Changes in 5.10.145
KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs
KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
serial: 8250: Fix reporting real baudrate value in c_ospeed field
parisc: Optimize per-pagetable spinlocks
parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page
dmaengine: bestcomm: fix system boot lockups
powerpc/pseries/mobility: refactor node lookup during DT update
powerpc/pseries/mobility: ignore ibm, platform-facilities updates
usb: cdns3: gadget: fix new urb never complete if ep cancel previous requests
platform/x86/intel: hid: add quirk to support Surface Go 3
net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
of: fdt: fix off-by-one error in unflatten_dt_nodes()
pinctrl: sunxi: Fix name for A100 R_PIO
NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
drm/meson: Correct OSD1 global alpha value
drm/meson: Fix OSD1 RGB to YCbCr coefficient
parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
tracing: hold caller_addr to hardirq_{enable,disable}_ip
of/device: Fix up of_dma_configure_id() stub
cifs: revalidate mapping when doing direct writes
cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa
video: fbdev: i740fb: Error out if 'pixclock' equals zero
Revert "serial: 8250: Fix reporting real baudrate value in c_ospeed field"
ASoC: nau8824: Fix semaphore unbalance at error paths
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
rxrpc: Fix local destruction being repeated
rxrpc: Fix calc of resend age
wifi: mac80211_hwsim: check length for virtio packets
ALSA: hda/sigmatel: Keep power up while beep is enabled
ALSA: hda/tegra: Align BDL entry to 4KB boundary
net: usb: qmi_wwan: add Quectel RM520N
afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
mksysmap: Fix the mismatch of 'L0' symbols in System.map
video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
ALSA: hda/sigmatel: Fix unused variable warning for beep power change
Linux 5.10.145
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I93aa581c488160ed80c8092688fcae115f960143
[ Upstream commit a09d2d00af ]
In pxa3xx_gcu_write, a count parameter of type size_t is passed to words of
type int. Then, copy_from_user() may cause a heap overflow because it is used
as the third argument of copy_from_user().
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c17a253870 ]
When System.map was generated, the kernel used mksysmap to filter the
kernel symbols, we need to filter "L0" symbols in LoongArch architecture.
$ cat System.map | grep L0
9000000000221540 t L0
The L0 symbol exists in System.map, but not in .tmp_System.map. When
"cmp -s System.map .tmp_System.map" will show "Inconsistent kallsyms
data" error message in link-vmlinux.sh script.
Signed-off-by: Youling Tang <tangyouling@loongson.cn>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ba912afbd6 ]
For irq_domain_associate() to work the virq descriptor has to be
pre-allocated in advance. Otherwise the following happens:
WARNING: CPU: 0 PID: 0 at .../kernel/irq/irqdomain.c:527 irq_domain_associate+0x298/0x2e8
error: virq128 is not allocated
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.78-... #1
...
Call Trace:
[<ffffffff801344c4>] show_stack+0x9c/0x130
[<ffffffff80769550>] dump_stack+0x90/0xd0
[<ffffffff801576d0>] __warn+0x118/0x130
[<ffffffff80157734>] warn_slowpath_fmt+0x4c/0x70
[<ffffffff801b83c0>] irq_domain_associate+0x298/0x2e8
[<ffffffff80a43bb8>] octeon_irq_init_ciu+0x4c8/0x53c
[<ffffffff80a76cbc>] of_irq_init+0x1e0/0x388
[<ffffffff80a452cc>] init_IRQ+0x4c/0xf4
[<ffffffff80a3cc00>] start_kernel+0x404/0x698
Use irq_alloc_desc_at() to avoid the above problem.
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8c0427842a ]
An invalid packet with a length shorter than the specified length in the
netlink header can lead to use-after-frees and slab-out-of-bounds in the
processing of the netlink attributes, such as the following:
BUG: KASAN: slab-out-of-bounds in __nla_validate_parse+0x1258/0x2010
Read of size 2 at addr ffff88800ac7952c by task kworker/0:1/12
Workqueue: events hwsim_virtio_rx_work
Call Trace:
<TASK>
dump_stack_lvl+0x45/0x5d
print_report.cold+0x5e/0x5e5
kasan_report+0xb1/0x1c0
__nla_validate_parse+0x1258/0x2010
__nla_parse+0x22/0x30
hwsim_virtio_handle_cmd.isra.0+0x13f/0x2d0
hwsim_virtio_rx_work+0x1b2/0x370
process_one_work+0x8df/0x1530
worker_thread+0x575/0x11a0
kthread+0x29d/0x340
ret_from_fork+0x22/0x30
</TASK>
Discarding packets with an invalid length solves this.
