We always need to lock now, because locks became smaller
(see d562e901f2
"fs/ntfs3: Move ni_lock_dir and ni_unlock into ntfs_create_inode").
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Qualcomm driver fixes for v5.15
This restricts the QCOM_SCM driver to depend on ARCH_QCOM, to reduce
it's presence after becoming a loadable module.
It then fixes a regression in the mdt_loader, where firmware with the
hash segment marked as PT_LOAD would no longer be accepted, preventing
several MSM8974 and SDM660 devices from loading remoteproc firmware.
Lastly it corrects the drvdata associated with the socinfo device during
probe, to match that expected by the remove function.
* tag 'qcom-drivers-fixes-for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux:
firmware: qcom_scm: QCOM_SCM should depend on ARCH_QCOM
soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
soc: qcom: socinfo: Fixed argument passed to platform_set_data()
Link: https://lore.kernel.org/r/20210930025456.1035-1-bjorn.andersson@linaro.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Qualcomm ARM64 DTS fixes for 5.15
This starts by reverting the SC7280 CPUfreq update, which was merged
before concensus about the associated drivers changes was reached.
It then moves the reserved-memory changes done to get IPA working on the
Lenovo Yoga C630 into the Yoga specific DTS, as changing the memory map
on the platform level did break a couple of the other boards.
It fixes the HDMI audio on Trogdor and add missing Aggre2 NOC qos clocks
on SDM6{30,36,60} which prevented some boards from booting.
Lastly it enables the PON module on SM8250/QRB5165, as the lack thereof
is blocking automated testing in LKFT.
* tag 'qcom-arm64-fixes-for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux:
arm64: dts: qcom: sdm630: Add missing a2noc qos clocks
arm64: dts: qcom: qrb5165-rb5: enabled pwrkey and resin nodes
arm64: dts: qcom: pm8150: specify reboot mode magics
arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding
arm64: dts: qcom: sc7180-trogdor: Fix lpass dai link for HDMI
arm64: dts: qcom: sdm850-yoga: Reshuffle IPA memory mappings
Revert "arm64: dts: qcom: sc7280: Fixup the cpufreq node"
Link: https://lore.kernel.org/r/20210930025509.1091-1-bjorn.andersson@linaro.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Juno/Vexpress fixes for v5.15
Bunch of DTS fixes to resolve addressing issues with some of the device
nodes, dropping unused/undocumented properties in various nodes, and
aligning node names with dtschema.
* tag 'juno-fixes-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux:
arm: dts: vexpress: Fix motherboard bus 'interrupt-map'
arm: dts: vexpress: Fix addressing issues with 'motherboard-bus' nodes
arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address
arm: dts: vexpress: Drop unused properties from motherboard node
arm64: dts: arm: drop unused interrupt-names in MHU
ARM: dts: arm: align watchdog and mmc node names with dtschema
arm64: dts: arm: align watchdog and mmc node names with dtschema
arm64: dts: fvp: Remove panel timings
Link: https://lore.kernel.org/r/20210927105249.3583380-1-sudeep.holla@arm.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Qualcomm DTS fixes for v5.15
This corrects the use of depricated chipid and clock names, for which
support was finally dropped from the driver. It also ensures that the
DSI PLL is fed by the correct clock, now that it's being migrated to not
rely on global clock names.
* tag 'qcom-dts-fixes-for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux:
ARM: dts: qcom: apq8064: update Adreno clock names
ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference
ARM: dts: qcom: apq8064: use compatible which contains chipid
Link: https://lore.kernel.org/r/20210930025526.1146-1-bjorn.andersson@linaro.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
AT91 fixes#2 for 5.15:
- More fixes for AT91 platform power management code related to the
introduction of sama7g5:
- management of DDR3L regulator rails for sama7g5ek
- loading of TLB on different cores
- PIO controller slew-rate settings for sama7g5ek: be aligned with
datasheet requirements.
* tag 'at91-fixes-5.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/at91/linux:
ARM: dts: at91: sama7g5ek: to not touch slew-rate for SDMMC pins
ARM: dts: at91: sama7g5ek: use proper slew-rate settings for GMACs
ARM: at91: pm: preload base address of controllers in tlb
ARM: at91: pm: group constants and addresses loading
ARM: dts: at91: sama7g5ek: add suspend voltage for ddr3l rail
Link: https://lore.kernel.org/r/20211004114344.19304-1-nicolas.ferre@microchip.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The SERIAL_8250_FSL option is used to enable a workaround for a
break-detection erratum for Freescale 16550 UARTs in the 8250 driver and
is currently also used to enable support for ACPI enumeration.
