We need another symbol added in here for now, due to changes in an LTS
release, so update the .xml file after the merge in order to preserve it
properly.
Leaf changes summary: 1 artifact changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
1 Added function:
[A] 'function void __sdhci_set_timeout(sdhci_host*, mmc_command*)'
Fixes: af06413d4c ("Merge branch 'android12-5.10' into `android12-5.10-lts`")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I777a7489fcf81630dc30a07eaa927aa34afafdfc
Sync up with android12-5.10 for the following commits:
b781144f8a ANDROID: GKI: update xiaomi symbol list
7ed18b3da9 ANDROID: GKI: Update symbols to symbol list
70fb50176e UPSTREAM: kasan, slub: reset tag when printing address
bd5c75ce7b UPSTREAM: kasan, kmemleak: reset tags when scanning block
b683931b2a ANDROID: gki_defconfig: set DEFAULT_MMAP_MIN_ADDR=32768
c0cce1da8b UPSTREAM: kasan, slub: reset tag when printing address
3b6f980a85 UPSTREAM: KVM: arm64: Fix off-by-one in range_is_memory
3649d38887 UPSTREAM: mm: fix the deadlock in finish_fault()
09ec66de84 UPSTREAM: arm64: mte: fix restoration of GCR_EL1 from suspend
1e8a0d84dc UPSTREAM: firmware: arm_scmi: Avoid padding in sensor message structure
ea6f697c3d UPSTREAM: media: s5p-mfc: Fix display delay control creation
2f13bd8f39 UPSTREAM: software node: Handle software node injection to an existing device properly
2f34733fae UPSTREAM: usb: dwc3: Fix debugfs creation flow
d42ca898a6 UPSTREAM: usb: dwc3: core: fix kernel panic when do reboot
71710d40d9 UPSTREAM: kfence: use TASK_IDLE when awaiting allocation
1ea718cd9e UPSTREAM: regulator: scmi: Fix off-by-one for linear regulators .n_voltages setting
be7c2833df UPSTREAM: clk: Skip clk provider registration when np is NULL
f20cbf56db FROMGIT: usb: typec: tcpm: Raise vdm_sm_running flag only when VDM SM is running
b58b8007b1 FROMGIT: usb: typec: tcpm: Fix VDMs sometimes not being forwarded to alt-mode drivers
Note, takes the .xml file from the `android12-5.10` branch, will need to
be updated again in a follow-on commit to pick up the missing symbol.
Change-Id: Ic579951cb27d50feb2987cc91a3f58170562eed1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Patch series "kasan, slub: reset tag when printing address", v3.
With hardware tag-based kasan enabled, we reset the tag when we access
metadata to avoid from false alarm.
This patch (of 2):
Kmemleak needs to scan kernel memory to check memory leak. With hardware
tag-based kasan enabled, when it scans on the invalid slab and
dereference, the issue will occur as below.
Hardware tag-based KASAN doesn't use compiler instrumentation, we can not
use kasan_disable_current() to ignore tag check.
Based on the below report, there are 11 0xf7 granules, which amounts to
176 bytes, and the object is allocated from the kmalloc-256 cache. So
when kmemleak accesses the last 256-176 bytes, it causes faults, as those
are marked with KASAN_KMALLOC_REDZONE == KASAN_TAG_INVALID == 0xfe.
Thus, we reset tags before accessing metadata to avoid from false positives.
