Even if the Type-C controller supports PD, it is doable to disable PD
capabilities with the current state machine in TCPM. Without enabling RX
in low-level drivers and with skipping the power negotiation, the port
is eligible to be a non-PD Type-C port. Use new flags whose values are
populated from the device tree to decide the port PD capability. Adding
"pd-disable" property in device tree indicates that the port does not
support PD. If PD is not supported, the device tree property
"typec-power-opmode" shall be added to specify the advertised Rp value
if the port supports SRC role.
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Kyle Tso <kyletso@google.com>
Link: https://lore.kernel.org/r/20210804081917.3390341-3-kyletso@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit e9e6e164edhttps://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next)
Bug: 191413777
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: I7e1c9e2bcfbe3cffaa035efa330008c7d2eeda23
When enabling KVM_CAP_ARM_MTE the ioctl checks that there are no VCPUs
created to ensure that the capability is enabled before the VM is
running. However no locks are held at that point so it is
(theoretically) possible for another thread in the VMM to create VCPUs
between the check and actually setting mte_enabled. Close the race by
taking kvm->lock.
Reported-by: Alexandru Elisei <alexandru.elisei@arm.com>
Fixes: 673638f434 ("KVM: arm64: Expose KVM_ARM_CAP_MTE")
Signed-off-by: Steven Price <steven.price@arm.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210729160036.20433-1-steven.price@arm.com
(cherry picked from commit c4d7c51845)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 192636784
Change-Id: If572d9fa8fc2c7d955ba4ad174132506e6361a73
Hyp checks whether an address range only covers RAM by checking the
start/endpoints against a list of memblock_region structs. However,
the endpoint here is exclusive but internally is treated as inclusive.
Fix the off-by-one error that caused valid address ranges to be
rejected.
Cc: Quentin Perret <qperret@google.com>
Fixes: 90134ac9ca ("KVM: arm64: Protect the .hyp sections from the host")
Signed-off-by: David Brazdil <dbrazdil@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210728153232.1018911-2-dbrazdil@google.com
(cherry picked from commit facee1be76)
Signed-off-by: Will Deacon <willdeacon@google.com>
Bug: 192636784
Change-Id: I01fade3ef4b0bce6741bad238c83a1faee94499f
Changes in 5.10.59
KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag
firmware: tee_bnxt: Release TEE shm, session, and context during kexec
bpf: Add lockdown check for probe_write_user helper
Revert "selftests/resctrl: Use resctrl/info for feature detection"
mm: make zone_to_nid() and zone_set_nid() available for DISCONTIGMEM
arm64: dts: renesas: rzg2: Add usb2_clksel to RZ/G2 M/N/H
arm64: dts: renesas: beacon: Fix USB extal reference
arm64: dts: renesas: beacon: Fix USB ref clock references
vboxsf: Honor excl flag to the dir-inode create op
vboxsf: Make vboxsf_dir_create() return the handle for the created file
USB:ehci:fix Kunpeng920 ehci hardware problem
ALSA: pcm: Fix mmap breakage without explicit buffer setup
ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC
ALSA: hda: Add quirk for ASUS Flow x13
ppp: Fix generating ppp unit id when ifname is not specified
ovl: prevent private clone if bind mount is not allowed
net: xilinx_emaclite: Do not print real IOMEM pointer
Linux 5.10.59
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie4fc4982ae37dedc531b642a0b22041272fadc43
commit d0d62baa7f upstream.
Printing kernel pointers is discouraged because they might leak kernel
memory layout. This fixes smatch warning:
drivers/net/ethernet/xilinx/xilinx_emaclite.c:1191 xemaclite_of_probe() warn:
argument 4 to %08lX specifier is cast from pointer
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Pavel Machek (CIP) <pavel@denx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 427215d85e upstream.
Add the following checks from __do_loopback() to clone_private_mount() as
well:
- verify that the mount is in the current namespace
- verify that there are no locked children
Reported-by: Alois Wohlschlager <alois1@gmx-topmail.de>
Fixes: c771d683a6 ("vfs: introduce clone_private_mount()")
Cc: <stable@vger.kernel.org> # v3.18
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3125f26c51 upstream.