Therefore, skb->len must be set at reception.
Change-Id: Ieaeb9a4c62d3beede274881a7c2722c6c6f477b6
Signed-off-by: Soenke Huster <soenke.huster@eknoes.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 214a9dc7d8 ]
Fix the calculation of the resend age to add a microsecond value as
microseconds, not nanoseconds.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d3d863036d ]
If the local processor work item for the rxrpc local endpoint gets requeued
by an event (such as an incoming packet) between it getting scheduled for
destruction and the UDP socket being closed, the rxrpc_local_destroyer()
function can get run twice. The second time it can hang because it can end
up waiting for cleanup events that will never happen.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 78e1e867f4 ]
The pfuze_chip::regulator_descs is an array of size
PFUZE100_MAX_REGULATOR, the pfuze_chip::pfuze_regulators
is the pointer to the real regulators of a specific device.
The number of real regulator is supposed to be less than
the PFUZE100_MAX_REGULATOR, so we should use the size of
'regulator_num * sizeof(struct pfuze_regulator)' in memcpy().
This fixes the out of bounds access bug reported by KASAN.
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Link: https://lore.kernel.org/r/20220825111922.1368055-1-xiaolei.wang@windriver.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit d02b006b29 upstream.
This reverts commit 32262e2e42.
The commit in question claims to determine the inverse of
serial8250_get_divisor() but failed to notice that some drivers override
the default implementation using a get_divisor() callback.
This means that the computed line-speed values can be completely wrong
and results in regular TCSETS requests failing (the incorrect values
would also be passed to any overridden set_divisor() callback).
Similarly, it also failed to honour the old (deprecated) ASYNC_SPD_FLAGS
and would break applications relying on those when re-encoding the
actual line speed.
There are also at least two quirks, UART_BUG_QUOT and an OMAP1510
workaround, which were happily ignored and that are now broken.
Finally, even if the offending commit were to be implemented correctly,
this is a new feature and not something which should be backported to
stable.
Cc: Pali Rohár <pali@kernel.org>
Fixes: 32262e2e42 ("serial: 8250: Fix reporting real baudrate value in c_ospeed field")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211007133146.28949-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 15cf0b8227 upstream.
The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of 'pixclock',
it may cause divide error.
Fix this by checking whether 'pixclock' is zero in the function
i740fb_check_var().
The following log reveals it:
divide error: 0000 [#1] PREEMPT SMP KASAN PTI
RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:444 [inline]
RIP: 0010:i740fb_set_par+0x272f/0x3bb0 drivers/video/fbdev/i740fb.c:739
Call Trace:
fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1036
do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1112
fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1191
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7500a99281 upstream.
Kernel bugzilla: 216301
When doing direct writes we need to also invalidate the mapping in case
we have a cached copy of the affected page(s) in memory or else
subsequent reads of the data might return the old/stale content
before we wrote an update to the server.
Cc: stable@vger.kernel.org
Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 54c3931957 ]
Currently, The arguments passing to lockdep_hardirqs_{on,off} was fixed
in CALLER_ADDR0.
The function trace_hardirqs_on_caller should have been intended to use
caller_addr to represent the address that caller wants to be traced.
For example, lockdep log in riscv showing the last {enabled,disabled} at
__trace_hardirqs_{on,off} all the time(if called by):
[ 57.853175] hardirqs last enabled at (2519): __trace_hardirqs_on+0xc/0x14
[ 57.853848] hardirqs last disabled at (2520): __trace_hardirqs_off+0xc/0x14
After use trace_hardirqs_xx_caller, we can get more effective information:
[ 53.781428] hardirqs last enabled at (2595): restore_all+0xe/0x66
[ 53.782185] hardirqs last disabled at (2596): ret_from_exception+0xa/0x10
Link: https://lkml.kernel.org/r/20220901104515.135162-2-zouyipeng@huawei.com
Cc: stable@vger.kernel.org
Fixes: c3bc8fd637 ("tracing: Centralize preemptirq tracepoints and unify their usage")
Signed-off-by: Yipeng Zou <zouyipeng@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6463d3930b ]
VPP_WRAP_OSD1_MATRIX_COEF22.Coeff22 is documented as being bits 0-12,
not 16-28.