It is enabled on PPC, ARM and ARM64 whenever 8250 console support is
enabled (since the quirk is needed for sysrq handling).
Commit b1442c55ce ("serial: 8250: extend compile-test coverage")
enabled compile testing of the code in question but did not provide a
means to disable the option when COMPILE_TEST is enabled.
Add a conditional input prompt instead so that SERIAL_8250_FSL is no
longer enabled by default when compile testing while continuing to
always enable the quirk for platforms that may need it.
Fixes: b1442c55ce ("serial: 8250: extend compile-test coverage")
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20210924141232.4419-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
VM_SHARED mappings are currently forbidden in a memslot with MTE to
prevent two VMs racing to sanitise the same page. However, this check
is performed while holding current->mm's mmap_lock, but fails to release
it. Fix this by releasing the lock when needed.
Fixes: ea7fc1bb1c ("KVM: arm64: Introduce MTE VM feature")
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005122031.809857-1-qperret@google.com
While existing code is correct, KCSAN is reporting
a data-race in netlink_insert / netlink_sendmsg [1]
It is correct to read nlk->bound without a lock, as netlink_autobind()
will acquire all needed locks.
[1]
BUG: KCSAN: data-race in netlink_insert / netlink_sendmsg
write to 0xffff8881031c8b30 of 1 bytes by task 18752 on cpu 0:
netlink_insert+0x5cc/0x7f0 net/netlink/af_netlink.c:597
netlink_autobind+0xa9/0x150 net/netlink/af_netlink.c:842
netlink_sendmsg+0x479/0x7c0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:703 [inline]
sock_sendmsg net/socket.c:723 [inline]
____sys_sendmsg+0x360/0x4d0 net/socket.c:2392
___sys_sendmsg net/socket.c:2446 [inline]
__sys_sendmsg+0x1ed/0x270 net/socket.c:2475
__do_sys_sendmsg net/socket.c:2484 [inline]
__se_sys_sendmsg net/socket.c:2482 [inline]
__x64_sys_sendmsg+0x42/0x50 net/socket.c:2482
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff8881031c8b30 of 1 bytes by task 18751 on cpu 1:
netlink_sendmsg+0x270/0x7c0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:703 [inline]
sock_sendmsg net/socket.c:723 [inline]
__sys_sendto+0x2a8/0x370 net/socket.c:2019
__do_sys_sendto net/socket.c:2031 [inline]
__se_sys_sendto net/socket.c:2027 [inline]
__x64_sys_sendto+0x74/0x90 net/socket.c:2027
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18751 Comm: syz-executor.0 Not tainted 5.14.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: da314c9923 ("netlink: Replace rhash_portid with bound")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
According to Synopsys DesignWare Cores Ethernet PCS databook, it is
required to disable Clause 37 auto-negotiation by programming bit-12
(AN_ENABLE) to 0 if it is already enabled, before programming various
fields of VR_MII_AN_CTRL registers.
After all these programming are done, it is then required to enable
Clause 37 auto-negotiation by programming bit-12 (AN_ENABLE) to 1.
Fixes: b97b5331b8 ("net: pcs: add C37 SGMII AN support for intel mGbE controller")
Cc: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Wong Vee Khee <vee.khee.wong@linux.intel.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Tested-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The string should be "tx_disable" to match the state enum.
Fixes: 4005a7cb4f ("net: phy: sftp: print debug message with text, not numbers")
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit b1c36aae51 ("regulator: Convert SY8106A binding to a schema")
converts sy8106a-regulator.txt to silergy,sy8106a.yaml, but missed to
adjust its reference in MAINTAINERS.
Hence, ./scripts/get_maintainer.pl --self-test=patterns complains about
a broken reference.
Repair this file reference in SY8106A REGULATOR DRIVER.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Link: https://lore.kernel.org/r/20211005075451.29691-11-lukas.bulwahn@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
The KVM page-table library refcounts the pages of concatenated stage-2
PGDs individually. However, when running KVM in protected mode, the
host's stage-2 PGD is currently managed by EL2 as a single high-order
compound page, which can cause the refcount of the tail pages to reach 0
when they shouldn't, hence corrupting the page-table.
Fix this by introducing a new hyp_split_page() helper in the EL2 page
allocator (matching the kernel's split_page() function), and make use of
it from host_s2_zalloc_pages_exact().