When registering new ppp interface via PPPIOCNEWUNIT ioctl then kernel has
to choose interface name as this ioctl API does not support specifying it.
Kernel in this case register new interface with name "ppp<id>" where <id>
is the ppp unit id, which can be obtained via PPPIOCGUNIT ioctl. This
applies also in the case when registering new ppp interface via rtnl
without supplying IFLA_IFNAME.
PPPIOCNEWUNIT ioctl allows to specify own ppp unit id which will kernel
assign to ppp interface, in case this ppp id is not already used by other
ppp interface.
In case user does not specify ppp unit id then kernel choose the first free
ppp unit id. This applies also for case when creating ppp interface via
rtnl method as it does not provide a way for specifying own ppp unit id.
If some network interface (does not have to be ppp) has name "ppp<id>"
with this first free ppp id then PPPIOCNEWUNIT ioctl or rtnl call fails.
And registering new ppp interface is not possible anymore, until interface
which holds conflicting name is renamed. Or when using rtnl method with
custom interface name in IFLA_IFNAME.
As list of allocated / used ppp unit ids is not possible to retrieve from
kernel to userspace, userspace has no idea what happens nor which interface
is doing this conflict.
So change the algorithm how ppp unit id is generated. And choose the first
number which is not neither used as ppp unit id nor in some network
interface with pattern "ppp<id>".
This issue can be simply reproduced by following pppd call when there is no
ppp interface registered and also no interface with name pattern "ppp<id>":
pppd ifname ppp1 +ipv6 noip noauth nolock local nodetach pty "pppd +ipv6 noip noauth nolock local nodetach notty"
Or by creating the one ppp interface (which gets assigned ppp unit id 0),
renaming it to "ppp1" and then trying to create a new ppp interface (which
will always fails as next free ppp unit id is 1, but network interface with
name "ppp1" exists).
This patch fixes above described issue by generating new and new ppp unit
id until some non-conflicting id with network interfaces is generated.
Signed-off-by: Pali Rohár <pali@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dc0dc8a73e upstream.
The recent fix c4824ae7db ("ALSA: pcm: Fix mmap capability check")
restricts the mmap capability only to the drivers that properly set up
the buffers, but it caused a regression for a few drivers that manage
the buffer on its own way.
For those with UNKNOWN buffer type (i.e. the uninitialized / unused
substream->dma_buffer), just assume that the driver handles the mmap
properly and blindly trust the hardware info bit.
Fixes: c4824ae7db ("ALSA: pcm: Fix mmap capability check")
Reported-and-tested-by: Jeff Woods <jwoods@fnordco.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/s5him0gpghv.wl-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 26b75952ca upstream.
Kunpeng920's EHCI controller does not have SBRN register.
Reading the SBRN register when the controller driver is
initialized will get 0.
When rebooting the EHCI driver, ehci_shutdown() will be called.
if the sbrn flag is 0, ehci_shutdown() will return directly.
The sbrn flag being 0 will cause the EHCI interrupt signal to
not be turned off after reboot. this interrupt that is not closed
will cause an exception to the device sharing the interrupt.
Therefore, the EHCI controller of Kunpeng920 needs to skip
the read operation of the SBRN register.
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Link: https://lore.kernel.org/r/1617958081-17999-1-git-send-email-liulongfang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ab0c29687b upstream
Make vboxsf_dir_create() optionally return the vboxsf-handle for
the created file. This is a preparation patch for adding atomic_open
support.
Fixes: 0fd1695766 ("fs: Add VirtualBox guest shared folder (vboxsf) support")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cc3ddee97c upstream
Honor the excl flag to the dir-inode create op, instead of behaving
as if it is always set.
Note the old behavior still worked most of the time since a non-exclusive
open only calls the create op, if there is a race and the file is created
between the dentry lookup and the calling of the create call.
While at it change the type of the is_dir parameter to the
vboxsf_dir_create() helper from an int to a bool, to be consistent with
the use of bool for the excl parameter.
