Update 5.10.x+fslc up to v5.10.67 #446
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ Upstream commit 6fffe52 ] The rk3036/rk3328 pll types were converted to checking the lock status via the internal register in january 2020, so don't need the grf reference since then. But it was forgotten to remove grf check when deciding between the pll rate ops (read-only vs. read-write), so a clock driver without the needed grf reference might've been put into the read-only mode just because the grf reference was missing. This affected the rk356x that needs to reclock certain plls at boot. Fix this by removing the check for the grf for selecting the utilized operations. Suggested-by: Heiko Stuebner <heiko@sntech.de> Fixes: 7f6ffbb ("clk: rockchip: convert rk3036 pll type to use internal lock status") Signed-off-by: Peter Geis <pgwipeout@gmail.com> [adjusted the commit message, adjusted the fixes tag] Link: https://lore.kernel.org/r/20210728180034.717953-3-pgwipeout@gmail.com Signed-off-by: Heiko Stuebner <heiko@sntech.de> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6200487 ] It is possible for the primary IPoIB network device associated with any RDMA device to fail to join certain multicast groups preventing IPv6 neighbor discovery and possibly other network ULPs from working correctly. The IPv4 broadcast group is not affected as the IPoIB network device handles joining that multicast group directly. This is because the primary IPoIB network device uses the pkey at ndex 0 in the associated RDMA device's pkey table. Anytime the pkey value of index 0 changes, the primary IPoIB network device automatically modifies it's broadcast address (i.e. /sys/class/net/[ib0]/broadcast), since the broadcast address includes the pkey value, and then bounces carrier. This includes initial pkey assignment, such as when the pkey at index 0 transitions from the opa default of invalid (0x0000) to some value such as the OPA default pkey for Virtual Fabric 0: 0x8001 or when the fabric manager is restarted with a configuration change causing the pkey at index 0 to change. Many network ULPs are not sensitive to the carrier bounce and are not expecting the broadcast address to change including the linux IPv6 stack. This problem does not affect IPoIB child network devices as their pkey value is constant for all time. To mitigate this issue, change the default pkey in at index 0 to 0x8001 to cover the predominant case and avoid issues as ipoib comes up and the FM sweeps. At some point, ipoib multicast support should automatically fix non-broadcast addresses as it does with the primary broadcast address. Fixes: 7724105 ("IB/hfi1: add driver files") Link: https://lore.kernel.org/r/20210715160445.142451.47651.stgit@awfm-01.cornelisnetworks.com Suggested-by: Josh Collier <josh.d.collier@intel.com> Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e677b72 ] The failure during iw_cm module initialization partially left the system with unreleased memory and other resources. Rewrite the module init/exit routines in such way that netlink commands will be opened only after successful initialization. Fixes: b493d91 ("iwcm: common code for port mapper") Link: https://lore.kernel.org/r/b01239f99cb1a3e6d2b0694c242d89e6410bcd93.1627048781.git.leonro@nvidia.com Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8d7e415 ] Starting from the beginning of infiniband subsystem, the uverbs char devices start from 192 as a minor number, see commit bc38a6a ("[PATCH] IB uverbs: core implementation"). This patch updates the admin guide documentation to reflect it. Fixes: 9d85025 ("docs-rst: create an user's manual book") Link: https://lore.kernel.org/r/bad03e6bcde45550c01e12908a6fe7dfa4770703.1627477347.git.leonro@nvidia.com Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2127cd2 ] An earlier fix changed the print format specifier for adapter->bios_addr to use %lX. However, the integer is a u32 so the fix was wrong. Fix this by using the correct %X format specifier. Link: https://lore.kernel.org/r/20210730095031.26981-1-colin.king@canonical.com Fixes: 4362269 ("scsi: BusLogic: use %lX for unsigned long rather than %X") Acked-by: Khalid Aziz <khalid@gonehiking.org> Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Addresses-Coverity: ("Invalid type in argument") Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 7011555 ] Commit 1abd18d ("pinctrl: samsung: Register pinctrl before GPIO") changes the order of GPIO and pinctrl registration: now pinctrl is registered before GPIO. That means gpio_chip->ngpio is not set when samsung_pinctrl_register() called, and one cannot rely on that value anymore. Use `pin_bank->nr_pins' instead of `pin_bank->gpio_chip.ngpio' to fix mentioned inconsistency. Fixes: 1abd18d ("pinctrl: samsung: Register pinctrl before GPIO") Signed-off-by: Jaehyoung Choi <jkkkkk.choi@samsung.com> Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org> Link: https://lore.kernel.org/r/20210730192905.7173-1-semen.protsenko@linaro.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 26c22cf ] VFIO_NOIOMMU is supposed to be an element in the VFIO menu, not start a new menu. Correct this copy-paste mistake. Fixes: 03a76b6 ("vfio: Include No-IOMMU mode") Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Link: https://lore.kernel.org/r/0-v1-3f0b685c3679+478-vfio_menuconfig_jgg@nvidia.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d3d9c45 ] If param_offset > buff_len then the memcpy() statement in ufshcd_read_desc_param() corrupts memory since it copies 256 + buff_len - param_offset bytes into a buffer with size buff_len. Since param_offset < 256 this results in writing past the bound of the output buffer. Link: https://lore.kernel.org/r/20210722033439.26550-2-bvanassche@acm.org Fixes: cbe193f ("scsi: ufs: Fix potential NULL pointer access during memcpy") Reviewed-by: Avri Altman <avri.altman@wdc.com> Reviewed-by: Daejun Park <daejun7.park@samsung.com> Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 50741b7 ] Commit d947fb4 ("cpuidle: pseries: Fixup exit latency for CEDE(0)") sets the exit latency of CEDE(0) based on the latency values of the Extended CEDE states advertised by the platform On POWER9 LPARs, the firmwares advertise a very low value of 2us for CEDE1 exit latency on a Dedicated LPAR. The latency advertized by the PHYP hypervisor corresponds to the latency required to wakeup from the underlying hardware idle state. However the wakeup latency from the LPAR perspective should include 1. The time taken to transition the CPU from the Hypervisor into the LPAR post wakeup from platform idle state 2. Time taken to send the IPI from the source CPU (waker) to the idle target CPU (wakee). 1. can be measured via timer idle test, where we queue a timer, say for 1ms, and enter the CEDE state. When the timer fires, in the timer handler we compute how much extra timer over the expected 1ms have we consumed. On a a POWER9 LPAR the numbers are CEDE latency measured using a timer (numbers in ns) N Min Median Avg 90%ile 99%ile Max Stddev 400 2601 5677 5668.74 5917 6413 9299 455.01 1. and 2. combined can be determined by an IPI latency test where we send an IPI to an idle CPU and in the handler compute the time difference between when the IPI was sent and when the handler ran. We see the following numbers on POWER9 LPAR. CEDE latency measured using an IPI (numbers in ns) N Min Median Avg 90%ile 99%ile Max Stddev 400 711 7564 7369.43 8559 9514 9698 1200.01 Suppose, we consider the 99th percentile latency value measured using the IPI to be the wakeup latency, the value would be 9.5us This is in the ballpark of the default value of 10us. Hence, use the exit latency of CEDE(0) based on the latency values advertized by platform only from POWER10 onwards. The values advertized on POWER10 platforms is more realistic and informed by the latency measurements. For earlier platforms stick to the default value of 10us. The fix was suggested by Michael Ellerman. Fixes: d947fb4 ("cpuidle: pseries: Fixup exit latency for CEDE(0)") Reported-by: Enrico Joedecke <joedecke@de.ibm.com> Signed-off-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/1626676399-15975-2-git-send-email-ego@linux.vnet.ibm.com Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a6cae77 ] commit 7c6986a ("powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()") introduces udelay() call without including the linux/delay.h header. This may happen to work on master but the header that declares the functionshould be included nonetheless. Fixes: 7c6986a ("powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()") Signed-off-by: Michal Suchanek <msuchanek@suse.de> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20210729180103.15578-1-msuchanek@suse.de Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f9193d2 ] The QP type is set by the IB/core and shouldn't be set in the driver. Fixes: 40909f6 ("RDMA/efa: Add EFA verbs implementation") Link: https://lore.kernel.org/r/838c40134c1590167b888ca06ad51071139ff2ae.1627040189.git.leonro@nvidia.com Acked-by: Gal Pressman <galpress@amazon.com> Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5f6bb7e ] XRC_TGT QPs are created through kernel verbs and don't have udata at all. Fixes: 6eefa83 ("RDMA/mlx5: Protect from kernel crash if XRC_TGT doesn't have udata") Fixes: e383085 ("RDMA/mlx5: Set ECE options during QP create") Link: https://lore.kernel.org/r/b68228597e730675020aa5162745390a2d39d3a2.1628014762.git.leonro@nvidia.com Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d04691d ] After commit 7cbd631 ("cpuidle: pseries: Fixup CEDE0 latency only for POWER10 onwards"), pseries_idle_probe() is no longer inlined when compiling with clang, which causes a modpost warning: WARNING: modpost: vmlinux.o(.text+0xc86a54): Section mismatch in reference from the function pseries_idle_probe() to the function .init.text:fixup_cede0_latency() The function pseries_idle_probe() references the function __init fixup_cede0_latency(). This is often because pseries_idle_probe lacks a __init annotation or the annotation of fixup_cede0_latency is wrong. pseries_idle_probe() is a non-init function, which calls fixup_cede0_latency(), which is an init function, explaining the mismatch. pseries_idle_probe() is only called from pseries_processor_idle_init(), which is an init function, so mark pseries_idle_probe() as __init so there is no more warning. Fixes: 054e44b ("cpuidle: pseries: Add function to parse extended CEDE records") Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20210803211547.1093820-1-nathan@kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d4bf15a ] I recently found a case where de->name_len is 0 in f2fs_fill_dentries() easily reproduced, and finally set the fsck flag. Thread A Thread B - f2fs_readdir - f2fs_read_inline_dir - ctx->pos = d.max - f2fs_add_dentry - f2fs_add_inline_entry - do_convert_inline_dir - f2fs_add_regular_entry - f2fs_readdir - f2fs_fill_dentries - set_sbi_flag(sbi, SBI_NEED_FSCK) Process A opens the folder, and has been reading without closing it. During this period, Process B created a file under the folder (occupying multiple f2fs_dir_entry, exceeding the d.max of the inline dir). After creation, process A uses the d.max of inline dir to read it again, and it will read that de->name_len is 0. And Chao pointed out that w/o inline conversion, the race condition still can happen as below: dir_entry1: A dir_entry2: B dir_entry3: C free slot: _ ctx->pos: ^ Thread A is traversing directory, ctx-pos moves to below position after readdir() by thread A: AAAABBBB___ ^ Then thread B delete dir_entry2, and create dir_entry3. Thread A calls readdir() to lookup dirents starting from middle of new dirent slots as below: AAAACCCCCC_ ^ In these scenarios, the file system is not damaged, and it's hard to avoid it. But we can bypass tagging FSCK flag if: a) bit_pos (:= ctx->pos % d->max) is non-zero and b) before bit_pos moves to first valid dir_entry. Fixes: ddf06b7 ("f2fs: fix to trigger fsck if dirent.name_len is zero") Signed-off-by: Yangtao Li <frank.li@vivo.com> [Chao: clean up description] Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 946e105 ] Don't call printk() when CONFIG_PRINTK is not set. Fixes the following build errors: or1k-linux-ld: arch/openrisc/kernel/entry.o: in function `_external_irq_handler': (.text+0x804): undefined reference to `printk' (.text+0x804): relocation truncated to fit: R_OR1K_INSN_REL_26 against undefined symbol `printk' Fixes: 9d02a42 ("OpenRISC: Boot code") Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reported-by: kernel test robot <lkp@intel.com> Cc: Jonas Bonn <jonas@southpole.se> Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi> Cc: Stafford Horne <shorne@gmail.com> Cc: openrisc@lists.librecores.org Signed-off-by: Stafford Horne <shorne@gmail.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 173735c ] Due to link order, dma_debug_init is called before debugfs has a chance to initialize (via debugfs_init which also happens in the core initcall stage), so the directories for dma-debug are never created. Decouple dma_debug_fs_init from dma_debug_init and defer its init until core_initcall_sync (after debugfs has been initialized) while letting dma-debug initialization occur as soon as possible to catch any early mappings, as suggested in [1]. [1] https://lore.kernel.org/linux-iommu/YIgGa6yF%2Fadg8OSN@kroah.com/ Fixes: 15b28bb ("dma-debug: move initialization to common code") Signed-off-by: Anthony Iliopoulos <ailiop@suse.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e20772c ] If NFS_LAYOUT_RETURN_REQUESTED is set, but there is no value set for the layout plh_return_seq, we can end up in a livelock loop in which every layout segment retrieved by a new call to layoutget is immediately invalidated by pnfs_layout_need_return(). To get around this, we should just set plh_return_seq to the current value of the layout stateid's seqid. Fixes: d474f96 ("NFS: Don't return layout segments that are in use") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 45baada ] A zero value for the layout barrier indicates that it has been cleared (since seqid '0' is an illegal value), so we should always allow it to be updated. Fixes: d29b468 ("pNFS/NFSv4: Improve rejection of out-of-order layouts") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d6236a9 ] The intention of the layout barrier is to ensure that we do not update the layout to match an older value than the current expectation. Fix the test in pnfs_layout_stateid_blocked() to reflect that it is legal for the seqid of the stateid to match that of the barrier. Fixes: aa95edf ("NFSv4/pnfs: Fix the layout barrier update") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c2dc3e5 ] We really should not call rpc_wake_up_queued_task_set_status() with xprt->snd_task as an argument unless we are certain that is actually an rpc_task. Fixes: 0445f92 ("SUNRPC: Fix disconnection races") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f99fa50 ] The xprtrdma client code currently relies on the task that initiated the connect to hold the XPRT_LOCK for the duration of the connection attempt. If the task is woken early, due to some other event, then that lock could get released early. Avoid races by using the same mechanism that the socket code uses of transferring lock ownership to the RDMA connect worker itself. That frees us to call rpcrdma_xprt_disconnect() directly since we're now guaranteed exclusion w.r.t. other callers. Fixes: 4cf44be ("xprtrdma: Fix recursion into rpcrdma_xprt_disconnect()") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a848248 ] Provide ability to query transport's source port. Signed-off-by: Olga Kornievskaia <kolga@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5d46dd0 ] Since bc1c56e transport->srcport may by unset, causing get_srcport() to return 0 when called. Fix this by querying the port from the underlying socket instead of the transport. Fixes: bc1c56e (SUNRPC: prevent port reuse on transports which don't request it) Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 632c4ae ] If request_region() fails the return value is not set. Return -EBUSY on error. Link: https://lore.kernel.org/r/20210715032625.1395495-1-liwei391@huawei.com Fixes: 8674a8a ("scsi: fdomain: Add PCMCIA support") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wei Li <liwei391@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
…ntry() [ Upstream commit d789a49 ] Fix to return -ENOTSUPP instead of 0 when PCS_HAS_PINCONF is true, which is the same as that returned in pcs_parse_pinconf(). Fixes: 4e7e801 ("pinctrl: pinctrl-single: enhance to configure multiple pins of different modules") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Link: https://lore.kernel.org/r/20210722033930.4034-2-thunder.leizhen@huawei.com Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 9c7248b ] When a LPAR is migratable, we should consider the maximum possible NUMA node instead of the number of NUMA nodes from the actual system. The DT property 'ibm,current-associativity-domains' defines the maximum number of nodes the LPAR can see when running on that box. But if the LPAR is being migrated on another box, it may see up to the nodes defined by 'ibm,max-associativity-domains'. So if a LPAR is migratable, that value should be used. Unfortunately, there is no easy way to know if an LPAR is migratable or not. The hypervisor exports the property 'ibm,migratable-partition' in the case it set to migrate partition, but that would not mean that the current partition is migratable. Without this patch, when a LPAR is started on a 2 node box and then migrated to a 3 node box, the hypervisor may spread the LPAR's CPUs on the 3rd node. In that case if a CPU from that 3rd node is added to the LPAR, it will be wrongly assigned to the node because the kernel has been set to use up to 2 nodes (the configuration of the departure node). With this patch applies, the CPU is correctly added to the 3rd node. Fixes: f9f130f ("powerpc/numa: Detect support for coregroup") Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com> Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20210511073136.17795-1-ldufour@linux.ibm.com Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d1f6581 ] Return -EINVAL on failure instead of success. Link: https://lore.kernel.org/r/20210810084613.GB23810@kili Fixes: a91aaae ("scsi: smartpqi: allow for larger raid maps") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4dbe57d ] This function had some left over code that returned 1 on error instead negative error codes. Convert everything to use negative error codes. The caller treats all non-zero returns the same so this does not affect run time. A couple places set "rc" instead of "status" so those error paths ended up returning success by mistake. Get rid of the "rc" variable and use "status" everywhere. Remove the bogus "status = 0" initialization, as a future proofing measure so the compiler will warn about uninitialized error codes. Link: https://lore.kernel.org/r/20210810084753.GD23810@kili Fixes: ace7f46 ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") Acked-by: Manish Rangankar <mrangankar@marvell.