Fixes: 1025c8c0c6 ("KVM: arm64: Wrap the host with a stage 2")
Acked-by: Will Deacon <will@kernel.org>
Suggested-by: Will Deacon <will@kernel.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20211005090155.734578-5-qperret@google.com
A recent change that started reporting break events to the line
discipline caused the tty-buffer insertions to no longer be serialised
by inserting events also from the completion handler for the interrupt
endpoint.
Completion calls for distinct endpoints are not guaranteed to be
serialised. For example, in case a host-controller driver uses
bottom-half completion, the interrupt and bulk-in completion handlers
can end up running in parallel on two CPUs (high-and low-prio tasklets,
respectively) thereby breaking the tty layer's single producer
assumption.
Fix this by holding the read lock also when inserting characters from
the bulk endpoint.
Fixes: 08dff274ed ("cdc-acm: fix BREAK rx code path adding necessary calls")
Cc: stable@vger.kernel.org
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20210929090937.7410-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Async feedback patches broke enumeration on Windows 10 previously fixed
by commit 789ea77310 ("usb: gadget: f_uac2: always increase endpoint
max_packet_size by one audio slot").
While the existing calculation for EP OUT capture for async mode yields
size+1 frame due to uac2_opts->fb_max > 0, playback side lost the +1
feature. Therefore the +1 frame addition must be re-introduced for
playback. Win10 enumerates the device only when both EP IN and EP OUT
max packet sizes are (at least) +1 frame.
Fixes: e89bb42883 ("usb: gadget: u_audio: add real feedback implementation")
Cc: stable <stable@vger.kernel.org>
Tested-by: Henrik Enquist <henrik.enquist@gmail.com>
Tested-by: Jack Pham <jackp@codeaurora.org>
Signed-off-by: Pavel Hofman <pavel.hofman@ivitera.com>
Link: https://lore.kernel.org/r/20210924080027.5362-1-pavel.hofman@ivitera.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When passing 'phys' in the devicetree to describe the USB PHY phandle
(which is the recommended way according to
Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the
following NULL pointer dereference is observed on i.MX7 and i.MX8MM:
[ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098
[ 1.498170] Mem abort info:
[ 1.500966] ESR = 0x96000044
[ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits
[ 1.509356] SET = 0, FnV = 0
[ 1.512416] EA = 0, S1PTW = 0
[ 1.515569] FSC = 0x04: level 0 translation fault
[ 1.520458] Data abort info:
[ 1.523349] ISV = 0, ISS = 0x00000044
[ 1.527196] CM = 0, WnR = 1
[ 1.530176] [0000000000000098] user address but active_mm is swapper
[ 1.536544] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[ 1.542125] Modules linked in:
[ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty #3
[ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT)
[ 1.557133] Workqueue: events_unbound deferred_probe_work_func
[ 1.562984] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)
[ 1.568998] pc : imx7d_charger_detection+0x3f0/0x510
[ 1.573973] lr : imx7d_charger_detection+0x22c/0x510
This happens because the charger functions check for the phy presence
inside the imx_usbmisc_data structure (data->usb_phy), but the chipidea
core populates the usb_phy passed via 'phys' inside 'struct ci_hdrc'
(ci->usb_phy) instead.
This causes the NULL pointer dereference inside imx7d_charger_detection().
Fix it by also searching for 'phys' in case 'fsl,usbphy' is not found.
Tested on a imx7s-warp board.
Fixes: 746f316b75 ("usb: chipidea: introduce imx7d USB charger detection")
Cc: stable@vger.kernel.org
Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
Tested-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Reviewed-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Acked-by: Peter Chen <peter.chen@kernel.org>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Link: https://lore.kernel.org/r/20210921113754.767631-1-festevam@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
USB TCPCI Spec, 4.4.3 Mask Registers:
"A masked register will still indicate in the ALERT register, but shall
not set the Alert# pin low."
Thus, the Extended Status will still indicate in ALERT register if vSafe0V
is detected by TCPC even though being masked. In current code, howerer,
this event will not be handled in detection time. Rather it will be
handled when next ALERT event coming(CC evnet, PD event, etc).
Tcpm might transition to a wrong state in this situation. Thus, the vSafe0V
event should not be handled when it's masked.
Fixes: 766c485b86 ("usb: typec: tcpci: Add support to report vSafe0V")
cc: <stable@vger.kernel.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Link: https://lore.kernel.org/r/20210926101415.3775058-1-xu.yang_2@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit de1799667b ("net: bridge: add STP xstats")
added an additional nla_reserve_64bit() in br_fill_linkxstats(),
but forgot to update br_get_linkxstats_size() accordingly.