BUG: KASAN: out-of-bounds in scan_block+0x58/0x170
Read at addr f7ff0000c0074eb0 by task kmemleak/138
Pointer tag: [f7], memory tag: [fe]
CPU: 7 PID: 138 Comm: kmemleak Not tainted 5.14.0-rc2-00001-g8cae8cd89f05-dirty #134
Hardware name: linux,dummy-virt (DT)
Call trace:
dump_backtrace+0x0/0x1b0
show_stack+0x1c/0x30
dump_stack_lvl+0x68/0x84
print_address_description+0x7c/0x2b4
kasan_report+0x138/0x38c
__do_kernel_fault+0x190/0x1c4
do_tag_check_fault+0x78/0x90
do_mem_abort+0x44/0xb4
el1_abort+0x40/0x60
el1h_64_sync_handler+0xb4/0xd0
el1h_64_sync+0x78/0x7c
scan_block+0x58/0x170
scan_gray_list+0xdc/0x1a0
kmemleak_scan+0x2ac/0x560
kmemleak_scan_thread+0xb0/0xe0
kthread+0x154/0x160
ret_from_fork+0x10/0x18
Allocated by task 0:
kasan_save_stack+0x2c/0x60
__kasan_kmalloc+0xec/0x104
__kmalloc+0x224/0x3c4
__register_sysctl_paths+0x200/0x290
register_sysctl_table+0x2c/0x40
sysctl_init+0x20/0x34
proc_sys_init+0x3c/0x48
proc_root_init+0x80/0x9c
start_kernel+0x648/0x6a4
__primary_switched+0xc0/0xc8
Freed by task 0:
kasan_save_stack+0x2c/0x60
kasan_set_track+0x2c/0x40
kasan_set_free_info+0x44/0x54
____kasan_slab_free.constprop.0+0x150/0x1b0
__kasan_slab_free+0x14/0x20
slab_free_freelist_hook+0xa4/0x1fc
kfree+0x1e8/0x30c
put_fs_context+0x124/0x220
vfs_kern_mount.part.0+0x60/0xd4
kern_mount+0x24/0x4c
bdev_cache_init+0x70/0x9c
vfs_caches_init+0xdc/0xf4
start_kernel+0x638/0x6a4
__primary_switched+0xc0/0xc8
The buggy address belongs to the object at ffff0000c0074e00
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 176 bytes inside of
256-byte region [ffff0000c0074e00, ffff0000c0074f00)
The buggy address belongs to the page:
page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100074
head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0
flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff|kasantag=0x0)
raw: 0bfffc0000010200 0000000000000000 dead000000000122 f5ff0000c0002300
raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000c0074c00: f0 f0 f0 f0 f0 f0 f0 f0 f0 fe fe fe fe fe fe fe
ffff0000c0074d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
>ffff0000c0074e00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe fe fe
^
ffff0000c0074f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
ffff0000c0075000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Disabling lock debugging due to kernel taint
kmemleak: 181 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
Link: https://lkml.kernel.org/r/20210804090957.12393-1-Kuan-Ying.Lee@mediatek.com
Link: https://lkml.kernel.org/r/20210804090957.12393-2-Kuan-Ying.Lee@mediatek.com
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Marco Elver <elver@google.com>
Cc: Nicholas Tang <nicholas.tang@mediatek.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Chinwen Chang <chinwen.chang@mediatek.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 197723947
(cherry picked from commit 6c7a00b843 )
Change-Id: I236560a20bafe78643a182fb4c82f0bd7d15ed87
Signed-off-by: Yee Lee <Yee.lee@mediatek.com>
Set CONFIG_DEFAULT_MMAP_MIN_ADDR=32768 to conform with
existing CTS test (which had an issue that prevented
reliable detection of this setting).
Bug: 197914473
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I5a86a7b11d32adf8689657e4559c1d870a5562c4
This reverts commit 293180f593 which is
commit 0e566c8f0f upstream.
This breaks the Android kernel ABI, and this is not necessary for
Android devices, so revert it to preserve the ABI.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If5aa2baf988b89e504b3b345651352215f571bf8
Hyp checks whether an address range only covers RAM by checking the
start/endpoints against a list of memblock_region structs. However,
the endpoint here is exclusive but internally is treated as inclusive.
Fix the off-by-one error that caused valid address ranges to be
rejected.
Cc: Quentin Perret <qperret@google.com>
Fixes: 90134ac9ca ("KVM: arm64: Protect the .hyp sections from the host")
Signed-off-by: David Brazdil <dbrazdil@google.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20210728153232.1018911-2-dbrazdil@google.com
(cherry picked from commit facee1be76)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I44dbdbd9fde3c4a44e9af1ad317e0123d5472685
Since commit:
bad1e1c663 ("arm64: mte: switch GCR_EL1 in kernel entry and exit")
we saved/restored the user GCR_EL1 value at exception boundaries, and
update_gcr_el1_excl() is no longer used for this. However it is used to
restore the kernel's GCR_EL1 value when returning from a suspend state.
Thus, the comment is misleading (and an ISB is necessary).
When restoring the kernel's GCR value, we need an ISB to ensure this is
used by subsequent instructions. We don't necessarily get an ISB by
other means (e.g. if the kernel is built without support for pointer
authentication). As __cpu_setup() initialised GCR_EL1.Exclude to 0xffff,
until a context synchronization event, allocation tag 0 may be used
rather than the desired set of tags.