Without this the output tends to have a pink hue, changing it results
in better color accuracy.
The vendor kernel doesn't use this register. However the code which
sets VIU2_OSD1_MATRIX_COEF22 also uses bits 0-12. There is a slightly
different style of registers for configuring some of the other matrices,
which do use bits 16-28 for this coefficient, but those have names
ending in MATRIX_COEF22_30, and this is not one of those.
Signed-off-by: Stuart Menefy <stuart.menefy@mathembedded.com>
Fixes: 728883948b ("drm/meson: Add G12A Support for VIU setup")
Reviewed-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220908155243.687143-1-stuart.menefy@mathembedded.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 279c12df8d ]
Commit e39d5ef678 ("powerpc/5xxx: extend mpc8xxx_gpio driver to support
mpc512x gpios") implemented support for IRQ_TYPE_LEVEL_LOW flow type in
mpc512x via falling edge type. Do same for mpc85xx which support was added
in commit 345e5c8a1c ("powerpc: Add interrupt support to mpc8xxx_gpio").
Fixes probing of lm90 hwmon driver on mpc85xx based board which use level
interrupt. Without it kernel prints error and refuse lm90 to work:
[ 15.258370] genirq: Setting trigger mode 8 for irq 49 failed (mpc8xxx_irq_set_type+0x0/0xf8)
[ 15.267168] lm90 0-004c: cannot request IRQ 49
[ 15.272708] lm90: probe of 0-004c failed with error -22
Fixes: 345e5c8a1c ("powerpc: Add interrupt support to mpc8xxx_gpio")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2a9d683b48 ]
The NFSv4.0 protocol only supports open() by name. It cannot therefore
be used with open_by_handle() and friends, nor can it be re-exported by
knfsd.
Reported-by: Chuck Lever III <chuck.lever@oracle.com>
Fixes: 20fa190272 ("nfs: add export operations")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2f945a792f ]
Commit 78c44d910d ("drivers/of: Fix depth when unflattening devicetree")
forgot to fix up the depth check in the loop body in unflatten_dt_nodes()
which makes it possible to overflow the nps[] buffer...
Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.
Fixes: 78c44d910d ("drivers/of: Fix depth when unflattening devicetree")
Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>
Signed-off-by: Rob Herring <robh@kernel.org>
Link: https://lore.kernel.org/r/7c354554-006f-6b31-c195-cdfe4caee392@omp.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 04ec4e6250 ]
Martyn Welch reports that his CPU port is unable to link where it has
been necessary to use one of the switch ports with an internal PHY for
the CPU port. The reason behind this is the port control register is
left forcing the link down, preventing traffic flow.
This occurs because during initialisation, phylink expects the link to
be down, and DSA forces the link down by synthesising a call to the
DSA drivers phylink_mac_link_down() method, but we don't touch the
forced-link state when we later reconfigure the port.
Resolve this by also unforcing the link state when we are operating in
PHY mode and the PPU is set to poll the PHY to retrieve link status
information.
Reported-by: Martyn Welch <martyn.welch@collabora.com>
Tested-by: Martyn Welch <martyn.welch@collabora.com>
Fixes: 3be98b2d5f ("net: dsa: Down cpu/dsa ports phylink will control")
Cc: <stable@vger.kernel.org> # 5.7: 2b29cb9e3f: net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's"
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1mvFhP-00F8Zb-Ul@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 319fa1a52e ]
On VMs with NX encryption, compression, and/or RNG offload, these
capabilities are described by nodes in the ibm,platform-facilities device
tree hierarchy:
$ tree -d /sys/firmware/devicetree/base/ibm,platform-facilities/
/sys/firmware/devicetree/base/ibm,platform-facilities/
├── ibm,compression-v1
├── ibm,random-v1
└── ibm,sym-encryption-v1
3 directories
The acceleration functions that these nodes describe are not disrupted by
live migration, not even temporarily.
