* [PATCH 6.6 000/114] 6.6.27-rc1 review
@ 2024-04-11 9:55 Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 001/114] wifi: ath9k: fix LNA selection in ath_ant_try_scan() Greg Kroah-Hartman
` (124 more replies)
0 siblings, 125 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
This is the start of the stable review cycle for the 6.6.27 release.
There are 114 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.6.27-rc1
Ma Jun <Jun.Ma2@amd.com>
Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
Vasiliy Kovalev <kovalev@altlinux.org>
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Florian Westphal <fw@strlen.de>
net: mpls: error out if inner headers are not set
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: btintel: Fixe build regression
Gwendal Grignou <gwendal@chromium.org>
platform/x86: intel-vbtn: Update tablet mode switch at end of probe
Kees Cook <keescook@chromium.org>
randomize_kstack: Improve entropy diffusion
Yunfei Dong <yunfei.dong@mediatek.com>
media: mediatek: vcodec: adding lock to protect encoder context list
Yunfei Dong <yunfei.dong@mediatek.com>
media: mediatek: vcodec: adding lock to protect decoder context list
Nicolas Dufresne <nicolas.dufresne@collabora.com>
media: mediatek: vcodec: Fix oops when HEVC init fails
Geliang Tang <geliang.tang@suse.com>
selftests: mptcp: display simult in extra_msg
Ard Biesheuvel <ardb@kernel.org>
gcc-plugins/stackleak: Avoid .head.text section
Tim Crawford <tcrawford@system76.com>
ALSA: hda/realtek: Add quirks for some Clevo laptops
Roman Smirnov <r.smirnov@omp.ru>
fbmon: prevent division by zero in fb_videomode_from_videomode()
Jiawei Fu (iBug) <i@ibugone.com>
drivers/nvme: Add quirks for device 126f:2262
Max Kellermann <max.kellermann@ionos.com>
modpost: fix null pointer dereference
Jens Axboe <axboe@kernel.dk>
io_uring: clear opcode specific data for an early failure
Aleksandr Burakov <a.burakov@rosalinux.ru>
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
Roger Pau Monne <roger.pau@citrix.com>
x86/xen: attempt to inflate the memory balloon on PVH
Chancel Liu <chancel.liu@nxp.com>
ASoC: soc-core.c: Skip dummy codec when adding platforms
Konrad Dybcio <konrad.dybcio@linaro.org>
thermal/of: Assume polling-delay(-passive) 0 when absent
M Cooley <m.cooley.198@gmail.com>
ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
Colin Ian King <colin.i.king@gmail.com>
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
Marco Felsch <m.felsch@pengutronix.de>
usb: typec: tcpci: add generic tcpci fallback compatible
Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Keep the domain powered when USB4 port is in redrive mode
Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
usb: typec: ucsi: Limit read size on v1.2
Michael Grzeschik <m.grzeschik@pengutronix.de>
usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
Tejun Heo <tj@kernel.org>
kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
Jeffrey Hugo <quic_jhugo@quicinc.com>
bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
Petre Rodan <petre.rodan@subdimension.ro>
tools: iio: replace seekdir() in iio_generic_buffer
linke li <lilinke99@qq.com>
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
Matt Scialabba <matt.git@fastmail.fm>
Input: xpad - add support for Snakebyte GAMEPADs
Ricardo B. Marliere <ricardo@marliere.net>
ktest: force $buildonly = 1 for 'make_warnings_file' test type
Jichi Zhang <i@jichi.ca>
ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
Sandipan Das <sandipan.das@amd.com>
perf/x86/amd/lbr: Discard erroneous branch entries
Alban Boyé <alban.boye@protonmail.com>
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
Gergo Koteles <soyer@irl.hu>
Input: allocate keycode for Display refresh rate toggle
Duje Mihanović <duje.mihanovic@skole.hr>
Input: imagis - use FIELD_GET where applicable
Manjunath Patil <manjunath.b.patil@oracle.com>
RDMA/cm: add timeout to cm_destroy_id wait
Roman Smirnov <r.smirnov@omp.ru>
block: prevent division by zero in blk_rq_stat_sum()
Junhao He <hejunhao3@huawei.com>
drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
Markuss Broks <markuss.broks@gmail.com>
input/touchscreen: imagis: Correct the maximum touch area value
Ian Rogers <irogers@google.com>
libperf evlist: Avoid out-of-bounds access
Daniel Drake <drake@endlessos.org>
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
Daniel Drake <drake@endlessos.org>
PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
Dai Ngo <dai.ngo@oracle.com>
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Shradha Gupta <shradhagupta@linux.microsoft.com>
drm: Check output polling initialized before disabling
Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
Dmitry Torokhov <dmitry.torokhov@gmail.com>
HID: input: avoid polling stylus battery on Chromebook Pompom
Jarkko Nikula <jarkko.nikula@linux.intel.com>
i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
Koby Elbaz <kelbaz@habana.ai>
accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
Aric Cyr <aric.cyr@amd.com>
drm/amd/display: Fix nanosec stat overflow
Ye Bin <yebin10@huawei.com>
ext4: forbid commit inconsistent quota data when errors=remount-ro
Zhang Yi <yi.zhang@huawei.com>
ext4: add a hint for block bitmap corrupt state in mb_groups
Cezary Rojewski <cezary.rojewski@intel.com>
ASoC: Intel: avs: Populate board selection with new I2S entries
Takashi Sakamoto <o-takashi@sakamocchi.jp>
ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
Arnd Bergmann <arnd@arndb.de>
media: sta2x11: fix irq handler cast
Mike Marshall <hubcap@omnibond.com>
Julia Lawall reported this null pointer dereference, this should fix it.
Paul E. McKenney <paulmck@kernel.org>
rcu-tasks: Repair RCU Tasks Trace quiescence check
Zqiang <qiang.zhang1211@gmail.com>
rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
mosomate <mosomate@gmail.com>
ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
Alex Henrie <alexhenrie24@gmail.com>
isofs: handle CDs with bad root inode but good Joliet root directory
Justin Tee <justin.tee@broadcom.com>
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
sysv: don't call sb_bread() with pointers_lock held
Geert Uytterhoeven <geert+renesas@glider.be>
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
Christian König <christian.koenig@amd.com>
drm/ttm: return ENOSPC from ttm_bo_mem_space v3
Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
ASoC: SOF: amd: Optimize quirk for Valve Galileo
Samuel Dionne-Riel <samuel@dionne-riel.com>
drm: panel-orientation-quirks: Add quirk for GPD Win Mini
Kunwu Chan <chentao@kylinos.cn>
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Maíra Canal <mcanal@igalia.com>
drm/vc4: don't check if plane->state->fb == state->fb
Vinicius Peixoto <nukelet64@gmail.com>
Bluetooth: Add new quirk for broken read key length on ATS2851
Takashi Iwai <tiwai@suse.de>
Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
Edward Adam Davis <eadavis@qq.com>
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Eric Dumazet <edumazet@google.com>
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Jacob Keller <jacob.e.keller@intel.com>
ice: use relative VSI index for VFs instead of PF VSI number
David Sterba <dsterba@suse.com>
btrfs: send: handle path ref underflow in header iterate_inode_ref()
David Sterba <dsterba@suse.com>
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
David Sterba <dsterba@suse.com>
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
Johannes Berg <johannes.berg@intel.com>
wifi: cfg80211: check A-MSDU format more carefully
Takashi Iwai <tiwai@suse.de>
wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
Kees Cook <keescook@chromium.org>
overflow: Allow non-type arg to type_max() and type_min()
Viresh Kumar <viresh.kumar@linaro.org>
cpufreq: Don't unregister cpufreq cooling on CPU hotplug
Baochen Qiang <quic_bqiang@quicinc.com>
wifi: ath11k: decrease MHI channel buffer length to 8KB
Rick Edgecombe <rick.p.edgecombe@intel.com>
dma-direct: Leak pages on dma_set_decrypted() failure
Serge Semin <fancer.lancer@gmail.com>
net: pcs: xpcs: Return EINVAL in the internal methods
Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
Kunwu Chan <chentao@kylinos.cn>
pstore/zone: Add a null pointer check to the psz_kmsg_read
Hans de Goede <hdegoede@redhat.com>
ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS
Shayne Chen <shayne.chen@mediatek.com>
wifi: mt76: mt7996: add locking for accessing mapped registers
Peter Chiu <chui-hao.chiu@mediatek.com>
wifi: mt76: mt7996: disable AMSDU for non-data frames
Shayne Chen <shayne.chen@mediatek.com>
wifi: mt76: mt7915: add locking for accessing mapped registers
Hans de Goede <hdegoede@redhat.com>
wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
Markus Elfring <elfring@users.sourceforge.net>
firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
Florian Westphal <fw@strlen.de>
net: skbuff: add overflow debug check to pull/push helpers
Shannon Nelson <shannon.nelson@amd.com>
ionic: set adminq irq affinity
Adam Ford <aford173@gmail.com>
pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
Kunwu Chan <chentao@kylinos.cn>
pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
Eric Dumazet <edumazet@google.com>
net: add netdev_lockdep_set_classes() to virtual drivers
Johan Jonker <jbx6244@gmail.com>
arm64: dts: rockchip: fix rk3399 hdmi ports node
Johan Jonker <jbx6244@gmail.com>
arm64: dts: rockchip: fix rk3328 hdmi ports node
Johan Jonker <jbx6244@gmail.com>
ARM: dts: rockchip: fix rk322x hdmi ports node
Johan Jonker <jbx6244@gmail.com>
ARM: dts: rockchip: fix rk3288 hdmi ports node
C Cheng <C.Cheng@mediatek.com>
cpuidle: Avoid potential overflow in integer multiplication
John Ogness <john.ogness@linutronix.de>
panic: Flush kernel log buffer at the end
John Ogness <john.ogness@linutronix.de>
printk: For @suppress_panic_printk check for other CPU in panic
Mukesh Sisodiya <mukesh.sisodiya@intel.com>
wifi: iwlwifi: pcie: Add the PCI device id for new hardware
Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
Ping-Ke Shih <pkshih@realtek.com>
wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
Andre Werner <andre.werner@systec-electronic.com>
net: phy: phy_device: Prevent nullptr exceptions on ISR
Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
net: stmmac: dwmac-starfive: Add support for JH7100 SoC
Markus Elfring <elfring@users.sourceforge.net>
batman-adv: Improve exception handling in batadv_throw_uevent()
Markus Elfring <elfring@users.sourceforge.net>
batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
Kees Cook <keescook@chromium.org>
bnx2x: Fix firmware version string character counts
Po-Hao Huang <phhuang@realtek.com>
wifi: rtw89: fix null pointer access when abort scan
Dmitry Antipov <dmantipov@yandex.ru>
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
-------------
Diffstat:
Makefile | 4 +-
arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 ++--
arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++-
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++-
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++-
arch/x86/events/amd/lbr.c | 6 +-
arch/x86/include/asm/xen/hypervisor.h | 5 ++
arch/x86/pci/fixup.c | 48 ++++++++++++
arch/x86/platform/pvh/enlighten.c | 3 +
arch/x86/xen/enlighten.c | 32 ++++++++
arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++
arch/x86/xen/setup.c | 44 -----------
arch/x86/xen/xen-ops.h | 14 ++++
block/blk-stat.c | 2 +-
drivers/accel/habanalabs/common/habanalabs.h | 2 +-
drivers/acpi/sleep.c | 12 ---
drivers/acpi/x86/utils.c | 18 ++++-
drivers/bluetooth/btintel.c | 2 +-
drivers/bluetooth/btmtk.c | 1 +
drivers/bluetooth/btmtk.h | 1 +
drivers/bluetooth/btusb.c | 1 +
drivers/bus/mhi/host/init.c | 1 +
drivers/bus/mhi/host/internal.h | 9 ++-
drivers/bus/mhi/host/pm.c | 20 ++++-
drivers/cpufreq/cpufreq.c | 17 +++--
drivers/cpuidle/driver.c | 3 +-
drivers/firmware/tegra/bpmp-debugfs.c | 2 +-
.../gpu/drm/amd/display/modules/inc/mod_stats.h | 4 +-
drivers/gpu/drm/drm_modeset_helper.c | 19 ++++-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 +++
drivers/gpu/drm/drm_probe_helper.c | 13 +++-
drivers/gpu/drm/ttm/ttm_bo.c | 7 +-
drivers/gpu/drm/vc4/vc4_plane.c | 5 +-
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-input.c | 2 +
drivers/i2c/busses/i2c-designware-core.h | 2 +-
drivers/infiniband/core/cm.c | 20 ++++-
drivers/input/joystick/xpad.c | 3 +
drivers/input/rmi4/rmi_driver.c | 6 +-
drivers/input/touchscreen/imagis.c | 20 ++---
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 +--
.../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 8 +-
.../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 ++
.../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 +
.../vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +-
.../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 +
.../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 ++
.../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 +
.../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 +
drivers/misc/vmw_vmci/vmci_datagram.c | 6 +-
drivers/net/dummy.c | 1 +
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 ++-
.../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 ++--
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 +--
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 +-
drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 +-
.../net/ethernet/stmicro/stmmac/dwmac-starfive.c | 32 +++++++-
drivers/net/geneve.c | 1 +
drivers/net/loopback.c | 1 +
drivers/net/pcs/pcs-xpcs.c | 4 +-
drivers/net/phy/phy_device.c | 13 ++--
drivers/net/veth.c | 1 +
drivers/net/vxlan/vxlan_core.c | 1 +
drivers/net/wireless/ath/ath11k/mhi.c | 2 +-
drivers/net/wireless/ath/ath9k/antenna.c | 2 +-
.../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++
drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++
drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 +
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++--
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++------
drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 +-
drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +-
drivers/net/wireless/realtek/rtw89/pci.h | 2 +-
drivers/nvme/host/pci.c | 3 +
drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++-
drivers/pinctrl/renesas/core.c | 4 +-
drivers/platform/x86/intel/vbtn.c | 5 +-
drivers/platform/x86/touchscreen_dmi.c | 9 +++
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +--
drivers/pmdomain/ti/omap_prm.c | 2 +
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 +-
drivers/soundwire/dmi-quirks.c | 8 ++
drivers/thermal/thermal_of.c | 12 ++-
drivers/thunderbolt/quirks.c | 14 ++++
drivers/thunderbolt/tb.c | 49 ++++++++++++-
drivers/thunderbolt/tb.h | 4 +
drivers/usb/gadget/function/uvc_video.c | 3 +
drivers/usb/host/sl811-hcd.c | 2 +
drivers/usb/typec/tcpm/tcpci.c | 1 +
drivers/usb/typec/ucsi/ucsi.c | 26 ++++++-
drivers/usb/typec/ucsi/ucsi.h | 11 +++
drivers/video/fbdev/core/fbmon.c | 7 +-
drivers/video/fbdev/via/accel.c | 4 +-
drivers/xen/balloon.c | 2 -
fs/btrfs/export.c | 9 ++-
fs/btrfs/send.c | 10 ++-
fs/btrfs/volumes.c | 12 ++-
fs/ext4/mballoc.c | 5 +-
fs/ext4/super.c | 12 +++
fs/isofs/inode.c | 18 ++++-
fs/kernfs/dir.c | 31 +++++---
fs/kernfs/kernfs-internal.h | 2 +
fs/orangefs/super.c | 2 +-
fs/pstore/zone.c | 2 +
fs/sysv/itree.c | 10 +--
include/acpi/acpi_bus.h | 22 +++---
include/linux/kernfs.h | 2 +
include/linux/overflow.h | 12 +--
include/linux/randomize_kstack.h | 2 +-
include/linux/rcupdate.h | 4 +-
include/linux/skbuff.h | 11 +++
include/linux/sunrpc/sched.h | 2 +-
include/net/bluetooth/hci.h | 8 ++
include/uapi/linux/input-event-codes.h | 1 +
io_uring/io_uring.c | 25 ++++---
kernel/dma/direct.c | 9 ++-
kernel/panic.c | 8 ++
kernel/printk/printk.c | 3 +-
kernel/rcu/tree_nocb.h | 2 +-
kernel/trace/ring_buffer.c | 2 +-
net/batman-adv/distributed-arp-table.c | 3 +-
net/batman-adv/main.c | 14 ++--
net/bluetooth/hci_event.c | 3 +-
net/ipv4/ip_tunnel.c | 1 +
net/ipv6/ip6_gre.c | 2 +
net/ipv6/ip6_tunnel.c | 1 +
net/ipv6/ip6_vti.c | 1 +
net/ipv6/sit.c | 1 +
net/mpls/mpls_gso.c | 3 +
net/smc/smc_pnet.c | 10 +++
net/wireless/util.c | 14 +++-
scripts/gcc-plugins/stackleak_plugin.c | 2 +
scripts/mod/modpost.c | 4 +-
sound/firewire/amdtp-stream.c | 12 ++-
sound/firewire/amdtp-stream.h | 4 +
sound/pci/hda/patch_realtek.c | 12 +++
sound/soc/amd/yc/acp6x-mach.c | 7 ++
sound/soc/intel/avs/board_selection.c | 85 ++++++++++++++++++++++
sound/soc/intel/boards/sof_sdw.c | 11 +++
sound/soc/soc-core.c | 3 +
sound/soc/sof/amd/acp.c | 3 +-
tools/iio/iio_utils.c | 2 +-
tools/lib/perf/evlist.c | 18 +++--
tools/lib/perf/include/internal/evlist.h | 4 +-
.../x86_energy_perf_policy.c | 1 +
tools/testing/ktest/ktest.pl | 1 +
tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 +-
152 files changed, 1140 insertions(+), 318 deletions(-)
^ permalink raw reply [flat|nested] 126+ messages in thread
* [PATCH 6.6 001/114] wifi: ath9k: fix LNA selection in ath_ant_try_scan()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 002/114] wifi: rtw89: fix null pointer access when abort scan Greg Kroah-Hartman
` (123 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Antipov,
Toke Høiland-Jørgensen, Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit d6b27eb997ef9a2aa51633b3111bc4a04748e6d3 ]
In 'ath_ant_try_scan()', (most likely) the 2nd LNA's signal
strength should be used in comparison against RSSI when
selecting first LNA as the main one. Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://msgid.link/20231211172502.25202-1-dmantipov@yandex.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath9k/antenna.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/antenna.c b/drivers/net/wireless/ath/ath9k/antenna.c
index 988222cea9dfe..acc84e6711b0e 100644
--- a/drivers/net/wireless/ath/ath9k/antenna.c
+++ b/drivers/net/wireless/ath/ath9k/antenna.c
@@ -643,7 +643,7 @@ static void ath_ant_try_scan(struct ath_ant_comb *antcomb,
conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1;
conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2;
} else if (antcomb->rssi_sub >
- antcomb->rssi_lna1) {
+ antcomb->rssi_lna2) {
/* set to A-B */
conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1;
conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 002/114] wifi: rtw89: fix null pointer access when abort scan
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 001/114] wifi: ath9k: fix LNA selection in ath_ant_try_scan() Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 003/114] bnx2x: Fix firmware version string character counts Greg Kroah-Hartman
` (122 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Po-Hao Huang, Ping-Ke Shih,
Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Po-Hao Huang <phhuang@realtek.com>
[ Upstream commit 7e11a2966f51695c0af0b1f976a32d64dee243b2 ]
During cancel scan we might use vif that weren't scanning.
Fix this by using the actual scanning vif.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240119081501.25223-6-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/mac80211.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/mac80211.c b/drivers/net/wireless/realtek/rtw89/mac80211.c
index e70757e4dc2c1..8aed0d101bf3b 100644
--- a/drivers/net/wireless/realtek/rtw89/mac80211.c
+++ b/drivers/net/wireless/realtek/rtw89/mac80211.c
@@ -422,7 +422,7 @@ static void rtw89_ops_bss_info_changed(struct ieee80211_hw *hw,
* when disconnected by peer
*/
if (rtwdev->scanning)
- rtw89_hw_scan_abort(rtwdev, vif);
+ rtw89_hw_scan_abort(rtwdev, rtwdev->scan_info.scanning_vif);
}
}
@@ -971,7 +971,7 @@ static int rtw89_ops_remain_on_channel(struct ieee80211_hw *hw,
}
if (rtwdev->scanning)
- rtw89_hw_scan_abort(rtwdev, vif);
+ rtw89_hw_scan_abort(rtwdev, rtwdev->scan_info.scanning_vif);
if (type == IEEE80211_ROC_TYPE_MGMT_TX)
roc->state = RTW89_ROC_MGMT;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 003/114] bnx2x: Fix firmware version string character counts
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 001/114] wifi: ath9k: fix LNA selection in ath_ant_try_scan() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 002/114] wifi: rtw89: fix null pointer access when abort scan Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 004/114] batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Greg Kroah-Hartman
` (121 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Ariel Elior,
Sudarsana Kalluru, Manish Chopra, Kees Cook, Jakub Kicinski,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 5642c82b9463c3263c086efb002516244bd4c668 ]
A potential string truncation was reported in bnx2x_fill_fw_str(),
when a long bp->fw_ver and a long phy_fw_ver might coexist, but seems
unlikely with real-world hardware.
Use scnprintf() to indicate the intent that truncations are tolerated.
While reading this code, I found a collection of various buffer size
counting issues. None looked like they might lead to a buffer overflow
with current code (the small buffers are 20 bytes and might only ever
consume 10 bytes twice with a trailing %NUL). However, early truncation
(due to a %NUL in the middle of the string) might be happening under
likely rare conditions. Regardless fix the formatters and related
functions:
- Switch from a separate strscpy() to just adding an additional "%s" to
the format string that immediately follows it in bnx2x_fill_fw_str().
- Use sizeof() universally instead of using unbound defines.
- Fix bnx2x_7101_format_ver() and bnx2x_null_format_ver() to report the
number of characters written, not including the trailing %NUL (as
already done with the other firmware formatting functions).
- Require space for at least 1 byte in bnx2x_get_ext_phy_fw_version()
for the trailing %NUL.
- Correct the needed buffer size in bnx2x_3_seq_format_ver().
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202401260858.jZN6vD1k-lkp@intel.com/
Cc: Ariel Elior <aelior@marvell.com>
Cc: Sudarsana Kalluru <skalluru@marvell.com>
Cc: Manish Chopra <manishc@marvell.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20240126041044.work.220-kees@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 9 +++++----
.../net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c | 2 +-
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 14 +++++++-------
3 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
index e9c1e1bb55806..528441b28c4ef 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
@@ -147,10 +147,11 @@ void bnx2x_fill_fw_str(struct bnx2x *bp, char *buf, size_t buf_len)
phy_fw_ver[0] = '\0';
bnx2x_get_ext_phy_fw_version(&bp->link_params,
- phy_fw_ver, PHY_FW_VER_LEN);
- strscpy(buf, bp->fw_ver, buf_len);
- snprintf(buf + strlen(bp->fw_ver), 32 - strlen(bp->fw_ver),
- "bc %d.%d.%d%s%s",
+ phy_fw_ver, sizeof(phy_fw_ver));
+ /* This may become truncated. */
+ scnprintf(buf, buf_len,
+ "%sbc %d.%d.%d%s%s",
+ bp->fw_ver,
(bp->common.bc_ver & 0xff0000) >> 16,
(bp->common.bc_ver & 0xff00) >> 8,
(bp->common.bc_ver & 0xff),
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
index bda3ccc28eca6..f920976c36f0c 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
@@ -1132,7 +1132,7 @@ static void bnx2x_get_drvinfo(struct net_device *dev,
}
memset(version, 0, sizeof(version));
- bnx2x_fill_fw_str(bp, version, ETHTOOL_FWVERS_LEN);
+ bnx2x_fill_fw_str(bp, version, sizeof(version));
strlcat(info->fw_version, version, sizeof(info->fw_version));
strscpy(info->bus_info, pci_name(bp->pdev), sizeof(info->bus_info));
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
index 02808513ffe45..ea310057fe3af 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
@@ -6163,8 +6163,8 @@ static void bnx2x_link_int_ack(struct link_params *params,
static int bnx2x_null_format_ver(u32 spirom_ver, u8 *str, u16 *len)
{
- str[0] = '\0';
- (*len)--;
+ if (*len)
+ str[0] = '\0';
return 0;
}
@@ -6173,7 +6173,7 @@ static int bnx2x_format_ver(u32 num, u8 *str, u16 *len)
u16 ret;
if (*len < 10) {
- /* Need more than 10chars for this format */
+ /* Need more than 10 chars for this format */
bnx2x_null_format_ver(num, str, len);
return -EINVAL;
}
@@ -6188,8 +6188,8 @@ static int bnx2x_3_seq_format_ver(u32 num, u8 *str, u16 *len)
{
u16 ret;
- if (*len < 10) {
- /* Need more than 10chars for this format */
+ if (*len < 9) {
+ /* Need more than 9 chars for this format */
bnx2x_null_format_ver(num, str, len);
return -EINVAL;
}
@@ -6208,7 +6208,7 @@ int bnx2x_get_ext_phy_fw_version(struct link_params *params, u8 *version,
int status = 0;
u8 *ver_p = version;
u16 remain_len = len;
- if (version == NULL || params == NULL)
+ if (version == NULL || params == NULL || len == 0)
return -EINVAL;
bp = params->bp;
@@ -11546,7 +11546,7 @@ static int bnx2x_7101_format_ver(u32 spirom_ver, u8 *str, u16 *len)
str[2] = (spirom_ver & 0xFF0000) >> 16;
str[3] = (spirom_ver & 0xFF000000) >> 24;
str[4] = '\0';
- *len -= 5;
+ *len -= 4;
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 004/114] batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 003/114] bnx2x: Fix firmware version string character counts Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 005/114] batman-adv: Improve exception handling in batadv_throw_uevent() Greg Kroah-Hartman
` (120 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Markus Elfring, Sven Eckelmann,
Simon Wunderlich, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markus Elfring <elfring@users.sourceforge.net>
[ Upstream commit ffc15626c861f811f9778914be004fcf43810a91 ]
The kfree() function was called in one case by
the batadv_dat_forward_data() function during error handling
even if the passed variable contained a null pointer.
This issue was detected by using the Coccinelle software.
* Thus return directly after a batadv_dat_select_candidates() call failed
at the beginning.
* Delete the label “out” which became unnecessary with this refactoring.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/batman-adv/distributed-arp-table.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 28a939d560906..4c7e855343245 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -684,7 +684,7 @@ static bool batadv_dat_forward_data(struct batadv_priv *bat_priv,
cand = batadv_dat_select_candidates(bat_priv, ip, vid);
if (!cand)
- goto out;
+ return ret;
batadv_dbg(BATADV_DBG_DAT, bat_priv, "DHT_SEND for %pI4\n", &ip);
@@ -728,7 +728,6 @@ static bool batadv_dat_forward_data(struct batadv_priv *bat_priv,
batadv_orig_node_put(cand[i].orig_node);
}
-out:
kfree(cand);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 005/114] batman-adv: Improve exception handling in batadv_throw_uevent()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 004/114] batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 006/114] net: stmmac: dwmac-starfive: Add support for JH7100 SoC Greg Kroah-Hartman
` (119 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Markus Elfring, Sven Eckelmann,
Simon Wunderlich, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markus Elfring <elfring@users.sourceforge.net>
[ Upstream commit 5593e9abf1cf2bf096366d8c7fd933bc69d561ce ]
The kfree() function was called in up to three cases by
the batadv_throw_uevent() function during error handling
even if the passed variable contained a null pointer.
This issue was detected by using the Coccinelle software.
* Thus adjust jump targets.
* Reorder kfree() calls at the end.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/batman-adv/main.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c
index e8a4499155667..100e43f5e85aa 100644
--- a/net/batman-adv/main.c
+++ b/net/batman-adv/main.c
@@ -688,29 +688,31 @@ int batadv_throw_uevent(struct batadv_priv *bat_priv, enum batadv_uev_type type,
"%s%s", BATADV_UEV_TYPE_VAR,
batadv_uev_type_str[type]);
if (!uevent_env[0])
- goto out;
+ goto report_error;
uevent_env[1] = kasprintf(GFP_ATOMIC,
"%s%s", BATADV_UEV_ACTION_VAR,
batadv_uev_action_str[action]);
if (!uevent_env[1])
- goto out;
+ goto free_first_env;
/* If the event is DEL, ignore the data field */
if (action != BATADV_UEV_DEL) {
uevent_env[2] = kasprintf(GFP_ATOMIC,
"%s%s", BATADV_UEV_DATA_VAR, data);
if (!uevent_env[2])
- goto out;
+ goto free_second_env;
}
ret = kobject_uevent_env(bat_kobj, KOBJ_CHANGE, uevent_env);
-out:
- kfree(uevent_env[0]);
- kfree(uevent_env[1]);
kfree(uevent_env[2]);
+free_second_env:
+ kfree(uevent_env[1]);
+free_first_env:
+ kfree(uevent_env[0]);
if (ret)
+report_error:
batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
"Impossible to send uevent for (%s,%s,%s) event (err: %d)\n",
batadv_uev_type_str[type],
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 006/114] net: stmmac: dwmac-starfive: Add support for JH7100 SoC
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 005/114] batman-adv: Improve exception handling in batadv_throw_uevent() Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 007/114] net: phy: phy_device: Prevent nullptr exceptions on ISR Greg Kroah-Hartman
` (118 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Emil Renner Berthing,
Cristian Ciocaltea, Jacob Keller, Andrew Lunn, David S. Miller,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
[ Upstream commit 8d4597b871210429bda0f5c3a8816b7d9b6daf7e ]
Add a missing quirk to enable support for the StarFive JH7100 SoC.
Additionally, for greater flexibility in operation, allow using the
rgmii-rxid and rgmii-txid phy modes.
Co-developed-by: Emil Renner Berthing <kernel@esmil.dk>
Signed-off-by: Emil Renner Berthing <kernel@esmil.dk>
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/Kconfig | 6 ++--
.../ethernet/stmicro/stmmac/dwmac-starfive.c | 32 ++++++++++++++++---
2 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/Kconfig b/drivers/net/ethernet/stmicro/stmmac/Kconfig
index 25f2d42de406d..92d7d5a00b84c 100644
--- a/drivers/net/ethernet/stmicro/stmmac/Kconfig
+++ b/drivers/net/ethernet/stmicro/stmmac/Kconfig
@@ -165,9 +165,9 @@ config DWMAC_STARFIVE
help
Support for ethernet controllers on StarFive RISC-V SoCs
- This selects the StarFive platform specific glue layer support for
- the stmmac device driver. This driver is used for StarFive JH7110
- ethernet controller.
+ This selects the StarFive platform specific glue layer support
+ for the stmmac device driver. This driver is used for the
+ StarFive JH7100 and JH7110 ethernet controllers.
config DWMAC_STI
tristate "STi GMAC support"
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c
index 9289bb87c3e3a..0c713257193de 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-starfive.c
@@ -15,13 +15,20 @@
#include "stmmac_platform.h"
-#define STARFIVE_DWMAC_PHY_INFT_RGMII 0x1
-#define STARFIVE_DWMAC_PHY_INFT_RMII 0x4
-#define STARFIVE_DWMAC_PHY_INFT_FIELD 0x7U
+#define STARFIVE_DWMAC_PHY_INFT_RGMII 0x1
+#define STARFIVE_DWMAC_PHY_INFT_RMII 0x4
+#define STARFIVE_DWMAC_PHY_INFT_FIELD 0x7U
+
+#define JH7100_SYSMAIN_REGISTER49_DLYCHAIN 0xc8
+
+struct starfive_dwmac_data {
+ unsigned int gtxclk_dlychain;
+};
struct starfive_dwmac {
struct device *dev;
struct clk *clk_tx;
+ const struct starfive_dwmac_data *data;
};
static void starfive_dwmac_fix_mac_speed(void *priv, unsigned int speed, unsigned int mode)
@@ -67,6 +74,8 @@ static int starfive_dwmac_set_mode(struct plat_stmmacenet_data *plat_dat)
case PHY_INTERFACE_MODE_RGMII:
case PHY_INTERFACE_MODE_RGMII_ID:
+ case PHY_INTERFACE_MODE_RGMII_RXID:
+ case PHY_INTERFACE_MODE_RGMII_TXID:
mode = STARFIVE_DWMAC_PHY_INFT_RGMII;
break;
@@ -89,6 +98,14 @@ static int starfive_dwmac_set_mode(struct plat_stmmacenet_data *plat_dat)
if (err)
return dev_err_probe(dwmac->dev, err, "error setting phy mode\n");
+ if (dwmac->data) {
+ err = regmap_write(regmap, JH7100_SYSMAIN_REGISTER49_DLYCHAIN,
+ dwmac->data->gtxclk_dlychain);
+ if (err)
+ return dev_err_probe(dwmac->dev, err,
+ "error selecting gtxclk delay chain\n");
+ }
+
return 0;
}
@@ -114,6 +131,8 @@ static int starfive_dwmac_probe(struct platform_device *pdev)
if (!dwmac)
return -ENOMEM;
+ dwmac->data = device_get_match_data(&pdev->dev);
+
dwmac->clk_tx = devm_clk_get_enabled(&pdev->dev, "tx");
if (IS_ERR(dwmac->clk_tx))
return dev_err_probe(&pdev->dev, PTR_ERR(dwmac->clk_tx),
@@ -150,8 +169,13 @@ static int starfive_dwmac_probe(struct platform_device *pdev)
return 0;
}
+static const struct starfive_dwmac_data jh7100_data = {
+ .gtxclk_dlychain = 4,
+};
+
static const struct of_device_id starfive_dwmac_match[] = {
- { .compatible = "starfive,jh7110-dwmac" },
+ { .compatible = "starfive,jh7100-dwmac", .data = &jh7100_data },
+ { .compatible = "starfive,jh7110-dwmac" },
{ /* sentinel */ }
};
MODULE_DEVICE_TABLE(of, starfive_dwmac_match);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 007/114] net: phy: phy_device: Prevent nullptr exceptions on ISR
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 006/114] net: stmmac: dwmac-starfive: Add support for JH7100 SoC Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 008/114] wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Greg Kroah-Hartman
` (117 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Andre Werner, Andrew Lunn,
Jakub Kicinski, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andre Werner <andre.werner@systec-electronic.com>
[ Upstream commit 61c81872815f46006982bb80460c0c80a949b35b ]
If phydev->irq is set unconditionally, check
for valid interrupt handler or fall back to polling mode to prevent
nullptr exceptions in interrupt service routine.
Signed-off-by: Andre Werner <andre.werner@systec-electronic.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20240129135734.18975-2-andre.werner@systec-electronic.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/phy/phy_device.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c
index 813b753e21dec..c895cd178e6a1 100644
--- a/drivers/net/phy/phy_device.c
+++ b/drivers/net/phy/phy_device.c
@@ -1411,6 +1411,11 @@ int phy_sfp_probe(struct phy_device *phydev,
}
EXPORT_SYMBOL(phy_sfp_probe);
+static bool phy_drv_supports_irq(struct phy_driver *phydrv)
+{
+ return phydrv->config_intr && phydrv->handle_interrupt;
+}
+
/**
* phy_attach_direct - attach a network device to a given PHY device pointer
* @dev: network device to attach
@@ -1525,6 +1530,9 @@ int phy_attach_direct(struct net_device *dev, struct phy_device *phydev,
if (phydev->dev_flags & PHY_F_NO_IRQ)
phydev->irq = PHY_POLL;
+ if (!phy_drv_supports_irq(phydev->drv) && phy_interrupt_is_valid(phydev))
+ phydev->irq = PHY_POLL;
+
/* Port is set to PORT_TP by default and the actual PHY driver will set
* it to different value depending on the PHY configuration. If we have
* the generic PHY driver we can't figure it out, thus set the old
@@ -2987,11 +2995,6 @@ s32 phy_get_internal_delay(struct phy_device *phydev, struct device *dev,
}
EXPORT_SYMBOL(phy_get_internal_delay);
-static bool phy_drv_supports_irq(struct phy_driver *phydrv)
-{
- return phydrv->config_intr && phydrv->handle_interrupt;
-}
-
static int phy_led_set_brightness(struct led_classdev *led_cdev,
enum led_brightness value)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 008/114] wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 007/114] net: phy: phy_device: Prevent nullptr exceptions on ISR Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 009/114] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Greg Kroah-Hartman
` (116 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Ping-Ke Shih, Kalle Valo,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ping-Ke Shih <pkshih@realtek.com>
[ Upstream commit c108b4a50dd7650941d4f4ec5c161655a73711db ]
Hardware puts RX descriptor and packet in RX DMA buffer, so it could be
over one buffer size if packet size is 11454, and then it will be split
into two segments. WiFi 7 chips use larger size of RX descriptor, so
enlarge DMA buffer size according to RX descriptor to have better
performance and simple flow.
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240121071826.10159-5-pkshih@realtek.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtw89/pci.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtw89/pci.h b/drivers/net/wireless/realtek/rtw89/pci.h
index 2f3d1ad3b0f7d..4259b79b138fb 100644
--- a/drivers/net/wireless/realtek/rtw89/pci.h
+++ b/drivers/net/wireless/realtek/rtw89/pci.h
@@ -559,7 +559,7 @@
#define RTW89_PCI_TXWD_NUM_MAX 512
#define RTW89_PCI_TXWD_PAGE_SIZE 128
#define RTW89_PCI_ADDRINFO_MAX 4
-#define RTW89_PCI_RX_BUF_SIZE 11460
+#define RTW89_PCI_RX_BUF_SIZE (11454 + 40) /* +40 for rtw89_rxdesc_long_v2 */
#define RTW89_PCI_POLL_BDRAM_RST_CNT 100
#define RTW89_PCI_MULTITAG 8
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 009/114] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 008/114] wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 010/114] wifi: iwlwifi: pcie: Add the PCI device id for new hardware Greg Kroah-Hartman
` (115 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, syzkaller, Vegard Nossum,
Gustavo A. R. Silva, Harshit Mogalapalli, Kees Cook,
Dan Carpenter, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
[ Upstream commit 19b070fefd0d024af3daa7329cbc0d00de5302ec ]
Syzkaller hit 'WARNING in dg_dispatch_as_host' bug.
memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg"
at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24)
WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237
dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237
Some code commentry, based on my understanding:
544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)->payload_size)
/// This is 24 + payload_size
memcpy(&dg_info->msg, dg, dg_size);
Destination = dg_info->msg ---> this is a 24 byte
structure(struct vmci_datagram)
Source = dg --> this is a 24 byte structure (struct vmci_datagram)
Size = dg_size = 24 + payload_size
{payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32.
35 struct delayed_datagram_info {
36 struct datagram_entry *entry;
37 struct work_struct work;
38 bool in_dg_host_queue;
39 /* msg and msg_payload must be together. */
40 struct vmci_datagram msg;
41 u8 msg_payload[];
42 };
So those extra bytes of payload are copied into msg_payload[], a run time
warning is seen while fuzzing with Syzkaller.
One possible way to fix the warning is to split the memcpy() into
two parts -- one -- direct assignment of msg and second taking care of payload.
Gustavo quoted:
"Under FORTIFY_SOURCE we should not copy data across multiple members
in a structure."
Reported-by: syzkaller <syzkaller@googlegroups.com>
Suggested-by: Vegard Nossum <vegard.nossum@oracle.com>
Suggested-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/20240105164001.2129796-2-harshit.m.mogalapalli@oracle.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/misc/vmw_vmci/vmci_datagram.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/vmw_vmci/vmci_datagram.c b/drivers/misc/vmw_vmci/vmci_datagram.c
index f50d22882476f..d1d8224c8800c 100644
--- a/drivers/misc/vmw_vmci/vmci_datagram.c
+++ b/drivers/misc/vmw_vmci/vmci_datagram.c
@@ -234,7 +234,8 @@ static int dg_dispatch_as_host(u32 context_id, struct vmci_datagram *dg)
dg_info->in_dg_host_queue = true;
dg_info->entry = dst_entry;
- memcpy(&dg_info->msg, dg, dg_size);
+ dg_info->msg = *dg;
+ memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size);
INIT_WORK(&dg_info->work, dg_delayed_dispatch);
schedule_work(&dg_info->work);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 010/114] wifi: iwlwifi: pcie: Add the PCI device id for new hardware
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 009/114] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 011/114] printk: For @suppress_panic_printk check for other CPU in panic Greg Kroah-Hartman
` (114 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mukesh Sisodiya, Gregory Greenman,
Miri Korenblit, Johannes Berg, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
[ Upstream commit 6770eee75148ba10c0c051885379714773e00b48 ]
Add the support for a new PCI device id.
Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Reviewed-by: Gregory Greenman <gregory.greenman@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240129211905.fde32107e0a3.I597cff4f340e4bed12b7568a0ad504bd4b2c1cf8@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
index bc83d2ba55c67..dea4d6478b4f4 100644
--- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c
@@ -502,6 +502,7 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
/* Bz devices */
{IWL_PCI_DEVICE(0x2727, PCI_ANY_ID, iwl_bz_trans_cfg)},
+ {IWL_PCI_DEVICE(0x272D, PCI_ANY_ID, iwl_bz_trans_cfg)},
{IWL_PCI_DEVICE(0x272b, PCI_ANY_ID, iwl_bz_trans_cfg)},
{IWL_PCI_DEVICE(0xA840, PCI_ANY_ID, iwl_bz_trans_cfg)},
{IWL_PCI_DEVICE(0x7740, PCI_ANY_ID, iwl_bz_trans_cfg)},
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 011/114] printk: For @suppress_panic_printk check for other CPU in panic
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 010/114] wifi: iwlwifi: pcie: Add the PCI device id for new hardware Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 012/114] panic: Flush kernel log buffer at the end Greg Kroah-Hartman
` (113 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, John Ogness, Petr Mladek,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit 0ab7cdd00491b532591ef065be706301de7e448f ]
Currently @suppress_panic_printk is checked along with
non-matching @panic_cpu and current CPU. This works
because @suppress_panic_printk is only set when
panic_in_progress() is true.
Rather than relying on the @suppress_panic_printk semantics,
use the concise helper function other_cpu_in_progress(). The
helper function exists to avoid open coding such tests.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20240207134103.1357162-7-john.ogness@linutronix.de
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/printk/printk.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 35d32d66fb114..0fca282c0a254 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -2309,8 +2309,7 @@ asmlinkage int vprintk_emit(int facility, int level,
if (unlikely(suppress_printk))
return 0;
- if (unlikely(suppress_panic_printk) &&
- atomic_read(&panic_cpu) != raw_smp_processor_id())
+ if (unlikely(suppress_panic_printk) && other_cpu_in_panic())
return 0;
if (level == LOGLEVEL_SCHED) {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 012/114] panic: Flush kernel log buffer at the end
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 011/114] printk: For @suppress_panic_printk check for other CPU in panic Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 013/114] cpuidle: Avoid potential overflow in integer multiplication Greg Kroah-Hartman
` (112 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, John Ogness, Petr Mladek,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit d988d9a9b9d180bfd5c1d353b3b176cb90d6861b ]
If the kernel crashes in a context where printk() calls always
defer printing (such as in NMI or inside a printk_safe section)
then the final panic messages will be deferred to irq_work. But
if irq_work is not available, the messages will not get printed
unless explicitly flushed. The result is that the final
"end Kernel panic" banner does not get printed.
