[ Upstream commit 38860b2c8b ]
For years, there have been random segmentation faults in userspace on
SMP PA-RISC machines. It occurred to me that this might be a problem in
set_pte_at(). MIPS and some other architectures do cache flushes when
installing PTEs with the present bit set.
Here I have adapted the code in update_mmu_cache() to flush the kernel
mapping when the kernel flush is deferred, or when the kernel mapping
may alias with the user mapping. This simplifies calls to
update_mmu_cache().
I also changed the barrier in set_pte() from a compiler barrier to a
full memory barrier. I know this change is not sufficient to fix the
problem. It might not be needed.
I have had a few days of operation with 5.14.16 to 5.15.1 and haven't
seen any random segmentation faults on rp3440 or c8000 so far.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@kernel.org # 5.12+
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b7795074a0 ]
On parisc a spinlock is stored in the next page behind the pgd which
protects against parallel accesses to the pgd. That's why one additional
page (PGD_ALLOC_ORDER) is allocated for the pgd.
Matthew Wilcox suggested that we instead should use a pointer in the
struct page table for this spinlock and noted, that the comments for the
PGD_ORDER and PMD_ORDER defines were wrong.
Both suggestions are addressed with this patch. Instead of having an own
spinlock to protect the pgd, we now switch to use the existing
page_table_lock. Additionally, beside loading the pgd into cr25 in
switch_mm_irqs_off(), the physical address of this lock is loaded into
cr28 (tr4), so that we can avoid implementing a complicated lookup in
assembly for this lock in the TLB fault handlers.
The existing Hybrid L2/L3 page table scheme (where the pmd is adjacent
to the pgd) has been dropped with this patch.
Remove the locking in set_pte() and the huge-page pte functions too.
They trigger a spinlock recursion on 32bit machines and seem unnecessary.
Suggested-by: Matthew Wilcox <willy@infradead.org>
Fixes: b37d1c1898 ("parisc: Use per-pagetable spinlock")
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Stable-dep-of: 38860b2c8b ("parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 32262e2e42 ]
In most cases it is not possible to set exact baudrate value to hardware.
So fix reporting real baudrate value which was set to hardware via c_ospeed
termios field. It can be retrieved by ioctl(TCGETS2) from userspace.
Real baudrate value is calculated from chosen hardware divisor and base
clock. It is implemented in a new function serial8250_compute_baud_rate()
which is inverse of serial8250_get_divisor() function.
With this change is fixed also UART timeout value (it is updated via
uart_update_timeout() function), which is calculated from the now fixed
baudrate value too.
Cc: stable@vger.kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20210927093704.19768-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 235cee1624 ]
Commit 112665286d ("KVM: PPC: Book3S HV: Context tracking exit guest
context before enabling irqs") moved guest_exit() into the interrupt
protected area to avoid wrong context warning (or worse). The problem is
that tick-based time accounting has not yet been updated at this point
(because it depends on the timer interrupt firing), so the guest time
gets incorrectly accounted to system time.
To fix the problem, follow the x86 fix in commit 1604571401 ("Defer
vtime accounting 'til after IRQ handling"), and allow host IRQs to run
before accounting the guest exit time.
In the case vtime accounting is enabled, this is not required because TB
is used directly for accounting.
Before this patch, with CONFIG_TICK_CPU_ACCOUNTING=y in the host and a
guest running a kernel compile, the 'guest' fields of /proc/stat are
stuck at zero. With the patch they can be observed increasing roughly as
expected.