Fixes: 0fd1695766 ("fs: Add VirtualBox guest shared folder (vboxsf) support")
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ebc666f39f upstream
The RZ/G2 boards expect there to be an external clock reference for
USB2 EHCI controllers. For the Beacon boards, this reference clock
is controlled by a programmable versaclock. Because the RZ/G2
family has a special clock driver when using an external clock,
the third clock reference in the EHCI node needs to point to this
special clock, called usb2_clksel.
Since the usb2_clksel does not keep the usb_extal clock enabled,
the 4th clock entry for the EHCI nodes needs to reference it to
keep the clock running and make USB functional.
Signed-off-by: Adam Ford <aford173@gmail.com>
Link: https://lore.kernel.org/r/20210513114617.30191-2-aford173@gmail.com
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 19eaad1400 which is
ee0415681e upstream.
This commit is not a stable candidate and was backported without needed
dependencies that results in the resctrl tests unable to compile.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 51e1bb9eea upstream.
Back then, commit 96ae522795 ("bpf: Add bpf_probe_write_user BPF helper
to be called in tracers") added the bpf_probe_write_user() helper in order
to allow to override user space memory. Its original goal was to have a
facility to "debug, divert, and manipulate execution of semi-cooperative
processes" under CAP_SYS_ADMIN. Write to kernel was explicitly disallowed
since it would otherwise tamper with its integrity.
One use case was shown in cf9b1199de ("samples/bpf: Add test/example of
using bpf_probe_write_user bpf helper") where the program DNATs traffic
at the time of connect(2) syscall, meaning, it rewrites the arguments to
a syscall while they're still in userspace, and before the syscall has a
chance to copy the argument into kernel space. These days we have better
mechanisms in BPF for achieving the same (e.g. for load-balancers), but
without having to write to userspace memory.
Of course the bpf_probe_write_user() helper can also be used to abuse
many other things for both good or bad purpose. Outside of BPF, there is
a similar mechanism for ptrace(2) such as PTRACE_PEEK{TEXT,DATA} and
PTRACE_POKE{TEXT,DATA}, but would likely require some more effort.
Commit 96ae522795 explicitly dedicated the helper for experimentation
purpose only. Thus, move the helper's availability behind a newly added
LOCKDOWN_BPF_WRITE_USER lockdown knob so that the helper is disabled under
the "integrity" mode. More fine-grained control can be implemented also
from LSM side with this change.
Fixes: 96ae522795 ("bpf: Add bpf_probe_write_user BPF helper to be called in tracers")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 914ab19e47 ]
Implement a .shutdown hook that will be called during a kexec operation
so that the TEE shared memory, session, and context that were set up
during .probe can be properly freed/closed.
Additionally, don't use dma-buf backed shared memory for the
fw_shm_pool. dma-buf backed shared memory cannot be reliably freed and
unregistered during a kexec operation even when tee_shm_free() is called
on the shm from a .shutdown hook. The problem occurs because
dma_buf_put() calls fput() which then uses task_work_add(), with the
TWA_RESUME parameter, to queue tee_shm_release() to be called before the
current task returns to user mode. However, the current task never
returns to user mode before the kexec completes so the memory is never
freed nor unregistered.
Use tee_shm_alloc_kernel_buf() to avoid dma-buf backed shared memory
allocation so that tee_shm_free() can directly call tee_shm_release().
This will ensure that the shm can be freed and unregistered during a
kexec operation.
Fixes: 246880958a ("firmware: broadcom: add OP-TEE based BNXT f/w manager")
Cc: stable@vger.kernel.org
Signed-off-by: Allen Pais <apais@linux.microsoft.com>
Co-developed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 376e4199e3 ]
Currently TEE_SHM_DMA_BUF flag has been inappropriately used to not
register shared memory allocated for private usage by underlying TEE
driver: OP-TEE in this case. So rather add a new flag as TEE_SHM_PRIV
that can be utilized by underlying TEE drivers for private allocation
and usage of shared memory.
With this corrected, allow tee_shm_alloc_kernel_buf() to allocate a
shared memory region without the backing of dma-buf.
Cc: stable@vger.kernel.org
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Co-developed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 179c6c27bf ]
Use the raw ASID, not ASID-1, when nullifying the last used VMCB when
freeing an SEV ASID. The consumer, pre_sev_run(), indexes the array by
the raw ASID, thus KVM could get a false negative when checking for a
different VMCB if KVM manages to reallocate the same ASID+VMCB combo for
a new VM.