Add one final flush after the last printk() call to make sure
the final panic messages make it out as well.
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20240207134103.1357162-14-john.ogness@linutronix.de
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/panic.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/kernel/panic.c b/kernel/panic.c
index ffa037fa777d5..ef9f9a4e928de 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -442,6 +442,14 @@ void panic(const char *fmt, ...)
/* Do not scroll important messages printed above */
suppress_printk = 1;
+
+ /*
+ * The final messages may not have been printed if in a context that
+ * defers printing (such as NMI) and irq_work is not available.
+ * Explicitly flush the kernel log buffer one last time.
+ */
+ console_flush_on_panic(CONSOLE_FLUSH_PENDING);
+
local_irq_enable();
for (i = 0; ; i += PANIC_TIMER_STEP) {
touch_softlockup_watchdog();
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 013/114] cpuidle: Avoid potential overflow in integer multiplication
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 012/114] panic: Flush kernel log buffer at the end Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 014/114] ARM: dts: rockchip: fix rk3288 hdmi ports node Greg Kroah-Hartman
` (111 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, C Cheng, Bo Ye,
AngeloGioacchino Del Regno, Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: C Cheng <C.Cheng@mediatek.com>
[ Upstream commit 88390dd788db485912ee7f9a8d3d56fc5265d52f ]
In detail:
In C language, when you perform a multiplication operation, if
both operands are of int type, the multiplication operation is
performed on the int type, and then the result is converted to
the target type. This means that if the product of int type
multiplication exceeds the range that int type can represent,
an overflow will occur even if you store the result in a
variable of int64_t type.
For a multiplication of two int values, it is better to use
mul_u32_u32() rather than s->exit_latency_ns = s->exit_latency *
NSEC_PER_USEC to avoid potential overflow happenning.
Signed-off-by: C Cheng <C.Cheng@mediatek.com>
Signed-off-by: Bo Ye <bo.ye@mediatek.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
[ rjw: New subject ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpuidle/driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/cpuidle/driver.c b/drivers/cpuidle/driver.c
index d9cda7f6ccb98..cf5873cc45dc8 100644
--- a/drivers/cpuidle/driver.c
+++ b/drivers/cpuidle/driver.c
@@ -16,6 +16,7 @@
#include <linux/cpumask.h>
#include <linux/tick.h>
#include <linux/cpu.h>
+#include <linux/math64.h>
#include "cpuidle.h"
@@ -187,7 +188,7 @@ static void __cpuidle_driver_init(struct cpuidle_driver *drv)
s->target_residency = div_u64(s->target_residency_ns, NSEC_PER_USEC);
if (s->exit_latency > 0)
- s->exit_latency_ns = s->exit_latency * NSEC_PER_USEC;
+ s->exit_latency_ns = mul_u32_u32(s->exit_latency, NSEC_PER_USEC);
else if (s->exit_latency_ns < 0)
s->exit_latency_ns = 0;
else
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 014/114] ARM: dts: rockchip: fix rk3288 hdmi ports node
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 013/114] cpuidle: Avoid potential overflow in integer multiplication Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 015/114] ARM: dts: rockchip: fix rk322x " Greg Kroah-Hartman
` (110 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Jonker, Heiko Stuebner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit 585e4dc07100a6465b3da8d24e46188064c1c925 ]
Fix rk3288 hdmi ports node so that it matches the
rockchip,dw-hdmi.yaml binding with some reordering
to align with the (new) documentation about
property ordering.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/cc3a9b4f-076d-4660-b464-615003b6a066@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/rockchip/rk3288.dtsi | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/arch/arm/boot/dts/rockchip/rk3288.dtsi b/arch/arm/boot/dts/rockchip/rk3288.dtsi
index cb9cdaddffd42..8593a83599376 100644
--- a/arch/arm/boot/dts/rockchip/rk3288.dtsi
+++ b/arch/arm/boot/dts/rockchip/rk3288.dtsi
@@ -1231,27 +1231,37 @@ hdmi: hdmi@ff980000 {
compatible = "rockchip,rk3288-dw-hdmi";
reg = <0x0 0xff980000 0x0 0x20000>;
reg-io-width = <4>;
- #sound-dai-cells = <0>;
- rockchip,grf = <&grf>;
interrupts = <GIC_SPI 103 IRQ_TYPE_LEVEL_HIGH>;
clocks = <&cru PCLK_HDMI_CTRL>, <&cru SCLK_HDMI_HDCP>, <&cru SCLK_HDMI_CEC>;
clock-names = "iahb", "isfr", "cec";
power-domains = <&power RK3288_PD_VIO>;
+ rockchip,grf = <&grf>;
+ #sound-dai-cells = <0>;
status = "disabled";
ports {
- hdmi_in: port {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ hdmi_in: port@0 {
+ reg = <0>;
#address-cells = <1>;
#size-cells = <0>;
+
hdmi_in_vopb: endpoint@0 {
reg = <0>;
remote-endpoint = <&vopb_out_hdmi>;
};
+
hdmi_in_vopl: endpoint@1 {
reg = <1>;
remote-endpoint = <&vopl_out_hdmi>;
};
};
+
+ hdmi_out: port@1 {
+ reg = <1>;
+ };
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 015/114] ARM: dts: rockchip: fix rk322x hdmi ports node
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 014/114] ARM: dts: rockchip: fix rk3288 hdmi ports node Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 016/114] arm64: dts: rockchip: fix rk3328 " Greg Kroah-Hartman
` (109 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Jonker, Heiko Stuebner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit 15a5ed03000cf61daf87d14628085cb1bc8ae72c ]
Fix rk322x hdmi ports node so that it matches the
rockchip,dw-hdmi.yaml binding.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/9b84adf0-9312-47fd-becc-cadd06941f70@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/rockchip/rk322x.dtsi | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/arch/arm/boot/dts/rockchip/rk322x.dtsi b/arch/arm/boot/dts/rockchip/rk322x.dtsi
index ffc16d6b97e1b..03d9baddcbaba 100644
--- a/arch/arm/boot/dts/rockchip/rk322x.dtsi
+++ b/arch/arm/boot/dts/rockchip/rk322x.dtsi
@@ -732,14 +732,20 @@ hdmi: hdmi@200a0000 {
status = "disabled";
ports {
- hdmi_in: port {
- #address-cells = <1>;
- #size-cells = <0>;
- hdmi_in_vop: endpoint@0 {
- reg = <0>;
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ hdmi_in: port@0 {
+ reg = <0>;
+
+ hdmi_in_vop: endpoint {
remote-endpoint = <&vop_out_hdmi>;
};
};
+
+ hdmi_out: port@1 {
+ reg = <1>;
+ };
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 016/114] arm64: dts: rockchip: fix rk3328 hdmi ports node
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 015/114] ARM: dts: rockchip: fix rk322x " Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 017/114] arm64: dts: rockchip: fix rk3399 " Greg Kroah-Hartman
` (108 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Jonker, Heiko Stuebner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit 1d00ba4700d1e0f88ae70d028d2e17e39078fa1c ]
Fix rk3328 hdmi ports node so that it matches the
rockchip,dw-hdmi.yaml binding.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/e5dea3b7-bf84-4474-9530-cc2da3c41104@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3328.dtsi | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
index cc8209795c3e5..3778fe5c42a4b 100644
--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
@@ -743,11 +743,20 @@ hdmi: hdmi@ff3c0000 {
status = "disabled";
ports {
- hdmi_in: port {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ hdmi_in: port@0 {
+ reg = <0>;
+
hdmi_in_vop: endpoint {
remote-endpoint = <&vop_out_hdmi>;
};
};
+
+ hdmi_out: port@1 {
+ reg = <1>;
+ };
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 017/114] arm64: dts: rockchip: fix rk3399 hdmi ports node
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 016/114] arm64: dts: rockchip: fix rk3328 " Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 018/114] net: add netdev_lockdep_set_classes() to virtual drivers Greg Kroah-Hartman
` (107 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Jonker, Heiko Stuebner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Jonker <jbx6244@gmail.com>
[ Upstream commit f051b6ace7ffcc48d6d1017191f167c0a85799f6 ]
Fix rk3399 hdmi ports node so that it matches the
rockchip,dw-hdmi.yaml binding.
Signed-off-by: Johan Jonker <jbx6244@gmail.com>
Link: https://lore.kernel.org/r/a6ab6f75-3b80-40b1-bd30-3113e14becdd@gmail.com
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/rockchip/rk3399.dtsi | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
index 4a3d0af5ecfe2..fb1ea84c2b14f 100644
--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
@@ -1953,6 +1953,7 @@ simple-audio-card,codec {
hdmi: hdmi@ff940000 {
compatible = "rockchip,rk3399-dw-hdmi";
reg = <0x0 0xff940000 0x0 0x20000>;
+ reg-io-width = <4>;
interrupts = <GIC_SPI 23 IRQ_TYPE_LEVEL_HIGH 0>;
clocks = <&cru PCLK_HDMI_CTRL>,
<&cru SCLK_HDMI_SFR>,
@@ -1961,13 +1962,16 @@ hdmi: hdmi@ff940000 {
<&cru PLL_VPLL>;
clock-names = "iahb", "isfr", "cec", "grf", "ref";
power-domains = <&power RK3399_PD_HDCP>;
- reg-io-width = <4>;
rockchip,grf = <&grf>;
#sound-dai-cells = <0>;
status = "disabled";
ports {
- hdmi_in: port {
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ hdmi_in: port@0 {
+ reg = <0>;
#address-cells = <1>;
#size-cells = <0>;
@@ -1980,6 +1984,10 @@ hdmi_in_vopl: endpoint@1 {
remote-endpoint = <&vopl_out_hdmi>;
};
};
+
+ hdmi_out: port@1 {
+ reg = <1>;
+ };
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 018/114] net: add netdev_lockdep_set_classes() to virtual drivers
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 017/114] arm64: dts: rockchip: fix rk3399 " Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 019/114] pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Greg Kroah-Hartman
` (106 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Eric Dumazet, Jakub Kicinski,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 0bef512012b1cd8820f0c9ec80e5f8ceb43fdd59 ]
Based on a syzbot report, it appears many virtual
drivers do not yet use netdev_lockdep_set_classes(),
triggerring lockdep false positives.
WARNING: possible recursive locking detected
6.8.0-rc4-next-20240212-syzkaller #0 Not tainted
syz-executor.0/19016 is trying to acquire lock:
ffff8880162cb298 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff8880162cb298 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4452 [inline]
ffff8880162cb298 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 net/sched/sch_generic.c:340
but task is already holding lock:
ffff8880223db4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff8880223db4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4452 [inline]
ffff8880223db4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 net/sched/sch_generic.c:340
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(_xmit_ETHER#2);
lock(_xmit_ETHER#2);
*** DEADLOCK ***
May be due to missing lock nesting notation
9 locks held by syz-executor.0/19016:
#0: ffffffff8f385208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
#0: ffffffff8f385208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 net/core/rtnetlink.c:6603
#1: ffffc90000a08c00 ((&in_dev->mr_ifc_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x600 kernel/time/timer.c:1697
#2: ffffffff8e131520 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#2: ffffffff8e131520 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#2: ffffffff8e131520 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x45f/0x1360 net/ipv4/ip_output.c:228
#3: ffffffff8e131580 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#3: ffffffff8e131580 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:802 [inline]
#3: ffffffff8e131580 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2c4/0x3b10 net/core/dev.c:4284
#4: ffff8880416e3258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:361 [inline]
#4: ffff8880416e3258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:195 [inline]
#4: ffff8880416e3258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3771 [inline]
#4: ffff8880416e3258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x1262/0x3b10 net/core/dev.c:4325
#5: ffff8880223db4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#5: ffff8880223db4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4452 [inline]
#5: ffff8880223db4d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 net/sched/sch_generic.c:340
#6: ffffffff8e131520 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
#6: ffffffff8e131520 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
#6: ffffffff8e131520 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x45f/0x1360 net/ipv4/ip_output.c:228
#7: ffffffff8e131580 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#7: ffffffff8e131580 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:802 [inline]
#7: ffffffff8e131580 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2c4/0x3b10 net/core/dev.c:4284
#8: ffff888014d9d258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:361 [inline]
#8: ffff888014d9d258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:195 [inline]
#8: ffff888014d9d258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3771 [inline]
#8: ffff888014d9d258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x1262/0x3b10 net/core/dev.c:4325
stack backtrace:
CPU: 1 PID: 19016 Comm: syz-executor.0 Not tainted 6.8.0-rc4-next-20240212-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
check_deadlock kernel/locking/lockdep.c:3062 [inline]
validate_chain+0x15c1/0x58e0 kernel/locking/lockdep.c:3856
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
__netif_tx_lock include/linux/netdevice.h:4452 [inline]
sch_direct_xmit+0x1c4/0x5f0 net/sched/sch_generic.c:340
__dev_xmit_skb net/core/dev.c:3784 [inline]
__dev_queue_xmit+0x1912/0x3b10 net/core/dev.c:4325
neigh_output include/net/neighbour.h:542 [inline]
ip_finish_output2+0xe66/0x1360 net/ipv4/ip_output.c:235
iptunnel_xmit+0x540/0x9b0 net/ipv4/ip_tunnel_core.c:82
ip_tunnel_xmit+0x20ee/0x2960 net/ipv4/ip_tunnel.c:831
erspan_xmit+0x9de/0x1460 net/ipv4/ip_gre.c:720
__netdev_start_xmit include/linux/netdevice.h:4989 [inline]
netdev_start_xmit include/linux/netdevice.h:5003 [inline]
xmit_one net/core/dev.c:3555 [inline]
dev_hard_start_xmit+0x242/0x770 net/core/dev.c:3571
sch_direct_xmit+0x2b6/0x5f0 net/sched/sch_generic.c:342
__dev_xmit_skb net/core/dev.c:3784 [inline]
__dev_queue_xmit+0x1912/0x3b10 net/core/dev.c:4325
neigh_output include/net/neighbour.h:542 [inline]
ip_finish_output2+0xe66/0x1360 net/ipv4/ip_output.c:235
igmpv3_send_cr net/ipv4/igmp.c:723 [inline]
igmp_ifc_timer_expire+0xb71/0xd90 net/ipv4/igmp.c:813
call_timer_fn+0x17e/0x600 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1751 [inline]
__run_timers+0x621/0x830 kernel/time/timer.c:2038
run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2051
__do_softirq+0x2bc/0x943 kernel/softirq.c:554
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf2/0x1c0 kernel/softirq.c:633
irq_exit_rcu+0x9/0x30 kernel/softirq.c:645
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1076 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1076
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:resched_offsets_ok kernel/sched/core.c:10127 [inline]
RIP: 0010:__might_resched+0x16f/0x780 kernel/sched/core.c:10142
Code: 00 4c 89 e8 48 c1 e8 03 48 ba 00 00 00 00 00 fc ff df 48 89 44 24 38 0f b6 04 10 84 c0 0f 85 87 04 00 00 41 8b 45 00 c1 e0 08 <01> d8 44 39 e0 0f 85 d6 00 00 00 44 89 64 24 1c 48 8d bc 24 a0 00
RSP: 0018:ffffc9000ee069e0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8880296a9e00
RDX: dffffc0000000000 RSI: ffff8880296a9e00 RDI: ffffffff8bfe8fa0
RBP: ffffc9000ee06b00 R08: ffffffff82326877 R09: 1ffff11002b5ad1b
R10: dffffc0000000000 R11: ffffed1002b5ad1c R12: 0000000000000000
R13: ffff8880296aa23c R14: 000000000000062a R15: 1ffff92001dc0d44
down_write+0x19/0x50 kernel/locking/rwsem.c:1578
kernfs_activate fs/kernfs/dir.c:1403 [inline]
kernfs_add_one+0x4af/0x8b0 fs/kernfs/dir.c:819
__kernfs_create_file+0x22e/0x2e0 fs/kernfs/file.c:1056
sysfs_add_file_mode_ns+0x24a/0x310 fs/sysfs/file.c:307
create_files fs/sysfs/group.c:64 [inline]
internal_create_group+0x4f4/0xf20 fs/sysfs/group.c:152
internal_create_groups fs/sysfs/group.c:192 [inline]
sysfs_create_groups+0x56/0x120 fs/sysfs/group.c:218
create_dir lib/kobject.c:78 [inline]
kobject_add_internal+0x472/0x8d0 lib/kobject.c:240
kobject_add_varg lib/kobject.c:374 [inline]
kobject_init_and_add+0x124/0x190 lib/kobject.c:457
netdev_queue_add_kobject net/core/net-sysfs.c:1706 [inline]
netdev_queue_update_kobjects+0x1f3/0x480 net/core/net-sysfs.c:1758
register_queue_kobjects net/core/net-sysfs.c:1819 [inline]
netdev_register_kobject+0x265/0x310 net/core/net-sysfs.c:2059
register_netdevice+0x1191/0x19c0 net/core/dev.c:10298
bond_newlink+0x3b/0x90 drivers/net/bonding/bond_netlink.c:576
rtnl_newlink_create net/core/rtnetlink.c:3506 [inline]
__rtnl_newlink net/core/rtnetlink.c:3726 [inline]
rtnl_newlink+0x158f/0x20a0 net/core/rtnetlink.c:3739
rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6606
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
netlink_sendmsg+0xa3c/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
__sys_sendto+0x3a4/0x4f0 net/socket.c:2191
__do_sys_sendto net/socket.c:2203 [inline]
__se_sys_sendto net/socket.c:2199 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2199
do_syscall_64+0xfb/0x240
entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fc3fa87fa9c
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20240212140700.2795436-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dummy.c | 1 +
drivers/net/geneve.c | 1 +
drivers/net/loopback.c | 1 +
drivers/net/veth.c | 1 +
drivers/net/vxlan/vxlan_core.c | 1 +
net/ipv4/ip_tunnel.c | 1 +
net/ipv6/ip6_gre.c | 2 ++
net/ipv6/ip6_tunnel.c | 1 +
net/ipv6/ip6_vti.c | 1 +
net/ipv6/sit.c | 1 +
10 files changed, 11 insertions(+)
diff --git a/drivers/net/dummy.c b/drivers/net/dummy.c
index c4b1b0aa438ac..5560cf683eb73 100644
--- a/drivers/net/dummy.c
+++ b/drivers/net/dummy.c
@@ -71,6 +71,7 @@ static int dummy_dev_init(struct net_device *dev)
if (!dev->lstats)
return -ENOMEM;
+ netdev_lockdep_set_classes(dev);
return 0;
}
diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 9566fda8b2e2e..0204ac92b05ab 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -349,6 +349,7 @@ static int geneve_init(struct net_device *dev)
gro_cells_destroy(&geneve->gro_cells);
return err;
}
+ netdev_lockdep_set_classes(dev);
return 0;
}
diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
index f6d53e63ef4ec..f6eab66c26608 100644
--- a/drivers/net/loopback.c
+++ b/drivers/net/loopback.c
@@ -144,6 +144,7 @@ static int loopback_dev_init(struct net_device *dev)
dev->lstats = netdev_alloc_pcpu_stats(struct pcpu_lstats);
if (!dev->lstats)
return -ENOMEM;
+ netdev_lockdep_set_classes(dev);
return 0;
}
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 5cdb77e861c0e..7767b6ff5a155 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -1475,6 +1475,7 @@ static void veth_free_queues(struct net_device *dev)
static int veth_dev_init(struct net_device *dev)
{
+ netdev_lockdep_set_classes(dev);
return veth_alloc_queues(dev);
}
diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 5b5597073b004..99ede13124194 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -2960,6 +2960,7 @@ static int vxlan_init(struct net_device *dev)
if (err)
goto err_gro_cells_destroy;
+ netdev_lockdep_set_classes(dev);
return 0;
err_gro_cells_destroy:
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index b1b6dcf2161fb..acf93f34a8213 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -1298,6 +1298,7 @@ int ip_tunnel_init(struct net_device *dev)
if (tunnel->collect_md)
netif_keep_dst(dev);
+ netdev_lockdep_set_classes(dev);
return 0;
}
EXPORT_SYMBOL_GPL(ip_tunnel_init);
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 26c3287beb29c..289b83347d9d5 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1514,6 +1514,7 @@ static int ip6gre_tunnel_init_common(struct net_device *dev)
ip6gre_tnl_init_features(dev);
netdev_hold(dev, &tunnel->dev_tracker, GFP_KERNEL);
+ netdev_lockdep_set_classes(dev);
return 0;
cleanup_dst_cache_init:
@@ -1906,6 +1907,7 @@ static int ip6erspan_tap_init(struct net_device *dev)
ip6erspan_tnl_link_config(tunnel, 1);
netdev_hold(dev, &tunnel->dev_tracker, GFP_KERNEL);
+ netdev_lockdep_set_classes(dev);
return 0;
cleanup_dst_cache_init:
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 9bbabf750a21e..70478027a7af7 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1898,6 +1898,7 @@ ip6_tnl_dev_init_gen(struct net_device *dev)
dev->max_mtu = IP6_MAX_MTU - dev->hard_header_len;
netdev_hold(dev, &t->dev_tracker, GFP_KERNEL);
+ netdev_lockdep_set_classes(dev);
return 0;
destroy_dst:
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 73c85d4e0e9cd..04e4368fe4655 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -935,6 +935,7 @@ static inline int vti6_dev_init_gen(struct net_device *dev)
if (!dev->tstats)
return -ENOMEM;
netdev_hold(dev, &t->dev_tracker, GFP_KERNEL);
+ netdev_lockdep_set_classes(dev);
return 0;
}
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index cc24cefdb85c0..eb4c8e2a2b12e 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1460,6 +1460,7 @@ static int ipip6_tunnel_init(struct net_device *dev)
return err;
}
netdev_hold(dev, &tunnel->dev_tracker, GFP_KERNEL);
+ netdev_lockdep_set_classes(dev);
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 019/114] pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 018/114] net: add netdev_lockdep_set_classes() to virtual drivers Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 020/114] pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Greg Kroah-Hartman
` (105 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Kunwu Chan, Ulf Hansson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kunwu Chan <chentao@kylinos.cn>
[ Upstream commit 5d7f58ee08434a33340f75ac7ac5071eea9673b3 ]
devm_kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
Link: https://lore.kernel.org/r/20240118054257.200814-1-chentao@kylinos.cn
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pmdomain/ti/omap_prm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pmdomain/ti/omap_prm.c b/drivers/pmdomain/ti/omap_prm.c
index c2feae3a634ca..b8ceb3c2b81c2 100644
--- a/drivers/pmdomain/ti/omap_prm.c
+++ b/drivers/pmdomain/ti/omap_prm.c
@@ -695,6 +695,8 @@ static int omap_prm_domain_init(struct device *dev, struct omap_prm *prm)
data = prm->data;
name = devm_kasprintf(dev, GFP_KERNEL, "prm_%s",
data->name);
+ if (!name)
+ return -ENOMEM;
prmd->dev = dev;
prmd->prm = prm;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 020/114] pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 019/114] pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 021/114] ionic: set adminq irq affinity Greg Kroah-Hartman
` (104 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Adam Ford, Jacky Bai, Sandor Yu,
Ulf Hansson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adam Ford <aford173@gmail.com>
[ Upstream commit 697624ee8ad557ab5417f985d2c804241a7ad30d ]
According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of
hdmi rx verification IP that should not enable for HDMI TX.
But actually if the clock is disabled before HDMI/LCDIF probe,
LCDIF will not get pixel clock from HDMI PHY and print the error
logs:
[CRTC:39:crtc-2] vblank wait timed out
WARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260
Add fdcc clock to LCDIF and HDMI TX power domains to fix the issue.
Signed-off-by: Adam Ford <aford173@gmail.com>
Reviewed-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Sandor Yu <Sandor.yu@nxp.com>
Link: https://lore.kernel.org/r/20240203165307.7806-5-aford173@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pmdomain/imx/imx8mp-blk-ctrl.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/pmdomain/imx/imx8mp-blk-ctrl.c b/drivers/pmdomain/imx/imx8mp-blk-ctrl.c
index c6ac32c1a8c17..31693add7d633 100644
--- a/drivers/pmdomain/imx/imx8mp-blk-ctrl.c
+++ b/drivers/pmdomain/imx/imx8mp-blk-ctrl.c
@@ -55,7 +55,7 @@ struct imx8mp_blk_ctrl_domain_data {
const char *gpc_name;
};
-#define DOMAIN_MAX_CLKS 2
+#define DOMAIN_MAX_CLKS 3
#define DOMAIN_MAX_PATHS 3
struct imx8mp_blk_ctrl_domain {
@@ -457,8 +457,8 @@ static const struct imx8mp_blk_ctrl_domain_data imx8mp_hdmi_domain_data[] = {
},
[IMX8MP_HDMIBLK_PD_LCDIF] = {
.name = "hdmiblk-lcdif",
- .clk_names = (const char *[]){ "axi", "apb" },
- .num_clks = 2,
+ .clk_names = (const char *[]){ "axi", "apb", "fdcc" },
+ .num_clks = 3,
.gpc_name = "lcdif",
.path_names = (const char *[]){"lcdif-hdmi"},
.num_paths = 1,
@@ -483,8 +483,8 @@ static const struct imx8mp_blk_ctrl_domain_data imx8mp_hdmi_domain_data[] = {
},
[IMX8MP_HDMIBLK_PD_HDMI_TX] = {
.name = "hdmiblk-hdmi-tx",
- .clk_names = (const char *[]){ "apb", "ref_266m" },
- .num_clks = 2,
+ .clk_names = (const char *[]){ "apb", "ref_266m", "fdcc" },
+ .num_clks = 3,
.gpc_name = "hdmi-tx",
},
[IMX8MP_HDMIBLK_PD_HDMI_TX_PHY] = {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 021/114] ionic: set adminq irq affinity
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 020/114] pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 022/114] net: skbuff: add overflow debug check to pull/push helpers Greg Kroah-Hartman
` (103 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shannon Nelson, Brett Creeley,
Jacob Keller, David S. Miller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shannon Nelson <shannon.nelson@amd.com>
[ Upstream commit c699f35d658f3c21b69ed24e64b2ea26381e941d ]
We claim to have the AdminQ on our irq0 and thus cpu id 0,
but we need to be sure we set the affinity hint to try to
keep it there.
Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
Reviewed-by: Brett Creeley <brett.creeley@amd.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/pensando/ionic/ionic_lif.c b/drivers/net/ethernet/pensando/ionic/ionic_lif.c
index adb0f9b01bb1e..4f05cddc65cb4 100644
--- a/drivers/net/ethernet/pensando/ionic/ionic_lif.c
+++ b/drivers/net/ethernet/pensando/ionic/ionic_lif.c
@@ -3468,9 +3468,12 @@ static int ionic_lif_adminq_init(struct ionic_lif *lif)
napi_enable(&qcq->napi);
- if (qcq->flags & IONIC_QCQ_F_INTR)
+ if (qcq->flags & IONIC_QCQ_F_INTR) {
+ irq_set_affinity_hint(qcq->intr.vector,
+ &qcq->intr.affinity_mask);
ionic_intr_mask(idev->intr_ctrl, qcq->intr.index,
IONIC_INTR_MASK_CLEAR);
+ }
qcq->flags |= IONIC_QCQ_F_INITED;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 022/114] net: skbuff: add overflow debug check to pull/push helpers
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 021/114] ionic: set adminq irq affinity Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 023/114] firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Greg Kroah-Hartman
` (102 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Florian Westphal, Simon Horman,
Paolo Abeni, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
[ Upstream commit 219eee9c0d16f1b754a8b85275854ab17df0850a ]
syzbot managed to trigger following splat:
BUG: KASAN: use-after-free in __skb_flow_dissect+0x4a3b/0x5e50
Read of size 1 at addr ffff888208a4000e by task a.out/2313
[..]
__skb_flow_dissect+0x4a3b/0x5e50
__skb_get_hash+0xb4/0x400
ip_tunnel_xmit+0x77e/0x26f0
ipip_tunnel_xmit+0x298/0x410
..
Analysis shows that the skb has a valid ->head, but bogus ->data
pointer.
skb->data gets its bogus value via the neigh layer, which does:
1556 __skb_pull(skb, skb_network_offset(skb));
... and the skb was already dodgy at this point:
skb_network_offset(skb) returns a negative value due to an
earlier overflow of skb->network_header (u16). __skb_pull thus
"adjusts" skb->data by a huge offset, pointing outside skb->head
area.
Allow debug builds to splat when we try to pull/push more than
INT_MAX bytes.
After this, the syzkaller reproducer yields a more precise splat
before the flow dissector attempts to read off skb->data memory:
WARNING: CPU: 5 PID: 2313 at include/linux/skbuff.h:2653 neigh_connected_output+0x28e/0x400
ip_finish_output2+0xb25/0xed0
iptunnel_xmit+0x4ff/0x870
ipgre_xmit+0x78e/0xbb0
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240216113700.23013-1-fw@strlen.de
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/skbuff.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 9e61f6df6bc55..aa8d6e72ad98b 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -2627,6 +2627,8 @@ static inline void skb_put_u8(struct sk_buff *skb, u8 val)
void *skb_push(struct sk_buff *skb, unsigned int len);
static inline void *__skb_push(struct sk_buff *skb, unsigned int len)
{
+ DEBUG_NET_WARN_ON_ONCE(len > INT_MAX);
+
skb->data -= len;
skb->len += len;
return skb->data;
@@ -2635,6 +2637,8 @@ static inline void *__skb_push(struct sk_buff *skb, unsigned int len)
void *skb_pull(struct sk_buff *skb, unsigned int len);
static inline void *__skb_pull(struct sk_buff *skb, unsigned int len)
{
+ DEBUG_NET_WARN_ON_ONCE(len > INT_MAX);
+
skb->len -= len;
if (unlikely(skb->len < skb->data_len)) {
#if defined(CONFIG_DEBUG_NET)
@@ -2659,6 +2663,8 @@ void *__pskb_pull_tail(struct sk_buff *skb, int delta);
static inline enum skb_drop_reason
pskb_may_pull_reason(struct sk_buff *skb, unsigned int len)
{
+ DEBUG_NET_WARN_ON_ONCE(len > INT_MAX);
+
if (likely(len <= skb_headlen(skb)))
return SKB_NOT_DROPPED_YET;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 023/114] firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 022/114] net: skbuff: add overflow debug check to pull/push helpers Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 024/114] wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Greg Kroah-Hartman
` (101 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Markus Elfring, Thierry Reding,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markus Elfring <elfring@users.sourceforge.net>
[ Upstream commit 1315848f1f8a0100cb6f8a7187bc320c5d98947f ]
The kfree() function was called in one case by
the get_filename() function during error handling
even if the passed variable contained a null pointer.
This issue was detected by using the Coccinelle software.
Thus return directly after a call of the function “kzalloc” failed
at the beginning.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/tegra/bpmp-debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c
index 6dfe3d34109ee..b20d04950d99b 100644
--- a/drivers/firmware/tegra/bpmp-debugfs.c
+++ b/drivers/firmware/tegra/bpmp-debugfs.c
@@ -77,7 +77,7 @@ static const char *get_filename(struct tegra_bpmp *bpmp,
root_path_buf = kzalloc(root_path_buf_len, GFP_KERNEL);
if (!root_path_buf)
- goto out;
+ return NULL;
root_path = dentry_path(bpmp->debugfs_mirror, root_path_buf,
root_path_buf_len);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 024/114] wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 023/114] firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 025/114] wifi: mt76: mt7915: add locking for accessing mapped registers Greg Kroah-Hartman
` (100 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Arend van Spriel,
Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 32167707aa5e7ae4b160c18be79d85a7b4fdfcfb ]
The ACEPC W5 Pro HDMI stick contains quite generic names in the sys_vendor
and product_name DMI strings, without this patch brcmfmac will try to load:
"brcmfmac43455-sdio.$(DEFAULT_STRING)-$(DEFAULT_STRING).txt" as nvram file
which is both too generic and messy with the $ symbols in the name.
The ACEPC W5 Pro uses the same Ampak AP6255 module as the ACEPC T8
and the nvram for the T8 is already in linux-firmware, so point the new
DMI nvram filename quirk to the T8 nvram file.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240216213649.251718-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c
index 86ff174936a9a..c3a602197662b 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c
@@ -82,6 +82,15 @@ static const struct dmi_system_id dmi_platform_data[] = {
},
.driver_data = (void *)&acepc_t8_data,
},
+ {
+ /* ACEPC W5 Pro Cherry Trail Z8350 HDMI stick, same wifi as the T8 */
+ .matches = {
+ DMI_MATCH(DMI_BOARD_NAME, "T3 MRD"),
+ DMI_MATCH(DMI_CHASSIS_TYPE, "3"),
+ DMI_MATCH(DMI_BIOS_VENDOR, "American Megatrends Inc."),
+ },
+ .driver_data = (void *)&acepc_t8_data,
+ },
{
/* Chuwi Hi8 Pro with D2D3_Hi8Pro.233 BIOS */
.matches = {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 025/114] wifi: mt76: mt7915: add locking for accessing mapped registers
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 024/114] wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 026/114] wifi: mt76: mt7996: disable AMSDU for non-data frames Greg Kroah-Hartman
` (99 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shayne Chen, Peter Chiu,
Felix Fietkau, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shayne Chen <shayne.chen@mediatek.com>
[ Upstream commit 0937f95ab07af6e663ae932d592f630d9eb591da ]
Sicne the mapping is global, mapped register access needs to be protected
against concurrent access, otherwise a race condition might cause the reads
or writes to go towards the wrong register
Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7915/mmio.c | 45 ++++++++++++++++---
.../wireless/mediatek/mt76/mt7915/mt7915.h | 1 +
2 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
index f4ad7219f94f4..a306a42777d78 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mmio.c
@@ -490,6 +490,11 @@ static u32 __mt7915_reg_addr(struct mt7915_dev *dev, u32 addr)
return dev->reg.map[i].maps + ofs;
}
+ return 0;
+}
+
+static u32 __mt7915_reg_remap_addr(struct mt7915_dev *dev, u32 addr)
+{
if ((addr >= MT_INFRA_BASE && addr < MT_WFSYS0_PHY_START) ||
(addr >= MT_WFSYS0_PHY_START && addr < MT_WFSYS1_PHY_START) ||
(addr >= MT_WFSYS1_PHY_START && addr <= MT_WFSYS1_PHY_END))
@@ -514,15 +519,30 @@ void mt7915_memcpy_fromio(struct mt7915_dev *dev, void *buf, u32 offset,
{
u32 addr = __mt7915_reg_addr(dev, offset);
- memcpy_fromio(buf, dev->mt76.mmio.regs + addr, len);
+ if (addr) {
+ memcpy_fromio(buf, dev->mt76.mmio.regs + addr, len);
+ return;
+ }
+
+ spin_lock_bh(&dev->reg_lock);
+ memcpy_fromio(buf, dev->mt76.mmio.regs +
+ __mt7915_reg_remap_addr(dev, offset), len);
+ spin_unlock_bh(&dev->reg_lock);
}
static u32 mt7915_rr(struct mt76_dev *mdev, u32 offset)
{
struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
- u32 addr = __mt7915_reg_addr(dev, offset);
+ u32 addr = __mt7915_reg_addr(dev, offset), val;
- return dev->bus_ops->rr(mdev, addr);
+ if (addr)
+ return dev->bus_ops->rr(mdev, addr);
+
+ spin_lock_bh(&dev->reg_lock);
+ val = dev->bus_ops->rr(mdev, __mt7915_reg_remap_addr(dev, offset));
+ spin_unlock_bh(&dev->reg_lock);
+
+ return val;
}
static void mt7915_wr(struct mt76_dev *mdev, u32 offset, u32 val)
@@ -530,7 +550,14 @@ static void mt7915_wr(struct mt76_dev *mdev, u32 offset, u32 val)
struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
u32 addr = __mt7915_reg_addr(dev, offset);
- dev->bus_ops->wr(mdev, addr, val);
+ if (addr) {
+ dev->bus_ops->wr(mdev, addr, val);
+ return;
+ }
+
+ spin_lock_bh(&dev->reg_lock);
+ dev->bus_ops->wr(mdev, __mt7915_reg_remap_addr(dev, offset), val);
+ spin_unlock_bh(&dev->reg_lock);
}
static u32 mt7915_rmw(struct mt76_dev *mdev, u32 offset, u32 mask, u32 val)
@@ -538,7 +565,14 @@ static u32 mt7915_rmw(struct mt76_dev *mdev, u32 offset, u32 mask, u32 val)
struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
u32 addr = __mt7915_reg_addr(dev, offset);
- return dev->bus_ops->rmw(mdev, addr, mask, val);
+ if (addr)
+ return dev->bus_ops->rmw(mdev, addr, mask, val);
+
+ spin_lock_bh(&dev->reg_lock);
+ val = dev->bus_ops->rmw(mdev, __mt7915_reg_remap_addr(dev, offset), mask, val);
+ spin_unlock_bh(&dev->reg_lock);
+
+ return val;
}
#ifdef CONFIG_NET_MEDIATEK_SOC_WED
@@ -813,6 +847,7 @@ static int mt7915_mmio_init(struct mt76_dev *mdev,
dev = container_of(mdev, struct mt7915_dev, mt76);
mt76_mmio_init(&dev->mt76, mem_base);
+ spin_lock_init(&dev->reg_lock);
switch (device_id) {
case 0x7915:
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h b/drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h
index 21984e9723709..e192211d4b23e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h
@@ -287,6 +287,7 @@ struct mt7915_dev {
struct list_head sta_rc_list;
struct list_head twt_list;
+ spinlock_t reg_lock;
u32 hw_pattern;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 026/114] wifi: mt76: mt7996: disable AMSDU for non-data frames
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 025/114] wifi: mt76: mt7915: add locking for accessing mapped registers Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 027/114] wifi: mt76: mt7996: add locking for accessing mapped registers Greg Kroah-Hartman
` (98 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Chiu, Shayne Chen,
Felix Fietkau, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Chiu <chui-hao.chiu@mediatek.com>
[ Upstream commit 5d5edc09197cd8c705b42a73cdf8ba03db53c033 ]
Disable AMSDU for non-data frames to prevent TX token leak issues.
Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
index b0d0ae5080e82..73d46ec1181ae 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/mac.c
@@ -757,6 +757,9 @@ mt7996_mac_write_txwi_8023(struct mt7996_dev *dev, __le32 *txwi,
FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype);
txwi[2] |= cpu_to_le32(val);
+
+ if (wcid->amsdu)
+ txwi[3] |= cpu_to_le32(MT_TXD3_HW_AMSDU);
}
static void
@@ -887,8 +890,6 @@ void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi,
val |= MT_TXD3_PROTECT_FRAME;
if (info->flags & IEEE80211_TX_CTL_NO_ACK)
val |= MT_TXD3_NO_ACK;
- if (wcid->amsdu)
- val |= MT_TXD3_HW_AMSDU;
txwi[3] = cpu_to_le32(val);
txwi[4] = 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 027/114] wifi: mt76: mt7996: add locking for accessing mapped registers
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 026/114] wifi: mt76: mt7996: disable AMSDU for non-data frames Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 028/114] ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Greg Kroah-Hartman
` (97 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Shayne Chen, Felix Fietkau,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shayne Chen <shayne.chen@mediatek.com>
[ Upstream commit 3687854d3e7e7fd760d939dd9e5a3520d5ab60fe ]
A race condition was observed when accessing mapped registers, so add
locking to protect against concurrent access.
Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/mediatek/mt76/mt7996/mmio.c | 64 ++++++++++++-------
.../wireless/mediatek/mt76/mt7996/mt7996.h | 3 +-
2 files changed, 43 insertions(+), 24 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mmio.c b/drivers/net/wireless/mediatek/mt76/mt7996/mmio.c
index 3a591a7b47ae6..e75becadc2e54 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/mmio.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/mmio.c
@@ -82,7 +82,6 @@ static u32 mt7996_reg_map_l1(struct mt7996_dev *dev, u32 addr)
u32 offset = FIELD_GET(MT_HIF_REMAP_L1_OFFSET, addr);
u32 base = FIELD_GET(MT_HIF_REMAP_L1_BASE, addr);
- dev->reg_l1_backup = dev->bus_ops->rr(&dev->mt76, MT_HIF_REMAP_L1);
dev->bus_ops->rmw(&dev->mt76, MT_HIF_REMAP_L1,
MT_HIF_REMAP_L1_MASK,
FIELD_PREP(MT_HIF_REMAP_L1_MASK, base));
@@ -97,7 +96,6 @@ static u32 mt7996_reg_map_l2(struct mt7996_dev *dev, u32 addr)
u32 offset = FIELD_GET(MT_HIF_REMAP_L2_OFFSET, addr);
u32 base = FIELD_GET(MT_HIF_REMAP_L2_BASE, addr);
- dev->reg_l2_backup = dev->bus_ops->rr(&dev->mt76, MT_HIF_REMAP_L2);
dev->bus_ops->rmw(&dev->mt76, MT_HIF_REMAP_L2,
MT_HIF_REMAP_L2_MASK,
FIELD_PREP(MT_HIF_REMAP_L2_MASK, base));
@@ -107,26 +105,10 @@ static u32 mt7996_reg_map_l2(struct mt7996_dev *dev, u32 addr)
return MT_HIF_REMAP_BASE_L2 + offset;
}
-static void mt7996_reg_remap_restore(struct mt7996_dev *dev)
-{
- /* remap to ori status */
- if (unlikely(dev->reg_l1_backup)) {
- dev->bus_ops->wr(&dev->mt76, MT_HIF_REMAP_L1, dev->reg_l1_backup);
- dev->reg_l1_backup = 0;
- }
-
- if (dev->reg_l2_backup) {
- dev->bus_ops->wr(&dev->mt76, MT_HIF_REMAP_L2, dev->reg_l2_backup);
- dev->reg_l2_backup = 0;
- }
-}
-
static u32 __mt7996_reg_addr(struct mt7996_dev *dev, u32 addr)
{
int i;
- mt7996_reg_remap_restore(dev);
-
if (addr < 0x100000)
return addr;
@@ -143,6 +125,11 @@ static u32 __mt7996_reg_addr(struct mt7996_dev *dev, u32 addr)
return dev->reg.map[i].mapped + ofs;
}
+ return 0;
+}
+
+static u32 __mt7996_reg_remap_addr(struct mt7996_dev *dev, u32 addr)
+{
if ((addr >= MT_INFRA_BASE && addr < MT_WFSYS0_PHY_START) ||
(addr >= MT_WFSYS0_PHY_START && addr < MT_WFSYS1_PHY_START) ||
(addr >= MT_WFSYS1_PHY_START && addr <= MT_WFSYS1_PHY_END))
@@ -167,28 +154,60 @@ void mt7996_memcpy_fromio(struct mt7996_dev *dev, void *buf, u32 offset,
{
u32 addr = __mt7996_reg_addr(dev, offset);
- memcpy_fromio(buf, dev->mt76.mmio.regs + addr, len);
+ if (addr) {
+ memcpy_fromio(buf, dev->mt76.mmio.regs + addr, len);
+ return;
+ }
+
+ spin_lock_bh(&dev->reg_lock);
+ memcpy_fromio(buf, dev->mt76.mmio.regs +
+ __mt7996_reg_remap_addr(dev, offset), len);
+ spin_unlock_bh(&dev->reg_lock);
}
static u32 mt7996_rr(struct mt76_dev *mdev, u32 offset)
{
struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
+ u32 addr = __mt7996_reg_addr(dev, offset), val;
+
+ if (addr)
+ return dev->bus_ops->rr(mdev, addr);
- return dev->bus_ops->rr(mdev, __mt7996_reg_addr(dev, offset));
+ spin_lock_bh(&dev->reg_lock);
+ val = dev->bus_ops->rr(mdev, __mt7996_reg_remap_addr(dev, offset));
+ spin_unlock_bh(&dev->reg_lock);
+
+ return val;
}
static void mt7996_wr(struct mt76_dev *mdev, u32 offset, u32 val)
{
struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
+ u32 addr = __mt7996_reg_addr(dev, offset);
- dev->bus_ops->wr(mdev, __mt7996_reg_addr(dev, offset), val);
+ if (addr) {
+ dev->bus_ops->wr(mdev, addr, val);
+ return;
+ }
+
+ spin_lock_bh(&dev->reg_lock);
+ dev->bus_ops->wr(mdev, __mt7996_reg_remap_addr(dev, offset), val);
+ spin_unlock_bh(&dev->reg_lock);
}
static u32 mt7996_rmw(struct mt76_dev *mdev, u32 offset, u32 mask, u32 val)
{
struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
+ u32 addr = __mt7996_reg_addr(dev, offset);
+
+ if (addr)
+ return dev->bus_ops->rmw(mdev, addr, mask, val);
+
+ spin_lock_bh(&dev->reg_lock);
+ val = dev->bus_ops->rmw(mdev, __mt7996_reg_remap_addr(dev, offset), mask, val);
+ spin_unlock_bh(&dev->reg_lock);
- return dev->bus_ops->rmw(mdev, __mt7996_reg_addr(dev, offset), mask, val);
+ return val;
}
static int mt7996_mmio_init(struct mt76_dev *mdev,
@@ -200,6 +219,7 @@ static int mt7996_mmio_init(struct mt76_dev *mdev,
dev = container_of(mdev, struct mt7996_dev, mt76);
mt76_mmio_init(&dev->mt76, mem_base);
+ spin_lock_init(&dev->reg_lock);
switch (device_id) {
case 0x7990:
diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h b/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
index d5ef4137290db..25bb365612314 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h
@@ -242,8 +242,7 @@ struct mt7996_dev {
u8 n_agrt;
} twt;
- u32 reg_l1_backup;
- u32 reg_l2_backup;
+ spinlock_t reg_lock;
u8 wtbl_size_group;
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 028/114] ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 027/114] wifi: mt76: mt7996: add locking for accessing mapped registers Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 029/114] pstore/zone: Add a null pointer check to the psz_kmsg_read Greg Kroah-Hartman
` (96 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Hans de Goede, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
[ Upstream commit 7c86e17455de1a442ec906d3449148b5e9a218a4 ]
Some recent(ish) Dell AIO devices have a backlight controller board
connected to an UART.
This UART has a DELL0501 HID with CID set to PNP0501 so that the UART is
still handled by 8250_pnp.c. Unfortunately there is no separate ACPI device
with an UartSerialBusV2() resource to model the backlight-controller.
The next patch in this series will use acpi_quirk_skip_serdev_enumeration()
to still create a serdev for this for a backlight driver to bind to
instead of creating a /dev/ttyS0.
This new acpi_quirk_skip_serdev_enumeration() use is not limited to Android
X86 tablets, so move it out of the ifdef CONFIG_X86_ANDROID_TABLETS block.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/x86/utils.c | 18 ++++++++++++++----
include/acpi/acpi_bus.h | 14 +++++++-------
2 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c
index 63d834dd38112..c708524576df4 100644
--- a/drivers/acpi/x86/utils.c
+++ b/drivers/acpi/x86/utils.c
@@ -429,7 +429,7 @@ bool acpi_quirk_skip_i2c_client_enumeration(struct acpi_device *adev)
}
EXPORT_SYMBOL_GPL(acpi_quirk_skip_i2c_client_enumeration);
-int acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *skip)
+static int acpi_dmi_skip_serdev_enumeration(struct device *controller_parent, bool *skip)
{
struct acpi_device *adev = ACPI_COMPANION(controller_parent);
const struct dmi_system_id *dmi_id;
@@ -437,8 +437,6 @@ int acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *s
u64 uid;
int ret;
- *skip = false;
-
ret = acpi_dev_uid_to_integer(adev, &uid);
if (ret)
return 0;
@@ -464,7 +462,6 @@ int acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *s
return 0;
}
-EXPORT_SYMBOL_GPL(acpi_quirk_skip_serdev_enumeration);
bool acpi_quirk_skip_gpio_event_handlers(void)
{
@@ -479,8 +476,21 @@ bool acpi_quirk_skip_gpio_event_handlers(void)
return (quirks & ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS);
}
EXPORT_SYMBOL_GPL(acpi_quirk_skip_gpio_event_handlers);
+#else
+static int acpi_dmi_skip_serdev_enumeration(struct device *controller_parent, bool *skip)
+{
+ return 0;
+}
#endif
+int acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *skip)
+{
+ *skip = false;
+
+ return acpi_dmi_skip_serdev_enumeration(controller_parent, skip);
+}
+EXPORT_SYMBOL_GPL(acpi_quirk_skip_serdev_enumeration);
+
/* Lists of PMIC ACPI HIDs with an (often better) native charger driver */
static const struct {
const char *hid;
diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h
index 0b7eab0ef7d7f..d9c20ae23b632 100644
--- a/include/acpi/acpi_bus.h
+++ b/include/acpi/acpi_bus.h
@@ -652,6 +652,7 @@ bool acpi_device_override_status(struct acpi_device *adev, unsigned long long *s
bool acpi_quirk_skip_acpi_ac_and_battery(void);
int acpi_install_cmos_rtc_space_handler(acpi_handle handle);
void acpi_remove_cmos_rtc_space_handler(acpi_handle handle);
+int acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *skip);
#else
static inline bool acpi_device_override_status(struct acpi_device *adev,
unsigned long long *status)
@@ -669,23 +670,22 @@ static inline int acpi_install_cmos_rtc_space_handler(acpi_handle handle)
static inline void acpi_remove_cmos_rtc_space_handler(acpi_handle handle)
{
}
+static inline int
+acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *skip)
+{
+ *skip = false;
+ return 0;
+}
#endif
#if IS_ENABLED(CONFIG_X86_ANDROID_TABLETS)
bool acpi_quirk_skip_i2c_client_enumeration(struct acpi_device *adev);
-int acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *skip);
bool acpi_quirk_skip_gpio_event_handlers(void);
#else
static inline bool acpi_quirk_skip_i2c_client_enumeration(struct acpi_device *adev)
{
return false;
}
-static inline int
-acpi_quirk_skip_serdev_enumeration(struct device *controller_parent, bool *skip)
-{
- *skip = false;
- return 0;
-}
static inline bool acpi_quirk_skip_gpio_event_handlers(void)
{
return false;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 029/114] pstore/zone: Add a null pointer check to the psz_kmsg_read
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 028/114] ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 030/114] tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Greg Kroah-Hartman
` (95 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Kunwu Chan, Kees Cook, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kunwu Chan <chentao@kylinos.cn>
[ Upstream commit 98bc7e26e14fbb26a6abf97603d59532475e97f8 ]
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
Link: https://lore.kernel.org/r/20240118100206.213928-1-chentao@kylinos.cn
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/pstore/zone.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/pstore/zone.c b/fs/pstore/zone.c
index 2770746bb7aa1..abca117725c81 100644
--- a/fs/pstore/zone.c
+++ b/fs/pstore/zone.c
@@ -973,6 +973,8 @@ static ssize_t psz_kmsg_read(struct pstore_zone *zone,
char *buf = kasprintf(GFP_KERNEL, "%s: Total %d times\n",
kmsg_dump_reason_str(record->reason),
record->count);
+ if (!buf)
+ return -ENOMEM;
hlen = strlen(buf);
record->buf = krealloc(buf, hlen + size, GFP_KERNEL);
if (!record->buf) {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 030/114] tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 029/114] pstore/zone: Add a null pointer check to the psz_kmsg_read Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 031/114] net: pcs: xpcs: Return EINVAL in the internal methods Greg Kroah-Hartman
` (94 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Samasth Norway Ananda,
Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
[ Upstream commit f85450f134f0b4ca7e042dc3dc89155656a2299d ]
In function get_pkg_num() if fopen_or_die() succeeds it returns a file
pointer to be used. But fclose() is never called before returning from
the function.
Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@oracle.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c b/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c
index 5fd9e594079cf..ebda9c366b2ba 100644
--- a/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c
+++ b/tools/power/x86/x86_energy_perf_policy/x86_energy_perf_policy.c
@@ -1241,6 +1241,7 @@ unsigned int get_pkg_num(int cpu)
retval = fscanf(fp, "%d\n", &pkg);
if (retval != 1)
errx(1, "%s: failed to parse", pathname);
+ fclose(fp);
return pkg;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 031/114] net: pcs: xpcs: Return EINVAL in the internal methods
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 030/114] tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 032/114] dma-direct: Leak pages on dma_set_decrypted() failure Greg Kroah-Hartman
` (93 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Serge Semin, Andrew Lunn,
David S. Miller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Serge Semin <fancer.lancer@gmail.com>
[ Upstream commit f5151005d379d9ce42e327fd3b2d2aaef61cda81 ]
In particular the xpcs_soft_reset() and xpcs_do_config() functions
currently return -1 if invalid auto-negotiation mode is specified. That
value might be then passed to the generic kernel subsystems which require
a standard kernel errno value. Even though the erroneous conditions are
very specific (memory corruption or buggy driver implementation) using a
hard-coded -1 literal doesn't seem correct anyway especially when it comes
to passing it higher to the network subsystem or printing to the system
log. Convert the hard-coded error values to -EINVAL then.
Signed-off-by: Serge Semin <fancer.lancer@gmail.com>
Tested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/pcs/pcs-xpcs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/pcs/pcs-xpcs.c b/drivers/net/pcs/pcs-xpcs.c
index 4dbc21f604f20..f0f41e86a4fb3 100644
--- a/drivers/net/pcs/pcs-xpcs.c
+++ b/drivers/net/pcs/pcs-xpcs.c
@@ -293,7 +293,7 @@ static int xpcs_soft_reset(struct dw_xpcs *xpcs,
dev = MDIO_MMD_VEND2;
break;
default:
- return -1;
+ return -EINVAL;
}
ret = xpcs_write(xpcs, dev, MDIO_CTRL1, MDIO_CTRL1_RESET);
@@ -891,7 +891,7 @@ int xpcs_do_config(struct dw_xpcs *xpcs, phy_interface_t interface,
return ret;
break;
default:
- return -1;
+ return -EINVAL;
}
if (compat->pma_config) {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 032/114] dma-direct: Leak pages on dma_set_decrypted() failure
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 031/114] net: pcs: xpcs: Return EINVAL in the internal methods Greg Kroah-Hartman
@ 2024-04-11 9:55 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 033/114] wifi: ath11k: decrease MHI channel buffer length to 8KB Greg Kroah-Hartman
` (92 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:55 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Rick Edgecombe, Christoph Hellwig,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rick Edgecombe <rick.p.edgecombe@intel.com>
[ Upstream commit b9fa16949d18e06bdf728a560f5c8af56d2bdcaf ]
On TDX it is possible for the untrusted host to cause
set_memory_encrypted() or set_memory_decrypted() to fail such that an
error is returned and the resulting memory is shared. Callers need to
take care to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional or security
issues.
DMA could free decrypted/shared pages if dma_set_decrypted() fails. This
should be a rare case. Just leak the pages in this case instead of
freeing them.
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/direct.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c
index 9596ae1aa0dac..fc2d10b2aca6f 100644
--- a/kernel/dma/direct.c
+++ b/kernel/dma/direct.c
@@ -295,7 +295,7 @@ void *dma_direct_alloc(struct device *dev, size_t size,
} else {
ret = page_address(page);
if (dma_set_decrypted(dev, ret, size))
- goto out_free_pages;
+ goto out_leak_pages;
}
memset(ret, 0, size);
@@ -316,6 +316,8 @@ void *dma_direct_alloc(struct device *dev, size_t size,
out_free_pages:
__dma_direct_free_pages(dev, page, size);
return NULL;
+out_leak_pages:
+ return NULL;
}
void dma_direct_free(struct device *dev, size_t size,
@@ -378,12 +380,11 @@ struct page *dma_direct_alloc_pages(struct device *dev, size_t size,
ret = page_address(page);
if (dma_set_decrypted(dev, ret, size))
- goto out_free_pages;
+ goto out_leak_pages;
memset(ret, 0, size);
*dma_handle = phys_to_dma_direct(dev, page_to_phys(page));
return page;
-out_free_pages:
- __dma_direct_free_pages(dev, page, size);
+out_leak_pages:
return NULL;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 033/114] wifi: ath11k: decrease MHI channel buffer length to 8KB
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2024-04-11 9:55 ` [PATCH 6.6 032/114] dma-direct: Leak pages on dma_set_decrypted() failure Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 034/114] cpufreq: Dont unregister cpufreq cooling on CPU hotplug Greg Kroah-Hartman
` (91 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Vlastimil Babka, Baochen Qiang,
Jeff Johnson, Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baochen Qiang <quic_bqiang@quicinc.com>
[ Upstream commit 1cca1bddf9ef080503c15378cecf4877f7510015 ]
Currently buf_len field of ath11k_mhi_config_qca6390 is assigned
with 0, making MHI use a default size, 64KB, to allocate channel
buffers. This is likely to fail in some scenarios where system
memory is highly fragmented and memory compaction or reclaim is
not allowed.
There is a fail report which is caused by it:
kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb
Workqueue: events_unbound async_run_entry_fn
Call Trace:
<TASK>
dump_stack_lvl+0x47/0x60
warn_alloc+0x13a/0x1b0
? srso_alias_return_thunk+0x5/0xfbef5
? __alloc_pages_direct_compact+0xab/0x210
__alloc_pages_slowpath.constprop.0+0xd3e/0xda0
__alloc_pages+0x32d/0x350
? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]
__kmalloc_large_node+0x72/0x110
__kmalloc+0x37c/0x480
? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]
? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]
mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]
__mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]
? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]
device_for_each_child+0x5c/0xa0
? __pfx_pci_pm_resume+0x10/0x10
ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e]
? srso_alias_return_thunk+0x5/0xfbef5
ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec]
? srso_alias_return_thunk+0x5/0xfbef5
dpm_run_callback+0x8c/0x1e0
device_resume+0x104/0x340
? __pfx_dpm_watchdog_handler+0x10/0x10
async_resume+0x1d/0x30
async_run_entry_fn+0x32/0x120
process_one_work+0x168/0x330
worker_thread+0x2f5/0x410
? __pfx_worker_thread+0x10/0x10
kthread+0xe8/0x120
? __pfx_kthread+0x10/0x10
ret_from_fork+0x34/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
Actually those buffers are used only by QMI target -> host communication.
And for WCN6855 and QCA6390, the largest packet size for that is less
than 6KB. So change buf_len field to 8KB, which results in order 1
allocation if page size is 4KB. In this way, we can at least save some
memory, and as well as decrease the possibility of allocation failure
in those scenarios.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Closes: https://lore.kernel.org/ath11k/96481a45-3547-4d23-ad34-3a8f1d90c1cd@suse.cz/
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://msgid.link/20240223053111.29170-1-quic_bqiang@quicinc.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath11k/mhi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath11k/mhi.c b/drivers/net/wireless/ath/ath11k/mhi.c
index 3ac689f1def40..76de891d6c0f1 100644
--- a/drivers/net/wireless/ath/ath11k/mhi.c
+++ b/drivers/net/wireless/ath/ath11k/mhi.c
@@ -105,7 +105,7 @@ static struct mhi_controller_config ath11k_mhi_config_qca6390 = {
.max_channels = 128,
.timeout_ms = 2000,
.use_bounce_buf = false,
- .buf_len = 0,
+ .buf_len = 8192,
.num_channels = ARRAY_SIZE(ath11k_mhi_channels_qca6390),
.ch_cfg = ath11k_mhi_channels_qca6390,
.num_events = ARRAY_SIZE(ath11k_mhi_events_qca6390),
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 034/114] cpufreq: Dont unregister cpufreq cooling on CPU hotplug
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 033/114] wifi: ath11k: decrease MHI channel buffer length to 8KB Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 035/114] overflow: Allow non-type arg to type_max() and type_min() Greg Kroah-Hartman
` (90 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Manaf Meethalavalappu Pallikunhi,
Roman Stratiienko, Viresh Kumar, Dhruva Gole, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viresh Kumar <viresh.kumar@linaro.org>
[ Upstream commit c4d61a529db788d2e52654f5b02c8d1de4952c5b ]
Offlining a CPU and bringing it back online is a common operation and it
happens frequently during system suspend/resume, where the non-boot CPUs
are hotplugged out during suspend and brought back at resume.
The cpufreq core already tries to make this path as fast as possible as
the changes are only temporary in nature and full cleanup of resources
isn't required in this case. For example the drivers can implement
online()/offline() callbacks to avoid a lot of tear down of resources.
On similar lines, there is no need to unregister the cpufreq cooling
device during suspend / resume, but only while the policy is getting
removed.
Moreover, unregistering the cpufreq cooling device is resulting in an
unwanted outcome, where the system suspend is eventually aborted in the
process. Currently, during system suspend the cpufreq core unregisters
the cooling device, which in turn removes a kobject using device_del()
and that generates a notification to the userspace via uevent broadcast.
This causes system suspend to abort in some setups.
This was also earlier reported (indirectly) by Roman [1]. Maybe there is
another way around to fixing that problem properly, but this change
makes sense anyways.
Move the registering and unregistering of the cooling device to policy
creation and removal times onlyy.
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218521
Reported-by: Manaf Meethalavalappu Pallikunhi <quic_manafm@quicinc.com>
Reported-by: Roman Stratiienko <r.stratiienko@gmail.com>
Link: https://patchwork.kernel.org/project/linux-pm/patch/20220710164026.541466-1-r.stratiienko@gmail.com/ [1]
Tested-by: Manaf Meethalavalappu Pallikunhi <quic_manafm@quicinc.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Dhruva Gole <d-gole@ti.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
index 4bc7c793de3b9..9177265d73b47 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -1576,7 +1576,8 @@ static int cpufreq_online(unsigned int cpu)
if (cpufreq_driver->ready)
cpufreq_driver->ready(policy);
- if (cpufreq_thermal_control_enabled(cpufreq_driver))
+ /* Register cpufreq cooling only for a new policy */
+ if (new_policy && cpufreq_thermal_control_enabled(cpufreq_driver))
policy->cdev = of_cpufreq_cooling_register(policy);
pr_debug("initialization complete\n");
@@ -1660,11 +1661,6 @@ static void __cpufreq_offline(unsigned int cpu, struct cpufreq_policy *policy)
else
policy->last_policy = policy->policy;
- if (cpufreq_thermal_control_enabled(cpufreq_driver)) {
- cpufreq_cooling_unregister(policy->cdev);
- policy->cdev = NULL;
- }
-
if (has_target())
cpufreq_exit_governor(policy);
@@ -1725,6 +1721,15 @@ static void cpufreq_remove_dev(struct device *dev, struct subsys_interface *sif)
return;
}
+ /*
+ * Unregister cpufreq cooling once all the CPUs of the policy are
+ * removed.
+ */
+ if (cpufreq_thermal_control_enabled(cpufreq_driver)) {
+ cpufreq_cooling_unregister(policy->cdev);
+ policy->cdev = NULL;
+ }
+
/* We did light-weight exit earlier, do full tear down now */
if (cpufreq_driver->offline)
cpufreq_driver->exit(policy);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 035/114] overflow: Allow non-type arg to type_max() and type_min()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 034/114] cpufreq: Dont unregister cpufreq cooling on CPU hotplug Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 036/114] wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Greg Kroah-Hartman
` (89 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Kees Cook, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
[ Upstream commit bd1ebf2467f9c5d157bec7b025e83f8ffdae1318 ]
A common use of type_max() is to find the max for the type of a
variable. Using the pattern type_max(typeof(var)) is needlessly
verbose. Instead, since typeof(type) == type we can just explicitly
call typeof() on the argument to type_max() and type_min(). Add
wrappers for readability.
We can do some replacements right away:
$ git grep '\btype_\(min\|max\)(typeof' | wc -l
11
Link: https://lore.kernel.org/r/20240301062221.work.840-kees@kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/overflow.h | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/include/linux/overflow.h b/include/linux/overflow.h
index f9b60313eaea2..e04f679476473 100644
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -31,8 +31,10 @@
* credit to Christian Biere.
*/
#define __type_half_max(type) ((type)1 << (8*sizeof(type) - 1 - is_signed_type(type)))
-#define type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
-#define type_min(T) ((T)((T)-type_max(T)-(T)1))
+#define __type_max(T) ((T)((__type_half_max(T) - 1) + __type_half_max(T)))
+#define type_max(t) __type_max(typeof(t))
+#define __type_min(T) ((T)((T)-type_max(T)-(T)1))
+#define type_min(t) __type_min(typeof(t))
/*
* Avoids triggering -Wtype-limits compilation warning,
@@ -130,10 +132,10 @@ static inline bool __must_check __must_check_overflow(bool overflow)
#define __overflows_type_constexpr(x, T) ( \
is_unsigned_type(typeof(x)) ? \
- (x) > type_max(typeof(T)) : \
+ (x) > type_max(T) : \
is_unsigned_type(typeof(T)) ? \
- (x) < 0 || (x) > type_max(typeof(T)) : \
- (x) < type_min(typeof(T)) || (x) > type_max(typeof(T)))
+ (x) < 0 || (x) > type_max(T) : \
+ (x) < type_min(T) || (x) > type_max(T))
#define __overflows_type(x, T) ({ \
typeof(T) v = 0; \
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 036/114] wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 035/114] overflow: Allow non-type arg to type_max() and type_min() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 037/114] wifi: cfg80211: check A-MSDU format more carefully Greg Kroah-Hartman
` (88 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Miri Korenblit,
Johannes Berg, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 4223675d2b5912060a85e48fd8fee51207e00957 ]
A few models require *.pnvm files while we don't declare them via
MODULE_FIRMWARE(). This resulted in the breakage of WiFi on the
system that relies on the information from modinfo (e.g. openSUSE
installer image).
This patch adds those missing MODULE_FIRMWARE() entries for *.pnvm
files.
type=feature
ticket=none
Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1207553
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://msgid.link/20240228163837.4320-1-tiwai@suse.de
[move to appropriate files]
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/cfg/ax210.c | 6 ++++++
drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/cfg/ax210.c b/drivers/net/wireless/intel/iwlwifi/cfg/ax210.c
index 8d5f9dce71d58..dc9667586de9e 100644
--- a/drivers/net/wireless/intel/iwlwifi/cfg/ax210.c
+++ b/drivers/net/wireless/intel/iwlwifi/cfg/ax210.c
@@ -299,3 +299,9 @@ MODULE_FIRMWARE(IWL_MA_B_HR_B_FW_MODULE_FIRMWARE(IWL_AX210_UCODE_API_MAX));
MODULE_FIRMWARE(IWL_MA_B_GF_A_FW_MODULE_FIRMWARE(IWL_AX210_UCODE_API_MAX));
MODULE_FIRMWARE(IWL_MA_B_GF4_A_FW_MODULE_FIRMWARE(IWL_AX210_UCODE_API_MAX));
MODULE_FIRMWARE(IWL_MA_B_MR_A_FW_MODULE_FIRMWARE(IWL_AX210_UCODE_API_MAX));
+
+MODULE_FIRMWARE("iwlwifi-so-a0-gf-a0.pnvm");
+MODULE_FIRMWARE("iwlwifi-so-a0-gf4-a0.pnvm");
+MODULE_FIRMWARE("iwlwifi-ty-a0-gf-a0.pnvm");
+MODULE_FIRMWARE("iwlwifi-ma-b0-gf-a0.pnvm");
+MODULE_FIRMWARE("iwlwifi-ma-b0-gf4-a0.pnvm");
diff --git a/drivers/net/wireless/intel/iwlwifi/cfg/bz.c b/drivers/net/wireless/intel/iwlwifi/cfg/bz.c
index 42e765fe3cfe1..cc71b513adf98 100644
--- a/drivers/net/wireless/intel/iwlwifi/cfg/bz.c
+++ b/drivers/net/wireless/intel/iwlwifi/cfg/bz.c
@@ -179,3 +179,5 @@ MODULE_FIRMWARE(IWL_BZ_A_FM_C_MODULE_FIRMWARE(IWL_BZ_UCODE_API_MAX));
MODULE_FIRMWARE(IWL_BZ_A_FM4_B_MODULE_FIRMWARE(IWL_BZ_UCODE_API_MAX));
MODULE_FIRMWARE(IWL_GL_B_FM_B_MODULE_FIRMWARE(IWL_BZ_UCODE_API_MAX));
MODULE_FIRMWARE(IWL_GL_C_FM_C_MODULE_FIRMWARE(IWL_BZ_UCODE_API_MAX));
+
+MODULE_FIRMWARE("iwlwifi-gl-c0-fm-c0.pnvm");
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 037/114] wifi: cfg80211: check A-MSDU format more carefully
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 036/114] wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 038/114] btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Greg Kroah-Hartman
` (87 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+d050d437fe47d479d210,
Johannes Berg, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 9ad7974856926129f190ffbe3beea78460b3b7cc ]
If it looks like there's another subframe in the A-MSDU
but the header isn't fully there, we can end up reading
data out of bounds, only to discard later. Make this a
bit more careful and check if the subframe header can
even be present.
Reported-by: syzbot+d050d437fe47d479d210@syzkaller.appspotmail.com
Link: https://msgid.link/20240226203405.a731e2c95e38.I82ce7d8c0cc8970ce29d0a39fdc07f1ffc425be4@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/wireless/util.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 1783ab9d57a31..9aa7bdce20b26 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -797,15 +797,19 @@ ieee80211_amsdu_subframe_length(void *field, u8 mesh_flags, u8 hdr_type)
bool ieee80211_is_valid_amsdu(struct sk_buff *skb, u8 mesh_hdr)
{
- int offset = 0, remaining, subframe_len, padding;
+ int offset = 0, subframe_len, padding;
for (offset = 0; offset < skb->len; offset += subframe_len + padding) {
+ int remaining = skb->len - offset;
struct {
__be16 len;
u8 mesh_flags;
} hdr;
u16 len;
+ if (sizeof(hdr) > remaining)
+ return false;
+
if (skb_copy_bits(skb, offset + 2 * ETH_ALEN, &hdr, sizeof(hdr)) < 0)
return false;
@@ -813,7 +817,6 @@ bool ieee80211_is_valid_amsdu(struct sk_buff *skb, u8 mesh_hdr)
mesh_hdr);
subframe_len = sizeof(struct ethhdr) + len;
padding = (4 - subframe_len) & 0x3;
- remaining = skb->len - offset;
if (subframe_len > remaining)
return false;
@@ -831,7 +834,7 @@ void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list,
{
unsigned int hlen = ALIGN(extra_headroom, 4);
struct sk_buff *frame = NULL;
- int offset = 0, remaining;
+ int offset = 0;
struct {
struct ethhdr eth;
uint8_t flags;
@@ -845,10 +848,14 @@ void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list,
copy_len = sizeof(hdr);
while (!last) {
+ int remaining = skb->len - offset;
unsigned int subframe_len;
int len, mesh_len = 0;
u8 padding;
+ if (copy_len > remaining)
+ goto purge;
+
skb_copy_bits(skb, offset, &hdr, copy_len);
if (iftype == NL80211_IFTYPE_MESH_POINT)
mesh_len = __ieee80211_get_mesh_hdrlen(hdr.flags);
@@ -858,7 +865,6 @@ void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list,
padding = (4 - subframe_len) & 0x3;
/* the last MSDU has no padding */
- remaining = skb->len - offset;
if (subframe_len > remaining)
goto purge;
/* mitigate A-MSDU aggregation injection attacks */
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 038/114] btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 037/114] wifi: cfg80211: check A-MSDU format more carefully Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 039/114] btrfs: export: handle invalid inode or root reference in btrfs_get_parent() Greg Kroah-Hartman
` (86 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Josef Bacik, Anand Jain,
David Sterba, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Sterba <dsterba@suse.com>
[ Upstream commit 7411055db5ce64f836aaffd422396af0075fdc99 ]
The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,
as it could be caused only by two impossible conditions:
- at first the search key is set up to look for a chunk tree item, with
offset -1, this is an inexact search and the key->offset will contain
the correct offset upon a successful search, a valid chunk tree item
cannot have an offset -1
- after first successful search, the found_key corresponds to a chunk
item, the offset is decremented by 1 before the next loop, it's
impossible to find a chunk item there due to alignment and size
constraints
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/volumes.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 36adbb3d096a9..453d037987fb3 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -3352,7 +3352,17 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info)
mutex_unlock(&fs_info->reclaim_bgs_lock);
goto error;
}
- BUG_ON(ret == 0); /* Corruption */
+ if (ret == 0) {
+ /*
+ * On the first search we would find chunk tree with
+ * offset -1, which is not possible. On subsequent
+ * loops this would find an existing item on an invalid
+ * offset (one less than the previous one, wrong
+ * alignment and size).
+ */
+ ret = -EUCLEAN;
+ goto error;
+ }
ret = btrfs_previous_item(chunk_root, path, key.objectid,
key.type);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 039/114] btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 038/114] btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 040/114] btrfs: send: handle path ref underflow in header iterate_inode_ref() Greg Kroah-Hartman
` (85 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Josef Bacik, Anand Jain,
David Sterba, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Sterba <dsterba@suse.com>
[ Upstream commit 26b66d1d366a375745755ca7365f67110bbf6bd5 ]
The get_parent handler looks up a parent of a given dentry, this can be
either a subvolume or a directory. The search is set up with offset -1
but it's never expected to find such item, as it would break allowed
range of inode number or a root id. This means it's a corruption (ext4
also returns this error code).
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/export.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/export.c b/fs/btrfs/export.c
index 744a02b7fd671..203e5964c9b0f 100644
--- a/fs/btrfs/export.c
+++ b/fs/btrfs/export.c
@@ -174,8 +174,15 @@ struct dentry *btrfs_get_parent(struct dentry *child)
ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
if (ret < 0)
goto fail;
+ if (ret == 0) {
+ /*
+ * Key with offset of -1 found, there would have to exist an
+ * inode with such number or a root with such id.
+ */
+ ret = -EUCLEAN;
+ goto fail;
+ }
- BUG_ON(ret == 0); /* Key with offset of -1 found */
if (path->slots[0] == 0) {
ret = -ENOENT;
goto fail;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 040/114] btrfs: send: handle path ref underflow in header iterate_inode_ref()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 039/114] btrfs: export: handle invalid inode or root reference in btrfs_get_parent() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 041/114] ice: use relative VSI index for VFs instead of PF VSI number Greg Kroah-Hartman
` (84 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, David Sterba, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Sterba <dsterba@suse.com>
[ Upstream commit 3c6ee34c6f9cd12802326da26631232a61743501 ]
Change BUG_ON to proper error handling if building the path buffer
fails. The pointers are not printed so we don't accidentally leak kernel
addresses.
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/send.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index 6a1102954a0ab..b430e03260fbf 100644
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -1070,7 +1070,15 @@ static int iterate_inode_ref(struct btrfs_root *root, struct btrfs_path *path,
ret = PTR_ERR(start);
goto out;
}
- BUG_ON(start < p->buf);
+ if (unlikely(start < p->buf)) {
+ btrfs_err(root->fs_info,
+ "send: path ref buffer underflow for key (%llu %u %llu)",
+ found_key->objectid,
+ found_key->type,
+ found_key->offset);
+ ret = -EINVAL;
+ goto out;
+ }
}
p->start = start;
} else {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 041/114] ice: use relative VSI index for VFs instead of PF VSI number
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 040/114] btrfs: send: handle path ref underflow in header iterate_inode_ref() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 042/114] net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Greg Kroah-Hartman
` (83 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jacob Keller, Przemek Kitszel,
Rafal Romanowski, Tony Nguyen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jacob Keller <jacob.e.keller@intel.com>
[ Upstream commit 11fbb1bfb5bc8c98b2d7db9da332b5e568f4aaab ]
When initializing over virtchnl, the PF is required to pass a VSI ID to the
VF as part of its capabilities exchange. The VF driver reports this value
back to the PF in a variety of commands. The PF driver validates that this
value matches the value it sent to the VF.
Some hardware families such as the E700 series could use this value when
reading RSS registers or communicating directly with firmware over the
Admin Queue.
However, E800 series hardware does not support any of these interfaces and
the VF's only use for this value is to report it back to the PF. Thus,
there is no requirement that this value be an actual VSI ID value of any
kind.
The PF driver already does not trust that the VF sends it a real VSI ID.
The VSI structure is always looked up from the VF structure. The PF does
validate that the VSI ID provided matches a VSI associated with the VF, but
otherwise does not use the VSI ID for any purpose.
Instead of reporting the VSI number relative to the PF space, report a
fixed value of 1. When communicating with the VF over virtchnl, validate
that the VSI number is returned appropriately.
This avoids leaking information about the firmware of the PF state.
Currently the ice driver only supplies a VF with a single VSI. However, it
appears that virtchnl has some support for allowing multiple VSIs. I did
not attempt to implement this. However, space is left open to allow further
relative indexes if additional VSIs are provided in future feature
development. For this reason, keep the ice_vc_isvalid_vsi_id function in
place to allow extending it for multiple VSIs in the future.
This change will also simplify handling of live migration in a future
series. Since we no longer will provide a real VSI number to the VF, there
will be no need to keep track of this number when migrating to a new host.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 9 ++-------
drivers/net/ethernet/intel/ice/ice_virtchnl.h | 9 +++++++++
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index 3a28210be3c23..d8509e86214ef 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -496,7 +496,7 @@ static int ice_vc_get_vf_res_msg(struct ice_vf *vf, u8 *msg)
vfres->rss_lut_size = ICE_LUT_VSI_SIZE;
vfres->max_mtu = ice_vc_get_max_frame_size(vf);
- vfres->vsi_res[0].vsi_id = vf->lan_vsi_num;
+ vfres->vsi_res[0].vsi_id = ICE_VF_VSI_ID;
vfres->vsi_res[0].vsi_type = VIRTCHNL_VSI_SRIOV;
vfres->vsi_res[0].num_queue_pairs = vsi->num_txq;
ether_addr_copy(vfres->vsi_res[0].default_mac_addr,
@@ -542,12 +542,7 @@ static void ice_vc_reset_vf_msg(struct ice_vf *vf)
*/
bool ice_vc_isvalid_vsi_id(struct ice_vf *vf, u16 vsi_id)
{
- struct ice_pf *pf = vf->pf;
- struct ice_vsi *vsi;
-
- vsi = ice_find_vsi(pf, vsi_id);
-
- return (vsi && (vsi->vf == vf));
+ return vsi_id == ICE_VF_VSI_ID;
}
/**
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.h b/drivers/net/ethernet/intel/ice/ice_virtchnl.h
index cd747718de738..a0d03f350dfc7 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.h
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.h
@@ -19,6 +19,15 @@
#define ICE_MAX_MACADDR_PER_VF 18
#define ICE_FLEX_DESC_RXDID_MAX_NUM 64
+/* VFs only get a single VSI. For ice hardware, the VF does not need to know
+ * its VSI index. However, the virtchnl interface requires a VSI number,
+ * mainly due to legacy hardware.
+ *
+ * Since the VF doesn't need this information, report a static value to the VF
+ * instead of leaking any information about the PF or hardware setup.
+ */
+#define ICE_VF_VSI_ID 1
+
struct ice_virtchnl_ops {
int (*get_ver_msg)(struct ice_vf *vf, u8 *msg);
int (*get_vf_res_msg)(struct ice_vf *vf, u8 *msg);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 042/114] net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 041/114] ice: use relative VSI index for VFs instead of PF VSI number Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 043/114] Bluetooth: btintel: Fix null ptr deref in btintel_read_version Greg Kroah-Hartman
` (82 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet, Wenjia Zhang,
Jan Karcher, D. Wythe, Tony Lu, Wen Gu, Paolo Abeni, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 00af2aa93b76b1bade471ad0d0525d4d29ca5cc0 ]
Many syzbot reports show extreme rtnl pressure, and many of them hint
that smc acquires rtnl in netns creation for no good reason [1]
This patch returns early from smc_pnet_net_init()
if there is no netdevice yet.
I am not even sure why smc_pnet_create_pnetids_list() even exists,
because smc_pnet_netdev_event() is also calling
smc_pnet_add_base_pnetid() when handling NETDEV_UP event.
[1] extract of typical syzbot reports
2 locks held by syz-executor.3/12252:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.4/12253:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.1/12257:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.2/12261:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.0/12265:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.3/12268:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.4/12271:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.1/12274:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
2 locks held by syz-executor.2/12280:
#0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline]
#1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Wenjia Zhang <wenjia@linux.ibm.com>
Cc: Jan Karcher <jaka@linux.ibm.com>
Cc: "D. Wythe" <alibuda@linux.alibaba.com>
Cc: Tony Lu <tonylu@linux.alibaba.com>
Cc: Wen Gu <guwen@linux.alibaba.com>
Reviewed-by: Wenjia Zhang <wenjia@linux.ibm.com>
Link: https://lore.kernel.org/r/20240302100744.3868021-1-edumazet@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/smc_pnet.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/net/smc/smc_pnet.c b/net/smc/smc_pnet.c
index 11775401df689..306b536fa89e9 100644
--- a/net/smc/smc_pnet.c
+++ b/net/smc/smc_pnet.c
@@ -806,6 +806,16 @@ static void smc_pnet_create_pnetids_list(struct net *net)
u8 ndev_pnetid[SMC_MAX_PNETID_LEN];
struct net_device *dev;
+ /* Newly created netns do not have devices.
+ * Do not even acquire rtnl.
+ */
+ if (list_empty(&net->dev_base_head))
+ return;
+
+ /* Note: This might not be needed, because smc_pnet_netdev_event()
+ * is also calling smc_pnet_add_base_pnetid() when handling
+ * NETDEV_UP event.
+ */
rtnl_lock();
for_each_netdev(net, dev)
smc_pnet_add_base_pnetid(net, dev, ndev_pnetid);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 043/114] Bluetooth: btintel: Fix null ptr deref in btintel_read_version
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 042/114] net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 044/114] Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Greg Kroah-Hartman
` (81 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Edward Adam Davis,
Luiz Augusto von Dentz, Sasha Levin, syzbot+830d9e3fa61968246abd
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Adam Davis <eadavis@qq.com>
[ Upstream commit b79e040910101b020931ba0c9a6b77e81ab7f645 ]
If hci_cmd_sync_complete() is triggered and skb is NULL, then
hdev->req_skb is NULL, which will cause this issue.
Reported-and-tested-by: syzbot+830d9e3fa61968246abd@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btintel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
index 2462796a512a5..b396b0b1d6cc2 100644
--- a/drivers/bluetooth/btintel.c
+++ b/drivers/bluetooth/btintel.c
@@ -435,7 +435,7 @@ int btintel_read_version(struct hci_dev *hdev, struct intel_version *ver)
struct sk_buff *skb;
skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
- if (IS_ERR(skb)) {
+ if (IS_ERR_OR_NULL(skb)) {
bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
PTR_ERR(skb));
return PTR_ERR(skb);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 044/114] Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 043/114] Bluetooth: btintel: Fix null ptr deref in btintel_read_version Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 045/114] Bluetooth: Add new quirk for broken read key length on ATS2851 Greg Kroah-Hartman
` (80 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Paul Menzel,
Matthias Brugger, Luiz Augusto von Dentz, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Iwai <tiwai@suse.de>
[ Upstream commit 3e465a07cdf444140f16bc57025c23fcafdde997 ]
Since dracut refers to the module info for defining the required
firmware files and btmtk driver doesn't provide the firmware info for
MT7922, the generate initrd misses the firmware, resulting in the
broken Bluetooth.
This patch simply adds the MODULE_FIRMWARE() for the missing entry
for covering that.