This patch drops the misleading comment, adds the missing ISB, and for
clarity folds update_gcr_el1_excl() into its only user.
Fixes: bad1e1c663 ("arm64: mte: switch GCR_EL1 in kernel entry and exit")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20210714143843.56537-2-mark.rutland@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
(cherry picked from commit 59f44069e0)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I1be6e588f9796ca5f01d2e9bd5e9743c40dc0778
scmi_resp_sensor_reading_complete structure is meant to represent an
SCMI asynchronous reading complete message. The readings field with
a 64bit type forces padding and breaks reads in scmi_sensor_reading_get.
Split it in two adjacent 32bit readings_low/high subfields to avoid the
padding within the structure. Alternatively we could to mark the structure
packed.
Link: https://lore.kernel.org/r/20210628170042.34105-1-cristian.marussi@arm.com
Fixes: e2083d3673 ("firmware: arm_scmi: Add SCMI v3.0 sensors timestamped reads")
Signed-off-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
(cherry picked from commit 187a002b07)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Iac7e24f178da3486df742a76280c3a9a85d130e7
v4l2_ctrl_new_std() fails if the caller provides no 'step' parameter for
integer control, so define it to fix following error:
s5p_mfc_dec_ctrls_setup:1166: Adding control (1) failed
Fixes: c3042bff91 ("media: s5p-mfc: Use display delay and display enable std controls")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
(cherry picked from commit 61c6f04a98)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ifda5a90145658218ec4d4d5603cba46a22597988
The function software_node_notify() - the function that creates
and removes the symlinks between the node and the device - was
called unconditionally in device_add_software_node() and
device_remove_software_node(), but it needs to be called in
those functions only in the special case where the node is
added to a device that has already been registered.
This fixes NULL pointer dereference that happens if
device_remove_software_node() is used with device that was
never registered.
Fixes: b622b24519 ("software node: Allow node addition to already existing device")
Reported-and-tested-by: Dominik Brodowski <linux@dominikbrodowski.net>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
(cherry picked from commit 5dca69e26f)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I1caca7eaaf76e9b6e48151cecf2219743690ba93
commit 6579c8d97a ("clk: Mark fwnodes when their clock provider is added")
revealed that clk/bcm/clk-raspberrypi.c driver calls
devm_of_clk_add_hw_provider(), with a NULL dev->of_node, which resulted in a
NULL pointer dereference in of_clk_add_hw_provider() when calling
fwnode_dev_initialized().
Returning 0 is reducing the if conditions in driver code and is being
consistent with the CONFIG_OF=n inline stub that returns 0 when CONFIG_OF
is disabled. The downside is that drivers will maybe register clkdev lookups
when they don't need to and waste some memory.
Fixes: 6579c8d97a ("clk: Mark fwnodes when their clock provider is added")
Fixes: 3c9ea42802 ("clk: Mark fwnodes when their clock provider is added/removed")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Reviewed-by: Saravana Kannan <saravanak@google.com>
Reviewed-by: Nicolas Saenz Julienne <nsaenz@kernel.org>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Link: https://lore.kernel.org/r/20210426065618.588144-1-tudor.ambarus@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit bb4031b8af)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I13085a7a65f8577833fccafbfc42a8227bc562d8
Changes in 5.10.61
ath: Use safer key clearing with key cache entries
ath9k: Clear key cache explicitly on disabling hardware
ath: Export ath_hw_keysetmac()
ath: Modify ath_key_delete() to not need full key entry
ath9k: Postpone key cache entry deletion for TXQ frames reference it
mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
media: zr364xx: propagate errors from zr364xx_start_readpipe()
media: zr364xx: fix memory leaks in probe()
media: drivers/media/usb: fix memory leak in zr364xx_probe
KVM: x86: Factor out x86 instruction emulation with decoding
KVM: X86: Fix warning caused by stale emulation context
USB: core: Avoid WARNings for 0-length descriptor requests
USB: core: Fix incorrect pipe calculation in do_proc_control()
dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
spi: spi-mux: Add module info needed for autoloading
net: xfrm: Fix end of loop tests for list_for_each_entry
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
scsi: pm80xx: Fix TMF task completion race condition
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
scsi: core: Fix capacity set to zero after offlinining device
drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir.