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ccc8973 ] This driver has some left over "return 1" on failure style code mixed with "return negative error codes" style code. The caller doesn't care so we should just convert everything to return negative error codes. Then there was a problem that there were two variables used to store error codes which just resulted in confusion. If qedf_alloc_bdq() returned a negative error code, we accidentally returned success instead of propagating the error code. So get rid of the "rc" variable and use "status" every where. Also remove the "status = 0" initialization so that these sorts of bugs will be detected by the compiler in the future. Link: https://lore.kernel.org/r/20210810085023.GA23998@kili Fixes: 61d8658 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.") Acked-by: Manish Rangankar <mrangankar@marvell.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d0e28a6 ] CONFIG_MTD_PHYSMAP_OF is not longer enabled as it depends on MTD_PHYSMAP which is not enabled. This is a regression from commit 642b1e8 ("mtd: maps: Merge physmap_of.c into physmap-core.c"), which added the extra dependency. Add CONFIG_MTD_PHYSMAP=y so this stays in the config, as Christophe said it is useful for build coverage. Fixes: 642b1e8 ("mtd: maps: Merge physmap_of.c into physmap-core.c") Signed-off-by: Joel Stanley <joel@jms.id.au> Acked-by: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20210817045407.2445664-3-joel@jms.id.au Signed-off-by: Sasha Levin <sashal@kernel.org>
commit c8fadf0 upstream. The first invocation of function find_first_zero_bit will return 0 and queue_id gets set to 0. An index of queue_pair_map also gets set to 0. qpair_id = find_first_zero_bit(ha->qpair_qid_map, ha->max_qpairs); set_bit(qpair_id, ha->qpair_qid_map); ha->queue_pair_map[qpair_id] = qpair; In the alloc_queue callback driver checks the map, if queue is already allocated: ha->queue_pair_map[qidx] This works fine as long as max_qpairs is greater than nvme_max_hw_queues(8) since the size of the queue_pair_map is equal to max_qpair. In case nr_cpus is less than 8, max_qpairs is less than 8. This creates wrong value returned as qpair. [ 1572.353669] qla2xxx [0000:24:00.3]-2121:6: Returning existing qpair of 4e00000000000000 for idx=2 [ 1572.354458] general protection fault: 0000 [Freescale#1] SMP PTI [ 1572.354461] CPU: 1 PID: 44 Comm: kworker/1:1H Kdump: loaded Tainted: G IOE --------- - - 4.18.0-304.el8.x86_64 Freescale#1 [ 1572.354462] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 03/01/2013 [ 1572.354467] Workqueue: kblockd blk_mq_run_work_fn [ 1572.354485] RIP: 0010:qla_nvme_post_cmd+0x92/0x760 [qla2xxx] [ 1572.354486] Code: 84 24 5c 01 00 00 00 00 b8 0a 74 1e 66 83 79 48 00 0f 85 a8 03 00 00 48 8b 44 24 08 48 89 ee 4c 89 e7 8b 50 24 e8 5e 8e 00 00 <f0> 41 ff 47 04 0f ae f0 41 f6 47 24 04 74 19 f0 41 ff 4f 04 b8 f0 [ 1572.354487] RSP: 0018:ffff9c81c645fc90 EFLAGS: 00010246 [ 1572.354489] RAX: 0000000000000001 RBX: ffff8ea3e5070138 RCX: 0000000000000001 [ 1572.354490] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8ea4c866b800 [ 1572.354491] RBP: ffff8ea4c866b800 R08: 0000000000005010 R09: ffff8ea4c866b800 [ 1572.354492] R10: 0000000000000001 R11: 000000069d1ca3ff R12: ffff8ea4bc460000 [ 1572.354493] R13: ffff8ea3e50702b0 R14: ffff8ea4c4c16a58 R15: 4e00000000000000 [ 1572.354494] FS: 0000000000000000(0000) GS:ffff8ea4dfd00000(0000) knlGS:0000000000000000 [ 1572.354495] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1572.354496] CR2: 000055884504fa58 CR3: 00000005a1410001 CR4: 00000000000606e0 [ 1572.354497] Call Trace: [ 1572.354503] ? check_preempt_curr+0x62/0x90 [ 1572.354506] ? dma_direct_map_sg+0x72/0x1f0 [ 1572.354509] ? nvme_fc_start_fcp_op.part.32+0x175/0x460 [nvme_fc] [ 1572.354511] ? blk_mq_dispatch_rq_list+0x11c/0x730 [ 1572.354515] ? __switch_to_asm+0x35/0x70 [ 1572.354516] ? __switch_to_asm+0x41/0x70 [ 1572.354518] ? __switch_to_asm+0x35/0x70 [ 1572.354519] ? __switch_to_asm+0x41/0x70 [ 1572.354521] ? __switch_to_asm+0x35/0x70 [ 1572.354522] ? __switch_to_asm+0x41/0x70 [ 1572.354523] ? __switch_to_asm+0x35/0x70 [ 1572.354525] ? entry_SYSCALL_64_after_hwframe+0xb9/0xca [ 1572.354527] ? __switch_to_asm+0x41/0x70 [ 1572.354529] ? __blk_mq_sched_dispatch_requests+0xc6/0x170 [ 1572.354531] ? blk_mq_sched_dispatch_requests+0x30/0x60 [ 1572.354532] ? __blk_mq_run_hw_queue+0x51/0xd0 [ 1572.354535] ? process_one_work+0x1a7/0x360 [ 1572.354537] ? create_worker+0x1a0/0x1a0 [ 1572.354538] ? worker_thread+0x30/0x390 [ 1572.354540] ? create_worker+0x1a0/0x1a0 [ 1572.354541] ? kthread+0x116/0x130 [ 1572.354543] ? kthread_flush_work_fn+0x10/0x10 [ 1572.354545] ? ret_from_fork+0x35/0x40 Fix is to use index 0 for admin and first IO queue. Link: https://lore.kernel.org/r/20210810043720.1137-14-njavali@marvell.com Fixes: e84067d ("scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration") Cc: stable@vger.kernel.org Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Saurav Kashyap <skashyap@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f34ee9c upstream. In the numa=off kernel command-line configuration init_chip_info() loops around the number of chips and attempts to copy the cpumask of that node which is NULL for all iterations after the first chip. Hence, store the cpu mask for each chip instead of derving cpumask from node while populating the "chips" struct array and copy that to the chips[i].mask Fixes: 053819e ("cpufreq: powernv: Handle throttling due to Pmax capping at chip level") Cc: stable@vger.kernel.org # v4.3+ Reported-by: Shirisha Ganta <shirisha.ganta1@ibm.com> Signed-off-by: Pratik R. Sampat <psampat@linux.ibm.com> Reviewed-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com> [mpe: Rename goto label to out_free_chip_cpu_mask] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20210728120500.87549-2-psampat@linux.ibm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 93ebb68 upstream. Since commit 903cd0f ("swiotlb: Use is_swiotlb_force_bounce for swiotlb data bouncing") if code sets swiotlb_force it needs to do so before the swiotlb is initialised. Otherwise io_tlb_default_mem->force_bounce will not get set to true, and devices that use (the default) swiotlb will not bounce despite switolb_force having the value of SWIOTLB_FORCE. Let us restore swiotlb functionality for PV by fulfilling this new requirement. This change addresses what turned out to be a fragility in commit 64e1f0c ("s390/mm: force swiotlb for protected virtualization"), which ain't exactly broken in its original context, but could give us some more headache if people backport the broken change and forget this fix. Signed-off-by: Halil Pasic <pasic@linux.ibm.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Fixes: 903cd0f ("swiotlb: Use is_swiotlb_force_bounce for swiotlb data bouncing") Fixes: 64e1f0c ("s390/mm: force swiotlb for protected virtualization") Cc: stable@vger.kernel.org Freescale#5.3+ Signed-off-by: Konrad Rzeszutek Wilk <konrad@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 09a26e8 upstream. Guillaume Morin reported hitting the following WARNING followed by GPF or NULL pointer deference either in cgroups_destroy or in the kill_css path.: percpu ref (css_release) <= 0 (-1) after switching to atomic WARNING: CPU: 23 PID: 130 at lib/percpu-refcount.c:196 percpu_ref_switch_to_atomic_rcu+0x127/0x130 CPU: 23 PID: 130 Comm: ksoftirqd/23 Kdump: loaded Tainted: G O 5.10.60 Freescale#1 RIP: 0010:percpu_ref_switch_to_atomic_rcu+0x127/0x130 Call Trace: rcu_core+0x30f/0x530 rcu_core_si+0xe/0x10 __do_softirq+0x103/0x2a2 run_ksoftirqd+0x2b/0x40 smpboot_thread_fn+0x11a/0x170 kthread+0x10a/0x140 ret_from_fork+0x22/0x30 Upon further examination, it was discovered that the css structure was associated with hugetlb reservations. For private hugetlb mappings the vma points to a reserve map that contains a pointer to the css. At mmap time, reservations are set up and a reference to the css is taken. This reference is dropped in the vma close operation; hugetlb_vm_op_close. However, if a vma is split no additional reference to the css is taken yet hugetlb_vm_op_close will be called twice for the split vma resulting in an underflow. Fix by taking another reference in hugetlb_vm_op_open. Note that the reference is only taken for the owner of the reserve map. In the more common fork case, the pointer to the reserve map is cleared for non-owning vmas. Link: https://lkml.kernel.org/r/20210830215015.155224-1-mike.kravetz@oracle.com Fixes: e9fe92a ("hugetlb_cgroup: add reservation accounting for private mappings") Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com> Reported-by: Guillaume Morin <guillaume@morinfr.org> Suggested-by: Guillaume Morin <guillaume@morinfr.org> Tested-by: Guillaume Morin <guillaume@morinfr.