Fixes: e233d54d4d ("KVM: booke: use __kvm_guest_exit")
Fixes: 112665286d ("KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs")
Cc: stable@vger.kernel.org # 5.12+
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
[np: only required for tick accounting, add Book3E fix, tweak changelog]
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211027142150.3711582-1-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 112665286d ]
Interrupts that occur in kernel mode expect that context tracking
is set to kernel. Enabling local irqs before context tracking
switches from guest to host means interrupts can come in and trigger
warnings about wrong context, and possibly worse.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210130130852.2952424-3-npiggin@gmail.com
Stable-dep-of: 235cee1624 ("KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Changes in 5.10.144
ARM: dts: imx: align SPI NOR node name with dtschema
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
iommu/vt-d: Correctly calculate sagaw value of IOMMU
tracefs: Only clobber mode/uid/gid on remount if asked
Input: goodix - add support for GT1158
drm/msm/rd: Fix FIFO-full deadlock
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
tg3: Disable tg3 device on system reboot to avoid triggering AER
gpio: mockup: remove gpio debugfs when remove device
ieee802154: cc2520: add rc code in cc2520_tx()
Input: iforce - add support for Boeder Force Feedback Wheel
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
drm/amd/amdgpu: skip ucode loading if ucode_size == 0
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
Revert "x86/ftrace: Use alternative RET encoding"
x86/ibt,ftrace: Make function-graph play nice
x86/ftrace: Use alternative RET encoding
soc: fsl: select FSL_GUTS driver for DPIO
Input: goodix - add compatible string for GT1158
Linux 5.10.144
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id3a0abc71d9cdd576a605b3b2b1051313792a059
struct cgroup_taskset is defined in kernel/cgroup/cgroup-internal.h,
however libabigail is not finding its definition based on the
instantiation of the hooks, so force it to be defined by defining a
dummy exported symbol. Since cgroup_taskset is defined in a
subsystem-private header, create a new vendor_hooks.c file in
kernel/cgroup to define the dummy symbol.
Update the XML with the new type definitions
Bug: 233047575
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I7a2bf2a722bf5aec0c702f215d572cc8e5336f9a
There were 3 remaining types directly referenced by vendor
hooks that were not fully-defined in the KMI:
struct blk_mq_alloc_data is defined in block/blk-mq.h, however
libabigail is not finding its definition based on the instantiation
of the hooks, so force it to be defined by defining a dummy exported
symbol. Since blk_mq_alloc_data is defined in a subsystem-private
header, create a new vendor_hooks.c file in block/ to define
the dummy symbol.
Bug: 233047575
Bug: 248263460
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I6419caba1c6a159b7a64b9d28e983d753393af86
Changes in 5.10.143
NFSD: Fix verifier returned in stable WRITEs
xen-blkfront: Cache feature_persistent value before advertisement
tty: n_gsm: initialize more members at gsm_alloc_mux()
tty: n_gsm: avoid call of sleeping functions from atomic context
efi: libstub: Disable struct randomization
efi: capsule-loader: Fix use-after-free in efi_capsule_write
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
fs: only do a memory barrier for the first set_buffer_uptodate()
Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
scsi: megaraid_sas: Fix double kfree()
drm/gem: Fix GEM handle release errors
drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
drm/radeon: add a force flush to delay work when radeon
parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
net/core/skbuff: Check the return value of skb_copy_bits()
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
ALSA: aloop: Fix random zeros in capture data when using jiffies timer
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
kprobes: Prohibit probes in gate area
debugfs: add debugfs_lookup_and_remove()
nvmet: fix a use-after-free
drm/i915: Implement WaEdpLinkRateDataReload
scsi: mpt3sas: Fix use-after-free warning
scsi: lpfc: Add missing destroy_workqueue() in error path
cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
smb3: missing inode locks in punch hole
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
regulator: core: Clean up on enable failure
tee: fix compiler warning in tee_shm_register()
RDMA/cma: Fix arguments order in net device validation
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
RDMA/hns: Fix supported page size
RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift
ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges
ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges
ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time
ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time
netfilter: br_netfilter: Drop dst references before setting.
netfilter: nf_tables: clean up hook list when offload flags check fails
netfilter: nf_conntrack_irc: Fix forged IP logic
ALSA: usb-audio: Inform the delayed registration more properly
ALSA: usb-audio: Register card again for iface over delayed_register option
rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
afs: Use the operation issue time instead of the reply time for callbacks
sch_sfb: Don't assume the skb is still around after enqueueing to child
tipc: fix shift wrapping bug in map_get()
ice: use bitmap_free instead of devm_kfree
i40e: Fix kernel crash during module removal
xen-netback: only remove 'hotplug-status' when the vif is actually destroyed
RDMA/siw: Pass a pointer to virt_to_page()
ipv6: sr: fix out-of-bounds read when setting HMAC data.
