (1 << 7)
+#define DW_UART_CPR_ADDITIONAL_FEATURES (1 << 8)
+#define DW_UART_CPR_FIFO_ACCESS (1 << 9)
+#define DW_UART_CPR_FIFO_STAT (1 << 10)
+#define DW_UART_CPR_SHADOW (1 << 11)
+#define DW_UART_CPR_ENCODED_PARMS (1 << 12)
+#define DW_UART_CPR_DMA_EXTRA (1 << 13)
+#define DW_UART_CPR_FIFO_MODE (0xff << 16)
+
+/* Helper for FIFO size calculation */
+#define DW_UART_CPR_FIFO_SIZE(a) (((a >> 16) & 0xff) * 16)
+
+static inline u32 dw8250_readl_ext(struct uart_port *p, int offset)
+{
+ if (p->iotype == UPIO_MEM32BE)
+ return ioread32be(p->membase + offset);
+ return readl(p->membase + offset);
+}
+
+static inline void dw8250_writel_ext(struct uart_port *p, int offset, u32 reg)
+{
+ if (p->iotype == UPIO_MEM32BE)
+ iowrite32be(reg, p->membase + offset);
+ else
+ writel(reg, p->membase + offset);
+}
+
+/*
+ * divisor = div(I) + div(F)
+ * "I" means integer, "F" means fractional
+ * quot = div(I) = clk / (16 * baud)
+ * frac = div(F) * 2^dlf_size
+ *
+ * let rem = clk % (16 * baud)
+ * we have: div(F) * (16 * baud) = rem
+ * so frac = 2^dlf_size * rem / (16 * baud) = (rem << dlf_size) / (16 * baud)
+ */
+static unsigned int dw8250_get_divisor(struct uart_port *p, unsigned int baud,
+ unsigned int *frac)
+{
+ unsigned int quot, rem, base_baud = baud * 16;
+ struct dw8250_port_data *d = p->private_data;
+
+ quot = p->uartclk / base_baud;
+ rem = p->uartclk % base_baud;
+ *frac = DIV_ROUND_CLOSEST(rem << d->dlf_size, base_baud);
+
+ return quot;
+}
+
+static void dw8250_set_divisor(struct uart_port *p, unsigned int baud,
+ unsigned int quot, unsigned int quot_frac)
+{
+ dw8250_writel_ext(p, DW_UART_DLF, quot_frac);
+ serial8250_do_set_divisor(p, baud, quot, quot_frac);
+}
+
+void dw8250_setup_port(struct uart_port *p)
+{
+ struct uart_8250_port *up = up_to_u8250p(p);
+ u32 reg;
+
+ /*
+ * If the Component Version Register returns zero, we know that
+ * ADDITIONAL_FEATURES are not enabled. No need to go any further.
+ */
+ reg = dw8250_readl_ext(p, DW_UART_UCV);
+ if (!reg)
+ return;
+
+ dev_dbg(p->dev, "Designware UART version %c.%c%c\n",
+ (reg >> 24) & 0xff, (reg >> 16) & 0xff, (reg >> 8) & 0xff);
+
+ dw8250_writel_ext(p, DW_UART_DLF, ~0U);
+ reg = dw8250_readl_ext(p, DW_UART_DLF);
+ dw8250_writel_ext(p, DW_UART_DLF, 0);
+
+ if (reg) {
+ struct dw8250_port_data *d = p->private_data;
+
+ d->dlf_size = fls(reg);
+ p->get_divisor = dw8250_get_divisor;
+ p->set_divisor = dw8250_set_divisor;
+ }
+
+ reg = dw8250_readl_ext(p, DW_UART_CPR);
+ if (!reg)
+ return;
+
+ /* Select the type based on FIFO */
+ if (reg & DW_UART_CPR_FIFO_MODE) {
+ p->type = PORT_16550A;
+ p->flags |= UPF_FIXED_TYPE;
+ p->fifosize = DW_UART_CPR_FIFO_SIZE(reg);
+ up->capabilities = UART_CAP_FIFO;
+ }
+
+ if (reg & DW_UART_CPR_AFCE_MODE)
+ up->capabilities |= UART_CAP_AFE;
+
+ if (reg & DW_UART_CPR_SIR_MODE)
+ up->capabilities |= UART_CAP_IRDA;
+}
+EXPORT_SYMBOL_GPL(dw8250_setup_port);
diff --git a/drivers/tty/serial/8250/8250_dwlib.h b/drivers/tty/serial/8250/8250_dwlib.h
new file mode 100644
index 0000000000000..87a4db2a8aba6
--- /dev/null
+++ b/drivers/tty/serial/8250/8250_dwlib.h
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0+
+/* Synopsys DesignWare 8250 library header file. */
+
+#include <linux/types.h>
+
+#include "8250.h"
+
+struct dw8250_port_data {
+ /* Port properties */
+ int line;
+
+ /* DMA operations */
+ struct uart_8250_dma dma;
+
+ /* Hardware configuration */
+ u8 dlf_size;
+};
+
+void dw8250_setup_port(struct uart_port *p);
diff --git a/drivers/tty/serial/8250/Kconfig b/drivers/tty/serial/8250/Kconfig
index a9ddd76d41701..733ac320938c1 100644
--- a/drivers/tty/serial/8250/Kconfig
+++ b/drivers/tty/serial/8250/Kconfig
@@ -312,6 +312,9 @@ config SERIAL_8250_RSA
If you don't have such card, or if unsure, say N.
+config SERIAL_8250_DWLIB
+ bool
+
config SERIAL_8250_ACORN
tristate "Acorn expansion card serial port support"
depends on ARCH_ACORN && SERIAL_8250
diff --git a/drivers/tty/serial/8250/Makefile b/drivers/tty/serial/8250/Makefile
index 18751bc63a848..9b451d81588b2 100644
--- a/drivers/tty/serial/8250/Makefile
+++ b/drivers/tty/serial/8250/Makefile
@@ -8,6 +8,7 @@ obj-$(CONFIG_SERIAL_8250) += 8250.o 8250_base.o
8250-$(CONFIG_SERIAL_8250_PNP) += 8250_pnp.o
8250_base-y := 8250_port.o
8250_base-$(CONFIG_SERIAL_8250_DMA) += 8250_dma.o
+8250_base-$(CONFIG_SERIAL_8250_DWLIB) += 8250_dwlib.o
8250_base-$(CONFIG_SERIAL_8250_FINTEK) += 8250_fintek.o
obj-$(CONFIG_SERIAL_8250_GSC) += 8250_gsc.o
obj-$(CONFIG_SERIAL_8250_PCI) += 8250_pci.o
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 277/323] serial: 8250_dw: Preserve original value of DLF register
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 276/323] serial: 8250_dw: split Synopsys DesignWare 8250 common functions Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 278/323] virtio-net: fix race between set queues and probe Greg Kroah-Hartman
` (49 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Ruihong Luo,
Ilpo Järvinen, Andy Shevchenko, Sasha Levin
From: Ruihong Luo <colorsu1922@gmail.com>
[ Upstream commit 748c5ea8b8796ae8ee80b8d3a3d940570b588d59 ]
Preserve the original value of the Divisor Latch Fraction (DLF) register.
When the DLF register is modified without preservation, it can disrupt
the baudrate settings established by firmware or bootloader, leading to
data corruption and the generation of unreadable or distorted characters.
Fixes: 701c5e73b296 ("serial: 8250_dw: add fractional divisor support")
Cc: stable <stable@kernel.org>
Signed-off-by: Ruihong Luo <colorsu1922@gmail.com>
Link: https://lore.kernel.org/stable/20230713004235.35904-1-colorsu1922%40gmail.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20230713004235.35904-1-colorsu1922@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_dwlib.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_dwlib.c b/drivers/tty/serial/8250/8250_dwlib.c
index 6d6a78eead3ef..1cf229cca5928 100644
--- a/drivers/tty/serial/8250/8250_dwlib.c
+++ b/drivers/tty/serial/8250/8250_dwlib.c
@@ -80,7 +80,7 @@ static void dw8250_set_divisor(struct uart_port *p, unsigned int baud,
void dw8250_setup_port(struct uart_port *p)
{
struct uart_8250_port *up = up_to_u8250p(p);
- u32 reg;
+ u32 reg, old_dlf;
/*
* If the Component Version Register returns zero, we know that
@@ -93,9 +93,11 @@ void dw8250_setup_port(struct uart_port *p)
dev_dbg(p->dev, "Designware UART version %c.%c%c\n",
(reg >> 24) & 0xff, (reg >> 16) & 0xff, (reg >> 8) & 0xff);
+ /* Preserve value written by firmware or bootloader */
+ old_dlf = dw8250_readl_ext(p, DW_UART_DLF);
dw8250_writel_ext(p, DW_UART_DLF, ~0U);
reg = dw8250_readl_ext(p, DW_UART_DLF);
- dw8250_writel_ext(p, DW_UART_DLF, 0);
+ dw8250_writel_ext(p, DW_UART_DLF, old_dlf);
if (reg) {
struct dw8250_port_data *d = p->private_data;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 278/323] virtio-net: fix race between set queues and probe
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 277/323] serial: 8250_dw: Preserve original value of DLF register Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 279/323] s390/dasd: fix hanging device after quiesce/resume Greg Kroah-Hartman
` (48 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Wang, Michael S. Tsirkin,
Xuan Zhuo, Jakub Kicinski
From: Jason Wang <jasowang@redhat.com>
commit 25266128fe16d5632d43ada34c847d7b8daba539 upstream.
A race were found where set_channels could be called after registering
but before virtnet_set_queues() in virtnet_probe(). Fixing this by
moving the virtnet_set_queues() before netdevice registering. While at
it, use _virtnet_set_queues() to avoid holding rtnl as the device is
not even registered at that time.
Cc: stable@vger.kernel.org
Fixes: a220871be66f ("virtio-net: correctly enable multiqueue")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Link: https://lore.kernel.org/r/20230725072049.617289-1-jasowang@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/virtio_net.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -3120,6 +3120,8 @@ static int virtnet_probe(struct virtio_d
}
}
+ _virtnet_set_queues(vi, vi->curr_queue_pairs);
+
/* serialize netdev register + virtio_device_ready() with ndo_open() */
rtnl_lock();
@@ -3140,8 +3142,6 @@ static int virtnet_probe(struct virtio_d
goto free_unregister_netdev;
}
- virtnet_set_queues(vi, vi->curr_queue_pairs);
-
/* Assume link up if device can't report link status,
otherwise get link status from config. */
netif_carrier_off(dev);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 279/323] s390/dasd: fix hanging device after quiesce/resume
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 278/323] virtio-net: fix race between set queues and probe Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 280/323] ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register Greg Kroah-Hartman
` (47 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Haberland, Jan Hoeppner,
Jens Axboe
From: Stefan Haberland <sth@linux.ibm.com>
commit 05f1d8ed03f547054efbc4d29bb7991c958ede95 upstream.
Quiesce and resume are functions that tell the DASD driver to stop/resume
issuing I/Os to a specific DASD.
On resume dasd_schedule_block_bh() is called to kick handling of IO
requests again. This does unfortunately not cover internal requests which
are used for path verification for example.
This could lead to a hanging device when a path event or anything else
that triggers internal requests occurs on a quiesced device.
Fix by also calling dasd_schedule_device_bh() which triggers handling of
internal requests on resume.
Fixes: 8e09f21574ea ("[S390] dasd: add hyper PAV support to DASD device driver, part 1")
Cc: stable@vger.kernel.org
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Link: https://lore.kernel.org/r/20230721193647.3889634-2-sth@linux.ibm.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/block/dasd_ioctl.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/s390/block/dasd_ioctl.c
+++ b/drivers/s390/block/dasd_ioctl.c
@@ -137,6 +137,7 @@ static int dasd_ioctl_resume(struct dasd
spin_unlock_irqrestore(get_ccwdev_lock(base->cdev), flags);
dasd_schedule_block_bh(block);
+ dasd_schedule_device_bh(base);
return 0;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 280/323] ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 279/323] s390/dasd: fix hanging device after quiesce/resume Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 281/323] dm cache policy smq: ensure IO doesnt prevent cleaner policy progress Greg Kroah-Hartman
` (46 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Charles Keepax, Mark Brown
From: Mark Brown <broonie@kernel.org>
commit f061e2be8689057cb4ec0dbffa9f03e1a23cdcb2 upstream.
The WM8904_ADC_TEST_0 register is modified as part of updating the OSR
controls but does not have a cache default, leading to errors when we try
to modify these controls in cache only mode with no prior read:
wm8904 3-001a: ASoC: error at snd_soc_component_update_bits on wm8904.3-001a for register: [0x000000c6] -16
Add a read of the register to probe() to fill the cache and avoid both the
error messages and the misconfiguration of the chip which will result.
Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20230723-asoc-fix-wm8904-adc-test-read-v1-1-2cdf2edd83fd@kernel.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/wm8904.c | 3 +++
1 file changed, 3 insertions(+)
--- a/sound/soc/codecs/wm8904.c
+++ b/sound/soc/codecs/wm8904.c
@@ -2264,6 +2264,9 @@ static int wm8904_i2c_probe(struct i2c_c
regmap_update_bits(wm8904->regmap, WM8904_BIAS_CONTROL_0,
WM8904_POBCTRL, 0);
+ /* Fill the cache for the ADC test register */
+ regmap_read(wm8904->regmap, WM8904_ADC_TEST_0, &val);
+
/* Can leave the device powered off until we need it */
regcache_cache_only(wm8904->regmap, true);
regulator_bulk_disable(ARRAY_SIZE(wm8904->supplies), wm8904->supplies);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 281/323] dm cache policy smq: ensure IO doesnt prevent cleaner policy progress
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 280/323] ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register Greg Kroah-Hartman
@ 2023-08-09 10:41 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 282/323] drm/client: Fix memory leak in drm_client_target_cloned Greg Kroah-Hartman
` (45 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:41 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Jeffery, Joe Thornber,
Mike Snitzer
From: Joe Thornber <ejt@redhat.com>
commit 1e4ab7b4c881cf26c1c72b3f56519e03475486fb upstream.
When using the cleaner policy to decommission the cache, there is
never any writeback started from the cache as it is constantly delayed
due to normal I/O keeping the device busy. Meaning @idle=false was
always being passed to clean_target_met()
Fix this by adding a specific 'cleaner' flag that is set when the
cleaner policy is configured. This flag serves to always allow the
cleaner's writeback work to be queued until the cache is
decommissioned (even if the cache isn't idle).
Reported-by: David Jeffery <djeffery@redhat.com>
Fixes: b29d4986d0da ("dm cache: significant rework to leverage dm-bio-prison-v2")
Cc: stable@vger.kernel.org
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-cache-policy-smq.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
--- a/drivers/md/dm-cache-policy-smq.c
+++ b/drivers/md/dm-cache-policy-smq.c
@@ -854,7 +854,13 @@ struct smq_policy {
struct background_tracker *bg_work;
- bool migrations_allowed;
+ bool migrations_allowed:1;
+
+ /*
+ * If this is set the policy will try and clean the whole cache
+ * even if the device is not idle.
+ */
+ bool cleaner:1;
};
/*----------------------------------------------------------------*/
@@ -1133,7 +1139,7 @@ static bool clean_target_met(struct smq_
* Cache entries may not be populated. So we cannot rely on the
* size of the clean queue.
*/
- if (idle) {
+ if (idle || mq->cleaner) {
/*
* We'd like to clean everything.
*/
@@ -1716,11 +1722,9 @@ static void calc_hotspot_params(sector_t
*hotspot_block_size /= 2u;
}
-static struct dm_cache_policy *__smq_create(dm_cblock_t cache_size,
- sector_t origin_size,
- sector_t cache_block_size,
- bool mimic_mq,
- bool migrations_allowed)
+static struct dm_cache_policy *
+__smq_create(dm_cblock_t cache_size, sector_t origin_size, sector_t cache_block_size,
+ bool mimic_mq, bool migrations_allowed, bool cleaner)
{
unsigned i;
unsigned nr_sentinels_per_queue = 2u * NR_CACHE_LEVELS;
@@ -1807,6 +1811,7 @@ static struct dm_cache_policy *__smq_cre
goto bad_btracker;
mq->migrations_allowed = migrations_allowed;
+ mq->cleaner = cleaner;
return &mq->policy;
@@ -1830,21 +1835,24 @@ static struct dm_cache_policy *smq_creat
sector_t origin_size,
sector_t cache_block_size)
{
- return __smq_create(cache_size, origin_size, cache_block_size, false, true);
+ return __smq_create(cache_size, origin_size, cache_block_size,
+ false, true, false);
}
static struct dm_cache_policy *mq_create(dm_cblock_t cache_size,
sector_t origin_size,
sector_t cache_block_size)
{
- return __smq_create(cache_size, origin_size, cache_block_size, true, true);
+ return __smq_create(cache_size, origin_size, cache_block_size,
+ true, true, false);
}
static struct dm_cache_policy *cleaner_create(dm_cblock_t cache_size,
sector_t origin_size,
sector_t cache_block_size)
{
- return __smq_create(cache_size, origin_size, cache_block_size, false, false);
+ return __smq_create(cache_size, origin_size, cache_block_size,
+ false, false, true);
}
/*----------------------------------------------------------------*/
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 282/323] drm/client: Fix memory leak in drm_client_target_cloned
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2023-08-09 10:41 ` [PATCH 4.19 281/323] dm cache policy smq: ensure IO doesnt prevent cleaner policy progress Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 283/323] net/sched: cls_fw: Fix improper refcount update leads to use-after-free Greg Kroah-Hartman
` (44 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Yi, Jocelyn Falempe,
Javier Martinez Canillas, Thomas Zimmermann
From: Jocelyn Falempe <jfalempe@redhat.com>
commit c2a88e8bdf5f6239948d75283d0ae7e0c7945b03 upstream.
dmt_mode is allocated and never freed in this function.
It was found with the ast driver, but most drivers using generic fbdev
setup are probably affected.
This fixes the following kmemleak report:
backtrace:
[<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm]
[<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm]
[<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm]
[<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]
[<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]
[<00000000063a69aa>] drm_client_register+0x169/0x240 [drm]
[<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast]
[<00000000987f19bb>] local_pci_probe+0xdc/0x180
[<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0
[<0000000000b85301>] process_one_work+0x8b7/0x1540
[<000000003375b17c>] worker_thread+0x70a/0xed0
[<00000000b0d43cd9>] kthread+0x29f/0x340
[<000000008d770833>] ret_from_fork+0x1f/0x30
unreferenced object 0xff11000333089a00 (size 128):
cc: <stable@vger.kernel.org>
Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon")
Reported-by: Zhang Yi <yizhan@redhat.com>
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20230711092203.68157-2-jfalempe@redhat.com
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_fb_helper.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -2233,6 +2233,9 @@ static bool drm_target_cloned(struct drm
can_clone = true;
dmt_mode = drm_mode_find_dmt(fb_helper->dev, 1024, 768, 60, false);
+ if (!dmt_mode)
+ goto fail;
+
drm_fb_helper_for_each_connector(fb_helper, i) {
if (!enabled[i])
continue;
@@ -2249,11 +2252,13 @@ static bool drm_target_cloned(struct drm
if (!modes[i])
can_clone = false;
}
+ kfree(dmt_mode);
if (can_clone) {
DRM_DEBUG_KMS("can clone using 1024x768\n");
return true;
}
+fail:
DRM_INFO("kms: can't enable cloning when we probably wanted to.\n");
return false;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 283/323] net/sched: cls_fw: Fix improper refcount update leads to use-after-free
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 282/323] drm/client: Fix memory leak in drm_client_target_cloned Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 284/323] net/sched: sch_qfq: account for stab overhead in qfq_enqueue Greg Kroah-Hartman
` (43 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, M A Ramdhan, Jamal Hadi Salim,
Pedro Tammela, Jakub Kicinski, SeongJae Park
From: M A Ramdhan <ramdhan@starlabs.sg>
commit 0323bce598eea038714f941ce2b22541c46d488f upstream.
In the event of a failure in tcf_change_indev(), fw_set_parms() will
immediately return an error after incrementing or decrementing
reference counter in tcf_bind_filter(). If attacker can control
reference counter to zero and make reference freed, leading to
use after free.
In order to prevent this, move the point of possible failure above the
point where the TC_FW_CLASSID is handled.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: M A Ramdhan <ramdhan@starlabs.sg>
Signed-off-by: M A Ramdhan <ramdhan@starlabs.sg>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Message-ID: <20230705161530.52003-1-ramdhan@starlabs.sg>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: SeongJae Park <sj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_fw.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/net/sched/cls_fw.c
+++ b/net/sched/cls_fw.c
@@ -221,11 +221,6 @@ static int fw_set_parms(struct net *net,
if (err < 0)
return err;
- if (tb[TCA_FW_CLASSID]) {
- f->res.classid = nla_get_u32(tb[TCA_FW_CLASSID]);
- tcf_bind_filter(tp, &f->res, base);
- }
-
#ifdef CONFIG_NET_CLS_IND
if (tb[TCA_FW_INDEV]) {
int ret;
@@ -244,6 +239,11 @@ static int fw_set_parms(struct net *net,
} else if (head->mask != 0xFFFFFFFF)
return err;
+ if (tb[TCA_FW_CLASSID]) {
+ f->res.classid = nla_get_u32(tb[TCA_FW_CLASSID]);
+ tcf_bind_filter(tp, &f->res, base);
+ }
+
return 0;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 284/323] net/sched: sch_qfq: account for stab overhead in qfq_enqueue
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 283/323] net/sched: cls_fw: Fix improper refcount update leads to use-after-free Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 285/323] ASoC: cs42l51: fix driver to properly autoload with automatic module loading Greg Kroah-Hartman
` (42 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lion, Eric Dumazet, Jamal Hadi Salim,
Pedro Tammela, Simon Horman, Paolo Abeni, Shaoying Xu
From: Pedro Tammela <pctammela@mojatatu.com>
commit 3e337087c3b5805fe0b8a46ba622a962880b5d64 upstream.
Lion says:
-------
In the QFQ scheduler a similar issue to CVE-2023-31436
persists.
Consider the following code in net/sched/sch_qfq.c:
static int qfq_enqueue(struct sk_buff *skb, struct Qdisc *sch,
struct sk_buff **to_free)
{
unsigned int len = qdisc_pkt_len(skb), gso_segs;
// ...
if (unlikely(cl->agg->lmax < len)) {
pr_debug("qfq: increasing maxpkt from %u to %u for class %u",
cl->agg->lmax, len, cl->common.classid);
err = qfq_change_agg(sch, cl, cl->agg->class_weight, len);
if (err) {
cl->qstats.drops++;
return qdisc_drop(skb, sch, to_free);
}
// ...
}
Similarly to CVE-2023-31436, "lmax" is increased without any bounds
checks according to the packet length "len". Usually this would not
impose a problem because packet sizes are naturally limited.
This is however not the actual packet length, rather the
"qdisc_pkt_len(skb)" which might apply size transformations according to
"struct qdisc_size_table" as created by "qdisc_get_stab()" in
net/sched/sch_api.c if the TCA_STAB option was set when modifying the qdisc.
A user may choose virtually any size using such a table.
As a result the same issue as in CVE-2023-31436 can occur, allowing heap
out-of-bounds read / writes in the kmalloc-8192 cache.
-------
We can create the issue with the following commands:
tc qdisc add dev $DEV root handle 1: stab mtu 2048 tsize 512 mpu 0 \
overhead 999999999 linklayer ethernet qfq
tc class add dev $DEV parent 1: classid 1:1 htb rate 6mbit burst 15k
tc filter add dev $DEV parent 1: matchall classid 1:1
ping -I $DEV 1.1.1.2
This is caused by incorrectly assuming that qdisc_pkt_len() returns a
length within the QFQ_MIN_LMAX < len < QFQ_MAX_LMAX.