Note, this cannot cause a functional issue _in the current code_, as
pre_sev_run() also checks which pCPU last did VMRUN for the vCPU, and
last_vmentry_cpu is initialized to -1 during vCPU creation, i.e. is
guaranteed to mismatch on the first VMRUN. However, prior to commit
8a14fe4f0c ("kvm: x86: Move last_cpu into kvm_vcpu_arch as
last_vmentry_cpu"), SVM tracked pCPU on its own and zero-initialized the
last_cpu variable. Thus it's theoretically possible that older versions
of KVM could miss a TLB flush if the first VMRUN is on pCPU0 and the ASID
and VMCB exactly match those of a prior VM.
Fixes: 70cd94e60c ("KVM: SVM: VMRUN should use associated ASID when SEV is enabled")
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Enable CONFIG_NFC to support GKI general android device.
When we set CONFIG_NFC=m for driver enable, nfc.ko module needs many
network ABI. So, make CONFIG_NFC=y in gki kernel to ensure all other
nfc device can use without adding ABI list.
- ABI list needed by nfc.ko (CONFIG_NFC=m)
add_wait_queue
add_wait_queue_exclusive
capable
class_dev_iter_exit
class_dev_iter_init
class_dev_iter_next
_copy_from_iter_full
datagram_poll
default_wake_function
lock_sock_nested
nla_strlcpy
proto_register
proto_unregister
__pskb_copy_fclone
release_sock
remove_wait_queue
security_sock_graft
sk_alloc
skb_copy_datagram_iter
skb_free_datagram
skb_recv_datagram
skb_unlink
sk_free
sock_alloc_send_skb
sock_init_data
sock_no_accept
sock_no_bind
sock_no_connect
sock_no_getname
sock_no_ioctl
sock_no_listen
sock_no_mmap
sock_no_sendmsg
sock_no_shutdown
sock_no_socketpair
sock_queue_rcv_skb
__sock_recv_timestamp
__sock_recv_wifi_status
sock_register
sock_unregister
Bug: 196480985
Change-Id: Ie6f0d4bec65c1e2663493e9165b7072dea7c5348
Signed-off-by: Hajun Sung <hajun.sung@samsung.com>
(cherry picked from commit c72ca115a2)
And for that, do not maintain yet another list.
Bug: 194314089
Signed-off-by: Matthias Maennich <maennich@google.com>
Change-Id: Ie3c40f9bd4f5fa791b4b312c09258fe81775c5e1
Enable CONFIG_SCSI_UFS_HPB such that the UFS HPB (Host Performance
Booster) feature can be used.
Bug: 196429202
Change-Id: I1aab63c83445e243be190396c452a4203e93dbc1
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Changes in 5.10.58
Revert "ACPICA: Fix memory leak caused by _CID repair function"
ALSA: seq: Fix racy deletion of subscriber
bus: ti-sysc: Fix gpt12 system timer issue with reserved status
net: xfrm: fix memory leak in xfrm_user_rcv_msg
arm64: dts: ls1028a: fix node name for the sysclk
ARM: imx: add missing iounmap()
ARM: imx: add missing clk_disable_unprepare()
ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms
arm64: dts: ls1028: sl28: fix networking for variant 2
ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz
ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init
ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out pins
arm64: dts: armada-3720-turris-mox: fixed indices for the SDHC controllers
arm64: dts: armada-3720-turris-mox: remove mrvl,i2c-fast-mode
ALSA: usb-audio: fix incorrect clock source setting
clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
ARM: dts: am437x-l4: fix typo in can@0 node
omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator
dmaengine: uniphier-xdmac: Use readl_poll_timeout_atomic() in atomic state
clk: tegra: Implement disable_unused() of tegra_clk_sdmmc_mux_ops
dmaengine: stm32-dma: Fix PM usage counter imbalance in stm32 dma ops
dmaengine: stm32-dmamux: Fix PM usage counter unbalance in stm32 dmamux ops
spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
scsi: sr: Return correct event when media event code is 3
media: videobuf2-core: dequeue if start_streaming fails
ARM: dts: stm32: Disable LAN8710 EDPD on DHCOM
ARM: dts: stm32: Fix touchscreen IRQ line assignment on DHCOM
dmaengine: imx-dma: configure the generic DMA type to make it work
net, gro: Set inner transport header offset in tcp/udp GRO hook
net: dsa: sja1105: overwrite dynamic FDB entries with static ones in .port_fdb_add
net: dsa: sja1105: invalidate dynamic FDB entries learned concurrently with statically added ones