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4b42fb2 upstream. Previously, we noticed the one rpma example was failed[1] since commit 36f30e4 ("IB/core: Improve ODP to use hmm_range_fault()"), where it will use ODP feature to do RDMA WRITE between fsdax files. After digging into the code, we found hmm_vma_handle_pte() will still return EFAULT even though all the its requesting flags has been fulfilled. That's because a DAX page will be marked as (_PAGE_SPECIAL | PAGE_DEVMAP) by pte_mkdevmap(). Link: pmem/rpma#1142 [1] Link: https://lkml.kernel.org/r/20210830094232.203029-1-lizhijian@cn.fujitsu.com Fixes: 4055062 ("mm/hmm: add missing call to hmm_pte_need_fault in HMM_PFN_SPECIAL handling") Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 13db8c5 upstream. After fork, the child process will get incorrect (2x) hugetlb_usage. If a process uses 5 2MB hugetlb pages in an anonymous mapping, HugetlbPages: 10240 kB and then forks, the child will show, HugetlbPages: 20480 kB The reason for double the amount is because hugetlb_usage will be copied from the parent and then increased when we copy page tables from parent to child. Child will have 2x actual usage. Fix this by adding hugetlb_count_init in mm_init. Link: https://lkml.kernel.org/r/20210826071742.877-1-liuzixian4@huawei.com Fixes: 5d317b2 ("mm: hugetlb: proc: add HugetlbPages field to /proc/PID/status") Signed-off-by: Liu Zixian <liuzixian4@huawei.com> Reviewed-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 32d4f4b upstream. Commit f56ce41 ("mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim") introduced a divide by zero corner case when oomd is being used in combination with cgroup memory.low protection. When oomd decides to kill a cgroup, it will force the cgroup memory to be reclaimed after killing the tasks, by writing to the memory.max file for that cgroup, forcing the remaining page cache and reclaimable slab to be reclaimed down to zero. Previously, on cgroups with some memory.low protection that would result in the memory being reclaimed down to the memory.low limit, or likely not at all, having the page cache reclaimed asynchronously later. With f56ce41 the oomd write to memory.max tries to reclaim all the way down to zero, which may race with another reclaimer, to the point of ending up with the divide by zero below. This patch implements the obvious fix. Link: https://lkml.kernel.org/r/20210826220149.058089c6@imladris.surriel.com Fixes: f56ce41 ("mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim") Signed-off-by: Rik van Riel <riel@surriel.com> Acked-by: Roman Gushchin <guro@fb.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Chris Down <chris@chrisdown.name> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fab827d upstream. Commit 5d09705 ("kmemcg: account certain kmem allocations to memcg") enabled memcg accounting for pids allocated from init_pid_ns.pid_cachep, but forgot to adjust the setting for nested pid namespaces. As a result, pid memory is not accounted exactly where it is really needed, inside memcg-limited containers with their own pid namespaces. Pid was one the first kernel objects enabled for memcg accounting. init_pid_ns.pid_cachep marked by SLAB_ACCOUNT and we can expect that any new pids in the system are memcg-accounted. Though recently I've noticed that it is wrong. nested pid namespaces creates own slab caches for pid objects, nested pids have increased size because contain id both for all parent and for own pid namespaces. The problem is that these slab caches are _NOT_ marked by SLAB_ACCOUNT, as a result any pids allocated in nested pid namespaces are not memcg-accounted. Pid struct in nested pid namespace consumes up to 500 bytes memory, 100000 such objects gives us up to ~50Mb unaccounted memory, this allow container to exceed assigned memcg limits. Link: https://lkml.kernel.org/r/8b6de616-fd1a-02c6-cbdb-976ecdcfa604@virtuozzo.com Fixes: 5d09705 ("kmemcg: account certain kmem allocations to memcg") Cc: stable@vger.kernel.org Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Reviewed-by: Michal Koutný <mkoutny@suse.com> Reviewed-by: Shakeel Butt <shakeelb@google.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Acked-by: Roman Gushchin <guro@fb.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 32b2397 upstream. There is a use after free crash when the pmem driver tears down its mapping while I/O is still inbound. This is triggered by driver unbind, "ndctl destroy-namespace", while I/O is in flight. Fix the sequence of blk_cleanup_queue() vs memunmap(). The crash signature is of the form: BUG: unable to handle page fault for address: ffffc90080200000 CPU: 36 PID: 9606 Comm: systemd-udevd Call Trace: ? pmem_do_bvec+0xf9/0x3a0 ? xas_alloc+0x55/0xd0 pmem_rw_page+0x4b/0x80 bdev_read_page+0x86/0xb0 do_mpage_readpage+0x5d4/0x7a0 ? lru_cache_add+0xe/0x10 mpage_readpages+0xf9/0x1c0 ? bd_link_disk_holder+0x1a0/0x1a0 blkdev_readpages+0x1d/0x20 read_pages+0x67/0x1a0 ndctl Call Trace in vmcore: PID: 23473 TASK: ffff88c4fbbe8000 CPU: 1 COMMAND: "ndctl" __schedule schedule blk_mq_freeze_queue_wait blk_freeze_queue blk_cleanup_queue pmem_release_queue devm_action_release release_nodes devres_release_all device_release_driver_internal device_driver_detach unbind_store Cc: <stable@vger.kernel.org> Signed-off-by: sumiyawang <sumiyawang@tencent.com> Reviewed-by: yongduan <yongduan@tencent.com> Link: https://lore.kernel.org/r/1629632949-14749-1-git-send-email-sumiyawang@tencent.com Fixes: 50f44ee ("mm/devm_memremap_pages: fix final page put race") Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3abc16a upstream. Sometimes kernel is trying to probe Fingerprint MCU (FPMCU) when it hasn't initialized SPI yet. This can happen because FPMCU is restarted during system boot and kernel can send message in short window eg. between sysjump to RW and SPI initialization. Cc: <stable@vger.kernel.org> # 4.4+ Signed-off-by: Patryk Duda <pdk@semihalf.com> Link: https://lore.kernel.org/r/20210518140758.29318-1-pdk@semihalf.com Signed-off-by: Benson Leung <bleung@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f9398f1 upstream. The static initializer test got accidentally converted to a dynamic initializer. Fix this and retain the giant padding hole without using an aligned struct member. Fixes: 50ceaa9 ("lib: Introduce test_stackinit module") Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20210723221933.3431999-2-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 552799f upstream. Currently, outgoing packets larger than 1496 bytes are dropped when tagged VLAN is used on a switch port. Add the frame check sequence length to the value of the register GSWIP_MAC_FLEN to fix this. This matches the lantiq_ppa vendor driver, which uses a value consisting of 1518 bytes for the MAC frame, plus the lengths of special tag and VLAN tags. Fixes: 14fceff ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") Cc: stable@vger.kernel.org Signed-off-by: Jan Hoffmann <jan@3e8.eu> Acked-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1476967 upstream. Put the clock-selection code into each of the PLL-update functions to make them select the correct pixel clock. Instead of copying the code, introduce a new helper WREG_MISC_MASKED, which does masked writes into <MISC>. Use it from each individual PLL update function. The pixel clock for video output was not actually set before programming the clock's values. It worked because the device had the correct clock pre-set. v2: * don't duplicate <MISC> update code (Sam) Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Fixes: db05f8d ("drm/mgag200: Split MISC register update into PLL selection, SYNC and I/O") Acked-by: Sam Ravnborg <sam@ravnborg.org> Cc: Sam Ravnborg <sam@ravnborg.org> Cc: Emil Velikov <emil.velikov@collabora.com> Cc: Dave Airlie <airlied@redhat.com> Cc: dri-devel@lists.freedesktop.org Cc: <stable@vger.kernel.org> # v5.9+ Link: https://patchwork.freedesktop.org/patch/msgid/20210714142240.21979-2-tzimmermann@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cb0927a upstream. Without this fix boot throws NULL ptr exception at msm_dsi_manager_setup_encoder on devices like Nexus 7 2013 (MDP4 v4.4). Fixes: 03436e3 ("drm/msm/dsi: Move setup_encoder to modeset_init") Cc: <stable@vger.kernel.org> Signed-off-by: David Heidelberg <david@ixit.cz> Link: https://lore.kernel.org/r/20210811170631.39296-1-david@ixit.cz Signed-off-by: Rob Clark <robdclark@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 92bd92c upstream. Commit 2f015ec ("drm/dp_mst: Add sideband down request tracing + selftests") added some debug code for sideband message tracing. But it seems to have unintentionally changed the behavior on sideband message failure. It catches and returns failure only if DRM_UT_DP is enabled. Otherwise it ignores the error code and returns success. So on an MST unplug, the caller is unaware that the clear payload message failed and ends up waiting for 4 seconds for the response. Fixes the issue by returning the proper error code. Changes in V2: -- Revise commit text as review comment -- add Fixes text Changes in V3: -- remove "unlikely" optimization Fixes: 2f015ec ("drm/dp_mst: Add sideband down request tracing + selftests") Cc: <stable@vger.kernel.org> # v5.5+ Signed-off-by: Rajkumar Subbiah <rsubbia@codeaurora.org> Signed-off-by: Kuogee Hsieh <khsieh@codeaurora.org> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Jani Nikula <jani.nikula@intel.com> Reviewed-by: Lyude Paul <lyude@redhat.com> Signed-off-by: Lyude Paul <lyude@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/1625585434-9562-1-git-send-email-khsieh@codeaurora.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