IB/core: Fix a nested dead lock as part of ODP flow
RDMA/mlx5: Set local port to one when accessing counters
nvme-tcp: fix UAF when detecting digest errors
nvme-tcp: fix regression that causes sporadic requests to time out
tcp: fix early ETIMEDOUT after spurious non-SACK RTO
sch_sfb: Also store skb len before calling child enqueue
ASoC: mchp-spdiftx: remove references to mchp_i2s_caps
ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion
MIPS: loongson32: ls1c: Fix hang during startup
swiotlb: avoid potential left shift overflow
iommu/amd: use full 64-bit value in build_completion_wait()
hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined
hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors
hwmon: (mr75203) fix voltage equation for negative source input
hwmon: (mr75203) fix multi-channel voltage reading
hwmon: (mr75203) enable polling for all VM channels
arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly
Linux 5.10.143
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I623c4459845eb02af221fcc8c554f989a44a3171
This reverts commit abe3cfb7a7 which is
commit 9c6d778800 upstream.
It breaks the Android kernel ABI and shouldn't be needed for any normal
Android devices. If this is needed in the future, it can be brought
back in an ABI-stable manner.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If15008828936f3675e8109f1b13b6b065aed4c46
This reverts commit 5a603f4c12 which is
commit 33e321586e upstream.
It breaks the Android kernel ABI and shouldn't be needed for any normal
Android devices. If this is needed in the future, it can be brought
back in an ABI-stable manner.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6654f57f1f234421ec8573dc741e3e8bdb7e287b
Changes in 5.10.142
drm/msm/dsi: fix the inconsistent indenting
drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
drm/msm/dsi: Fix number of regulators for SDM660
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
iio: adc: mcp3911: make use of the sign bit
bpf, cgroup: Fix kernel BUG in purge_effective_progs
ieee802154/adf7242: defer destroy_workqueue call
ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg
ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
Revert "xhci: turn off port power in shutdown"
net: sched: tbf: don't call qdisc_put() while holding tree lock
net/sched: fix netdevice reference leaks in attach_default_qdiscs()
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
kcm: fix strp_init() order and cleanup
sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
tcp: annotate data-race around challenge_timestamp
Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
net/smc: Remove redundant refcount increase
serial: fsl_lpuart: RS485 RTS polariy is inverse
staging: rtl8712: fix use after free bugs
powerpc: align syscall table for ppc32
vt: Clear selection before changing the font
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
iio: ad7292: Prevent regulator double disable
iio: adc: mcp3911: use correct formula for AD conversion
misc: fastrpc: fix memory corruption on probe
misc: fastrpc: fix memory corruption on open
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
binder: fix UAF of ref->proc caused by race condition
drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
clk: core: Fix runtime PM sequence in clk_core_unprepare()
Input: rk805-pwrkey - fix module autoloading
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
clk: bcm: rpi: Prevent out-of-bounds access
clk: bcm: rpi: Add missing newline
hwmon: (gpio-fan) Fix array out of bounds access
gpio: pca953x: Add mutex_lock for regcache sync in PM
KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES
xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
mm: pagewalk: Fix race between unmap and page walker
xen-blkback: Advertise feature-persistent as user requested
xen-blkfront: Advertise feature-persistent as user requested
thunderbolt: Use the actual buffer in tb_async_error()
media: mceusb: Use new usb_control_msg_*() routines
xhci: Add grace period after xHC start to prevent premature runtime suspend.