qede: fix crash in rmmod qede while automatic debug collection
ARM: dts: nomadik: Fix up interrupt controller node names
net: usb: pegasus: Check the return value of get_geristers() and friends;
net: usb: lan78xx: don't modify phy_device state concurrently
drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
drm/amd/display: workaround for hard hang on HPD on native DP
Bluetooth: hidp: use correct wait queue when removing ctrl_wait
arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x
arm64: dts: qcom: msm8992-bullhead: Remove PSCI
iommu: Check if group is NULL before remove device
cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
dccp: add do-while-0 stubs for dccp_pr_debug macros
virtio: Protect vqs list access
vhost-vdpa: Fix integer overflow in vhost_vdpa_process_iotlb_update()
bus: ti-sysc: Fix error handling for sysc_check_active_timer()
vhost: Fix the calculation in vhost_overflow()
vdpa/mlx5: Avoid destroying MR on empty iotlb
soc / drm: mediatek: Move DDP component defines into mtk-mmsys.h
drm/mediatek: Fix aal size config
drm/mediatek: Add AAL output size configuration
bpf: Clear zext_dst of dead insns
bnxt: don't lock the tx queue from napi poll
bnxt: disable napi before canceling DIM
bnxt: make sure xmit_more + errors does not miss doorbells
bnxt: count Tx drops
net: 6pack: fix slab-out-of-bounds in decode_data
ptp_pch: Restore dependency on PCI
bnxt_en: Disable aRFS if running on 212 firmware
bnxt_en: Add missing DMA memory barriers
vrf: Reset skb conntrack connection on VRF rcv
virtio-net: support XDP when not more queues
virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable error path
sch_cake: fix srchost/dsthost hashing mode
net: mdio-mux: Don't ignore memory allocation errors
net: mdio-mux: Handle -EPROBE_DEFER correctly
ovs: clear skb->tstamp in forwarding path
iommu/vt-d: Consolidate duplicate cache invaliation code
iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry()
r8152: fix writing USB_BP2_EN
i40e: Fix ATR queue selection
iavf: Fix ping is lost after untrusted VF had tried to change MAC
Revert "flow_offload: action should not be NULL when it is referenced"
mmc: dw_mmc: Fix hang on data CRC error
mmc: mmci: stm32: Check when the voltage switch procedure should be done
mmc: sdhci-msm: Update the software timeout value for sdhc
clk: imx6q: fix uart earlycon unwork
clk: qcom: gdsc: Ensure regulator init state matches GDSC state
ALSA: hda - fix the 'Capture Switch' value change notifications
tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
slimbus: messaging: start transaction ids from 1 instead of zero
slimbus: messaging: check for valid transaction id
slimbus: ngd: reset dma setup during runtime pm
ipack: tpci200: fix many double free issues in tpci200_pci_probe
ipack: tpci200: fix memory leak in the tpci200_register
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop
mmc: sdhci-iproc: Cap min clock frequency on BCM2711
mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
s390/pci: fix use after free of zpci_dev
PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8
ASoC: intel: atom: Fix breakage for PCM buffer address setup
mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
fs: warn about impending deprecation of mandatory locks
io_uring: fix xa_alloc_cycle() error return value check
io_uring: only assign io_uring_enter() SQPOLL error in actual error case
Linux 5.10.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5b6e2a66b03d1cb01c8310b83dcc2a119c1bd6b3
This reverts commit 24e1b7dbb1 which is
commit 4a2b285e7e upstream.
It breaks the kernel abi (well the fix for this fix does), and is not
needed for Android devices.
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1c59c60493d216f1671b110a948f38293a0925ee
This reverts commit 4344440d91 which is
commit b69dd5b378 upstream.
This breaks the kernel abi and is not an issue for Android systems.
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1006e8d8ca58cf07ea23404e386ba58651424eb2
If the port is going to send Discover_Identity Message, vdm_sm_running
flag was intentionally set before entering Ready States in order to
avoid the conflict because the port and the port partner might start
AMS at almost the same time after entering Ready States.
However, the original design has a problem. When the port is doing
DR_SWAP from Device to Host, it raises the flag. Later in the
tcpm_send_discover_work, the flag blocks the procedure of sending the
Discover_Identity and it might never be cleared until disconnection.