…_priv commit 7fdc48c upstream. Jobs can be in-flight when the file descriptor is closed (either because the process did not terminate properly, or because it didn't wait for all GPU jobs to be finished), and apparently panfrost_job_close() does not cancel already running jobs. Let's refcount the MMU context object so it's lifetime is no longer bound to the FD lifetime and running jobs can finish properly without generating spurious page faults. Reported-by: Icecream95 <ixn@keemail.me> Fixes: 7282f76 ("drm/panfrost: Implement per FD address spaces") Cc: <stable@vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com> Reviewed-by: Steven Price <steven.price@arm.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210621133907.1683899-2-boris.brezillon@collabora.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ea7acd7 upstream. With added CPU domain to placement you can have now 3 placemnts at once. CC: stable@kernel.org Signed-off-by: Andrey Grodzovsky <andrey.grodzovsky@amd.com> Reviewed-by: Christian König <christian.koenig@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210622162339.761651-5-andrey.grodzovsky@amd.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0bbf06d upstream. [Why & How] The DCN3 SoC parameter num_states was calculated but not saved into the object. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1403 Cc: stable@vger.kernel.org Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com> Acked-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a7a9d11 upstream. [Why] Drop hardcoded dispclk, dppclk, phyclk [How] Read the corresponding values from clock table entries already populated. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1403 Cc: stable@vger.kernel.org Signed-off-by: Jerry (Fangzhi) Zuo <Jerry.Zuo@amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai@amd.com> Acked-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b5fab34 upstream. In lock_region, simplify the calculation of the region_width parameter. This field is the size, but encoded as ceil(log2(size)) - 1. ceil(log2(size)) may be computed directly as fls(size - 1). However, we want to use the 64-bit versions as the amount to lock can exceed 32-bits. This avoids undefined (and completely wrong) behaviour when locking all memory (size ~0). In this case, the old code would "round up" ~0 to the nearest page, overflowing to 0. Since fls(0) == 0, this would calculate a region width of 10 + 0 = 10. But then the code would shift by (region_width - 11) = -1. As shifting by a negative number is undefined, UBSAN flags the bug. Of course, even if it were defined the behaviour is wrong, instead of locking all memory almost none would get locked. The new form of the calculation corrects this special case and avoids the undefined behaviour. Signed-off-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com> Reported-and-tested-by: Chris Morgan <macromorgan@hotmail.com> Fixes: f3ba912 ("drm/panfrost: Add initial panfrost driver") Cc: <stable@vger.kernel.org> Reviewed-by: Steven Price <steven.price@arm.com> Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Steven Price <steven.price@arm.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210824173028.7528-2-alyssa.rosenzweig@collabora.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a77b588 upstream. Mali virtual addresses are 48-bit. Use a u64 instead of size_t to ensure we can express the "lock everything" condition as ~0ULL without overflow. This code was silently broken on any platform where a size_t is less than 48-bits; in particular, it was broken on 32-bit armv7 platforms which remain in use with panfrost. (Mainly RK3288) Signed-off-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com> Suggested-by: Rob Herring <robh@kernel.org> Tested-by: Chris Morgan <macromorgan@hotmail.com> Reviewed-by: Steven Price <steven.price@arm.com> Reviewed-by: Rob Herring <robh@kernel.org> Fixes: f3ba912 ("drm/panfrost: Add initial panfrost driver") Cc: <stable@vger.kernel.org> Signed-off-by: Steven Price <steven.price@arm.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210824173028.7528-3-alyssa.rosenzweig@collabora.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bd7ffbc upstream. When locking a region, we currently clamp to a PAGE_SIZE as the minimum lock region. While this is valid for Midgard, it is invalid for Bifrost, where the minimum locking size is 8x larger than the 4k page size. Add a hardware definition for the minimum lock region size (corresponding to KBASE_LOCK_REGION_MIN_SIZE_LOG2 in kbase) and respect it. Signed-off-by: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com> Tested-by: Chris Morgan <macromorgan@hotmail.com> Reviewed-by: Steven Price <steven.price@arm.com> Reviewed-by: Rob Herring <robh@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Steven Price <steven.price@arm.com> Link: https://patchwork.freedesktop.org/patch/msgid/20210824173028.7528-4-alyssa.rosenzweig@collabora.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b8cd0ee upstream. Event merges are expensive when event queue size is large, so limit the linear search to 128 merge tests. [Stable backport notes] The following statement from upstream commit is irrelevant for backport: - -In combination with 128 size hash table, there is a potential to merge -with up to 16K events in the hashed queue. - [Stable backport notes] The problem is as old as fanotify and described in the linked cover letter "Performance improvement for fanotify merge". This backported patch fixes the performance issue at the cost of merging fewer potential events. Fixing the performance issue is more important than preserving the "event merge" behavior, which was not predictable in any way that applications could rely on. Link: https://lore.kernel.org/r/20210304104826.3993892-6-amir73il@gmail.com Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/linux-fsdevel/20210202162010.305971-1-amir73il@gmail.com/ Link: https://lore.kernel.org/linux-fsdevel/20210915163334.GD6166@quack2.suse.cz/ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210916155753.903069397@linuxfoundation.org Tested-by: Fox Chen <foxhlchen@gmail.com> Tested-by: Shuah Khan <skhan@linuxfoundation.org> Tested-by: Florian Fainelli <f.fainelli@gmail.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Pavel Machek (CIP) <pavel@denx.de> Tested-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk> Tested-by: Salvatore Bonaccorso <carnil@debian.org> Tested-by: Hulk Robot <hulkrobot@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is the 5.10.67 stable release Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
zandrey
added a commit
to zandrey/meta-freescale
that referenced
this pull request
Sep 20, 2021
Kernel repository has been upgraded up to v5.10.67 from stable korg.
Following upstream commits are included in this version:
----
faf816b0f8d0 Linux 5.10.67
ad3ea16746cc fanotify: limit number of event merge attempts
412974e75fdd drm/panfrost: Clamp lock region to Bifrost minimum
8976e09443cb drm/panfrost: Use u64 for size in lock_region
95251e6833fa drm/panfrost: Simplify lock_region calculation
b80a99e04827 drm/amd/display: Update bounding box states (v2)
583c4f3d09c3 drm/amd/display: Update number of DCN3 clock states
7b1abace16a9 drm/amdgpu: Fix BUG_ON assert
c29485e34e63 drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv
bb693c114e8b drm/dp_mst: Fix return code on sideband message failure
84cac4f80605 drm/msi/mdp4: populate priv->kms in mdp4_kms_init
be1fcecfc145 drm/mgag200: Select clock in PLL update functions
d0aaea1f117d net: dsa: lantiq_gswip: fix maximum frame length
5944d0e2b0ab lib/test_stackinit: Fix static initializer test
00cdb2fb4df1 platform/chrome: cros_ec_proto: Send command again when timeout occurs
b2e72e53cd26 libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
6d86634d7bd1 memcg: enable accounting for pids in nested pid namespaces
388f12dabbe0 mm,vmscan: fix divide by zero in get_scan_count
2d2d8b0eca64 mm/hugetlb: initialize hugetlb_usage in mm_init
ce75a6b399e0 mm/hmm: bypass devmap pte when all pfn requested flags are fulfilled
e1fa3b2b60ab hugetlb: fix hugetlb cgroup refcounting during vma split
27dd91221b3f s390/pv: fix the forcing of the swiotlb
086faa4a2e86 cpufreq: powernv: Fix init_chip_info initialization in numa=off
55be9eb1936a scsi: qla2xxx: Sync queue idx with queue_pair_map idx
9c8414325eee scsi: qla2xxx: Changes to support kdump kernel
137dafa72230 scsi: BusLogic: Fix missing pr_cont() use
69775e4e17f2 ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
7a5756e90563 parisc: fix crash with signals and alloca
9a4e7f903866 io_uring: remove duplicated io_size from rw
6930a2a5be5c fs/io_uring Don't use the return value from import_iovec().
2c304c65defd net: hns3: clean up a type mismatch warning
fb1ee027878b net: w5100: check return value after calling platform_get_resource()
c49a52046da7 fix array-index-out-of-bounds in taprio_change
a4301d06a0b8 net: fix NULL pointer reference in cipso_v4_doi_free
5ed5d594d9a7 ath9k: fix sleeping in atomic context
aa3708236ea0 ath9k: fix OOB read ar9300_eeprom_restore_internal
be457b27dd0a wcn36xx: Fix missing frame timestamp for beacon/probe-resp
b1d547f2f51a selftests/bpf: Fix potential unreleased lock
3ad66d67822d parport: remove non-zero check on count
1e9302537804 net/mlx5: DR, Enable QP retransmission
9c5c65ecbd87 net/mlx5: DR, fix a potential use-after-free bug
4bbf0a9d90e8 iwlwifi: mvm: Fix scan channel flags settings
a693aff5e8d7 iwlwifi: fw: correctly limit to monitor dump
4ed6510e0559 iwlwifi: mvm: fix access to BSS elements
9e80a3d88f4d iwlwifi: mvm: avoid static queue number aliasing
3ed8982df50e iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
608c8359c567 iwlwifi: pcie: free RBs during configure
eb04c51a439e nfsd: fix crash on LOCKT on reexported NFSv3
0e9f4492219f drm/amdkfd: Account for SH/SE count when setting up cu masks.