Link: https://bugzilla.suse.com/show_bug.cgi?id=1214133
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btmtk.c | 1 +
drivers/bluetooth/btmtk.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index 285418dbb43f5..ac8ebccd35075 100644
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -422,5 +422,6 @@ MODULE_LICENSE("GPL");
MODULE_FIRMWARE(FIRMWARE_MT7622);
MODULE_FIRMWARE(FIRMWARE_MT7663);
MODULE_FIRMWARE(FIRMWARE_MT7668);
+MODULE_FIRMWARE(FIRMWARE_MT7922);
MODULE_FIRMWARE(FIRMWARE_MT7961);
MODULE_FIRMWARE(FIRMWARE_MT7925);
diff --git a/drivers/bluetooth/btmtk.h b/drivers/bluetooth/btmtk.h
index 56f5502baadf9..cbcdb99a22e6d 100644
--- a/drivers/bluetooth/btmtk.h
+++ b/drivers/bluetooth/btmtk.h
@@ -4,6 +4,7 @@
#define FIRMWARE_MT7622 "mediatek/mt7622pr2h.bin"
#define FIRMWARE_MT7663 "mediatek/mt7663pr2h.bin"
#define FIRMWARE_MT7668 "mediatek/mt7668pr2h.bin"
+#define FIRMWARE_MT7922 "mediatek/BT_RAM_CODE_MT7922_1_1_hdr.bin"
#define FIRMWARE_MT7961 "mediatek/BT_RAM_CODE_MT7961_1_2_hdr.bin"
#define FIRMWARE_MT7925 "mediatek/mt7925/BT_RAM_CODE_MT7925_1_1_hdr.bin"
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 045/114] Bluetooth: Add new quirk for broken read key length on ATS2851
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 044/114] Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 046/114] drm/vc4: dont check if plane->state->fb == state->fb Greg Kroah-Hartman
` (79 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Vinicius Peixoto,
Luiz Augusto von Dentz, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vinicius Peixoto <nukelet64@gmail.com>
[ Upstream commit 48201a3b3f398be6a01f78a14b18bd5d31c47458 ]
The ATS2851 controller erroneously reports support for the "Read
Encryption Key Length" HCI command. This makes it unable to connect
to any devices, since this command is issued by the kernel during the
connection process in response to an "Encryption Change" HCI event.
Add a new quirk (HCI_QUIRK_BROKEN_ENC_KEY_SIZE) to hint that the command
is unsupported, preventing it from interrupting the connection process.
This is the error log from btmon before this patch:
> HCI Event: Encryption Change (0x08) plen 4
Status: Success (0x00)
Handle: 2048 Address: ...
Encryption: Enabled with E0 (0x01)
< HCI Command: Read Encryption Key Size (0x05|0x0008) plen 2
Handle: 2048 Address: ...
> HCI Event: Command Status (0x0f) plen 4
Read Encryption Key Size (0x05|0x0008) ncmd 1
Status: Unknown HCI Command (0x01)
Signed-off-by: Vinicius Peixoto <nukelet64@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btusb.c | 1 +
include/net/bluetooth/hci.h | 8 ++++++++
net/bluetooth/hci_event.c | 3 ++-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index 8dbdc51976e7b..1976593bc804e 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -4477,6 +4477,7 @@ static int btusb_probe(struct usb_interface *intf,
set_bit(HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, &hdev->quirks);
set_bit(HCI_QUIRK_BROKEN_SET_RPA_TIMEOUT, &hdev->quirks);
set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks);
+ set_bit(HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, &hdev->quirks);
}
if (!reset)
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index 03e68a8e229f5..35c5f75a3a5ee 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -339,6 +339,14 @@ enum {
* during the hdev->setup vendor callback.
*/
HCI_QUIRK_BROKEN_LE_CODED,
+
+ /*
+ * When this quirk is set, the HCI_OP_READ_ENC_KEY_SIZE command is
+ * skipped during an HCI_EV_ENCRYPT_CHANGE event. This is required
+ * for Actions Semiconductor ATS2851 based controllers, which erroneously
+ * claim to support it.
+ */
+ HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE,
};
/* HCI device flags */
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index bb0e5902a3e60..80e71ce32f09f 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3679,7 +3679,8 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, void *data,
* controller really supports it. If it doesn't, assume
* the default size (16).
*/
- if (!(hdev->commands[20] & 0x10)) {
+ if (!(hdev->commands[20] & 0x10) ||
+ test_bit(HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, &hdev->quirks)) {
conn->enc_key_size = HCI_LINK_KEY_SIZE;
goto notify;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 046/114] drm/vc4: dont check if plane->state->fb == state->fb
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 045/114] Bluetooth: Add new quirk for broken read key length on ATS2851 Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 047/114] Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Greg Kroah-Hartman
` (78 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Maíra Canal, Maxime Ripard,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maíra Canal <mcanal@igalia.com>
[ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ]
Currently, when using non-blocking commits, we can see the following
kernel warning:
[ 110.908514] ------------[ cut here ]------------
[ 110.908529] refcount_t: underflow; use-after-free.
[ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0
[ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6
[ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32
[ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)
[ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0
[ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0
[ 110.909170] sp : ffffffc00913b9c0
[ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60
[ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480
[ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78
[ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000
[ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004
[ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003
[ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00
[ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572
[ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000
[ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001
[ 110.909434] Call trace:
[ 110.909441] refcount_dec_not_one+0xb8/0xc0
[ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4]
[ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4]
[ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper]
[ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4]
[ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper]
[ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper]
[ 110.911716] drm_atomic_commit+0xb0/0xdc [drm]
[ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm]
[ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm]
[ 110.914091] drm_ioctl+0x24c/0x3b0 [drm]
[ 110.914850] __arm64_sys_ioctl+0x9c/0xd4
[ 110.914873] invoke_syscall+0x4c/0x114
[ 110.914897] el0_svc_common+0xd0/0x118
[ 110.914917] do_el0_svc+0x38/0xd0
[ 110.914936] el0_svc+0x30/0x8c
[ 110.914958] el0t_64_sync_handler+0x84/0xf0
[ 110.914979] el0t_64_sync+0x18c/0x190
[ 110.914996] ---[ end trace 0000000000000000 ]---
This happens because, although `prepare_fb` and `cleanup_fb` are
perfectly balanced, we cannot guarantee consistency in the check
plane->state->fb == state->fb. This means that sometimes we can increase
the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The
opposite can also be true.
In fact, the struct drm_plane .state shouldn't be accessed directly
but instead, the `drm_atomic_get_new_plane_state()` helper function should
be used. So, we could stick to this check, but using
`drm_atomic_get_new_plane_state()`. But actually, this check is not really
needed. We can increase and decrease the refcount symmetrically without
problems.
This is going to make the code more simple and consistent.
Signed-off-by: Maíra Canal <mcanal@igalia.com>
Acked-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcanal@igalia.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_plane.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
index 00e713faecd5a..5948e34f7f813 100644
--- a/drivers/gpu/drm/vc4/vc4_plane.c
+++ b/drivers/gpu/drm/vc4/vc4_plane.c
@@ -1505,9 +1505,6 @@ static int vc4_prepare_fb(struct drm_plane *plane,
drm_gem_plane_helper_prepare_fb(plane, state);
- if (plane->state->fb == state->fb)
- return 0;
-
return vc4_bo_inc_usecnt(bo);
}
@@ -1516,7 +1513,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane,
{
struct vc4_bo *bo;
- if (plane->state->fb == state->fb || !state->fb)
+ if (!state->fb)
return;
bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 047/114] Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 046/114] drm/vc4: dont check if plane->state->fb == state->fb Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 048/114] drm: panel-orientation-quirks: Add quirk for GPD Win Mini Greg Kroah-Hartman
` (77 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kunwu Chan, Dmitry Torokhov,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kunwu Chan <chentao@kylinos.cn>
[ Upstream commit bc4996184d56cfaf56d3811ac2680c8a0e2af56e ]
While input core can work with input->phys set to NULL userspace might
depend on it, so better fail probing if allocation fails. The system must
be in a pretty bad shape for it to happen anyway.
Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
Link: https://lore.kernel.org/r/20240117073124.143636-1-chentao@kylinos.cn
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/rmi4/rmi_driver.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
index 258d5fe3d395c..aa32371f04af6 100644
--- a/drivers/input/rmi4/rmi_driver.c
+++ b/drivers/input/rmi4/rmi_driver.c
@@ -1196,7 +1196,11 @@ static int rmi_driver_probe(struct device *dev)
}
rmi_driver_set_input_params(rmi_dev, data->input);
data->input->phys = devm_kasprintf(dev, GFP_KERNEL,
- "%s/input0", dev_name(dev));
+ "%s/input0", dev_name(dev));
+ if (!data->input->phys) {
+ retval = -ENOMEM;
+ goto err;
+ }
}
retval = rmi_init_functions(data);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 048/114] drm: panel-orientation-quirks: Add quirk for GPD Win Mini
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 047/114] Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 049/114] ASoC: SOF: amd: Optimize quirk for Valve Galileo Greg Kroah-Hartman
` (76 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Samuel Dionne-Riel, Linus Walleij,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
[ Upstream commit 2f862fdc0fd802e728b6ca96bc78ec3f01bf161e ]
This adds a DMI orientation quirk for the GPD Win Mini panel.
Signed-off-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20231222030149.3740815-2-samuel@dionne-riel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel_orientation_quirks.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c
index d5c15292ae937..3fe5e6439c401 100644
--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c
+++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c
@@ -117,6 +117,12 @@ static const struct drm_dmi_panel_orientation_data lcd1080x1920_leftside_up = {
.orientation = DRM_MODE_PANEL_ORIENTATION_LEFT_UP,
};
+static const struct drm_dmi_panel_orientation_data lcd1080x1920_rightside_up = {
+ .width = 1080,
+ .height = 1920,
+ .orientation = DRM_MODE_PANEL_ORIENTATION_RIGHT_UP,
+};
+
static const struct drm_dmi_panel_orientation_data lcd1200x1920_rightside_up = {
.width = 1200,
.height = 1920,
@@ -279,6 +285,12 @@ static const struct dmi_system_id orientation_data[] = {
DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "G1618-03")
},
.driver_data = (void *)&lcd720x1280_rightside_up,
+ }, { /* GPD Win Mini */
+ .matches = {
+ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "GPD"),
+ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "G1617-01")
+ },
+ .driver_data = (void *)&lcd1080x1920_rightside_up,
}, { /* I.T.Works TW891 */
.matches = {
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "To be filled by O.E.M."),
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 049/114] ASoC: SOF: amd: Optimize quirk for Valve Galileo
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 048/114] drm: panel-orientation-quirks: Add quirk for GPD Win Mini Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 050/114] drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Greg Kroah-Hartman
` (75 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Cristian Ciocaltea, Emil Velikov,
Mark Brown, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
[ Upstream commit a13f0c3c0e8fb3e61fbfd99c6b350cf9be0c4660 ]
Valve's Steam Deck OLED is uniquely identified by vendor and product
name (Galileo) DMI fields.
Simplify the quirk by removing the unnecessary match on product family.
Additionally, fix the related comment as it points to the old product
variant.
Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Link: https://msgid.link/r/20231219030728.2431640-7-cristian.ciocaltea@collabora.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/sof/amd/acp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/soc/sof/amd/acp.c b/sound/soc/sof/amd/acp.c
index cc006d7038d97..add386f749ae9 100644
--- a/sound/soc/sof/amd/acp.c
+++ b/sound/soc/sof/amd/acp.c
@@ -28,11 +28,10 @@ MODULE_PARM_DESC(enable_fw_debug, "Enable Firmware debug");
const struct dmi_system_id acp_sof_quirk_table[] = {
{
- /* Valve Jupiter device */
+ /* Steam Deck OLED device */
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Valve"),
DMI_MATCH(DMI_PRODUCT_NAME, "Galileo"),
- DMI_MATCH(DMI_PRODUCT_FAMILY, "Sephiroth"),
},
.driver_data = (void *)SECURED_FIRMWARE,
},
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 050/114] drm/ttm: return ENOSPC from ttm_bo_mem_space v3
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 049/114] ASoC: SOF: amd: Optimize quirk for Valve Galileo Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 051/114] pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Greg Kroah-Hartman
` (74 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Zack Rusin,
Thomas Hellström, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian König <christian.koenig@amd.com>
[ Upstream commit 28e5126718c7b306b8c29d2ae8f48417e9303aa1 ]
Only convert it to ENOMEM in ttm_bo_validate.
This allows ttm_bo_validate to distinguish between an out of memory
situation and just out of space in a placement domain.
v2: improve commit message
v3: fix kerneldoc typos
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Zack Rusin <zack.rusin@broadcom.com>
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240112125158.2748-3-christian.koenig@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ttm/ttm_bo.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
index e58b7e2498166..b3e5185835c37 100644
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -764,7 +764,7 @@ static int ttm_bo_mem_force_space(struct ttm_buffer_object *bo,
* This function may sleep while waiting for space to become available.
* Returns:
* -EBUSY: No space available (only if no_wait == 1).
- * -ENOMEM: Could not allocate memory for the buffer object, either due to
+ * -ENOSPC: Could not allocate space for the buffer object, either due to
* fragmentation or concurrent allocators.
* -ERESTARTSYS: An interruptible sleep was interrupted by a signal.
*/
@@ -824,7 +824,7 @@ int ttm_bo_mem_space(struct ttm_buffer_object *bo,
goto error;
}
- ret = -ENOMEM;
+ ret = -ENOSPC;
if (!type_found) {
pr_err(TTM_PFX "No compatible memory type found\n");
ret = -EINVAL;
@@ -910,6 +910,9 @@ int ttm_bo_validate(struct ttm_buffer_object *bo,
return -EINVAL;
ret = ttm_bo_move_buffer(bo, placement, ctx);
+ /* For backward compatibility with userspace */
+ if (ret == -ENOSPC)
+ return -ENOMEM;
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 051/114] pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 050/114] drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 052/114] sysv: dont call sb_bread() with pointers_lock held Greg Kroah-Hartman
` (73 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geert Uytterhoeven <geert+renesas@glider.be>
[ Upstream commit 3803584a4e9b65bb5b013f862f55c5055aa86c25 ]
If the number of provided enum IDs in a variable width config register
description does not match the expected number, the checker uses the
expected number for validating the individual enum IDs.
However, this may cause out-of-bounds accesses on the array holding the
enum IDs, leading to bogus enum_id conflict warnings. Worse, if the bug
is an incorrect bit field description (e.g. accidentally using "12"
instead of "-12" for a reserved field), thousands of warnings may be
printed, overflowing the kernel log buffer.
Fix this by limiting the enum ID check to the number of provided enum
IDs.
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/c7385f44f2faebb8856bcbb4e908d846fc1531fb.1705930809.git.geert+renesas@glider.be
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pinctrl/renesas/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/pinctrl/renesas/core.c b/drivers/pinctrl/renesas/core.c
index d1e92bbed33ad..757bbc549b0e2 100644
--- a/drivers/pinctrl/renesas/core.c
+++ b/drivers/pinctrl/renesas/core.c
@@ -909,9 +909,11 @@ static void __init sh_pfc_check_cfg_reg(const char *drvname,
sh_pfc_err("reg 0x%x: var_field_width declares %u instead of %u bits\n",
cfg_reg->reg, rw, cfg_reg->reg_width);
- if (n != cfg_reg->nr_enum_ids)
+ if (n != cfg_reg->nr_enum_ids) {
sh_pfc_err("reg 0x%x: enum_ids[] has %u instead of %u values\n",
cfg_reg->reg, cfg_reg->nr_enum_ids, n);
+ n = cfg_reg->nr_enum_ids;
+ }
check_enum_ids:
sh_pfc_check_reg_enums(drvname, cfg_reg->reg, cfg_reg->enum_ids, n);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 052/114] sysv: dont call sb_bread() with pointers_lock held
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 051/114] pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 053/114] scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Greg Kroah-Hartman
` (72 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot, Al Viro, Tetsuo Handa,
Christian Brauner, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
[ Upstream commit f123dc86388cb669c3d6322702dc441abc35c31e ]
syzbot is reporting sleep in atomic context in SysV filesystem [1], for
sb_bread() is called with rw_spinlock held.
A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug
and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by
"Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12.
Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the
former bug by moving pointers_lock lock to the callers, but instead
introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made
this problem easier to hit).
Al Viro suggested that why not to do like get_branch()/get_block()/
find_shared() in Minix filesystem does. And doing like that is almost a
revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch()
from with find_shared() is called without write_lock(&pointers_lock).
Reported-by: syzbot <syzbot+69b40dc5fd40f32c199f@syzkaller.appspotmail.com>
Link: https://syzkaller.appspot.com/bug?extid=69b40dc5fd40f32c199f
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Link: https://lore.kernel.org/r/0d195f93-a22a-49a2-0020-103534d6f7f6@I-love.SAKURA.ne.jp
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/sysv/itree.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/sysv/itree.c b/fs/sysv/itree.c
index edb94e55de8e5..7b2a07a31e463 100644
--- a/fs/sysv/itree.c
+++ b/fs/sysv/itree.c
@@ -82,9 +82,6 @@ static inline sysv_zone_t *block_end(struct buffer_head *bh)
return (sysv_zone_t*)((char*)bh->b_data + bh->b_size);
}
-/*
- * Requires read_lock(&pointers_lock) or write_lock(&pointers_lock)
- */
static Indirect *get_branch(struct inode *inode,
int depth,
int offsets[],
@@ -104,15 +101,18 @@ static Indirect *get_branch(struct inode *inode,
bh = sb_bread(sb, block);
if (!bh)
goto failure;
+ read_lock(&pointers_lock);
if (!verify_chain(chain, p))
goto changed;
add_chain(++p, bh, (sysv_zone_t*)bh->b_data + *++offsets);
+ read_unlock(&pointers_lock);
if (!p->key)
goto no_block;
}
return NULL;
changed:
+ read_unlock(&pointers_lock);
brelse(bh);
*err = -EAGAIN;
goto no_block;
@@ -218,9 +218,7 @@ static int get_block(struct inode *inode, sector_t iblock, struct buffer_head *b
goto out;
reread:
- read_lock(&pointers_lock);
partial = get_branch(inode, depth, offsets, chain, &err);
- read_unlock(&pointers_lock);
/* Simplest case - block found, no allocation needed */
if (!partial) {
@@ -290,9 +288,9 @@ static Indirect *find_shared(struct inode *inode,
*top = 0;
for (k = depth; k > 1 && !offsets[k-1]; k--)
;
+ partial = get_branch(inode, k, offsets, chain, &err);
write_lock(&pointers_lock);
- partial = get_branch(inode, k, offsets, chain, &err);
if (!partial)
partial = chain + k-1;
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 053/114] scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 052/114] sysv: dont call sb_bread() with pointers_lock held Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 054/114] isofs: handle CDs with bad root inode but good Joliet root directory Greg Kroah-Hartman
` (71 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Justin Tee, Himanshu Madhani,
Martin K. Petersen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Justin Tee <justin.tee@broadcom.com>
[ Upstream commit 2ae917d4bcab80ab304b774d492e2fcd6c52c06b ]
The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an
unsuccessful status. In such cases, the elsiocb is not issued, the
completion is not called, and thus the elsiocb resource is leaked.
Check return value after calling lpfc_sli4_resume_rpi() and conditionally
release the elsiocb resource.
Signed-off-by: Justin Tee <justin.tee@broadcom.com>
Link: https://lore.kernel.org/r/20240131185112.149731-3-justintee8345@gmail.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/lpfc/lpfc_nportdisc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
index 1eb7f7e60bba5..3ed211d093dd1 100644
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
@@ -748,8 +748,10 @@ lpfc_rcv_padisc(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
/* Save the ELS cmd */
elsiocb->drvrTimeout = cmd;
- lpfc_sli4_resume_rpi(ndlp,
- lpfc_mbx_cmpl_resume_rpi, elsiocb);
+ if (lpfc_sli4_resume_rpi(ndlp,
+ lpfc_mbx_cmpl_resume_rpi,
+ elsiocb))
+ kfree(elsiocb);
goto out;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 054/114] isofs: handle CDs with bad root inode but good Joliet root directory
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 053/114] scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 055/114] ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Greg Kroah-Hartman
` (70 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alex Henrie, Jan Kara, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Henrie <alexhenrie24@gmail.com>
[ Upstream commit 4243bf80c79211a8ca2795401add9c4a3b1d37ca ]
I have a CD copy of the original Tom Clancy's Ghost Recon game from
2001. The disc mounts without error on Windows, but on Linux mounting
fails with the message "isofs_fill_super: get root inode failed". The
error originates in isofs_read_inode, which returns -EIO because de_len
is 0. The superblock on this disc appears to be intentionally corrupt as
a form of copy protection.
When the root inode is unusable, instead of giving up immediately, try
to continue with the Joliet file table. This fixes the Ghost Recon CD
and probably other copy-protected CDs too.
Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20240208022134.451490-1-alexhenrie24@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/isofs/inode.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
index 2ee21286ac8f0..54075fe3de9b1 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -908,8 +908,22 @@ static int isofs_fill_super(struct super_block *s, void *data, int silent)
* we then decide whether to use the Joliet descriptor.
*/
inode = isofs_iget(s, sbi->s_firstdatazone, 0);
- if (IS_ERR(inode))
- goto out_no_root;
+
+ /*
+ * Fix for broken CDs with a corrupt root inode but a correct Joliet
+ * root directory.
+ */
+ if (IS_ERR(inode)) {
+ if (joliet_level && sbi->s_firstdatazone != first_data_zone) {
+ printk(KERN_NOTICE
+ "ISOFS: root inode is unusable. "
+ "Disabling Rock Ridge and switching to Joliet.");
+ sbi->s_rock = 0;
+ inode = NULL;
+ } else {
+ goto out_no_root;
+ }
+ }
/*
* Fix for broken CDs with Rock Ridge and empty ISO root directory but
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 055/114] ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 054/114] isofs: handle CDs with bad root inode but good Joliet root directory Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 056/114] rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() Greg Kroah-Hartman
` (69 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Máté Mosonyi, Bard Liao,
Pierre-Louis Bossart, Mark Brown, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: mosomate <mosomate@gmail.com>
[ Upstream commit c13e03126a5be90781084437689724254c8226e1 ]
Added DMI quirk to handle the rebranded variants of Intel NUC M15
(LAPRC710) laptops. The DMI matching is based on motherboard
attributes.
Link: https://github.com/thesofproject/linux/issues/4218
Signed-off-by: Máté Mosonyi <mosomate@gmail.com>
Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20240208165545.93811-20-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soundwire/dmi-quirks.c | 8 ++++++++
sound/soc/intel/boards/sof_sdw.c | 11 +++++++++++
2 files changed, 19 insertions(+)
diff --git a/drivers/soundwire/dmi-quirks.c b/drivers/soundwire/dmi-quirks.c
index 9ebdd0cd0b1cf..91ab97a456fa9 100644
--- a/drivers/soundwire/dmi-quirks.c
+++ b/drivers/soundwire/dmi-quirks.c
@@ -130,6 +130,14 @@ static const struct dmi_system_id adr_remap_quirk_table[] = {
},
.driver_data = (void *)intel_rooks_county,
},
+ {
+ /* quirk used for NUC15 LAPRC710 skew */
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Intel Corporation"),
+ DMI_MATCH(DMI_BOARD_NAME, "LAPRC710"),
+ },
+ .driver_data = (void *)intel_rooks_county,
+ },
{
.matches = {
DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc"),
diff --git a/sound/soc/intel/boards/sof_sdw.c b/sound/soc/intel/boards/sof_sdw.c
index 9ed572141fe5b..0ea7812125fee 100644
--- a/sound/soc/intel/boards/sof_sdw.c
+++ b/sound/soc/intel/boards/sof_sdw.c
@@ -243,6 +243,17 @@ static const struct dmi_system_id sof_sdw_quirk_table[] = {
SOF_SDW_PCH_DMIC |
RT711_JD2_100K),
},
+ {
+ /* NUC15 LAPRC710 skews */
+ .callback = sof_sdw_quirk_cb,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Intel Corporation"),
+ DMI_MATCH(DMI_BOARD_NAME, "LAPRC710"),
+ },
+ .driver_data = (void *)(SOF_SDW_TGL_HDMI |
+ SOF_SDW_PCH_DMIC |
+ RT711_JD2_100K),
+ },
/* TigerLake-SDCA devices */
{
.callback = sof_sdw_quirk_cb,
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 056/114] rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 055/114] ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 057/114] rcu-tasks: Repair RCU Tasks Trace quiescence check Greg Kroah-Hartman
` (68 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zqiang, Joel Fernandes (Google),
Frederic Weisbecker, Paul E. McKenney, Boqun Feng, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zqiang <qiang.zhang1211@gmail.com>
[ Upstream commit dda98810b552fc6bf650f4270edeebdc2f28bd3f ]
For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and
CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()
in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:
CPU2 CPU11
kthread
rcu_nocb_cb_kthread ksys_write
rcu_do_batch vfs_write
rcu_torture_timer_cb proc_sys_write
__kmem_cache_free proc_sys_call_handler
kmemleak_free drop_caches_sysctl_handler
delete_object_full drop_slab
__delete_object shrink_slab
put_object lazy_rcu_shrink_scan
call_rcu rcu_nocb_flush_bypass
__call_rcu_commn rcu_nocb_bypass_lock
raw_spin_trylock(&rdp->nocb_bypass_lock) fail
atomic_inc(&rdp->nocb_lock_contended);
rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu);
WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) |
|_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|
Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".
This commit therefore uses rcu_nocb_try_flush_bypass() instead of
rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass
queue is being flushed, then rcu_nocb_try_flush_bypass will return
directly.
Signed-off-by: Zqiang <qiang.zhang1211@gmail.com>
Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/rcu/tree_nocb.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/rcu/tree_nocb.h b/kernel/rcu/tree_nocb.h
index 5598212d1f274..2b24405b9cd2b 100644
--- a/kernel/rcu/tree_nocb.h
+++ b/kernel/rcu/tree_nocb.h
@@ -1383,7 +1383,7 @@ lazy_rcu_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
rcu_nocb_unlock_irqrestore(rdp, flags);
continue;
}
- WARN_ON_ONCE(!rcu_nocb_flush_bypass(rdp, NULL, jiffies, false));
+ rcu_nocb_try_flush_bypass(rdp, jiffies);
rcu_nocb_unlock_irqrestore(rdp, flags);
wake_nocb_gp(rdp, false);
sc->nr_to_scan -= _count;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 057/114] rcu-tasks: Repair RCU Tasks Trace quiescence check
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 056/114] rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 058/114] Julia Lawall reported this null pointer dereference, this should fix it Greg Kroah-Hartman
` (67 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Steven Rostedt, Paul E. McKenney,
Boqun Feng, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul E. McKenney <paulmck@kernel.org>
[ Upstream commit 2eb52fa8900e642b3b5054c4bf9776089d2a935f ]
The context-switch-time check for RCU Tasks Trace quiescence expects
current->trc_reader_special.b.need_qs to be zero, and if so, updates
it to TRC_NEED_QS_CHECKED. This is backwards, because if this value
is zero, there is no RCU Tasks Trace grace period in flight, an thus
no need for a quiescent state. Instead, when a grace period starts,
this field is set to TRC_NEED_QS.
This commit therefore changes the check from zero to TRC_NEED_QS.
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Tested-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/rcupdate.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/rcupdate.h b/include/linux/rcupdate.h
index 9ad656b28847f..6466c2f792923 100644
--- a/include/linux/rcupdate.h
+++ b/include/linux/rcupdate.h
@@ -189,9 +189,9 @@ void rcu_tasks_trace_qs_blkd(struct task_struct *t);
do { \
int ___rttq_nesting = READ_ONCE((t)->trc_reader_nesting); \
\
- if (likely(!READ_ONCE((t)->trc_reader_special.b.need_qs)) && \
+ if (unlikely(READ_ONCE((t)->trc_reader_special.b.need_qs) == TRC_NEED_QS) && \
likely(!___rttq_nesting)) { \
- rcu_trc_cmpxchg_need_qs((t), 0, TRC_NEED_QS_CHECKED); \
+ rcu_trc_cmpxchg_need_qs((t), TRC_NEED_QS, TRC_NEED_QS_CHECKED); \
} else if (___rttq_nesting && ___rttq_nesting != INT_MIN && \
!READ_ONCE((t)->trc_reader_special.b.blocked)) { \
rcu_tasks_trace_qs_blkd(t); \
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 058/114] Julia Lawall reported this null pointer dereference, this should fix it.
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 057/114] rcu-tasks: Repair RCU Tasks Trace quiescence check Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 059/114] media: sta2x11: fix irq handler cast Greg Kroah-Hartman
` (66 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Mike Marshall, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Marshall <hubcap@omnibond.com>
[ Upstream commit 9bf93dcfc453fae192fe5d7874b89699e8f800ac ]
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/orangefs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c
index 5254256a224d7..4ca8ed410c3cf 100644
--- a/fs/orangefs/super.c
+++ b/fs/orangefs/super.c
@@ -527,7 +527,7 @@ struct dentry *orangefs_mount(struct file_system_type *fst,
sb->s_fs_info = kzalloc(sizeof(struct orangefs_sb_info_s), GFP_KERNEL);
if (!ORANGEFS_SB(sb)) {
d = ERR_PTR(-ENOMEM);
- goto free_sb_and_op;
+ goto free_op;
}
ret = orangefs_fill_sb(sb,
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 059/114] media: sta2x11: fix irq handler cast
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 058/114] Julia Lawall reported this null pointer dereference, this should fix it Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 060/114] ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Greg Kroah-Hartman
` (65 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Hans Verkuil,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 3de49ae81c3a0f83a554ecbce4c08e019f30168e ]
clang-16 warns about casting incompatible function pointers:
drivers/media/pci/sta2x11/sta2x11_vip.c:1057:6: error: cast from 'irqreturn_t (*)(int, struct sta2x11_vip *)' (aka 'enum irqreturn (*)(int, struct sta2x11_vip *)') to 'irq_handler_t' (aka 'enum irqreturn (*)(int, void *)') converts to incompatible function type [-Werror,-Wcast-function-type-strict]
Change the prototype of the irq handler to the regular version with a
local variable to adjust the argument type.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil: update argument documentation]
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/pci/sta2x11/sta2x11_vip.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/media/pci/sta2x11/sta2x11_vip.c b/drivers/media/pci/sta2x11/sta2x11_vip.c
index e4cf9d63e926d..364ce9e570182 100644
--- a/drivers/media/pci/sta2x11/sta2x11_vip.c
+++ b/drivers/media/pci/sta2x11/sta2x11_vip.c
@@ -757,7 +757,7 @@ static const struct video_device video_dev_template = {
/**
* vip_irq - interrupt routine
* @irq: Number of interrupt ( not used, correct number is assumed )
- * @vip: local data structure containing all information
+ * @data: local data structure containing all information
*
* check for both frame interrupts set ( top and bottom ).
* check FIFO overflow, but limit number of log messages after open.
@@ -767,8 +767,9 @@ static const struct video_device video_dev_template = {
*
* IRQ_HANDLED, interrupt done.
*/
-static irqreturn_t vip_irq(int irq, struct sta2x11_vip *vip)
+static irqreturn_t vip_irq(int irq, void *data)
{
+ struct sta2x11_vip *vip = data;
unsigned int status;
status = reg_read(vip, DVP_ITS);
@@ -1053,9 +1054,7 @@ static int sta2x11_vip_init_one(struct pci_dev *pdev,
spin_lock_init(&vip->slock);
- ret = request_irq(pdev->irq,
- (irq_handler_t) vip_irq,
- IRQF_SHARED, KBUILD_MODNAME, vip);
+ ret = request_irq(pdev->irq, vip_irq, IRQF_SHARED, KBUILD_MODNAME, vip);
if (ret) {
dev_err(&pdev->dev, "request_irq failed\n");
ret = -ENODEV;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 060/114] ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 059/114] media: sta2x11: fix irq handler cast Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 061/114] ASoC: Intel: avs: Populate board selection with new I2S entries Greg Kroah-Hartman
` (64 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Takashi Sakamoto, Takashi Iwai,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
[ Upstream commit 4a486439d2ca85752c46711f373b6ddc107bb35d ]
Miglia Harmony Audio (OXFW970) has a quirk to put the number of
accumulated quadlets in CIP payload into the dbc field of CIP header.
This commit handles the quirk in the packet processing layer.
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20240218074128.95210-4-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/firewire/amdtp-stream.c | 12 ++++++++----
sound/firewire/amdtp-stream.h | 4 ++++
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c
index 7be17bca257f0..c9f153f85ae6b 100644
--- a/sound/firewire/amdtp-stream.c
+++ b/sound/firewire/amdtp-stream.c
@@ -773,10 +773,14 @@ static int check_cip_header(struct amdtp_stream *s, const __be32 *buf,
} else {
unsigned int dbc_interval;
- if (*data_blocks > 0 && s->ctx_data.tx.dbc_interval > 0)
- dbc_interval = s->ctx_data.tx.dbc_interval;
- else
- dbc_interval = *data_blocks;
+ if (!(s->flags & CIP_DBC_IS_PAYLOAD_QUADLETS)) {
+ if (*data_blocks > 0 && s->ctx_data.tx.dbc_interval > 0)
+ dbc_interval = s->ctx_data.tx.dbc_interval;
+ else
+ dbc_interval = *data_blocks;
+ } else {
+ dbc_interval = payload_length / sizeof(__be32);
+ }
lost = dbc != ((*data_block_counter + dbc_interval) & 0xff);
}
diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h
index b7ff44751ab93..a1ed2e80f91a7 100644
--- a/sound/firewire/amdtp-stream.h
+++ b/sound/firewire/amdtp-stream.h
@@ -37,6 +37,9 @@
* the value of current SYT_INTERVAL; e.g. initial value is not zero.
* @CIP_UNAWARE_SYT: For outgoing packet, the value in SYT field of CIP is 0xffff.
* For incoming packet, the value in SYT field of CIP is not handled.
+ * @CIP_DBC_IS_PAYLOAD_QUADLETS: Available for incoming packet, and only effective with
+ * CIP_DBC_IS_END_EVENT flag. The value of dbc field is the number of accumulated quadlets
+ * in CIP payload, instead of the number of accumulated data blocks.
*/
enum cip_flags {
CIP_NONBLOCKING = 0x00,
@@ -51,6 +54,7 @@ enum cip_flags {
CIP_NO_HEADER = 0x100,
CIP_UNALIGHED_DBC = 0x200,
CIP_UNAWARE_SYT = 0x400,
+ CIP_DBC_IS_PAYLOAD_QUADLETS = 0x800,
};
/**
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 061/114] ASoC: Intel: avs: Populate board selection with new I2S entries
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 060/114] ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 062/114] ext4: add a hint for block bitmap corrupt state in mb_groups Greg Kroah-Hartman
` (63 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Amadeusz Sławiński,
Cezary Rojewski, Mark Brown, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cezary Rojewski <cezary.rojewski@intel.com>
[ Upstream commit 5b417fe0cded0b5917683398e6519aae8045cd40 ]
Update board selection with tables specifying supported I2S
configurations. DMIC/HDAudio board selection require no update as
dmic/hdaudio machine boards are generic and not tied to any specific
codec.
Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
Link: https://msgid.link/r/20240220115035.770402-11-cezary.rojewski@intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/intel/avs/board_selection.c | 85 +++++++++++++++++++++++++++
1 file changed, 85 insertions(+)
diff --git a/sound/soc/intel/avs/board_selection.c b/sound/soc/intel/avs/board_selection.c
index 59a13feec57b2..0db5e530a8de2 100644
--- a/sound/soc/intel/avs/board_selection.c
+++ b/sound/soc/intel/avs/board_selection.c
@@ -227,6 +227,82 @@ static struct snd_soc_acpi_mach avs_gml_i2s_machines[] = {
{},
};
+static struct snd_soc_acpi_mach avs_cnl_i2s_machines[] = {
+ {
+ .id = "INT34C2",
+ .drv_name = "avs_rt274",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(0),
+ },
+ .tplg_filename = "rt274-tplg.bin",
+ },
+ {
+ .id = "10EC5682",
+ .drv_name = "avs_rt5682",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(1),
+ },
+ .tplg_filename = "rt5682-tplg.bin",
+ },
+ {},
+};
+
+static struct snd_soc_acpi_mach avs_icl_i2s_machines[] = {
+ {
+ .id = "INT343A",
+ .drv_name = "avs_rt298",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(0),
+ },
+ .tplg_filename = "rt298-tplg.bin",
+ },
+ {
+ .id = "INT34C2",
+ .drv_name = "avs_rt274",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(0),
+ },
+ .tplg_filename = "rt274-tplg.bin",
+ },
+ {},
+};
+
+static struct snd_soc_acpi_mach avs_tgl_i2s_machines[] = {
+ {
+ .id = "INT34C2",
+ .drv_name = "avs_rt274",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(0),
+ },
+ .tplg_filename = "rt274-tplg.bin",
+ },
+ {
+ .id = "10EC0298",
+ .drv_name = "avs_rt298",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(0),
+ },
+ .tplg_filename = "rt298-tplg.bin",
+ },
+ {
+ .id = "10EC1308",
+ .drv_name = "avs_rt1308",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(1),
+ },
+ .tplg_filename = "rt1308-tplg.bin",
+ },
+ {
+ .id = "ESSX8336",
+ .drv_name = "avs_es8336",
+ .mach_params = {
+ .i2s_link_mask = AVS_SSP(0),
+ },
+ .tplg_filename = "es8336-tplg.bin",
+ },
+ {},
+};
+
static struct snd_soc_acpi_mach avs_test_i2s_machines[] = {
{
.drv_name = "avs_i2s_test",
@@ -287,6 +363,15 @@ static const struct avs_acpi_boards i2s_boards[] = {
AVS_MACH_ENTRY(HDA_KBL_LP, avs_kbl_i2s_machines),
AVS_MACH_ENTRY(HDA_APL, avs_apl_i2s_machines),
AVS_MACH_ENTRY(HDA_GML, avs_gml_i2s_machines),
+ AVS_MACH_ENTRY(HDA_CNL_LP, avs_cnl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_CNL_H, avs_cnl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_CML_LP, avs_cnl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_ICL_LP, avs_icl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_TGL_LP, avs_tgl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_EHL_0, avs_tgl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_ADL_P, avs_tgl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_RPL_P_0, avs_tgl_i2s_machines),
+ AVS_MACH_ENTRY(HDA_RPL_M, avs_tgl_i2s_machines),
{},
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 062/114] ext4: add a hint for block bitmap corrupt state in mb_groups
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 061/114] ASoC: Intel: avs: Populate board selection with new I2S entries Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 063/114] ext4: forbid commit inconsistent quota data when errors=remount-ro Greg Kroah-Hartman
` (62 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Yi, Jan Kara, Theodore Tso,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Yi <yi.zhang@huawei.com>
[ Upstream commit 68ee261fb15457ecb17e3683cb4e6a4792ca5b71 ]
If one group is marked as block bitmap corrupted, its free blocks cannot
be used and its free count is also deducted from the global
sbi->s_freeclusters_counter. User might be confused about the absent
free space because we can't query the information about corrupted block
groups except unreliable error messages in syslog. So add a hint to show
block bitmap corrupted groups in mb_groups.
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240119061154.1525781-1-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/mballoc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 257b70c5ded45..a8a3ea2fd690f 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -3060,7 +3060,10 @@ static int ext4_mb_seq_groups_show(struct seq_file *seq, void *v)
for (i = 0; i <= 13; i++)
seq_printf(seq, " %-5u", i <= blocksize_bits + 1 ?
sg.info.bb_counters[i] : 0);
- seq_puts(seq, " ]\n");
+ seq_puts(seq, " ]");
+ if (EXT4_MB_GRP_BBITMAP_CORRUPT(&sg.info))
+ seq_puts(seq, " Block bitmap corrupted!");
+ seq_puts(seq, "\n");
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 063/114] ext4: forbid commit inconsistent quota data when errors=remount-ro
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 062/114] ext4: add a hint for block bitmap corrupt state in mb_groups Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 064/114] drm/amd/display: Fix nanosec stat overflow Greg Kroah-Hartman
` (61 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ye Bin, Jan Kara, Theodore Tso,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ye Bin <yebin10@huawei.com>
[ Upstream commit d8b945fa475f13d787df00c26a6dc45a3e2e1d1d ]
There's issue as follows When do IO fault injection test:
Quota error (device dm-3): find_block_dqentry: Quota for id 101 referenced but not present
Quota error (device dm-3): qtree_read_dquot: Can't read quota structure for id 101
Quota error (device dm-3): do_check_range: Getting block 2021161007 out of range 1-186
Quota error (device dm-3): qtree_read_dquot: Can't read quota structure for id 661
Now, ext4_write_dquot()/ext4_acquire_dquot()/ext4_release_dquot() may commit
inconsistent quota data even if process failed. This may lead to filesystem
corruption.
To ensure filesystem consistent when errors=remount-ro there is need to call
ext4_handle_error() to abort journal.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240119062908.3598806-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/super.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 3ea4d8f11e7bb..83fc3f092a0c7 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6865,6 +6865,10 @@ static int ext4_write_dquot(struct dquot *dquot)
if (IS_ERR(handle))
return PTR_ERR(handle);
ret = dquot_commit(dquot);
+ if (ret < 0)
+ ext4_error_err(dquot->dq_sb, -ret,
+ "Failed to commit dquot type %d",
+ dquot->dq_id.type);
err = ext4_journal_stop(handle);
if (!ret)
ret = err;
@@ -6881,6 +6885,10 @@ static int ext4_acquire_dquot(struct dquot *dquot)
if (IS_ERR(handle))
return PTR_ERR(handle);
ret = dquot_acquire(dquot);
+ if (ret < 0)
+ ext4_error_err(dquot->dq_sb, -ret,
+ "Failed to acquire dquot type %d",
+ dquot->dq_id.type);
err = ext4_journal_stop(handle);
if (!ret)
ret = err;
@@ -6900,6 +6908,10 @@ static int ext4_release_dquot(struct dquot *dquot)
return PTR_ERR(handle);
}
ret = dquot_release(dquot);
+ if (ret < 0)
+ ext4_error_err(dquot->dq_sb, -ret,
+ "Failed to release dquot type %d",
+ dquot->dq_id.type);
err = ext4_journal_stop(handle);
if (!ret)
ret = err;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 064/114] drm/amd/display: Fix nanosec stat overflow
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 063/114] ext4: forbid commit inconsistent quota data when errors=remount-ro Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 065/114] accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Greg Kroah-Hartman
` (60 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Rodrigo Siqueira, Daniel Wheeler,
Aric Cyr, Alex Deucher, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aric Cyr <aric.cyr@amd.com>
[ Upstream commit 14d68acfd04b39f34eea7bea65dda652e6db5bf6 ]
[Why]
Nanosec stats can overflow on long running systems potentially causing
statistic logging issues.
[How]
Use 64bit types for nanosec stats to ensure no overflow.