Fixes: 462dbc9101ac ("pkt_sched: QFQ Plus: fair-queueing service at DRR cost")
Reported-by: Lion <nnamrec@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Shaoying Xu <shaoyi@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/sch_qfq.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -387,8 +387,13 @@ static int qfq_change_agg(struct Qdisc *
u32 lmax)
{
struct qfq_sched *q = qdisc_priv(sch);
- struct qfq_aggregate *new_agg = qfq_find_agg(q, lmax, weight);
+ struct qfq_aggregate *new_agg;
+ /* 'lmax' can range from [QFQ_MIN_LMAX, pktlen + stab overhead] */
+ if (lmax > (1UL << QFQ_MTU_SHIFT))
+ return -EINVAL;
+
+ new_agg = qfq_find_agg(q, lmax, weight);
if (new_agg == NULL) { /* create new aggregate */
new_agg = kzalloc(sizeof(*new_agg), GFP_ATOMIC);
if (new_agg == NULL)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 285/323] ASoC: cs42l51: fix driver to properly autoload with automatic module loading
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 284/323] net/sched: sch_qfq: account for stab overhead in qfq_enqueue Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 286/323] net/sched: cls_u32: Fix reference counter leak leading to overflow Greg Kroah-Hartman
` (41 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thomas Petazzoni, Mark Brown
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
commit e51df4f81b02bcdd828a04de7c1eb6a92988b61e upstream.
In commit 2cb1e0259f50 ("ASoC: cs42l51: re-hook of_match_table
pointer"), 9 years ago, some random guy fixed the cs42l51 after it was
split into a core part and an I2C part to properly match based on a
Device Tree compatible string.
However, the fix in this commit is wrong: the MODULE_DEVICE_TABLE(of,
....) is in the core part of the driver, not the I2C part. Therefore,
automatic module loading based on module.alias, based on matching with
the DT compatible string, loads the core part of the driver, but not
the I2C part. And threfore, the i2c_driver is not registered, and the
codec is not known to the system, nor matched with a DT node with the
corresponding compatible string.
In order to fix that, we move the MODULE_DEVICE_TABLE(of, ...) into
the I2C part of the driver. The cs42l51_of_match[] array is also moved
as well, as it is not possible to have this definition in one file,
and the MODULE_DEVICE_TABLE(of, ...) invocation in another file, due
to how MODULE_DEVICE_TABLE works.
Thanks to this commit, the I2C part of the driver now properly
autoloads, and thanks to its dependency on the core part, the core
part gets autoloaded as well, resulting in a functional sound card
without having to manually load kernel modules.
Fixes: 2cb1e0259f50 ("ASoC: cs42l51: re-hook of_match_table pointer")
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Link: https://lore.kernel.org/r/20230713112112.778576-1-thomas.petazzoni@bootlin.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/cs42l51-i2c.c | 6 ++++++
sound/soc/codecs/cs42l51.c | 7 -------
sound/soc/codecs/cs42l51.h | 1 -
3 files changed, 6 insertions(+), 8 deletions(-)
--- a/sound/soc/codecs/cs42l51-i2c.c
+++ b/sound/soc/codecs/cs42l51-i2c.c
@@ -23,6 +23,12 @@ static struct i2c_device_id cs42l51_i2c_
};
MODULE_DEVICE_TABLE(i2c, cs42l51_i2c_id);
+const struct of_device_id cs42l51_of_match[] = {
+ { .compatible = "cirrus,cs42l51", },
+ { }
+};
+MODULE_DEVICE_TABLE(of, cs42l51_of_match);
+
static int cs42l51_i2c_probe(struct i2c_client *i2c,
const struct i2c_device_id *id)
{
--- a/sound/soc/codecs/cs42l51.c
+++ b/sound/soc/codecs/cs42l51.c
@@ -563,13 +563,6 @@ error:
}
EXPORT_SYMBOL_GPL(cs42l51_probe);
-const struct of_device_id cs42l51_of_match[] = {
- { .compatible = "cirrus,cs42l51", },
- { }
-};
-MODULE_DEVICE_TABLE(of, cs42l51_of_match);
-EXPORT_SYMBOL_GPL(cs42l51_of_match);
-
MODULE_AUTHOR("Arnaud Patard <arnaud.patard@rtp-net.org>");
MODULE_DESCRIPTION("Cirrus Logic CS42L51 ALSA SoC Codec Driver");
MODULE_LICENSE("GPL");
--- a/sound/soc/codecs/cs42l51.h
+++ b/sound/soc/codecs/cs42l51.h
@@ -22,7 +22,6 @@ struct device;
extern const struct regmap_config cs42l51_regmap;
int cs42l51_probe(struct device *dev, struct regmap *regmap);
-extern const struct of_device_id cs42l51_of_match[];
#define CS42L51_CHIP_ID 0x1B
#define CS42L51_CHIP_REV_A 0x00
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 286/323] net/sched: cls_u32: Fix reference counter leak leading to overflow
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 285/323] ASoC: cs42l51: fix driver to properly autoload with automatic module loading Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 287/323] perf: Fix function pointer case Greg Kroah-Hartman
` (40 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Lee Jones,
Jamal Hadi Salim, David S. Miller, Rishabh Bhatnagar
From: Lee Jones <lee@kernel.org>
commit 04c55383fa5689357bcdd2c8036725a55ed632bc upstream.
In the event of a failure in tcf_change_indev(), u32_set_parms() will
immediately return without decrementing the recently incremented
reference counter. If this happens enough times, the counter will
rollover and the reference freed, leading to a double free which can be
used to do 'bad things'.
In order to prevent this, move the point of possible failure above the
point where the reference counter is incremented. Also save any
meaningful return values to be applied to the return data at the
appropriate point in time.
This issue was caught with KASAN.
Fixes: 705c7091262d ("net: sched: cls_u32: no need to call tcf_exts_change for newly allocated struct")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Rishabh Bhatnagar <risbhat@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sched/cls_u32.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -778,11 +778,22 @@ static int u32_set_parms(struct net *net
struct netlink_ext_ack *extack)
{
int err;
+#ifdef CONFIG_NET_CLS_IND
+ int ifindex = -1;
+#endif
err = tcf_exts_validate(net, tp, tb, est, &n->exts, ovr, extack);
if (err < 0)
return err;
+#ifdef CONFIG_NET_CLS_IND
+ if (tb[TCA_U32_INDEV]) {
+ ifindex = tcf_change_indev(net, tb[TCA_U32_INDEV], extack);
+ if (ifindex < 0)
+ return -EINVAL;
+ }
+#endif
+
if (tb[TCA_U32_LINK]) {
u32 handle = nla_get_u32(tb[TCA_U32_LINK]);
struct tc_u_hnode *ht_down = NULL, *ht_old;
@@ -814,13 +825,8 @@ static int u32_set_parms(struct net *net
}
#ifdef CONFIG_NET_CLS_IND
- if (tb[TCA_U32_INDEV]) {
- int ret;
- ret = tcf_change_indev(net, tb[TCA_U32_INDEV], extack);
- if (ret < 0)
- return -EINVAL;
- n->ifindex = ret;
- }
+ if (ifindex >= 0)
+ n->ifindex = ifindex;
#endif
return 0;
}
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 287/323] perf: Fix function pointer case
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 286/323] net/sched: cls_u32: Fix reference counter leak leading to overflow Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 288/323] loop: Select I/O scheduler none from inside add_disk() Greg Kroah-Hartman
` (39 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Peter Zijlstra (Intel), Cixi Geng
From: Peter Zijlstra <peterz@infradead.org>
commit 1af6239d1d3e61d33fd2f0ba53d3d1a67cc50574 upstream.
With the advent of CFI it is no longer acceptible to cast function
pointers.
The robot complains thusly:
kernel-events-core.c:warning:cast-from-int-(-)(struct-perf_cpu_pmu_context-)-to-remote_function_f-(aka-int-(-)(void-)-)-converts-to-incompatible-function-type
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Cixi Geng <cixi.geng1@unisoc.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/events/core.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -1133,6 +1133,11 @@ static int perf_mux_hrtimer_restart(stru
return 0;
}
+static int perf_mux_hrtimer_restart_ipi(void *arg)
+{
+ return perf_mux_hrtimer_restart(arg);
+}
+
void perf_pmu_disable(struct pmu *pmu)
{
int *count = this_cpu_ptr(pmu->pmu_disable_count);
@@ -9644,8 +9649,7 @@ perf_event_mux_interval_ms_store(struct
cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu);
cpuctx->hrtimer_interval = ns_to_ktime(NSEC_PER_MSEC * timer);
- cpu_function_call(cpu,
- (remote_function_f)perf_mux_hrtimer_restart, cpuctx);
+ cpu_function_call(cpu, perf_mux_hrtimer_restart_ipi, cpuctx);
}
cpus_read_unlock();
mutex_unlock(&mux_interval_mutex);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 288/323] loop: Select I/O scheduler none from inside add_disk()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 287/323] perf: Fix function pointer case Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 289/323] word-at-a-time: use the same return type for has_zero regardless of endianness Greg Kroah-Hartman
` (38 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christoph Hellwig, Ming Lei,
Tetsuo Handa, Martijn Coenen, Jaegeuk Kim, Bart Van Assche,
Jens Axboe
From: Bart Van Assche <bvanassche@acm.org>
commit 2112f5c1330a671fa852051d85cb9eadc05d7eb7 upstream.
We noticed that the user interface of Android devices becomes very slow
under memory pressure. This is because Android uses the zram driver on top
of the loop driver for swapping, because under memory pressure the swap
code alternates reads and writes quickly, because mq-deadline is the
default scheduler for loop devices and because mq-deadline delays writes by
five seconds for such a workload with default settings. Fix this by making
the kernel select I/O scheduler 'none' from inside add_disk() for loop
devices. This default can be overridden at any time from user space,
e.g. via a udev rule. This approach has an advantage compared to changing
the I/O scheduler from userspace from 'mq-deadline' into 'none', namely
that synchronize_rcu() does not get called.
This patch changes the default I/O scheduler for loop devices from
'mq-deadline' into 'none'.
Additionally, this patch reduces the Android boot time on my test setup
with 0.5 seconds compared to configuring the loop I/O scheduler from user
space.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Martijn Coenen <maco@android.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20210805174200.3250718-3-bvanassche@acm.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/loop.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1991,7 +1991,8 @@ static int loop_add(struct loop_device *
lo->tag_set.queue_depth = 128;
lo->tag_set.numa_node = NUMA_NO_NODE;
lo->tag_set.cmd_size = sizeof(struct loop_cmd);
- lo->tag_set.flags = BLK_MQ_F_SHOULD_MERGE | BLK_MQ_F_SG_MERGE;
+ lo->tag_set.flags = BLK_MQ_F_SHOULD_MERGE | BLK_MQ_F_SG_MERGE |
+ BLK_MQ_F_NO_SCHED;
lo->tag_set.driver_data = lo;
err = blk_mq_alloc_tag_set(&lo->tag_set);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 289/323] word-at-a-time: use the same return type for has_zero regardless of endianness
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 288/323] loop: Select I/O scheduler none from inside add_disk() Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 290/323] KVM: s390: fix sthyi error handling Greg Kroah-Hartman
` (37 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nick Desaulniers, Heiko Carstens,
Arnd Bergmann, Linus Torvalds, Sasha Levin, Nathan Chancellor
From: ndesaulniers@google.com <ndesaulniers@google.com>
[ Upstream commit 79e8328e5acbe691bbde029a52c89d70dcbc22f3 ]
Compiling big-endian targets with Clang produces the diagnostic:
fs/namei.c:2173:13: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
} while (!(has_zero(a, &adata, &constants) | has_zero(b, &bdata, &constants)));
~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
||
fs/namei.c:2173:13: note: cast one or both operands to int to silence this warning
It appears that when has_zero was introduced, two definitions were
produced with different signatures (in particular different return
types).
Looking at the usage in hash_name() in fs/namei.c, I suspect that
has_zero() is meant to be invoked twice per while loop iteration; using
logical-or would not update `bdata` when `a` did not have zeros. So I
think it's preferred to always return an unsigned long rather than a
bool than update the while loop in hash_name() to use a logical-or
rather than bitwise-or.
[ Also changed powerpc version to do the same - Linus ]
Link: https://github.com/ClangBuiltLinux/linux/issues/1832
Link: https://lore.kernel.org/lkml/20230801-bitwise-v1-1-799bec468dc4@google.com/
Fixes: 36126f8f2ed8 ("word-at-a-time: make the interfaces truly generic")
Debugged-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/word-at-a-time.h | 2 +-
include/asm-generic/word-at-a-time.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/word-at-a-time.h b/arch/powerpc/include/asm/word-at-a-time.h
index f3f4710d4ff52..99129b0cd8b8a 100644
--- a/arch/powerpc/include/asm/word-at-a-time.h
+++ b/arch/powerpc/include/asm/word-at-a-time.h
@@ -34,7 +34,7 @@ static inline long find_zero(unsigned long mask)
return leading_zero_bits >> 3;
}
-static inline bool has_zero(unsigned long val, unsigned long *data, const struct word_at_a_time *c)
+static inline unsigned long has_zero(unsigned long val, unsigned long *data, const struct word_at_a_time *c)
{
unsigned long rhs = val | c->low_bits;
*data = rhs;
diff --git a/include/asm-generic/word-at-a-time.h b/include/asm-generic/word-at-a-time.h
index 20c93f08c9933..95a1d214108a5 100644
--- a/include/asm-generic/word-at-a-time.h
+++ b/include/asm-generic/word-at-a-time.h
@@ -38,7 +38,7 @@ static inline long find_zero(unsigned long mask)
return (mask >> 8) ? byte : byte + 1;
}
-static inline bool has_zero(unsigned long val, unsigned long *data, const struct word_at_a_time *c)
+static inline unsigned long has_zero(unsigned long val, unsigned long *data, const struct word_at_a_time *c)
{
unsigned long rhs = val | c->low_bits;
*data = rhs;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 290/323] KVM: s390: fix sthyi error handling
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 289/323] word-at-a-time: use the same return type for has_zero regardless of endianness Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 291/323] net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Greg Kroah-Hartman
` (36 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Borntraeger,
Heiko Carstens, Sasha Levin
From: Heiko Carstens <hca@linux.ibm.com>
[ Upstream commit 0c02cc576eac161601927b41634f80bfd55bfa9e ]
Commit 9fb6c9b3fea1 ("s390/sthyi: add cache to store hypervisor info")
added cache handling for store hypervisor info. This also changed the
possible return code for sthyi_fill().
Instead of only returning a condition code like the sthyi instruction would
do, it can now also return a negative error value (-ENOMEM). handle_styhi()
was not changed accordingly. In case of an error, the negative error value
would incorrectly injected into the guest PSW.
Add proper error handling to prevent this, and update the comment which
describes the possible return values of sthyi_fill().
Fixes: 9fb6c9b3fea1 ("s390/sthyi: add cache to store hypervisor info")
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20230727182939.2050744-1-hca@linux.ibm.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/kernel/sthyi.c | 6 +++---
arch/s390/kvm/intercept.c | 9 ++++++---
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/arch/s390/kernel/sthyi.c b/arch/s390/kernel/sthyi.c
index 888cc2f166db7..ce6084e28d904 100644
--- a/arch/s390/kernel/sthyi.c
+++ b/arch/s390/kernel/sthyi.c
@@ -460,9 +460,9 @@ static int sthyi_update_cache(u64 *rc)
*
* Fills the destination with system information returned by the STHYI
* instruction. The data is generated by emulation or execution of STHYI,
- * if available. The return value is the condition code that would be
- * returned, the rc parameter is the return code which is passed in
- * register R2 + 1.
+ * if available. The return value is either a negative error value or
+ * the condition code that would be returned, the rc parameter is the
+ * return code which is passed in register R2 + 1.
*/
int sthyi_fill(void *dst, u64 *rc)
{
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index a389fa85cca2d..5450d43d26ea5 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -360,8 +360,8 @@ static int handle_partial_execution(struct kvm_vcpu *vcpu)
*/
int handle_sthyi(struct kvm_vcpu *vcpu)
{
- int reg1, reg2, r = 0;
- u64 code, addr, cc = 0, rc = 0;
+ int reg1, reg2, cc = 0, r = 0;
+ u64 code, addr, rc = 0;
struct sthyi_sctns *sctns = NULL;
if (!test_kvm_facility(vcpu->kvm, 74))
@@ -392,7 +392,10 @@ int handle_sthyi(struct kvm_vcpu *vcpu)
return -ENOMEM;
cc = sthyi_fill(sctns, &rc);
-
+ if (cc < 0) {
+ free_page((unsigned long)sctns);
+ return cc;
+ }
out:
if (!cc) {
r = write_guest(vcpu, addr, reg2, sctns, PAGE_SIZE);
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 291/323] net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 290/323] KVM: s390: fix sthyi error handling Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 292/323] perf test uprobe_from_different_cu: Skip if there is no gcc Greg Kroah-Hartman
` (35 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yuanjun Gong, Leon Romanovsky,
Saeed Mahameed, Sasha Levin
From: Yuanjun Gong <ruc_gongyuanjun@163.com>
[ Upstream commit e5bcb7564d3bd0c88613c76963c5349be9c511c5 ]
mlx5e_ipsec_remove_trailer() should return an error code if function
pskb_trim() returns an unexpected value.
Fixes: 2ac9cfe78223 ("net/mlx5e: IPSec, Add Innova IPSec offload TX data path")
Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c
index 128a82b1dbfc6..ad9db70eb879e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c
@@ -121,7 +121,9 @@ static int mlx5e_ipsec_remove_trailer(struct sk_buff *skb, struct xfrm_state *x)
trailer_len = alen + plen + 2;
- pskb_trim(skb, skb->len - trailer_len);
+ ret = pskb_trim(skb, skb->len - trailer_len);
+ if (unlikely(ret))
+ return ret;
if (skb->protocol == htons(ETH_P_IP)) {
ipv4hdr->tot_len = htons(ntohs(ipv4hdr->tot_len) - trailer_len);
ip_send_check(ipv4hdr);
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 292/323] perf test uprobe_from_different_cu: Skip if there is no gcc
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 291/323] net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 293/323] net: sched: cls_u32: Fix match key mis-addressing Greg Kroah-Hartman
` (34 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Georg Müller, Ian Rogers,
Adrian Hunter, Alexander Shishkin, Ingo Molnar, Jiri Olsa,
Mark Rutland, Masami Hiramatsu, Namhyung Kim, Peter Zijlstra,
Arnaldo Carvalho de Melo, Sasha Levin
From: Georg Müller <georgmueller@gmx.net>
[ Upstream commit 98ce8e4a9dcfb448b30a2d7a16190f4a00382377 ]
Without gcc, the test will fail.
On cleanup, ignore probe removal errors. Otherwise, in case of an error
adding the probe, the temporary directory is not removed.
Fixes: 56cbeacf14353057 ("perf probe: Add test for regression introduced by switch to die_get_decl_file()")
Signed-off-by: Georg Müller <georgmueller@gmx.net>
Acked-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Georg Müller <georgmueller@gmx.net>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20230728151812.454806-2-georgmueller@gmx.net
Link: https://lore.kernel.org/r/CAP-5=fUP6UuLgRty3t2=fQsQi3k4hDMz415vWdp1x88QMvZ8ug@mail.gmail.com/
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/perf/tests/shell/test_uprobe_from_different_cu.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/perf/tests/shell/test_uprobe_from_different_cu.sh b/tools/perf/tests/shell/test_uprobe_from_different_cu.sh
index 00d2e0e2e0c28..319f36ebb9a40 100644
--- a/tools/perf/tests/shell/test_uprobe_from_different_cu.sh
+++ b/tools/perf/tests/shell/test_uprobe_from_different_cu.sh
@@ -4,6 +4,12 @@
set -e
+# skip if there's no gcc
+if ! [ -x "$(command -v gcc)" ]; then
+ echo "failed: no gcc compiler"
+ exit 2
+fi
+
temp_dir=$(mktemp -d /tmp/perf-uprobe-different-cu-sh.XXXXXXXXXX)
cleanup()
@@ -11,7 +17,7 @@ cleanup()
trap - EXIT TERM INT
if [[ "${temp_dir}" =~ ^/tmp/perf-uprobe-different-cu-sh.*$ ]]; then
echo "--- Cleaning up ---"
- perf probe -x ${temp_dir}/testfile -d foo
+ perf probe -x ${temp_dir}/testfile -d foo || true
rm -f "${temp_dir}/"*
rmdir "${temp_dir}"
fi
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 293/323] net: sched: cls_u32: Fix match key mis-addressing
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 292/323] perf test uprobe_from_different_cu: Skip if there is no gcc Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 294/323] net: add missing data-race annotations around sk->sk_peek_off Greg Kroah-Hartman
` (33 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mingi Cho, Jamal Hadi Salim,
Jakub Kicinski, Sasha Levin
From: Jamal Hadi Salim <jhs@mojatatu.com>
[ Upstream commit e68409db995380d1badacba41ff24996bd396171 ]
A match entry is uniquely identified with an "address" or "path" in the
form of: hashtable ID(12b):bucketid(8b):nodeid(12b).
When creating table match entries all of hash table id, bucket id and
node (match entry id) are needed to be either specified by the user or
reasonable in-kernel defaults are used. The in-kernel default for a table id is
0x800(omnipresent root table); for bucketid it is 0x0. Prior to this fix there
was none for a nodeid i.e. the code assumed that the user passed the correct
nodeid and if the user passes a nodeid of 0 (as Mingi Cho did) then that is what
was used. But nodeid of 0 is reserved for identifying the table. This is not
a problem until we dump. The dump code notices that the nodeid is zero and
assumes it is referencing a table and therefore references table struct
tc_u_hnode instead of what was created i.e match entry struct tc_u_knode.
Ming does an equivalent of:
tc filter add dev dummy0 parent 10: prio 1 handle 0x1000 \
protocol ip u32 match ip src 10.0.0.1/32 classid 10:1 action ok
Essentially specifying a table id 0, bucketid 1 and nodeid of zero
Tableid 0 is remapped to the default of 0x800.
Bucketid 1 is ignored and defaults to 0x00.
Nodeid was assumed to be what Ming passed - 0x000
dumping before fix shows:
~$ tc filter ls dev dummy0 parent 10:
filter protocol ip pref 1 u32 chain 0
filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor -30591
Note that the last line reports a table instead of a match entry
(you can tell this because it says "ht divisor...").
As a result of reporting the wrong data type (misinterpretting of struct
tc_u_knode as being struct tc_u_hnode) the divisor is reported with value
of -30591. Ming identified this as part of the heap address
(physmap_base is 0xffff8880 (-30591 - 1)).
The fix is to ensure that when table entry matches are added and no
nodeid is specified (i.e nodeid == 0) then we get the next available
nodeid from the table's pool.
After the fix, this is what the dump shows:
$ tc filter ls dev dummy0 parent 10:
filter protocol ip pref 1 u32 chain 0
filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
filter protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 10:1 not_in_hw
match 0a000001/ffffffff at 12
action order 1: gact action pass
random type none pass val 0
index 1 ref 1 bind 1
Reported-by: Mingi Cho <mgcho.minic@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20230726135151.416917-1-jhs@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_u32.c | 56 ++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 50 insertions(+), 6 deletions(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index ee8ef606a8e99..5e052c7342b9f 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -1067,18 +1067,62 @@ static int u32_change(struct net *net, struct sk_buff *in_skb,
return -EINVAL;
}
+ /* At this point, we need to derive the new handle that will be used to
+ * uniquely map the identity of this table match entry. The
+ * identity of the entry that we need to construct is 32 bits made of:
+ * htid(12b):bucketid(8b):node/entryid(12b)
+ *
+ * At this point _we have the table(ht)_ in which we will insert this
+ * entry. We carry the table's id in variable "htid".
+ * Note that earlier code picked the ht selection either by a) the user
+ * providing the htid specified via TCA_U32_HASH attribute or b) when
+ * no such attribute is passed then the root ht, is default to at ID
+ * 0x[800][00][000]. Rule: the root table has a single bucket with ID 0.
+ * If OTOH the user passed us the htid, they may also pass a bucketid of
+ * choice. 0 is fine. For example a user htid is 0x[600][01][000] it is
+ * indicating hash bucketid of 1. Rule: the entry/node ID _cannot_ be
+ * passed via the htid, so even if it was non-zero it will be ignored.
+ *
+ * We may also have a handle, if the user passed one. The handle also
+ * carries the same addressing of htid(12b):bucketid(8b):node/entryid(12b).
+ * Rule: the bucketid on the handle is ignored even if one was passed;
+ * rather the value on "htid" is always assumed to be the bucketid.
+ */
if (handle) {
+ /* Rule: The htid from handle and tableid from htid must match */
if (TC_U32_HTID(handle) && TC_U32_HTID(handle ^ htid)) {
NL_SET_ERR_MSG_MOD(extack, "Handle specified hash table address mismatch");
return -EINVAL;
}
- handle = htid | TC_U32_NODE(handle);
- err = idr_alloc_u32(&ht->handle_idr, NULL, &handle, handle,
- GFP_KERNEL);
- if (err)
- return err;
- } else
+ /* Ok, so far we have a valid htid(12b):bucketid(8b) but we
+ * need to finalize the table entry identification with the last
+ * part - the node/entryid(12b)). Rule: Nodeid _cannot be 0_ for
+ * entries. Rule: nodeid of 0 is reserved only for tables(see
+ * earlier code which processes TC_U32_DIVISOR attribute).