USB: serial: cp210x: add Decagon UCA device id
USB: serial: option: add support for OPPO R11 diag port
USB: serial: option: add Quectel EM060K modem
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
usb: dwc2: fix wrong order of phy_power_on and phy_init
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
usb-storage: Add ignore-residue quirk for NXP PN7462AU
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
s390: fix nospec table alignments
USB: core: Prevent nested device-reset calls
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
driver core: Don't probe devices after bus_type.match() probe deferral
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
ip: fix triggering of 'icmp redirect'
net: Use u64_stats_fetch_begin_irq() for stats fetch.
net: mac802154: Fix a condition in the receive path
ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
ALSA: seq: oss: Fix data-race for max_midi_devs access
ALSA: seq: Fix data-race at module auto-loading
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
btrfs: harden identification of a stale device
mmc: core: Fix UHS-I SD 1.8V workaround branch
usb: dwc3: fix PHY disable sequence
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
usb: dwc3: disable USB core PHY management
USB: serial: ch341: fix lost character on LCR updates
USB: serial: ch341: fix disabled rx timer on older devices
Linux 5.10.142
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie3137f1f5438dfb88f9fb63fc8cb4b7a114e85e8
This reverts commit 98f401d363 which is
commit 2555283eb4 upstream.
It currently breaks the Android kernel ABI. If it needs to come back,
it should be done in an ABI-safe way.
Bug: 161946584
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I46a7a4ffc5d2725146787ea7273a42a5cf062ed4
This reverts commit 28d8d2737e.
This breaks the Android api and for now, does not seem to be necessary
due to the lack of io_uring users in this kernel branch. If io_uring
starts to be used more, it can be brought back in a ABI-safe way.
Bug: 161946584
Bug: 248008710
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2696bd5e1ad61d3ab0e8d06f4ffe46718bb05845
android13-5.10 is broken on Dragonboard 845c because of
recently added snd_pcm_* symbols.
So updated the symbols list by running:
"BUILD_CONFIG=common/build.config.db845c \
KMI_SYMBOL_LIST_ADD_ONLY=1 build/build_abi.sh -s"
And the abi_gki_aarch64 ABI by running:
"BUILD_CONFIG=common/build.config.gki.aarch64 \
ABI_DEFINITION=abi_gki_aarch64.xml KMI_SYMBOL_LIST_ADD_ONLY=1 \
build/build_abi.sh --update --print-report"
========================================================
ABI DIFFERENCES HAVE BEEN DETECTED!
3 symbol(s) added
'int snd_pcm_create_iec958_consumer_default(u8 *, size_t)'
'int snd_pcm_fill_iec958_consumer(struct snd_pcm_runtime *, u8 *, size_t)'
'int snd_pcm_fill_iec958_consumer_hw_params(struct snd_pcm_hw_params *, u8 *, size_t)'
========================================================
Bug: 146449535
Fixes: 8de9ae8605 ("UPSTREAM: ALSA: iec958: Split status creation and fill")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Change-Id: I0ae0be501faea03f67feb9358b8e44f70571f2df
In BUILD.bazel, explicitly list abi_definition,
kmi_symbol_list, and additional_kmi_symbol_lists.
This avoids using the glob expression which may
accidentally match editor backup files.
Bug: 246344503
Test: TH
Change-Id: I3cd494dee47b68a0fe7c3c80dd379b5af6b060fe
Signed-off-by: Yifan Hong <elsk@google.com>
Add an explicite check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr.
Both of these attributes can not be set at the same time, otherwise
notify_change() function will check it and invoke BUG(), crashing
the system.