net: dsa: sja1105: be stateless with FDB entries on SJA1105P/Q/R/S/SJA1110 too
net: dsa: sja1105: match FDB entries regardless of inner/outer VLAN tag
net: phy: micrel: Fix detection of ksz87xx switch
net: natsemi: Fix missing pci_disable_device() in probe and remove
gpio: tqmx86: really make IRQ optional
RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently
sctp: move the active_key update after sh_keys is added
nfp: update ethtool reporting of pauseframe control
net: ipv6: fix returned variable type in ip6_skb_dst_mtu
net: dsa: qca: ar9331: reorder MDIO write sequence
net: sched: fix lockdep_set_class() typo error for sch->seqlock
MIPS: check return value of pgtable_pmd_page_ctor
mips: Fix non-POSIX regexp
bnx2x: fix an error code in bnx2x_nic_load()
net: pegasus: fix uninit-value in get_interrupt_interval
net: fec: fix use-after-free in fec_drv_remove
net: vxge: fix use-after-free in vxge_device_unregister
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
Bluetooth: defer cleanup of resources in hci_unregister_dev()
USB: usbtmc: Fix RCU stall warning
USB: serial: option: add Telit FD980 composition 0x1056
USB: serial: ch341: fix character loss at high transfer rates
USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback
firmware_loader: fix use-after-free in firmware_fallback_sysfs
drm/amdgpu/display: fix DMUB firmware version info
ALSA: pcm - fix mmap capability check for the snd-dummy driver
ALSA: hda/realtek: add mic quirk for Acer SF314-42
ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256)
ALSA: usb-audio: Fix superfluous autosuspend recovery
ALSA: usb-audio: Add registration quirk for JBL Quantum 600
usb: dwc3: gadget: Avoid runtime resume if disabling pullup
usb: gadget: remove leaked entry from udc driver list
usb: cdns3: Fixed incorrect gadget state
usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
usb: gadget: f_hid: fixed NULL pointer dereference
usb: gadget: f_hid: idle uses the highest byte for duration
usb: host: ohci-at91: suspend/resume ports after/before OHCI accesses
usb: typec: tcpm: Keep other events when receiving FRS and Sourcing_vbus events
usb: otg-fsm: Fix hrtimer list corruption
clk: fix leak on devm_clk_bulk_get_all() unwind
scripts/tracing: fix the bug that can't parse raw_trace_func
tracing / histogram: Give calculation hist_fields a size
tracing: Reject string operand in the histogram expression
tracing: Fix NULL pointer dereference in start_creating
tracepoint: static call: Compare data on transition from 2->1 callees
tracepoint: Fix static call function vs data state mismatch
arm64: stacktrace: avoid tracing arch_stack_walk()
optee: Clear stale cache entries during initialization
tee: add tee_shm_alloc_kernel_buf()
optee: Fix memory leak when failing to register shm pages
optee: Refuse to load the driver under the kdump kernel
optee: fix tee out of memory failure seen during kexec reboot
tpm_ftpm_tee: Free and unregister TEE shared memory during kexec
staging: rtl8723bs: Fix a resource leak in sd_int_dpc
staging: rtl8712: get rid of flush_scheduled_work
staging: rtl8712: error handling refactoring
drivers core: Fix oops when driver probe fails
media: rtl28xxu: fix zero-length control request
pipe: increase minimum default pipe size to 2 pages
ext4: fix potential htree corruption when growing large_dir directories
serial: tegra: Only print FIFO error message when an error occurs
serial: 8250_mtk: fix uart corruption issue when rx power off
serial: 8250: Mask out floating 16/32-bit bus bits
MIPS: Malta: Do not byte-swap accesses to the CBUS UART
serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts.
fpga: dfl: fme: Fix cpu hotplug issue in performance reporting
timers: Move clearing of base::timer_running under base:: Lock
xfrm: Fix RCU vs hash_resize_mutex lock inversion
net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
pcmcia: i82092: fix a null pointer dereference bug
selinux: correct the return value when loads initial sids
bus: ti-sysc: AM3: RNG is GP only
Revert "gpio: mpc8xxx: change the gpio interrupt flags."