+ * Rule: The nodeid can only be derived from the handle (and not
+ * htid).
+ * Rule: if the handle specified zero for the node id example
+ * 0x60000000, then pick a new nodeid from the pool of IDs
+ * this hash table has been allocating from.
+ * If OTOH it is specified (i.e for example the user passed a
+ * handle such as 0x60000123), then we use it generate our final
+ * handle which is used to uniquely identify the match entry.
+ */
+ if (!TC_U32_NODE(handle)) {
+ handle = gen_new_kid(ht, htid);
+ } else {
+ handle = htid | TC_U32_NODE(handle);
+ err = idr_alloc_u32(&ht->handle_idr, NULL, &handle,
+ handle, GFP_KERNEL);
+ if (err)
+ return err;
+ }
+ } else {
+ /* The user did not give us a handle; lets just generate one
+ * from the table's pool of nodeids.
+ */
handle = gen_new_kid(ht, htid);
+ }
if (tb[TCA_U32_SEL] == NULL) {
NL_SET_ERR_MSG_MOD(extack, "Selector not specified");
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 294/323] net: add missing data-race annotations around sk->sk_peek_off
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 293/323] net: sched: cls_u32: Fix match key mis-addressing Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 295/323] net: add missing data-race annotation for sk_ll_usec Greg Kroah-Hartman
` (32 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Willem de Bruijn,
David S. Miller, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 11695c6e966b0ec7ed1d16777d294cef865a5c91 ]
sk_getsockopt() runs locklessly, thus we need to annotate the read
of sk->sk_peek_off.
While we are at it, add corresponding annotations to sk_set_peek_off()
and unix_set_peek_off().
Fixes: b9bb53f3836f ("sock: convert sk_peek_offset functions to WRITE_ONCE")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock.c | 4 ++--
net/unix/af_unix.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index 5b31f3446fc7a..f112862fe0682 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1319,7 +1319,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (!sock->ops->set_peek_off)
return -EOPNOTSUPP;
- v.val = sk->sk_peek_off;
+ v.val = READ_ONCE(sk->sk_peek_off);
break;
case SO_NOFCS:
v.val = sock_flag(sk, SOCK_NOFCS);
@@ -2559,7 +2559,7 @@ EXPORT_SYMBOL(__sk_mem_reclaim);
int sk_set_peek_off(struct sock *sk, int val)
{
- sk->sk_peek_off = val;
+ WRITE_ONCE(sk->sk_peek_off, val);
return 0;
}
EXPORT_SYMBOL_GPL(sk_set_peek_off);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index b0dcbb08e60db..8971341c4f8af 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -706,7 +706,7 @@ static int unix_set_peek_off(struct sock *sk, int val)
if (mutex_lock_interruptible(&u->iolock))
return -EINTR;
- sk->sk_peek_off = val;
+ WRITE_ONCE(sk->sk_peek_off, val);
mutex_unlock(&u->iolock);
return 0;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 295/323] net: add missing data-race annotation for sk_ll_usec
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 294/323] net: add missing data-race annotations around sk->sk_peek_off Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 296/323] net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Greg Kroah-Hartman
` (31 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David S. Miller,
Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit e5f0d2dd3c2faa671711dac6d3ff3cef307bcfe3 ]
In a prior commit I forgot that sk_getsockopt() reads
sk->sk_ll_usec without holding a lock.
Fixes: 0dbffbb5335a ("net: annotate data race around sk_ll_usec")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/sock.c b/net/core/sock.c
index f112862fe0682..3e6da3694a5a5 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1349,7 +1349,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
#ifdef CONFIG_NET_RX_BUSY_POLL
case SO_BUSY_POLL:
- v.val = sk->sk_ll_usec;
+ v.val = READ_ONCE(sk->sk_ll_usec);
break;
#endif
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 296/323] net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 295/323] net: add missing data-race annotation for sk_ll_usec Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 297/323] net/sched: cls_route: " Greg Kroah-Hartman
` (30 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, valis, M A Ramdhan, Jamal Hadi Salim,
Victor Nogueira, Pedro Tammela, Jakub Kicinski, Sasha Levin
From: valis <sec@valis.email>
[ Upstream commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 ]
When u32_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class,
as tcf_unbind_filter() is always called on the old instance in the
success path, decreasing filter_cnt of the still referenced class
and allowing it to be deleted, leading to a use-after-free.
Fix this by no longer copying the tcf_result struct from the old filter.
Fixes: de5df63228fc ("net: sched: cls_u32 changes to knode must appear atomic to readers")
Reported-by: valis <sec@valis.email>
Reported-by: M A Ramdhan <ramdhan@starlabs.sg>
Signed-off-by: valis <sec@valis.email>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Reviewed-by: M A Ramdhan <ramdhan@starlabs.sg>
Link: https://lore.kernel.org/r/20230729123202.72406-2-jhs@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_u32.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 5e052c7342b9f..1e71ff093c91d 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -879,7 +879,6 @@ static struct tc_u_knode *u32_init_knode(struct tcf_proto *tp,
new->ifindex = n->ifindex;
#endif
new->fshift = n->fshift;
- new->res = n->res;
new->flags = n->flags;
RCU_INIT_POINTER(new->ht_down, ht);
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 297/323] net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 296/323] net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 298/323] ip6mr: Fix skb_under_panic in ip6mr_cache_report() Greg Kroah-Hartman
` (29 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, valis, Bing-Jhong Billy Jheng,
Jamal Hadi Salim, Victor Nogueira, Pedro Tammela, M A Ramdhan,
Jakub Kicinski, Sasha Levin
From: valis <sec@valis.email>
[ Upstream commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 ]
When route4_change() is called on an existing filter, the whole
tcf_result struct is always copied into the new instance of the filter.
This causes a problem when updating a filter bound to a class,
as tcf_unbind_filter() is always called on the old instance in the
success path, decreasing filter_cnt of the still referenced class
and allowing it to be deleted, leading to a use-after-free.
Fix this by no longer copying the tcf_result struct from the old filter.
Fixes: 1109c00547fc ("net: sched: RCU cls_route")
Reported-by: valis <sec@valis.email>
Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Signed-off-by: valis <sec@valis.email>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Reviewed-by: M A Ramdhan <ramdhan@starlabs.sg>
Link: https://lore.kernel.org/r/20230729123202.72406-4-jhs@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/cls_route.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/sched/cls_route.c b/net/sched/cls_route.c
index 4c7fa1cfd8e38..a924292623ecf 100644
--- a/net/sched/cls_route.c
+++ b/net/sched/cls_route.c
@@ -513,7 +513,6 @@ static int route4_change(struct net *net, struct sk_buff *in_skb,
if (fold) {
f->id = fold->id;
f->iif = fold->iif;
- f->res = fold->res;
f->handle = fold->handle;
f->tp = fold->tp;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 298/323] ip6mr: Fix skb_under_panic in ip6mr_cache_report()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 297/323] net/sched: cls_route: " Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 299/323] tcp_metrics: fix addr_same() helper Greg Kroah-Hartman
` (28 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yue Haibing, Eric Dumazet,
David S. Miller, Sasha Levin
From: Yue Haibing <yuehaibing@huawei.com>
[ Upstream commit 30e0191b16e8a58e4620fa3e2839ddc7b9d4281c ]
skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4
head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:192!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:skb_panic+0x152/0x1d0
Call Trace:
<TASK>
skb_push+0xc4/0xe0
ip6mr_cache_report+0xd69/0x19b0
reg_vif_xmit+0x406/0x690
dev_hard_start_xmit+0x17e/0x6e0
__dev_queue_xmit+0x2d6a/0x3d20
vlan_dev_hard_start_xmit+0x3ab/0x5c0
dev_hard_start_xmit+0x17e/0x6e0
__dev_queue_xmit+0x2d6a/0x3d20
neigh_connected_output+0x3ed/0x570
ip6_finish_output2+0x5b5/0x1950
ip6_finish_output+0x693/0x11c0
ip6_output+0x24b/0x880
NF_HOOK.constprop.0+0xfd/0x530
ndisc_send_skb+0x9db/0x1400
ndisc_send_rs+0x12a/0x6c0
addrconf_dad_completed+0x3c9/0xea0
addrconf_dad_work+0x849/0x1420
process_one_work+0xa22/0x16e0
worker_thread+0x679/0x10c0
ret_from_fork+0x28/0x60
ret_from_fork_asm+0x11/0x20
When setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().
reg_vif_xmit()
ip6mr_cache_report()
skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4
And skb_push declared as:
void *skb_push(struct sk_buff *skb, unsigned int len);
skb->data -= len;
//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850
skb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.
Fixes: 14fb64e1f449 ("[IPV6] MROUTE: Support PIM-SM (SSM).")
Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ip6mr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index e9eb917342b85..329bad6cbb768 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1064,7 +1064,7 @@ static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
And all this only to mangle msg->im6_msgtype and
to set msg->im6_mbz to "mbz" :-)
*/
- skb_push(skb, -skb_network_offset(pkt));
+ __skb_pull(skb, skb_network_offset(pkt));
skb_push(skb, sizeof(*msg));
skb_reset_transport_header(skb);
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 299/323] tcp_metrics: fix addr_same() helper
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 298/323] ip6mr: Fix skb_under_panic in ip6mr_cache_report() Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 300/323] tcp_metrics: annotate data-races around tm->tcpm_stamp Greg Kroah-Hartman
` (27 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit e6638094d7af6c7b9dcca05ad009e79e31b4f670 ]
Because v4 and v6 families use separate inetpeer trees (respectively
net->ipv4.peers and net->ipv6.peers), inetpeer_addr_cmp(a, b) assumes
a & b share the same family.
tcp_metrics use a common hash table, where entries can have different
families.
We must therefore make sure to not call inetpeer_addr_cmp()
if the families do not match.
Fixes: d39d14ffa24c ("net: Add helper function to compare inetpeer addresses")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230802131500.1478140-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_metrics.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 4960e2b6bd7f7..c3e133c0510ea 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -78,7 +78,7 @@ static void tcp_metric_set(struct tcp_metrics_block *tm,
static bool addr_same(const struct inetpeer_addr *a,
const struct inetpeer_addr *b)
{
- return inetpeer_addr_cmp(a, b) == 0;
+ return (a->family == b->family) && !inetpeer_addr_cmp(a, b);
}
struct tcpm_hash_bucket {
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 300/323] tcp_metrics: annotate data-races around tm->tcpm_stamp
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 299/323] tcp_metrics: fix addr_same() helper Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 301/323] tcp_metrics: annotate data-races around tm->tcpm_lock Greg Kroah-Hartman
` (26 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 949ad62a5d5311d36fce2e14fe5fed3f936da51c ]
tm->tcpm_stamp can be read or written locklessly.
Add needed READ_ONCE()/WRITE_ONCE() to document this.
Also constify tcpm_check_stamp() dst argument.
Fixes: 51c5d0c4b169 ("tcp: Maintain dynamic metrics in local cache.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230802131500.1478140-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_metrics.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index c3e133c0510ea..2d9d95559f5fa 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -97,7 +97,7 @@ static void tcpm_suck_dst(struct tcp_metrics_block *tm,
u32 msval;
u32 val;
- tm->tcpm_stamp = jiffies;
+ WRITE_ONCE(tm->tcpm_stamp, jiffies);
val = 0;
if (dst_metric_locked(dst, RTAX_RTT))
@@ -131,9 +131,15 @@ static void tcpm_suck_dst(struct tcp_metrics_block *tm,
#define TCP_METRICS_TIMEOUT (60 * 60 * HZ)
-static void tcpm_check_stamp(struct tcp_metrics_block *tm, struct dst_entry *dst)
+static void tcpm_check_stamp(struct tcp_metrics_block *tm,
+ const struct dst_entry *dst)
{
- if (tm && unlikely(time_after(jiffies, tm->tcpm_stamp + TCP_METRICS_TIMEOUT)))
+ unsigned long limit;
+
+ if (!tm)
+ return;
+ limit = READ_ONCE(tm->tcpm_stamp) + TCP_METRICS_TIMEOUT;
+ if (unlikely(time_after(jiffies, limit)))
tcpm_suck_dst(tm, dst, false);
}
@@ -174,7 +180,8 @@ static struct tcp_metrics_block *tcpm_new(struct dst_entry *dst,
oldest = deref_locked(tcp_metrics_hash[hash].chain);
for (tm = deref_locked(oldest->tcpm_next); tm;
tm = deref_locked(tm->tcpm_next)) {
- if (time_before(tm->tcpm_stamp, oldest->tcpm_stamp))
+ if (time_before(READ_ONCE(tm->tcpm_stamp),
+ READ_ONCE(oldest->tcpm_stamp)))
oldest = tm;
}
tm = oldest;
@@ -431,7 +438,7 @@ void tcp_update_metrics(struct sock *sk)
tp->reordering);
}
}
- tm->tcpm_stamp = jiffies;
+ WRITE_ONCE(tm->tcpm_stamp, jiffies);
out_unlock:
rcu_read_unlock();
}
@@ -652,7 +659,7 @@ static int tcp_metrics_fill_info(struct sk_buff *msg,
}
if (nla_put_msecs(msg, TCP_METRICS_ATTR_AGE,
- jiffies - tm->tcpm_stamp,
+ jiffies - READ_ONCE(tm->tcpm_stamp),
TCP_METRICS_ATTR_PAD) < 0)
goto nla_put_failure;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 301/323] tcp_metrics: annotate data-races around tm->tcpm_lock
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 300/323] tcp_metrics: annotate data-races around tm->tcpm_stamp Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 302/323] tcp_metrics: annotate data-races around tm->tcpm_vals[] Greg Kroah-Hartman
` (25 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 285ce119a3c6c4502585936650143e54c8692788 ]
tm->tcpm_lock can be read or written locklessly.
Add needed READ_ONCE()/WRITE_ONCE() to document this.
Fixes: 51c5d0c4b169 ("tcp: Maintain dynamic metrics in local cache.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230802131500.1478140-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_metrics.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 2d9d95559f5fa..2529b1e6ded0c 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -59,7 +59,8 @@ static inline struct net *tm_net(struct tcp_metrics_block *tm)
static bool tcp_metric_locked(struct tcp_metrics_block *tm,
enum tcp_metric_index idx)
{
- return tm->tcpm_lock & (1 << idx);
+ /* Paired with WRITE_ONCE() in tcpm_suck_dst() */
+ return READ_ONCE(tm->tcpm_lock) & (1 << idx);
}
static u32 tcp_metric_get(struct tcp_metrics_block *tm,
@@ -110,7 +111,8 @@ static void tcpm_suck_dst(struct tcp_metrics_block *tm,
val |= 1 << TCP_METRIC_CWND;
if (dst_metric_locked(dst, RTAX_REORDERING))
val |= 1 << TCP_METRIC_REORDERING;
- tm->tcpm_lock = val;
+ /* Paired with READ_ONCE() in tcp_metric_locked() */
+ WRITE_ONCE(tm->tcpm_lock, val);
msval = dst_metric_raw(dst, RTAX_RTT);
tm->tcpm_vals[TCP_METRIC_RTT] = msval * USEC_PER_MSEC;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 302/323] tcp_metrics: annotate data-races around tm->tcpm_vals[]
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 301/323] tcp_metrics: annotate data-races around tm->tcpm_lock Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 303/323] tcp_metrics: annotate data-races around tm->tcpm_net Greg Kroah-Hartman
` (24 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 8c4d04f6b443869d25e59822f7cec88d647028a9 ]
tm->tcpm_vals[] values can be read or written locklessly.
Add needed READ_ONCE()/WRITE_ONCE() to document this,
and force use of tcp_metric_get() and tcp_metric_set()
Fixes: 51c5d0c4b169 ("tcp: Maintain dynamic metrics in local cache.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_metrics.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index 2529b1e6ded0c..fa99481abce8f 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -63,17 +63,19 @@ static bool tcp_metric_locked(struct tcp_metrics_block *tm,
return READ_ONCE(tm->tcpm_lock) & (1 << idx);
}
-static u32 tcp_metric_get(struct tcp_metrics_block *tm,
+static u32 tcp_metric_get(const struct tcp_metrics_block *tm,
enum tcp_metric_index idx)
{
- return tm->tcpm_vals[idx];
+ /* Paired with WRITE_ONCE() in tcp_metric_set() */
+ return READ_ONCE(tm->tcpm_vals[idx]);
}
static void tcp_metric_set(struct tcp_metrics_block *tm,
enum tcp_metric_index idx,
u32 val)
{
- tm->tcpm_vals[idx] = val;
+ /* Paired with READ_ONCE() in tcp_metric_get() */
+ WRITE_ONCE(tm->tcpm_vals[idx], val);
}
static bool addr_same(const struct inetpeer_addr *a,
@@ -115,13 +117,16 @@ static void tcpm_suck_dst(struct tcp_metrics_block *tm,
WRITE_ONCE(tm->tcpm_lock, val);
msval = dst_metric_raw(dst, RTAX_RTT);
- tm->tcpm_vals[TCP_METRIC_RTT] = msval * USEC_PER_MSEC;
+ tcp_metric_set(tm, TCP_METRIC_RTT, msval * USEC_PER_MSEC);
msval = dst_metric_raw(dst, RTAX_RTTVAR);
- tm->tcpm_vals[TCP_METRIC_RTTVAR] = msval * USEC_PER_MSEC;
- tm->tcpm_vals[TCP_METRIC_SSTHRESH] = dst_metric_raw(dst, RTAX_SSTHRESH);
- tm->tcpm_vals[TCP_METRIC_CWND] = dst_metric_raw(dst, RTAX_CWND);
- tm->tcpm_vals[TCP_METRIC_REORDERING] = dst_metric_raw(dst, RTAX_REORDERING);
+ tcp_metric_set(tm, TCP_METRIC_RTTVAR, msval * USEC_PER_MSEC);
+ tcp_metric_set(tm, TCP_METRIC_SSTHRESH,
+ dst_metric_raw(dst, RTAX_SSTHRESH));
+ tcp_metric_set(tm, TCP_METRIC_CWND,
+ dst_metric_raw(dst, RTAX_CWND));
+ tcp_metric_set(tm, TCP_METRIC_REORDERING,
+ dst_metric_raw(dst, RTAX_REORDERING));
if (fastopen_clear) {
tm->tcpm_fastopen.mss = 0;
tm->tcpm_fastopen.syn_loss = 0;
@@ -672,7 +677,7 @@ static int tcp_metrics_fill_info(struct sk_buff *msg,
if (!nest)
goto nla_put_failure;
for (i = 0; i < TCP_METRIC_MAX_KERNEL + 1; i++) {
- u32 val = tm->tcpm_vals[i];
+ u32 val = tcp_metric_get(tm, i);
if (!val)
continue;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 303/323] tcp_metrics: annotate data-races around tm->tcpm_net
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 302/323] tcp_metrics: annotate data-races around tm->tcpm_vals[] Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 304/323] tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen Greg Kroah-Hartman
` (23 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, David Ahern,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit d5d986ce42c71a7562d32c4e21e026b0f87befec ]
tm->tcpm_net can be read or written locklessly.
Instead of changing write_pnet() and read_pnet() and potentially
hurt performance, add the needed READ_ONCE()/WRITE_ONCE()
in tm_net() and tcpm_new().
Fixes: 849e8a0ca8d5 ("tcp_metrics: Add a field tcpm_net and verify it matches on lookup")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230802131500.1478140-6-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_metrics.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index fa99481abce8f..dfd224979cf65 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -40,7 +40,7 @@ struct tcp_fastopen_metrics {
struct tcp_metrics_block {
struct tcp_metrics_block __rcu *tcpm_next;
- possible_net_t tcpm_net;
+ struct net *tcpm_net;
struct inetpeer_addr tcpm_saddr;
struct inetpeer_addr tcpm_daddr;
unsigned long tcpm_stamp;
@@ -51,9 +51,10 @@ struct tcp_metrics_block {
struct rcu_head rcu_head;
};
-static inline struct net *tm_net(struct tcp_metrics_block *tm)
+static inline struct net *tm_net(const struct tcp_metrics_block *tm)
{
- return read_pnet(&tm->tcpm_net);
+ /* Paired with the WRITE_ONCE() in tcpm_new() */
+ return READ_ONCE(tm->tcpm_net);
}
static bool tcp_metric_locked(struct tcp_metrics_block *tm,
@@ -197,7 +198,9 @@ static struct tcp_metrics_block *tcpm_new(struct dst_entry *dst,
if (!tm)
goto out_unlock;
}
- write_pnet(&tm->tcpm_net, net);
+ /* Paired with the READ_ONCE() in tm_net() */
+ WRITE_ONCE(tm->tcpm_net, net);
+
tm->tcpm_saddr = *saddr;
tm->tcpm_daddr = *daddr;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 304/323] tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 303/323] tcp_metrics: annotate data-races around tm->tcpm_net Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 305/323] scsi: zfcp: Defer fc_rport blocking until after ADISC response Greg Kroah-Hartman
` (22 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Yuchung Cheng,
Kuniyuki Iwashima, Jakub Kicinski, Sasha Levin
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit ddf251fa2bc1d3699eec0bae6ed0bc373b8fda79 ]
Whenever tcpm_new() reclaims an old entry, tcpm_suck_dst()
would overwrite data that could be read from tcp_fastopen_cache_get()
or tcp_metrics_fill_info().
We need to acquire fastopen_seqlock to maintain consistency.
For newly allocated objects, tcpm_new() can switch to kzalloc()
to avoid an extra fastopen_seqlock acquisition.
Fixes: 1fe4c481ba63 ("net-tcp: Fast Open client - cookie cache")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230802131500.1478140-7-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_metrics.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index dfd224979cf65..7bbd9125b5000 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -93,6 +93,7 @@ static struct tcpm_hash_bucket *tcp_metrics_hash __read_mostly;
static unsigned int tcp_metrics_hash_log __read_mostly;
static DEFINE_SPINLOCK(tcp_metrics_lock);
+static DEFINE_SEQLOCK(fastopen_seqlock);
static void tcpm_suck_dst(struct tcp_metrics_block *tm,
const struct dst_entry *dst,
@@ -129,11 +130,13 @@ static void tcpm_suck_dst(struct tcp_metrics_block *tm,
tcp_metric_set(tm, TCP_METRIC_REORDERING,
dst_metric_raw(dst, RTAX_REORDERING));
if (fastopen_clear) {
+ write_seqlock(&fastopen_seqlock);
tm->tcpm_fastopen.mss = 0;
tm->tcpm_fastopen.syn_loss = 0;
tm->tcpm_fastopen.try_exp = 0;
tm->tcpm_fastopen.cookie.exp = false;
tm->tcpm_fastopen.cookie.len = 0;
+ write_sequnlock(&fastopen_seqlock);
}
}
@@ -194,7 +197,7 @@ static struct tcp_metrics_block *tcpm_new(struct dst_entry *dst,
}
tm = oldest;
} else {
- tm = kmalloc(sizeof(*tm), GFP_ATOMIC);
+ tm = kzalloc(sizeof(*tm), GFP_ATOMIC);
if (!tm)
goto out_unlock;
}
@@ -204,7 +207,7 @@ static struct tcp_metrics_block *tcpm_new(struct dst_entry *dst,
tm->tcpm_saddr = *saddr;
tm->tcpm_daddr = *daddr;
- tcpm_suck_dst(tm, dst, true);
+ tcpm_suck_dst(tm, dst, reclaim);
if (likely(!reclaim)) {
tm->tcpm_next = tcp_metrics_hash[hash].chain;
@@ -561,8 +564,6 @@ bool tcp_peer_is_proven(struct request_sock *req, struct dst_entry *dst)
return ret;
}
-static DEFINE_SEQLOCK(fastopen_seqlock);
-
void tcp_fastopen_cache_get(struct sock *sk, u16 *mss,
struct tcp_fastopen_cookie *cookie)
{
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 305/323] scsi: zfcp: Defer fc_rport blocking until after ADISC response
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 304/323] tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 306/323] libceph: fix potential hang in ceph_osdc_notify() Greg Kroah-Hartman
` (21 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Benjamin Block, Fedor Loshakov,
Steffen Maier, Martin K. Petersen
From: Steffen Maier <maier@linux.ibm.com>
commit e65851989001c0c9ba9177564b13b38201c0854c upstream.