27d4a96addef ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
969eddc3b4dc ASoC: rockchip: i2s: Fix regmap_ops hang
7344a8a80190 usbip:vhci_hcd USB port can get stuck in the disabled state
29c8f13a345d usbip: give back URBs for unsent unlink requests during cleanup
8de01a896c1b usb: musb: musb_dsps: request_irq() after initializing musb
c0751eeb938c Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
ba2faddf1f14 cifs: fix wrong release in sess_alloc_buffer() failed path
7c7d6c9cd879 mmc: core: Return correct emmc response in case of ioctl error
d1e382a04ada selftests/bpf: Enlarge select() timeout for test_maps
3aab5bffdde0 mmc: rtsx_pci: Fix long reads when clock is prescaled
7f43da79ebc5 mmc: sdhci-of-arasan: Check return value of non-void funtions
834ecf61cebd mmc: sdhci-of-arasan: Modified SD default speed to 19MHz for ZynqMP
1a40e60e2af4 of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
be69ed7bb9d3 ASoC: Intel: Skylake: Fix passing loadable flag for module
4a48ed479467 ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
d72afec087f7 soundwire: intel: fix potential race condition during power down
b225eeaf3a02 btrfs: tree-log: check btrfs_lookup_data_extent return value
87ae522e467e m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
c10b1afc2f43 octeontx2-pf: Fix NIX1_RX interface backpressure
6d657f1fa121 rtw88: wow: fix size access error of probe request
aa82a11176bd rtw88: wow: build wow function only if CONFIG_PM is on
2fd1964f7501 rtw88: use read_poll_timeout instead of fixed sleep
9baf6f8ca285 rtl8xxxu: Fix the handling of TX A-MPDU aggregation
756924bc1804 drm/exynos: Always initialize mapping in exynos_drm_register_dma()
9ce6e29375ba lockd: lockd server-side shouldn't set fl_ops
2d3fab9ceafa usb: chipidea: host: fix port index underflow and UBSAN complains
2225a5cd2fbc gfs2: Don't call dlm after protocol is unmounted
0df5eba67bf0 kselftest/arm64: pac: Fix skipping of tests on systems without PAC
9486d7ac9f30 kselftest/arm64: mte: Fix misleading output when skipping tests
1f5db5b8a3d6 net: Fix offloading indirect devices dependency on qdisc order creation
2a69325ee510 staging: rts5208: Fix get_ms_information() heap buffer size
868831492dd6 hwmon: (pmbus/ibm-cffps) Fix write bits for LED control
39738ebfad39 selftests/bpf: Fix flaky send_signal test
c53c68c9bf2a rpc: fix gss_svc_init cleanup on failure
4b1b4d3f45df tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
fca514f25c4d iomap: pass writeback errors to the mapping
49e2bcb7cf58 serial: sh-sci: fix break handling for sysrq
a99eec36ed39 opp: Don't print an error if required-opps is missing
6698029de35b Bluetooth: Fix handling of LE Enhanced Connection Complete
240a7025a6f8 nvme: code command_id with a genctr for use-after-free validation
24618e92d50f nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
27e8bc1f5b32 arm64: dts: ls1046a: fix eeprom entries
aa06cfc5291c arm64: tegra: Fix compatible string for Tegra132 CPUs
9c2b89f64f2e ARM: tegra: tamonten: Fix UART pad setting
035e8d5a6dd8 ARM: tegra: acer-a500: Remove bogus USB VBUS regulators
9713dfa5185a mac80211: Fix monitor MTU limit so that A-MSDUs get through
83449db3aac0 drm/display: fix possible null-pointer dereference in dcn10_set_clock()
2254383788ff gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
155e7047909d net/mlx5: Fix variable type to match 64bit
f86bc4a1a401 drm/msm/dp: return correct edid checksum after corrupted edid checksum read
98d44b7be6f1 Bluetooth: avoid circular locks in sco_sock_connect
a1073aad497d Bluetooth: schedule SCO timeouts with delayed_work
d6c91423993e drm/vmwgfx: fix potential UAF in vmwgfx_surface.c
3841dfa7eb5c selftests/bpf: Fix xdp_tx.c prog section name
63ebc1f1df81 drm/amd/display: fix incorrect CM/TF programming sequence in dwb
d763afc4ea2b drm/amd/display: fix missing writeback disablement if plane is removed
491c8be21993 thunderbolt: Fix port linking by checking all adapters
0f0f1de02b9b drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers
f76f78f9f479 drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock
127f3610a0e3 drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660
0bbbe3ec67f0 drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
ac21cd44c954 net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
2b0fa8d53041 nvmem: qfprom: Fix up qfprom_disable_fuse_blowing() ordering
35e5c99b152d arm64: dts: qcom: sm8250: Fix epss_l3 unit address
43ccafc91f63 arm64: dts: qcom: msm8996: don't use underscore in node name
f868c2d62a27 arm64: dts: qcom: msm8994: don't use underscore in node name
bda9c84edbb3 arm64: dts: qcom: sdm630: don't use underscore in node name
aa16e76c80af arm64: dts: qcom: ipq6018: drop '0x' from unit address
da714a198342 arm64: dts: qcom: sdm660: use reg value for memory node
34e9c56675a8 arm64: dts: qcom: ipq8074: fix pci node reg property
74287874c91d ARM: dts: imx53-ppd: Fix ACHC entry
6a00decce3a6 serial: 8250_omap: Handle optional overrun-throttle-ms property
699c91475847 arm64: dts: qcom: sdm630: Fix TLMM node and pinctrl configuration
310a127178b0 arm64: dts: qcom: sdm630: Rewrite memory map
783be2a94299 gfs2: Fix glock recursion in freeze_go_xmote_bh
4e014ff22e4b media: tegra-cec: Handle errors of clk_prepare_enable()
c159db240cf2 media: TDA1997x: fix tda1997x_query_dv_timings() return value
e3a2e20ed503 media: v4l2-dv-timings.c: fix wrong condition in two for-loops
ac1bcf53e32f media: imx258: Limit the max analogue gain to 480
4cb4967472c8 media: imx258: Rectify mismatch of VTS value
a64e3f1d8a27 ASoC: Intel: update sof_pcm512x quirks
9cf827242033 ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
f1fb1f6fa172 arm64: tegra: Fix Tegra194 PCIe EP compatible string
8fb3d8c151a7 ARM: dts: at91: use the right property for shutdown controller
f710323dcd24 bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler()
5d008cb7636d ARM: dts: stm32: Update AV96 adv7513 node per dtbs_check
3142476fa002 ARM: dts: stm32: Set {bitclock,frame}-master phandles on ST DKx
37437a60a93b ARM: dts: stm32: Set {bitclock,frame}-master phandles on DHCOM SoM
f4c7c95e3ee5 workqueue: Fix possible memory leaks in wq_numa_init()
6528cc687c88 Bluetooth: skip invalid hci_sync_conn_complete_evt
3b82e4799f53 ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
4af60a543ba6 libbpf: Fix race when pinning maps in parallel
874d5aa06ce2 samples: bpf: Fix tracex7 error raised on the missing argument
035f83b5abd3 staging: ks7010: Fix the initialization of the 'sleep_status' structure
d0a8ef04c220 serial: 8250_pci: make setup_port() parameters explicitly unsigned
2603740df8b2 hvsi: don't panic on tty_register_driver failure
dd3307a8b383 xtensa: ISS: don't panic in rs_init
b763d2e7d45c serial: 8250: Define RX trigger levels for OxSemi 950 devices
973c57c5e649 s390: make PCI mio support a machine flag
77d62f2bcc7f s390/jump_label: print real address in a case of a jump label bug
863d2eb2f726 flow_dissector: Fix out-of-bounds warnings
64583448c231 ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
bcc61adefd78 video: fbdev: riva: Error out if 'pixclock' equals zero
63abc0eb8af5 video: fbdev: kyro: Error out if 'pixclock' equals zero
6a8dcd2ffb41 video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
3740418ccde8 arm64: dts: allwinner: h6: tanix-tx6: Fix regulator node names
be2e11b9f8fa drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit
6a3564739b9f bpf/tests: Do not PASS tests without actually testing the result
99121dec14b0 bpf/tests: Fix copy-and-paste error in double word test
6f51f4241253 drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
a5999d18a8d8 drm/amdgpu: Fix a printing message
5b3a45eedd27 ethtool: improve compat ioctl handling
52bb703f71d3 nfp: fix return statement in nfp_net_parse_meta()
23e5fb647589 media: atomisp: pci: fix error return code in atomisp_pci_probe()
e5cecb9105d4 media: atomisp: Fix runtime PM imbalance in atomisp_pci_probe
9a85b9e37601 media: platform: stm32: unprepare clocks at handling errors in probe
c6e5eebd9540 media: hantro: vp8: Move noisy WARN_ON to vpu_debug
f462a39eb833 drm/amd/display: Fix timer_per_pixel unit error
b4f5c9454dfc selftests: firmware: Fix ignored return val of asprintf() warn
e944a221262e bus: fsl-mc: fix mmio base address for child DPRCs
165c55af5f5f tty: serial: jsm: hold port lock when reporting modem line changes
642639bb8d42 staging: board: Fix uninitialized spinlock when attaching genpd
03f4492dbff3 usb: gadget: composite: Allow bMaxPower=0 if self-powered
5534de13b6dc USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
b2b8137ec920 usb: gadget: u_ether: fix a potential null pointer dereference
566ddd2d94b0 usb: host: fotg210: fix the actual_length of an iso packet
224cf5e8c853 usb: host: fotg210: fix the endpoint's transactional opportunities calculation