This can trigger the following in rtnl_stats_get()
WARN_ON(err == -EMSGSIZE);
Fixes: de1799667b ("net: bridge: add STP xstats")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vivien Didelot <vivien.didelot@gmail.com>
Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge_fill_linkxstats() is using nla_reserve_64bit().
We must use nla_total_size_64bit() instead of nla_total_size()
for corresponding data structure.
Fixes: 1080ab95e3 ("net: bridge: add support for IGMP/MLD stats and export them via netlink")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
Cc: Vivien Didelot <vivien.didelot@gmail.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The added #ifdefs in the PM rework were almost correct, but still
cause warnings in some randconfig builds:
drivers/usb/host/xhci-tegra.c:2147:12: error: 'tegra_xusb_resume' defined but not used [-Werror=unused-function]
2147 | static int tegra_xusb_resume(struct device *dev)
| ^~~~~~~~~~~~~~~~~
drivers/usb/host/xhci-tegra.c:2105:12: error: 'tegra_xusb_suspend' defined but not used [-Werror=unused-function]
2105 | static int tegra_xusb_suspend(struct device *dev)
Replace the #ifdef checks with simpler __maybe_unused annotations to
reliably shut up these warnings.
Link: https://lore.kernel.org/all/20210421135613.3560777-2-arnd@kernel.org/
Fixes: 971ee24706 ("usb: xhci: tegra: Enable ELPG for runtime/system PM")
Reviewed-by: JC Kuo <jckuo@nvidia.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20211005112057.2700888-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
For the situation that the disconnect event comes very late when the
device is unplugged, the driver would resubmit the RX bulk transfer
after getting the callback with -EPROTO immediately and continually.
Finally, soft lockup occurs.
This patch avoids to resubmit RX immediately. It uses a workqueue to
schedule the RX NAPI. And the NAPI would resubmit the RX. It let the
disconnect event have opportunity to stop the submission before soft
lockup.
Reported-by: Jason-ch Chen <jason-ch.chen@mediatek.com>
Tested-by: Jason-ch Chen <jason-ch.chen@mediatek.com>
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Andrew points out that eth_hw_addr_set() replaces memcpy()
calls so we can't use ether_addr_copy() which assumes
both arguments are 2-bytes aligned.
Reported-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
While reboot the system by sysrq, the following bug will be occur.
BUG: sleeping function called from invalid context at kernel/locking/semaphore.c:90
in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 10052, name: rc.shutdown
CPU: 3 PID: 10052 Comm: rc.shutdown Tainted: G W O 5.10.0 #1
Call trace:
dump_backtrace+0x0/0x1c8
show_stack+0x18/0x28
dump_stack+0xd0/0x110
___might_sleep+0x14c/0x160
__might_sleep+0x74/0x88
down_interruptible+0x40/0x118
virt_efi_reset_system+0x3c/0xd0
efi_reboot+0xd4/0x11c
machine_restart+0x60/0x9c
emergency_restart+0x1c/0x2c
sysrq_handle_reboot+0x1c/0x2c
__handle_sysrq+0xd0/0x194
write_sysrq_trigger+0xbc/0xe4
proc_reg_write+0xd4/0xf0
vfs_write+0xa8/0x148
ksys_write+0x6c/0xd8
__arm64_sys_write+0x18/0x28
el0_svc_common.constprop.3+0xe4/0x16c
do_el0_svc+0x1c/0x2c
el0_svc+0x20/0x30
el0_sync_handler+0x80/0x17c
el0_sync+0x158/0x180
The reason for this problem is that irq has been disabled in
machine_restart() and then it calls down_interruptible() in
virt_efi_reset_system(), which would occur sleep in irq context,
it is dangerous! Commit 99409b935c9a("locking/semaphore: Add
might_sleep() to down_*() family") add might_sleep() in
down_interruptible(), so the bug info is here. down_trylock()
can solve this problem, cause there is no might_sleep.
--------
Cc: <stable@vger.kernel.org>
Signed-off-by: Zhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Joe reports that using a statically allocated buffer for converting CPER
error records into human readable text is probably a bad idea. Even
though we are not aware of any actual issues, a stack buffer is clearly
a better choice here anyway, so let's move the buffer into the stack
frames of the two functions that refer to it.
Cc: <stable@vger.kernel.org>
Reported-by: Joe Perches <joe@perches.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The message
"Exiting boot services and installing virtual address map...\n"
is even shown if we have efi=novamap on the command line or the firmware
does not provide EFI_RT_SUPPORTED_SET_VIRTUAL_ADDRESS_MAP.