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Aric Cyr <aric.cyr@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/modules/inc/mod_stats.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_stats.h b/drivers/gpu/drm/amd/display/modules/inc/mod_stats.h
index 4220fd8fdd60c..54cd86060f4d6 100644
--- a/drivers/gpu/drm/amd/display/modules/inc/mod_stats.h
+++ b/drivers/gpu/drm/amd/display/modules/inc/mod_stats.h
@@ -57,10 +57,10 @@ void mod_stats_update_event(struct mod_stats *mod_stats,
unsigned int length);
void mod_stats_update_flip(struct mod_stats *mod_stats,
- unsigned long timestamp_in_ns);
+ unsigned long long timestamp_in_ns);
void mod_stats_update_vupdate(struct mod_stats *mod_stats,
- unsigned long timestamp_in_ns);
+ unsigned long long timestamp_in_ns);
void mod_stats_update_freesync(struct mod_stats *mod_stats,
unsigned int v_total_min,
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 065/114] accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 064/114] drm/amd/display: Fix nanosec stat overflow Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 066/114] i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Greg Kroah-Hartman
` (59 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Koby Elbaz, Oded Gabbay, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Koby Elbaz <kelbaz@habana.ai>
[ Upstream commit 8c075401f2dbda43600c61f780a165abde77877a ]
Fix a warning of a buffer overflow:
‘snprintf’ output between 38 and 47 bytes into a destination of size 32
Signed-off-by: Koby Elbaz <kelbaz@habana.ai>
Reviewed-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Oded Gabbay <ogabbay@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/accel/habanalabs/common/habanalabs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/accel/habanalabs/common/habanalabs.h b/drivers/accel/habanalabs/common/habanalabs.h
index 05febd5b14e9c..179e5e7013a12 100644
--- a/drivers/accel/habanalabs/common/habanalabs.h
+++ b/drivers/accel/habanalabs/common/habanalabs.h
@@ -2508,7 +2508,7 @@ struct hl_state_dump_specs {
* DEVICES
*/
-#define HL_STR_MAX 32
+#define HL_STR_MAX 64
#define HL_DEV_STS_MAX (HL_DEVICE_STATUS_LAST + 1)
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 066/114] i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 065/114] accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 067/114] HID: input: avoid polling stylus battery on Chromebook Pompom Greg Kroah-Hartman
` (58 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jarkko Nikula, Jiawen Wu, Andi Shyti,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Nikula <jarkko.nikula@linux.intel.com>
[ Upstream commit c94612a72ac87b0337a0d85b9263266776ed4190 ]
I believe RX FIFO depth define 0 is incorrect on Wangxun 10Gb NIC. It
must be at least 1 since code is able to read received data from the
DW_IC_DATA_CMD register.
For now this define is irrelevant since the txgbe_i2c_dw_xfer_quirk()
doesn't use the rx_fifo_depth member variable of struct dw_i2c_dev but
is needed when converting code into generic polling mode implementation.
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Tested-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-designware-core.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-designware-core.h b/drivers/i2c/busses/i2c-designware-core.h
index a7f6f3eafad7d..ae835000fd32a 100644
--- a/drivers/i2c/busses/i2c-designware-core.h
+++ b/drivers/i2c/busses/i2c-designware-core.h
@@ -318,7 +318,7 @@ struct dw_i2c_dev {
#define AMD_UCSI_INTR_EN 0xd
#define TXGBE_TX_FIFO_DEPTH 4
-#define TXGBE_RX_FIFO_DEPTH 0
+#define TXGBE_RX_FIFO_DEPTH 1
struct i2c_dw_semaphore_callbacks {
int (*probe)(struct dw_i2c_dev *dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 067/114] HID: input: avoid polling stylus battery on Chromebook Pompom
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 066/114] i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 068/114] drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Greg Kroah-Hartman
` (57 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Torokhov, Jiri Kosina,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
[ Upstream commit 9a5b1521e2d0d7ace70c6e5eed073babcec91409 ]
Internal touchscreen on Trogdor Pompom (AKA Dynabook Chromebook C1)
supports USI stylus. Unfortunately the HID descriptor for the stylus
interface does not contain "Stylus" physical collection, which makes
the kernel to try and pull battery information, resulting in errors.
Apply HID_BATTERY_QUIRK_AVOID_QUERY to the device.
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-input.c | 2 ++
2 files changed, 3 insertions(+)
diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
index 72046039d1be7..0a4daff4846ff 100644
--- a/drivers/hid/hid-ids.h
+++ b/drivers/hid/hid-ids.h
@@ -427,6 +427,7 @@
#define I2C_DEVICE_ID_HP_SPECTRE_X360_14T_EA100_V1 0x2BED
#define I2C_DEVICE_ID_HP_SPECTRE_X360_14T_EA100_V2 0x2BEE
#define I2C_DEVICE_ID_HP_ENVY_X360_15_EU0556NG 0x2D02
+#define I2C_DEVICE_ID_CHROMEBOOK_TROGDOR_POMPOM 0x2F81
#define USB_VENDOR_ID_ELECOM 0x056e
#define USB_DEVICE_ID_ELECOM_BM084 0x0061
diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index c8b20d44b1472..e03d300d2bac4 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -411,6 +411,8 @@ static const struct hid_device_id hid_battery_quirks[] = {
HID_BATTERY_QUIRK_IGNORE },
{ HID_I2C_DEVICE(USB_VENDOR_ID_ELAN, I2C_DEVICE_ID_HP_ENVY_X360_15_EU0556NG),
HID_BATTERY_QUIRK_IGNORE },
+ { HID_I2C_DEVICE(USB_VENDOR_ID_ELAN, I2C_DEVICE_ID_CHROMEBOOK_TROGDOR_POMPOM),
+ HID_BATTERY_QUIRK_AVOID_QUERY },
{}
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 068/114] drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 067/114] HID: input: avoid polling stylus battery on Chromebook Pompom Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 069/114] drm: Check output polling initialized before disabling Greg Kroah-Hartman
` (56 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian König, Alex Deucher,
Srinivasan Shanmugam, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
[ Upstream commit eb4f139888f636614dab3bcce97ff61cefc4b3a7 ]
This ensures that the memory mapped by ioremap for adev->rmmio, is
properly handled in amdgpu_device_init(). If the function exits early
due to an error, the memory is unmapped. If the function completes
successfully, the memory remains mapped.
Reported by smatch:
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337
Cc: Christian König <christian.koenig@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
index 062d78818da16..347c454b41790 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -3639,8 +3639,10 @@ int amdgpu_device_init(struct amdgpu_device *adev,
* early on during init and before calling to RREG32.
*/
adev->reset_domain = amdgpu_reset_create_reset_domain(SINGLE_DEVICE, "amdgpu-reset-dev");
- if (!adev->reset_domain)
- return -ENOMEM;
+ if (!adev->reset_domain) {
+ r = -ENOMEM;
+ goto unmap_memory;
+ }
/* detect hw virtualization here */
amdgpu_detect_virtualization(adev);
@@ -3650,20 +3652,20 @@ int amdgpu_device_init(struct amdgpu_device *adev,
r = amdgpu_device_get_job_timeout_settings(adev);
if (r) {
dev_err(adev->dev, "invalid lockup_timeout parameter syntax\n");
- return r;
+ goto unmap_memory;
}
/* early init functions */
r = amdgpu_device_ip_early_init(adev);
if (r)
- return r;
+ goto unmap_memory;
amdgpu_device_set_mcbp(adev);
/* Get rid of things like offb */
r = drm_aperture_remove_conflicting_pci_framebuffers(adev->pdev, &amdgpu_kms_driver);
if (r)
- return r;
+ goto unmap_memory;
/* Enable TMZ based on IP_VERSION */
amdgpu_gmc_tmz_set(adev);
@@ -3673,7 +3675,7 @@ int amdgpu_device_init(struct amdgpu_device *adev,
if (adev->gmc.xgmi.supported) {
r = adev->gfxhub.funcs->get_xgmi_info(adev);
if (r)
- return r;
+ goto unmap_memory;
}
/* enable PCIE atomic ops */
@@ -3930,6 +3932,8 @@ int amdgpu_device_init(struct amdgpu_device *adev,
failed:
amdgpu_vf_error_trans_all(adev);
+unmap_memory:
+ iounmap(adev->rmmio);
return r;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 069/114] drm: Check output polling initialized before disabling
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 068/114] drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 070/114] SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Greg Kroah-Hartman
` (55 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shradha Gupta, Daniel Vetter,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shradha Gupta <shradhagupta@linux.microsoft.com>
[ Upstream commit 5abffb66d12bcac84bf7b66389c571b8bb6e82bd ]
In drm_kms_helper_poll_disable() check if output polling
support is initialized before disabling polling. If not flag
this as a warning.
Additionally in drm_mode_config_helper_suspend() and
drm_mode_config_helper_resume() calls, that re the callers of these
functions, avoid invoking them if polling is not initialized.
For drivers like hyperv-drm, that do not initialize connector
polling, if suspend is called without this check, it leads to
suspend failure with following stack
[ 770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.
[ 770.720592] printk: Suspending console(s) (use no_console_suspend to debug)
[ 770.948823] ------------[ cut here ]------------
[ 770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230
[ 770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod
[ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1
[ 770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022
[ 770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230
[ 770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00
[ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246
[ 770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857
[ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330
[ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10
[ 770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330
[ 770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000
[ 770.948878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0
[ 770.948879] Call Trace:
[ 770.948880] <TASK>
[ 770.948881] ? show_trace_log_lvl+0x1c4/0x2df
[ 770.948884] ? show_trace_log_lvl+0x1c4/0x2df
[ 770.948886] ? __cancel_work_timer+0x103/0x190
[ 770.948887] ? __flush_work.isra.0+0x212/0x230
[ 770.948889] ? __warn+0x81/0x110
[ 770.948891] ? __flush_work.isra.0+0x212/0x230
[ 770.948892] ? report_bug+0x10a/0x140
[ 770.948895] ? handle_bug+0x3c/0x70
[ 770.948898] ? exc_invalid_op+0x14/0x70
[ 770.948899] ? asm_exc_invalid_op+0x16/0x20
[ 770.948903] ? __flush_work.isra.0+0x212/0x230
[ 770.948905] __cancel_work_timer+0x103/0x190
[ 770.948907] ? _raw_spin_unlock_irqrestore+0xa/0x30
[ 770.948910] drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper]
[ 770.948923] drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper]
[ 770.948933] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus]
[ 770.948942] hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm]
[ 770.948944] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus]
[ 770.948951] dpm_run_callback+0x4c/0x140
[ 770.948954] __device_suspend_noirq+0x74/0x220
[ 770.948956] dpm_noirq_suspend_devices+0x148/0x2a0
[ 770.948958] dpm_suspend_end+0x54/0xe0
[ 770.948960] create_image+0x14/0x290
[ 770.948963] hibernation_snapshot+0xd6/0x200
[ 770.948964] hibernate.cold+0x8b/0x1fb
[ 770.948967] state_store+0xcd/0xd0
[ 770.948969] kernfs_fop_write_iter+0x124/0x1b0
[ 770.948973] new_sync_write+0xff/0x190
[ 770.948976] vfs_write+0x1ef/0x280
[ 770.948978] ksys_write+0x5f/0xe0
[ 770.948979] do_syscall_64+0x5c/0x90
[ 770.948981] ? syscall_exit_work+0x103/0x130
[ 770.948983] ? syscall_exit_to_user_mode+0x12/0x30
[ 770.948985] ? do_syscall_64+0x69/0x90
[ 770.948986] ? do_syscall_64+0x69/0x90
[ 770.948987] ? do_user_addr_fault+0x1d6/0x6a0
[ 770.948989] ? do_syscall_64+0x69/0x90
[ 770.948990] ? exc_page_fault+0x62/0x150
[ 770.948992] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 770.948995] RIP: 0033:0x7ff1b293eba7
[ 770.949010] Code: 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 770.949011] RSP: 002b:00007ffde3912128 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 770.949012] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ff1b293eba7
[ 770.949013] RDX: 0000000000000005 RSI: 00007ffde3912210 RDI: 0000000000000004
[ 770.949014] RBP: 00007ffde3912210 R08: 000055d7dd4c9510 R09: 00007ff1b29b14e0
[ 770.949014] R10: 00007ff1b29b13e0 R11: 0000000000000246 R12: 0000000000000005
[ 770.949015] R13: 000055d7dd4c53e0 R14: 0000000000000005 R15: 00007ff1b29f69e0
[ 770.949016] </TASK>
[ 770.949017] ---[ end trace e6fa0618bfa2f31d ]---
Built-on: Rhel9, Ubuntu22
Signed-off-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/1706856208-9617-1-git-send-email-shradhagupta@linux.microsoft.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_modeset_helper.c | 19 ++++++++++++++++---
drivers/gpu/drm/drm_probe_helper.c | 13 +++++++++++--
2 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/drm_modeset_helper.c b/drivers/gpu/drm/drm_modeset_helper.c
index f858dfedf2cfc..2c582020cb423 100644
--- a/drivers/gpu/drm/drm_modeset_helper.c
+++ b/drivers/gpu/drm/drm_modeset_helper.c
@@ -193,13 +193,22 @@ int drm_mode_config_helper_suspend(struct drm_device *dev)
if (!dev)
return 0;
+ /*
+ * Don't disable polling if it was never initialized
+ */
+ if (dev->mode_config.poll_enabled)
+ drm_kms_helper_poll_disable(dev);
- drm_kms_helper_poll_disable(dev);
drm_fb_helper_set_suspend_unlocked(dev->fb_helper, 1);
state = drm_atomic_helper_suspend(dev);
if (IS_ERR(state)) {
drm_fb_helper_set_suspend_unlocked(dev->fb_helper, 0);
- drm_kms_helper_poll_enable(dev);
+ /*
+ * Don't enable polling if it was never initialized
+ */
+ if (dev->mode_config.poll_enabled)
+ drm_kms_helper_poll_enable(dev);
+
return PTR_ERR(state);
}
@@ -239,7 +248,11 @@ int drm_mode_config_helper_resume(struct drm_device *dev)
dev->mode_config.suspend_state = NULL;
drm_fb_helper_set_suspend_unlocked(dev->fb_helper, 0);
- drm_kms_helper_poll_enable(dev);
+ /*
+ * Don't enable polling if it is not initialized
+ */
+ if (dev->mode_config.poll_enabled)
+ drm_kms_helper_poll_enable(dev);
return ret;
}
diff --git a/drivers/gpu/drm/drm_probe_helper.c b/drivers/gpu/drm/drm_probe_helper.c
index 15ed974bcb988..85a2fe15da92a 100644
--- a/drivers/gpu/drm/drm_probe_helper.c
+++ b/drivers/gpu/drm/drm_probe_helper.c
@@ -293,14 +293,17 @@ static void reschedule_output_poll_work(struct drm_device *dev)
* Drivers can call this helper from their device resume implementation. It is
* not an error to call this even when output polling isn't enabled.
*
+ * If device polling was never initialized before, this call will trigger a
+ * warning and return.
+ *
* Note that calls to enable and disable polling must be strictly ordered, which
* is automatically the case when they're only call from suspend/resume
* callbacks.
*/
void drm_kms_helper_poll_enable(struct drm_device *dev)
{
- if (!dev->mode_config.poll_enabled || !drm_kms_helper_poll ||
- dev->mode_config.poll_running)
+ if (drm_WARN_ON_ONCE(dev, !dev->mode_config.poll_enabled) ||
+ !drm_kms_helper_poll || dev->mode_config.poll_running)
return;
if (drm_kms_helper_enable_hpd(dev) ||
@@ -878,12 +881,18 @@ EXPORT_SYMBOL(drm_kms_helper_is_poll_worker);
* not an error to call this even when output polling isn't enabled or already
* disabled. Polling is re-enabled by calling drm_kms_helper_poll_enable().
*
+ * If however, the polling was never initialized, this call will trigger a
+ * warning and return
+ *
* Note that calls to enable and disable polling must be strictly ordered, which
* is automatically the case when they're only call from suspend/resume
* callbacks.
*/
void drm_kms_helper_poll_disable(struct drm_device *dev)
{
+ if (drm_WARN_ON(dev, !dev->mode_config.poll_enabled))
+ return;
+
if (dev->mode_config.poll_running)
drm_kms_helper_disable_hpd(dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 070/114] SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 069/114] drm: Check output polling initialized before disabling Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 071/114] PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Greg Kroah-Hartman
` (54 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dai Ngo, Jeff Layton,
Trond Myklebust, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dai Ngo <dai.ngo@oracle.com>
[ Upstream commit 2c35f43b5a4b9cdfaa6fdd946f5a212615dac8eb ]
When the NFS client is under extreme load the rpc_wait_queue.qlen counter
can be overflowed. Here is an instant of the backlog queue overflow in a
real world environment shown by drgn helper:
rpc_task_stats(rpc_clnt):
-------------------------
rpc_clnt: 0xffff92b65d2bae00
rpc_xprt: 0xffff9275db64f000
Queue: sending[64887] pending[524] backlog[30441] binding[0]
XMIT task: 0xffff925c6b1d8e98
WRITE: 750654
__dta_call_status_580: 65463
__dta_call_transmit_status_579: 1
call_reserveresult: 685189
nfs_client_init_is_complete: 1
COMMIT: 584
call_reserveresult: 573
__dta_call_status_580: 11
ACCESS: 1
__dta_call_status_580: 1
GETATTR: 10
__dta_call_status_580: 4
call_reserveresult: 6
751249 tasks for server 111.222.333.444
Total tasks: 751249
count_rpc_wait_queues(xprt):
----------------------------
**** rpc_xprt: 0xffff9275db64f000 num_reqs: 65511
wait_queue: xprt_binding[0] cnt: 0
wait_queue: xprt_binding[1] cnt: 0
wait_queue: xprt_binding[2] cnt: 0
wait_queue: xprt_binding[3] cnt: 0
rpc_wait_queue[xprt_binding].qlen: 0 maxpriority: 0
wait_queue: xprt_sending[0] cnt: 0
wait_queue: xprt_sending[1] cnt: 64887
wait_queue: xprt_sending[2] cnt: 0
wait_queue: xprt_sending[3] cnt: 0
rpc_wait_queue[xprt_sending].qlen: 64887 maxpriority: 3
wait_queue: xprt_pending[0] cnt: 524
wait_queue: xprt_pending[1] cnt: 0
wait_queue: xprt_pending[2] cnt: 0
wait_queue: xprt_pending[3] cnt: 0
rpc_wait_queue[xprt_pending].qlen: 524 maxpriority: 0
wait_queue: xprt_backlog[0] cnt: 0
wait_queue: xprt_backlog[1] cnt: 685801
wait_queue: xprt_backlog[2] cnt: 0
wait_queue: xprt_backlog[3] cnt: 0
rpc_wait_queue[xprt_backlog].qlen: 30441 maxpriority: 3 [task cnt mismatch]
There is no effect on operations when this overflow occurs. However
it causes confusion when trying to diagnose the performance problem.
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/sunrpc/sched.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h
index 8ada7dc802d30..8f9bee0e21c3b 100644
--- a/include/linux/sunrpc/sched.h
+++ b/include/linux/sunrpc/sched.h
@@ -186,7 +186,7 @@ struct rpc_wait_queue {
unsigned char maxpriority; /* maximum priority (0 if queue is not a priority queue) */
unsigned char priority; /* current priority */
unsigned char nr; /* # tasks remaining for cookie */
- unsigned short qlen; /* total # tasks waiting in queue */
+ unsigned int qlen; /* total # tasks waiting in queue */
struct rpc_timer timer_list;
#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) || IS_ENABLED(CONFIG_TRACEPOINTS)
const char * name;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 071/114] PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 070/114] SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 072/114] Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Greg Kroah-Hartman
` (53 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Drake, Bjorn Helgaas,
Jian-Hong Pan, Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Drake <drake@endlessos.org>
[ Upstream commit cdea98bf1faef23166262825ce44648be6ebff42 ]
The Asus B1400 with original shipped firmware versions and VMD disabled
cannot resume from suspend: the NVMe device becomes unresponsive and
inaccessible.
This appears to be an untested D3cold transition by the vendor; Intel
socwatch shows that Windows leaves the NVMe device and parent bridge in D0
during suspend, even though these firmware versions have StorageD3Enable=1.
The NVMe device and parent PCI bridge both share the same "PXP" ACPI power
resource, which gets turned off as both devices are put into D3cold during
suspend. The _OFF() method calls DL23() which sets a L23E bit at offset
0xe2 into the PCI configuration space for this root port. This is the
specific write that the _ON() routine is unable to recover from. This
register is not documented in the public chipset datasheet.
Disallow D3cold on the PCI bridge to enable successful suspend/resume.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215742
Link: https://lore.kernel.org/r/20240228075316.7404-1-drake@endlessos.org
Signed-off-by: Daniel Drake <drake@endlessos.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Jian-Hong Pan <jhp@endlessos.org>
Acked-by: Rafael J. Wysocki <rafael@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/pci/fixup.c | 48 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
index f347c20247d30..b33afb240601b 100644
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -907,6 +907,54 @@ static void chromeos_fixup_apl_pci_l1ss_capability(struct pci_dev *dev)
DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x5ad6, chromeos_save_apl_pci_l1ss_capability);
DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, 0x5ad6, chromeos_fixup_apl_pci_l1ss_capability);
+/*
+ * Disable D3cold on Asus B1400 PCI-NVMe bridge
+ *
+ * On this platform with VMD off, the NVMe device cannot successfully power
+ * back on from D3cold. This appears to be an untested transition by the
+ * vendor: Windows leaves the NVMe and parent bridge in D0 during suspend.
+ *
+ * We disable D3cold on the parent bridge for simplicity, and the fact that
+ * both parent bridge and NVMe device share the same power resource.
+ *
+ * This is only needed on BIOS versions before 308; the newer versions flip
+ * StorageD3Enable from 1 to 0.
+ */
+static const struct dmi_system_id asus_nvme_broken_d3cold_table[] = {
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BIOS_VERSION, "B1400CEAE.304"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BIOS_VERSION, "B1400CEAE.305"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BIOS_VERSION, "B1400CEAE.306"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_BIOS_VERSION, "B1400CEAE.307"),
+ },
+ },
+ {}
+};
+
+static void asus_disable_nvme_d3cold(struct pci_dev *pdev)
+{
+ if (dmi_check_system(asus_nvme_broken_d3cold_table) > 0)
+ pci_d3cold_disable(pdev);
+}
+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x9a09, asus_disable_nvme_d3cold);
+
#ifdef CONFIG_SUSPEND
/*
* Root Ports on some AMD SoCs advertise PME_Support for D3hot and D3cold, but
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 072/114] Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 071/114] PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 073/114] libperf evlist: Avoid out-of-bounds access Greg Kroah-Hartman
` (52 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Drake, Bjorn Helgaas,
Jian-Hong Pan, Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Drake <drake@endlessos.org>
[ Upstream commit cb98555fcd8eee98c30165537c7e394f3a66e809 ]
This reverts commit d52848620de00cde4a3a5df908e231b8c8868250, which was
originally put in place to work around a s2idle failure on this platform
where the NVMe device was inaccessible upon resume.
After extended testing, we found that the firmware's implementation of S3
is buggy and intermittently fails to wake up the system. We need to revert
to s2idle mode.
The NVMe issue has now been solved more precisely in the commit titled
"PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge"
Link: https://bugzilla.kernel.org/show_bug.cgi?id=215742
Link: https://lore.kernel.org/r/20240228075316.7404-2-drake@endlessos.org
Signed-off-by: Daniel Drake <drake@endlessos.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Jian-Hong Pan <jhp@endlessos.org>
Acked-by: Rafael J. Wysocki <rafael@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/sleep.c | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
index 808484d112097..728acfeb774d8 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
@@ -385,18 +385,6 @@ static const struct dmi_system_id acpisleep_dmi_table[] __initconst = {
DMI_MATCH(DMI_PRODUCT_NAME, "20GGA00L00"),
},
},
- /*
- * ASUS B1400CEAE hangs on resume from suspend (see
- * https://bugzilla.kernel.org/show_bug.cgi?id=215742).
- */
- {
- .callback = init_default_s3,
- .ident = "ASUS B1400CEAE",
- .matches = {
- DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
- DMI_MATCH(DMI_PRODUCT_NAME, "ASUS EXPERTBOOK B1400CEAE"),
- },
- },
{},
};
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 073/114] libperf evlist: Avoid out-of-bounds access
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 072/114] Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 074/114] input/touchscreen: imagis: Correct the maximum touch area value Greg Kroah-Hartman
` (51 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ian Rogers, Yang Jihong,
Namhyung Kim, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ian Rogers <irogers@google.com>
[ Upstream commit 1947b92464c3268381604bbe2ac977a3fd78192f ]
Parallel testing appears to show a race between allocating and setting
evsel ids. As there is a bounds check on the xyarray it yields a segv
like:
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==484408==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010
==484408==The signal is caused by a WRITE memory access.
==484408==Hint: address points to the zero page.
#0 0x55cef5d4eff4 in perf_evlist__id_hash tools/lib/perf/evlist.c:256
#1 0x55cef5d4f132 in perf_evlist__id_add tools/lib/perf/evlist.c:274
#2 0x55cef5d4f545 in perf_evlist__id_add_fd tools/lib/perf/evlist.c:315
#3 0x55cef5a1923f in store_evsel_ids util/evsel.c:3130
#4 0x55cef5a19400 in evsel__store_ids util/evsel.c:3147
#5 0x55cef5888204 in __run_perf_stat tools/perf/builtin-stat.c:832
#6 0x55cef5888c06 in run_perf_stat tools/perf/builtin-stat.c:960
#7 0x55cef58932db in cmd_stat tools/perf/builtin-stat.c:2878
...
```
Avoid this crash by early exiting the perf_evlist__id_add_fd and
perf_evlist__id_add is the access is out-of-bounds.
Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Yang Jihong <yangjihong1@huawei.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Link: https://lore.kernel.org/r/20240229070757.796244-1-irogers@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/lib/perf/evlist.c | 18 ++++++++++++------
tools/lib/perf/include/internal/evlist.h | 4 ++--
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/tools/lib/perf/evlist.c b/tools/lib/perf/evlist.c
index b8b066d0dc5e4..ceb34123f38ed 100644
--- a/tools/lib/perf/evlist.c
+++ b/tools/lib/perf/evlist.c
@@ -248,10 +248,10 @@ u64 perf_evlist__read_format(struct perf_evlist *evlist)
static void perf_evlist__id_hash(struct perf_evlist *evlist,
struct perf_evsel *evsel,
- int cpu, int thread, u64 id)
+ int cpu_map_idx, int thread, u64 id)
{
int hash;
- struct perf_sample_id *sid = SID(evsel, cpu, thread);
+ struct perf_sample_id *sid = SID(evsel, cpu_map_idx, thread);
sid->id = id;
sid->evsel = evsel;
@@ -269,21 +269,27 @@ void perf_evlist__reset_id_hash(struct perf_evlist *evlist)
void perf_evlist__id_add(struct perf_evlist *evlist,
struct perf_evsel *evsel,
- int cpu, int thread, u64 id)
+ int cpu_map_idx, int thread, u64 id)
{
- perf_evlist__id_hash(evlist, evsel, cpu, thread, id);
+ if (!SID(evsel, cpu_map_idx, thread))
+ return;
+
+ perf_evlist__id_hash(evlist, evsel, cpu_map_idx, thread, id);
evsel->id[evsel->ids++] = id;
}
int perf_evlist__id_add_fd(struct perf_evlist *evlist,
struct perf_evsel *evsel,
- int cpu, int thread, int fd)
+ int cpu_map_idx, int thread, int fd)
{
u64 read_data[4] = { 0, };
int id_idx = 1; /* The first entry is the counter value */
u64 id;
int ret;
+ if (!SID(evsel, cpu_map_idx, thread))
+ return -1;
+
ret = ioctl(fd, PERF_EVENT_IOC_ID, &id);
if (!ret)
goto add;
@@ -312,7 +318,7 @@ int perf_evlist__id_add_fd(struct perf_evlist *evlist,
id = read_data[id_idx];
add:
- perf_evlist__id_add(evlist, evsel, cpu, thread, id);
+ perf_evlist__id_add(evlist, evsel, cpu_map_idx, thread, id);
return 0;
}
diff --git a/tools/lib/perf/include/internal/evlist.h b/tools/lib/perf/include/internal/evlist.h
index 3339bc2f17655..79e11d71072a0 100644
--- a/tools/lib/perf/include/internal/evlist.h
+++ b/tools/lib/perf/include/internal/evlist.h
@@ -126,11 +126,11 @@ u64 perf_evlist__read_format(struct perf_evlist *evlist);
void perf_evlist__id_add(struct perf_evlist *evlist,
struct perf_evsel *evsel,
- int cpu, int thread, u64 id);
+ int cpu_map_idx, int thread, u64 id);
int perf_evlist__id_add_fd(struct perf_evlist *evlist,
struct perf_evsel *evsel,
- int cpu, int thread, int fd);
+ int cpu_map_idx, int thread, int fd);
void perf_evlist__reset_id_hash(struct perf_evlist *evlist);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 074/114] input/touchscreen: imagis: Correct the maximum touch area value
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 073/114] libperf evlist: Avoid out-of-bounds access Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 075/114] drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Greg Kroah-Hartman
` (50 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Markuss Broks, Karel Balej,
Dmitry Torokhov, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Markuss Broks <markuss.broks@gmail.com>
[ Upstream commit 54a62ed17a705ef1ac80ebca2b62136b19243e19 ]
As specified in downstream IST3038B driver and proved by testing,
the correct maximum reported value of touch area is 16.
Signed-off-by: Markuss Broks <markuss.broks@gmail.com>
Signed-off-by: Karel Balej <balejk@matfyz.cz>
Link: https://lore.kernel.org/r/20240301164659.13240-2-karelb@gimli.ms.mff.cuni.cz
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/imagis.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/input/touchscreen/imagis.c b/drivers/input/touchscreen/imagis.c
index 07111ca244556..e67fd30110278 100644
--- a/drivers/input/touchscreen/imagis.c
+++ b/drivers/input/touchscreen/imagis.c
@@ -210,7 +210,7 @@ static int imagis_init_input_dev(struct imagis_ts *ts)
input_set_capability(input_dev, EV_ABS, ABS_MT_POSITION_X);
input_set_capability(input_dev, EV_ABS, ABS_MT_POSITION_Y);
- input_set_abs_params(input_dev, ABS_MT_TOUCH_MAJOR, 0, 255, 0, 0);
+ input_set_abs_params(input_dev, ABS_MT_TOUCH_MAJOR, 0, 16, 0, 0);
touchscreen_parse_properties(input_dev, true, &ts->prop);
if (!ts->prop.max_x || !ts->prop.max_y) {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 075/114] drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 074/114] input/touchscreen: imagis: Correct the maximum touch area value Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 076/114] block: prevent division by zero in blk_rq_stat_sum() Greg Kroah-Hartman
` (49 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Junhao He, Yicong Yang, Will Deacon,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junhao He <hejunhao3@huawei.com>
[ Upstream commit e10b6976f6b9afdf3564f88c851e42d139bb19c0 ]
HiSilicon UC PMU v2 suffers the erratum 162700402 that the PMU counter
cannot be set due to the lack of clock under power saving mode. This will
lead to error or inaccurate counts. The clock can be enabled by the PMU
global enabling control.
This patch tries to fix this by set the UC PMU enable before set event
period to turn on the clock, and then restore the UC PMU configuration.
The counter register can hold its value without a clock.
Signed-off-by: Junhao He <hejunhao3@huawei.com>
Reviewed-by: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20240227125231.53127-1-hejunhao3@huawei.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 42 ++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/drivers/perf/hisilicon/hisi_uncore_uc_pmu.c b/drivers/perf/hisilicon/hisi_uncore_uc_pmu.c
index 636fb79647c8c..481dcc9e8fbf8 100644
--- a/drivers/perf/hisilicon/hisi_uncore_uc_pmu.c
+++ b/drivers/perf/hisilicon/hisi_uncore_uc_pmu.c
@@ -287,12 +287,52 @@ static u64 hisi_uc_pmu_read_counter(struct hisi_pmu *uc_pmu,
return readq(uc_pmu->base + HISI_UC_CNTR_REGn(hwc->idx));
}
-static void hisi_uc_pmu_write_counter(struct hisi_pmu *uc_pmu,
+static bool hisi_uc_pmu_get_glb_en_state(struct hisi_pmu *uc_pmu)
+{
+ u32 val;
+
+ val = readl(uc_pmu->base + HISI_UC_EVENT_CTRL_REG);
+ return !!FIELD_GET(HISI_UC_EVENT_GLB_EN, val);
+}
+
+static void hisi_uc_pmu_write_counter_normal(struct hisi_pmu *uc_pmu,
struct hw_perf_event *hwc, u64 val)
{
writeq(val, uc_pmu->base + HISI_UC_CNTR_REGn(hwc->idx));
}
+static void hisi_uc_pmu_write_counter_quirk_v2(struct hisi_pmu *uc_pmu,
+ struct hw_perf_event *hwc, u64 val)
+{
+ hisi_uc_pmu_start_counters(uc_pmu);
+ hisi_uc_pmu_write_counter_normal(uc_pmu, hwc, val);
+ hisi_uc_pmu_stop_counters(uc_pmu);
+}
+
+static void hisi_uc_pmu_write_counter(struct hisi_pmu *uc_pmu,
+ struct hw_perf_event *hwc, u64 val)
+{
+ bool enable = hisi_uc_pmu_get_glb_en_state(uc_pmu);
+ bool erratum = uc_pmu->identifier == HISI_PMU_V2;
+
+ /*
+ * HiSilicon UC PMU v2 suffers the erratum 162700402 that the
+ * PMU counter cannot be set due to the lack of clock under power
+ * saving mode. This will lead to error or inaccurate counts.
+ * The clock can be enabled by the PMU global enabling control.
+ * The irq handler and pmu_start() will call the function to set
+ * period. If the function under irq context, the PMU has been
+ * enabled therefore we set counter directly. Other situations
+ * the PMU is disabled, we need to enable it to turn on the
+ * counter clock to set period, and then restore PMU enable
+ * status, the counter can hold its value without a clock.
+ */
+ if (enable || !erratum)
+ hisi_uc_pmu_write_counter_normal(uc_pmu, hwc, val);
+ else
+ hisi_uc_pmu_write_counter_quirk_v2(uc_pmu, hwc, val);
+}
+
static void hisi_uc_pmu_enable_counter_int(struct hisi_pmu *uc_pmu,
struct hw_perf_event *hwc)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 076/114] block: prevent division by zero in blk_rq_stat_sum()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 075/114] drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 077/114] RDMA/cm: add timeout to cm_destroy_id wait Greg Kroah-Hartman
` (48 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Roman Smirnov, Sergey Shtylyov,
Jens Axboe, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roman Smirnov <r.smirnov@omp.ru>
[ Upstream commit 93f52fbeaf4b676b21acfe42a5152620e6770d02 ]
The expression dst->nr_samples + src->nr_samples may
have zero value on overflow. It is necessary to add
a check to avoid division by zero.
Found by Linux Verification Center (linuxtesting.org) with Svace.
Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Link: https://lore.kernel.org/r/20240305134509.23108-1-r.smirnov@omp.ru
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-stat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/blk-stat.c b/block/blk-stat.c
index 7ff76ae6c76a9..e42c263e53fb9 100644
--- a/block/blk-stat.c
+++ b/block/blk-stat.c
@@ -27,7 +27,7 @@ void blk_rq_stat_init(struct blk_rq_stat *stat)
/* src is a per-cpu stat, mean isn't initialized */
void blk_rq_stat_sum(struct blk_rq_stat *dst, struct blk_rq_stat *src)
{
- if (!src->nr_samples)
+ if (dst->nr_samples + src->nr_samples <= dst->nr_samples)
return;
dst->min = min(dst->min, src->min);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 077/114] RDMA/cm: add timeout to cm_destroy_id wait
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 076/114] block: prevent division by zero in blk_rq_stat_sum() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 078/114] Input: imagis - use FIELD_GET where applicable Greg Kroah-Hartman
` (47 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Manjunath Patil, Leon Romanovsky,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manjunath Patil <manjunath.b.patil@oracle.com>
[ Upstream commit 96d9cbe2f2ff7abde021bac75eafaceabe9a51fa ]
Add timeout to cm_destroy_id, so that userspace can trigger any data
collection that would help in analyzing the cause of delay in destroying
the cm_id.
New noinline function helps dtrace/ebpf programs to hook on to it.
Existing functionality isn't changed except triggering a probe-able new
function at every timeout interval.
We have seen cases where CM messages stuck with MAD layer (either due to
software bug or faulty HCA), leading to cm_id getting stuck in the
following call stack. This patch helps in resolving such issues faster.
kernel: ... INFO: task XXXX:56778 blocked for more than 120 seconds.
...
Call Trace:
__schedule+0x2bc/0x895
schedule+0x36/0x7c
schedule_timeout+0x1f6/0x31f
? __slab_free+0x19c/0x2ba
wait_for_completion+0x12b/0x18a
? wake_up_q+0x80/0x73
cm_destroy_id+0x345/0x610 [ib_cm]
ib_destroy_cm_id+0x10/0x20 [ib_cm]
rdma_destroy_id+0xa8/0x300 [rdma_cm]
ucma_destroy_id+0x13e/0x190 [rdma_ucm]
ucma_write+0xe0/0x160 [rdma_ucm]
__vfs_write+0x3a/0x16d
vfs_write+0xb2/0x1a1
? syscall_trace_enter+0x1ce/0x2b8
SyS_write+0x5c/0xd3
do_syscall_64+0x79/0x1b9
entry_SYSCALL_64_after_hwframe+0x16d/0x0
Signed-off-by: Manjunath Patil <manjunath.b.patil@oracle.com>
Link: https://lore.kernel.org/r/20240309063323.458102-1-manjunath.b.patil@oracle.com
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/cm.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
index ff58058aeadca..bf0df6ee4f785 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -34,6 +34,7 @@ MODULE_AUTHOR("Sean Hefty");
MODULE_DESCRIPTION("InfiniBand CM");
MODULE_LICENSE("Dual BSD/GPL");
+#define CM_DESTROY_ID_WAIT_TIMEOUT 10000 /* msecs */
static const char * const ibcm_rej_reason_strs[] = {
[IB_CM_REJ_NO_QP] = "no QP",
[IB_CM_REJ_NO_EEC] = "no EEC",
@@ -1025,10 +1026,20 @@ static void cm_reset_to_idle(struct cm_id_private *cm_id_priv)
}
}
+static noinline void cm_destroy_id_wait_timeout(struct ib_cm_id *cm_id)
+{
+ struct cm_id_private *cm_id_priv;
+
+ cm_id_priv = container_of(cm_id, struct cm_id_private, id);
+ pr_err("%s: cm_id=%p timed out. state=%d refcnt=%d\n", __func__,
+ cm_id, cm_id->state, refcount_read(&cm_id_priv->refcount));
+}
+
static void cm_destroy_id(struct ib_cm_id *cm_id, int err)
{
struct cm_id_private *cm_id_priv;
struct cm_work *work;
+ int ret;
cm_id_priv = container_of(cm_id, struct cm_id_private, id);
spin_lock_irq(&cm_id_priv->lock);
@@ -1135,7 +1146,14 @@ static void cm_destroy_id(struct ib_cm_id *cm_id, int err)
xa_erase(&cm.local_id_table, cm_local_id(cm_id->local_id));
cm_deref_id(cm_id_priv);
- wait_for_completion(&cm_id_priv->comp);
+ do {
+ ret = wait_for_completion_timeout(&cm_id_priv->comp,
+ msecs_to_jiffies(
+ CM_DESTROY_ID_WAIT_TIMEOUT));
+ if (!ret) /* timeout happened */
+ cm_destroy_id_wait_timeout(cm_id);
+ } while (!ret);
+
while ((work = cm_dequeue_work(cm_id_priv)) != NULL)
cm_free_work(work);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 078/114] Input: imagis - use FIELD_GET where applicable
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 077/114] RDMA/cm: add timeout to cm_destroy_id wait Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 079/114] Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman
` (46 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Duje Mihanović, Dmitry Torokhov,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Duje Mihanović <duje.mihanovic@skole.hr>
[ Upstream commit c0ca3dbd03d66c6b9e044f48720e6ab5cef37ae5 ]
Instead of manually extracting certain bits from registers with binary
ANDs and shifts, the FIELD_GET macro can be used. With this in mind, the
*_SHIFT macros can be dropped.
Signed-off-by: Duje Mihanović <duje.mihanovic@skole.hr>
Link: https://lore.kernel.org/r/20240306-b4-imagis-keys-v3-1-2c429afa8420@skole.hr
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/touchscreen/imagis.c | 18 +++++++-----------
1 file changed, 7 insertions(+), 11 deletions(-)
diff --git a/drivers/input/touchscreen/imagis.c b/drivers/input/touchscreen/imagis.c
index e67fd30110278..55ecebe981445 100644
--- a/drivers/input/touchscreen/imagis.c
+++ b/drivers/input/touchscreen/imagis.c
@@ -1,5 +1,6 @@
// SPDX-License-Identifier: GPL-2.0-only
+#include <linux/bitfield.h>
#include <linux/bits.h>
#include <linux/delay.h>
#include <linux/i2c.h>
@@ -23,12 +24,9 @@
#define IST3038C_I2C_RETRY_COUNT 3
#define IST3038C_MAX_FINGER_NUM 10
#define IST3038C_X_MASK GENMASK(23, 12)
-#define IST3038C_X_SHIFT 12
#define IST3038C_Y_MASK GENMASK(11, 0)
#define IST3038C_AREA_MASK GENMASK(27, 24)
-#define IST3038C_AREA_SHIFT 24
#define IST3038C_FINGER_COUNT_MASK GENMASK(15, 12)
-#define IST3038C_FINGER_COUNT_SHIFT 12
#define IST3038C_FINGER_STATUS_MASK GENMASK(9, 0)
struct imagis_ts {
@@ -92,8 +90,7 @@ static irqreturn_t imagis_interrupt(int irq, void *dev_id)
goto out;
}
- finger_count = (intr_message & IST3038C_FINGER_COUNT_MASK) >>
- IST3038C_FINGER_COUNT_SHIFT;
+ finger_count = FIELD_GET(IST3038C_FINGER_COUNT_MASK, intr_message);
if (finger_count > IST3038C_MAX_FINGER_NUM) {
dev_err(&ts->client->dev,
"finger count %d is more than maximum supported\n",
@@ -101,7 +98,7 @@ static irqreturn_t imagis_interrupt(int irq, void *dev_id)
goto out;
}
- finger_pressed = intr_message & IST3038C_FINGER_STATUS_MASK;
+ finger_pressed = FIELD_GET(IST3038C_FINGER_STATUS_MASK, intr_message);
for (i = 0; i < finger_count; i++) {
error = imagis_i2c_read_reg(ts,
@@ -118,12 +115,11 @@ static irqreturn_t imagis_interrupt(int irq, void *dev_id)
input_mt_report_slot_state(ts->input_dev, MT_TOOL_FINGER,
finger_pressed & BIT(i));
touchscreen_report_pos(ts->input_dev, &ts->prop,
- (finger_status & IST3038C_X_MASK) >>
- IST3038C_X_SHIFT,
- finger_status & IST3038C_Y_MASK, 1);
+ FIELD_GET(IST3038C_X_MASK, finger_status),
+ FIELD_GET(IST3038C_Y_MASK, finger_status),
+ true);
input_report_abs(ts->input_dev, ABS_MT_TOUCH_MAJOR,
- (finger_status & IST3038C_AREA_MASK) >>
- IST3038C_AREA_SHIFT);
+ FIELD_GET(IST3038C_AREA_MASK, finger_status));
}
input_mt_sync_frame(ts->input_dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 079/114] Input: allocate keycode for Display refresh rate toggle
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 078/114] Input: imagis - use FIELD_GET where applicable Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 080/114] platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Greg Kroah-Hartman
` (45 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gergo Koteles, Dmitry Torokhov,
Ilpo Järvinen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gergo Koteles <soyer@irl.hu>
[ Upstream commit cfeb98b95fff25c442f78a6f616c627bc48a26b7 ]
Newer Lenovo Yogas and Legions with 60Hz/90Hz displays send a wmi event
when Fn + R is pressed. This is intended for use to switch between the
two refresh rates.