But the post-migration ibm,update-nodes sequence firmware always sends
"delete" messages for this hierarchy, followed by an "add" directive to
reconstruct it via ibm,configure-connector (log with debugging statements
enabled in mobility.c):
mobility: removing node /ibm,platform-facilities/ibm,random-v1:4294967285
mobility: removing node /ibm,platform-facilities/ibm,compression-v1:4294967284
mobility: removing node /ibm,platform-facilities/ibm,sym-encryption-v1:4294967283
mobility: removing node /ibm,platform-facilities:4294967286
...
mobility: added node /ibm,platform-facilities:4294967286
Note we receive a single "add" message for the entire hierarchy, and what
we receive from the ibm,configure-connector sequence is the top-level
platform-facilities node along with its three children. The debug message
simply reports the parent node and not the whole subtree.
Also, significantly, the nodes added are almost completely equivalent to
the ones removed; even phandles are unchanged. ibm,shared-interrupt-pool in
the leaf nodes is the only property I've observed to differ, and Linux does
not use that. So in practice, the sum of update messages Linux receives for
this hierarchy is equivalent to minor property updates.
We succeed in removing the original hierarchy from the device tree. But the
vio bus code is ignorant of this, and does not unbind or relinquish its
references. The leaf nodes, still reachable through sysfs, of course still
refer to the now-freed ibm,platform-facilities parent node, which makes
use-after-free possible:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 3 PID: 1706 at lib/refcount.c:25 refcount_warn_saturate+0x164/0x1f0
refcount_warn_saturate+0x160/0x1f0 (unreliable)
kobject_get+0xf0/0x100
of_node_get+0x30/0x50
of_get_parent+0x50/0xb0
of_fwnode_get_parent+0x54/0x90
fwnode_count_parents+0x50/0x150
fwnode_full_name_string+0x30/0x110
device_node_string+0x49c/0x790
vsnprintf+0x1c0/0x4c0
sprintf+0x44/0x60
devspec_show+0x34/0x50
dev_attr_show+0x40/0xa0
sysfs_kf_seq_show+0xbc/0x200
kernfs_seq_show+0x44/0x60
seq_read_iter+0x2a4/0x740
kernfs_fop_read_iter+0x254/0x2e0
new_sync_read+0x120/0x190
vfs_read+0x1d0/0x240
Moreover, the "new" replacement subtree is not correctly added to the
device tree, resulting in ibm,platform-facilities parent node without the
appropriate leaf nodes, and broken symlinks in the sysfs device hierarchy:
$ tree -d /sys/firmware/devicetree/base/ibm,platform-facilities/
/sys/firmware/devicetree/base/ibm,platform-facilities/
0 directories
$ cd /sys/devices/vio ; find . -xtype l -exec file {} +
./ibm,sym-encryption-v1/of_node: broken symbolic link to
../../../firmware/devicetree/base/ibm,platform-facilities/ibm,sym-encryption-v1
./ibm,random-v1/of_node: broken symbolic link to
../../../firmware/devicetree/base/ibm,platform-facilities/ibm,random-v1
./ibm,compression-v1/of_node: broken symbolic link to
../../../firmware/devicetree/base/ibm,platform-facilities/ibm,compression-v1
This is because add_dt_node() -> dlpar_attach_node() attaches only the
parent node returned from configure-connector, ignoring any children. This
should be corrected for the general case, but fixing that won't help with
the stale OF node references, which is the more urgent problem.
One way to address that would be to make the drivers respond to node
removal notifications, so that node references can be dropped
appropriately. But this would likely force the drivers to disrupt active
clients for no useful purpose: equivalent nodes are immediately re-added.
And recall that the acceleration capabilities described by the nodes remain
available throughout the whole process.
The solution I believe to be robust for this situation is to convert
remove+add of a node with an unchanged phandle to an update of the node's
properties in the Linux device tree structure. That would involve changing
and adding a fair amount of code, and may take several iterations to land.
Until that can be realized we have a confirmed use-after-free and the
possibility of memory corruption. So add a limited workaround that
discriminates on the node type, ignoring adds and removes. This should be
amenable to backporting in the meantime.
Fixes: 410bccf978 ("powerpc/pseries: Partition migration in the kernel")
Cc: stable@vger.kernel.org
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211020194703.2613093-1-nathanl@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2efd7f6eb9 ]
In pseries_devicetree_update(), with each call to ibm,update-nodes the
partition firmware communicates the node to be deleted or updated by
placing its phandle in the work buffer. Each of delete_dt_node(),
update_dt_node(), and add_dt_node() have duplicate lookups using the
phandle value and corresponding refcount management.