Storage devices are free to send RSCNs, e.g. for internal state changes. If
this happens on all connected paths, zfcp risks temporarily losing all
paths at the same time. This has strong requirements on multipath
configuration such as "no_path_retry queue".
Avoid such situations by deferring fc_rport blocking until after the ADISC
response, when any actual state change of the remote port became clear.
The already existing port recovery triggers explicitly block the fc_rport.
The triggers are: on ADISC reject or timeout (typical cable pull case), and
on ADISC indicating that the remote port has changed its WWPN or
the port is meanwhile no longer open.
As a side effect, this also removes a confusing direct function call to
another work item function zfcp_scsi_rport_work() instead of scheduling
that other work item. It was probably done that way to have the rport block
side effect immediate and synchronous to the caller.
Fixes: a2fa0aede07c ("[SCSI] zfcp: Block FC transport rports early on errors")
Cc: stable@vger.kernel.org #v2.6.30+
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Reviewed-by: Fedor Loshakov <loshakov@linux.ibm.com>
Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Link: https://lore.kernel.org/r/20230724145156.3920244-1-maier@linux.ibm.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/scsi/zfcp_fc.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/drivers/s390/scsi/zfcp_fc.c
+++ b/drivers/s390/scsi/zfcp_fc.c
@@ -534,8 +534,7 @@ static void zfcp_fc_adisc_handler(void *
/* re-init to undo drop from zfcp_fc_adisc() */
port->d_id = ntoh24(adisc_resp->adisc_port_id);
- /* port is good, unblock rport without going through erp */
- zfcp_scsi_schedule_rport_register(port);
+ /* port is still good, nothing to do */
out:
atomic_andnot(ZFCP_STATUS_PORT_LINK_TEST, &port->status);
put_device(&port->dev);
@@ -595,9 +594,6 @@ void zfcp_fc_link_test_work(struct work_
int retval;
set_worker_desc("zadisc%16llx", port->wwpn); /* < WORKER_DESC_LEN=24 */
- get_device(&port->dev);
- port->rport_task = RPORT_DEL;
- zfcp_scsi_rport_work(&port->rport_work);
/* only issue one test command at one time per port */
if (atomic_read(&port->status) & ZFCP_STATUS_PORT_LINK_TEST)
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 306/323] libceph: fix potential hang in ceph_osdc_notify()
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 305/323] scsi: zfcp: Defer fc_rport blocking until after ADISC response Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 307/323] USB: zaurus: Add ID for A-300/B-500/C-700 Greg Kroah-Hartman
` (20 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ilya Dryomov, Dongsheng Yang,
Xiubo Li
From: Ilya Dryomov <idryomov@gmail.com>
commit e6e2843230799230fc5deb8279728a7218b0d63c upstream.
If the cluster becomes unavailable, ceph_osdc_notify() may hang even
with osd_request_timeout option set because linger_notify_finish_wait()
waits for MWatchNotify NOTIFY_COMPLETE message with no associated OSD
request in flight -- it's completely asynchronous.
Introduce an additional timeout, derived from the specified notify
timeout. While at it, switch both waits to killable which is more
correct.
Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Dongsheng Yang <dongsheng.yang@easystack.cn>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ceph/osd_client.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -3137,17 +3137,24 @@ static int linger_reg_commit_wait(struct
int ret;
dout("%s lreq %p linger_id %llu\n", __func__, lreq, lreq->linger_id);
- ret = wait_for_completion_interruptible(&lreq->reg_commit_wait);
+ ret = wait_for_completion_killable(&lreq->reg_commit_wait);
return ret ?: lreq->reg_commit_error;
}
-static int linger_notify_finish_wait(struct ceph_osd_linger_request *lreq)
+static int linger_notify_finish_wait(struct ceph_osd_linger_request *lreq,
+ unsigned long timeout)
{
- int ret;
+ long left;
dout("%s lreq %p linger_id %llu\n", __func__, lreq, lreq->linger_id);
- ret = wait_for_completion_interruptible(&lreq->notify_finish_wait);
- return ret ?: lreq->notify_finish_error;
+ left = wait_for_completion_killable_timeout(&lreq->notify_finish_wait,
+ ceph_timeout_jiffies(timeout));
+ if (left <= 0)
+ left = left ?: -ETIMEDOUT;
+ else
+ left = lreq->notify_finish_error; /* completed */
+
+ return left;
}
/*
@@ -4760,7 +4767,8 @@ int ceph_osdc_notify(struct ceph_osd_cli
ret = linger_reg_commit_wait(lreq);
if (!ret)
- ret = linger_notify_finish_wait(lreq);
+ ret = linger_notify_finish_wait(lreq,
+ msecs_to_jiffies(2 * timeout * MSEC_PER_SEC));
else
dout("lreq %p failed to initiate notify %d\n", lreq, ret);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 307/323] USB: zaurus: Add ID for A-300/B-500/C-700
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 306/323] libceph: fix potential hang in ceph_osdc_notify() Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 308/323] fs/sysv: Null check to prevent null-ptr-deref bug Greg Kroah-Hartman
` (19 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ross Maynard, Andrew Lunn,
Jakub Kicinski
From: Ross Maynard <bids.7405@bigpond.com>
commit b99225b4fe297d07400f9e2332ecd7347b224f8d upstream.
The SL-A300, B500/5600, and C700 devices no longer auto-load because of
"usbnet: Remove over-broad module alias from zaurus."
This patch adds IDs for those 3 devices.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217632
Fixes: 16adf5d07987 ("usbnet: Remove over-broad module alias from zaurus.")
Signed-off-by: Ross Maynard <bids.7405@bigpond.com>
Cc: stable@vger.kernel.org
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/69b5423b-2013-9fc9-9569-58e707d9bafb@bigpond.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/cdc_ether.c | 21 +++++++++++++++++++++
drivers/net/usb/zaurus.c | 21 +++++++++++++++++++++
2 files changed, 42 insertions(+)
--- a/drivers/net/usb/cdc_ether.c
+++ b/drivers/net/usb/cdc_ether.c
@@ -618,6 +618,13 @@ static const struct usb_device_id produc
.match_flags = USB_DEVICE_ID_MATCH_INT_INFO
| USB_DEVICE_ID_MATCH_DEVICE,
.idVendor = 0x04DD,
+ .idProduct = 0x8005, /* A-300 */
+ ZAURUS_FAKE_INTERFACE,
+ .driver_info = 0,
+}, {
+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+ | USB_DEVICE_ID_MATCH_DEVICE,
+ .idVendor = 0x04DD,
.idProduct = 0x8006, /* B-500/SL-5600 */
ZAURUS_MASTER_INTERFACE,
.driver_info = 0,
@@ -625,11 +632,25 @@ static const struct usb_device_id produc
.match_flags = USB_DEVICE_ID_MATCH_INT_INFO
| USB_DEVICE_ID_MATCH_DEVICE,
.idVendor = 0x04DD,
+ .idProduct = 0x8006, /* B-500/SL-5600 */
+ ZAURUS_FAKE_INTERFACE,
+ .driver_info = 0,
+}, {
+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+ | USB_DEVICE_ID_MATCH_DEVICE,
+ .idVendor = 0x04DD,
.idProduct = 0x8007, /* C-700 */
ZAURUS_MASTER_INTERFACE,
.driver_info = 0,
}, {
.match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+ | USB_DEVICE_ID_MATCH_DEVICE,
+ .idVendor = 0x04DD,
+ .idProduct = 0x8007, /* C-700 */
+ ZAURUS_FAKE_INTERFACE,
+ .driver_info = 0,
+}, {
+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
| USB_DEVICE_ID_MATCH_DEVICE,
.idVendor = 0x04DD,
.idProduct = 0x9031, /* C-750 C-760 */
--- a/drivers/net/usb/zaurus.c
+++ b/drivers/net/usb/zaurus.c
@@ -301,11 +301,25 @@ static const struct usb_device_id produc
.match_flags = USB_DEVICE_ID_MATCH_INT_INFO
| USB_DEVICE_ID_MATCH_DEVICE,
.idVendor = 0x04DD,
+ .idProduct = 0x8005, /* A-300 */
+ ZAURUS_FAKE_INTERFACE,
+ .driver_info = (unsigned long)&bogus_mdlm_info,
+}, {
+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+ | USB_DEVICE_ID_MATCH_DEVICE,
+ .idVendor = 0x04DD,
.idProduct = 0x8006, /* B-500/SL-5600 */
ZAURUS_MASTER_INTERFACE,
.driver_info = ZAURUS_PXA_INFO,
}, {
.match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+ | USB_DEVICE_ID_MATCH_DEVICE,
+ .idVendor = 0x04DD,
+ .idProduct = 0x8006, /* B-500/SL-5600 */
+ ZAURUS_FAKE_INTERFACE,
+ .driver_info = (unsigned long)&bogus_mdlm_info,
+}, {
+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
| USB_DEVICE_ID_MATCH_DEVICE,
.idVendor = 0x04DD,
.idProduct = 0x8007, /* C-700 */
@@ -313,6 +327,13 @@ static const struct usb_device_id produc
.driver_info = ZAURUS_PXA_INFO,
}, {
.match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+ | USB_DEVICE_ID_MATCH_DEVICE,
+ .idVendor = 0x04DD,
+ .idProduct = 0x8007, /* C-700 */
+ ZAURUS_FAKE_INTERFACE,
+ .driver_info = (unsigned long)&bogus_mdlm_info,
+}, {
+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
| USB_DEVICE_ID_MATCH_DEVICE,
.idVendor = 0x04DD,
.idProduct = 0x9031, /* C-750 C-760 */
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 308/323] fs/sysv: Null check to prevent null-ptr-deref bug
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 307/323] USB: zaurus: Add ID for A-300/B-500/C-700 Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 309/323] Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Greg Kroah-Hartman
` (18 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+aad58150cbc64ba41bdc,
Prince Kumar Maurya, Christian Brauner
From: Prince Kumar Maurya <princekumarmaurya06@gmail.com>
commit ea2b62f305893992156a798f665847e0663c9f41 upstream.
sb_getblk(inode->i_sb, parent) return a null ptr and taking lock on
that leads to the null-ptr-deref bug.
Reported-by: syzbot+aad58150cbc64ba41bdc@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=aad58150cbc64ba41bdc
Signed-off-by: Prince Kumar Maurya <princekumarmaurya06@gmail.com>
Message-Id: <20230531013141.19487-1-princekumarmaurya06@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/sysv/itree.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/sysv/itree.c
+++ b/fs/sysv/itree.c
@@ -145,6 +145,10 @@ static int alloc_branch(struct inode *in
*/
parent = block_to_cpu(SYSV_SB(inode->i_sb), branch[n-1].key);
bh = sb_getblk(inode->i_sb, parent);
+ if (!bh) {
+ sysv_free_block(inode->i_sb, branch[n].key);
+ break;
+ }
lock_buffer(bh);
memset(bh->b_data, 0, blocksize);
branch[n].bh = bh;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 309/323] Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 308/323] fs/sysv: Null check to prevent null-ptr-deref bug Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 310/323] net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Greg Kroah-Hartman
` (17 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sungwoo Kim, Luiz Augusto von Dentz,
Jakub Kicinski
From: Sungwoo Kim <iam@sung-woo.kim>
commit 1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 upstream.
l2cap_sock_release(sk) frees sk. However, sk's children are still alive
and point to the already free'd sk's address.
To fix this, l2cap_sock_release(sk) also cleans sk's children.
==================================================================
BUG: KASAN: use-after-free in l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650
Read of size 8 at addr ffff888104617aa8 by task kworker/u3:0/276
CPU: 0 PID: 276 Comm: kworker/u3:0 Not tainted 6.2.0-00001-gef397bd4d5fb-dirty #59
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: hci2 hci_rx_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x72/0x95 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:306 [inline]
print_report+0x175/0x478 mm/kasan/report.c:417
kasan_report+0xb1/0x130 mm/kasan/report.c:517
l2cap_sock_ready_cb+0xb7/0x100 net/bluetooth/l2cap_sock.c:1650
l2cap_chan_ready+0x10e/0x1e0 net/bluetooth/l2cap_core.c:1386
l2cap_config_req+0x753/0x9f0 net/bluetooth/l2cap_core.c:4480
l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:5739 [inline]
l2cap_sig_channel net/bluetooth/l2cap_core.c:6509 [inline]
l2cap_recv_frame+0xe2e/0x43c0 net/bluetooth/l2cap_core.c:7788
l2cap_recv_acldata+0x6ed/0x7e0 net/bluetooth/l2cap_core.c:8506
hci_acldata_packet net/bluetooth/hci_core.c:3813 [inline]
hci_rx_work+0x66e/0xbc0 net/bluetooth/hci_core.c:4048
process_one_work+0x4ea/0x8e0 kernel/workqueue.c:2289
worker_thread+0x364/0x8e0 kernel/workqueue.c:2436
kthread+0x1b9/0x200 kernel/kthread.c:376
ret_from_fork+0x2c/0x50 arch/x86/entry/entry_64.S:308
</TASK>
Allocated by task 288:
kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc+0x82/0x90 mm/kasan/common.c:383
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:968 [inline]
__kmalloc+0x5a/0x140 mm/slab_common.c:981
kmalloc include/linux/slab.h:584 [inline]
sk_prot_alloc+0x113/0x1f0 net/core/sock.c:2040
sk_alloc+0x36/0x3c0 net/core/sock.c:2093
l2cap_sock_alloc.constprop.0+0x39/0x1c0 net/bluetooth/l2cap_sock.c:1852
l2cap_sock_create+0x10d/0x220 net/bluetooth/l2cap_sock.c:1898
bt_sock_create+0x183/0x290 net/bluetooth/af_bluetooth.c:132
__sock_create+0x226/0x380 net/socket.c:1518
sock_create net/socket.c:1569 [inline]
__sys_socket_create net/socket.c:1606 [inline]
__sys_socket_create net/socket.c:1591 [inline]
__sys_socket+0x112/0x200 net/socket.c:1639
__do_sys_socket net/socket.c:1652 [inline]
__se_sys_socket net/socket.c:1650 [inline]
__x64_sys_socket+0x40/0x50 net/socket.c:1650
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3f/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x72/0xdc
Freed by task 288:
kasan_save_stack+0x22/0x50 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/common.c:52
kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:523
____kasan_slab_free mm/kasan/common.c:236 [inline]
____kasan_slab_free mm/kasan/common.c:200 [inline]
__kasan_slab_free+0x10a/0x190 mm/kasan/common.c:244
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1781 [inline]
slab_free_freelist_hook mm/slub.c:1807 [inline]
slab_free mm/slub.c:3787 [inline]
__kmem_cache_free+0x88/0x1f0 mm/slub.c:3800
sk_prot_free net/core/sock.c:2076 [inline]
__sk_destruct+0x347/0x430 net/core/sock.c:2168
sk_destruct+0x9c/0xb0 net/core/sock.c:2183
__sk_free+0x82/0x220 net/core/sock.c:2194
sk_free+0x7c/0xa0 net/core/sock.c:2205
sock_put include/net/sock.h:1991 [inline]
l2cap_sock_kill+0x256/0x2b0 net/bluetooth/l2cap_sock.c:1257
l2cap_sock_release+0x1a7/0x220 net/bluetooth/l2cap_sock.c:1428
__sock_release+0x80/0x150 net/socket.c:650
sock_close+0x19/0x30 net/socket.c:1368
__fput+0x17a/0x5c0 fs/file_table.c:320
task_work_run+0x132/0x1c0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x113/0x120 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x21/0x50 kernel/entry/common.c:296
do_syscall_64+0x4c/0x90 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x72/0xdc
The buggy address belongs to the object at ffff888104617800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 680 bytes inside of
1024-byte region [ffff888104617800, ffff888104617c00)
The buggy address belongs to the physical page:
page:00000000dbca6a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888104614000 pfn:0x104614
head:00000000dbca6a80 order:2 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
flags: 0x200000000010200(slab|head|node=0|zone=2)
raw: 0200000000010200 ffff888100041dc0 ffffea0004212c10 ffffea0004234b10
raw: ffff888104614000 0000000000080002 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888104617980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888104617a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888104617a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888104617b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888104617b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Ack: This bug is found by FuzzBT with a modified Syzkaller. Other
contributors are Ruoyu Wu and Hui Peng.
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/l2cap_sock.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -45,6 +45,7 @@ static const struct proto_ops l2cap_sock
static void l2cap_sock_init(struct sock *sk, struct sock *parent);
static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
int proto, gfp_t prio, int kern);
+static void l2cap_sock_cleanup_listen(struct sock *parent);
bool l2cap_is_socket(struct socket *sock)
{
@@ -1205,6 +1206,7 @@ static int l2cap_sock_release(struct soc
if (!sk)
return 0;
+ l2cap_sock_cleanup_listen(sk);
bt_sock_unlink(&l2cap_sk_list, sk);
err = l2cap_sock_shutdown(sock, 2);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 310/323] net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 309/323] Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 311/323] ext2: Drop fragment support Greg Kroah-Hartman
` (16 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alan Stern, Oliver Neukum,
Jakub Kicinski, syzbot+63ee658b9a100ffadbe2
From: Alan Stern <stern@rowland.harvard.edu>
commit 5e1627cb43ddf1b24b92eb26f8d958a3f5676ccb upstream.
The syzbot fuzzer identified a problem in the usbnet driver:
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Workqueue: mld mld_ifc_work
RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7
RSP: 0018:ffffc9000463f568 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001
RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003
R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0
Call Trace:
<TASK>
usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453
__netdev_start_xmit include/linux/netdevice.h:4918 [inline]
netdev_start_xmit include/linux/netdevice.h:4932 [inline]
xmit_one net/core/dev.c:3578 [inline]
dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594
...
This bug is caused by the fact that usbnet trusts the bulk endpoint
addresses its probe routine receives in the driver_info structure, and
it does not check to see that these endpoints actually exist and have
the expected type and directions.
The fix is simply to add such a check.
Reported-and-tested-by: syzbot+63ee658b9a100ffadbe2@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-usb/000000000000a56e9105d0cec021@google.com/
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/ea152b6d-44df-4f8a-95c6-4db51143dcc1@rowland.harvard.edu
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/usbnet.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1767,6 +1767,10 @@ usbnet_probe (struct usb_interface *udev
} else if (!info->in || !info->out)
status = usbnet_get_endpoints (dev, udev);
else {
+ u8 ep_addrs[3] = {
+ info->in + USB_DIR_IN, info->out + USB_DIR_OUT, 0
+ };
+
dev->in = usb_rcvbulkpipe (xdev, info->in);
dev->out = usb_sndbulkpipe (xdev, info->out);
if (!(info->flags & FLAG_NO_SETINT))
@@ -1776,6 +1780,8 @@ usbnet_probe (struct usb_interface *udev
else
status = 0;
+ if (status == 0 && !usb_check_bulk_endpoints(udev, ep_addrs))
+ status = -EINVAL;
}
if (status >= 0 && dev->status)
status = init_status (dev, udev);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 311/323] ext2: Drop fragment support
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 310/323] net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 312/323] test_firmware: fix a memory leak with reqs buffer Greg Kroah-Hartman
` (15 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, syzbot+af5e10f73dbff48f70af,
Jan Kara
From: Jan Kara <jack@suse.cz>
commit 404615d7f1dcd4cca200e9a7a9df3a1dcae1dd62 upstream.
Ext2 has fields in superblock reserved for subblock allocation support.
However that never landed. Drop the many years dead code.
Reported-by: syzbot+af5e10f73dbff48f70af@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext2/ext2.h | 12 ------------
fs/ext2/super.c | 23 ++++-------------------
2 files changed, 4 insertions(+), 31 deletions(-)
--- a/fs/ext2/ext2.h
+++ b/fs/ext2/ext2.h
@@ -68,10 +68,7 @@ struct mb_cache;
* second extended-fs super-block data in memory
*/
struct ext2_sb_info {
- unsigned long s_frag_size; /* Size of a fragment in bytes */
- unsigned long s_frags_per_block;/* Number of fragments per block */
unsigned long s_inodes_per_block;/* Number of inodes per block */
- unsigned long s_frags_per_group;/* Number of fragments in a group */
unsigned long s_blocks_per_group;/* Number of blocks in a group */
unsigned long s_inodes_per_group;/* Number of inodes in a group */
unsigned long s_itb_per_group; /* Number of inode table blocks per group */
@@ -186,15 +183,6 @@ static inline struct ext2_sb_info *EXT2_
#define EXT2_FIRST_INO(s) (EXT2_SB(s)->s_first_ino)
/*
- * Macro-instructions used to manage fragments
- */
-#define EXT2_MIN_FRAG_SIZE 1024
-#define EXT2_MAX_FRAG_SIZE 4096
-#define EXT2_MIN_FRAG_LOG_SIZE 10
-#define EXT2_FRAG_SIZE(s) (EXT2_SB(s)->s_frag_size)
-#define EXT2_FRAGS_PER_BLOCK(s) (EXT2_SB(s)->s_frags_per_block)
-
-/*
* Structure of a blocks group descriptor
*/
struct ext2_group_desc
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -691,10 +691,9 @@ static int ext2_setup_super (struct supe
es->s_max_mnt_count = cpu_to_le16(EXT2_DFL_MAX_MNT_COUNT);
le16_add_cpu(&es->s_mnt_count, 1);
if (test_opt (sb, DEBUG))
- ext2_msg(sb, KERN_INFO, "%s, %s, bs=%lu, fs=%lu, gc=%lu, "
+ ext2_msg(sb, KERN_INFO, "%s, %s, bs=%lu, gc=%lu, "
"bpg=%lu, ipg=%lu, mo=%04lx]",
EXT2FS_VERSION, EXT2FS_DATE, sb->s_blocksize,
- sbi->s_frag_size,
sbi->s_groups_count,
EXT2_BLOCKS_PER_GROUP(sb),
EXT2_INODES_PER_GROUP(sb),
@@ -1040,14 +1039,7 @@ static int ext2_fill_super(struct super_
}
}
- sbi->s_frag_size = EXT2_MIN_FRAG_SIZE <<
- le32_to_cpu(es->s_log_frag_size);
- if (sbi->s_frag_size == 0)
- goto cantfind_ext2;
- sbi->s_frags_per_block = sb->s_blocksize / sbi->s_frag_size;
-
sbi->s_blocks_per_group = le32_to_cpu(es->s_blocks_per_group);
- sbi->s_frags_per_group = le32_to_cpu(es->s_frags_per_group);
sbi->s_inodes_per_group = le32_to_cpu(es->s_inodes_per_group);
if (EXT2_INODE_SIZE(sb) == 0)
@@ -1075,11 +1067,10 @@ static int ext2_fill_super(struct super_
goto failed_mount;
}
- if (sb->s_blocksize != sbi->s_frag_size) {
+ if (es->s_log_frag_size != es->s_log_block_size) {
ext2_msg(sb, KERN_ERR,
- "error: fragsize %lu != blocksize %lu"
- "(not supported yet)",
- sbi->s_frag_size, sb->s_blocksize);
+ "error: fragsize log %u != blocksize log %u",
+ le32_to_cpu(es->s_log_frag_size), sb->s_blocksize_bits);
goto failed_mount;
}
@@ -1089,12 +1080,6 @@ static int ext2_fill_super(struct super_
sbi->s_blocks_per_group);
goto failed_mount;
}
- if (sbi->s_frags_per_group > sb->s_blocksize * 8) {
- ext2_msg(sb, KERN_ERR,
- "error: #fragments per group too big: %lu",
- sbi->s_frags_per_group);
- goto failed_mount;
- }
if (sbi->s_inodes_per_group < sbi->s_inodes_per_block ||
sbi->s_inodes_per_group > sb->s_blocksize * 8) {
ext2_msg(sb, KERN_ERR,
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 312/323] test_firmware: fix a memory leak with reqs buffer
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 311/323] ext2: Drop fragment support Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 313/323] test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation Greg Kroah-Hartman
` (14 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Luis Chamberlain, Russ Weight,
Tianfei Zhang, Shuah Khan, Colin Ian King, Randy Dunlap,
linux-kselftest, Dan Carpenter, Takashi Iwai,
Mirsad Goran Todorovac, Dan Carpenter
From: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
commit be37bed754ed90b2655382f93f9724b3c1aae847 upstream.