Since there exists another flag send_discover representing that the port
is going to send Discover_Identity or not, it is enough to use that flag
to prevent the conflict. Also change the timing of the set/clear of
vdm_sm_running to indicate whether the VDM SM is actually running or
not.
Fixes: c34e85fa69 ("usb: typec: tcpm: Send DISCOVER_IDENTITY from dedicated work")
Cc: stable <stable@vger.kernel.org>
Cc: Badhri Jagan Sridharan <badhri@google.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Kyle Tso <kyletso@google.com>
Link: https://lore.kernel.org/r/20210826124201.1562502-1-kyletso@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit ef52b4a9fchttps://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-linus)
Bug: 191450181
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: I8cb84dfce764428a8fb33897f29fd8d0eb1c388e
Commit a20dcf53ea ("usb: typec: tcpm: Respond Not_Supported if no
snk_vdo"), stops tcpm_pd_data_request() calling tcpm_handle_vdm_request()
when port->nr_snk_vdo is not set. But the VDM might be intended for an
altmode-driver, in which case nr_snk_vdo does not matter.
This change breaks the forwarding of connector hotplug (HPD) events
for displayport altmode on devices which don't set nr_snk_vdo.
tcpm_pd_data_request() is the only caller of tcpm_handle_vdm_request(),
so we can move the nr_snk_vdo check to inside it, at which point we
have already looked up the altmode device so we can check for this too.
Doing this check here also ensures that vdm_state gets set to
VDM_STATE_DONE if it was VDM_STATE_BUSY, even if we end up with
responding with PD_MSG_CTRL_NOT_SUPP later.
Note that tcpm_handle_vdm_request() was already sending
PD_MSG_CTRL_NOT_SUPP in some circumstances, after moving the nr_snk_vdo
check the same error-path is now taken when that check fails. So that
we have only one error-path for this and not two. Replace the
tcpm_queue_message(PD_MSG_CTRL_NOT_SUPP) used by the existing error-path
with the more robust tcpm_pd_handle_msg() from the (now removed) second
error-path.
Fixes: a20dcf53ea ("usb: typec: tcpm: Respond Not_Supported if no snk_vdo")
Cc: stable <stable@vger.kernel.org>
Cc: Kyle Tso <kyletso@google.com>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Acked-by: Kyle Tso <kyletso@google.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20210816154632.381968-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 5571ea3117https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-linus)
Bug: 191450181
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: Iaeb5164f96ab2b6ff5d6d37e8824a01b0b63ae63
This reverts commit 312730cd15 which is
commit 77e89afc25 upstream.
It breaks the Android KABI and is not needed for any current Android
hardware devices, so can be safely reverted.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If4d9769c8cbfca6872c9a745fec8ab28bc39199e
Changes in 5.10.60
iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
iio: adis: set GPIO reset pin direction
iio: humidity: hdc100x: Add margin to the conversion time
iio: adc: Fix incorrect exit of for-loop
ASoC: amd: Fix reference to PCM buffer address
ASoC: xilinx: Fix reference to PCM buffer address
ASoC: uniphier: Fix reference to PCM buffer address
ASoC: tlv320aic31xx: Fix jack detection after suspend
ASoC: intel: atom: Fix reference to PCM buffer address
i2c: dev: zero out array used for i2c reads from userspace
cifs: create sd context must be a multiple of 8
scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
seccomp: Fix setting loaded filter count during TSYNC
net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases
ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on context switch
ceph: reduce contention in ceph_check_delayed_caps()
ACPI: NFIT: Fix support for virtual SPA ranges
libnvdimm/region: Fix label activation vs errors
drm/amd/display: Remove invalid assert for ODM + MPC case
drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work
drm/amdgpu: don't enable baco on boco platforms in runpm
ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
pinctrl: mediatek: Fix fallback behavior for bias_set_combo
ASoC: cs42l42: Correct definition of ADC Volume control
ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J