Bug: 243394930
Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Change-Id: I91080d68efbd62f1441e20a5c02feef3d1b06e4e
Changes in 5.10.141
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
x86/nospec: Unwreck the RSB stuffing
x86/nospec: Fix i386 RSB stuffing
crypto: lib - remove unneeded selection of XOR_BLOCKS
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
kbuild: Fix include path in scripts/Makefile.modpost
Bluetooth: L2CAP: Fix build errors in some archs
Revert "PCI/portdrv: Don't disable AER reporting in get_port_device_capability()"
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
udmabuf: Set the DMA mask for the udmabuf device (v2)
media: pvrusb2: fix memory leak in pvr_probe
HID: hidraw: fix memory leak in hidraw_release()
net: fix refcount bug in sk_psock_get (2)
fbdev: fb_pm2fb: Avoid potential divide by zero error
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
bpf: Don't redirect packets with invalid pkt_len
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
mmc: mtk-sd: Clear interrupts when cqe off/disable
drm/amd/display: Avoid MPC infinite loop
drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
drm/amd/display: clear optc underflow before turn off odm clock
neigh: fix possible DoS due to net iface start/stop loop
s390/hypfs: avoid error message under KVM
drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
drm/amd/display: Fix pixel clock programming
drm/amdgpu: Increase tlb flush timeout for sriov
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
lib/vdso: Mark do_hres_timens() and do_coarse_timens() __always_inline()
kprobes: don't call disarm_kprobe() for disabled kprobes
io_uring: disable polling pollfree files
xfs: remove infinite loop when reserving free block pool
xfs: always succeed at setting the reserve pool size
xfs: fix overfilling of reserve pool
xfs: fix soft lockup via spinning in filestream ag selection loop
xfs: revert "xfs: actually bump warning counts when we send warnings"
net/af_packet: check len when min_header_len equals to 0
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
Linux 5.10.141
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4db067c000a9b6065b3aab122780258ffaa65046
commit 9a472613f5 upstream.
The soc/fsl/dpio driver will perform a soc_device_match()
to determine the optimal cache settings for a given CPU core.
If FSL_GUTS is not enabled, this search will fail and
the driver will not configure cache stashing for the given
DPIO, and a string of "unknown SoC" messages will appear:
fsl_mc_dpio dpio.7: unknown SoC version
fsl_mc_dpio dpio.6: unknown SoC version
fsl_mc_dpio dpio.5: unknown SoC version
Fixes: 51da14e96e ("soc: fsl: dpio: configure cache stashing destination")
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20220901052149.23873-2-matt@traverse.com.au'
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e52fc2cf3f upstream.
Return trampoline must not use indirect branch to return; while this
preserves the RSB, it is fundamentally incompatible with IBT. Instead
use a retpoline like ROP gadget that defeats IBT while not unbalancing
the RSB.
And since ftrace_stub is no longer a plain RET, don't use it to copy
from. Since RET is a trivial instruction, poke it directly.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
Link: https://lore.kernel.org/r/20220308154318.347296408@infradead.org
[cascardo: remove ENDBR]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
[OP: adjusted context for 5.10-stable]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 00b136bb62.
This temporarily reverts the backport of upstream commit
1f001e9da6. It was not correct to copy the
ftrace stub as it would contain a relative jump to the return thunk which
would not apply to the context where it was being copied to, leading to
ftrace support to be broken.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is a stable-specific patch.
I botched the stable-specific rewrite of
commit b67fbebd4c ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"):
As Hugh pointed out, unmap_region() actually operates on a list of VMAs,
and the variable "vma" merely points to the first VMA in that list.
So if we want to check whether any of the VMAs we're operating on is
PFNMAP or MIXEDMAP, we have to iterate through the list and check each VMA.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit c3b82d26bc ]
2 keymap fixes for the Acer Aspire One AOD270 and the same hardware
rebranded as Packard Bell Dot SC:
1. The F2 key is marked with a big '?' symbol on the Packard Bell Dot SC,
this sends WMID_HOTKEY_EVENTs with a scancode of 0x27 add a mapping
for this.
2. Scancode 0x61 is KEY_SWITCHVIDEOMODE. Usually this is a duplicate
input event with the "Video Bus" input device events. But on these devices
the "Video Bus" does not send events for this key. Map 0x61 to KEY_UNKNOWN
instead of using KE_IGNORE so that udev/hwdb can override it on these devs.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20220829163544.5288-1-hdegoede@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 478814a558 ]
TCP_FIN_WAIT2 and TCP_LAST_ACK were not handled, the connection is closing
so we can ignore them and avoid printing the "unhandled state"
warning message.