Dan Carpenter spotted that test_fw_config->reqs will be leaked if
trigger_batched_requests_store() is called two or more times.
The same appears with trigger_batched_requests_async_store().
This bug wasn't trigger by the tests, but observed by Dan's visual
inspection of the code.
The recommended workaround was to return -EBUSY if test_fw_config->reqs
is already allocated.
Fixes: 7feebfa487b92 ("test_firmware: add support for request_firmware_into_buf")
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Russ Weight <russell.h.weight@intel.com>
Cc: Tianfei Zhang <tianfei.zhang@intel.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Colin Ian King <colin.i.king@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-kselftest@vger.kernel.org
Cc: stable@vger.kernel.org # v5.4
Suggested-by: Dan Carpenter <error27@gmail.com>
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20230509084746.48259-2-mirsad.todorovac@alu.unizg.hr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_firmware.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/lib/test_firmware.c
+++ b/lib/test_firmware.c
@@ -618,6 +618,11 @@ static ssize_t trigger_batched_requests_
mutex_lock(&test_fw_mutex);
+ if (test_fw_config->reqs) {
+ rc = -EBUSY;
+ goto out_bail;
+ }
+
test_fw_config->reqs =
vzalloc(array3_size(sizeof(struct test_batched_req),
test_fw_config->num_requests, 2));
@@ -721,6 +726,11 @@ ssize_t trigger_batched_requests_async_s
mutex_lock(&test_fw_mutex);
+ if (test_fw_config->reqs) {
+ rc = -EBUSY;
+ goto out_bail;
+ }
+
test_fw_config->reqs =
vzalloc(array3_size(sizeof(struct test_batched_req),
test_fw_config->num_requests, 2));
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 313/323] test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 312/323] test_firmware: fix a memory leak with reqs buffer Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 314/323] mtd: rawnand: omap_elm: Fix incorrect type in assignment Greg Kroah-Hartman
` (13 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Takashi Iwai,
Kees Cook, Luis R. Rodriguez, Scott Branden, Hans de Goede,
Brian Norris, Mirsad Goran Todorovac, Dan Carpenter
From: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
commit 7dae593cd226a0bca61201cf85ceb9335cf63682 upstream.
In a couple of situations like
name = kstrndup(buf, count, GFP_KERNEL);
if (!name)
return -ENOSPC;
the error is not actually "No space left on device", but "Out of memory".
It is semantically correct to return -ENOMEM in all failed kstrndup()
and kzalloc() cases in this driver, as it is not a problem with disk
space, but with kernel memory allocator failing allocation.
The semantically correct should be:
name = kstrndup(buf, count, GFP_KERNEL);
if (!name)
return -ENOMEM;
Cc: Dan Carpenter <error27@gmail.com>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: "Luis R. Rodriguez" <mcgrof@ruslug.rutgers.edu>
Cc: Scott Branden <sbranden@broadcom.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Brian Norris <briannorris@chromium.org>
Fixes: c92316bf8e948 ("test_firmware: add batched firmware tests")
Fixes: 0a8adf584759c ("test: add firmware_class loader test")
Fixes: 548193cba2a7d ("test_firmware: add support for firmware_request_platform")
Fixes: eb910947c82f9 ("test: firmware_class: add asynchronous request trigger")
Fixes: 061132d2b9c95 ("test_firmware: add test custom fallback trigger")
Fixes: 7feebfa487b92 ("test_firmware: add support for request_firmware_into_buf")
Signed-off-by: Mirsad Goran Todorovac <mirsad.todorovac@alu.unizg.hr>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-ID: <20230606070808.9300-1-mirsad.todorovac@alu.unizg.hr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
lib/test_firmware.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/lib/test_firmware.c
+++ b/lib/test_firmware.c
@@ -160,7 +160,7 @@ static int __kstrncpy(char **dst, const
{
*dst = kstrndup(name, count, gfp);
if (!*dst)
- return -ENOSPC;
+ return -ENOMEM;
return count;
}
@@ -456,7 +456,7 @@ static ssize_t trigger_request_store(str
name = kstrndup(buf, count, GFP_KERNEL);
if (!name)
- return -ENOSPC;
+ return -ENOMEM;
pr_info("loading '%s'\n", name);
@@ -497,7 +497,7 @@ static ssize_t trigger_async_request_sto
name = kstrndup(buf, count, GFP_KERNEL);
if (!name)
- return -ENOSPC;
+ return -ENOMEM;
pr_info("loading '%s'\n", name);
@@ -540,7 +540,7 @@ static ssize_t trigger_custom_fallback_s
name = kstrndup(buf, count, GFP_KERNEL);
if (!name)
- return -ENOSPC;
+ return -ENOMEM;
pr_info("loading '%s' using custom fallback mechanism\n", name);
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 314/323] mtd: rawnand: omap_elm: Fix incorrect type in assignment
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 313/323] test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 315/323] powerpc/mm/altmap: Fix altmap boundary check Greg Kroah-Hartman
` (12 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Roger Quadros,
Miquel Raynal, Sasha Levin
From: Roger Quadros <rogerq@kernel.org>
[ Upstream commit d8403b9eeee66d5dd81ecb9445800b108c267ce3 ]
Once the ECC word endianness is converted to BE32, we force cast it
to u32 so we can use elm_write_reg() which in turn uses writel().
Fixes below sparse warnings:
drivers/mtd/nand/raw/omap_elm.c:180:37: sparse: expected unsigned int [usertype] val
drivers/mtd/nand/raw/omap_elm.c:180:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:185:37: sparse: expected unsigned int [usertype] val
drivers/mtd/nand/raw/omap_elm.c:185:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:190:37: sparse: expected unsigned int [usertype] val
drivers/mtd/nand/raw/omap_elm.c:190:37: sparse: got restricted __be32 [usertype]
>> drivers/mtd/nand/raw/omap_elm.c:200:40: sparse: sparse: restricted __be32 degrades to integer
drivers/mtd/nand/raw/omap_elm.c:206:39: sparse: sparse: restricted __be32 degrades to integer
drivers/mtd/nand/raw/omap_elm.c:210:37: sparse: expected unsigned int [assigned] [usertype] val
drivers/mtd/nand/raw/omap_elm.c:210:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:213:37: sparse: expected unsigned int [assigned] [usertype] val
drivers/mtd/nand/raw/omap_elm.c:213:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:216:37: sparse: expected unsigned int [assigned] [usertype] val
drivers/mtd/nand/raw/omap_elm.c:216:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:219:37: sparse: expected unsigned int [assigned] [usertype] val
drivers/mtd/nand/raw/omap_elm.c:219:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:222:37: sparse: expected unsigned int [assigned] [usertype] val
drivers/mtd/nand/raw/omap_elm.c:222:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:225:37: sparse: expected unsigned int [assigned] [usertype] val
drivers/mtd/nand/raw/omap_elm.c:225:37: sparse: got restricted __be32 [usertype]
drivers/mtd/nand/raw/omap_elm.c:228:39: sparse: sparse: restricted __be32 degrades to integer
Fixes: bf22433575ef ("mtd: devices: elm: Add support for ELM error correction")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202306212211.WDXokuWh-lkp@intel.com/
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230624184021.7740-1-rogerq@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/omap_elm.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/mtd/nand/raw/omap_elm.c b/drivers/mtd/nand/raw/omap_elm.c
index 6736777a41567..02d1740383120 100644
--- a/drivers/mtd/nand/raw/omap_elm.c
+++ b/drivers/mtd/nand/raw/omap_elm.c
@@ -184,17 +184,17 @@ static void elm_load_syndrome(struct elm_info *info,
switch (info->bch_type) {
case BCH8_ECC:
/* syndrome fragment 0 = ecc[9-12B] */
- val = cpu_to_be32(*(u32 *) &ecc[9]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[9]);
elm_write_reg(info, offset, val);
/* syndrome fragment 1 = ecc[5-8B] */
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[5]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[5]);
elm_write_reg(info, offset, val);
/* syndrome fragment 2 = ecc[1-4B] */
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[1]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[1]);
elm_write_reg(info, offset, val);
/* syndrome fragment 3 = ecc[0B] */
@@ -204,35 +204,35 @@ static void elm_load_syndrome(struct elm_info *info,
break;
case BCH4_ECC:
/* syndrome fragment 0 = ecc[20-52b] bits */
- val = (cpu_to_be32(*(u32 *) &ecc[3]) >> 4) |
+ val = ((__force u32)cpu_to_be32(*(u32 *)&ecc[3]) >> 4) |
((ecc[2] & 0xf) << 28);
elm_write_reg(info, offset, val);
/* syndrome fragment 1 = ecc[0-20b] bits */
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[0]) >> 12;
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[0]) >> 12;
elm_write_reg(info, offset, val);
break;
case BCH16_ECC:
- val = cpu_to_be32(*(u32 *) &ecc[22]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[22]);
elm_write_reg(info, offset, val);
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[18]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[18]);
elm_write_reg(info, offset, val);
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[14]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[14]);
elm_write_reg(info, offset, val);
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[10]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[10]);
elm_write_reg(info, offset, val);
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[6]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[6]);
elm_write_reg(info, offset, val);
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[2]);
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[2]);
elm_write_reg(info, offset, val);
offset += 4;
- val = cpu_to_be32(*(u32 *) &ecc[0]) >> 16;
+ val = (__force u32)cpu_to_be32(*(u32 *)&ecc[0]) >> 16;
elm_write_reg(info, offset, val);
break;
default:
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 315/323] powerpc/mm/altmap: Fix altmap boundary check
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 314/323] mtd: rawnand: omap_elm: Fix incorrect type in assignment Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 316/323] PM / wakeirq: support enabling wake-up irq after runtime_suspend called Greg Kroah-Hartman
` (11 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aneesh Kumar K.V, David Hildenbrand,
Michael Ellerman, Sasha Levin
From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
[ Upstream commit 6722b25712054c0f903b839b8f5088438dd04df3 ]
altmap->free includes the entire free space from which altmap blocks
can be allocated. So when checking whether the kernel is doing altmap
block free, compute the boundary correctly, otherwise memory hotunplug
can fail.
Fixes: 9ef34630a461 ("powerpc/mm: Fallback to RAM if the altmap is unusable")
Signed-off-by: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230724181320.471386-1-aneesh.kumar@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/mm/init_64.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/arch/powerpc/mm/init_64.c b/arch/powerpc/mm/init_64.c
index a5091c0347475..aff86679af961 100644
--- a/arch/powerpc/mm/init_64.c
+++ b/arch/powerpc/mm/init_64.c
@@ -266,8 +266,7 @@ void __ref vmemmap_free(unsigned long start, unsigned long end,
start = _ALIGN_DOWN(start, page_size);
if (altmap) {
alt_start = altmap->base_pfn;
- alt_end = altmap->base_pfn + altmap->reserve +
- altmap->free + altmap->alloc + altmap->align;
+ alt_end = altmap->base_pfn + altmap->reserve + altmap->free;
}
pr_debug("vmemmap_free %lx...%lx\n", start, end);
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 316/323] PM / wakeirq: support enabling wake-up irq after runtime_suspend called
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 315/323] powerpc/mm/altmap: Fix altmap boundary check Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 317/323] PM: sleep: wakeirq: fix wake irq arming Greg Kroah-Hartman
` (10 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rafael J. Wysocki, Chunfeng Yun,
Sasha Levin
From: Chunfeng Yun <chunfeng.yun@mediatek.com>
[ Upstream commit 259714100d98b50bf04d36a21bf50ca8b829fc11 ]
When the dedicated wake IRQ is level trigger, and it uses the
device's low-power status as the wakeup source, that means if the
device is not in low-power state, the wake IRQ will be triggered
if enabled; For this case, need enable the wake IRQ after running
the device's ->runtime_suspend() which make it enter low-power state.
e.g.
Assume the wake IRQ is a low level trigger type, and the wakeup
signal comes from the low-power status of the device.
The wakeup signal is low level at running time (0), and becomes
high level when the device enters low-power state (runtime_suspend
(1) is called), a wakeup event at (2) make the device exit low-power
state, then the wakeup signal also becomes low level.
------------------
| ^ ^|
---------------- | | --------------
|<---(0)--->|<--(1)--| (3) (2) (4)
if enable the wake IRQ before running runtime_suspend during (0),
a wake IRQ will arise, it causes resume immediately;
it works if enable wake IRQ ( e.g. at (3) or (4)) after running
->runtime_suspend().
This patch introduces a new status WAKE_IRQ_DEDICATED_REVERSE to
optionally support enabling wake IRQ after running ->runtime_suspend().
Suggested-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Stable-dep-of: 8527beb12087 ("PM: sleep: wakeirq: fix wake irq arming")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/power.h | 7 ++-
drivers/base/power/runtime.c | 6 ++-
drivers/base/power/wakeirq.c | 101 +++++++++++++++++++++++++++--------
include/linux/pm_wakeirq.h | 9 +++-
4 files changed, 96 insertions(+), 27 deletions(-)
diff --git a/drivers/base/power/power.h b/drivers/base/power/power.h
index c511def48b486..55f32bd390007 100644
--- a/drivers/base/power/power.h
+++ b/drivers/base/power/power.h
@@ -24,8 +24,10 @@ extern void pm_runtime_remove(struct device *dev);
#define WAKE_IRQ_DEDICATED_ALLOCATED BIT(0)
#define WAKE_IRQ_DEDICATED_MANAGED BIT(1)
+#define WAKE_IRQ_DEDICATED_REVERSE BIT(2)
#define WAKE_IRQ_DEDICATED_MASK (WAKE_IRQ_DEDICATED_ALLOCATED | \
- WAKE_IRQ_DEDICATED_MANAGED)
+ WAKE_IRQ_DEDICATED_MANAGED | \
+ WAKE_IRQ_DEDICATED_REVERSE)
struct wake_irq {
struct device *dev;
@@ -38,7 +40,8 @@ extern void dev_pm_arm_wake_irq(struct wake_irq *wirq);
extern void dev_pm_disarm_wake_irq(struct wake_irq *wirq);
extern void dev_pm_enable_wake_irq_check(struct device *dev,
bool can_change_status);
-extern void dev_pm_disable_wake_irq_check(struct device *dev);
+extern void dev_pm_disable_wake_irq_check(struct device *dev, bool cond_disable);
+extern void dev_pm_enable_wake_irq_complete(struct device *dev);
#ifdef CONFIG_PM_SLEEP
diff --git a/drivers/base/power/runtime.c b/drivers/base/power/runtime.c
index 911bb8a4bf6df..ab0898c33880a 100644
--- a/drivers/base/power/runtime.c
+++ b/drivers/base/power/runtime.c
@@ -606,6 +606,8 @@ static int rpm_suspend(struct device *dev, int rpmflags)
if (retval)
goto fail;
+ dev_pm_enable_wake_irq_complete(dev);
+
no_callback:
__update_runtime_status(dev, RPM_SUSPENDED);
pm_runtime_deactivate_timer(dev);
@@ -640,7 +642,7 @@ static int rpm_suspend(struct device *dev, int rpmflags)
return retval;
fail:
- dev_pm_disable_wake_irq_check(dev);
+ dev_pm_disable_wake_irq_check(dev, true);
__update_runtime_status(dev, RPM_ACTIVE);
dev->power.deferred_resume = false;
wake_up_all(&dev->power.wait_queue);
@@ -823,7 +825,7 @@ static int rpm_resume(struct device *dev, int rpmflags)
callback = RPM_GET_CALLBACK(dev, runtime_resume);
- dev_pm_disable_wake_irq_check(dev);
+ dev_pm_disable_wake_irq_check(dev, false);
retval = rpm_callback(callback, dev);
if (retval) {
__update_runtime_status(dev, RPM_SUSPENDED);
diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c
index b8fa5c0f2d132..fa69e4ce47527 100644
--- a/drivers/base/power/wakeirq.c
+++ b/drivers/base/power/wakeirq.c
@@ -156,24 +156,7 @@ static irqreturn_t handle_threaded_wake_irq(int irq, void *_wirq)
return IRQ_HANDLED;
}
-/**
- * dev_pm_set_dedicated_wake_irq - Request a dedicated wake-up interrupt
- * @dev: Device entry
- * @irq: Device wake-up interrupt
- *
- * Unless your hardware has separate wake-up interrupts in addition
- * to the device IO interrupts, you don't need this.
- *
- * Sets up a threaded interrupt handler for a device that has
- * a dedicated wake-up interrupt in addition to the device IO
- * interrupt.
- *
- * The interrupt starts disabled, and needs to be managed for
- * the device by the bus code or the device driver using
- * dev_pm_enable_wake_irq() and dev_pm_disable_wake_irq()
- * functions.
- */
-int dev_pm_set_dedicated_wake_irq(struct device *dev, int irq)
+static int __dev_pm_set_dedicated_wake_irq(struct device *dev, int irq, unsigned int flag)
{
struct wake_irq *wirq;
int err;
@@ -211,7 +194,7 @@ int dev_pm_set_dedicated_wake_irq(struct device *dev, int irq)
if (err)
goto err_free_irq;
- wirq->status = WAKE_IRQ_DEDICATED_ALLOCATED;
+ wirq->status = WAKE_IRQ_DEDICATED_ALLOCATED | flag;
return err;
@@ -224,8 +207,57 @@ int dev_pm_set_dedicated_wake_irq(struct device *dev, int irq)
return err;
}
+
+
+/**
+ * dev_pm_set_dedicated_wake_irq - Request a dedicated wake-up interrupt
+ * @dev: Device entry
+ * @irq: Device wake-up interrupt
+ *
+ * Unless your hardware has separate wake-up interrupts in addition
+ * to the device IO interrupts, you don't need this.
+ *
+ * Sets up a threaded interrupt handler for a device that has
+ * a dedicated wake-up interrupt in addition to the device IO
+ * interrupt.
+ *
+ * The interrupt starts disabled, and needs to be managed for
+ * the device by the bus code or the device driver using
+ * dev_pm_enable_wake_irq*() and dev_pm_disable_wake_irq*()
+ * functions.
+ */
+int dev_pm_set_dedicated_wake_irq(struct device *dev, int irq)
+{
+ return __dev_pm_set_dedicated_wake_irq(dev, irq, 0);
+}
EXPORT_SYMBOL_GPL(dev_pm_set_dedicated_wake_irq);
+/**
+ * dev_pm_set_dedicated_wake_irq_reverse - Request a dedicated wake-up interrupt
+ * with reverse enable ordering
+ * @dev: Device entry
+ * @irq: Device wake-up interrupt
+ *
+ * Unless your hardware has separate wake-up interrupts in addition
+ * to the device IO interrupts, you don't need this.
+ *
+ * Sets up a threaded interrupt handler for a device that has a dedicated
+ * wake-up interrupt in addition to the device IO interrupt. It sets
+ * the status of WAKE_IRQ_DEDICATED_REVERSE to tell rpm_suspend()
+ * to enable dedicated wake-up interrupt after running the runtime suspend
+ * callback for @dev.
+ *
+ * The interrupt starts disabled, and needs to be managed for
+ * the device by the bus code or the device driver using
+ * dev_pm_enable_wake_irq*() and dev_pm_disable_wake_irq*()
+ * functions.
+ */
+int dev_pm_set_dedicated_wake_irq_reverse(struct device *dev, int irq)
+{
+ return __dev_pm_set_dedicated_wake_irq(dev, irq, WAKE_IRQ_DEDICATED_REVERSE);
+}
+EXPORT_SYMBOL_GPL(dev_pm_set_dedicated_wake_irq_reverse);
+
/**
* dev_pm_enable_wake_irq - Enable device wake-up interrupt
* @dev: Device
@@ -296,27 +328,54 @@ void dev_pm_enable_wake_irq_check(struct device *dev,
return;
enable:
- enable_irq(wirq->irq);
+ if (!can_change_status || !(wirq->status & WAKE_IRQ_DEDICATED_REVERSE))
+ enable_irq(wirq->irq);
}
/**
* dev_pm_disable_wake_irq_check - Checks and disables wake-up interrupt
* @dev: Device
+ * @cond_disable: if set, also check WAKE_IRQ_DEDICATED_REVERSE
*
* Disables wake-up interrupt conditionally based on status.
* Should be only called from rpm_suspend() and rpm_resume() path.
*/
-void dev_pm_disable_wake_irq_check(struct device *dev)
+void dev_pm_disable_wake_irq_check(struct device *dev, bool cond_disable)
{
struct wake_irq *wirq = dev->power.wakeirq;
if (!wirq || !((wirq->status & WAKE_IRQ_DEDICATED_MASK)))
return;
+ if (cond_disable && (wirq->status & WAKE_IRQ_DEDICATED_REVERSE))
+ return;
+
if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED)
disable_irq_nosync(wirq->irq);
}
+/**
+ * dev_pm_enable_wake_irq_complete - enable wake IRQ not enabled before
+ * @dev: Device using the wake IRQ
+ *
+ * Enable wake IRQ conditionally based on status, mainly used if want to
+ * enable wake IRQ after running ->runtime_suspend() which depends on
+ * WAKE_IRQ_DEDICATED_REVERSE.
+ *
+ * Should be only called from rpm_suspend() path.
+ */
+void dev_pm_enable_wake_irq_complete(struct device *dev)
+{
+ struct wake_irq *wirq = dev->power.wakeirq;
+
+ if (!wirq || !(wirq->status & WAKE_IRQ_DEDICATED_MASK))
+ return;
+
+ if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED &&
+ wirq->status & WAKE_IRQ_DEDICATED_REVERSE)
+ enable_irq(wirq->irq);
+}
+
/**
* dev_pm_arm_wake_irq - Arm device wake-up
* @wirq: Device wake-up interrupt
diff --git a/include/linux/pm_wakeirq.h b/include/linux/pm_wakeirq.h
index cd5b62db90845..e63a63aa47a37 100644
--- a/include/linux/pm_wakeirq.h
+++ b/include/linux/pm_wakeirq.h
@@ -17,8 +17,8 @@
#ifdef CONFIG_PM
extern int dev_pm_set_wake_irq(struct device *dev, int irq);
-extern int dev_pm_set_dedicated_wake_irq(struct device *dev,
- int irq);
+extern int dev_pm_set_dedicated_wake_irq(struct device *dev, int irq);
+extern int dev_pm_set_dedicated_wake_irq_reverse(struct device *dev, int irq);
extern void dev_pm_clear_wake_irq(struct device *dev);
extern void dev_pm_enable_wake_irq(struct device *dev);
extern void dev_pm_disable_wake_irq(struct device *dev);
@@ -35,6 +35,11 @@ static inline int dev_pm_set_dedicated_wake_irq(struct device *dev, int irq)
return 0;
}
+static inline int dev_pm_set_dedicated_wake_irq_reverse(struct device *dev, int irq)
+{
+ return 0;
+}
+
static inline void dev_pm_clear_wake_irq(struct device *dev)
{
}
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 317/323] PM: sleep: wakeirq: fix wake irq arming
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 316/323] PM / wakeirq: support enabling wake-up irq after runtime_suspend called Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 318/323] ARM: dts: imx6sll: Make ssi node name same as other platforms Greg Kroah-Hartman
` (9 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Tony Lindgren,
Rafael J. Wysocki, Sasha Levin
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 8527beb12087238d4387607597b4020bc393c4b4 ]
The decision whether to enable a wake irq during suspend can not be done
based on the runtime PM state directly as a driver may use wake irqs
without implementing runtime PM. Such drivers specifically leave the
state set to the default 'suspended' and the wake irq is thus never
enabled at suspend.
Add a new wake irq flag to track whether a dedicated wake irq has been
enabled at runtime suspend and therefore must not be enabled at system
suspend.
Note that pm_runtime_enabled() can not be used as runtime PM is always
disabled during late suspend.