ASoC: SOF: Intel: hda-ipc: fix reply size checking
ASoC: cs42l42: Fix inversion of ADC Notch Switch control
ASoC: cs42l42: Remove duplicate control for WNF filter frequency
netfilter: nf_conntrack_bridge: Fix memory leak when error
pinctrl: tigerlake: Fix GPIO mapping for newer version of software
ASoC: cs42l42: Fix LRCLK frame start edge
net: dsa: mt7530: add the missing RxUnicast MIB counter
net: mvvp2: fix short frame size on s390
platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables
libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT
bpf: Fix integer overflow involving bucket_size
net: phy: micrel: Fix link detection on ksz87xx switch"
ppp: Fix generating ifname when empty IFLA_IFNAME is specified
net/smc: fix wait on already cleared link
net: sched: act_mirred: Reset ct info when mirror/redirect skb
ice: Prevent probing virtual functions
ice: don't remove netdev->dev_addr from uc sync list
iavf: Set RSS LUT and key in reset handle path
psample: Add a fwd declaration for skbuff
bareudp: Fix invalid read beyond skb's linear data
net/mlx5: Synchronize correct IRQ when destroying CQ
net/mlx5: Fix return value from tracer initialization
drm/meson: fix colour distortion from HDR set during vendor u-boot
net: dsa: microchip: Fix ksz_read64()
net: dsa: microchip: ksz8795: Fix VLAN filtering
net: Fix memory leak in ieee802154_raw_deliver
net: igmp: fix data-race in igmp_ifc_timer_expire()
net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry
net: bridge: fix flags interpretation for extern learn fdb entries
net: bridge: fix memleak in br_add_if()
net: linkwatch: fix failure to restore device state across suspend/resume
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
net: igmp: increase size of mr_ifc_count
drm/i915: Only access SFC_DONE when media domain is not fused off
xen/events: Fix race in set_evtchn_to_irq
vsock/virtio: avoid potential deadlock when vsock device remove
nbd: Aovid double completion of a request
arm64: efi: kaslr: Fix occasional random alloc (and boot) failure
efi/libstub: arm64: Force Image reallocation if BSS was not reserved
efi/libstub: arm64: Relax 2M alignment again for relocatable kernels
powerpc/kprobes: Fix kprobe Oops happens in booke
x86/tools: Fix objdump version check again
genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
x86/msi: Force affinity setup before startup
x86/ioapic: Force affinity setup before startup
x86/resctrl: Fix default monitoring groups reporting
genirq/msi: Ensure deactivation on teardown
genirq/timings: Prevent potential array overflow in __irq_timings_store()
PCI/MSI: Enable and mask MSI-X early
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Enforce MSI[X] entry updates to be visible
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Correct misleading comments
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Protect msi_desc::masked for multi-MSI
powerpc/smp: Fix OOPS in topology_init()
efi/libstub: arm64: Double check image alignment at entry
KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0 wants a #PF
vboxsf: Add vboxsf_[create|release]_sf_handle() helpers
vboxsf: Add support for the atomic_open directory-inode op
ceph: add some lockdep assertions around snaprealm handling
ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm
ceph: take snap_empty_lock atomically with snaprealm refcount change
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
net: dsa: microchip: Fix probing KSZ87xx switch with DT node for host port
net: dsa: microchip: ksz8795: Fix PVID tag insertion
net: dsa: microchip: ksz8795: Reject unsupported VLAN configuration
net: dsa: microchip: ksz8795: Fix VLAN untagged flag change on deletion
net: dsa: microchip: ksz8795: Use software untagging on CPU port
Linux 5.10.60
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7d55aed1883b31ba2d9b8dfad4bc33e1efbcbd2f
Sync up with android12-5.10 for the following commits:
49a70f3362 ANDROID: GKI: Add usb/mmc/v4l2 related symbols for i.MX
e18d6a73b9 ANDROID: GKI: Add clk/pinctrl/irq related symbols for i.MX
7652f868f4 ANDROID: GKI: Add phy/net/pci related symbols for i.MX
d587a4f210 ANDROID: GKI: Add audio/rproc related symbols for i.MX