Allocate a new KEY_REFRESH_RATE_TOGGLE keycode for it.
Signed-off-by: Gergo Koteles <soyer@irl.hu>
Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://lore.kernel.org/r/15a5d08c84cf4d7b820de34ebbcf8ae2502fb3ca.1710065750.git.soyer@irl.hu
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/uapi/linux/input-event-codes.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/input-event-codes.h b/include/uapi/linux/input-event-codes.h
index 022a520e31fc2..03edf2ccdf6c8 100644
--- a/include/uapi/linux/input-event-codes.h
+++ b/include/uapi/linux/input-event-codes.h
@@ -602,6 +602,7 @@
#define KEY_ALS_TOGGLE 0x230 /* Ambient light sensor */
#define KEY_ROTATE_LOCK_TOGGLE 0x231 /* Display rotation lock */
+#define KEY_REFRESH_RATE_TOGGLE 0x232 /* Display refresh rate toggle */
#define KEY_BUTTONCONFIG 0x240 /* AL Button Configuration */
#define KEY_TASKMANAGER 0x241 /* AL Task/Project Manager */
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 080/114] platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 079/114] Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 081/114] perf/x86/amd/lbr: Discard erroneous branch entries Greg Kroah-Hartman
` (44 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Alban Boyé, Ilpo Järvinen,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alban Boyé <alban.boye@protonmail.com>
[ Upstream commit 1266e2efb7512dbf20eac820ca2ed34de6b1c3e7 ]
Signed-off-by: Alban Boyé <alban.boye@protonmail.com>
Link: https://lore.kernel.org/r/20240227223919.11587-1-alban.boye@protonmail.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/touchscreen_dmi.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/platform/x86/touchscreen_dmi.c b/drivers/platform/x86/touchscreen_dmi.c
index 969477c83e56e..630ed0515b1e9 100644
--- a/drivers/platform/x86/touchscreen_dmi.c
+++ b/drivers/platform/x86/touchscreen_dmi.c
@@ -1222,6 +1222,15 @@ const struct dmi_system_id touchscreen_dmi_table[] = {
DMI_MATCH(DMI_BIOS_VERSION, "CHUWI.D86JLBNR"),
},
},
+ {
+ /* Chuwi Vi8 dual-boot (CWI506) */
+ .driver_data = (void *)&chuwi_vi8_data,
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Insyde"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "i86"),
+ DMI_MATCH(DMI_BIOS_VERSION, "CHUWI2.D86JHBNR02"),
+ },
+ },
{
/* Chuwi Vi8 Plus (CWI519) */
.driver_data = (void *)&chuwi_vi8_plus_data,
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 081/114] perf/x86/amd/lbr: Discard erroneous branch entries
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 080/114] platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 082/114] ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Greg Kroah-Hartman
` (43 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Sandipan Das, Ingo Molnar,
Peter Zijlstra, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sandipan Das <sandipan.das@amd.com>
[ Upstream commit 29297ffffb0bf388778bd4b581a43cee6929ae65 ]
The Revision Guide for AMD Family 19h Model 10-1Fh processors declares
Erratum 1452 which states that non-branch entries may erroneously be
recorded in the Last Branch Record (LBR) stack with the valid and
spec bits set.
Such entries can be recognized by inspecting bit 61 of the corresponding
LastBranchStackToIp register. This bit is currently reserved but if found
to be set, the associated branch entry should be discarded.
Signed-off-by: Sandipan Das <sandipan.das@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://bugzilla.kernel.org/attachment.cgi?id=305518
Link: https://lore.kernel.org/r/3ad2aa305f7396d41a40e3f054f740d464b16b7f.1706526029.git.sandipan.das@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/events/amd/lbr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/events/amd/lbr.c b/arch/x86/events/amd/lbr.c
index 110e34c59643a..5149830c7c4fa 100644
--- a/arch/x86/events/amd/lbr.c
+++ b/arch/x86/events/amd/lbr.c
@@ -173,9 +173,11 @@ void amd_pmu_lbr_read(void)
/*
* Check if a branch has been logged; if valid = 0, spec = 0
- * then no branch was recorded
+ * then no branch was recorded; if reserved = 1 then an
+ * erroneous branch was recorded (see Erratum 1452)
*/
- if (!entry.to.split.valid && !entry.to.split.spec)
+ if ((!entry.to.split.valid && !entry.to.split.spec) ||
+ entry.to.split.reserved)
continue;
perf_clear_branch_entry_bitfields(br + out);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 082/114] ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 081/114] perf/x86/amd/lbr: Discard erroneous branch entries Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 083/114] ktest: force $buildonly = 1 for make_warnings_file test type Greg Kroah-Hartman
` (42 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Jichi Zhang, Takashi Iwai,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jichi Zhang <i@jichi.ca>
[ Upstream commit 9b714a59b719b1ba9382c092f0f7aa4bbe94eba1 ]
The speakers on the Lenovo Yoga 9 14IMH9 are similar to previous generations
such as the 14IAP7, and the bass speakers can be fixed using similar methods
with one caveat: 14IMH9 uses CS35L41 amplifiers which need to be activated
separately.
Signed-off-by: Jichi Zhang <i@jichi.ca>
Message-ID: <20240315081954.45470-3-i@jichi.ca>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index b1c2fb43cab69..b8e47761fb572 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -7428,6 +7428,7 @@ enum {
ALC287_FIXUP_LEGION_16ITHG6,
ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK,
ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK_PIN,
+ ALC287_FIXUP_YOGA9_14IMH9_BASS_SPK_PIN,
ALC295_FIXUP_DELL_INSPIRON_TOP_SPEAKERS,
ALC236_FIXUP_DELL_DUAL_CODECS,
ALC287_FIXUP_CS35L41_I2C_2_THINKPAD_ACPI,
@@ -9552,6 +9553,12 @@ static const struct hda_fixup alc269_fixups[] = {
.chained = true,
.chain_id = ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK,
},
+ [ALC287_FIXUP_YOGA9_14IMH9_BASS_SPK_PIN] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc287_fixup_yoga9_14iap7_bass_spk_pin,
+ .chained = true,
+ .chain_id = ALC287_FIXUP_CS35L41_I2C_2,
+ },
[ALC295_FIXUP_DELL_INSPIRON_TOP_SPEAKERS] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc295_fixup_dell_inspiron_top_speakers,
@@ -10257,6 +10264,8 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x17aa, 0x38c3, "Y980 DUAL", ALC287_FIXUP_TAS2781_I2C),
SND_PCI_QUIRK(0x17aa, 0x38cb, "Y790 YG DUAL", ALC287_FIXUP_TAS2781_I2C),
SND_PCI_QUIRK(0x17aa, 0x38cd, "Y790 VECO DUAL", ALC287_FIXUP_TAS2781_I2C),
+ SND_PCI_QUIRK(0x17aa, 0x38d2, "Lenovo Yoga 9 14IMH9", ALC287_FIXUP_YOGA9_14IMH9_BASS_SPK_PIN),
+ SND_PCI_QUIRK(0x17aa, 0x38d7, "Lenovo Yoga 9 14IMH9", ALC287_FIXUP_YOGA9_14IMH9_BASS_SPK_PIN),
SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC),
SND_PCI_QUIRK(0x17aa, 0x3978, "Lenovo B50-70", ALC269_FIXUP_DMIC_THINKPAD_ACPI),
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 083/114] ktest: force $buildonly = 1 for make_warnings_file test type
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 082/114] ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 084/114] Input: xpad - add support for Snakebyte GAMEPADs Greg Kroah-Hartman
` (41 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, John Hawley, Ricardo B. Marliere,
Steven Rostedt, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ricardo B. Marliere <ricardo@marliere.net>
[ Upstream commit 07283c1873a4d0eaa0e822536881bfdaea853910 ]
The test type "make_warnings_file" should have no mandatory configuration
parameters other than the ones required by the "build" test type, because
its purpose is to create a file with build warnings that may or may not be
used by other subsequent tests. Currently, the only way to use it as a
stand-alone test is by setting POWER_CYCLE, CONSOLE, SSH_USER,
BUILD_TARGET, TARGET_IMAGE, REBOOT_TYPE and GRUB_MENU.
Link: https://lkml.kernel.org/r/20240315-ktest-v2-1-c5c20a75f6a3@marliere.net
Cc: John Hawley <warthog9@eaglescrag.net>
Signed-off-by: Ricardo B. Marliere <ricardo@marliere.net>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/ktest/ktest.pl | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/ktest/ktest.pl b/tools/testing/ktest/ktest.pl
index 829f5bdfd2e43..24451f8f42910 100755
--- a/tools/testing/ktest/ktest.pl
+++ b/tools/testing/ktest/ktest.pl
@@ -843,6 +843,7 @@ sub set_value {
if ($lvalue =~ /^(TEST|BISECT|CONFIG_BISECT)_TYPE(\[.*\])?$/ &&
$prvalue !~ /^(config_|)bisect$/ &&
$prvalue !~ /^build$/ &&
+ $prvalue !~ /^make_warnings_file$/ &&
$buildonly) {
# Note if a test is something other than build, then we
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 084/114] Input: xpad - add support for Snakebyte GAMEPADs
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 083/114] ktest: force $buildonly = 1 for make_warnings_file test type Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 085/114] ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Greg Kroah-Hartman
` (40 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Matt Scialabba, Dmitry Torokhov,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Scialabba <matt.git@fastmail.fm>
[ Upstream commit 81c32343d04f8ca974681d5fb5d939d2e1f58851 ]
Add Snakebyte GAMEPAD BASE X and Snakebyte GAMEPAD RGB X to the list
of supported devices.
Signed-off-by: Matt Scialabba <matt.git@fastmail.fm>
Link: https://lore.kernel.org/r/efbfb428-06b0-48f9-8701-db291c2a9d65@app.fastmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/input/joystick/xpad.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
index c11af4441cf25..9206253422016 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -366,6 +366,8 @@ static const struct xpad_device {
{ 0x24c6, 0x5d04, "Razer Sabertooth", 0, XTYPE_XBOX360 },
{ 0x24c6, 0xfafe, "Rock Candy Gamepad for Xbox 360", 0, XTYPE_XBOX360 },
{ 0x2563, 0x058d, "OneXPlayer Gamepad", 0, XTYPE_XBOX360 },
+ { 0x294b, 0x3303, "Snakebyte GAMEPAD BASE X", 0, XTYPE_XBOXONE },
+ { 0x294b, 0x3404, "Snakebyte GAMEPAD RGB X", 0, XTYPE_XBOXONE },
{ 0x2dc8, 0x2000, "8BitDo Pro 2 Wired Controller fox Xbox", 0, XTYPE_XBOXONE },
{ 0x2dc8, 0x3106, "8BitDo Pro 2 Wired Controller", 0, XTYPE_XBOX360 },
{ 0x31e3, 0x1100, "Wooting One", 0, XTYPE_XBOX360 },
@@ -507,6 +509,7 @@ static const struct usb_device_id xpad_table[] = {
XPAD_XBOXONE_VENDOR(0x24c6), /* PowerA controllers */
XPAD_XBOX360_VENDOR(0x2563), /* OneXPlayer Gamepad */
XPAD_XBOX360_VENDOR(0x260d), /* Dareu H101 */
+ XPAD_XBOXONE_VENDOR(0x294b), /* Snakebyte */
XPAD_XBOX360_VENDOR(0x2c22), /* Qanba Controllers */
XPAD_XBOX360_VENDOR(0x2dc8), /* 8BitDo Pro 2 Wired Controller */
XPAD_XBOXONE_VENDOR(0x2dc8), /* 8BitDo Pro 2 Wired Controller for Xbox */
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 085/114] ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 084/114] Input: xpad - add support for Snakebyte GAMEPADs Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 086/114] tools: iio: replace seekdir() in iio_generic_buffer Greg Kroah-Hartman
` (39 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mathieu Desnoyers,
linke li, Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: linke li <lilinke99@qq.com>
[ Upstream commit f1e30cb6369251c03f63c564006f96a54197dcc4 ]
In function ring_buffer_iter_empty(), cpu_buffer->commit_page is read
while other threads may change it. It may cause the time_stamp that read
in the next line come from a different page. Use READ_ONCE() to avoid
having to reason about compiler optimizations now and in future.
Link: https://lore.kernel.org/linux-trace-kernel/tencent_DFF7D3561A0686B5E8FC079150A02505180A@qq.com
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: linke li <lilinke99@qq.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 3fedd051f12c0..06249b37d8019 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -4436,7 +4436,7 @@ int ring_buffer_iter_empty(struct ring_buffer_iter *iter)
cpu_buffer = iter->cpu_buffer;
reader = cpu_buffer->reader_page;
head_page = cpu_buffer->head_page;
- commit_page = cpu_buffer->commit_page;
+ commit_page = READ_ONCE(cpu_buffer->commit_page);
commit_ts = commit_page->page->time_stamp;
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 086/114] tools: iio: replace seekdir() in iio_generic_buffer
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 085/114] ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 087/114] bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Greg Kroah-Hartman
` (38 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Petre Rodan, Jonathan Cameron,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Petre Rodan <petre.rodan@subdimension.ro>
[ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ]
Replace seekdir() with rewinddir() in order to fix a localized glibc bug.
One of the glibc patches that stable Gentoo is using causes an improper
directory stream positioning bug on 32bit arm. That in turn ends up as a
floating point exception in iio_generic_buffer.
The attached patch provides a fix by using an equivalent function which
should not cause trouble for other distros and is easier to reason about
in general as it obviously always goes back to to the start.
https://sourceware.org/bugzilla/show_bug.cgi?id=31212
Signed-off-by: Petre Rodan <petre.rodan@subdimension.ro>
Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/iio/iio_utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c
index 6a00a6eecaef0..c5c5082cb24e5 100644
--- a/tools/iio/iio_utils.c
+++ b/tools/iio/iio_utils.c
@@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, int buffer_idx,
goto error_close_dir;
}
- seekdir(dp, 0);
+ rewinddir(dp);
while (ent = readdir(dp), ent) {
if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"),
"_en") == 0) {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 087/114] bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 086/114] tools: iio: replace seekdir() in iio_generic_buffer Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 088/114] kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Greg Kroah-Hartman
` (37 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jeffrey Hugo, Carl Vanderlip,
Manivannan Sadhasivam, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeffrey Hugo <quic_jhugo@quicinc.com>
[ Upstream commit bce3f770684cc1d91ff9edab431b71ac991faf29 ]
When processing a SYSERR, if the device does not respond to the MHI_RESET
from the host, the host will be stuck in a difficult to recover state.
The host will remain in MHI_PM_SYS_ERR_PROCESS and not clean up the host
channels. Clients will not be notified of the SYSERR via the destruction
of their channel devices, which means clients may think that the device is
still up. Subsequent SYSERR events such as a device fatal error will not
be processed as the state machine cannot transition from PROCESS back to
DETECT. The only way to recover from this is to unload the mhi module
(wipe the state machine state) or for the mhi controller to initiate
SHUTDOWN.
This issue was discovered by stress testing soc_reset events on AIC100
via the sysfs node.
soc_reset is processed entirely in hardware. When the register write
hits the endpoint hardware, it causes the soc to reset without firmware
involvement. In stress testing, there is a rare race where soc_reset N
will cause the soc to reset and PBL to signal SYSERR (fatal error). If
soc_reset N+1 is triggered before PBL can process the MHI_RESET from the
host, then the soc will reset again, and re-run PBL from the beginning.
This will cause PBL to lose all state. PBL will be waiting for the host
to respond to the new syserr, but host will be stuck expecting the
previous MHI_RESET to be processed.
Additionally, the AMSS EE firmware (QSM) was hacked to synthetically
reproduce the issue by simulating a FW hang after the QSM issued a
SYSERR. In this case, soc_reset would not recover the device.
For this failure case, to recover the device, we need a state similar to
PROCESS, but can transition to DETECT. There is not a viable existing
state to use. POR has the needed transitions, but assumes the device is
in a good state and could allow the host to attempt to use the device.
Allowing PROCESS to transition to DETECT invites the possibility of
parallel SYSERR processing which could get the host and device out of
sync.
Thus, invent a new state - MHI_PM_SYS_ERR_FAIL
This essentially a holding state. It allows us to clean up the host
elements that are based on the old state of the device (channels), but
does not allow us to directly advance back to an operational state. It
does allow the detection and processing of another SYSERR which may
recover the device, or allows the controller to do a clean shutdown.
Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com>
Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20240112180800.536733-1-quic_jhugo@quicinc.com
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/mhi/host/init.c | 1 +
drivers/bus/mhi/host/internal.h | 9 ++++++---
drivers/bus/mhi/host/pm.c | 20 +++++++++++++++++---
3 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c
index f78aefd2d7a36..cfd17c02fe20e 100644
--- a/drivers/bus/mhi/host/init.c
+++ b/drivers/bus/mhi/host/init.c
@@ -62,6 +62,7 @@ static const char * const mhi_pm_state_str[] = {
[MHI_PM_STATE_FW_DL_ERR] = "Firmware Download Error",
[MHI_PM_STATE_SYS_ERR_DETECT] = "SYS ERROR Detect",
[MHI_PM_STATE_SYS_ERR_PROCESS] = "SYS ERROR Process",
+ [MHI_PM_STATE_SYS_ERR_FAIL] = "SYS ERROR Failure",
[MHI_PM_STATE_SHUTDOWN_PROCESS] = "SHUTDOWN Process",
[MHI_PM_STATE_LD_ERR_FATAL_DETECT] = "Linkdown or Error Fatal Detect",
};
diff --git a/drivers/bus/mhi/host/internal.h b/drivers/bus/mhi/host/internal.h
index 2e139e76de4c0..d2858236af52b 100644
--- a/drivers/bus/mhi/host/internal.h
+++ b/drivers/bus/mhi/host/internal.h
@@ -88,6 +88,7 @@ enum mhi_pm_state {
MHI_PM_STATE_FW_DL_ERR,
MHI_PM_STATE_SYS_ERR_DETECT,
MHI_PM_STATE_SYS_ERR_PROCESS,
+ MHI_PM_STATE_SYS_ERR_FAIL,
MHI_PM_STATE_SHUTDOWN_PROCESS,
MHI_PM_STATE_LD_ERR_FATAL_DETECT,
MHI_PM_STATE_MAX
@@ -104,14 +105,16 @@ enum mhi_pm_state {
#define MHI_PM_FW_DL_ERR BIT(7)
#define MHI_PM_SYS_ERR_DETECT BIT(8)
#define MHI_PM_SYS_ERR_PROCESS BIT(9)
-#define MHI_PM_SHUTDOWN_PROCESS BIT(10)
+#define MHI_PM_SYS_ERR_FAIL BIT(10)
+#define MHI_PM_SHUTDOWN_PROCESS BIT(11)
/* link not accessible */
-#define MHI_PM_LD_ERR_FATAL_DETECT BIT(11)
+#define MHI_PM_LD_ERR_FATAL_DETECT BIT(12)
#define MHI_REG_ACCESS_VALID(pm_state) ((pm_state & (MHI_PM_POR | MHI_PM_M0 | \
MHI_PM_M2 | MHI_PM_M3_ENTER | MHI_PM_M3_EXIT | \
MHI_PM_SYS_ERR_DETECT | MHI_PM_SYS_ERR_PROCESS | \
- MHI_PM_SHUTDOWN_PROCESS | MHI_PM_FW_DL_ERR)))
+ MHI_PM_SYS_ERR_FAIL | MHI_PM_SHUTDOWN_PROCESS | \
+ MHI_PM_FW_DL_ERR)))
#define MHI_PM_IN_ERROR_STATE(pm_state) (pm_state >= MHI_PM_FW_DL_ERR)
#define MHI_PM_IN_FATAL_STATE(pm_state) (pm_state == MHI_PM_LD_ERR_FATAL_DETECT)
#define MHI_DB_ACCESS_VALID(mhi_cntrl) (mhi_cntrl->pm_state & mhi_cntrl->db_access)
diff --git a/drivers/bus/mhi/host/pm.c b/drivers/bus/mhi/host/pm.c
index 8a4362d75fc43..27f8a40f288cf 100644
--- a/drivers/bus/mhi/host/pm.c
+++ b/drivers/bus/mhi/host/pm.c
@@ -36,7 +36,10 @@
* M0 <--> M0
* M0 -> FW_DL_ERR
* M0 -> M3_ENTER -> M3 -> M3_EXIT --> M0
- * L1: SYS_ERR_DETECT -> SYS_ERR_PROCESS --> POR
+ * L1: SYS_ERR_DETECT -> SYS_ERR_PROCESS
+ * SYS_ERR_PROCESS -> SYS_ERR_FAIL
+ * SYS_ERR_FAIL -> SYS_ERR_DETECT
+ * SYS_ERR_PROCESS --> POR
* L2: SHUTDOWN_PROCESS -> LD_ERR_FATAL_DETECT
* SHUTDOWN_PROCESS -> DISABLE
* L3: LD_ERR_FATAL_DETECT <--> LD_ERR_FATAL_DETECT
@@ -93,7 +96,12 @@ static const struct mhi_pm_transitions dev_state_transitions[] = {
},
{
MHI_PM_SYS_ERR_PROCESS,
- MHI_PM_POR | MHI_PM_SHUTDOWN_PROCESS |
+ MHI_PM_POR | MHI_PM_SYS_ERR_FAIL | MHI_PM_SHUTDOWN_PROCESS |
+ MHI_PM_LD_ERR_FATAL_DETECT
+ },
+ {
+ MHI_PM_SYS_ERR_FAIL,
+ MHI_PM_SYS_ERR_DETECT | MHI_PM_SHUTDOWN_PROCESS |
MHI_PM_LD_ERR_FATAL_DETECT
},
/* L2 States */
@@ -624,7 +632,13 @@ static void mhi_pm_sys_error_transition(struct mhi_controller *mhi_cntrl)
!in_reset, timeout);
if (!ret || in_reset) {
dev_err(dev, "Device failed to exit MHI Reset state\n");
- goto exit_sys_error_transition;
+ write_lock_irq(&mhi_cntrl->pm_lock);
+ cur_state = mhi_tryset_pm_state(mhi_cntrl,
+ MHI_PM_SYS_ERR_FAIL);
+ write_unlock_irq(&mhi_cntrl->pm_lock);
+ /* Shutdown may have occurred, otherwise cleanup now */
+ if (cur_state != MHI_PM_SYS_ERR_FAIL)
+ goto exit_sys_error_transition;
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 088/114] kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 087/114] bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 089/114] usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Greg Kroah-Hartman
` (36 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Tejun Heo, Andrea Righi,
Geert Uytterhoeven, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
[ Upstream commit 4207b556e62f0a8915afc5da4c5d5ad915a253a5 ]
The BPF helper bpf_cgroup_from_id() calls kernfs_find_and_get_node_by_id()
which acquires kernfs_idr_lock, which is an non-raw non-IRQ-safe lock. This
can lead to deadlocks as bpf_cgroup_from_id() can be called from any BPF
programs including e.g. the ones that attach to functions which are holding
the scheduler rq lock.
Consider the following BPF program:
SEC("fentry/__set_cpus_allowed_ptr_locked")
int BPF_PROG(__set_cpus_allowed_ptr_locked, struct task_struct *p,
struct affinity_context *affn_ctx, struct rq *rq, struct rq_flags *rf)
{
struct cgroup *cgrp = bpf_cgroup_from_id(p->cgroups->dfl_cgrp->kn->id);
if (cgrp) {
bpf_printk("%d[%s] in %s", p->pid, p->comm, cgrp->kn->name);
bpf_cgroup_release(cgrp);
}
return 0;
}
__set_cpus_allowed_ptr_locked() is called with rq lock held and the above
BPF program calls bpf_cgroup_from_id() within leading to the following
lockdep warning:
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.7.0-rc3-work-00053-g07124366a1d7-dirty #147 Not tainted
-----------------------------------------------------
repro/1620 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff833b3688 (kernfs_idr_lock){+.+.}-{2:2}, at: kernfs_find_and_get_node_by_id+0x1e/0x70
and this task is already holding:
ffff888237ced698 (&rq->__lock){-.-.}-{2:2}, at: task_rq_lock+0x4e/0xf0
which would create a new lock dependency:
(&rq->__lock){-.-.}-{2:2} -> (kernfs_idr_lock){+.+.}-{2:2}
...
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(kernfs_idr_lock);
local_irq_disable();
lock(&rq->__lock);
lock(kernfs_idr_lock);
<Interrupt>
lock(&rq->__lock);
*** DEADLOCK ***
...
Call Trace:
dump_stack_lvl+0x55/0x70
dump_stack+0x10/0x20
__lock_acquire+0x781/0x2a40
lock_acquire+0xbf/0x1f0
_raw_spin_lock+0x2f/0x40
kernfs_find_and_get_node_by_id+0x1e/0x70
cgroup_get_from_id+0x21/0x240
bpf_cgroup_from_id+0xe/0x20
bpf_prog_98652316e9337a5a___set_cpus_allowed_ptr_locked+0x96/0x11a
bpf_trampoline_6442545632+0x4f/0x1000
__set_cpus_allowed_ptr_locked+0x5/0x5a0
sched_setaffinity+0x1b3/0x290
__x64_sys_sched_setaffinity+0x4f/0x60
do_syscall_64+0x40/0xe0
entry_SYSCALL_64_after_hwframe+0x46/0x4e
Let's fix it by protecting kernfs_node and kernfs_root with RCU and making
kernfs_find_and_get_node_by_id() acquire rcu_read_lock() instead of
kernfs_idr_lock.
This adds an rcu_head to kernfs_node making it larger by 16 bytes on 64bit.
Combined with the preceding rearrange patch, the net increase is 8 bytes.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Andrea Righi <andrea.righi@canonical.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Link: https://lore.kernel.org/r/20240109214828.252092-4-tj@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/kernfs/dir.c | 31 ++++++++++++++++++++-----------
fs/kernfs/kernfs-internal.h | 2 ++
include/linux/kernfs.h | 2 ++
3 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
index 62d39ecf0a466..2405aeb39b9a2 100644
--- a/fs/kernfs/dir.c
+++ b/fs/kernfs/dir.c
@@ -529,6 +529,20 @@ void kernfs_get(struct kernfs_node *kn)
}
EXPORT_SYMBOL_GPL(kernfs_get);
+static void kernfs_free_rcu(struct rcu_head *rcu)
+{
+ struct kernfs_node *kn = container_of(rcu, struct kernfs_node, rcu);
+
+ kfree_const(kn->name);
+
+ if (kn->iattr) {
+ simple_xattrs_free(&kn->iattr->xattrs, NULL);
+ kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
+ }
+
+ kmem_cache_free(kernfs_node_cache, kn);
+}
+
/**
* kernfs_put - put a reference count on a kernfs_node
* @kn: the target kernfs_node
@@ -557,16 +571,11 @@ void kernfs_put(struct kernfs_node *kn)
if (kernfs_type(kn) == KERNFS_LINK)
kernfs_put(kn->symlink.target_kn);
- kfree_const(kn->name);
-
- if (kn->iattr) {
- simple_xattrs_free(&kn->iattr->xattrs, NULL);
- kmem_cache_free(kernfs_iattrs_cache, kn->iattr);
- }
spin_lock(&kernfs_idr_lock);
idr_remove(&root->ino_idr, (u32)kernfs_ino(kn));
spin_unlock(&kernfs_idr_lock);
- kmem_cache_free(kernfs_node_cache, kn);
+
+ call_rcu(&kn->rcu, kernfs_free_rcu);
kn = parent;
if (kn) {
@@ -575,7 +584,7 @@ void kernfs_put(struct kernfs_node *kn)
} else {
/* just released the root kn, free @root too */
idr_destroy(&root->ino_idr);
- kfree(root);
+ kfree_rcu(root, rcu);
}
}
EXPORT_SYMBOL_GPL(kernfs_put);
@@ -715,7 +724,7 @@ struct kernfs_node *kernfs_find_and_get_node_by_id(struct kernfs_root *root,
ino_t ino = kernfs_id_ino(id);
u32 gen = kernfs_id_gen(id);
- spin_lock(&kernfs_idr_lock);
+ rcu_read_lock();
kn = idr_find(&root->ino_idr, (u32)ino);
if (!kn)
@@ -739,10 +748,10 @@ struct kernfs_node *kernfs_find_and_get_node_by_id(struct kernfs_root *root,
if (unlikely(!__kernfs_active(kn) || !atomic_inc_not_zero(&kn->count)))
goto err_unlock;
- spin_unlock(&kernfs_idr_lock);
+ rcu_read_unlock();
return kn;
err_unlock:
- spin_unlock(&kernfs_idr_lock);
+ rcu_read_unlock();
return NULL;
}
diff --git a/fs/kernfs/kernfs-internal.h b/fs/kernfs/kernfs-internal.h
index a9b854cdfdb5f..210dac7e9ee25 100644
--- a/fs/kernfs/kernfs-internal.h
+++ b/fs/kernfs/kernfs-internal.h
@@ -49,6 +49,8 @@ struct kernfs_root {
struct rw_semaphore kernfs_rwsem;
struct rw_semaphore kernfs_iattr_rwsem;
struct rw_semaphore kernfs_supers_rwsem;
+
+ struct rcu_head rcu;
};
/* +1 to avoid triggering overflow warning when negating it */
diff --git a/include/linux/kernfs.h b/include/linux/kernfs.h
index 2a36f3218b510..5a952d00ea159 100644
--- a/include/linux/kernfs.h
+++ b/include/linux/kernfs.h
@@ -223,6 +223,8 @@ struct kernfs_node {
unsigned short flags;
umode_t mode;
struct kernfs_iattrs *iattr;
+
+ struct rcu_head rcu;
};
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 089/114] usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 088/114] kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 090/114] usb: typec: ucsi: Limit read size on v1.2 Greg Kroah-Hartman
` (35 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Grzeschik, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Grzeschik <m.grzeschik@pengutronix.de>
[ Upstream commit 2a3b7af120477d0571b815ccb8600cafd5ebf02f ]
If an frame was transmitted incomplete to the host, we set the
UVC_STREAM_ERR bit in the header for the last request that is going
to be queued. This way the host will know that it should drop the
frame instead of trying to display the corrupted content.
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20240214-uvc-error-tag-v1-2-37659a3877fe@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/function/uvc_video.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c
index 91af3b1ef0d41..281e75027b344 100644
--- a/drivers/usb/gadget/function/uvc_video.c
+++ b/drivers/usb/gadget/function/uvc_video.c
@@ -35,6 +35,9 @@ uvc_video_encode_header(struct uvc_video *video, struct uvc_buffer *buf,
data[1] = UVC_STREAM_EOH | video->fid;
+ if (video->queue.flags & UVC_QUEUE_DROP_INCOMPLETE)
+ data[1] |= UVC_STREAM_ERR;
+
if (video->queue.buf_used == 0 && ts.tv_sec) {
/* dwClockFrequency is 48 MHz */
u32 pts = ((u64)ts.tv_sec * USEC_PER_SEC + ts.tv_nsec / NSEC_PER_USEC) * 48;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 090/114] usb: typec: ucsi: Limit read size on v1.2
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 089/114] usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 091/114] thunderbolt: Keep the domain powered when USB4 port is in redrive mode Greg Kroah-Hartman
` (34 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Armstrong, Prashant Malani,
Heikki Krogerus, Abhishek Pandit-Subedi, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
[ Upstream commit b3db266fb031fba88c423d4bb8983a73a3db6527 ]
Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was
increased from 16 to 256. In order to avoid overflowing reads for older
systems, add a mechanism to use the read UCSI version to truncate read
sizes on UCSI v1.2.
Tested-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Prashant Malani <pmalani@chromium.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Link: https://lore.kernel.org/r/20240209143723.v5.1.Iacf5570a66b82b73ef03daa6557e2fc0db10266a@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/ucsi/ucsi.c | 26 ++++++++++++++++++++++++--
drivers/usb/typec/ucsi/ucsi.h | 11 +++++++++++
2 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c
index 70d9f4eebf1a7..c4f5ee171cdeb 100644
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -36,6 +36,19 @@
*/
#define UCSI_SWAP_TIMEOUT_MS 5000
+static int ucsi_read_message_in(struct ucsi *ucsi, void *buf,
+ size_t buf_size)
+{
+ /*
+ * Below UCSI 2.0, MESSAGE_IN was limited to 16 bytes. Truncate the
+ * reads here.
+ */
+ if (ucsi->version <= UCSI_VERSION_1_2)
+ buf_size = clamp(buf_size, 0, 16);
+
+ return ucsi->ops->read(ucsi, UCSI_MESSAGE_IN, buf, buf_size);
+}
+
static int ucsi_acknowledge_command(struct ucsi *ucsi)
{
u64 ctrl;
@@ -72,7 +85,7 @@ static int ucsi_read_error(struct ucsi *ucsi)
if (ret < 0)
return ret;
- ret = ucsi->ops->read(ucsi, UCSI_MESSAGE_IN, &error, sizeof(error));
+ ret = ucsi_read_message_in(ucsi, &error, sizeof(error));
if (ret)
return ret;
@@ -174,7 +187,7 @@ int ucsi_send_command(struct ucsi *ucsi, u64 command,
length = ret;
if (data) {
- ret = ucsi->ops->read(ucsi, UCSI_MESSAGE_IN, data, size);
+ ret = ucsi_read_message_in(ucsi, data, size);
if (ret)
goto out;
}
@@ -1593,6 +1606,15 @@ int ucsi_register(struct ucsi *ucsi)
if (!ucsi->version)
return -ENODEV;
+ /*
+ * Version format is JJ.M.N (JJ = Major version, M = Minor version,
+ * N = sub-minor version).
+ */
+ dev_dbg(ucsi->dev, "Registered UCSI interface with version %x.%x.%x",
+ UCSI_BCD_GET_MAJOR(ucsi->version),
+ UCSI_BCD_GET_MINOR(ucsi->version),
+ UCSI_BCD_GET_SUBMINOR(ucsi->version));
+
queue_delayed_work(system_long_wq, &ucsi->work, 0);
ucsi_debugfs_register(ucsi);
diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
index 13ec976b1c747..2a886e58cd632 100644
--- a/drivers/usb/typec/ucsi/ucsi.h
+++ b/drivers/usb/typec/ucsi/ucsi.h
@@ -23,6 +23,17 @@ struct dentry;
#define UCSI_CONTROL 8
#define UCSI_MESSAGE_IN 16
#define UCSI_MESSAGE_OUT 32
+#define UCSIv2_MESSAGE_OUT 272
+
+/* UCSI versions */
+#define UCSI_VERSION_1_2 0x0120
+#define UCSI_VERSION_2_0 0x0200
+#define UCSI_VERSION_2_1 0x0210
+#define UCSI_VERSION_3_0 0x0300
+
+#define UCSI_BCD_GET_MAJOR(_v_) (((_v_) >> 8) & 0xFF)
+#define UCSI_BCD_GET_MINOR(_v_) (((_v_) >> 4) & 0x0F)
+#define UCSI_BCD_GET_SUBMINOR(_v_) ((_v_) & 0x0F)
/* Command Status and Connector Change Indication (CCI) bits */
#define UCSI_CCI_CONNECTOR(_c_) (((_c_) & GENMASK(7, 1)) >> 1)
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 091/114] thunderbolt: Keep the domain powered when USB4 port is in redrive mode
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 090/114] usb: typec: ucsi: Limit read size on v1.2 Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 092/114] usb: typec: tcpci: add generic tcpci fallback compatible Greg Kroah-Hartman
` (33 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Mika Westerberg, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mika Westerberg <mika.westerberg@linux.intel.com>
[ Upstream commit a75e0684efe567ae5f6a8e91a8360c4c1773cf3a ]
If a DiplayPort cable is directly connected to the host routers USB4
port, there is no tunnel involved but the port is in "redrive" mode
meaning that it is re-driving the DisplayPort signals from its
DisplayPort source. In this case we need to keep the domain powered on
otherwise once the domain enters D3cold the connected monitor blanks
too.
Since this happens only on Intel Barlow Ridge add a quirk that takes
runtime PM reference if we detect that the USB4 port entered redrive
mode (and release it once it exits the mode).
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thunderbolt/quirks.c | 14 +++++++++++
drivers/thunderbolt/tb.c | 49 +++++++++++++++++++++++++++++++++++-
drivers/thunderbolt/tb.h | 4 +++
3 files changed, 66 insertions(+), 1 deletion(-)
diff --git a/drivers/thunderbolt/quirks.c b/drivers/thunderbolt/quirks.c
index e6bfa63b40aee..e81de9c30eac9 100644
--- a/drivers/thunderbolt/quirks.c
+++ b/drivers/thunderbolt/quirks.c
@@ -43,6 +43,12 @@ static void quirk_usb3_maximum_bandwidth(struct tb_switch *sw)
}
}
+static void quirk_block_rpm_in_redrive(struct tb_switch *sw)
+{
+ sw->quirks |= QUIRK_KEEP_POWER_IN_DP_REDRIVE;
+ tb_sw_dbg(sw, "preventing runtime PM in DP redrive mode\n");
+}
+
struct tb_quirk {
u16 hw_vendor_id;
u16 hw_device_id;
@@ -86,6 +92,14 @@ static const struct tb_quirk tb_quirks[] = {
quirk_usb3_maximum_bandwidth },
{ 0x8087, PCI_DEVICE_ID_INTEL_BARLOW_RIDGE_HUB_40G_BRIDGE, 0x0000, 0x0000,
quirk_usb3_maximum_bandwidth },
+ /*
+ * Block Runtime PM in DP redrive mode for Intel Barlow Ridge host
+ * controllers.
+ */
+ { 0x8087, PCI_DEVICE_ID_INTEL_BARLOW_RIDGE_HOST_80G_NHI, 0x0000, 0x0000,
+ quirk_block_rpm_in_redrive },
+ { 0x8087, PCI_DEVICE_ID_INTEL_BARLOW_RIDGE_HOST_40G_NHI, 0x0000, 0x0000,
+ quirk_block_rpm_in_redrive },
/*
* CLx is not supported on AMD USB4 Yellow Carp and Pink Sardine platforms.
*/
diff --git a/drivers/thunderbolt/tb.c b/drivers/thunderbolt/tb.c
index 27bd6ca6f99e4..ecfb5714e822d 100644
--- a/drivers/thunderbolt/tb.c
+++ b/drivers/thunderbolt/tb.c
@@ -1416,6 +1416,49 @@ static void tb_tunnel_dp(struct tb *tb)
pm_runtime_put_autosuspend(&in->sw->dev);
}
+static void tb_enter_redrive(struct tb_port *port)
+{
+ struct tb_switch *sw = port->sw;
+
+ if (!(sw->quirks & QUIRK_KEEP_POWER_IN_DP_REDRIVE))
+ return;
+
+ /*
+ * If we get hot-unplug for the DP IN port of the host router
+ * and the DP resource is not available anymore it means there
+ * is a monitor connected directly to the Type-C port and we are
+ * in "redrive" mode. For this to work we cannot enter RTD3 so
+ * we bump up the runtime PM reference count here.
+ */
+ if (!tb_port_is_dpin(port))
+ return;
+ if (tb_route(sw))
+ return;
+ if (!tb_switch_query_dp_resource(sw, port)) {
+ port->redrive = true;
+ pm_runtime_get(&sw->dev);
+ tb_port_dbg(port, "enter redrive mode, keeping powered\n");
+ }
+}
+
+static void tb_exit_redrive(struct tb_port *port)
+{
+ struct tb_switch *sw = port->sw;
+
+ if (!(sw->quirks & QUIRK_KEEP_POWER_IN_DP_REDRIVE))
+ return;
+
+ if (!tb_port_is_dpin(port))
+ return;
+ if (tb_route(sw))
+ return;
+ if (port->redrive && tb_switch_query_dp_resource(sw, port)) {
+ port->redrive = false;
+ pm_runtime_put(&sw->dev);
+ tb_port_dbg(port, "exit redrive mode\n");
+ }
+}
+
static void tb_dp_resource_unavailable(struct tb *tb, struct tb_port *port)
{
struct tb_port *in, *out;
@@ -1432,7 +1475,10 @@ static void tb_dp_resource_unavailable(struct tb *tb, struct tb_port *port)
}
tunnel = tb_find_tunnel(tb, TB_TUNNEL_DP, in, out);
- tb_deactivate_and_free_tunnel(tunnel);
+ if (tunnel)
+ tb_deactivate_and_free_tunnel(tunnel);
+ else
+ tb_enter_redrive(port);
list_del_init(&port->list);
/*
@@ -1459,6 +1505,7 @@ static void tb_dp_resource_available(struct tb *tb, struct tb_port *port)
tb_port_dbg(port, "DP %s resource available\n",
tb_port_is_dpin(port) ? "IN" : "OUT");
list_add_tail(&port->list, &tcm->dp_resources);
+ tb_exit_redrive(port);
/* Look for suitable DP IN <-> DP OUT pairs now */
tb_tunnel_dp(tb);
diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h
index d2a55ad2fd3e6..4893d2c7ac968 100644
--- a/drivers/thunderbolt/tb.h
+++ b/drivers/thunderbolt/tb.h
@@ -23,6 +23,8 @@
#define QUIRK_FORCE_POWER_LINK_CONTROLLER BIT(0)
/* Disable CLx if not supported */
#define QUIRK_NO_CLX BIT(1)
+/* Need to keep power on while USB4 port is in redrive mode */
+#define QUIRK_KEEP_POWER_IN_DP_REDRIVE BIT(2)
/**
* struct tb_nvm - Structure holding NVM information
@@ -261,6 +263,7 @@ struct tb_bandwidth_group {
* @group_list: The adapter is linked to the group's list of ports through this
* @max_bw: Maximum possible bandwidth through this adapter if set to
* non-zero.