Fixes: 69728051f5bf ("PM / wakeirq: Fix unbalanced IRQ enable for wakeirq")
Cc: 4.16+ <stable@vger.kernel.org> # 4.16+
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Tested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/power.h | 1 +
drivers/base/power/wakeirq.c | 12 ++++++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/base/power/power.h b/drivers/base/power/power.h
index 55f32bd390007..3f9934bd6137d 100644
--- a/drivers/base/power/power.h
+++ b/drivers/base/power/power.h
@@ -28,6 +28,7 @@ extern void pm_runtime_remove(struct device *dev);
#define WAKE_IRQ_DEDICATED_MASK (WAKE_IRQ_DEDICATED_ALLOCATED | \
WAKE_IRQ_DEDICATED_MANAGED | \
WAKE_IRQ_DEDICATED_REVERSE)
+#define WAKE_IRQ_DEDICATED_ENABLED BIT(3)
struct wake_irq {
struct device *dev;
diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c
index fa69e4ce47527..e7ba514999163 100644
--- a/drivers/base/power/wakeirq.c
+++ b/drivers/base/power/wakeirq.c
@@ -328,8 +328,10 @@ void dev_pm_enable_wake_irq_check(struct device *dev,
return;
enable:
- if (!can_change_status || !(wirq->status & WAKE_IRQ_DEDICATED_REVERSE))
+ if (!can_change_status || !(wirq->status & WAKE_IRQ_DEDICATED_REVERSE)) {
enable_irq(wirq->irq);
+ wirq->status |= WAKE_IRQ_DEDICATED_ENABLED;
+ }
}
/**
@@ -350,8 +352,10 @@ void dev_pm_disable_wake_irq_check(struct device *dev, bool cond_disable)
if (cond_disable && (wirq->status & WAKE_IRQ_DEDICATED_REVERSE))
return;
- if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED)
+ if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED) {
+ wirq->status &= ~WAKE_IRQ_DEDICATED_ENABLED;
disable_irq_nosync(wirq->irq);
+ }
}
/**
@@ -390,7 +394,7 @@ void dev_pm_arm_wake_irq(struct wake_irq *wirq)
if (device_may_wakeup(wirq->dev)) {
if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED &&
- !pm_runtime_status_suspended(wirq->dev))
+ !(wirq->status & WAKE_IRQ_DEDICATED_ENABLED))
enable_irq(wirq->irq);
enable_irq_wake(wirq->irq);
@@ -413,7 +417,7 @@ void dev_pm_disarm_wake_irq(struct wake_irq *wirq)
disable_irq_wake(wirq->irq);
if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED &&
- !pm_runtime_status_suspended(wirq->dev))
+ !(wirq->status & WAKE_IRQ_DEDICATED_ENABLED))
disable_irq_nosync(wirq->irq);
}
}
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 318/323] ARM: dts: imx6sll: Make ssi node name same as other platforms
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 317/323] PM: sleep: wakeirq: fix wake irq arming Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 319/323] ARM: dts: imx: add usb alias Greg Kroah-Hartman
` (8 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Shengjiu Wang, Shawn Guo,
Sasha Levin
From: Shengjiu Wang <shengjiu.wang@nxp.com>
[ Upstream commit 5da1b522cf7dc51f7fde2cca8d90406b0291c503 ]
In imx6sll.dtsi, the ssi node name is different with other
platforms (imx6qdl, imx6sl, imx6sx), but the
sound/soc/fsl/fsl-asoc-card.c machine driver needs to check
ssi node name for audmux configuration, then different ssi
node name causes issue on imx6sll platform.
So we change ssi node name to make all platforms have same
name.
Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Stable-dep-of: ee70b908f77a ("ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sll.dtsi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index d7d092a5522a3..8197767de69d7 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -271,7 +271,7 @@ uart2: serial@2024000 {
status = "disabled";
};
- ssi1: ssi-controller@2028000 {
+ ssi1: ssi@2028000 {
compatible = "fsl,imx6sl-ssi", "fsl,imx51-ssi";
reg = <0x02028000 0x4000>;
interrupts = <GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
@@ -284,7 +284,7 @@ ssi1: ssi-controller@2028000 {
status = "disabled";
};
- ssi2: ssi-controller@202c000 {
+ ssi2: ssi@202c000 {
compatible = "fsl,imx6sl-ssi", "fsl,imx51-ssi";
reg = <0x0202c000 0x4000>;
interrupts = <GIC_SPI 47 IRQ_TYPE_LEVEL_HIGH>;
@@ -297,7 +297,7 @@ ssi2: ssi-controller@202c000 {
status = "disabled";
};
- ssi3: ssi-controller@2030000 {
+ ssi3: ssi@2030000 {
compatible = "fsl,imx6sl-ssi", "fsl,imx51-ssi";
reg = <0x02030000 0x4000>;
interrupts = <GIC_SPI 48 IRQ_TYPE_LEVEL_HIGH>;
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 319/323] ARM: dts: imx: add usb alias
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 318/323] ARM: dts: imx6sll: Make ssi node name same as other platforms Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 320/323] ARM: dts: imx6sll: fixup of operating points Greg Kroah-Hartman
` (7 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Peng Fan, Shawn Guo, Sasha Levin
From: Peng Fan <peng.fan@nxp.com>
[ Upstream commit 5c8b3b8a182cbc1ccdfcdeea9b25dd2c12a8148f ]
Add usb alias for bootloader searching the controller in correct order.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Stable-dep-of: ee70b908f77a ("ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6qdl.dtsi | 4 ++++
arch/arm/boot/dts/imx6sl.dtsi | 3 +++
arch/arm/boot/dts/imx6sll.dtsi | 2 ++
arch/arm/boot/dts/imx6sx.dtsi | 3 +++
arch/arm/boot/dts/imx6ul.dtsi | 2 ++
arch/arm/boot/dts/imx7d.dtsi | 6 ++++++
arch/arm/boot/dts/imx7s.dtsi | 2 ++
7 files changed, 22 insertions(+)
diff --git a/arch/arm/boot/dts/imx6qdl.dtsi b/arch/arm/boot/dts/imx6qdl.dtsi
index d91cc532d0e2c..fcd7e4dc949a1 100644
--- a/arch/arm/boot/dts/imx6qdl.dtsi
+++ b/arch/arm/boot/dts/imx6qdl.dtsi
@@ -46,6 +46,10 @@ aliases {
spi1 = &ecspi2;
spi2 = &ecspi3;
spi3 = &ecspi4;
+ usb0 = &usbotg;
+ usb1 = &usbh1;
+ usb2 = &usbh2;
+ usb3 = &usbh3;
usbphy0 = &usbphy1;
usbphy1 = &usbphy2;
};
diff --git a/arch/arm/boot/dts/imx6sl.dtsi b/arch/arm/boot/dts/imx6sl.dtsi
index afde0ed6d71af..b00f791471c66 100644
--- a/arch/arm/boot/dts/imx6sl.dtsi
+++ b/arch/arm/boot/dts/imx6sl.dtsi
@@ -32,6 +32,9 @@ aliases {
spi1 = &ecspi2;
spi2 = &ecspi3;
spi3 = &ecspi4;
+ usb0 = &usbotg1;
+ usb1 = &usbotg2;
+ usb2 = &usbh;
usbphy0 = &usbphy1;
usbphy1 = &usbphy2;
};
diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index 8197767de69d7..b519ab87c4596 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -36,6 +36,8 @@ aliases {
spi1 = &ecspi2;
spi3 = &ecspi3;
spi4 = &ecspi4;
+ usb0 = &usbotg1;
+ usb1 = &usbotg2;
usbphy0 = &usbphy1;
usbphy1 = &usbphy2;
};
diff --git a/arch/arm/boot/dts/imx6sx.dtsi b/arch/arm/boot/dts/imx6sx.dtsi
index b9ab1118be30b..a0c0e631ebbe6 100644
--- a/arch/arm/boot/dts/imx6sx.dtsi
+++ b/arch/arm/boot/dts/imx6sx.dtsi
@@ -49,6 +49,9 @@ aliases {
spi2 = &ecspi3;
spi3 = &ecspi4;
spi4 = &ecspi5;
+ usb0 = &usbotg1;
+ usb1 = &usbotg2;
+ usb2 = &usbh;
usbphy0 = &usbphy1;
usbphy1 = &usbphy2;
};
diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
index 334638ff50750..dcb187995f760 100644
--- a/arch/arm/boot/dts/imx6ul.dtsi
+++ b/arch/arm/boot/dts/imx6ul.dtsi
@@ -47,6 +47,8 @@ aliases {
spi1 = &ecspi2;
spi2 = &ecspi3;
spi3 = &ecspi4;
+ usb0 = &usbotg1;
+ usb1 = &usbotg2;
usbphy0 = &usbphy1;
usbphy1 = &usbphy2;
};
diff --git a/arch/arm/boot/dts/imx7d.dtsi b/arch/arm/boot/dts/imx7d.dtsi
index 7234e8330a576..34904f7eeb133 100644
--- a/arch/arm/boot/dts/imx7d.dtsi
+++ b/arch/arm/boot/dts/imx7d.dtsi
@@ -7,6 +7,12 @@
#include <dt-bindings/reset/imx7-reset.h>
/ {
+ aliases {
+ usb0 = &usbotg1;
+ usb1 = &usbotg2;
+ usb2 = &usbh;
+ };
+
cpus {
cpu0: cpu@0 {
clock-frequency = <996000000>;
diff --git a/arch/arm/boot/dts/imx7s.dtsi b/arch/arm/boot/dts/imx7s.dtsi
index 7eaf96b425bed..8a6d698e253d2 100644
--- a/arch/arm/boot/dts/imx7s.dtsi
+++ b/arch/arm/boot/dts/imx7s.dtsi
@@ -46,6 +46,8 @@ aliases {
spi1 = &ecspi2;
spi2 = &ecspi3;
spi3 = &ecspi4;
+ usb0 = &usbotg1;
+ usb1 = &usbh;
};
cpus {
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 320/323] ARM: dts: imx6sll: fixup of operating points
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 319/323] ARM: dts: imx: add usb alias Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 321/323] ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node Greg Kroah-Hartman
` (6 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andreas Kemnade, Krzysztof Kozlowski,
Shawn Guo, Sasha Levin
From: Andreas Kemnade <andreas@kemnade.info>
[ Upstream commit 1875903019ea6e32e6e544c1631b119e4fd60b20 ]
Make operating point definitions comply with binding
specifications.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Stable-dep-of: ee70b908f77a ("ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sll.dtsi | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index b519ab87c4596..164836fe63cc2 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -51,20 +51,18 @@ cpu0: cpu@0 {
device_type = "cpu";
reg = <0>;
next-level-cache = <&L2>;
- operating-points = <
+ operating-points =
/* kHz uV */
- 996000 1275000
- 792000 1175000
- 396000 1075000
- 198000 975000
- >;
- fsl,soc-operating-points = <
+ <996000 1275000>,
+ <792000 1175000>,
+ <396000 1075000>,
+ <198000 975000>;
+ fsl,soc-operating-points =
/* ARM kHz SOC-PU uV */
- 996000 1175000
- 792000 1175000
- 396000 1175000
- 198000 1175000
- >;
+ <996000 1175000>,
+ <792000 1175000>,
+ <396000 1175000>,
+ <198000 1175000>;
clock-latency = <61036>; /* two CLK32 periods */
clocks = <&clks IMX6SLL_CLK_ARM>,
<&clks IMX6SLL_CLK_PLL2_PFD2>,
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 321/323] ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 320/323] ARM: dts: imx6sll: fixup of operating points Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions Greg Kroah-Hartman
` (5 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xu Yang, Shawn Guo, Sasha Levin
From: Xu Yang <xu.yang_2@nxp.com>
[ Upstream commit ee70b908f77a9d8f689dea986f09e6d7dc481934 ]
Property name "phy-3p0-supply" is used instead of "phy-reg_3p0-supply".
Fixes: 9f30b6b1a957 ("ARM: dts: imx: Add basic dtsi file for imx6sll")
cc: <stable@vger.kernel.org>
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6sll.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/imx6sll.dtsi b/arch/arm/boot/dts/imx6sll.dtsi
index 164836fe63cc2..9f0c82d79a361 100644
--- a/arch/arm/boot/dts/imx6sll.dtsi
+++ b/arch/arm/boot/dts/imx6sll.dtsi
@@ -518,7 +518,7 @@ usbphy2: usb-phy@20ca000 {
reg = <0x020ca000 0x1000>;
interrupts = <GIC_SPI 41 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&clks IMX6SLL_CLK_USBPHY2>;
- phy-reg_3p0-supply = <®_3p0>;
+ phy-3p0-supply = <®_3p0>;
fsl,anatop = <&anatop>;
};
--
2.40.1
^ permalink raw reply related [flat|nested] 335+ messages in thread
* [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 321/323] ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-09-24 22:40 ` Ben Hutchings
2023-08-09 10:42 ` [PATCH 4.19 323/323] arm64: dts: stratix10: fix incorrect I2C property for SCL signal Greg Kroah-Hartman
` (4 subsequent siblings)
326 siblings, 1 reply; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Joe Perches, Brennan Lamoreaux
From: Joe Perches <joe@perches.com>
commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream.
Convert the various sprintf fmaily calls in sysfs device show functions
to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety.
Done with:
$ spatch -sp-file sysfs_emit_dev.cocci --in-place --max-width=80 .
And cocci script:
$ cat sysfs_emit_dev.cocci
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- sprintf(buf,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- snprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- scnprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
expression chr;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- strcpy(buf, chr);
+ sysfs_emit(buf, chr);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- sprintf(buf,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- snprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- scnprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
- len += scnprintf(buf + len, PAGE_SIZE - len,
+ len += sysfs_emit_at(buf, len,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
expression chr;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
...
- strcpy(buf, chr);
- return strlen(buf);
+ return sysfs_emit(buf, chr);
}
Signed-off-by: Joe Perches <joe@perches.com>
Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@perches.com
[ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ]
Signed-off-by: Brennan Lamoreaux <blamoreaux@vmware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/arch_topology.c | 2 -
drivers/base/cacheinfo.c | 18 +++++------
drivers/base/core.c | 8 ++---
drivers/base/cpu.c | 34 ++++++++++-----------
drivers/base/firmware_loader/fallback.c | 2 -
drivers/base/memory.c | 24 +++++++--------
drivers/base/node.c | 34 ++++++++++-----------
drivers/base/platform.c | 2 -
drivers/base/power/sysfs.c | 50 ++++++++++++++++----------------
drivers/base/soc.c | 8 ++---
10 files changed, 91 insertions(+), 91 deletions(-)
--- a/drivers/base/arch_topology.c
+++ b/drivers/base/arch_topology.c
@@ -44,7 +44,7 @@ static ssize_t cpu_capacity_show(struct
{
struct cpu *cpu = container_of(dev, struct cpu, dev);
- return sprintf(buf, "%lu\n", topology_get_cpu_scale(NULL, cpu->dev.id));
+ return sysfs_emit(buf, "%lu\n", topology_get_cpu_scale(NULL, cpu->dev.id));
}
static ssize_t cpu_capacity_store(struct device *dev,
--- a/drivers/base/cacheinfo.c
+++ b/drivers/base/cacheinfo.c
@@ -372,7 +372,7 @@ static ssize_t size_show(struct device *
{
struct cacheinfo *this_leaf = dev_get_drvdata(dev);
- return sprintf(buf, "%uK\n", this_leaf->size >> 10);
+ return sysfs_emit(buf, "%uK\n", this_leaf->size >> 10);
}
static ssize_t shared_cpumap_show_func(struct device *dev, bool list, char *buf)
@@ -402,11 +402,11 @@ static ssize_t type_show(struct device *
switch (this_leaf->type) {
case CACHE_TYPE_DATA:
- return sprintf(buf, "Data\n");
+ return sysfs_emit(buf, "Data\n");
case CACHE_TYPE_INST:
- return sprintf(buf, "Instruction\n");
+ return sysfs_emit(buf, "Instruction\n");
case CACHE_TYPE_UNIFIED:
- return sprintf(buf, "Unified\n");
+ return sysfs_emit(buf, "Unified\n");
default:
return -EINVAL;
}
@@ -420,11 +420,11 @@ static ssize_t allocation_policy_show(st
int n = 0;
if ((ci_attr & CACHE_READ_ALLOCATE) && (ci_attr & CACHE_WRITE_ALLOCATE))
- n = sprintf(buf, "ReadWriteAllocate\n");
+ n = sysfs_emit(buf, "ReadWriteAllocate\n");
else if (ci_attr & CACHE_READ_ALLOCATE)
- n = sprintf(buf, "ReadAllocate\n");
+ n = sysfs_emit(buf, "ReadAllocate\n");
else if (ci_attr & CACHE_WRITE_ALLOCATE)
- n = sprintf(buf, "WriteAllocate\n");
+ n = sysfs_emit(buf, "WriteAllocate\n");
return n;
}
@@ -436,9 +436,9 @@ static ssize_t write_policy_show(struct
int n = 0;
if (ci_attr & CACHE_WRITE_THROUGH)
- n = sprintf(buf, "WriteThrough\n");
+ n = sysfs_emit(buf, "WriteThrough\n");
else if (ci_attr & CACHE_WRITE_BACK)
- n = sprintf(buf, "WriteBack\n");
+ n = sysfs_emit(buf, "WriteBack\n");
return n;
}
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -994,7 +994,7 @@ ssize_t device_show_ulong(struct device
char *buf)
{
struct dev_ext_attribute *ea = to_ext_attr(attr);
- return snprintf(buf, PAGE_SIZE, "%lx\n", *(unsigned long *)(ea->var));
+ return sysfs_emit(buf, "%lx\n", *(unsigned long *)(ea->var));
}
EXPORT_SYMBOL_GPL(device_show_ulong);
@@ -1019,7 +1019,7 @@ ssize_t device_show_int(struct device *d
{
struct dev_ext_attribute *ea = to_ext_attr(attr);
- return snprintf(buf, PAGE_SIZE, "%d\n", *(int *)(ea->var));
+ return sysfs_emit(buf, "%d\n", *(int *)(ea->var));
}
EXPORT_SYMBOL_GPL(device_show_int);
@@ -1040,7 +1040,7 @@ ssize_t device_show_bool(struct device *
{
struct dev_ext_attribute *ea = to_ext_attr(attr);
- return snprintf(buf, PAGE_SIZE, "%d\n", *(bool *)(ea->var));
+ return sysfs_emit(buf, "%d\n", *(bool *)(ea->var));
}
EXPORT_SYMBOL_GPL(device_show_bool);
@@ -1273,7 +1273,7 @@ static ssize_t online_show(struct device
device_lock(dev);
val = !dev->offline;
device_unlock(dev);
- return sprintf(buf, "%u\n", val);
+ return sysfs_emit(buf, "%u\n", val);
}
static ssize_t online_store(struct device *dev, struct device_attribute *attr,
--- a/drivers/base/cpu.c
+++ b/drivers/base/cpu.c
@@ -156,7 +156,7 @@ static ssize_t show_crash_notes(struct d
* operation should be safe. No locking required.