ARM: omap2+: hwmod: fix potential NULL pointer access
md/raid10: properly indicate failure when ending a failed write request
KVM: x86: accept userspace interrupt only if no event is injected
KVM: Do not leak memory for duplicate debugfs directories
KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
arm64: vdso: Avoid ISB after reading from cntvct_el0
soc: ixp4xx: fix printing resources
interconnect: Fix undersized devress_alloc allocation
spi: meson-spicc: fix memory leak in meson_spicc_remove
interconnect: Zero initial BW after sync-state
interconnect: Always call pre_aggregate before aggregate
interconnect: qcom: icc-rpmh: Ensure floor BW is enforced for all nodes
drm/i915: Correct SFC_DONE register offset
soc: ixp4xx/qmgr: fix invalid __iomem access
perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
sched/rt: Fix double enqueue caused by rt_effective_prio
drm/i915: avoid uninitialised var in eb_parse()
libata: fix ata_pio_sector for CONFIG_HIGHMEM
reiserfs: add check for root_inode in reiserfs_fill_super
reiserfs: check directory items on read from disk
virt_wifi: fix error on connect
net: qede: Fix end of loop tests for list_for_each_entry
alpha: Send stop IPI to send to online CPUs
net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset
smb3: rc uninitialized in one fallocate path
drm/amdgpu/display: only enable aux backlight control for OLED panels
arm64: fix compat syscall return truncation
Linux 5.10.58
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I33d51f06c9620ff7db59fb696a513f85911b3c5c
commit e30e8d46cf upstream.
Due to inconsistencies in the way we manipulate compat GPRs, we have a
few issues today:
* For audit and tracing, where error codes are handled as a (native)
long, negative error codes are expected to be sign-extended to the
native 64-bits, or they may fail to be matched correctly. Thus a
syscall which fails with an error may erroneously be identified as
failing.
* For ptrace, *all* compat return values should be sign-extended for
consistency with 32-bit arm, but we currently only do this for
negative return codes.
* As we may transiently set the upper 32 bits of some compat GPRs while
in the kernel, these can be sampled by perf, which is somewhat
confusing. This means that where a syscall returns a pointer above 2G,
this will be sign-extended, but will not be mistaken for an error as
error codes are constrained to the inclusive range [-4096, -1] where
no user pointer can exist.
To fix all of these, we must consistently use helpers to get/set the
compat GPRs, ensuring that we never write the upper 32 bits of the
return code, and always sign-extend when reading the return code. This
patch does so, with the following changes:
* We re-organise syscall_get_return_value() to always sign-extend for
compat tasks, and reimplement syscall_get_error() atop. We update
syscall_trace_exit() to use syscall_get_return_value().
* We consistently use syscall_set_return_value() to set the return
value, ensureing the upper 32 bits are never set unexpectedly.
* As the core audit code currently uses regs_return_value() rather than
syscall_get_return_value(), we special-case this for
compat_user_mode(regs) such that this will do the right thing. Going
forward, we should try to move the core audit code over to
syscall_get_return_value().
Cc: <stable@vger.kernel.org>
Reported-by: He Zhe <zhe.he@windriver.com>
Reported-by: weiyuchen <weiyuchen3@huawei.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20210802104200.21390-1-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
[Mark: trivial conflict resolution for v5.10.y]
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit f2ad3accef ]
We've gotten a number of reports about backlight control not
working on panels which indicate that they use aux backlight
control. A recent patch:
commit 2d73eabe29
Author: Camille Cho <Camille.Cho@amd.com>
Date: Thu Jul 8 18:28:37 2021 +0800
drm/amd/display: Only set default brightness for OLED
[Why]
We used to unconditionally set backlight path as AUX for panels capable
of backlight adjustment via DPCD in set default brightness.