Move the lookup and of_node_put() into pseries_devicetree_update(),
and emit a warning on any failed lookups.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201207215200.1785968-29-nathanl@linux.ibm.com
Stable-dep-of: 319fa1a52e ("powerpc/pseries/mobility: ignore ibm, platform-facilities updates")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 38860b2c8b ]
For years, there have been random segmentation faults in userspace on
SMP PA-RISC machines. It occurred to me that this might be a problem in
set_pte_at(). MIPS and some other architectures do cache flushes when
installing PTEs with the present bit set.
Here I have adapted the code in update_mmu_cache() to flush the kernel
mapping when the kernel flush is deferred, or when the kernel mapping
may alias with the user mapping. This simplifies calls to
update_mmu_cache().
I also changed the barrier in set_pte() from a compiler barrier to a
full memory barrier. I know this change is not sufficient to fix the
problem. It might not be needed.
I have had a few days of operation with 5.14.16 to 5.15.1 and haven't
seen any random segmentation faults on rp3440 or c8000 so far.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@kernel.org # 5.12+
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b7795074a0 ]
On parisc a spinlock is stored in the next page behind the pgd which
protects against parallel accesses to the pgd. That's why one additional
page (PGD_ALLOC_ORDER) is allocated for the pgd.
Matthew Wilcox suggested that we instead should use a pointer in the
struct page table for this spinlock and noted, that the comments for the
PGD_ORDER and PMD_ORDER defines were wrong.
Both suggestions are addressed with this patch. Instead of having an own
spinlock to protect the pgd, we now switch to use the existing
page_table_lock. Additionally, beside loading the pgd into cr25 in
switch_mm_irqs_off(), the physical address of this lock is loaded into
cr28 (tr4), so that we can avoid implementing a complicated lookup in
assembly for this lock in the TLB fault handlers.
The existing Hybrid L2/L3 page table scheme (where the pmd is adjacent
to the pgd) has been dropped with this patch.
Remove the locking in set_pte() and the huge-page pte functions too.
They trigger a spinlock recursion on 32bit machines and seem unnecessary.
Suggested-by: Matthew Wilcox <willy@infradead.org>
Fixes: b37d1c1898 ("parisc: Use per-pagetable spinlock")
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Stable-dep-of: 38860b2c8b ("parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 32262e2e42 ]
In most cases it is not possible to set exact baudrate value to hardware.
So fix reporting real baudrate value which was set to hardware via c_ospeed
termios field. It can be retrieved by ioctl(TCGETS2) from userspace.
Real baudrate value is calculated from chosen hardware divisor and base
clock. It is implemented in a new function serial8250_compute_baud_rate()
which is inverse of serial8250_get_divisor() function.
With this change is fixed also UART timeout value (it is updated via
uart_update_timeout() function), which is calculated from the now fixed
baudrate value too.
Cc: stable@vger.kernel.org
Signed-off-by: Pali Rohár <pali@kernel.org>
Link: https://lore.kernel.org/r/20210927093704.19768-1-pali@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 235cee1624 ]
Commit 112665286d ("KVM: PPC: Book3S HV: Context tracking exit guest
context before enabling irqs") moved guest_exit() into the interrupt
protected area to avoid wrong context warning (or worse). The problem is
that tick-based time accounting has not yet been updated at this point
(because it depends on the timer interrupt firing), so the guest time
gets incorrectly accounted to system time.
To fix the problem, follow the x86 fix in commit 1604571401 ("Defer
vtime accounting 'til after IRQ handling"), and allow host IRQs to run
before accounting the guest exit time.
In the case vtime accounting is enabled, this is not required because TB
is used directly for accounting.
Before this patch, with CONFIG_TICK_CPU_ACCOUNTING=y in the host and a
guest running a kernel compile, the 'guest' fields of /proc/stat are
stuck at zero. With the patch they can be observed increasing roughly as
expected.