463b3edfba90 igc: Check if num of q_vectors is smaller than max before array access
d3ca78775db4 rcu: Fix macro name CONFIG_TASKS_RCU_TRACE
34609faad0c9 drm: protect drm_master pointers in drm_lease.c
06a553a99bac drm: serialize drm_file.master with a new spinlock
54e51d288b38 drm: avoid blocking in drm_clients_info's rcu section
df19d95141d1 Smack: Fix wrong semantics in smk_access_entry()
3533aa65e6a9 netlink: Deal with ESRCH error in nlmsg_notify()
9de06dcd4710 video: fbdev: kyro: fix a DoS bug by restricting user input
29ab7f6d505f ARM: dts: qcom: apq8064: correct clock names
e0c17c11b15d iavf: fix locking of critical sections
67c9262e3f31 iavf: do not override the adapter state in the watchdog task
9f11de56012c iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
e78a0b4a339e net: phy: Fix data type in DP83822 dp8382x_disable_wol()
cca61275874a tipc: keep the skb in rcv queue until the whole data is read
cc12ab5951aa PCI: Use pci_update_current_state() in pci_enable_device_flags()
aad29a00a598 crypto: mxs-dcp - Use sg_mapping_iter to copy data
871abd1e6185 x86/hyperv: fix for unwanted manipulation of sched_clock when TSC marked unstable
c327b69e96b0 libbpf: Fix reuse of pinned map on older kernel
6a985c579499 media: dib8000: rewrite the init prbs logic
2048907d8cb7 ASoC: atmel: ATMEL drivers don't need HAS_DMA
10a135969fd7 drm/amdgpu: Fix amdgpu_ras_eeprom_init()
b32d3ded9dc2 drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET
6afd1e053d9b userfaultfd: prevent concurrent API initialization
1e4cfe954bd9 kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
981bf9b0aa1b MIPS: Malta: fix alignment of the devicetree buffer
bb8108546da9 f2fs: should put a page beyond EOF when preparing a write
d04925fb8d70 f2fs: deallocate compressed pages when error happens
4b71928e5c54 f2fs: fix to unmap pages from userspace process in punch_hole()
1c934aba9fd5 f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
45cb5f86c1c6 f2fs: fix to account missing .skipped_gc_rwsem
fd69f613af53 soc: mediatek: cmdq: add address shift in jump
d320c1b2e728 KVM: PPC: Fix clearing never mapped TCEs in realmode
6bf98b94ffeb clk: at91: clk-generated: Limit the requested rate to our range
9bab2bc4c238 fscache: Fix cookie key hashing
b4849e2ac706 RDMA/hns: Fix QP's resp incomplete assignment
e91077cf1780 powerpc/smp: Update cpu_core_map on all PowerPc systems
903ca538f588 platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call
add8e8c3402f KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live
4c0c4f702196 scsi: ufs: ufs-exynos: Fix static checker warning
bda5602c1c35 KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines
926bf91248dd clk: imx8m: fix clock tree update of TF-A managed clocks
e84a72f69621 HID: i2c-hid: Fix Elan touchpad regression
253bac6c60ad iommu/vt-d: Update the virtual command related registers
947579a6967a powerpc/config: Renable MTD_PHYSMAP_OF
1bc19e4062e9 scsi: qedf: Fix error codes in qedf_alloc_global_queues()
dc4577749987 scsi: qedi: Fix error codes in qedi_alloc_global_queues()
782c4017845d scsi: smartpqi: Fix an error code in pqi_get_raid_map()
41066433be42 powerpc/numa: Consider the max NUMA node for migratable LPAR
d3612083ecc1 pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
6291fd0eeafc scsi: fdomain: Fix error return code in fdomain_probe()
f02ab9d1d3a6 sunrpc: Fix return value of get_srcport()
21a2be1a5145 SUNRPC query transport's source port
f19abe046354 SUNRPC/xprtrdma: Fix reconnection locking
f3d301612787 SUNRPC: Fix potential memory corruption
9aa7a3ffb11c NFSv4/pnfs: The layout barrier indicate a minimal value for the seqid
2a542421eb7f NFSv4/pNFS: Always allow update of a zero valued layout barrier
4b96edea5cd1 NFSv4/pNFS: Fix a layoutget livelock loop
fa55e76641d8 dma-debug: fix debugfs initialization order
ca7f7e37bae4 openrisc: don't printk() unconditionally
31fd3211ef8b f2fs: reduce the scope of setting fsck tag when de->name_len is zero
49e4c83db885 cpuidle: pseries: Mark pseries_idle_proble() as __init
876e45c95eb6 RDMA/mlx5: Delete not-available udata check
a77da9de0d7d RDMA/efa: Remove double QP type assignment
1988836e30c5 powerpc/stacktrace: Include linux/delay.h
c5a5528da722 cpuidle: pseries: Fixup CEDE0 latency only for POWER10 onwards
3b2bbcccd6e9 scsi: ufs: Fix memory corruption by ufshcd_read_desc_param()
d353e093c0d5 vfio: Use config not menuconfig for VFIO_NOIOMMU
0f711378f0b1 pinctrl: samsung: Fix pinctrl bank pin count
59137b7dfff1 scsi: BusLogic: Use %X for u32 sized integer rather than %lX
8ea3e622af56 docs: Fix infiniband uverbs minor number
fe2a1cd62267 RDMA/iwcm: Release resources if iw_cm module initialization fails
b824bae96f73 IB/hfi1: Adjust pkey entry in index 0
273ed4f47e6f clk: rockchip: drop GRF dependency for rk3328/rk3036 pll types
f1eccc408168 scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
ef5395fbadac pinctrl: armada-37xx: Correct PWM pins definitions
782ceaba977c pinctrl: remove empty lines in pinctrl subsystem
2d586a3f5b7e f2fs: quota: fix potential deadlock
70fd9363673b HID: input: do not report stylus battery state as "full"
4e89aea738b5 PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
b50db4c02f45 PCI: aardvark: Fix checking for PIO status
9d6090575406 PCI: Export pci_pio_to_address() for module use
fa3c15ccf2ea PCI: aardvark: Configure PCIe resources from 'ranges' DT property
df23bd40ed88 PCI: xilinx-nwl: Enable the clock through CCF
72f2be343272 PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
088a1052f7b0 PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
9302a3c00cc6 PCI/portdrv: Enable Bandwidth Notification only if port supports it
74d6dfcb0f9d f2fs: fix to do sanity check for sb/cp fields correctly
ce7e64e63acf ARM: 9105/1: atags_to_fdt: don't warn about stack size
ba73bc166615 libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
bcbc44e42dc6 dmaengine: imx-sdma: remove duplicated sdma_load_context
300ccb129252 Revert "dmaengine: imx-sdma: refine to load context only once"
76668bdee0b0 s390/qdio: cancel the ESTABLISH ccw after timeout
bcc0c767f9b3 s390/qdio: fix roll-back after timeout on ESTABLISH ccw
2d2aaa200ced media: rc-loopback: return number of emitters rather than error
c0eaaa686864 media: uvc: don't do DMA on stack
516dbe27f447 VMCI: fix NULL pointer dereference when unmapping queue pair
6cae39f45754 crypto: ccp - shutdown SEV firmware on kexec
7509c4cb7c80 dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
4f920fefd857 power: supply: max17042: handle fails of reading status register
0d54bbad80f7 block: bfq: fix bfq_set_next_ioprio_data()
5df14bba0056 crypto: public_key: fix overflow during implicit conversion
646870ad8e56 wcn36xx: Ensure finish scan is not requested before start scan
4753723f8b48 iio: ltc2983: fix device probe
de32e151800d arm64: head: avoid over-mapping in map_memory
2d3a9dff763f arm64: mm: Fix TLBI vs ASID rollover
01e6c64bbc5d soc: aspeed: p2a-ctrl: Fix boundary check for mmap
3fdf2feb6cbe soc: aspeed: lpc-ctrl: Fix boundary check for mmap
e80c45dbe263 soc: qcom: aoss: Fix the out of bound usage of cooling_devs
610e8b2621d6 pinctrl: ingenic: Fix incorrect pull up/down info
1e1136fbe89f pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
7524fcd09c3e clk: socfpga: agilex: add the bypass register for s2f_usr0 clock
96bf326fb93c clk: socfpga: agilex: fix up s2f_user0_clk representation
7eb16be25f0f clk: socfpga: agilex: fix the parents of the psi_ref_clk
ac99b3aa8375 tools/thermal/tmon: Add cross compiling support
2daa118a3f7b selftests/ftrace: Fix requirement check of README file
8248b61b86fb ceph: fix dereference of null pointer cf
c37085d60634 9p/xen: Fix end of loop tests for list_for_each_entry
907944851aa0 xen: fix setting of max_pfn in shared_info
37566a343fe9 powerpc/perf/hv-gpci: Fix counter value parsing
5f13c8bae824 PCI/MSI: Skip masking MSI-X on Xen PV
d15554f98597 blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
a58f08255490 blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
c1b249e02a80 btrfs: reset replace target device to allocation state on close
0901af53da8f btrfs: wake up async_delalloc_pages waiters after submit
9ac218642dfc io-wq: fix wakeup race when adding new work
548ee201fb4a io_uring: fail links of cancelled timeouts
54eb6211b979 io_uring: add ->splice_fd_in checks
a3ed34bcada5 io_uring: place fixed tables under memcg limits
5103b733348e io_uring: limit fixed table size by RLIMIT_NOFILE
ebedb252a47f rtc: tps65910: Correct driver module alias
----
Link: https://lore.kernel.org/r/20210916155753.903069397@linuxfoundation.org # v5.10.67
Link: Freescale/linux-fslc#446
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
zandrey
pushed a commit
to zandrey/linux-fslc
that referenced
this pull request
Dec 1, 2021