*/
addr = per_cpu_ptr_to_phys(per_cpu_ptr(crash_notes, cpunum));
- rc = sprintf(buf, "%Lx\n", addr);
+ rc = sysfs_emit(buf, "%Lx\n", addr);
return rc;
}
static DEVICE_ATTR(crash_notes, 0400, show_crash_notes, NULL);
@@ -167,7 +167,7 @@ static ssize_t show_crash_notes_size(str
{
ssize_t rc;
- rc = sprintf(buf, "%zu\n", sizeof(note_buf_t));
+ rc = sysfs_emit(buf, "%zu\n", sizeof(note_buf_t));
return rc;
}
static DEVICE_ATTR(crash_notes_size, 0400, show_crash_notes_size, NULL);
@@ -264,7 +264,7 @@ static ssize_t print_cpus_offline(struct
nr_cpu_ids, total_cpus-1);
}
- n += snprintf(&buf[n], len - n, "\n");
+ n += sysfs_emit(&buf[n], "\n");
return n;
}
static DEVICE_ATTR(offline, 0444, print_cpus_offline, NULL);
@@ -272,7 +272,7 @@ static DEVICE_ATTR(offline, 0444, print_
static ssize_t print_cpus_isolated(struct device *dev,
struct device_attribute *attr, char *buf)
{
- int n = 0, len = PAGE_SIZE-2;
+ int n = 0;
cpumask_var_t isolated;
if (!alloc_cpumask_var(&isolated, GFP_KERNEL))
@@ -280,7 +280,7 @@ static ssize_t print_cpus_isolated(struc
cpumask_andnot(isolated, cpu_possible_mask,
housekeeping_cpumask(HK_FLAG_DOMAIN));
- n = scnprintf(buf, len, "%*pbl\n", cpumask_pr_args(isolated));
+ n = sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(isolated));
free_cpumask_var(isolated);
@@ -292,9 +292,9 @@ static DEVICE_ATTR(isolated, 0444, print
static ssize_t print_cpus_nohz_full(struct device *dev,
struct device_attribute *attr, char *buf)
{
- int n = 0, len = PAGE_SIZE-2;
+ int n = 0;
- n = scnprintf(buf, len, "%*pbl\n", cpumask_pr_args(tick_nohz_full_mask));
+ n = sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(tick_nohz_full_mask));
return n;
}
@@ -328,7 +328,7 @@ static ssize_t print_cpu_modalias(struct
ssize_t n;
u32 i;
- n = sprintf(buf, "cpu:type:" CPU_FEATURE_TYPEFMT ":feature:",
+ n = sysfs_emit(buf, "cpu:type:" CPU_FEATURE_TYPEFMT ":feature:",
CPU_FEATURE_TYPEVAL);
for (i = 0; i < MAX_CPU_FEATURES; i++)
@@ -520,56 +520,56 @@ static void __init cpu_dev_register_gene
ssize_t __weak cpu_show_meltdown(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_spectre_v1(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_spectre_v2(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_spec_store_bypass(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_l1tf(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_mds(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_tsx_async_abort(struct device *dev,
struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_itlb_multihit(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_srbds(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "Not affected\n");
+ return sysfs_emit(buf, "Not affected\n");
}
ssize_t __weak cpu_show_mmio_stale_data(struct device *dev,
--- a/drivers/base/firmware_loader/fallback.c
+++ b/drivers/base/firmware_loader/fallback.c
@@ -215,7 +215,7 @@ static ssize_t firmware_loading_show(str
loading = fw_sysfs_loading(fw_sysfs->fw_priv);
mutex_unlock(&fw_lock);
- return sprintf(buf, "%d\n", loading);
+ return sysfs_emit(buf, "%d\n", loading);
}
/* one pages buffer should be mapped/unmapped only once */
--- a/drivers/base/memory.c
+++ b/drivers/base/memory.c
@@ -121,7 +121,7 @@ static ssize_t show_mem_start_phys_index
unsigned long phys_index;
phys_index = mem->start_section_nr / sections_per_block;
- return sprintf(buf, "%08lx\n", phys_index);
+ return sysfs_emit(buf, "%08lx\n", phys_index);
}
/*
@@ -145,7 +145,7 @@ static ssize_t show_mem_removable(struct
}
out:
- return sprintf(buf, "%d\n", ret);
+ return sysfs_emit(buf, "%d\n", ret);
}
/*
@@ -163,17 +163,17 @@ static ssize_t show_mem_state(struct dev
*/
switch (mem->state) {
case MEM_ONLINE:
- len = sprintf(buf, "online\n");
+ len = sysfs_emit(buf, "online\n");
break;
case MEM_OFFLINE:
- len = sprintf(buf, "offline\n");
+ len = sysfs_emit(buf, "offline\n");
break;
case MEM_GOING_OFFLINE:
- len = sprintf(buf, "going-offline\n");
+ len = sysfs_emit(buf, "going-offline\n");
break;
default:
- len = sprintf(buf, "ERROR-UNKNOWN-%ld\n",
- mem->state);
+ len = sysfs_emit(buf, "ERROR-UNKNOWN-%ld\n",
+ mem->state);
WARN_ON(1);
break;
}
@@ -384,7 +384,7 @@ static ssize_t show_phys_device(struct d
struct device_attribute *attr, char *buf)
{
struct memory_block *mem = to_memory_block(dev);
- return sprintf(buf, "%d\n", mem->phys_device);
+ return sysfs_emit(buf, "%d\n", mem->phys_device);
}
#ifdef CONFIG_MEMORY_HOTREMOVE
@@ -422,7 +422,7 @@ static ssize_t show_valid_zones(struct d
*/
if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages,
&valid_start_pfn, &valid_end_pfn))
- return sprintf(buf, "none\n");
+ return sysfs_emit(buf, "none\n");
start_pfn = valid_start_pfn;
strcat(buf, page_zone(pfn_to_page(start_pfn))->name);
goto out;
@@ -456,7 +456,7 @@ static ssize_t
print_block_size(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "%lx\n", get_memory_block_size());
+ return sysfs_emit(buf, "%lx\n", get_memory_block_size());
}
static DEVICE_ATTR(block_size_bytes, 0444, print_block_size, NULL);
@@ -470,9 +470,9 @@ show_auto_online_blocks(struct device *d
char *buf)
{
if (memhp_auto_online)
- return sprintf(buf, "online\n");
+ return sysfs_emit(buf, "online\n");
else
- return sprintf(buf, "offline\n");
+ return sysfs_emit(buf, "offline\n");
}
static ssize_t
--- a/drivers/base/node.c
+++ b/drivers/base/node.c
@@ -69,7 +69,7 @@ static ssize_t node_read_meminfo(struct
struct sysinfo i;
si_meminfo_node(&i, nid);
- n = sprintf(buf,
+ n = sysfs_emit(buf,
"Node %d MemTotal: %8lu kB\n"
"Node %d MemFree: %8lu kB\n"
"Node %d MemUsed: %8lu kB\n"
@@ -96,7 +96,7 @@ static ssize_t node_read_meminfo(struct
nid, K(sum_zone_node_page_state(nid, NR_MLOCK)));
#ifdef CONFIG_HIGHMEM
- n += sprintf(buf + n,
+ n += sysfs_emit(buf + n,
"Node %d HighTotal: %8lu kB\n"
"Node %d HighFree: %8lu kB\n"
"Node %d LowTotal: %8lu kB\n"
@@ -106,7 +106,7 @@ static ssize_t node_read_meminfo(struct
nid, K(i.totalram - i.totalhigh),
nid, K(i.freeram - i.freehigh));
#endif
- n += sprintf(buf + n,
+ n += sysfs_emit(buf + n,
"Node %d Dirty: %8lu kB\n"
"Node %d Writeback: %8lu kB\n"
"Node %d FilePages: %8lu kB\n"
@@ -162,19 +162,19 @@ static DEVICE_ATTR(meminfo, S_IRUGO, nod
static ssize_t node_read_numastat(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf,
- "numa_hit %lu\n"
- "numa_miss %lu\n"
- "numa_foreign %lu\n"
- "interleave_hit %lu\n"
- "local_node %lu\n"
- "other_node %lu\n",
- sum_zone_numa_state(dev->id, NUMA_HIT),
- sum_zone_numa_state(dev->id, NUMA_MISS),
- sum_zone_numa_state(dev->id, NUMA_FOREIGN),
- sum_zone_numa_state(dev->id, NUMA_INTERLEAVE_HIT),
- sum_zone_numa_state(dev->id, NUMA_LOCAL),
- sum_zone_numa_state(dev->id, NUMA_OTHER));
+ return sysfs_emit(buf,
+ "numa_hit %lu\n"
+ "numa_miss %lu\n"
+ "numa_foreign %lu\n"
+ "interleave_hit %lu\n"
+ "local_node %lu\n"
+ "other_node %lu\n",
+ sum_zone_numa_state(dev->id, NUMA_HIT),
+ sum_zone_numa_state(dev->id, NUMA_MISS),
+ sum_zone_numa_state(dev->id, NUMA_FOREIGN),
+ sum_zone_numa_state(dev->id, NUMA_INTERLEAVE_HIT),
+ sum_zone_numa_state(dev->id, NUMA_LOCAL),
+ sum_zone_numa_state(dev->id, NUMA_OTHER));
}
static DEVICE_ATTR(numastat, S_IRUGO, node_read_numastat, NULL);
@@ -612,7 +612,7 @@ static ssize_t print_nodes_state(enum no
{
int n;
- n = scnprintf(buf, PAGE_SIZE - 1, "%*pbl",
+ n = sysfs_emit(buf, "%*pbl",
nodemask_pr_args(&node_states[state]));
buf[n++] = '\n';
buf[n] = '\0';
--- a/drivers/base/platform.c
+++ b/drivers/base/platform.c
@@ -927,7 +927,7 @@ static ssize_t driver_override_show(stru
ssize_t len;
device_lock(dev);
- len = sprintf(buf, "%s\n", pdev->driver_override);
+ len = sysfs_emit(buf, "%s\n", pdev->driver_override);
device_unlock(dev);
return len;
}
--- a/drivers/base/power/sysfs.c
+++ b/drivers/base/power/sysfs.c
@@ -101,7 +101,7 @@ static const char ctrl_on[] = "on";
static ssize_t control_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "%s\n",
+ return sysfs_emit(buf, "%s\n",
dev->power.runtime_auto ? ctrl_auto : ctrl_on);
}
@@ -127,7 +127,7 @@ static ssize_t runtime_active_time_show(
int ret;
spin_lock_irq(&dev->power.lock);
update_pm_runtime_accounting(dev);
- ret = sprintf(buf, "%i\n", jiffies_to_msecs(dev->power.active_jiffies));
+ ret = sysfs_emit(buf, "%i\n", jiffies_to_msecs(dev->power.active_jiffies));
spin_unlock_irq(&dev->power.lock);
return ret;
}
@@ -140,7 +140,7 @@ static ssize_t runtime_suspended_time_sh
int ret;
spin_lock_irq(&dev->power.lock);
update_pm_runtime_accounting(dev);
- ret = sprintf(buf, "%i\n",
+ ret = sysfs_emit(buf, "%i\n",
jiffies_to_msecs(dev->power.suspended_jiffies));
spin_unlock_irq(&dev->power.lock);
return ret;
@@ -175,7 +175,7 @@ static ssize_t runtime_status_show(struc
return -EIO;
}
}
- return sprintf(buf, p);
+ return sysfs_emit(buf, p);
}
static DEVICE_ATTR_RO(runtime_status);
@@ -185,7 +185,7 @@ static ssize_t autosuspend_delay_ms_show
{
if (!dev->power.use_autosuspend)
return -EIO;
- return sprintf(buf, "%d\n", dev->power.autosuspend_delay);
+ return sysfs_emit(buf, "%d\n", dev->power.autosuspend_delay);
}
static ssize_t autosuspend_delay_ms_store(struct device *dev,
@@ -214,11 +214,11 @@ static ssize_t pm_qos_resume_latency_us_
s32 value = dev_pm_qos_requested_resume_latency(dev);
if (value == 0)
- return sprintf(buf, "n/a\n");
+ return sysfs_emit(buf, "n/a\n");
if (value == PM_QOS_RESUME_LATENCY_NO_CONSTRAINT)
value = 0;
- return sprintf(buf, "%d\n", value);
+ return sysfs_emit(buf, "%d\n", value);
}
static ssize_t pm_qos_resume_latency_us_store(struct device *dev,
@@ -258,11 +258,11 @@ static ssize_t pm_qos_latency_tolerance_
s32 value = dev_pm_qos_get_user_latency_tolerance(dev);
if (value < 0)
- return sprintf(buf, "auto\n");
+ return sysfs_emit(buf, "auto\n");
if (value == PM_QOS_LATENCY_ANY)
- return sprintf(buf, "any\n");
+ return sysfs_emit(buf, "any\n");
- return sprintf(buf, "%d\n", value);
+ return sysfs_emit(buf, "%d\n", value);
}
static ssize_t pm_qos_latency_tolerance_us_store(struct device *dev,
@@ -294,8 +294,8 @@ static ssize_t pm_qos_no_power_off_show(
struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "%d\n", !!(dev_pm_qos_requested_flags(dev)
- & PM_QOS_FLAG_NO_POWER_OFF));
+ return sysfs_emit(buf, "%d\n", !!(dev_pm_qos_requested_flags(dev)
+ & PM_QOS_FLAG_NO_POWER_OFF));
}
static ssize_t pm_qos_no_power_off_store(struct device *dev,
@@ -323,9 +323,9 @@ static const char _disabled[] = "disable
static ssize_t wakeup_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "%s\n", device_can_wakeup(dev)
- ? (device_may_wakeup(dev) ? _enabled : _disabled)
- : "");
+ return sysfs_emit(buf, "%s\n", device_can_wakeup(dev)
+ ? (device_may_wakeup(dev) ? _enabled : _disabled)
+ : "");
}
static ssize_t wakeup_store(struct device *dev, struct device_attribute *attr,
@@ -511,7 +511,7 @@ static DEVICE_ATTR_RO(wakeup_prevent_sle
static ssize_t runtime_usage_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
- return sprintf(buf, "%d\n", atomic_read(&dev->power.usage_count));
+ return sysfs_emit(buf, "%d\n", atomic_read(&dev->power.usage_count));
}
static DEVICE_ATTR_RO(runtime_usage);
@@ -519,8 +519,8 @@ static ssize_t runtime_active_kids_show(
struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "%d\n", dev->power.ignore_children ?
- 0 : atomic_read(&dev->power.child_count));
+ return sysfs_emit(buf, "%d\n", dev->power.ignore_children ?
+ 0 : atomic_read(&dev->power.child_count));
}
static DEVICE_ATTR_RO(runtime_active_kids);
@@ -528,12 +528,12 @@ static ssize_t runtime_enabled_show(stru
struct device_attribute *attr, char *buf)
{
if (dev->power.disable_depth && (dev->power.runtime_auto == false))
- return sprintf(buf, "disabled & forbidden\n");
+ return sysfs_emit(buf, "disabled & forbidden\n");
if (dev->power.disable_depth)
- return sprintf(buf, "disabled\n");
+ return sysfs_emit(buf, "disabled\n");
if (dev->power.runtime_auto == false)
- return sprintf(buf, "forbidden\n");
- return sprintf(buf, "enabled\n");
+ return sysfs_emit(buf, "forbidden\n");
+ return sysfs_emit(buf, "enabled\n");
}
static DEVICE_ATTR_RO(runtime_enabled);
@@ -541,9 +541,9 @@ static DEVICE_ATTR_RO(runtime_enabled);
static ssize_t async_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
- return sprintf(buf, "%s\n",
- device_async_suspend_enabled(dev) ?
- _enabled : _disabled);
+ return sysfs_emit(buf, "%s\n",
+ device_async_suspend_enabled(dev) ?
+ _enabled : _disabled);
}
static ssize_t async_store(struct device *dev, struct device_attribute *attr,
--- a/drivers/base/soc.c
+++ b/drivers/base/soc.c
@@ -72,13 +72,13 @@ static ssize_t soc_info_get(struct devic
struct soc_device *soc_dev = container_of(dev, struct soc_device, dev);
if (attr == &dev_attr_machine)
- return sprintf(buf, "%s\n", soc_dev->attr->machine);
+ return sysfs_emit(buf, "%s\n", soc_dev->attr->machine);
if (attr == &dev_attr_family)
- return sprintf(buf, "%s\n", soc_dev->attr->family);
+ return sysfs_emit(buf, "%s\n", soc_dev->attr->family);
if (attr == &dev_attr_revision)
- return sprintf(buf, "%s\n", soc_dev->attr->revision);
+ return sysfs_emit(buf, "%s\n", soc_dev->attr->revision);
if (attr == &dev_attr_soc_id)
- return sprintf(buf, "%s\n", soc_dev->attr->soc_id);
+ return sysfs_emit(buf, "%s\n", soc_dev->attr->soc_id);
return -EINVAL;
^ permalink raw reply [flat|nested] 335+ messages in thread
* [PATCH 4.19 323/323] arm64: dts: stratix10: fix incorrect I2C property for SCL signal
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions Greg Kroah-Hartman
@ 2023-08-09 10:42 ` Greg Kroah-Hartman
2023-08-10 6:53 ` [PATCH 4.19 000/323] 4.19.291-rc1 review Thierry Reding
` (3 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-09 10:42 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dinh Nguyen
From: Dinh Nguyen <dinguyen@kernel.org>
commit db66795f61354c373ecdadbdae1ed253a96c47cb upstream.
The correct dts property for the SCL falling time is
"i2c-scl-falling-time-ns".
Fixes: c8da1d15b8a4 ("arm64: dts: stratix10: i2c clock running out of spec")
Cc: stable@vger.kernel.org
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/altera/socfpga_stratix10_socdk.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/boot/dts/altera/socfpga_stratix10_socdk.dts
+++ b/arch/arm64/boot/dts/altera/socfpga_stratix10_socdk.dts
@@ -125,7 +125,7 @@
status = "okay";
clock-frequency = <100000>;
i2c-sda-falling-time-ns = <890>; /* hcnt */
- i2c-sdl-falling-time-ns = <890>; /* lcnt */
+ i2c-scl-falling-time-ns = <890>; /* lcnt */
adc@14 {
compatible = "lltc,ltc2497";
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2023-08-09 10:42 ` [PATCH 4.19 323/323] arm64: dts: stratix10: fix incorrect I2C property for SCL signal Greg Kroah-Hartman
@ 2023-08-10 6:53 ` Thierry Reding
2023-08-10 13:55 ` Guenter Roeck
` (2 subsequent siblings)
326 siblings, 0 replies; 335+ messages in thread
From: Thierry Reding @ 2023-08-10 6:53 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, linux-tegra
On Wed, 09 Aug 2023 12:37:18 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.291 release.
> There are 323 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.291-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v4.19:
11 builds: 11 pass, 0 fail
22 boots: 22 pass, 0 fail
40 tests: 40 pass, 0 fail
Linux version: 4.19.291-rc1-gde1cde99fbfb
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra20-ventana,
tegra210-p2371-2180, tegra30-cardhu-a04
Tested-by: Thierry Reding <treding@nvidia.com>
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2023-08-10 6:53 ` [PATCH 4.19 000/323] 4.19.291-rc1 review Thierry Reding
@ 2023-08-10 13:55 ` Guenter Roeck
2023-08-10 14:24 ` Guenter Roeck
2023-08-10 16:00 ` Guenter Roeck
2023-08-10 19:28 ` Daniel Díaz
326 siblings, 1 reply; 335+ messages in thread
From: Guenter Roeck @ 2023-08-10 13:55 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On 8/9/23 03:37, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.291 release.
> There are 323 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
> Anything received after that time might be too late.
>
Building sparc64:allnoconfig ... failed
--------------
Error log:
<stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
sparc64-linux-ld: init/main.o: in function `start_kernel':
main.c:(.init.text+0x77c): undefined reference to `arch_cpu_finalize_init'
Building sparc64:tinyconfig ... failed
--------------
Error log:
<stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
/opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
sparc64-linux-ld: init/main.o: in function `start_kernel':
main.c:(.init.text+0x764): undefined reference to `arch_cpu_finalize_init'
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-10 13:55 ` Guenter Roeck
@ 2023-08-10 14:24 ` Guenter Roeck
2023-08-11 9:29 ` Greg Kroah-Hartman
0 siblings, 1 reply; 335+ messages in thread
From: Guenter Roeck @ 2023-08-10 14:24 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On 8/10/23 06:55, Guenter Roeck wrote:
> On 8/9/23 03:37, Greg Kroah-Hartman wrote:
>> This is the start of the stable review cycle for the 4.19.291 release.
>> There are 323 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
>> Anything received after that time might be too late.
>>
>
> Building sparc64:allnoconfig ... failed
> --------------
> Error log:
> <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> sparc64-linux-ld: init/main.o: in function `start_kernel':
> main.c:(.init.text+0x77c): undefined reference to `arch_cpu_finalize_init'
>
> Building sparc64:tinyconfig ... failed
> --------------
> Error log:
> <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
> /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> sparc64-linux-ld: init/main.o: in function `start_kernel':
> main.c:(.init.text+0x764): undefined reference to `arch_cpu_finalize_init'
Introduced with v4.19.290.
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2023-08-10 13:55 ` Guenter Roeck
@ 2023-08-10 16:00 ` Guenter Roeck
2023-08-10 19:28 ` Daniel Díaz
326 siblings, 0 replies; 335+ messages in thread
From: Guenter Roeck @ 2023-08-10 16:00 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On Wed, Aug 09, 2023 at 12:37:18PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.19.291 release.
> There are 323 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
> Anything received after that time might be too late.
>
Build results:
total: 149 pass: 147 fail: 2
Failed builds:
sparc64:allnoconfig
sparc64:tinyconfig
Qemu test results:
total: 432 pass: 430 fail: 2
Failed tests:
sparc64:sun4u:nodebug:nosmp:ata:net,e1000:hd
sparc64:sun4v:nodebug:nosmp:ata:net,pcnet:hd
Errors as already reported for v4.14.y, here introduced with 4.19.290.
Guenter
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2023-08-10 16:00 ` Guenter Roeck
@ 2023-08-10 19:28 ` Daniel Díaz
2023-08-10 19:36 ` Linus Torvalds
326 siblings, 1 reply; 335+ messages in thread
From: Daniel Díaz @ 2023-08-10 19:28 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, lyude
Hello!
On Wed, 9 Aug 2023 at 05:11, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 4.19.291 release.
> There are 323 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.291-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> -------------
> Pseudo-Shortlog of commits:
>
> Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Linux 4.19.291-rc1
[...]
> Lyude Paul <lyude@redhat.com>
> drm/edid: Fix uninitialized variable in drm_cvt_modes()
[...]
Two new warnings are introduced on x86_64 with GCC-8 (defconfig):
-----8<-----
drivers/gpu/drm/drm_edid.o: warning: objtool:
drm_mode_std.isra.34()+0xbc: return with modified stack frame
drivers/gpu/drm/drm_edid.o: warning: objtool:
drm_mode_std.isra.34()+0x0: stack state mismatch: cfa1=7+112 cfa2=7+8
----->8-----
Bisection points to the quoted commit ("drm/edid: Fix uninitialized
variable in drm_cvt_modes()"), 991fcb77f490 upstream. Reverting makes
the warnings disappear.
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-10 19:28 ` Daniel Díaz
@ 2023-08-10 19:36 ` Linus Torvalds
2023-08-10 19:59 ` Greg Kroah-Hartman
0 siblings, 1 reply; 335+ messages in thread
From: Linus Torvalds @ 2023-08-10 19:36 UTC (permalink / raw)
To: Daniel Díaz
Cc: Greg Kroah-Hartman, stable, patches, linux-kernel, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, lyude
On Thu, 10 Aug 2023 at 12:28, Daniel Díaz <daniel.diaz@linaro.org> wrote:
>
> Two new warnings are introduced on x86_64 with GCC-8 (defconfig):
>
> -----8<-----
> drivers/gpu/drm/drm_edid.o: warning: objtool:
> drm_mode_std.isra.34()+0xbc: return with modified stack frame
> drivers/gpu/drm/drm_edid.o: warning: objtool:
> drm_mode_std.isra.34()+0x0: stack state mismatch: cfa1=7+112 cfa2=7+8
> ----->8-----
>
> Bisection points to the quoted commit ("drm/edid: Fix uninitialized
> variable in drm_cvt_modes()"), 991fcb77f490 upstream. Reverting makes
> the warnings disappear.
Bah. Stable should pick up commit d652d5f1eeeb ("drm/edid: fix objtool
warning in drm_cvt_modes()") from mainline too.
Sadly it didn't have a 'Fixes:' tag, so it didn't get picked up
automatically. My bad.
Although it's not like the commits it fixes were actually ever marked
for stable either. I guess commit 3f649ab728cd ("treewide: Remove
uninitialized_var() usage") got picked up as some kind of "make it
easier to apply other patches" thing.
Linus
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-10 19:36 ` Linus Torvalds
@ 2023-08-10 19:59 ` Greg Kroah-Hartman
0 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-10 19:59 UTC (permalink / raw)
To: Linus Torvalds
Cc: Daniel Díaz, stable, patches, linux-kernel, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, lyude
On Thu, Aug 10, 2023 at 12:36:41PM -0700, Linus Torvalds wrote:
> On Thu, 10 Aug 2023 at 12:28, Daniel Díaz <daniel.diaz@linaro.org> wrote:
> >
> > Two new warnings are introduced on x86_64 with GCC-8 (defconfig):
> >
> > -----8<-----
> > drivers/gpu/drm/drm_edid.o: warning: objtool:
> > drm_mode_std.isra.34()+0xbc: return with modified stack frame
> > drivers/gpu/drm/drm_edid.o: warning: objtool:
> > drm_mode_std.isra.34()+0x0: stack state mismatch: cfa1=7+112 cfa2=7+8
> > ----->8-----
> >
> > Bisection points to the quoted commit ("drm/edid: Fix uninitialized
> > variable in drm_cvt_modes()"), 991fcb77f490 upstream. Reverting makes
> > the warnings disappear.
>
> Bah. Stable should pick up commit d652d5f1eeeb ("drm/edid: fix objtool
> warning in drm_cvt_modes()") from mainline too.
>
> Sadly it didn't have a 'Fixes:' tag, so it didn't get picked up
> automatically. My bad.
>
> Although it's not like the commits it fixes were actually ever marked
> for stable either. I guess commit 3f649ab728cd ("treewide: Remove
> uninitialized_var() usage") got picked up as some kind of "make it
> easier to apply other patches" thing.
I applied the uninitialized_var patch here because I was trying to
attempt to reduce the number of build warnings I am getting using gcc-12
on 4.19.y It helped out a tiny bit, but we still have lots of warnings
left.
I'll pick up d652d5f1eeeb as well now, thanks for pointing it out.
greg k-h
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-10 14:24 ` Guenter Roeck
@ 2023-08-11 9:29 ` Greg Kroah-Hartman
2023-08-11 14:51 ` Greg Kroah-Hartman
0 siblings, 1 reply; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-11 9:29 UTC (permalink / raw)
To: Guenter Roeck
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On Thu, Aug 10, 2023 at 07:24:32AM -0700, Guenter Roeck wrote:
> On 8/10/23 06:55, Guenter Roeck wrote:
> > On 8/9/23 03:37, Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 4.19.291 release.
> > > There are 323 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
> > > Anything received after that time might be too late.
> > >
> >
> > Building sparc64:allnoconfig ... failed
> > --------------
> > Error log:
> > <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > sparc64-linux-ld: init/main.o: in function `start_kernel':
> > main.c:(.init.text+0x77c): undefined reference to `arch_cpu_finalize_init'
> >
> > Building sparc64:tinyconfig ... failed
> > --------------
> > Error log:
> > <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > sparc64-linux-ld: init/main.o: in function `start_kernel':
> > main.c:(.init.text+0x764): undefined reference to `arch_cpu_finalize_init'
>
> Introduced with v4.19.290.
Thanks for the report, I'll fix these up separately after this release.
greg k-h
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 000/323] 4.19.291-rc1 review
2023-08-11 9:29 ` Greg Kroah-Hartman
@ 2023-08-11 14:51 ` Greg Kroah-Hartman
0 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-08-11 14:51 UTC (permalink / raw)
To: Guenter Roeck
Cc: stable, patches, linux-kernel, torvalds, akpm, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor
On Fri, Aug 11, 2023 at 11:29:53AM +0200, Greg Kroah-Hartman wrote:
> On Thu, Aug 10, 2023 at 07:24:32AM -0700, Guenter Roeck wrote:
> > On 8/10/23 06:55, Guenter Roeck wrote:
> > > On 8/9/23 03:37, Greg Kroah-Hartman wrote:
> > > > This is the start of the stable review cycle for the 4.19.291 release.
> > > > There are 323 patches in this series, all will be posted as a response
> > > > to this one. If anyone has any issues with these being applied, please
> > > > let me know.
> > > >
> > > > Responses should be made by Fri, 11 Aug 2023 10:36:10 +0000.
> > > > Anything received after that time might be too late.
> > > >
> > >
> > > Building sparc64:allnoconfig ... failed
> > > --------------
> > > Error log:
> > > <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > > sparc64-linux-ld: init/main.o: in function `start_kernel':
> > > main.c:(.init.text+0x77c): undefined reference to `arch_cpu_finalize_init'
> > >
> > > Building sparc64:tinyconfig ... failed
> > > --------------
> > > Error log:
> > > <stdin>:1335:2: warning: #warning syscall rseq not implemented [-Wcpp]
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: warning: arch/sparc/vdso/vdso32/vdso-note.o: missing .note.GNU-stack section implies executable stack
> > > /opt/kernel/gcc-11.4.0-2.40-nolibc/sparc64-linux/bin/../lib/gcc/sparc64-linux/11.4.0/../../../../sparc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
> > > sparc64-linux-ld: init/main.o: in function `start_kernel':
> > > main.c:(.init.text+0x764): undefined reference to `arch_cpu_finalize_init'
> >
> > Introduced with v4.19.290.
>
> Thanks for the report, I'll fix these up separately after this release.
Finally figured it out, I messed up on the backport for the sparc32
changes in the Kconfig file. I've queued up a fix for this now.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
2023-08-09 10:42 ` [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions Greg Kroah-Hartman
@ 2023-09-24 22:40 ` Ben Hutchings
2023-10-07 11:22 ` Greg Kroah-Hartman
0 siblings, 1 reply; 335+ messages in thread
From: Ben Hutchings @ 2023-09-24 22:40 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable; +Cc: patches, Joe Perches, Brennan Lamoreaux
[-- Attachment #1: Type: text/plain, Size: 2333 bytes --]
On Wed, 2023-08-09 at 12:42 +0200, Greg Kroah-Hartman wrote:
> From: Joe Perches <joe@perches.com>
>
> commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream.