Fixes: e233d54d4d ("KVM: booke: use __kvm_guest_exit")
Fixes: 112665286d ("KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs")
Cc: stable@vger.kernel.org # 5.12+
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
[np: only required for tick accounting, add Book3E fix, tweak changelog]
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20211027142150.3711582-1-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 112665286d ]
Interrupts that occur in kernel mode expect that context tracking
is set to kernel. Enabling local irqs before context tracking
switches from guest to host means interrupts can come in and trigger
warnings about wrong context, and possibly worse.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210130130852.2952424-3-npiggin@gmail.com
Stable-dep-of: 235cee1624 ("KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Changes in 5.10.144
ARM: dts: imx: align SPI NOR node name with dtschema
ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
iommu/vt-d: Correctly calculate sagaw value of IOMMU
tracefs: Only clobber mode/uid/gid on remount if asked
Input: goodix - add support for GT1158
drm/msm/rd: Fix FIFO-full deadlock
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
tg3: Disable tg3 device on system reboot to avoid triggering AER
gpio: mockup: remove gpio debugfs when remove device
ieee802154: cc2520: add rc code in cc2520_tx()
Input: iforce - add support for Boeder Force Feedback Wheel
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
drm/amd/amdgpu: skip ucode loading if ucode_size == 0
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
Revert "x86/ftrace: Use alternative RET encoding"
x86/ibt,ftrace: Make function-graph play nice
x86/ftrace: Use alternative RET encoding
soc: fsl: select FSL_GUTS driver for DPIO
Input: goodix - add compatible string for GT1158
Linux 5.10.144
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie5222afc95240a8f4b6b4b42d249a8d00eaf661f
Changes in 5.10.143
NFSD: Fix verifier returned in stable WRITEs
xen-blkfront: Cache feature_persistent value before advertisement
tty: n_gsm: initialize more members at gsm_alloc_mux()
tty: n_gsm: avoid call of sleeping functions from atomic context
efi: libstub: Disable struct randomization
efi: capsule-loader: Fix use-after-free in efi_capsule_write
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
fs: only do a memory barrier for the first set_buffer_uptodate()
Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
scsi: megaraid_sas: Fix double kfree()
drm/gem: Fix GEM handle release errors
drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
drm/radeon: add a force flush to delay work when radeon
parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
net/core/skbuff: Check the return value of skb_copy_bits()
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
ALSA: aloop: Fix random zeros in capture data when using jiffies timer
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
kprobes: Prohibit probes in gate area
debugfs: add debugfs_lookup_and_remove()
nvmet: fix a use-after-free
drm/i915: Implement WaEdpLinkRateDataReload
scsi: mpt3sas: Fix use-after-free warning
scsi: lpfc: Add missing destroy_workqueue() in error path
cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
smb3: missing inode locks in punch hole
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
regulator: core: Clean up on enable failure
tee: fix compiler warning in tee_shm_register()
RDMA/cma: Fix arguments order in net device validation
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
RDMA/hns: Fix supported page size
RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift
ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges
ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges
ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time
ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time
netfilter: br_netfilter: Drop dst references before setting.
netfilter: nf_tables: clean up hook list when offload flags check fails
netfilter: nf_conntrack_irc: Fix forged IP logic
ALSA: usb-audio: Inform the delayed registration more properly
ALSA: usb-audio: Register card again for iface over delayed_register option
rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
afs: Use the operation issue time instead of the reply time for callbacks
sch_sfb: Don't assume the skb is still around after enqueueing to child
tipc: fix shift wrapping bug in map_get()
ice: use bitmap_free instead of devm_kfree
i40e: Fix kernel crash during module removal
xen-netback: only remove 'hotplug-status' when the vif is actually destroyed
RDMA/siw: Pass a pointer to virt_to_page()
ipv6: sr: fix out-of-bounds read when setting HMAC data.
IB/core: Fix a nested dead lock as part of ODP flow
RDMA/mlx5: Set local port to one when accessing counters
nvme-tcp: fix UAF when detecting digest errors
nvme-tcp: fix regression that causes sporadic requests to time out
tcp: fix early ETIMEDOUT after spurious non-SACK RTO
sch_sfb: Also store skb len before calling child enqueue
ASoC: mchp-spdiftx: remove references to mchp_i2s_caps
ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion
MIPS: loongson32: ls1c: Fix hang during startup
swiotlb: avoid potential left shift overflow
iommu/amd: use full 64-bit value in build_completion_wait()
hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined
hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors
hwmon: (mr75203) fix voltage equation for negative source input
hwmon: (mr75203) fix multi-channel voltage reading
hwmon: (mr75203) enable polling for all VM channels
arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly
Linux 5.10.143
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia1bc1b76bcad0e2cb3b27d1a37278b1d24c6b90d
This reverts commit abe3cfb7a7 which is
commit 9c6d778800 upstream.