[How]
This should be limited to OLED panel only since we control backlight via
PWM path for SDR mode in LCD HDR panel.
Reviewed-by: Krunoslav Kovac <krunoslav.kovac@amd.com>
Acked-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Camille Cho <Camille.Cho@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Changes some other code to only use aux for backlight control on
OLED panels. The commit message seems to indicate that PWM should
be used for SDR mode on HDR panels. Do something similar for
backlight control in general. This may need to be revisited if and
when HDR started to get used.
Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1438
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=213715
Reviewed-by: Roman Li <Roman.Li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5ad4df56cd ]
Clang detected a problem with rc possibly being unitialized
(when length is zero) in a recently added fallocate code path.
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 92766c4628 ]
When calling the 'ql_wait_for_drvr_lock' and 'ql_adapter_reset', the driver
has already acquired the spin lock, so the driver should not call 'ssleep'
in atomic context.
This bug can be fixed by using 'mdelay' instead of 'ssleep'.
Reported-by: Letu Ren <fantasquex@gmail.com>
Signed-off-by: Letu Ren <fantasquex@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit caace6ca4e ]
This issue was noticed while debugging a shutdown issue where some
secondary CPUs are not being shutdown correctly. A fix for that [1] requires
that secondary cpus be offlined using the cpu_online_mask so that the
stop operation is a no-op if CPU HOTPLUG is disabled. I, like the author in
[1] looked at the architectures and found that alpha is one of two
architectures that executes smp_send_stop() on all possible CPUs.
On alpha, smp_send_stop() sends an IPI to all possible CPUs but only needs
to send them to online CPUs.
Send the stop IPI to only the online CPUs.
[1] https://lkml.org/lkml/2020/1/10/250
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 795e3d2ea6 ]
The list_for_each_entry() iterator, "vlan" in this code, can never be
NULL so the warning will never be printed.
Signed-off-by: Harshvardhan Jha <harshvardhan.jha@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ecef6a9eff ]
Data transfers are not required to be block aligned in memory, so they
span two pages. Fix this by splitting the call to >sff_data_xfer into
two for that case.
This has been broken since the initial libata import before the damn
of git, but was uncovered by the legacy ide driver removal.
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20210709130237.3730959-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
The backport of c9d9fdbc10 to 5.10 in
6976f3cf34 removed more than it should
have leading to 'batch' being used uninitialised. The 5.13 backport and
the mainline commit did not remove the portion this patch adds back.
Signed-off-by: Jonathan Gray <jsg@jsg.id.au>
Fixes: 6976f3cf34 ("drm/i915: Revert "drm/i915/gem: Asynchronous cmdparser"")
Cc: <stable@vger.kernel.org> # 5.10
Cc: Jason Ekstrand <jason@jlekstrand.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f558c2b834 upstream.
Double enqueues in rt runqueues (list) have been reported while running
a simple test that spawns a number of threads doing a short sleep/run
pattern while being concurrently setscheduled between rt and fair class.
WARNING: CPU: 3 PID: 2825 at kernel/sched/rt.c:1294 enqueue_task_rt+0x355/0x360
CPU: 3 PID: 2825 Comm: setsched__13
RIP: 0010:enqueue_task_rt+0x355/0x360
Call Trace:
__sched_setscheduler+0x581/0x9d0
_sched_setscheduler+0x63/0xa0
do_sched_setscheduler+0xa0/0x150
__x64_sys_sched_setscheduler+0x1a/0x30
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
list_add double add: new=ffff9867cb629b40, prev=ffff9867cb629b40,
next=ffff98679fc67ca0.
kernel BUG at lib/list_debug.c:31!
invalid opcode: 0000 [#1] PREEMPT_RT SMP PTI
CPU: 3 PID: 2825 Comm: setsched__13
RIP: 0010:__list_add_valid+0x41/0x50
Call Trace:
enqueue_task_rt+0x291/0x360
__sched_setscheduler+0x581/0x9d0
_sched_setscheduler+0x63/0xa0
do_sched_setscheduler+0xa0/0x150
__x64_sys_sched_setscheduler+0x1a/0x30
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
__sched_setscheduler() uses rt_effective_prio() to handle proper queuing
of priority boosted tasks that are setscheduled while being boosted.