+ * @redrive: For DP IN, if true the adapter is in redrive mode.
*
* In USB4 terminology this structure represents an adapter (protocol or
* lane adapter).
@@ -289,6 +292,7 @@ struct tb_port {
struct tb_bandwidth_group *group;
struct list_head group_list;
unsigned int max_bw;
+ bool redrive;
};
/**
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 092/114] usb: typec: tcpci: add generic tcpci fallback compatible
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 091/114] thunderbolt: Keep the domain powered when USB4 port is in redrive mode Greg Kroah-Hartman
@ 2024-04-11 9:56 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 093/114] usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Greg Kroah-Hartman
` (32 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:56 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Marco Felsch, Heikki Krogerus,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marco Felsch <m.felsch@pengutronix.de>
[ Upstream commit 8774ea7a553e2aec323170d49365b59af0a2b7e0 ]
The driver already support the tcpci binding for the i2c_device_id so
add the support for the of_device_id too.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20240222210903.208901-3-m.felsch@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/tcpm/tcpci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c
index 0ee3e6e29bb17..7118551827f6a 100644
--- a/drivers/usb/typec/tcpm/tcpci.c
+++ b/drivers/usb/typec/tcpm/tcpci.c
@@ -889,6 +889,7 @@ MODULE_DEVICE_TABLE(i2c, tcpci_id);
#ifdef CONFIG_OF
static const struct of_device_id tcpci_of_match[] = {
{ .compatible = "nxp,ptn5110", },
+ { .compatible = "tcpci", },
{},
};
MODULE_DEVICE_TABLE(of, tcpci_of_match);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 093/114] usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2024-04-11 9:56 ` [PATCH 6.6 092/114] usb: typec: tcpci: add generic tcpci fallback compatible Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 094/114] ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Greg Kroah-Hartman
` (31 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Colin Ian King, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Colin Ian King <colin.i.king@gmail.com>
[ Upstream commit 12f371e2b6cb4b79c788f1f073992e115f4ca918 ]
Function checkdone is only required if QUIRK2 is defined, so add
appropriate #if / #endif around the function.
Cleans up clang scan build warning:
drivers/usb/host/sl811-hcd.c:588:18: warning: unused function
'checkdone' [-Wunused-function]
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20240307111351.1982382-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/sl811-hcd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/host/sl811-hcd.c b/drivers/usb/host/sl811-hcd.c
index 0956495bba575..2b871540bb500 100644
--- a/drivers/usb/host/sl811-hcd.c
+++ b/drivers/usb/host/sl811-hcd.c
@@ -585,6 +585,7 @@ done(struct sl811 *sl811, struct sl811h_ep *ep, u8 bank)
finish_request(sl811, ep, urb, urbstat);
}
+#ifdef QUIRK2
static inline u8 checkdone(struct sl811 *sl811)
{
u8 ctl;
@@ -616,6 +617,7 @@ static inline u8 checkdone(struct sl811 *sl811)
#endif
return irqstat;
}
+#endif
static irqreturn_t sl811h_irq(struct usb_hcd *hcd)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 094/114] ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 093/114] usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 095/114] thermal/of: Assume polling-delay(-passive) 0 when absent Greg Kroah-Hartman
` (30 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Mitch Cooley, Mark Brown,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: M Cooley <m.cooley.198@gmail.com>
[ Upstream commit db185362fca554b201e2c62beb15a02bb39a064b ]
The ASUS M7600RE (Vivobook Pro 16X OLED) needs a quirks-table entry for the
internal microphone to function properly.
Signed-off-by: Mitch Cooley <m.cooley.198@gmail.com>
Link: https://msgid.link/r/CALijGznExWW4fujNWwMzmn_K=wo96sGzV_2VkT7NjvEUdkg7Gw@mail.gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c
index 1d1452c29ed02..69c68d8e7a6b5 100644
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -311,6 +311,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "E1504FA"),
}
},
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK COMPUTER INC."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "M7600RE"),
+ }
+ },
{
.driver_data = &acp6x_card,
.matches = {
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 095/114] thermal/of: Assume polling-delay(-passive) 0 when absent
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 094/114] ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 096/114] ASoC: soc-core.c: Skip dummy codec when adding platforms Greg Kroah-Hartman
` (29 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Bjorn Andersson, Konrad Dybcio,
Dmitry Baryshkov, Daniel Lezcano, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@linaro.org>
[ Upstream commit 488164006a281986d95abbc4b26e340c19c4c85b ]
Currently, thermal zones associated with providers that have interrupts
for signaling hot/critical trips are required to set a polling-delay
of 0 to indicate no polling. This feels a bit backwards.
Change the code such that "no polling delay" also means "no polling".
Suggested-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20240125-topic-thermal-v1-2-3c9d4dced138@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/thermal_of.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c
index 1e0655b63259f..d5174f11b91c2 100644
--- a/drivers/thermal/thermal_of.c
+++ b/drivers/thermal/thermal_of.c
@@ -225,14 +225,18 @@ static int thermal_of_monitor_init(struct device_node *np, int *delay, int *pdel
int ret;
ret = of_property_read_u32(np, "polling-delay-passive", pdelay);
- if (ret < 0) {
- pr_err("%pOFn: missing polling-delay-passive property\n", np);
+ if (ret == -EINVAL) {
+ *pdelay = 0;
+ } else if (ret < 0) {
+ pr_err("%pOFn: Couldn't get polling-delay-passive: %d\n", np, ret);
return ret;
}
ret = of_property_read_u32(np, "polling-delay", delay);
- if (ret < 0) {
- pr_err("%pOFn: missing polling-delay property\n", np);
+ if (ret == -EINVAL) {
+ *delay = 0;
+ } else if (ret < 0) {
+ pr_err("%pOFn: Couldn't get polling-delay: %d\n", np, ret);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 096/114] ASoC: soc-core.c: Skip dummy codec when adding platforms
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 095/114] thermal/of: Assume polling-delay(-passive) 0 when absent Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 097/114] x86/xen: attempt to inflate the memory balloon on PVH Greg Kroah-Hartman
` (28 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhipeng Wang, Chancel Liu,
Mark Brown, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chancel Liu <chancel.liu@nxp.com>
[ Upstream commit 23fb6bc2696119391ec3a92ccaffe50e567c515e ]
When pcm_runtime is adding platform components it will scan all
registered components. In case of DPCM FE/BE some DAI links will
configure dummy platform. However both dummy codec and dummy platform
are using "snd-soc-dummy" as component->name. Dummy codec should be
skipped when adding platforms otherwise there'll be overflow and UBSAN
complains.
Reported-by: Zhipeng Wang <zhipeng.wang_1@nxp.com>
Signed-off-by: Chancel Liu <chancel.liu@nxp.com>
Link: https://msgid.link/r/20240305065606.3778642-1-chancel.liu@nxp.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/soc-core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
index 9de98c01d8151..e65fe3a7c3e42 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -1105,6 +1105,9 @@ static int snd_soc_add_pcm_runtime(struct snd_soc_card *card,
if (!snd_soc_is_matching_component(platform, component))
continue;
+ if (snd_soc_component_is_dummy(component) && component->num_dai)
+ continue;
+
snd_soc_rtd_add_component(rtd, component);
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 097/114] x86/xen: attempt to inflate the memory balloon on PVH
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 096/114] ASoC: soc-core.c: Skip dummy codec when adding platforms Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 098/114] fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Greg Kroah-Hartman
` (27 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Roger Pau Monné, Juergen Gross,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Pau Monne <roger.pau@citrix.com>
[ Upstream commit 38620fc4e8934f1801c7811ef39a041914ac4c1d ]
When running as PVH or HVM Linux will use holes in the memory map as scratch
space to map grants, foreign domain pages and possibly miscellaneous other
stuff. However the usage of such memory map holes for Xen purposes can be
problematic. The request of holesby Xen happen quite early in the kernel boot
process (grant table setup already uses scratch map space), and it's possible
that by then not all devices have reclaimed their MMIO space. It's not
unlikely for chunks of Xen scratch map space to end up using PCI bridge MMIO
window memory, which (as expected) causes quite a lot of issues in the system.
At least for PVH dom0 we have the possibility of using regions marked as
UNUSABLE in the e820 memory map. Either if the region is UNUSABLE in the
native memory map, or it has been converted into UNUSABLE in order to hide RAM
regions from dom0, the second stage translation page-tables can populate those
areas without issues.
PV already has this kind of logic, where the balloon driver is inflated at
boot. Re-use the current logic in order to also inflate it when running as
PVH. onvert UNUSABLE regions up to the ratio specified in EXTRA_MEM_RATIO to
RAM, while reserving them using xen_add_extra_mem() (which is also moved so
it's no longer tied to CONFIG_PV).
[jgross: fixed build for CONFIG_PVH without CONFIG_XEN_PVH]
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20240220174341.56131-1-roger.pau@citrix.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/xen/hypervisor.h | 5 ++
arch/x86/platform/pvh/enlighten.c | 3 ++
arch/x86/xen/enlighten.c | 32 +++++++++++++
arch/x86/xen/enlighten_pvh.c | 68 +++++++++++++++++++++++++++
arch/x86/xen/setup.c | 44 -----------------
arch/x86/xen/xen-ops.h | 14 ++++++
drivers/xen/balloon.c | 2 -
7 files changed, 122 insertions(+), 46 deletions(-)
diff --git a/arch/x86/include/asm/xen/hypervisor.h b/arch/x86/include/asm/xen/hypervisor.h
index a9088250770f2..64fbd2dbc5b76 100644
--- a/arch/x86/include/asm/xen/hypervisor.h
+++ b/arch/x86/include/asm/xen/hypervisor.h
@@ -62,6 +62,11 @@ void xen_arch_unregister_cpu(int num);
#ifdef CONFIG_PVH
void __init xen_pvh_init(struct boot_params *boot_params);
void __init mem_map_via_hcall(struct boot_params *boot_params_p);
+#ifdef CONFIG_XEN_PVH
+void __init xen_reserve_extra_memory(struct boot_params *bootp);
+#else
+static inline void xen_reserve_extra_memory(struct boot_params *bootp) { }
+#endif
#endif
/* Lazy mode for batching updates / context switch */
diff --git a/arch/x86/platform/pvh/enlighten.c b/arch/x86/platform/pvh/enlighten.c
index 00a92cb2c8147..a12117f3d4de7 100644
--- a/arch/x86/platform/pvh/enlighten.c
+++ b/arch/x86/platform/pvh/enlighten.c
@@ -74,6 +74,9 @@ static void __init init_pvh_bootparams(bool xen_guest)
} else
xen_raw_printk("Warning: Can fit ISA range into e820\n");
+ if (xen_guest)
+ xen_reserve_extra_memory(&pvh_bootparams);
+
pvh_bootparams.hdr.cmd_line_ptr =
pvh_start_info.cmdline_paddr;
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 3c61bb98c10e2..a01ca255b0c64 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -6,6 +6,7 @@
#include <linux/console.h>
#include <linux/cpu.h>
#include <linux/kexec.h>
+#include <linux/memblock.h>
#include <linux/slab.h>
#include <linux/panic_notifier.h>
@@ -350,3 +351,34 @@ void xen_arch_unregister_cpu(int num)
}
EXPORT_SYMBOL(xen_arch_unregister_cpu);
#endif
+
+/* Amount of extra memory space we add to the e820 ranges */
+struct xen_memory_region xen_extra_mem[XEN_EXTRA_MEM_MAX_REGIONS] __initdata;
+
+void __init xen_add_extra_mem(unsigned long start_pfn, unsigned long n_pfns)
+{
+ unsigned int i;
+
+ /*
+ * No need to check for zero size, should happen rarely and will only
+ * write a new entry regarded to be unused due to zero size.
+ */
+ for (i = 0; i < XEN_EXTRA_MEM_MAX_REGIONS; i++) {
+ /* Add new region. */
+ if (xen_extra_mem[i].n_pfns == 0) {
+ xen_extra_mem[i].start_pfn = start_pfn;
+ xen_extra_mem[i].n_pfns = n_pfns;
+ break;
+ }
+ /* Append to existing region. */
+ if (xen_extra_mem[i].start_pfn + xen_extra_mem[i].n_pfns ==
+ start_pfn) {
+ xen_extra_mem[i].n_pfns += n_pfns;
+ break;
+ }
+ }
+ if (i == XEN_EXTRA_MEM_MAX_REGIONS)
+ printk(KERN_WARNING "Warning: not enough extra memory regions\n");
+
+ memblock_reserve(PFN_PHYS(start_pfn), PFN_PHYS(n_pfns));
+}
diff --git a/arch/x86/xen/enlighten_pvh.c b/arch/x86/xen/enlighten_pvh.c
index ada3868c02c23..c28f073c1df52 100644
--- a/arch/x86/xen/enlighten_pvh.c
+++ b/arch/x86/xen/enlighten_pvh.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/acpi.h>
#include <linux/export.h>
+#include <linux/mm.h>
#include <xen/hvc-console.h>
@@ -72,3 +73,70 @@ void __init mem_map_via_hcall(struct boot_params *boot_params_p)
}
boot_params_p->e820_entries = memmap.nr_entries;
}
+
+/*
+ * Reserve e820 UNUSABLE regions to inflate the memory balloon.
+ *
+ * On PVH dom0 the host memory map is used, RAM regions available to dom0 are
+ * located as the same place as in the native memory map, but since dom0 gets
+ * less memory than the total amount of host RAM the ranges that can't be
+ * populated are converted from RAM -> UNUSABLE. Use such regions (up to the
+ * ratio signaled in EXTRA_MEM_RATIO) in order to inflate the balloon driver at
+ * boot. Doing so prevents the guest (even if just temporary) from using holes
+ * in the memory map in order to map grants or foreign addresses, and
+ * hopefully limits the risk of a clash with a device MMIO region. Ideally the
+ * hypervisor should notify us which memory ranges are suitable for creating
+ * foreign mappings, but that's not yet implemented.
+ */
+void __init xen_reserve_extra_memory(struct boot_params *bootp)
+{
+ unsigned int i, ram_pages = 0, extra_pages;
+
+ for (i = 0; i < bootp->e820_entries; i++) {
+ struct boot_e820_entry *e = &bootp->e820_table[i];
+
+ if (e->type != E820_TYPE_RAM)
+ continue;
+ ram_pages += PFN_DOWN(e->addr + e->size) - PFN_UP(e->addr);
+ }
+
+ /* Max amount of extra memory. */
+ extra_pages = EXTRA_MEM_RATIO * ram_pages;
+
+ /*
+ * Convert UNUSABLE ranges to RAM and reserve them for foreign mapping
+ * purposes.
+ */
+ for (i = 0; i < bootp->e820_entries && extra_pages; i++) {
+ struct boot_e820_entry *e = &bootp->e820_table[i];
+ unsigned long pages;
+
+ if (e->type != E820_TYPE_UNUSABLE)
+ continue;
+
+ pages = min(extra_pages,
+ PFN_DOWN(e->addr + e->size) - PFN_UP(e->addr));
+
+ if (pages != (PFN_DOWN(e->addr + e->size) - PFN_UP(e->addr))) {
+ struct boot_e820_entry *next;
+
+ if (bootp->e820_entries ==
+ ARRAY_SIZE(bootp->e820_table))
+ /* No space left to split - skip region. */
+ continue;
+
+ /* Split entry. */
+ next = e + 1;
+ memmove(next, e,
+ (bootp->e820_entries - i) * sizeof(*e));
+ bootp->e820_entries++;
+ next->addr = PAGE_ALIGN(e->addr) + PFN_PHYS(pages);
+ e->size = next->addr - e->addr;
+ next->size -= e->size;
+ }
+ e->type = E820_TYPE_RAM;
+ extra_pages -= pages;
+
+ xen_add_extra_mem(PFN_UP(e->addr), pages);
+ }
+}
diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index b3e37961065a2..380591028cb8f 100644
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -38,9 +38,6 @@
#define GB(x) ((uint64_t)(x) * 1024 * 1024 * 1024)
-/* Amount of extra memory space we add to the e820 ranges */
-struct xen_memory_region xen_extra_mem[XEN_EXTRA_MEM_MAX_REGIONS] __initdata;
-
/* Number of pages released from the initial allocation. */
unsigned long xen_released_pages;
@@ -64,18 +61,6 @@ static struct {
} xen_remap_buf __initdata __aligned(PAGE_SIZE);
static unsigned long xen_remap_mfn __initdata = INVALID_P2M_ENTRY;
-/*
- * The maximum amount of extra memory compared to the base size. The
- * main scaling factor is the size of struct page. At extreme ratios
- * of base:extra, all the base memory can be filled with page
- * structures for the extra memory, leaving no space for anything
- * else.
- *
- * 10x seems like a reasonable balance between scaling flexibility and
- * leaving a practically usable system.
- */
-#define EXTRA_MEM_RATIO (10)
-
static bool xen_512gb_limit __initdata = IS_ENABLED(CONFIG_XEN_512GB);
static void __init xen_parse_512gb(void)
@@ -96,35 +81,6 @@ static void __init xen_parse_512gb(void)
xen_512gb_limit = val;
}
-static void __init xen_add_extra_mem(unsigned long start_pfn,
- unsigned long n_pfns)
-{
- int i;
-
- /*
- * No need to check for zero size, should happen rarely and will only
- * write a new entry regarded to be unused due to zero size.
- */
- for (i = 0; i < XEN_EXTRA_MEM_MAX_REGIONS; i++) {
- /* Add new region. */
- if (xen_extra_mem[i].n_pfns == 0) {
- xen_extra_mem[i].start_pfn = start_pfn;
- xen_extra_mem[i].n_pfns = n_pfns;
- break;
- }
- /* Append to existing region. */
- if (xen_extra_mem[i].start_pfn + xen_extra_mem[i].n_pfns ==
- start_pfn) {
- xen_extra_mem[i].n_pfns += n_pfns;
- break;
- }
- }
- if (i == XEN_EXTRA_MEM_MAX_REGIONS)
- printk(KERN_WARNING "Warning: not enough extra memory regions\n");
-
- memblock_reserve(PFN_PHYS(start_pfn), PFN_PHYS(n_pfns));
-}
-
static void __init xen_del_extra_mem(unsigned long start_pfn,
unsigned long n_pfns)
{
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index a87ab36889e76..79cf93f2c92f1 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -163,4 +163,18 @@ void xen_hvm_post_suspend(int suspend_cancelled);
static inline void xen_hvm_post_suspend(int suspend_cancelled) {}
#endif
+/*
+ * The maximum amount of extra memory compared to the base size. The
+ * main scaling factor is the size of struct page. At extreme ratios
+ * of base:extra, all the base memory can be filled with page
+ * structures for the extra memory, leaving no space for anything
+ * else.
+ *
+ * 10x seems like a reasonable balance between scaling flexibility and
+ * leaving a practically usable system.
+ */
+#define EXTRA_MEM_RATIO (10)
+
+void xen_add_extra_mem(unsigned long start_pfn, unsigned long n_pfns);
+
#endif /* XEN_OPS_H */
diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
index 586a1673459eb..db61bcb3aab17 100644
--- a/drivers/xen/balloon.c
+++ b/drivers/xen/balloon.c
@@ -673,7 +673,6 @@ EXPORT_SYMBOL(xen_free_ballooned_pages);
static void __init balloon_add_regions(void)
{
-#if defined(CONFIG_XEN_PV)
unsigned long start_pfn, pages;
unsigned long pfn, extra_pfn_end;
unsigned int i;
@@ -697,7 +696,6 @@ static void __init balloon_add_regions(void)
balloon_stats.total_pages += extra_pfn_end - start_pfn;
}
-#endif
}
static int __init balloon_init(void)
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 098/114] fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 097/114] x86/xen: attempt to inflate the memory balloon on PVH Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 099/114] io_uring: clear opcode specific data for an early failure Greg Kroah-Hartman
` (26 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksandr Burakov, Helge Deller,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksandr Burakov <a.burakov@rosalinux.ru>
[ Upstream commit bc87bb342f106a0402186bcb588fcbe945dced4b ]
There are some actions with value 'tmp' but 'dst_addr' is checked instead.
It is obvious that a copy-paste error was made here and the value
of variable 'tmp' should be checked here.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Aleksandr Burakov <a.burakov@rosalinux.ru>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/via/accel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/video/fbdev/via/accel.c b/drivers/video/fbdev/via/accel.c
index 0a1bc7a4d7853..1e04026f08091 100644
--- a/drivers/video/fbdev/via/accel.c
+++ b/drivers/video/fbdev/via/accel.c
@@ -115,7 +115,7 @@ static int hw_bitblt_1(void __iomem *engine, u8 op, u32 width, u32 height,
if (op != VIA_BITBLT_FILL) {
tmp = src_mem ? 0 : src_addr;
- if (dst_addr & 0xE0000007) {
+ if (tmp & 0xE0000007) {
printk(KERN_WARNING "hw_bitblt_1: Unsupported source "
"address %X\n", tmp);
return -EINVAL;
@@ -260,7 +260,7 @@ static int hw_bitblt_2(void __iomem *engine, u8 op, u32 width, u32 height,
writel(tmp, engine + 0x18);
tmp = src_mem ? 0 : src_addr;
- if (dst_addr & 0xE0000007) {
+ if (tmp & 0xE0000007) {
printk(KERN_WARNING "hw_bitblt_2: Unsupported source "
"address %X\n", tmp);
return -EINVAL;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 099/114] io_uring: clear opcode specific data for an early failure
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 098/114] fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 100/114] modpost: fix null pointer dereference Greg Kroah-Hartman
` (25 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jens Axboe, Sasha Levin,
syzbot+f8e9a371388aa62ecab4
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit e21e1c45e1fe2e31732f40256b49c04e76a17cee ]
If failure happens before the opcode prep handler is called, ensure that
we clear the opcode specific area of the request, which holds data
specific to that request type. This prevents errors where opcode
handlers either don't get to clear per-request private data since prep
isn't even called.
Reported-and-tested-by: syzbot+f8e9a371388aa62ecab4@syzkaller.appspotmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/io_uring.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index 2c0a9a98272ca..62ff7cee5db5f 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2117,6 +2117,13 @@ static void io_init_req_drain(struct io_kiocb *req)
}
}
+static __cold int io_init_fail_req(struct io_kiocb *req, int err)
+{
+ /* ensure per-opcode data is cleared if we fail before prep */
+ memset(&req->cmd.data, 0, sizeof(req->cmd.data));
+ return err;
+}
+
static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
const struct io_uring_sqe *sqe)
__must_hold(&ctx->uring_lock)
@@ -2137,29 +2144,29 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
if (unlikely(opcode >= IORING_OP_LAST)) {
req->opcode = 0;
- return -EINVAL;
+ return io_init_fail_req(req, -EINVAL);
}
def = &io_issue_defs[opcode];
if (unlikely(sqe_flags & ~SQE_COMMON_FLAGS)) {
/* enforce forwards compatibility on users */
if (sqe_flags & ~SQE_VALID_FLAGS)
- return -EINVAL;
+ return io_init_fail_req(req, -EINVAL);
if (sqe_flags & IOSQE_BUFFER_SELECT) {
if (!def->buffer_select)
- return -EOPNOTSUPP;
+ return io_init_fail_req(req, -EOPNOTSUPP);
req->buf_index = READ_ONCE(sqe->buf_group);
}
if (sqe_flags & IOSQE_CQE_SKIP_SUCCESS)
ctx->drain_disabled = true;
if (sqe_flags & IOSQE_IO_DRAIN) {
if (ctx->drain_disabled)
- return -EOPNOTSUPP;
+ return io_init_fail_req(req, -EOPNOTSUPP);
io_init_req_drain(req);
}
}
if (unlikely(ctx->restricted || ctx->drain_active || ctx->drain_next)) {
if (ctx->restricted && !io_check_restriction(ctx, req, sqe_flags))
- return -EACCES;
+ return io_init_fail_req(req, -EACCES);
/* knock it to the slow queue path, will be drained there */
if (ctx->drain_active)
req->flags |= REQ_F_FORCE_ASYNC;
@@ -2172,9 +2179,9 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
}
if (!def->ioprio && sqe->ioprio)
- return -EINVAL;
+ return io_init_fail_req(req, -EINVAL);
if (!def->iopoll && (ctx->flags & IORING_SETUP_IOPOLL))
- return -EINVAL;
+ return io_init_fail_req(req, -EINVAL);
if (def->needs_file) {
struct io_submit_state *state = &ctx->submit_state;
@@ -2198,12 +2205,12 @@ static int io_init_req(struct io_ring_ctx *ctx, struct io_kiocb *req,
req->creds = xa_load(&ctx->personalities, personality);
if (!req->creds)
- return -EINVAL;
+ return io_init_fail_req(req, -EINVAL);
get_cred(req->creds);
ret = security_uring_override_creds(req->creds);
if (ret) {
put_cred(req->creds);
- return ret;
+ return io_init_fail_req(req, ret);
}
req->flags |= REQ_F_CREDS;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 100/114] modpost: fix null pointer dereference
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 099/114] io_uring: clear opcode specific data for an early failure Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 101/114] drivers/nvme: Add quirks for device 126f:2262 Greg Kroah-Hartman
` (24 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Max Kellermann, Masahiro Yamada,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Kellermann <max.kellermann@ionos.com>
[ Upstream commit 23dfd914d2bfc4c9938b0084dffd7105de231d98 ]
If the find_fromsym() call fails and returns NULL, the warn() call
will dereference this NULL pointer and cause the program to crash.
This happened when I tried to build with "test_user_copy" module.
With this fix, it prints lots of warnings like this:
WARNING: modpost: lib/test_user_copy: section mismatch in reference: (unknown)+0x4 (section: .text.fixup) -> (unknown) (section: .init.text)
masahiroy@kernel.org:
The issue is reproduced with ARCH=arm allnoconfig + CONFIG_MODULES=y +
CONFIG_RUNTIME_TESTING_MENU=y + CONFIG_TEST_USER_COPY=m
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/modpost.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 7d53942445d75..269bd79bcd9ad 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1098,7 +1098,9 @@ static void default_mismatch_handler(const char *modname, struct elf_info *elf,
sec_mismatch_count++;
warn("%s: section mismatch in reference: %s+0x%x (section: %s) -> %s (section: %s)\n",
- modname, fromsym, (unsigned int)(faddr - from->st_value), fromsec, tosym, tosec);
+ modname, fromsym,
+ (unsigned int)(faddr - (from ? from->st_value : 0)),
+ fromsec, tosym, tosec);
if (mismatch->mismatch == EXTABLE_TO_NON_TEXT) {
if (match(tosec, mismatch->bad_tosec))
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 101/114] drivers/nvme: Add quirks for device 126f:2262
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 100/114] modpost: fix null pointer dereference Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 102/114] fbmon: prevent division by zero in fb_videomode_from_videomode() Greg Kroah-Hartman
` (23 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jiawei Fu, Christoph Hellwig,
Sagi Grimberg, Keith Busch, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiawei Fu (iBug) <i@ibugone.com>
[ Upstream commit e89086c43f0500bc7c4ce225495b73b8ce234c1f ]
This commit adds NVME_QUIRK_NO_DEEPEST_PS and NVME_QUIRK_BOGUS_NID for
device [126f:2262], which appears to be a generic VID:PID pair used for
many SSDs based on the Silicon Motion SM2262/SM2262EN controller.
Two of my SSDs with this VID:PID pair exhibit the same behavior:
* They frequently have trouble exiting the deepest power state (5),
resulting in the entire disk unresponsive.
Verified by setting nvme_core.default_ps_max_latency_us=10000 and
observing them behaving normally.
* They produce all-zero nguid and eui64 with `nvme id-ns` command.
The offending products are:
* HP SSD EX950 1TB
* HIKVISION C2000Pro 2TB
Signed-off-by: Jiawei Fu <i@ibugone.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvme/host/pci.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index f8e92404a6591..b985142fb84b9 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3361,6 +3361,9 @@ static const struct pci_device_id nvme_id_table[] = {
NVME_QUIRK_BOGUS_NID, },
{ PCI_VDEVICE(REDHAT, 0x0010), /* Qemu emulated controller */
.driver_data = NVME_QUIRK_BOGUS_NID, },
+ { PCI_DEVICE(0x126f, 0x2262), /* Silicon Motion generic */
+ .driver_data = NVME_QUIRK_NO_DEEPEST_PS |
+ NVME_QUIRK_BOGUS_NID, },
{ PCI_DEVICE(0x126f, 0x2263), /* Silicon Motion unidentified */
.driver_data = NVME_QUIRK_NO_NS_DESC_LIST |
NVME_QUIRK_BOGUS_NID, },
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 102/114] fbmon: prevent division by zero in fb_videomode_from_videomode()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 101/114] drivers/nvme: Add quirks for device 126f:2262 Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 103/114] ALSA: hda/realtek: Add quirks for some Clevo laptops Greg Kroah-Hartman
` (22 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Roman Smirnov, Sergey Shtylyov,
Helge Deller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roman Smirnov <r.smirnov@omp.ru>
[ Upstream commit c2d953276b8b27459baed1277a4fdd5dd9bd4126 ]
The expression htotal * vtotal can have a zero value on
overflow. It is necessary to prevent division by zero like in
fb_var_to_videomode().
Found by Linux Verification Center (linuxtesting.org) with Svace.
Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/video/fbdev/core/fbmon.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/video/fbdev/core/fbmon.c b/drivers/video/fbdev/core/fbmon.c
index 79e5bfbdd34c2..0a26399dbc899 100644
--- a/drivers/video/fbdev/core/fbmon.c
+++ b/drivers/video/fbdev/core/fbmon.c
@@ -1311,7 +1311,7 @@ int fb_get_mode(int flags, u32 val, struct fb_var_screeninfo *var, struct fb_inf
int fb_videomode_from_videomode(const struct videomode *vm,
struct fb_videomode *fbmode)
{
- unsigned int htotal, vtotal;
+ unsigned int htotal, vtotal, total;
fbmode->xres = vm->hactive;
fbmode->left_margin = vm->hback_porch;
@@ -1344,8 +1344,9 @@ int fb_videomode_from_videomode(const struct videomode *vm,
vtotal = vm->vactive + vm->vfront_porch + vm->vback_porch +
vm->vsync_len;
/* prevent division by zero */
- if (htotal && vtotal) {
- fbmode->refresh = vm->pixelclock / (htotal * vtotal);
+ total = htotal * vtotal;
+ if (total) {
+ fbmode->refresh = vm->pixelclock / total;
/* a mode must have htotal and vtotal != 0 or it is invalid */
} else {
fbmode->refresh = 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 103/114] ALSA: hda/realtek: Add quirks for some Clevo laptops
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 102/114] fbmon: prevent division by zero in fb_videomode_from_videomode() Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 104/114] gcc-plugins/stackleak: Avoid .head.text section Greg Kroah-Hartman
` (21 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Tim Crawford, Takashi Iwai,
Sasha Levin, Jeremy Soller
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tim Crawford <tcrawford@system76.com>
[ Upstream commit 33affa7fb46c0c07f6c49d4ddac9dd436715064c ]
Add audio quirks to fix speaker output and headset detection on some new
Clevo models:
- L240TU (ALC245)
- PE60SNE-G (ALC1220)
- V350SNEQ (ALC245)
Co-authored-by: Jeremy Soller <jeremy@system76.com>
Signed-off-by: Tim Crawford <tcrawford@system76.com>
Message-ID: <20240319212726.62888-1-tcrawford@system76.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/pci/hda/patch_realtek.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index b8e47761fb572..6841de9d423e3 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -2645,6 +2645,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
SND_PCI_QUIRK(0x1558, 0x65f1, "Clevo PC50HS", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x65f5, "Clevo PD50PN[NRT]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x66a2, "Clevo PE60RNE", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK(0x1558, 0x66a6, "Clevo PE60SN[CDE]-[GS]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67d1, "Clevo PB71[ER][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67e1, "Clevo PB71[DE][CDF]", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
SND_PCI_QUIRK(0x1558, 0x67e5, "Clevo PC70D[PRS](?:-D|-G)?", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
@@ -10097,12 +10098,14 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC),
SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC),
SND_PCI_QUIRK(0x152d, 0x1082, "Quanta NL3", ALC269_FIXUP_LIFEBOOK),
+ SND_PCI_QUIRK(0x1558, 0x0353, "Clevo V35[05]SN[CDE]Q", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x1323, "Clevo N130ZU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x1325, "Clevo N15[01][CW]U", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x1401, "Clevo L140[CZ]U", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x1403, "Clevo N140CU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x1404, "Clevo N150CU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x14a1, "Clevo L141MU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1558, 0x2624, "Clevo L240TU", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x4018, "Clevo NV40M[BE]", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x4019, "Clevo NV40MZ", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1558, 0x4020, "Clevo NV40MB", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 104/114] gcc-plugins/stackleak: Avoid .head.text section
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 103/114] ALSA: hda/realtek: Add quirks for some Clevo laptops Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 105/114] selftests: mptcp: display simult in extra_msg Greg Kroah-Hartman
` (20 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Ard Biesheuvel,
Kees Cook
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit e7d24c0aa8e678f41457d1304e2091cac6fd1a2e upstream.
The .head.text section carries the startup code that runs with the MMU
off or with a translation of memory that deviates from the ordinary one.
So avoid instrumentation with the stackleak plugin, which already avoids
.init.text and .noinstr.text entirely.
Fixes: 48204aba801f1b51 ("x86/sme: Move early SME kernel encryption handling into .head.text")
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202403221630.2692c998-oliver.sang@intel.com
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20240328064256.2358634-2-ardb+git@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/gcc-plugins/stackleak_plugin.c | 2 ++
1 file changed, 2 insertions(+)
--- a/scripts/gcc-plugins/stackleak_plugin.c
+++ b/scripts/gcc-plugins/stackleak_plugin.c
@@ -467,6 +467,8 @@ static bool stackleak_gate(void)
return false;
if (STRING_EQUAL(section, ".entry.text"))
return false;
+ if (STRING_EQUAL(section, ".head.text"))
+ return false;
}
return track_frame_size >= 0;
^ permalink raw reply [flat|nested] 126+ messages in thread
* [PATCH 6.6 105/114] selftests: mptcp: display simult in extra_msg
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 104/114] gcc-plugins/stackleak: Avoid .head.text section Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 106/114] media: mediatek: vcodec: Fix oops when HEVC init fails Greg Kroah-Hartman
` (19 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Matthieu Baerts, Geliang Tang,
Mat Martineau, Jakub Kicinski
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geliang Tang <geliang.tang@suse.com>
commit 629b35a225b0d49fbcff3b5c22e3b983c7c7b36f upstream.
Just like displaying "invert" after "Info: ", "simult" should be
displayed too when rm_subflow_nr doesn't match the expect value in
chk_rm_nr():
syn [ ok ]
synack [ ok ]
ack [ ok ]
add [ ok ]
echo [ ok ]
rm [ ok ]
rmsf [ ok ] 3 in [2:4]
Info: invert simult
syn [ ok ]
synack [ ok ]
ack [ ok ]
add [ ok ]
echo [ ok ]
rm [ ok ]
rmsf [ ok ]
Info: invert
Reviewed-by: Matthieu Baerts <matttbe@kernel.org>
Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Mat Martineau <martineau@kernel.org>
Link: https://lore.kernel.org/r/20231025-send-net-next-20231025-v1-10-db8f25f798eb@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/mptcp_join.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
+++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
@@ -1740,7 +1740,10 @@ chk_rm_nr()
# in case of simult flush, the subflow removal count on each side is
# unreliable
count=$((count + cnt))
- [ "$count" != "$rm_subflow_nr" ] && suffix="$count in [$rm_subflow_nr:$((rm_subflow_nr*2))]"
+ if [ "$count" != "$rm_subflow_nr" ]; then
+ suffix="$count in [$rm_subflow_nr:$((rm_subflow_nr*2))]"
+ extra_msg="$extra_msg simult"
+ fi
if [ $count -ge "$rm_subflow_nr" ] && \
[ "$count" -le "$((rm_subflow_nr *2 ))" ]; then
print_ok "$suffix"
^ permalink raw reply [flat|nested] 126+ messages in thread
* [PATCH 6.6 106/114] media: mediatek: vcodec: Fix oops when HEVC init fails
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 105/114] selftests: mptcp: display simult in extra_msg Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 107/114] media: mediatek: vcodec: adding lock to protect decoder context list Greg Kroah-Hartman
` (18 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolas Dufresne,
AngeloGioacchino Del Regno, Sebastian Fricke, Hans Verkuil,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
[ Upstream commit 97c75ee5de060d271d80109b0c47cb6008439e5b ]
The stateless HEVC decoder saves the instance pointer in the context
regardless if the initialization worked or not. This caused a use after
free, when the pointer is freed in case of a failure in the deinit
function.
Only store the instance pointer when the initialization was successful,
to solve this issue.
Hardware name: Acer Tomato (rev3 - 4) board (DT)
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec]
lr : vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec]
sp : ffff80008750bc20
x29: ffff80008750bc20 x28: ffff1299f6d70000 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: ffff80008750bc98 x22: 000000000000a003 x21: ffffd45c4cfae000
x20: 0000000000000010 x19: ffff1299fd668310 x18: 000000000000001a
x17: 000000040044ffff x16: ffffd45cb15dc648 x15: 0000000000000000
x14: ffff1299c08da1c0 x13: ffffd45cb1f87a10 x12: ffffd45cb2f5fe80
x11: 0000000000000001 x10: 0000000000001b30 x9 : ffffd45c4d12b488
x8 : 1fffe25339380d81 x7 : 0000000000000001 x6 : ffff1299c9c06c00
x5 : 0000000000000132 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000010 x1 : ffff80008750bc98 x0 : 0000000000000000
Call trace:
vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec]
vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec]
vpu_dec_deinit+0x1c/0x30 [mtk_vcodec_dec]
vdec_hevc_slice_deinit+0x30/0x98 [mtk_vcodec_dec]
vdec_if_deinit+0x38/0x68 [mtk_vcodec_dec]
mtk_vcodec_dec_release+0x20/0x40 [mtk_vcodec_dec]
fops_vcodec_release+0x64/0x118 [mtk_vcodec_dec]
v4l2_release+0x7c/0x100
__fput+0x80/0x2d8
__fput_sync+0x58/0x70
__arm64_sys_close+0x40/0x90
invoke_syscall+0x50/0x128
el0_svc_common.constprop.0+0x48/0xf0
do_el0_svc+0x24/0x38
el0_svc+0x38/0xd8
el0t_64_sync_handler+0xc0/0xc8
el0t_64_sync+0x1a8/0x1b0
Code: d503201f f9401660 b900127f b900227f (f9400400)
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Fixes: 2674486aac7d ("media: mediatek: vcodec: support stateless hevc decoder")
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sebastian Fricke <sebastian.fricke@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c b/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c
index 06ed47df693bf..21836dd6ef85a 100644
--- a/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c
+++ b/drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c
@@ -869,7 +869,6 @@ static int vdec_hevc_slice_init(struct mtk_vcodec_dec_ctx *ctx)
inst->vpu.codec_type = ctx->current_codec;
inst->vpu.capture_type = ctx->capture_fourcc;
- ctx->drv_handle = inst;
err = vpu_dec_init(&inst->vpu);
if (err) {
mtk_vdec_err(ctx, "vdec_hevc init err=%d", err);
@@ -898,6 +897,7 @@ static int vdec_hevc_slice_init(struct mtk_vcodec_dec_ctx *ctx)
mtk_vdec_debug(ctx, "lat hevc instance >> %p, codec_type = 0x%x",
inst, inst->vpu.codec_type);
+ ctx->drv_handle = inst;
return 0;
error_free_inst:
kfree(inst);
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 107/114] media: mediatek: vcodec: adding lock to protect decoder context list
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 106/114] media: mediatek: vcodec: Fix oops when HEVC init fails Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 108/114] media: mediatek: vcodec: adding lock to protect encoder " Greg Kroah-Hartman
` (17 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Yunfei Dong, Nicolas Dufresne,
AngeloGioacchino Del Regno, Sebastian Fricke, Hans Verkuil,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunfei Dong <yunfei.dong@mediatek.com>
[ Upstream commit 6467cda18c9f9b5f2f9a0aa1e2861c653e41f382 ]
Add a lock for the ctx_list, to avoid accessing a NULL pointer
within the 'vpu_dec_ipi_handler' function when the ctx_list has
been deleted due to an unexpected behavior on the SCP IP block.