[ 1298.852386] nvmet_tcp: queue 2 unhandled state 5
[ 1298.879112] nvmet_tcp: queue 7 unhandled state 5
[ 1298.884253] nvmet_tcp: queue 8 unhandled state 5
[ 1298.889475] nvmet_tcp: queue 9 unhandled state 5
v2: Do not call nvmet_tcp_schedule_release_queue(), just ignore
the fin_wait2 and last_ack states.
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 303e6da994 ]
GPIO mockup debugfs is created in gpio_mockup_probe() but
forgot to remove when remove device. This patch add a devm
managed callback for removing them.
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e1fa076706 ]
There is a timing issue captured during ishtp client sending stress tests.
It was observed during stress tests that ISH firmware is getting out of
ordered messages. This is a rare scenario as the current set of ISH client
drivers don't send much data to firmware. But this may not be the case
going forward.
When message size is bigger than IPC MTU, ishtp splits the message into
fragments and uses serialized async method to send message fragments.
The call stack:
ishtp_cl_send_msg_ipc->ipc_tx_callback(first fregment)->
ishtp_send_msg(with callback)->write_ipc_to_queue->
write_ipc_from_queue->callback->ipc_tx_callback(next fregment)......
When an ipc write complete interrupt is received, driver also calls
write_ipc_from_queue->ipc_tx_callback in ISR to start sending of next fragment.
Through ipc_tx_callback uses spin_lock to protect message splitting, as the
serialized sending method will call back to ipc_tx_callback again, so it doesn't
put sending under spin_lock, it causes driver cannot guarantee all fragments
be sent in order.
Considering this scenario:
ipc_tx_callback just finished a fragment splitting, and not call ishtp_send_msg
yet, there is a write complete interrupt happens, then ISR->write_ipc_from_queue
->ipc_tx_callback->ishtp_send_msg->write_ipc_to_queue......
Because ISR has higher exec priority than normal thread, this causes the new
fragment be sent out before previous fragment. This disordered message causes
invalid message to firmware.
The solution is, to send fragments synchronously:
Use ishtp_write_message writing fragments into tx queue directly one by one,
instead of ishtp_send_msg only writing one fragment with completion callback.
As no completion callback be used, so change ipc_tx_callback to ipc_tx_send.
Signed-off-by: Even Xu <even.xu@intel.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 47311db8e8 ]
Users may have explicitly configured their tracefs permissions; we
shouldn't overwrite those just because a second mount appeared.
Only clobber if the options were provided at mount time.
Note: the previous behavior was especially surprising in the presence of
automounted /sys/kernel/debug/tracing/.
Existing behavior:
## Pre-existing status: tracefs is 0755.
# stat -c '%A' /sys/kernel/tracing/
drwxr-xr-x
## (Re)trigger the automount.
# umount /sys/kernel/debug/tracing
# stat -c '%A' /sys/kernel/debug/tracing/.
drwx------
## Unexpected: the automount changed mode for other mount instances.
# stat -c '%A' /sys/kernel/tracing/
drwx------
New behavior (after this change):
## Pre-existing status: tracefs is 0755.
# stat -c '%A' /sys/kernel/tracing/
drwxr-xr-x
## (Re)trigger the automount.
# umount /sys/kernel/debug/tracing
# stat -c '%A' /sys/kernel/debug/tracing/.
drwxr-xr-x
## Expected: the automount does not change other mount instances.
# stat -c '%A' /sys/kernel/tracing/
drwxr-xr-x
Link: https://lkml.kernel.org/r/20220826174353.2.Iab6e5ea57963d6deca5311b27fb7226790d44406@changeid
Cc: stable@vger.kernel.org
Fixes: 4282d60689 ("tracefs: Add new tracefs file system")
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 53fc7ad6ed ]
The Intel IOMMU driver possibly selects between the first-level and the
second-level translation tables for DMA address translation. However,
the levels of page-table walks for the 4KB base page size are calculated
from the SAGAW field of the capability register, which is only valid for
the second-level page table. This causes the IOMMU driver to stop working
if the hardware (or the emulated IOMMU) advertises only first-level
translation capability and reports the SAGAW field as 0.