>
> Convert the various sprintf fmaily calls in sysfs device show functions
> to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety.
[...]
> Signed-off-by: Joe Perches <joe@perches.com>
> Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@perches.com
> [ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ]
When I looked into the referenced security issue, it seemed to only be
exploitable through wakelock names, and in the upstream kernel only
after commit c8377adfa781 "PM / wakeup: Show wakeup sources stats in
sysfs" (first included in 5.4). So I would be interested to know if
and why a fix was needed for 4.19.
More importantly, this backported version uniformly converts to
sysfs_emit(), but there are 3 places sysfs_emit_at() must be used
instead:
[...]
> --- a/drivers/base/cpu.c
> +++ b/drivers/base/cpu.c
[...]
> @@ -264,7 +264,7 @@ static ssize_t print_cpus_offline(struct
> nr_cpu_ids, total_cpus-1);
> }
>
> - n += snprintf(&buf[n], len - n, "\n");
> + n += sysfs_emit(&buf[n], "\n");
> return n;
> }
> static DEVICE_ATTR(offline, 0444, print_cpus_offline, NULL);
[...]
> --- a/drivers/base/node.c
> +++ b/drivers/base/node.c
[...]
> @@ -96,7 +96,7 @@ static ssize_t node_read_meminfo(struct
> nid, K(sum_zone_node_page_state(nid, NR_MLOCK)));
>
> #ifdef CONFIG_HIGHMEM
> - n += sprintf(buf + n,
> + n += sysfs_emit(buf + n,
> "Node %d HighTotal: %8lu kB\n"
> "Node %d HighFree: %8lu kB\n"
> "Node %d LowTotal: %8lu kB\n"
> @@ -106,7 +106,7 @@ static ssize_t node_read_meminfo(struct
> nid, K(i.totalram - i.totalhigh),
> nid, K(i.freeram - i.freehigh));
> #endif
> - n += sprintf(buf + n,
> + n += sysfs_emit(buf + n,
> "Node %d Dirty: %8lu kB\n"
> "Node %d Writeback: %8lu kB\n"
> "Node %d FilePages: %8lu kB\n"
[...]
Ben.
--
Ben Hutchings
Kids! Bringing about Armageddon can be dangerous. Do not attempt it
in your own home. - Terry Pratchett and Neil Gaiman, `Good Omens'
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 335+ messages in thread
* Re: [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
2023-09-24 22:40 ` Ben Hutchings
@ 2023-10-07 11:22 ` Greg Kroah-Hartman
0 siblings, 0 replies; 335+ messages in thread
From: Greg Kroah-Hartman @ 2023-10-07 11:22 UTC (permalink / raw)
To: Ben Hutchings; +Cc: stable, patches, Joe Perches, Brennan Lamoreaux
On Mon, Sep 25, 2023 at 12:40:47AM +0200, Ben Hutchings wrote:
> On Wed, 2023-08-09 at 12:42 +0200, Greg Kroah-Hartman wrote:
> > From: Joe Perches <joe@perches.com>
> >
> > commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream.
> >
> > Convert the various sprintf fmaily calls in sysfs device show functions
> > to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety.
>
> [...]
> > Signed-off-by: Joe Perches <joe@perches.com>
> > Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@perches.com
> > [ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ]
>
> When I looked into the referenced security issue, it seemed to only be
> exploitable through wakelock names, and in the upstream kernel only
> after commit c8377adfa781 "PM / wakeup: Show wakeup sources stats in
> sysfs" (first included in 5.4). So I would be interested to know if
> and why a fix was needed for 4.19.
It should not be needed there.
> More importantly, this backported version uniformly converts to
> sysfs_emit(), but there are 3 places sysfs_emit_at() must be used
> instead:
Ick, ok, I'll go revert the commit, thanks.
greg k-h
^ permalink raw reply [flat|nested] 335+ messages in thread
end of thread, other threads:[~2023-10-07 11:23 UTC | newest]
Thread overview: 335+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-09 10:37 [PATCH 4.19 000/323] 4.19.291-rc1 review Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 001/323] gfs2: Dont deref jdesc in evict Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 002/323] x86/smp: Use dedicated cache-line for mwait_play_dead() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 003/323] video: imsttfb: check for ioremap() failures Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 004/323] fbdev: imsttfb: Fix use after free bug in imsttfb_probe Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 005/323] drm/edid: Fix uninitialized variable in drm_cvt_modes() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 006/323] scripts/tags.sh: Resolve gtags empty index generation Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 007/323] drm/amdgpu: Validate VM ioctl flags Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 008/323] treewide: Remove uninitialized_var() usage Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 009/323] md/raid10: check slab-out-of-bounds in md_bitmap_get_counter Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 010/323] md/raid10: fix overflow of md/safe_mode_delay Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 011/323] md/raid10: fix wrong setting of max_corr_read_errors Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 012/323] md/raid10: fix io loss while replacement replace rdev Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 013/323] irqchip/jcore-aic: Kill use of irq_create_strict_mappings() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 014/323] irqchip/jcore-aic: Fix missing allocation of IRQ descriptors Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 015/323] clocksource/drivers: Unify the names to timer-* format Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 016/323] clocksource/drivers/cadence-ttc: Use ttc driver as platform driver Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 017/323] clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 018/323] PM: domains: fix integer overflow issues in genpd_parse_state() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 019/323] ARM: 9303/1: kprobes: avoid missing-declaration warnings Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 020/323] evm: Complete description of evm_inode_setattr() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 021/323] wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 022/323] wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 023/323] samples/bpf: Fix buffer overflow in tcp_basertt Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 024/323] wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 025/323] nfc: constify several pointers to u8, char and sk_buff Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 026/323] nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 027/323] wifi: orinoco: Fix an error handling path in spectrum_cs_probe() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 028/323] wifi: orinoco: Fix an error handling path in orinoco_cs_probe() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 029/323] wifi: atmel: Fix an error handling path in atmel_probe() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 030/323] wl3501_cs: Fix a bunch of formatting issues related to function docs Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 031/323] wl3501_cs: Remove unnecessary NULL check Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 032/323] wl3501_cs: Fix misspelling and provide missing documentation Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 033/323] net: create netdev->dev_addr assignment helpers Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 034/323] wl3501_cs: use eth_hw_addr_set() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 035/323] wifi: wl3501_cs: Fix an error handling path in wl3501_probe() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 036/323] wifi: ray_cs: Utilize strnlen() in parse_addr() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 037/323] wifi: ray_cs: Drop useless status variable " Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 038/323] wifi: ray_cs: Fix an error handling path in ray_probe() Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 039/323] wifi: ath9k: dont allow to overwrite ENDPOINT0 attributes Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 040/323] wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown Greg Kroah-Hartman
2023-08-09 10:37 ` [PATCH 4.19 041/323] watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 042/323] watchdog/perf: more properly prevent false positives with turbo modes Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 043/323] kexec: fix a memory leak in crash_shrink_memory() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 044/323] memstick r592: make memstick_debug_get_tpc_name() static Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 045/323] wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 046/323] wifi: ath9k: convert msecs to jiffies where needed Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 047/323] netlink: fix potential deadlock in netlink_set_err() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 048/323] netlink: do not hard code device address lenth in fdb dumps Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 049/323] gtp: Fix use-after-free in __gtp_encap_destroy() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 050/323] lib/ts_bm: reset initial match offset for every block of text Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 051/323] netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 052/323] ipvlan: Fix return value of ipvlan_queue_xmit() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 053/323] netlink: Add __sock_i_ino() for __netlink_diag_dump() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 054/323] radeon: avoid double free in ci_dpm_init() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 055/323] Input: drv260x - sleep between polling GO bit Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 056/323] ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 057/323] Input: adxl34x - do not hardcode interrupt trigger type Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 058/323] drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 059/323] ARM: ep93xx: fix missing-prototype warnings Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 060/323] ASoC: es8316: Increment max value for ALC Capture Target Volume control Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 061/323] soc/fsl/qe: fix usb.c build errors Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 062/323] IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 063/323] arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 064/323] fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 065/323] drm/radeon: fix possible division-by-zero errors Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 066/323] ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 067/323] scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 068/323] PCI: Add pci_clear_master() stub for non-CONFIG_PCI Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 069/323] pinctrl: cherryview: Return correct value if pin in push-pull mode Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 070/323] perf dwarf-aux: Fix off-by-one in die_get_varname() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 071/323] pinctrl: at91-pio4: check return value of devm_kasprintf() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 072/323] hwrng: virtio - add an internal buffer Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 073/323] hwrng: virtio - dont wait on cleanup Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 074/323] hwrng: virtio - dont waste entropy Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 075/323] hwrng: virtio - always add a pending request Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 076/323] hwrng: virtio - Fix race on data_avail and actual data Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 077/323] crypto: nx - fix build warnings when DEBUG_FS is not enabled Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 078/323] modpost: fix section mismatch message for R_ARM_ABS32 Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 079/323] modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 080/323] ARCv2: entry: comments about hardware auto-save on taken interrupts Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 081/323] ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 082/323] ARCv2: entry: avoid a branch Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 083/323] ARCv2: entry: rewrite to enable use of double load/stores LDD/STD Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 084/323] ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 085/323] USB: serial: option: add LARA-R6 01B PIDs Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 086/323] block: change all __u32 annotations to __be32 in affs_hardblocks.h Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 087/323] w1: fix loop in w1_fini() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 088/323] sh: j2: Use ioremap() to translate device tree address into kernel memory Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 089/323] media: usb: Check az6007_read() return value Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 090/323] media: videodev2.h: Fix struct v4l2_input tuner index comment Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 091/323] media: usb: siano: Fix warning due to null work_func_t function pointer Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 092/323] extcon: Fix kernel doc of property fields to avoid warnings Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 093/323] extcon: Fix kernel doc of property capability " Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 094/323] usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 095/323] mfd: rt5033: Drop rt5033-battery sub-device Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 096/323] KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 097/323] mfd: intel-lpss: Add missing check for platform_get_resource Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 098/323] mfd: stmpe: Only disable the regulators if they are enabled Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 099/323] rtc: st-lpc: Release some resources in st_rtc_probe() in case of error Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 100/323] sctp: fix potential deadlock on &net->sctp.addr_wq_lock Greg Kroah-Hartman
2023-08-09 10:38 ` [PATCH 4.19 101/323] Add MODULE_FIRMWARE() for FIRMWARE_TG357766 Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 102/323] spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 103/323] mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 104/323] f2fs: fix error path handling in truncate_dnode() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 105/323] powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 106/323] net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 107/323] tcp: annotate data races in __tcp_oow_rate_limited() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 108/323] net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 109/323] sh: dma: Fix DMA channel offset calculation Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 110/323] i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 111/323] i2c: xiic: Dont try to handle more interrupt events after error Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 112/323] ALSA: jack: Fix mutex call in snd_jack_report() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 113/323] NFSD: add encoding of op_recall flag for write delegation Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 114/323] mmc: core: disable TRIM on Kingston EMMC04G-M627 Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 115/323] mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 116/323] bcache: Remove unnecessary NULL point check in node allocations Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 117/323] integrity: Fix possible multiple allocation in integrity_inode_get() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 118/323] jffs2: reduce stack usage in jffs2_build_xattr_subsystem() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 119/323] btrfs: fix race when deleting quota root from the dirty cow roots list Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 120/323] ARM: orion5x: fix d2net gpio initialization Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 121/323] spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 122/323] spi: spi-fsl-spi: relax message sanity checking a little Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 123/323] spi: spi-fsl-spi: allow changing bits_per_word while CS is still active Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 124/323] netfilter: nf_tables: fix nat hook table deletion Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 125/323] netfilter: nf_tables: add rescheduling points during loop detection walks Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 126/323] netfilter: nftables: add helper function to set the base sequence number Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 127/323] netfilter: add helper function to set up the nfnetlink header and use it Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 128/323] netfilter: nf_tables: use net_generic infra for transaction data Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 129/323] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 130/323] netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 131/323] netfilter: nf_tables: reject unbound anonymous set before commit phase Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 132/323] netfilter: nf_tables: unbind non-anonymous set if rule construction fails Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 133/323] netfilter: nf_tables: fix scheduling-while-atomic splat Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 134/323] netfilter: conntrack: Avoid nf_ct_helper_hash uses after free Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 135/323] netfilter: nf_tables: prevent OOB access in nft_byteorder_eval Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 136/323] net: lan743x: Dont sleep in atomic context Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 137/323] workqueue: clean up WORK_* constant types, clarify masking Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 138/323] net: mvneta: fix txq_map in case of txq_number==1 Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 139/323] vrf: Increment Icmp6InMsgs on the original netdev Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 140/323] icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 141/323] udp6: fix udp6_ehashfn() typo Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 142/323] ntb: idt: Fix error handling in idt_pci_driver_init() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 143/323] NTB: amd: Fix error handling in amd_ntb_pci_driver_init() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 144/323] ntb: intel: Fix error handling in intel_ntb_pci_driver_init() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 145/323] NTB: ntb_transport: fix possible memory leak while device_register() fails Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 146/323] NTB: ntb_tool: Add check for devm_kcalloc Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 147/323] ipv6/addrconf: fix a potential refcount underflow for idev Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 148/323] wifi: airo: avoid uninitialized warning in airo_get_rate() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 149/323] net/sched: make psched_mtu() RTNL-less safe Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 150/323] pinctrl: amd: Fix mistake in handling clearing pins at startup Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 151/323] pinctrl: amd: Detect internal GPIO0 debounce handling Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 152/323] pinctrl: amd: Only use special debounce behavior for GPIO 0 Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 153/323] tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 154/323] net: bcmgenet: Ensure MDIO unregistration has clocks enabled Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 155/323] SUNRPC: Fix UAF in svc_tcp_listen_data_ready() Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 156/323] perf intel-pt: Fix CYC timestamps after standalone CBR Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 157/323] ext4: fix wrong unit use in ext4_mb_clear_bb Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 158/323] ext4: only update i_reserved_data_blocks on successful block allocation Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 159/323] jfs: jfs_dmap: Validate db_l2nbperpage while mounting Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 160/323] PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold Greg Kroah-Hartman
2023-08-09 10:39 ` [PATCH 4.19 161/323] PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 162/323] PCI: qcom: Disable write access to read only registers for IP v2.3.3 Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 163/323] PCI: rockchip: Assert PCI Configuration Enable bit after probe Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 164/323] PCI: rockchip: Write PCI Device ID to correct register Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 165/323] PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 166/323] PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 167/323] PCI: rockchip: Use u32 variable to access 32-bit registers Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 168/323] misc: pci_endpoint_test: Free IRQs before removing the device Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 169/323] misc: pci_endpoint_test: Re-init completion for every test Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 170/323] md/raid0: add discard support for the original layout Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 171/323] fs: dlm: return positive pid value for F_GETLK Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 172/323] serial: atmel: dont enable IRQs prematurely Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 173/323] hwrng: imx-rngc - fix the timeout for init and self check Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 174/323] ceph: dont let check_caps skip sending responses for revoke msgs Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 175/323] meson saradc: fix clock divider mask length Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 176/323] Revert "8250: add support for ASIX devices with a FIFO bug" Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 177/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 178/323] tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 179/323] ring-buffer: Fix deadloop issue on reading trace_pipe Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 180/323] xtensa: ISS: fix call to split_if_spec Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 181/323] scsi: qla2xxx: Wait for io return on terminate rport Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 182/323] scsi: qla2xxx: Fix potential NULL pointer dereference Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 183/323] scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 184/323] scsi: qla2xxx: Pointer may be dereferenced Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 185/323] drm/atomic: Fix potential use-after-free in nonblocking commits Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 186/323] tracing/histograms: Add histograms to hist_vars if they have referenced variables Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 187/323] perf probe: Add test for regression introduced by switch to die_get_decl_file() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 188/323] fuse: revalidate: dont invalidate if interrupted Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 189/323] can: bcm: Fix UAF in bcm_proc_show() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 190/323] ext4: correct inline offset when handling xattrs in inode body Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 191/323] debugobjects: Recheck debug_objects_enabled before reporting Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 192/323] nbd: Add the maximum limit of allocated index in nbd_dev_add Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 193/323] md: fix data corruption for raid456 when reshape restart while grow up Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 194/323] md/raid10: prevent soft lockup while flush writes Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 195/323] posix-timers: Ensure timer ID search-loop limit is valid Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 196/323] sched/fair: Dont balance task to its current running CPU Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 197/323] bpf: Address KCSAN report on bpf_lru_list Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 198/323] wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 199/323] wifi: iwlwifi: mvm: avoid baid size integer overflow Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 200/323] igb: Fix igb_down hung on surprise removal Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 201/323] spi: bcm63xx: fix max prepend length Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 202/323] fbdev: imxfb: warn about invalid left/right margin Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 203/323] pinctrl: amd: Use amd_pinconf_set() for all config options Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 204/323] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 205/323] net:ipv6: check return value of pskb_trim() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 206/323] Revert "tcp: avoid the lookup process failing to get sk in ehash table" Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 207/323] fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 208/323] llc: Dont drop packet from non-root netns Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 209/323] netfilter: nf_tables: fix spurious set element insertion failure Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 210/323] netfilter: nf_tables: cant schedule in nft_chain_validate Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 211/323] net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 212/323] tcp: annotate data-races around tp->linger2 Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 213/323] tcp: annotate data-races around rskq_defer_accept Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 214/323] tcp: annotate data-races around tp->notsent_lowat Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 215/323] tcp: annotate data-races around fastopenq.max_qlen Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 216/323] tracing/histograms: Return an error if we fail to add histogram to hist_vars list Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 217/323] gpio: tps68470: Make tps68470_gpio_output() always set the initial value Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 218/323] bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 219/323] bcache: remove int n from parameter list of bch_bucket_alloc_set() Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 220/323] bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent Greg Kroah-Hartman
2023-08-09 10:40 ` [PATCH 4.19 221/323] btrfs: fix extent buffer leak after tree mod log failure at split_node() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 222/323] ext4: rename journal_dev to s_journal_dev inside ext4_sb_info Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 223/323] ext4: Fix reusing stale buffer heads from last failed mounting Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 224/323] PCI: Rework pcie_retrain_link() wait loop Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 225/323] PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 226/323] PCI/ASPM: Factor out pcie_wait_for_retrain() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 227/323] PCI/ASPM: Avoid link retraining race Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 228/323] dlm: cleanup plock_op vs plock_xop Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 229/323] dlm: rearrange async condition return Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 230/323] fs: dlm: interrupt posix locks only when process is killed Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 231/323] ftrace: Add information on number of page groups allocated Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 232/323] ftrace: Check if pages were allocated before calling free_pages() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 233/323] ftrace: Store the order of pages allocated in ftrace_page Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 234/323] ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 235/323] scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 236/323] scsi: qla2xxx: Array index may go out of bound Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 237/323] ext4: fix to check return value of freeze_bdev() in ext4_shutdown() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 238/323] i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 239/323] phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 240/323] ethernet: atheros: fix return value check in atl1e_tso_csum() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 241/323] ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 242/323] tcp: Reduce chance of collisions in inet6_hashfn() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 243/323] bonding: reset bonds flags when down link is P2P device Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 244/323] team: reset teams " Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 245/323] platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 246/323] net/sched: mqprio: refactor nlattr parsing to a separate function Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 247/323] net/sched: mqprio: add extack to mqprio_parse_nlattr() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 248/323] net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 249/323] benet: fix return value check in be_lancer_xmit_workarounds() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 250/323] RDMA/mlx4: Make check for invalid flags stricter Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 251/323] drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 252/323] ASoC: fsl_spdif: Silence output on stop Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 253/323] block: Fix a source code comment in include/uapi/linux/blkzoned.h Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 254/323] dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 255/323] ata: pata_ns87415: mark ns87560_tf_read static Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 256/323] ring-buffer: Fix wrong stat of cpu_buffer->read Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 257/323] tracing: Fix warning in trace_buffered_event_disable() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 258/323] USB: serial: option: support Quectel EM060K_128 Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 259/323] USB: serial: option: add Quectel EC200A module support Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 260/323] USB: serial: simple: add Kaufmann RKS+CAN VCP Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 261/323] USB: serial: simple: sort driver entries Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 262/323] can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 263/323] Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 264/323] usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 265/323] usb: dwc3: dont reset device side if dwc3 was configured as host-only Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 266/323] usb: ohci-at91: Fix the unhandle interrupt when resume Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 267/323] USB: quirks: add quirk for Focusrite Scarlett Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 268/323] usb: xhci-mtk: set the dma max_seg_size Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 269/323] Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 270/323] Documentation: security-bugs.rst: clarify CVE handling Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 271/323] staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 272/323] hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 273/323] btrfs: check for commit error at btrfs_attach_transaction_barrier() Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 274/323] tpm_tis: Explicitly check for error code Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 275/323] irq-bcm6345-l1: Do not assume a fixed block to cpu mapping Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 276/323] serial: 8250_dw: split Synopsys DesignWare 8250 common functions Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 277/323] serial: 8250_dw: Preserve original value of DLF register Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 278/323] virtio-net: fix race between set queues and probe Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 279/323] s390/dasd: fix hanging device after quiesce/resume Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 280/323] ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register Greg Kroah-Hartman
2023-08-09 10:41 ` [PATCH 4.19 281/323] dm cache policy smq: ensure IO doesnt prevent cleaner policy progress Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 282/323] drm/client: Fix memory leak in drm_client_target_cloned Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 283/323] net/sched: cls_fw: Fix improper refcount update leads to use-after-free Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 284/323] net/sched: sch_qfq: account for stab overhead in qfq_enqueue Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 285/323] ASoC: cs42l51: fix driver to properly autoload with automatic module loading Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 286/323] net/sched: cls_u32: Fix reference counter leak leading to overflow Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 287/323] perf: Fix function pointer case Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 288/323] loop: Select I/O scheduler none from inside add_disk() Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 289/323] word-at-a-time: use the same return type for has_zero regardless of endianness Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 290/323] KVM: s390: fix sthyi error handling Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 291/323] net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 292/323] perf test uprobe_from_different_cu: Skip if there is no gcc Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 293/323] net: sched: cls_u32: Fix match key mis-addressing Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 294/323] net: add missing data-race annotations around sk->sk_peek_off Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 295/323] net: add missing data-race annotation for sk_ll_usec Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 296/323] net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 297/323] net/sched: cls_route: " Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 298/323] ip6mr: Fix skb_under_panic in ip6mr_cache_report() Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 299/323] tcp_metrics: fix addr_same() helper Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 300/323] tcp_metrics: annotate data-races around tm->tcpm_stamp Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 301/323] tcp_metrics: annotate data-races around tm->tcpm_lock Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 302/323] tcp_metrics: annotate data-races around tm->tcpm_vals[] Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 303/323] tcp_metrics: annotate data-races around tm->tcpm_net Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 304/323] tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 305/323] scsi: zfcp: Defer fc_rport blocking until after ADISC response Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 306/323] libceph: fix potential hang in ceph_osdc_notify() Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 307/323] USB: zaurus: Add ID for A-300/B-500/C-700 Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 308/323] fs/sysv: Null check to prevent null-ptr-deref bug Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 309/323] Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 310/323] net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 311/323] ext2: Drop fragment support Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 312/323] test_firmware: fix a memory leak with reqs buffer Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 313/323] test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 314/323] mtd: rawnand: omap_elm: Fix incorrect type in assignment Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 315/323] powerpc/mm/altmap: Fix altmap boundary check Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 316/323] PM / wakeirq: support enabling wake-up irq after runtime_suspend called Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 317/323] PM: sleep: wakeirq: fix wake irq arming Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 318/323] ARM: dts: imx6sll: Make ssi node name same as other platforms Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 319/323] ARM: dts: imx: add usb alias Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 320/323] ARM: dts: imx6sll: fixup of operating points Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 321/323] ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 322/323] drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions Greg Kroah-Hartman
2023-09-24 22:40 ` Ben Hutchings
2023-10-07 11:22 ` Greg Kroah-Hartman
2023-08-09 10:42 ` [PATCH 4.19 323/323] arm64: dts: stratix10: fix incorrect I2C property for SCL signal Greg Kroah-Hartman
2023-08-10 6:53 ` [PATCH 4.19 000/323] 4.19.291-rc1 review Thierry Reding
2023-08-10 13:55 ` Guenter Roeck
2023-08-10 14:24 ` Guenter Roeck
2023-08-11 9:29 ` Greg Kroah-Hartman
2023-08-11 14:51 ` Greg Kroah-Hartman
2023-08-10 16:00 ` Guenter Roeck
2023-08-10 19:28 ` Daniel Díaz
2023-08-10 19:36 ` Linus Torvalds
2023-08-10 19:59 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).