To avoid confusion just print
"Exiting boot services...\n"
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The problem is that "mac_id" is a u32 so this check for underflow does
not work when "mac_id" is zero. In that situation, "mac_id - 1" is
UINT_MAX instead of -1 so the condition is true. It leads to an
array underflow on the next line.
Fixes: 8cd574e6af ("staging: r8188eu: introduce new hal dir for RTL8188eu driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20210930122604.GB10068@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The comparison against SIZE_MAX produces a harmless warning on 64-bit
architectures:
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:185:16: error: result of comparison of constant 419244183493398898 with expression of type 'unsigned int' is always false [-Werror,-Wtautological-constant-out-of-range-compare]
if (num_pages > (SIZE_MAX - sizeof(struct pagelist) -
~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Shut up that warning by adding a cast to a longer type.
Fixes: ca641bae6d ("staging: vc04_services: prevent integer overflow in create_pagelist()")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210927113702.3866843-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When cachefiles_cull() calls cachefiles_bury_object(), it passes
a NULL object. When this occurs, either trace_cachefiles_unlink()
or trace_cachefiles_rename() may oops due to the NULL object.
Check for NULL object in the tracepoint and if so, set debug_id
to MAX_UINT as was done in 2908f5e101.
The following oops was seen with xfstests generic/100.
BUG: kernel NULL pointer dereference, address: 0000000000000010
...
RIP: 0010:trace_event_raw_event_cachefiles_unlink+0x4e/0xa0 [cachefiles]
...
Call Trace:
cachefiles_bury_object+0x242/0x430 [cachefiles]
? __vfs_removexattr_locked+0x10f/0x150
? vfs_removexattr+0x51/0xd0
cachefiles_cull+0x84/0x120 [cachefiles]
cachefiles_daemon_cull+0xd1/0x120 [cachefiles]
cachefiles_daemon_write+0x158/0x190 [cachefiles]
vfs_write+0xbc/0x260
ksys_write+0x4f/0xc0
do_syscall_64+0x3b/0x90
The following oops was seen with xfstests generic/290.
BUG: kernel NULL pointer dereference, address: 0000000000000010
...
RIP: 0010:trace_event_raw_event_cachefiles_rename+0x54/0xa0 [cachefiles]
...
Call Trace:
cachefiles_bury_object+0x35c/0x430 [cachefiles]
cachefiles_cull+0x84/0x120 [cachefiles]
cachefiles_daemon_cull+0xd1/0x120 [cachefiles]
cachefiles_daemon_write+0x158/0x190 [cachefiles]
vfs_write+0xbc/0x260
ksys_write+0x4f/0xc0
do_syscall_64+0x3b/0x90
Fixes: 2908f5e101 ("fscache: Add a cookie debug ID and use that in traces")
Signed-off-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://listman.redhat.com/archives/linux-cachefs/2021-October/msg00009.html
When arm_ffa firmware driver module is unloaded or removed we call
__ffa_devices_unregister on all the devices on the ffa bus. It must
unregister all the devices instead it is currently just releasing the
devices without unregistering. That is pure wrong as when we try to
load the module back again, it will result in the kernel crash something
like below.
-->8
CPU: 2 PID: 232 Comm: modprobe Not tainted 5.15.0-rc2+ #169
Hardware name: FVP Base RevC (DT)
Call trace:
dump_backtrace+0x0/0x1cc
show_stack+0x18/0x64
dump_stack_lvl+0x64/0x7c
dump_stack+0x18/0x38
sysfs_create_dir_ns+0xe4/0x140
kobject_add_internal+0x170/0x358
kobject_add+0x94/0x100
device_add+0x178/0x5f0
device_register+0x20/0x30
ffa_device_register+0x80/0xcc [ffa_module]
ffa_setup_partitions+0x7c/0x108 [ffa_module]
init_module+0x290/0x2dc [ffa_module]
do_one_initcall+0xbc/0x230
do_init_module+0x58/0x304
load_module+0x15e0/0x1f68
__arm64_sys_finit_module+0xb8/0xf4
invoke_syscall+0x44/0x140
el0_svc_common+0xb4/0xf0
do_el0_svc+0x24/0x80
el0_svc+0x20/0x50
el0t_64_sync_handler+0x84/0xe4
el0t_64_sync+0x1a0/0x1a4
kobject_add_internal failed for arm-ffa-8001 with -EEXIST, don't try to
register things with the same name in the same directory.