rt_effective_prio() is however called twice per each
__sched_setscheduler() call: first directly by __sched_setscheduler()
before dequeuing the task and then by __setscheduler() to actually do
the priority change. If the priority of the pi_top_task is concurrently
being changed however, it might happen that the two calls return
different results. If, for example, the first call returned the same rt
priority the task was running at and the second one a fair priority, the
task won't be removed by the rt list (on_list still set) and then
enqueued in the fair runqueue. When eventually setscheduled back to rt
it will be seen as enqueued already and the WARNING/BUG be issued.
Fix this by calling rt_effective_prio() only once and then reusing the
return value. While at it refactor code as well for clarity. Concurrent
priority inheritance handling is still safe and will eventually converge
to a new state by following the inheritance chain(s).
Fixes: 0782e63bc6 ("sched: Handle priority boosted tasks proper in setscheduler()")
[squashed Peterz changes; added changelog]
Reported-by: Mark Simmons <msimmons@redhat.com>
Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20210803104501.38333-1-juri.lelli@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit df51fe7ea1 upstream.
If we use "perf record" in an AMD Milan guest, dmesg reports a #GP
warning from an unchecked MSR access error on MSR_F15H_PERF_CTLx:
[] unchecked MSR access error: WRMSR to 0xc0010200 (tried to write 0x0000020000110076) at rIP: 0xffffffff8106ddb4 (native_write_msr+0x4/0x20)
[] Call Trace:
[] amd_pmu_disable_event+0x22/0x90
[] x86_pmu_stop+0x4c/0xa0
[] x86_pmu_del+0x3a/0x140
The AMD64_EVENTSEL_HOSTONLY bit is defined and used on the host,
while the guest perf driver should avoid such use.
Fixes: 1018faa6cf ("perf/x86/kvm: Fix Host-Only/Guest-Only counting with SVM disabled")
Signed-off-by: Like Xu <likexu@tencent.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Tested-by: Kim Phillips <kim.phillips@amd.com>
Tested-by: Liam Merwick <liam.merwick@oracle.com>
Link: https://lkml.kernel.org/r/20210802070850.35295-1-likexu@tencent.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a8eee86317 upstream.
Sparse reports a compile time warning when dereferencing an
__iomem pointer:
drivers/soc/ixp4xx/ixp4xx-qmgr.c:149:37: warning: dereference of noderef expression
drivers/soc/ixp4xx/ixp4xx-qmgr.c:153:40: warning: dereference of noderef expression
drivers/soc/ixp4xx/ixp4xx-qmgr.c:154:40: warning: dereference of noderef expression
drivers/soc/ixp4xx/ixp4xx-qmgr.c:174:38: warning: dereference of noderef expression
drivers/soc/ixp4xx/ixp4xx-qmgr.c:174:44: warning: dereference of noderef expression
Use __raw_readl() here for consistency with the rest of the file.
This should really get converted to some proper accessor, as the
__raw functions are not meant to be used in drivers, but the driver
has used these since the start, so for the moment, let's only fix
the warning.
Reported-by: kernel test robot <lkp@intel.com>
Fixes: d4c9e9fc97 ("IXP42x: Add QMgr support for IXP425 rev. A0 processors.")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ce5a595744 upstream.
We currently only enforce BW floors for a subset of nodes in a path.
All BCMs that need updating are queued in the pre_aggregate/aggregate
phase. The first set() commits all queued BCMs and subsequent set()
calls short-circuit without committing anything. Since the floor BW
isn't set in sum_avg/max_peak until set(), then some BCMs are committed
before their associated nodes reflect the floor.
Set the floor as each node is being aggregated. This ensures that all
all relevant floors are set before the BCMs are committed.
Fixes: 266cd33b59 ("interconnect: qcom: Ensure that the floor bandwidth value is enforced")
Signed-off-by: Mike Tipton <mdtipton@codeaurora.org>
Link: https://lore.kernel.org/r/20210721175432.2119-4-mdtipton@codeaurora.org
[georgi: Removed unused variable]
Signed-off-by: Georgi Djakov <djakov@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