This solves the above problem by considering both the first level and the
second level when calculating the supported page table levels.
Fixes: b802d070a5 ("iommu/vt-d: Use iova over first level")
Cc: stable@vger.kernel.org
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20220817023558.3253263-1-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit af7d78c957 ]
Drop the "winbond,w25q16dw" compatible since it causes to set the
MODALIAS to w25q16dw which is not specified within spi-nor id table.
Fix this by use the common "jedec,spi-nor" compatible.
Fixes: 2125212785 ("ARM: dts: imx6qdl-kontron-samx6i: add Kontron SMARC SoM Support")
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This reverts commit 3d35c6b91d.
Patch "scsi: ufs: core: Reduce the power mode change timeout" caused a
spike in the number of UFS suspend timeouts. Hence revert that change
and also later UFS driver changes.
Bug: b/246990788
Change-Id: I5aae929f0598020dc5e7c440946eb0d2101b07cc
Signed-off-by: Bart Van Assche <bvanassche@google.com>
This reverts commit f68d040c31.
Patch "scsi: ufs: core: Reduce the power mode change timeout" caused a
spike in the number of UFS suspend timeouts. Hence revert that change
and also later UFS driver changes.
Bug: b/246990788
Change-Id: Ic20594727d47dc6d9af9a320d64bd7011112e789
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The LTS merge conflict was not handled properly for the upstream commit
c50f11c619 ("arm64: mm: Don't invalidate FROM_DEVICE buffers at start
of DMA transfer") which led to device corruption. Fix __dma_map_area()
to include the initial add.
Fixes: 8d0a39b476 ("Merge 5.10.125 into android13-5.10-lts")
Signed-off-by: Will McVicker <willmcvicker@google.com>
Change-Id: I16de2aa4c58e2984b4436f7ea55b4302b9882827
GZIP-compressed files end with 4 byte data that represents the size
of the original input. The decompressors (the self-extracting kernel)
exploit it to know the vmlinux size beforehand. To mimic the GZIP's
trailer, Kbuild provides cmd_{bzip2,lzma,lzo,lz4,xzkern,zstd22}.
Unfortunately these macros are used everywhere despite the appended
size data is only useful for the decompressors.
There is no guarantee that such hand-crafted trailers are safely ignored.
In fact, the kernel refuses compressed initramdfs with the garbage data.
That is why usr/Makefile overrides size_append to make it no-op.
To limit the use of such broken compressed files, this commit renames
the existing macros as follows:
cmd_bzip2 --> cmd_bzip2_with_size
cmd_lzma --> cmd_lzma_with_size
cmd_lzo --> cmd_lzo_with_size
cmd_lz4 --> cmd_lz4_with_size
cmd_xzkern --> cmd_xzkern_with_size
cmd_zstd22 --> cmd_zstd22_with_size
To keep the decompressors working, I updated the following Makefiles
accordingly:
arch/arm/boot/compressed/Makefile
arch/h8300/boot/compressed/Makefile
arch/mips/boot/compressed/Makefile
arch/parisc/boot/compressed/Makefile
arch/s390/boot/compressed/Makefile
arch/sh/boot/compressed/Makefile
arch/x86/boot/compressed/Makefile
I reused the current macro names for the normal usecases; they produce
the compressed data in the proper format.
I did not touch the following:
arch/arc/boot/Makefile
arch/arm64/boot/Makefile
arch/csky/boot/Makefile
arch/mips/boot/Makefile
arch/riscv/boot/Makefile
arch/sh/boot/Makefile
kernel/Makefile
This means those Makefiles will stop appending the size data.
I dropped the 'override size_append' hack from usr/Makefile.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nicolas Schier <n.schier@avm.de>
Bug: 135791357
(cherry picked from commit 7ce7e984abhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master)
Change-Id: I3524909ef3daab85f7d22afdebc2e5bbfd5e5cf3
[szuweilin: Resolved the conflict about non-existing zstd22 in arch/s390/boot/compressed/Makefile]
Signed-off-by: SzuWei Lin <szuweilin@google.com>