e8ab8b22f1 ANDROID: GKI: Add display related symbols for i.MX
8cfe4f1f9e FROMLIST: usb: dwc3: gadget: Stop EP0 transfers during pullup disable
f90feddc7e ANDROID: abi_gki_aarch64_qcom: Add mmc clk scaling functions
072eded7ca FROMLIST: mmc: core: Export core functions required for clk scaling
bef08a94ff ANDROID: GKI: Update symbols to symbol list
ffa937b6db ANDROID: abi_gki_aarch64_qcom: Add irq_domain_disconnect_hierarchy symbol
34f60eead2 FROMGIT: irqchip/qcom-pdc: Trim unused levels of the interrupt hierarchy
4c9aa4c6f0 FROMGIT: irqdomain: Export irq_domain_disconnect_hierarchy()
d6f6a6cd65 ANDROID: GKI: Add devcoredump API to symbol list
db490c7269 ANDROID: Update the exynos symbol list
228d32e2d0 UPSTREAM: kfence: fix is_kfence_address() for addresses below KFENCE_POOL_SIZE
e113eb454e ANDROID: xt_quota2: set usersize in xt_match registration object
60a4c35570 ANDROID: xt_quota2: clear quota2_log message before sending
4b05a506bd ANDROID: xt_quota2: remove trailing junk which might have a digit in it
9f19de4e29 ANDROID: GKI: Update symbols to abi_gki_aarch64_oplus
5cd4b1ce23 UPSTREAM: cfi: Use rcu_read_{un}lock_sched_notrace
580b7fa7d9 ANDROID: Update symbol list for mtk
70f3f9db21 UPSTREAM: af_unix: fix garbage collect vs MSG_PEEK
4ff1a38f8d ANDROID: GKI: Add initial symbol list for i.MX
51b382a231 ANDROID: GKI: Update abi_gki_aarch64_qcom for balance reclaim symbols
d734d9dc3b ANDROID: ABI: update symbols to A12-K5.10 unisoc whitelist for the first time
205686b558 FROMGIT: rcu: Fix stall-warning deadlock due to non-release of rcu_node ->lock
2493757f88 BACKPORT: ALSA: usb-audio: fix incorrect clock source setting
d0331b15e6 ANDROID: scsi: ufs: Add more logging
62a5f8e3ac ANDROID: Update symbol list for mtk
fdc8f778e2 ANDROID: scheduler: export task_sched_runtime
3425d6179e FROMLIST: mm: slub: fix slub_debug disabling for list of slabs
2e06e5e6f8 FROMLIST: mm/madvise: add MADV_WILLNEED to process_madvise()
ff7eccee30 ANDROID: Update the exynos symbol list
e9844a46c9 FROMGIT: firmware: arm_scmi: Free mailbox channels if probe fails
c72ca115a2 ANDROID: GKI: gki_defconfig: Enable CONFIG_NFC
0ad91fe432 ANDROID: sched: Make uclamp changes depend on CAP_SYS_NICE
2950b81ead ANDROID: GKI: update xiaomi symbol list and ABI XML
8b76fc436b ANDROID: ABI: update generic symbol list
Change-Id: I89b7ccf2c98f61e2775c4b79f16342b00ec480b1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ upstream commit 21f965221e ]
If an SQPOLL based ring is newly created and an application issues an
io_uring_enter(2) system call on it, then we can return a spurious
-EOWNERDEAD error. This happens because there's nothing to submit, and
if the caller doesn't specify any other action, the initial error
assignment of -EOWNERDEAD never gets overwritten. This causes us to
return it directly, even if it isn't valid.
Move the error assignment into the actual failure case instead.
Cc: stable@vger.kernel.org
Fixes: d9d05217cb ("io_uring: stop SQPOLL submit on creator's death")
Reported-by: Sherlock Holo sherlockya@gmail.com
Link: https://github.com/axboe/liburing/issues/413
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ upstream commit a30f895ad3 ]
We currently check for ret != 0 to indicate error, but '1' is a valid
return and just indicates that the allocation succeeded with a wrap.
Correct the check to be for < 0, like it was before the xarray
conversion.
Cc: stable@vger.kernel.org
Fixes: 61cf93700f ("io_uring: Convert personality_idr to XArray")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fdd92b64d1 ]
We've had CONFIG_MANDATORY_FILE_LOCKING since 2015 and a lot of distros
have disabled it. Warn the stragglers that still use "-o mand" that
we'll be dropping support for that mount option.
Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f56ce412a5 ]
We've noticed occasional OOM killing when memory.low settings are in
effect for cgroups. This is unexpected and undesirable as memory.low is
supposed to express non-OOMing memory priorities between cgroups.
The reason for this is proportional memory.low reclaim. When cgroups
are below their memory.low threshold, reclaim passes them over in the
first round, and then retries if it couldn't find pages anywhere else.