commit 1c74312 upstream. When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug has been present since the beginning of IPv6 nexthop gateway support. Commit 1aefd3d ("ipv6: Add fib6_nh_init and release to stubs") tells us that only fib6_nh_init has a dummy stub because fib6_nh_release should not be called if fib6_nh_init returns an error, but the commit below added a call to ipv6_stub->fib6_nh_release in its error path. To fix it return the dummy stub's -EAFNOSUPPORT error directly without calling ipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path. [1] Output is a bit truncated, but it clearly shows the error. BUG: kernel NULL pointer dereference, address: 000000000000000000 #PF: supervisor instruction fetch in kernel modede #PF: error_code(0x0010) - not-present pagege PGD 0 P4D 0 Oops: 0010 [Freescale#1] PREEMPT SMP NOPTI CPU: 4 PID: 638 Comm: ip Kdump: loaded Not tainted 5.16.0-rc1+ Freescale#446 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffff888109f5b8f0 EFLAGS: 00010286^Ac RAX: 0000000000000000 RBX: ffff888109f5ba28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881008a2860 RBP: ffff888109f5b9d8 R08: 0000000000000000 R09: 0000000000000000 R10: ffff888109f5b978 R11: ffff888109f5b948 R12: 00000000ffffff9f R13: ffff8881008a2a80 R14: ffff8881008a2860 R15: ffff8881008a2840 FS: 00007f98de70f100(0000) GS:ffff88822bf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000100efc000 CR4: 00000000000006e0 Call Trace: <TASK> nh_create_ipv6+0xed/0x10c rtm_new_nexthop+0x6d7/0x13f3 ? check_preemption_disabled+0x3d/0xf2 ? lock_is_held_type+0xbe/0xfd rtnetlink_rcv_msg+0x23f/0x26a ? check_preemption_disabled+0x3d/0xf2 ? rtnl_calcit.isra.0+0x147/0x147 netlink_rcv_skb+0x61/0xb2 netlink_unicast+0x100/0x187 netlink_sendmsg+0x37f/0x3a0 ? netlink_unicast+0x187/0x187 sock_sendmsg_nosec+0x67/0x9b ____sys_sendmsg+0x19d/0x1f9 ? copy_msghdr_from_user+0x4c/0x5e ? rcu_read_lock_any_held+0x2a/0x78 ___sys_sendmsg+0x6c/0x8c ? asm_sysvec_apic_timer_interrupt+0x12/0x20 ? lockdep_hardirqs_on+0xd9/0x102 ? sockfd_lookup_light+0x69/0x99 __sys_sendmsg+0x50/0x6e do_syscall_64+0xcb/0xf2 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f98dea28914 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53 RSP: 002b:00007fff859f5e68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e2e RAX: ffffffffffffffda RBX: 00000000619cb810 RCX: 00007f98dea28914 RDX: 0000000000000000 RSI: 00007fff859f5ed0 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000008 R10: fffffffffffffce6 R11: 0000000000000246 R12: 0000000000000001 R13: 000055c0097ae520 R14: 000055c0097957fd R15: 00007fff859f63a0 </TASK> Modules linked in: bridge stp llc bonding virtio_net Cc: stable@vger.kernel.org Fixes: 53010f9 ("nexthop: Add support for IPv6 gateways") Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
zandrey
pushed a commit
to zandrey/linux-fslc
that referenced
this pull request
Dec 1, 2021
commit 1c74312 upstream. When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug has been present since the beginning of IPv6 nexthop gateway support. Commit 1aefd3d ("ipv6: Add fib6_nh_init and release to stubs") tells us that only fib6_nh_init has a dummy stub because fib6_nh_release should not be called if fib6_nh_init returns an error, but the commit below added a call to ipv6_stub->fib6_nh_release in its error path. To fix it return the dummy stub's -EAFNOSUPPORT error directly without calling ipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path. [1] Output is a bit truncated, but it clearly shows the error. BUG: kernel NULL pointer dereference, address: 000000000000000000 #PF: supervisor instruction fetch in kernel modede #PF: error_code(0x0010) - not-present pagege PGD 0 P4D 0 Oops: 0010 [Freescale#1] PREEMPT SMP NOPTI CPU: 4 PID: 638 Comm: ip Kdump: loaded Not tainted 5.16.0-rc1+ Freescale#446 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffff888109f5b8f0 EFLAGS: 00010286^Ac RAX: 0000000000000000 RBX: ffff888109f5ba28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881008a2860 RBP: ffff888109f5b9d8 R08: 0000000000000000 R09: 0000000000000000 R10: ffff888109f5b978 R11: ffff888109f5b948 R12: 00000000ffffff9f R13: ffff8881008a2a80 R14: ffff8881008a2860 R15: ffff8881008a2840 FS: 00007f98de70f100(0000) GS:ffff88822bf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000100efc000 CR4: 00000000000006e0 Call Trace: <TASK> nh_create_ipv6+0xed/0x10c rtm_new_nexthop+0x6d7/0x13f3 ? check_preemption_disabled+0x3d/0xf2 ? lock_is_held_type+0xbe/0xfd rtnetlink_rcv_msg+0x23f/0x26a ? check_preemption_disabled+0x3d/0xf2 ? rtnl_calcit.isra.0+0x147/0x147 netlink_rcv_skb+0x61/0xb2 netlink_unicast+0x100/0x187 netlink_sendmsg+0x37f/0x3a0 ? netlink_unicast+0x187/0x187 sock_sendmsg_nosec+0x67/0x9b ____sys_sendmsg+0x19d/0x1f9 ? copy_msghdr_from_user+0x4c/0x5e ? rcu_read_lock_any_held+0x2a/0x78 ___sys_sendmsg+0x6c/0x8c ? asm_sysvec_apic_timer_interrupt+0x12/0x20 ? lockdep_hardirqs_on+0xd9/0x102 ? sockfd_lookup_light+0x69/0x99 __sys_sendmsg+0x50/0x6e do_syscall_64+0xcb/0xf2 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f98dea28914 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53 RSP: 002b:00007fff859f5e68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e2e RAX: ffffffffffffffda RBX: 00000000619cb810 RCX: 00007f98dea28914 RDX: 0000000000000000 RSI: 00007fff859f5ed0 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000008 R10: fffffffffffffce6 R11: 0000000000000246 R12: 0000000000000001 R13: 000055c0097ae520 R14: 000055c0097957fd R15: 00007fff859f63a0 </TASK> Modules linked in: bridge stp llc bonding virtio_net Cc: stable@vger.kernel.org Fixes: 53010f9 ("nexthop: Add support for IPv6 gateways") Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
zandrey
pushed a commit
to zandrey/linux-fslc
that referenced
this pull request
Dec 2, 2021
commit 1c74312 upstream. When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug has been present since the beginning of IPv6 nexthop gateway support. Commit 1aefd3d ("ipv6: Add fib6_nh_init and release to stubs") tells us that only fib6_nh_init has a dummy stub because fib6_nh_release should not be called if fib6_nh_init returns an error, but the commit below added a call to ipv6_stub->fib6_nh_release in its error path. To fix it return the dummy stub's -EAFNOSUPPORT error directly without calling ipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path. [1] Output is a bit truncated, but it clearly shows the error. BUG: kernel NULL pointer dereference, address: 000000000000000000 #PF: supervisor instruction fetch in kernel modede #PF: error_code(0x0010) - not-present pagege PGD 0 P4D 0 Oops: 0010 [Freescale#1] PREEMPT SMP NOPTI CPU: 4 PID: 638 Comm: ip Kdump: loaded Not tainted 5.16.0-rc1+ Freescale#446 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffff888109f5b8f0 EFLAGS: 00010286^Ac RAX: 0000000000000000 RBX: ffff888109f5ba28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881008a2860 RBP: ffff888109f5b9d8 R08: 0000000000000000 R09: 0000000000000000 R10: ffff888109f5b978 R11: ffff888109f5b948 R12: 00000000ffffff9f R13: ffff8881008a2a80 R14: ffff8881008a2860 R15: ffff8881008a2840 FS: 00007f98de70f100(0000) GS:ffff88822bf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000100efc000 CR4: 00000000000006e0 Call Trace: <TASK> nh_create_ipv6+0xed/0x10c rtm_new_nexthop+0x6d7/0x13f3 ? check_preemption_disabled+0x3d/0xf2 ? lock_is_held_type+0xbe/0xfd rtnetlink_rcv_msg+0x23f/0x26a ? check_preemption_disabled+0x3d/0xf2 ? rtnl_calcit.isra.0+0x147/0x147 netlink_rcv_skb+0x61/0xb2 netlink_unicast+0x100/0x187 netlink_sendmsg+0x37f/0x3a0 ? netlink_unicast+0x187/0x187 sock_sendmsg_nosec+0x67/0x9b ____sys_sendmsg+0x19d/0x1f9 ? copy_msghdr_from_user+0x4c/0x5e ? rcu_read_lock_any_held+0x2a/0x78 ___sys_sendmsg+0x6c/0x8c ? asm_sysvec_apic_timer_interrupt+0x12/0x20 ? lockdep_hardirqs_on+0xd9/0x102 ? sockfd_lookup_light+0x69/0x99 __sys_sendmsg+0x50/0x6e do_syscall_64+0xcb/0xf2 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f98dea28914 Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53 RSP: 002b:00007fff859f5e68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e2e RAX: ffffffffffffffda RBX: 00000000619cb810 RCX: 00007f98dea28914 RDX: 0000000000000000 RSI: 00007fff859f5ed0 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000008 R10: fffffffffffffce6 R11: 0000000000000246 R12: 0000000000000001 R13: 000055c0097ae520 R14: 000055c0097957fd R15: 00007fff859f63a0 </TASK> Modules linked in: bridge stp llc bonding virtio_net Cc: stable@vger.kernel.org Fixes: 53010f9 ("nexthop: Add support for IPv6 gateways") Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automatic merge performed, no conflicts reported.
Kernel has been built for both aarch64 (
defconfig) and arm32 (imx_v6_v7_defconfig).-- andrey