It breaks the Android kernel ABI and shouldn't be needed for any normal
Android devices. If this is needed in the future, it can be brought
back in an ABI-stable manner.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If15008828936f3675e8109f1b13b6b065aed4c46
This reverts commit 5a603f4c12 which is
commit 33e321586e upstream.
It breaks the Android kernel ABI and shouldn't be needed for any normal
Android devices. If this is needed in the future, it can be brought
back in an ABI-stable manner.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6654f57f1f234421ec8573dc741e3e8bdb7e287b
Changes in 5.10.142
drm/msm/dsi: fix the inconsistent indenting
drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
drm/msm/dsi: Fix number of regulators for SDM660
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
iio: adc: mcp3911: make use of the sign bit
bpf, cgroup: Fix kernel BUG in purge_effective_progs
ieee802154/adf7242: defer destroy_workqueue call
ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg
ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
Revert "xhci: turn off port power in shutdown"
net: sched: tbf: don't call qdisc_put() while holding tree lock
net/sched: fix netdevice reference leaks in attach_default_qdiscs()
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
kcm: fix strp_init() order and cleanup
sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
tcp: annotate data-race around challenge_timestamp
Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
net/smc: Remove redundant refcount increase
serial: fsl_lpuart: RS485 RTS polariy is inverse
staging: rtl8712: fix use after free bugs
powerpc: align syscall table for ppc32
vt: Clear selection before changing the font
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
iio: ad7292: Prevent regulator double disable
iio: adc: mcp3911: use correct formula for AD conversion
misc: fastrpc: fix memory corruption on probe
misc: fastrpc: fix memory corruption on open
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
binder: fix UAF of ref->proc caused by race condition
drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
clk: core: Fix runtime PM sequence in clk_core_unprepare()
Input: rk805-pwrkey - fix module autoloading
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
clk: bcm: rpi: Prevent out-of-bounds access
clk: bcm: rpi: Add missing newline
hwmon: (gpio-fan) Fix array out of bounds access
gpio: pca953x: Add mutex_lock for regcache sync in PM
KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES
xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
mm: pagewalk: Fix race between unmap and page walker
xen-blkback: Advertise feature-persistent as user requested
xen-blkfront: Advertise feature-persistent as user requested
thunderbolt: Use the actual buffer in tb_async_error()
media: mceusb: Use new usb_control_msg_*() routines
xhci: Add grace period after xHC start to prevent premature runtime suspend.
USB: serial: cp210x: add Decagon UCA device id
USB: serial: option: add support for OPPO R11 diag port
USB: serial: option: add Quectel EM060K modem
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
usb: dwc2: fix wrong order of phy_power_on and phy_init
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
usb-storage: Add ignore-residue quirk for NXP PN7462AU
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
s390: fix nospec table alignments
USB: core: Prevent nested device-reset calls
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
driver core: Don't probe devices after bus_type.match() probe deferral
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
ip: fix triggering of 'icmp redirect'
net: Use u64_stats_fetch_begin_irq() for stats fetch.
net: mac802154: Fix a condition in the receive path
ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
ALSA: seq: oss: Fix data-race for max_midi_devs access
ALSA: seq: Fix data-race at module auto-loading
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
btrfs: harden identification of a stale device
mmc: core: Fix UHS-I SD 1.8V workaround branch
usb: dwc3: fix PHY disable sequence
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
usb: dwc3: disable USB core PHY management
USB: serial: ch341: fix lost character on LCR updates
USB: serial: ch341: fix disabled rx timer on older devices
Linux 5.10.142
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I32d9b4c4c0e6c802744abb8b1c87ad794f4de0c8
This reverts commit 98f401d363 which is
commit 2555283eb4 upstream.
It currently breaks the Android kernel ABI. If it needs to come back,
it should be done in an ABI-safe way.
Bug: 161946584
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I46a7a4ffc5d2725146787ea7273a42a5cf062ed4
This reverts commit 28d8d2737e.
This breaks the Android api and for now, does not seem to be necessary
due to the lack of io_uring users in this kernel branch. If io_uring
starts to be used more, it can be brought back in a ABI-safe way.
Bug: 161946584
Bug: 248008710
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2696bd5e1ad61d3ab0e8d06f4ffe46718bb05845