But when cgroups are slightly above their memory.low setting, page scan
force is scaled down and diminished in proportion to the overage, to the
point where it can cause reclaim to fail as well - only in that case we
currently don't retry, and instead trigger OOM.
To fix this, hook proportional reclaim into the same retry logic we have
in place for when cgroups are skipped entirely. This way if reclaim
fails and some cgroups were scanned with diminished pressure, we'll try
another full-force cycle before giving up and OOMing.
[akpm@linux-foundation.org: coding-style fixes]
Link: https://lkml.kernel.org/r/20210817180506.220056-1-hannes@cmpxchg.org
Fixes: 9783aa9917 ("mm, memcg: proportional memory.{low,min} reclaim")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Leon Yang <lnyng@fb.com>
Reviewed-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Roman Gushchin <guro@fb.com>
Acked-by: Chris Down <chris@chrisdown.name>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: <stable@vger.kernel.org> [5.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 65ca89c2b1 ]
The commit 2e6b836312 ("ASoC: intel: atom: Fix reference to PCM
buffer address") changed the reference of PCM buffer address to
substream->runtime->dma_addr as the buffer address may change
dynamically. However, I forgot that the dma_addr field is still not
set up for the CONTINUOUS buffer type (that this driver uses) yet in
5.14 and earlier kernels, and it resulted in garbage I/O. The problem
will be fixed in 5.15, but we need to address it quickly for now.
The fix is to deduce the address again from the DMA pointer with
virt_to_phys(), but from the right one, substream->runtime->dma_area.
Fixes: 2e6b836312 ("ASoC: intel: atom: Fix reference to PCM buffer address")
Reported-and-tested-by: Hans de Goede <hdegoede@redhat.com>
Cc: <stable@vger.kernel.org>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/2048c6aa-2187-46bd-6772-36a4fb3c5aeb@redhat.com
Link: https://lore.kernel.org/r/20210819152945.8510-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2a671f77ee ]
The struct pci_dev uses reference counting but zPCI assumed erroneously
that the last reference would always be the local reference after
calling pci_stop_and_remove_bus_device(). This is usually the case but
not how reference counting works and thus inherently fragile.
In fact one case where this causes a NULL pointer dereference when on an
SRIOV device the function 0 was hot unplugged before another function of
the same multi-function device. In this case the second function's
pdev->sriov->dev reference keeps the struct pci_dev of function 0 alive
even after the unplug. This bug was previously hidden by the fact that
we were leaking the struct pci_dev which in turn means that it always
outlived the struct zpci_dev. This was fixed in commit 0b13525c20
("s390/pci: fix leak of PCI device structure") exposing the broken
behavior.
Fix this by accounting for the long living reference a struct pci_dev
has to its underlying struct zpci_dev via the zbus->function[] array and
only release that in pcibios_release_device() ensuring that the struct
pci_dev is not left with a dangling reference. This is a minimal fix in
the future it would probably better to use fine grained reference
counting for struct zpci_dev.
Fixes: 05bc1be6db ("s390/pci: create zPCI bus")
Cc: stable@vger.kernel.org
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 57a1681095 ]
The function tpci200_register called by tpci200_install and
tpci200_unregister called by tpci200_uninstall are in pair. However,
tpci200_unregister has some cleanup operations not in the
tpci200_register. So the error handling code of tpci200_pci_probe has
many different double free issues.
Fix this problem by moving those cleanup operations out of
tpci200_unregister, into tpci200_pci_remove and reverting
the previous commit 9272e5d002 ("ipack/carriers/tpci200:
Fix a double free in tpci200_pci_probe").
Fixes: 9272e5d002 ("ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe")
Cc: stable@vger.kernel.org
Reported-by: Dongliang Mu <mudongliangabcd@gmail.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
Link: https://lore.kernel.org/r/20210810100323.3938492-1-mudongliangabcd@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a263c1ff6a ]
In some usecases transaction ids are dynamically allocated inside
the controller driver after sending the messages which have generic
acknowledge responses. So check for this before refcounting pm_runtime.
Without this we would end up imbalancing runtime pm count by
doing pm_runtime_put() in both slim_do_transfer() and slim_msg_response()
for a single pm_runtime_get() in slim_do_transfer()
Fixes: d3062a2109 ("slimbus: messaging: add slim_alloc/free_txn_tid()")
Cc: <stable@vger.kernel.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20210809082428.11236-3-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