----
Fix the issue by calling device_unregister in __ffa_devices_unregister
which will also take care of calling device_release(which is mapped to
ffa_release_device)
Link: https://lore.kernel.org/r/20210924092859.3057562-2-sudeep.holla@arm.com
Fixes: e781858488 ("firmware: arm_ffa: Add initial FFA bus support for device enumeration")
Tested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Currently the arm_ffa firmware driver can be built as module and hence
all the users of FFA driver. If any driver on the ffa bus is removed or
unregistered, the remove callback on all the device bound to the driver
being removed should be callback. For that to happen, we must register
a remove callback on the ffa_bus which is currently missing. This results
in the probe getting called again without the previous remove callback
on a device which may result in kernel crash.
Fix the issue by registering the remove callback on the FFA bus.
Link: https://lore.kernel.org/r/20210924092859.3057562-1-sudeep.holla@arm.com
Fixes: e781858488 ("firmware: arm_ffa: Add initial FFA bus support for device enumeration")
Reported-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Jonathan writes:
1st set of IIO fixes for the 5.15 cycle
Usual mixed back of minor bug fixes.
adi,ad7192, ad7780, ad7793
* Fix incorrect IRQ_FLAG types. As the IRQ line is shared with the data
line we can be sure of the polarity and edge like nature. They were
previously either left unspecified or as level interrupts which may
cause problems on power up.
adi,adis16475
* Fix a deadlock by calling unlocked function when lock already held. Also
deal with making sure lock is released correctly.
adi,adis16480
* Fix assumption that all devices support sleep mode.
aspeed,adc
* Add missing platform_set_drvdata() so we can get the indio_dev in remove
as was being assumed.
fsl,fxls8962af
* Return IRQ_HANDLED on flush rather than a positive 'error' code.
maxim,max1207
* Fix a wrong shift on 12-bit devices that will lead to incorrect scale.
* Fix wrong number of channels on max1X31 devices due to allocating them twice.
mediatek,mt6577
* Fix a failure to apply scaling to IIO_CHAN_INFO_PROCESSED
renesas,rzg2l
* Fix failure to return -EBUSY on timeout due to ignored error code.
* Add a missing clk_disable_unprepare() on error in runtime_resume.
samsung,ssp_spi
* Fix an error code to always be returned on invalid length.
* Add some range checking to ensure resilience against bad data leading
to potential overflow.
ti,adc128s052
* Fix an error handling path that leaves regulator on if probe fails.
ti,dac5571
* Add missing return value in a switch default.
ti,opt3001
* Fix case where sensor returns 0 lux and we were previously accidentally
returning that this was a timeout.
* tag 'iio-fixes-for-5.15a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio:
iio: light: opt3001: Fixed timeout error when 0 lux
iio: adis16480: fix devices that do not support sleep mode
iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
iio: adis16475: fix deadlock on frequency set
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
iio: adc: ad7793: Fix IRQ flag
iio: adc: ad7780: Fix IRQ flag
iio: adc: ad7192: Add IRQ flag
iio: adc: aspeed: set driver data when adc probe.
iio: adc: rzg2l_adc: add missing clk_disable_unprepare() in rzg2l_adc_pm_runtime_resume()
iio: adc: max1027: Fix the number of max1X31 channels
iio: adc: max1027: Fix wrong shift with 12-bit devices
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
iio: adc: rzg2l_adc: Fix -EBUSY timeout error return
iio: accel: fxls8962af: return IRQ_HANDLED when fifo is flushed
iio: dac: ti-dac5571: fix an error code in probe()
With patch "drm/i915/vbt: Fix backlight parsing for VBT 234+"
the size of bdb_lfp_backlight_data structure has been increased,
causing if-statement in the parse_lfp_backlight function
that comapres this structure size to the one retrieved from BDB,
always to fail for older revisions.
This patch calculates expected size of the structure for a given
BDB version and compares it with the value gathered from BDB.
Tested on Chromebook Pixelbook (Nocturne) (reports bdb->version = 221)
Fixes: d381baad29 ("drm/i915/vbt: Fix backlight parsing for VBT 234+")
Tested-by: Lukasz Majczak <lma@semihalf.com>
Signed-off-by: Lukasz Majczak <lma@semihalf.com>
Reviewed-by: José Roberto de Souza <jose.souza@intel.com>
Signed-off-by: José Roberto de Souza <jose.souza@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210930134606.227234-1-lma@semihalf.com
(cherry picked from commit 4378daf5d0)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