Hardware name: Google juniper sku16 board (DT)
pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)
pc : vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec]
lr : scp_ipi_handler+0xd0/0x194 [mtk_scp]
sp : ffffffc0131dbbd0
x29: ffffffc0131dbbd0 x28: 0000000000000000
x27: ffffff9bb277f348 x26: ffffff9bb242ad00
x25: ffffffd2d440d3b8 x24: ffffffd2a13ff1d4
x23: ffffff9bb7fe85a0 x22: ffffffc0133fbdb0
x21: 0000000000000010 x20: ffffff9b050ea328
x19: ffffffc0131dbc08 x18: 0000000000001000
x17: 0000000000000000 x16: ffffffd2d461c6e0
x15: 0000000000000242 x14: 000000000000018f
x13: 000000000000004d x12: 0000000000000000
x11: 0000000000000001 x10: fffffffffffffff0
x9 : ffffff9bb6e793a8 x8 : 0000000000000000
x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : fffffffffffffff0
x3 : 0000000000000020 x2 : ffffff9bb6e79080
x1 : 0000000000000010 x0 : ffffffc0131dbc08
Call trace:
vpu_dec_ipi_handler+0x58/0x1f8 [mtk_vcodec_dec (HASH:6c3f 2)]
scp_ipi_handler+0xd0/0x194 [mtk_scp (HASH:7046 3)]
mt8183_scp_irq_handler+0x44/0x88 [mtk_scp (HASH:7046 3)]
scp_irq_handler+0x48/0x90 [mtk_scp (HASH:7046 3)]
irq_thread_fn+0x38/0x94
irq_thread+0x100/0x1c0
kthread+0x140/0x1fc
ret_from_fork+0x10/0x30
Code: 54000088 f94ca50a eb14015f 54000060 (f9400108)
---[ end trace ace43ce36cbd5c93 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
Kernel Offset: 0x12c4000000 from 0xffffffc010000000
PHYS_OFFSET: 0xffffffe580000000
CPU features: 0x08240002,2188200c
Memory Limit: none
Fixes: 655b86e52eac ("media: mediatek: vcodec: Fix possible invalid memory access for decoder")
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
Reviewed-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sebastian Fricke <sebastian.fricke@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 4 ++--
.../platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 5 +++++
.../platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 ++
drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 2 ++
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c
index 0849ffb0dcd45..831ec3d48b274 100644
--- a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c
+++ b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c
@@ -50,12 +50,12 @@ static void mtk_vcodec_vpu_reset_dec_handler(void *priv)
dev_err(&dev->plat_dev->dev, "Watchdog timeout!!");
- mutex_lock(&dev->dev_mutex);
+ mutex_lock(&dev->dev_ctx_lock);
list_for_each_entry(ctx, &dev->ctx_list, list) {
ctx->state = MTK_STATE_ABORT;
mtk_v4l2_vdec_dbg(0, ctx, "[%d] Change to state MTK_STATE_ABORT", ctx->id);
}
- mutex_unlock(&dev->dev_mutex);
+ mutex_unlock(&dev->dev_ctx_lock);
}
static void mtk_vcodec_vpu_reset_enc_handler(void *priv)
diff --git a/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c b/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c
index 0a89ce452ac32..20c0b1acf6186 100644
--- a/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c
+++ b/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c
@@ -268,7 +268,9 @@ static int fops_vcodec_open(struct file *file)
ctx->dev->vdec_pdata->init_vdec_params(ctx);
+ mutex_lock(&dev->dev_ctx_lock);
list_add(&ctx->list, &dev->ctx_list);
+ mutex_unlock(&dev->dev_ctx_lock);
mtk_vcodec_dbgfs_create(ctx);
mutex_unlock(&dev->dev_mutex);
@@ -311,7 +313,9 @@ static int fops_vcodec_release(struct file *file)
v4l2_ctrl_handler_free(&ctx->ctrl_hdl);
mtk_vcodec_dbgfs_remove(dev, ctx->id);
+ mutex_lock(&dev->dev_ctx_lock);
list_del_init(&ctx->list);
+ mutex_unlock(&dev->dev_ctx_lock);
kfree(ctx);
mutex_unlock(&dev->dev_mutex);
return 0;
@@ -378,6 +382,7 @@ static int mtk_vcodec_probe(struct platform_device *pdev)
for (i = 0; i < MTK_VDEC_HW_MAX; i++)
mutex_init(&dev->dec_mutex[i]);
mutex_init(&dev->dev_mutex);
+ mutex_init(&dev->dev_ctx_lock);
spin_lock_init(&dev->irqlock);
snprintf(dev->v4l2_dev.name, sizeof(dev->v4l2_dev.name), "%s",
diff --git a/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h b/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h
index 7e36b2c69b7d1..b3a59af7c8ac5 100644
--- a/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h
+++ b/drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h
@@ -231,6 +231,7 @@ struct mtk_vcodec_dec_ctx {
*
* @dec_mutex: decoder hardware lock
* @dev_mutex: video_device lock
+ * @dev_ctx_lock: the lock of context list
* @decode_workqueue: decode work queue
*
* @irqlock: protect data access by irq handler and work thread
@@ -270,6 +271,7 @@ struct mtk_vcodec_dec_dev {
/* decoder hardware mutex lock */
struct mutex dec_mutex[MTK_VDEC_HW_MAX];
struct mutex dev_mutex;
+ struct mutex dev_ctx_lock;
struct workqueue_struct *decode_workqueue;
spinlock_t irqlock;
diff --git a/drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c b/drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c
index 82e57ae983d55..da6be556727bb 100644
--- a/drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c
+++ b/drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c
@@ -77,12 +77,14 @@ static bool vpu_dec_check_ap_inst(struct mtk_vcodec_dec_dev *dec_dev, struct vde
struct mtk_vcodec_dec_ctx *ctx;
int ret = false;
+ mutex_lock(&dec_dev->dev_ctx_lock);
list_for_each_entry(ctx, &dec_dev->ctx_list, list) {
if (!IS_ERR_OR_NULL(ctx) && ctx->vpu_inst == vpu) {
ret = true;
break;
}
}
+ mutex_unlock(&dec_dev->dev_ctx_lock);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 108/114] media: mediatek: vcodec: adding lock to protect encoder context list
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 107/114] media: mediatek: vcodec: adding lock to protect decoder context list Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 109/114] randomize_kstack: Improve entropy diffusion Greg Kroah-Hartman
` (16 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Yunfei Dong, Nicolas Dufresne,
AngeloGioacchino Del Regno, Sebastian Fricke, Hans Verkuil,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yunfei Dong <yunfei.dong@mediatek.com>
[ Upstream commit afaaf3a0f647a24a7bf6a2145d8ade37baaf75ad ]
Add a lock for the ctx_list, to avoid accessing a NULL pointer
within the 'vpu_enc_ipi_handler' function when the ctx_list has
been deleted due to an unexpected behavior on the SCP IP block.
Fixes: 1972e32431ed ("media: mediatek: vcodec: Fix possible invalid memory access for encoder")
Signed-off-by: Yunfei Dong <yunfei.dong@mediatek.com>
Reviewed-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Sebastian Fricke <sebastian.fricke@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 4 ++--
.../platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 5 +++++
.../platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 ++
drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c | 2 ++
4 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c
index 831ec3d48b274..42ce58c41e4f4 100644
--- a/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c
+++ b/drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c
@@ -65,12 +65,12 @@ static void mtk_vcodec_vpu_reset_enc_handler(void *priv)
dev_err(&dev->plat_dev->dev, "Watchdog timeout!!");
- mutex_lock(&dev->dev_mutex);
+ mutex_lock(&dev->dev_ctx_lock);
list_for_each_entry(ctx, &dev->ctx_list, list) {
ctx->state = MTK_STATE_ABORT;
mtk_v4l2_vdec_dbg(0, ctx, "[%d] Change to state MTK_STATE_ABORT", ctx->id);
}
- mutex_unlock(&dev->dev_mutex);
+ mutex_unlock(&dev->dev_ctx_lock);
}
static const struct mtk_vcodec_fw_ops mtk_vcodec_vpu_msg = {
diff --git a/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c b/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c
index 6319f24bc714b..3cb8a16222220 100644
--- a/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c
+++ b/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c
@@ -177,7 +177,9 @@ static int fops_vcodec_open(struct file *file)
mtk_v4l2_venc_dbg(2, ctx, "Create instance [%d]@%p m2m_ctx=%p ",
ctx->id, ctx, ctx->m2m_ctx);
+ mutex_lock(&dev->dev_ctx_lock);
list_add(&ctx->list, &dev->ctx_list);
+ mutex_unlock(&dev->dev_ctx_lock);
mutex_unlock(&dev->dev_mutex);
mtk_v4l2_venc_dbg(0, ctx, "%s encoder [%d]", dev_name(&dev->plat_dev->dev),
@@ -212,7 +214,9 @@ static int fops_vcodec_release(struct file *file)
v4l2_fh_exit(&ctx->fh);
v4l2_ctrl_handler_free(&ctx->ctrl_hdl);
+ mutex_lock(&dev->dev_ctx_lock);
list_del_init(&ctx->list);
+ mutex_unlock(&dev->dev_ctx_lock);
kfree(ctx);
mutex_unlock(&dev->dev_mutex);
return 0;
@@ -294,6 +298,7 @@ static int mtk_vcodec_probe(struct platform_device *pdev)
mutex_init(&dev->enc_mutex);
mutex_init(&dev->dev_mutex);
+ mutex_init(&dev->dev_ctx_lock);
spin_lock_init(&dev->irqlock);
snprintf(dev->v4l2_dev.name, sizeof(dev->v4l2_dev.name), "%s",
diff --git a/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h b/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h
index a042f607ed8d1..0bd85d0fb379a 100644
--- a/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h
+++ b/drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h
@@ -178,6 +178,7 @@ struct mtk_vcodec_enc_ctx {
*
* @enc_mutex: encoder hardware lock.
* @dev_mutex: video_device lock
+ * @dev_ctx_lock: the lock of context list
* @encode_workqueue: encode work queue
*
* @enc_irq: h264 encoder irq resource
@@ -205,6 +206,7 @@ struct mtk_vcodec_enc_dev {
/* encoder hardware mutex lock */
struct mutex enc_mutex;
struct mutex dev_mutex;
+ struct mutex dev_ctx_lock;
struct workqueue_struct *encode_workqueue;
int enc_irq;
diff --git a/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c b/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c
index 84ad1cc6ad171..51bb7ee141b9e 100644
--- a/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c
+++ b/drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c
@@ -47,12 +47,14 @@ static bool vpu_enc_check_ap_inst(struct mtk_vcodec_enc_dev *enc_dev, struct ven
struct mtk_vcodec_enc_ctx *ctx;
int ret = false;
+ mutex_lock(&enc_dev->dev_ctx_lock);
list_for_each_entry(ctx, &enc_dev->ctx_list, list) {
if (!IS_ERR_OR_NULL(ctx) && ctx->vpu_inst == vpu) {
ret = true;
break;
}
}
+ mutex_unlock(&enc_dev->dev_ctx_lock);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 109/114] randomize_kstack: Improve entropy diffusion
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 108/114] media: mediatek: vcodec: adding lock to protect encoder " Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 110/114] platform/x86: intel-vbtn: Update tablet mode switch at end of probe Greg Kroah-Hartman
` (15 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Kees Cook,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
[ Upstream commit 9c573cd313433f6c1f7236fe64b9b743500c1628 ]
The kstack_offset variable was really only ever using the low bits for
kernel stack offset entropy. Add a ror32() to increase bit diffusion.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 39218ff4c625 ("stack: Optionally randomize kernel stack offset each syscall")
Link: https://lore.kernel.org/r/20240309202445.work.165-kees@kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/randomize_kstack.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/randomize_kstack.h b/include/linux/randomize_kstack.h
index 5d868505a94e4..6d92b68efbf6c 100644
--- a/include/linux/randomize_kstack.h
+++ b/include/linux/randomize_kstack.h
@@ -80,7 +80,7 @@ DECLARE_PER_CPU(u32, kstack_offset);
if (static_branch_maybe(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, \
&randomize_kstack_offset)) { \
u32 offset = raw_cpu_read(kstack_offset); \
- offset ^= (rand); \
+ offset = ror32(offset, 5) ^ (rand); \
raw_cpu_write(kstack_offset, offset); \
} \
} while (0)
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 110/114] platform/x86: intel-vbtn: Update tablet mode switch at end of probe
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 109/114] randomize_kstack: Improve entropy diffusion Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 111/114] Bluetooth: btintel: Fixe build regression Greg Kroah-Hartman
` (14 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gwendal Grignou,
Kuppuswamy Sathyanarayanan, Hans de Goede, Ilpo Järvinen,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gwendal Grignou <gwendal@chromium.org>
[ Upstream commit 434e5781d8cd2d0ed512d920c6cdeba4b33a2e81 ]
ACER Vivobook Flip (TP401NAS) virtual intel switch is implemented as
follow:
Device (VGBI)
{
Name (_HID, EisaId ("INT33D6") ...
Name (VBDS, Zero)
Method (_STA, 0, Serialized) // _STA: Status ...
Method (VBDL, 0, Serialized)
{
PB1E |= 0x20
VBDS |= 0x40
}
Method (VGBS, 0, Serialized)
{
Return (VBDS) /* \_SB_.PCI0.SBRG.EC0_.VGBI.VBDS */
}
...
}
By default VBDS is set to 0. At boot it is set to clamshell (bit 6 set)
only after method VBDL is executed.
Since VBDL is now evaluated in the probe routine later, after the device
is registered, the retrieved value of VBDS was still 0 ("tablet mode")
when setting up the virtual switch.
Make sure to evaluate VGBS after VBDL, to ensure the
convertible boots in clamshell mode, the expected default.
Fixes: 26173179fae1 ("platform/x86: intel-vbtn: Eval VBDL after registering our notifier")
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20240329143206.2977734-3-gwendal@chromium.org
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/vbtn.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/platform/x86/intel/vbtn.c b/drivers/platform/x86/intel/vbtn.c
index 084c355c86f5f..5d13452bb947a 100644
--- a/drivers/platform/x86/intel/vbtn.c
+++ b/drivers/platform/x86/intel/vbtn.c
@@ -136,8 +136,6 @@ static int intel_vbtn_input_setup(struct platform_device *device)
priv->switches_dev->id.bustype = BUS_HOST;
if (priv->has_switches) {
- detect_tablet_mode(&device->dev);
-
ret = input_register_device(priv->switches_dev);
if (ret)
return ret;
@@ -316,6 +314,9 @@ static int intel_vbtn_probe(struct platform_device *device)
if (ACPI_FAILURE(status))
dev_err(&device->dev, "Error VBDL failed with ACPI status %d\n", status);
}
+ // Check switches after buttons since VBDL may have side effects.
+ if (has_switches)
+ detect_tablet_mode(&device->dev);
device_init_wakeup(&device->dev, true);
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 126+ messages in thread
* [PATCH 6.6 111/114] Bluetooth: btintel: Fixe build regression
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 110/114] platform/x86: intel-vbtn: Update tablet mode switch at end of probe Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 112/114] net: mpls: error out if inner headers are not set Greg Kroah-Hartman
` (13 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Luiz Augusto von Dentz
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
commit 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd upstream.
This fixes the following build regression:
drivers-bluetooth-btintel.c-btintel_read_version()-warn:
passing-zero-to-PTR_ERR
Fixes: b79e04091010 ("Bluetooth: btintel: Fix null ptr deref in btintel_read_version")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bluetooth/btintel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/bluetooth/btintel.c
+++ b/drivers/bluetooth/btintel.c
@@ -435,13 +435,13 @@ int btintel_read_version(struct hci_dev
struct sk_buff *skb;
skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
- if (IS_ERR_OR_NULL(skb)) {
+ if (IS_ERR(skb)) {
bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
PTR_ERR(skb));
return PTR_ERR(skb);
}
- if (skb->len != sizeof(*ver)) {
+ if (!skb || skb->len != sizeof(*ver)) {
bt_dev_err(hdev, "Intel version event size mismatch");
kfree_skb(skb);
return -EILSEQ;
^ permalink raw reply [flat|nested] 126+ messages in thread
* [PATCH 6.6 112/114] net: mpls: error out if inner headers are not set
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 111/114] Bluetooth: btintel: Fixe build regression Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 113/114] VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Greg Kroah-Hartman
` (12 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Simon Horman,
syzbot+99d15fcdb0132a1e1a82, Florian Westphal, Jakub Kicinski
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Westphal <fw@strlen.de>
commit 025f8ad20f2e3264d11683aa9cbbf0083eefbdcd upstream.
mpls_gso_segment() assumes skb_inner_network_header() returns
a valid result:
mpls_hlen = skb_inner_network_header(skb) - skb_network_header(skb);
if (unlikely(!mpls_hlen || mpls_hlen % MPLS_HLEN))
goto out;
if (unlikely(!pskb_may_pull(skb, mpls_hlen)))
With syzbot reproducer, skb_inner_network_header() yields 0,
skb_network_header() returns 108, so this will
"pskb_may_pull(skb, -108)))" which triggers a newly added
DEBUG_NET_WARN_ON_ONCE() check:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5068 at include/linux/skbuff.h:2723 pskb_may_pull_reason include/linux/skbuff.h:2723 [inline]
WARNING: CPU: 0 PID: 5068 at include/linux/skbuff.h:2723 pskb_may_pull include/linux/skbuff.h:2739 [inline]
WARNING: CPU: 0 PID: 5068 at include/linux/skbuff.h:2723 mpls_gso_segment+0x773/0xaa0 net/mpls/mpls_gso.c:34
[..]
skb_mac_gso_segment+0x383/0x740 net/core/gso.c:53
nsh_gso_segment+0x40a/0xad0 net/nsh/nsh.c:108
skb_mac_gso_segment+0x383/0x740 net/core/gso.c:53
__skb_gso_segment+0x324/0x4c0 net/core/gso.c:124
skb_gso_segment include/net/gso.h:83 [inline]
[..]
sch_direct_xmit+0x11a/0x5f0 net/sched/sch_generic.c:327
[..]
packet_sendmsg+0x46a9/0x6130 net/packet/af_packet.c:3113
[..]
First iteration of this patch made mpls_hlen signed and changed
test to error out to "mpls_hlen <= 0 || ..".
Eric Dumazet said:
> I was thinking about adding a debug check in skb_inner_network_header()
> if inner_network_header is zero (that would mean it is not 'set' yet),
> but this would trigger even after your patch.
So add new skb_inner_network_header_was_set() helper and use that.
The syzbot reproducer injects data via packet socket. The skb that gets
allocated and passed down the stack has ->protocol set to NSH (0x894f)
and gso_type set to SKB_GSO_UDP | SKB_GSO_DODGY.
This gets passed to skb_mac_gso_segment(), which sees NSH as ptype to
find a callback for. nsh_gso_segment() retrieves next type:
proto = tun_p_to_eth_p(nsh_hdr(skb)->np);
... which is MPLS (TUN_P_MPLS_UC). It updates skb->protocol and then
calls mpls_gso_segment(). Inner offsets are all 0, so mpls_gso_segment()
ends up with a negative header size.
In case more callers rely on silent handling of such large may_pull values
we could also 'legalize' this behaviour, either replacing the debug check
with (len > INT_MAX) test or removing it and instead adding a comment
before existing
if (unlikely(len > skb->len))
return SKB_DROP_REASON_PKT_TOO_SMALL;
test in pskb_may_pull_reason(), saying that this check also implicitly
takes care of callers that miscompute header sizes.
Cc: Simon Horman <horms@kernel.org>
Fixes: 219eee9c0d16 ("net: skbuff: add overflow debug check to pull/push helpers")
Reported-by: syzbot+99d15fcdb0132a1e1a82@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/00000000000043b1310611e388aa@google.com/raw
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20240222140321.14080-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/skbuff.h | 5 +++++
net/mpls/mpls_gso.c | 3 +++
2 files changed, 8 insertions(+)
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -2837,6 +2837,11 @@ static inline void skb_set_inner_network
skb->inner_network_header += offset;
}
+static inline bool skb_inner_network_header_was_set(const struct sk_buff *skb)
+{
+ return skb->inner_network_header > 0;
+}
+
static inline unsigned char *skb_inner_mac_header(const struct sk_buff *skb)
{
return skb->head + skb->inner_mac_header;
--- a/net/mpls/mpls_gso.c
+++ b/net/mpls/mpls_gso.c
@@ -27,6 +27,9 @@ static struct sk_buff *mpls_gso_segment(
__be16 mpls_protocol;
unsigned int mpls_hlen;
+ if (!skb_inner_network_header_was_set(skb))
+ goto out;
+
skb_reset_network_header(skb);
mpls_hlen = skb_inner_network_header(skb) - skb_network_header(skb);
if (unlikely(!mpls_hlen || mpls_hlen % MPLS_HLEN))
^ permalink raw reply [flat|nested] 126+ messages in thread
* [PATCH 6.6 113/114] VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 112/114] net: mpls: error out if inner headers are not set Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 114/114] Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Greg Kroah-Hartman
` (11 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Vasiliy Kovalev, Kees Cook
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vasiliy Kovalev <kovalev@altlinux.org>
commit e606e4b71798cc1df20e987dde2468e9527bd376 upstream.
The changes are similar to those given in the commit 19b070fefd0d
("VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()").
Fix filling of the msg and msg_payload in dg_info struct, which prevents a
possible "detected field-spanning write" of memcpy warning that is issued
by the tracking mechanism __fortify_memcpy_chk.
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Link: https://lore.kernel.org/r/20240219105315.76955-1-kovalev@altlinux.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/vmw_vmci/vmci_datagram.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/misc/vmw_vmci/vmci_datagram.c
+++ b/drivers/misc/vmw_vmci/vmci_datagram.c
@@ -378,7 +378,8 @@ int vmci_datagram_invoke_guest_handler(s
dg_info->in_dg_host_queue = false;
dg_info->entry = dst_entry;
- memcpy(&dg_info->msg, dg, VMCI_DG_SIZE(dg));
+ dg_info->msg = *dg;
+ memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size);
INIT_WORK(&dg_info->work, dg_delayed_dispatch);
schedule_work(&dg_info->work);
^ permalink raw reply [flat|nested] 126+ messages in thread
* [PATCH 6.6 114/114] Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()"
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 113/114] VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Greg Kroah-Hartman
@ 2024-04-11 9:57 ` Greg Kroah-Hartman
2024-04-11 18:02 ` [PATCH 6.6 000/114] 6.6.27-rc1 review SeongJae Park
` (10 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-11 9:57 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ma Jun, Christian König,
Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Jun <Jun.Ma2@amd.com>
commit 03c6284df179de3a4a6e0684764b1c71d2a405e2 upstream.
This patch causes the following iounmap erorr and calltrace
iounmap: bad address 00000000d0b3631f
The original patch was unjustified because amdgpu_device_fini_sw() will
always cleanup the rmmio mapping.
This reverts commit eb4f139888f636614dab3bcce97ff61cefc4b3a7.
Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
Suggested-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -3639,10 +3639,8 @@ int amdgpu_device_init(struct amdgpu_dev
* early on during init and before calling to RREG32.
*/
adev->reset_domain = amdgpu_reset_create_reset_domain(SINGLE_DEVICE, "amdgpu-reset-dev");
- if (!adev->reset_domain) {
- r = -ENOMEM;
- goto unmap_memory;
- }
+ if (!adev->reset_domain)
+ return -ENOMEM;
/* detect hw virtualization here */
amdgpu_detect_virtualization(adev);
@@ -3652,20 +3650,20 @@ int amdgpu_device_init(struct amdgpu_dev
r = amdgpu_device_get_job_timeout_settings(adev);
if (r) {
dev_err(adev->dev, "invalid lockup_timeout parameter syntax\n");
- goto unmap_memory;
+ return r;
}
/* early init functions */
r = amdgpu_device_ip_early_init(adev);
if (r)
- goto unmap_memory;
+ return r;
amdgpu_device_set_mcbp(adev);
/* Get rid of things like offb */
r = drm_aperture_remove_conflicting_pci_framebuffers(adev->pdev, &amdgpu_kms_driver);
if (r)
- goto unmap_memory;
+ return r;
/* Enable TMZ based on IP_VERSION */
amdgpu_gmc_tmz_set(adev);
@@ -3675,7 +3673,7 @@ int amdgpu_device_init(struct amdgpu_dev
if (adev->gmc.xgmi.supported) {
r = adev->gfxhub.funcs->get_xgmi_info(adev);
if (r)
- goto unmap_memory;
+ return r;
}
/* enable PCIE atomic ops */
@@ -3932,8 +3930,6 @@ release_ras_con:
failed:
amdgpu_vf_error_trans_all(adev);
-unmap_memory:
- iounmap(adev->rmmio);
return r;
}
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2024-04-11 9:57 ` [PATCH 6.6 114/114] Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Greg Kroah-Hartman
@ 2024-04-11 18:02 ` SeongJae Park
2024-04-11 21:47 ` Florian Fainelli
` (9 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: SeongJae Park @ 2024-04-11 18:02 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: SeongJae Park, stable, patches, linux-kernel, torvalds, akpm,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie, damon
Hello,
On Thu, 11 Apr 2024 11:55:27 +0200 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
This rc kernel passes DAMON functionality test[1] on my test machine.
Attaching the test results summary below. Please note that I retrieved the
kernel from linux-stable-rc tree[2].
Tested-by: SeongJae Park <sj@kernel.org>
[1] https://github.com/awslabs/damon-tests/tree/next/corr
[2] 3126167a036c ("Linux 6.6.27-rc1")
Thanks,
SJ
[...]
---
ok 1 selftests: damon: debugfs_attrs.sh
ok 2 selftests: damon: debugfs_schemes.sh
ok 3 selftests: damon: debugfs_target_ids.sh
ok 4 selftests: damon: debugfs_empty_targets.sh
ok 5 selftests: damon: debugfs_huge_count_read_write.sh
ok 6 selftests: damon: debugfs_duplicate_context_creation.sh
ok 7 selftests: damon: debugfs_rm_non_contexts.sh
ok 8 selftests: damon: sysfs.sh
ok 9 selftests: damon: sysfs_update_removed_scheme_dir.sh
ok 10 selftests: damon: reclaim.sh
ok 11 selftests: damon: lru_sort.sh
ok 1 selftests: damon-tests: kunit.sh
ok 2 selftests: damon-tests: huge_count_read_write.sh
ok 3 selftests: damon-tests: buffer_overflow.sh
ok 4 selftests: damon-tests: rm_contexts.sh
ok 5 selftests: damon-tests: record_null_deref.sh
ok 6 selftests: damon-tests: dbgfs_target_ids_read_before_terminate_race.sh
ok 7 selftests: damon-tests: dbgfs_target_ids_pid_leak.sh
ok 8 selftests: damon-tests: damo_tests.sh
ok 9 selftests: damon-tests: masim-record.sh
ok 10 selftests: damon-tests: build_i386.sh
ok 11 selftests: damon-tests: build_arm64.sh
ok 12 selftests: damon-tests: build_m68k.sh
ok 13 selftests: damon-tests: build_i386_idle_flag.sh
ok 14 selftests: damon-tests: build_i386_highpte.sh
ok 15 selftests: damon-tests: build_nomemcg.sh
PASS
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2024-04-11 18:02 ` [PATCH 6.6 000/114] 6.6.27-rc1 review SeongJae Park
@ 2024-04-11 21:47 ` Florian Fainelli
2024-04-11 23:39 ` Shuah Khan
` (8 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Florian Fainelli @ 2024-04-11 21:47 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow,
conor, allen.lkml, broonie
On 4/11/24 02:55, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
--
Florian
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2024-04-11 21:47 ` Florian Fainelli
@ 2024-04-11 23:39 ` Shuah Khan
2024-04-12 6:46 ` Shreeya Patel
` (7 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Shuah Khan @ 2024-04-11 23:39 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, broonie, Shuah Khan
On 4/11/24 03:55, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2024-04-11 23:39 ` Shuah Khan
@ 2024-04-12 6:46 ` Shreeya Patel
2024-04-12 6:48 ` Shreeya Patel
` (6 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Shreeya Patel @ 2024-04-12 6:46 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
On Thursday, April 11, 2024 15:25 IST, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
KernelCI report for stable-rc/linux-6.6.y for this week :-
## stable-rc HEAD for linux-6.6.y:
Date: 2024-04-11
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/log/?h=3126167a036c76b2c9a53d19f7387cdcaf2ffd19
## Build failures:
No build failures seen for the stable-rc/linux-6.6.y commit head \o/
## Boot failures:
No **new** boot failures seen for the stable-rc/linux-6.6.y commit head \o/
Tested-by: kernelci.org bot <bot@kernelci.org>
Thanks,
Shreeya Patel
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2024-04-12 6:46 ` Shreeya Patel
@ 2024-04-12 6:48 ` Shreeya Patel
2024-04-12 7:22 ` Ron Economos
` (5 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Shreeya Patel @ 2024-04-12 6:48 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
Gustavo Padovan, kernelci-regressions mailing list
On Thursday, April 11, 2024 15:25 IST, Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
KernelCI report for stable-rc/linux-6.6.y for this week :-
## stable-rc HEAD for linux-6.6.y:
Date: 2024-04-11
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/log/?h=3126167a036c76b2c9a53d19f7387cdcaf2ffd19
## Build failures:
No build failures seen for the stable-rc/linux-6.6.y commit head \o/
## Boot failures:
No **new** boot failures seen for the stable-rc/linux-6.6.y commit head \o/
Tested-by: kernelci.org bot <bot@kernelci.org>
Thanks,
Shreeya Patel
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2024-04-12 6:48 ` Shreeya Patel
@ 2024-04-12 7:22 ` Ron Economos
2024-04-12 9:40 ` Jon Hunter
` (4 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Ron Economos @ 2024-04-12 7:22 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, broonie
On 4/11/24 2:55 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2024-04-12 7:22 ` Ron Economos
@ 2024-04-12 9:40 ` Jon Hunter
2024-04-12 10:04 ` Harshit Mogalapalli
` (3 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Jon Hunter @ 2024-04-12 9:40 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
linux-tegra, stable
On Thu, 11 Apr 2024 11:55:27 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v6.6:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
116 tests: 116 pass, 0 fail
Linux version: 6.6.27-rc1-g3126167a036c
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2024-04-12 9:40 ` Jon Hunter
@ 2024-04-12 10:04 ` Harshit Mogalapalli
2024-04-12 11:50 ` Takeshi Ogasawara
` (2 subsequent siblings)
124 siblings, 0 replies; 126+ messages in thread
From: Harshit Mogalapalli @ 2024-04-12 10:04 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, broonie, Vegard Nossum, Darren Kenny
Hi Greg,
On 11/04/24 15:25, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
No problems seen on x86_64 and aarch64 with our testing.
Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Thanks,
Harshit
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2024-04-12 10:04 ` Harshit Mogalapalli
@ 2024-04-12 11:50 ` Takeshi Ogasawara
2024-04-12 14:34 ` Naresh Kamboju
2024-04-12 22:24 ` Kelsey Steele
124 siblings, 0 replies; 126+ messages in thread
From: Takeshi Ogasawara @ 2024-04-12 11:50 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
Hi Greg
On Thu, Apr 11, 2024 at 7:25 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
6.6.27-rc1 tested.
Build successfully completed.
Boot successfully completed.
No dmesg regressions.
Video output normal.
Sound output normal.
Lenovo ThinkPad X1 Carbon Gen10(Intel i7-1260P(x86_64) arch linux)
[ 0.000000] Linux version 6.6.27-rc1rv
(takeshi@ThinkPadX1Gen10J0764) (gcc (GCC) 13.2.1 20230801, GNU ld (GNU
Binutils) 2.42.0) #1 SMP PREEMPT_DYNAMIC Fri Apr 12 19:42:31 JST 2024
Thanks
Tested-by: Takeshi Ogasawara <takeshi.ogasawara@futuring-girl.com>
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2024-04-12 11:50 ` Takeshi Ogasawara
@ 2024-04-12 14:34 ` Naresh Kamboju
2024-04-12 22:24 ` Kelsey Steele
124 siblings, 0 replies; 126+ messages in thread
From: Naresh Kamboju @ 2024-04-12 14:34 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
On Thu, 11 Apr 2024 at 15:56, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.27-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
## Build
* kernel: 6.6.27-rc1
* git: https://gitlab.com/Linaro/lkft/mirrors/stable/linux-stable-rc
* git branch: linux-6.6.y
* git commit: 3126167a036c76b2c9a53d19f7387cdcaf2ffd19
* git describe: v6.6.26-115-g3126167a036c
* test details:
https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.6.y/build/v6.6.26-115-g3126167a036c
## Test Regressions (compared to v6.6.26)
## Metric Regressions (compared to v6.6.26)
## Test Fixes (compared to v6.6.26)
## Metric Fixes (compared to v6.6.26)
## Test result summary
total: 242107, pass: 209368, fail: 2761, skip: 29712, xfail: 266
## Build Summary
* arc: 5 total, 5 passed, 0 failed
* arm: 133 total, 133 passed, 0 failed
* arm64: 41 total, 41 passed, 0 failed
* i386: 33 total, 32 passed, 1 failed
* mips: 26 total, 26 passed, 0 failed
* parisc: 4 total, 4 passed, 0 failed
* powerpc: 36 total, 36 passed, 0 failed
* riscv: 19 total, 19 passed, 0 failed
* s390: 13 total, 13 passed, 0 failed
* sh: 10 total, 10 passed, 0 failed
* sparc: 8 total, 8 passed, 0 failed
* x86_64: 37 total, 35 passed, 2 failed
## Test suites summary
* boot
* kselftest-android
* kselftest-arm64
* kselftest-breakpoints
* kselftest-capabilities
* kselftest-cgroup
* kselftest-clone3
* kselftest-core
* kselftest-cpu-hotplug
* kselftest-cpufreq
* kselftest-drivers-dma-buf
* kselftest-efivarfs
* kselftest-exec
* kselftest-filesystems
* kselftest-filesystems-binderfs
* kselftest-filesystems-epoll
* kselftest-firmware
* kselftest-fpu
* kselftest-ftrace
* kselftest-futex
* kselftest-gpio
* kselftest-intel_pstate
* kselftest-ipc
* kselftest-ir
* kselftest-kcmp
* kselftest-kexec
* kselftest-kvm
* kselftest-lib
* kselftest-livepatch
* kselftest-membarrier
* kselftest-memfd
* kselftest-memory-hotplug
* kselftest-mincore
* kselftest-mm
* kselftest-mount
* kselftest-mqueue
* kselftest-net
* kselftest-net-forwarding
* kselftest-net-mptcp
* kselftest-netfilter
* kselftest-nsfs
* kselftest-openat2
* kselftest-pid_namespace
* kselftest-pidfd
* kselftest-proc
* kselftest-pstore
* kselftest-ptrace
* kselftest-rseq
* kselftest-rtc
* kselftest-seccomp
* kselftest-sigaltstack
* kselftest-size
* kselftest-splice
* kselftest-static_keys
* kselftest-sync
* kselftest-sysctl
* kselftest-tc-testing
* kselftest-timens
* kselftest-timers
* kselftest-tmpfs
* kselftest-tpm2
* kselftest-user
* kselftest-user_events
* kselftest-vDSO
* kselftest-watchdog
* kselftest-x86
* kselftest-zram
* kunit
* libgpiod
* libhugetlbfs
* log-parser-boot
* log-parser-test
* ltp-cap_bounds
* ltp-commands
* ltp-containers
* ltp-controllers
* ltp-cpuhotplug
* ltp-crypto
* ltp-cve
* ltp-dio
* ltp-fcntl-locktests
* ltp-filecaps
* ltp-fs
* ltp-fs_bind
* ltp-fs_perms_simple
* ltp-hugetlb
* ltp-io
* ltp-ipc
* ltp-math
* ltp-mm
* ltp-nptl
* ltp-pty
* ltp-sched
* ltp-securebits
* ltp-smoke
* ltp-smoketest
* ltp-syscalls
* ltp-tracing
* perf
* rcutorture
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 126+ messages in thread
* Re: [PATCH 6.6 000/114] 6.6.27-rc1 review
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2024-04-12 14:34 ` Naresh Kamboju
@ 2024-04-12 22:24 ` Kelsey Steele
124 siblings, 0 replies; 126+ messages in thread
From: Kelsey Steele @ 2024-04-12 22:24 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
On Thu, Apr 11, 2024 at 11:55:27AM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.27 release.
> There are 114 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Sat, 13 Apr 2024 09:53:55 +0000.
> Anything received after that time might be too late.
No regressions found on WSL (x86 and arm64).
Built, booted, and reviewed dmesg.
Thank you. :)
Tested-by: Kelsey Steele <kelseysteele@linux.microsoft.com>
^ permalink raw reply [flat|nested] 126+ messages in thread
end of thread, other threads:[~2024-04-12 22:24 UTC | newest]
Thread overview: 126+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-11 9:55 [PATCH 6.6 000/114] 6.6.27-rc1 review Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 001/114] wifi: ath9k: fix LNA selection in ath_ant_try_scan() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 002/114] wifi: rtw89: fix null pointer access when abort scan Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 003/114] bnx2x: Fix firmware version string character counts Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 004/114] batman-adv: Return directly after a failed batadv_dat_select_candidates() in batadv_dat_forward_data() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 005/114] batman-adv: Improve exception handling in batadv_throw_uevent() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 006/114] net: stmmac: dwmac-starfive: Add support for JH7100 SoC Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 007/114] net: phy: phy_device: Prevent nullptr exceptions on ISR Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 008/114] wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 009/114] VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 010/114] wifi: iwlwifi: pcie: Add the PCI device id for new hardware Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 011/114] printk: For @suppress_panic_printk check for other CPU in panic Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 012/114] panic: Flush kernel log buffer at the end Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 013/114] cpuidle: Avoid potential overflow in integer multiplication Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 014/114] ARM: dts: rockchip: fix rk3288 hdmi ports node Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 015/114] ARM: dts: rockchip: fix rk322x " Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 016/114] arm64: dts: rockchip: fix rk3328 " Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 017/114] arm64: dts: rockchip: fix rk3399 " Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 018/114] net: add netdev_lockdep_set_classes() to virtual drivers Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 019/114] pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 020/114] pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 021/114] ionic: set adminq irq affinity Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 022/114] net: skbuff: add overflow debug check to pull/push helpers Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 023/114] firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 024/114] wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 025/114] wifi: mt76: mt7915: add locking for accessing mapped registers Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 026/114] wifi: mt76: mt7996: disable AMSDU for non-data frames Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 027/114] wifi: mt76: mt7996: add locking for accessing mapped registers Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 028/114] ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 029/114] pstore/zone: Add a null pointer check to the psz_kmsg_read Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 030/114] tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 031/114] net: pcs: xpcs: Return EINVAL in the internal methods Greg Kroah-Hartman
2024-04-11 9:55 ` [PATCH 6.6 032/114] dma-direct: Leak pages on dma_set_decrypted() failure Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 033/114] wifi: ath11k: decrease MHI channel buffer length to 8KB Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 034/114] cpufreq: Dont unregister cpufreq cooling on CPU hotplug Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 035/114] overflow: Allow non-type arg to type_max() and type_min() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 036/114] wifi: iwlwifi: Add missing MODULE_FIRMWARE() for *.pnvm Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 037/114] wifi: cfg80211: check A-MSDU format more carefully Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 038/114] btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 039/114] btrfs: export: handle invalid inode or root reference in btrfs_get_parent() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 040/114] btrfs: send: handle path ref underflow in header iterate_inode_ref() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 041/114] ice: use relative VSI index for VFs instead of PF VSI number Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 042/114] net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 043/114] Bluetooth: btintel: Fix null ptr deref in btintel_read_version Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 044/114] Bluetooth: btmtk: Add MODULE_FIRMWARE() for MT7922 Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 045/114] Bluetooth: Add new quirk for broken read key length on ATS2851 Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 046/114] drm/vc4: dont check if plane->state->fb == state->fb Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 047/114] Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 048/114] drm: panel-orientation-quirks: Add quirk for GPD Win Mini Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 049/114] ASoC: SOF: amd: Optimize quirk for Valve Galileo Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 050/114] drm/ttm: return ENOSPC from ttm_bo_mem_space v3 Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 051/114] pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 052/114] sysv: dont call sb_bread() with pointers_lock held Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 053/114] scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 054/114] isofs: handle CDs with bad root inode but good Joliet root directory Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 055/114] ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 056/114] rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 057/114] rcu-tasks: Repair RCU Tasks Trace quiescence check Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 058/114] Julia Lawall reported this null pointer dereference, this should fix it Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 059/114] media: sta2x11: fix irq handler cast Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 060/114] ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 061/114] ASoC: Intel: avs: Populate board selection with new I2S entries Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 062/114] ext4: add a hint for block bitmap corrupt state in mb_groups Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 063/114] ext4: forbid commit inconsistent quota data when errors=remount-ro Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 064/114] drm/amd/display: Fix nanosec stat overflow Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 065/114] accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 066/114] i2c: designware: Fix RX FIFO depth define on Wangxun 10Gb NIC Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 067/114] HID: input: avoid polling stylus battery on Chromebook Pompom Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 068/114] drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 069/114] drm: Check output polling initialized before disabling Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 070/114] SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 071/114] PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 072/114] Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 073/114] libperf evlist: Avoid out-of-bounds access Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 074/114] input/touchscreen: imagis: Correct the maximum touch area value Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 075/114] drivers/perf: hisi: Enable HiSilicon Erratum 162700402 quirk for HIP09 Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 076/114] block: prevent division by zero in blk_rq_stat_sum() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 077/114] RDMA/cm: add timeout to cm_destroy_id wait Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 078/114] Input: imagis - use FIELD_GET where applicable Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 079/114] Input: allocate keycode for Display refresh rate toggle Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 080/114] platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 081/114] perf/x86/amd/lbr: Discard erroneous branch entries Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 082/114] ALSA: hda/realtek: Add quirk for Lenovo Yoga 9 14IMH9 Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 083/114] ktest: force $buildonly = 1 for make_warnings_file test type Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 084/114] Input: xpad - add support for Snakebyte GAMEPADs Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 085/114] ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 086/114] tools: iio: replace seekdir() in iio_generic_buffer Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 087/114] bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 088/114] kernfs: RCU protect kernfs_nodes and avoid kernfs_idr_lock in kernfs_find_and_get_node_by_id() Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 089/114] usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 090/114] usb: typec: ucsi: Limit read size on v1.2 Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 091/114] thunderbolt: Keep the domain powered when USB4 port is in redrive mode Greg Kroah-Hartman
2024-04-11 9:56 ` [PATCH 6.6 092/114] usb: typec: tcpci: add generic tcpci fallback compatible Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 093/114] usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 094/114] ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 095/114] thermal/of: Assume polling-delay(-passive) 0 when absent Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 096/114] ASoC: soc-core.c: Skip dummy codec when adding platforms Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 097/114] x86/xen: attempt to inflate the memory balloon on PVH Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 098/114] fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 099/114] io_uring: clear opcode specific data for an early failure Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 100/114] modpost: fix null pointer dereference Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 101/114] drivers/nvme: Add quirks for device 126f:2262 Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 102/114] fbmon: prevent division by zero in fb_videomode_from_videomode() Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 103/114] ALSA: hda/realtek: Add quirks for some Clevo laptops Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 104/114] gcc-plugins/stackleak: Avoid .head.text section Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 105/114] selftests: mptcp: display simult in extra_msg Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 106/114] media: mediatek: vcodec: Fix oops when HEVC init fails Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 107/114] media: mediatek: vcodec: adding lock to protect decoder context list Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 108/114] media: mediatek: vcodec: adding lock to protect encoder " Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 109/114] randomize_kstack: Improve entropy diffusion Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 110/114] platform/x86: intel-vbtn: Update tablet mode switch at end of probe Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 111/114] Bluetooth: btintel: Fixe build regression Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 112/114] net: mpls: error out if inner headers are not set Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 113/114] VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Greg Kroah-Hartman
2024-04-11 9:57 ` [PATCH 6.6 114/114] Revert "drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()" Greg Kroah-Hartman
2024-04-11 18:02 ` [PATCH 6.6 000/114] 6.6.27-rc1 review SeongJae Park
2024-04-11 21:47 ` Florian Fainelli
2024-04-11 23:39 ` Shuah Khan
2024-04-12 6:46 ` Shreeya Patel
2024-04-12 6:48 ` Shreeya Patel
2024-04-12 7:22 ` Ron Economos
2024-04-12 9:40 ` Jon Hunter
2024-04-12 10:04 ` Harshit Mogalapalli
2024-04-12 11:50 ` Takeshi Ogasawara
2024-04-12 14:34 ` Naresh Kamboju
2024-04-12 22:24 ` Kelsey Steele
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).