Changes in 5.10.119
lockdown: also lock down previous kgdb use
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
KVM: x86: Properly handle APF vs disabled LAPIC situation
KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
tcp: change source port randomizarion at connect() time
secure_seq: use the 64 bits of the siphash for port offset calculation
media: vim2m: Register video device after setting up internals
media: vim2m: initialize the media device earlier
ACPI: sysfs: Make sparse happy about address space in use
ACPI: sysfs: Fix BERT error region memory mapping
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
MAINTAINERS: add git tree for random.c
crypto: lib/blake2s - Move selftest prototype into header file
crypto: blake2s - define shash_alg structs using macros
crypto: x86/blake2s - define shash_alg structs using macros
crypto: blake2s - remove unneeded includes
crypto: blake2s - move update and final logic to internal/blake2s.h
crypto: blake2s - share the "shash" API boilerplate code
crypto: blake2s - optimize blake2s initialization
crypto: blake2s - add comment for blake2s_state fields
crypto: blake2s - adjust include guard naming
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
lib/crypto: blake2s: include as built-in
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: selectively clang-format where it makes sense
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: get rid of secondary crngs
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use simpler fast key erasure flow on per-cpu keys
random: use hash function for crng_slow_load()
random: make more consistent use of integer types
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: fix locking for crng_init in crng_reseed()
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group crng functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: allow partial reads if later user copies fail
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
riscv: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: use first 128 bits of input as fast init
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: move initialization out of reseeding hot path
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: make consistent use of buf and len
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: unify batched entropy implementations
random: convert to using fops->read_iter()
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
ALSA: ctxfi: Add SB046x PCI ID
Linux 5.10.119
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I65f898474b7704881a3dd528012e7e91b09b3767
commit d270453a0d upstream.
There are destructive operations such as nfcmrvl_fw_dnld_abort and
gpio_free in nfcmrvl_nci_unregister_dev. The resources such as firmware,
gpio and so on could be destructed while the upper layer functions such as
nfcmrvl_fw_dnld_start and nfcmrvl_nci_recv_frame is executing, which leads
to double-free, use-after-free and null-ptr-deref bugs.
There are three situations that could lead to double-free bugs.
The first situation is shown below:
(Thread 1) | (Thread 2)
nfcmrvl_fw_dnld_start |
... | nfcmrvl_nci_unregister_dev
release_firmware() | nfcmrvl_fw_dnld_abort
kfree(fw) //(1) | fw_dnld_over
| release_firmware
... | kfree(fw) //(2)
| ...
The second situation is shown below:
(Thread 1) | (Thread 2)
nfcmrvl_fw_dnld_start |
... |
mod_timer |
(wait a time) |
fw_dnld_timeout | nfcmrvl_nci_unregister_dev
fw_dnld_over | nfcmrvl_fw_dnld_abort
release_firmware | fw_dnld_over
kfree(fw) //(1) | release_firmware
... | kfree(fw) //(2)
The third situation is shown below:
(Thread 1) | (Thread 2)
nfcmrvl_nci_recv_frame |
if(..->fw_download_in_progress)|
nfcmrvl_fw_dnld_recv_frame |
queue_work |
|
fw_dnld_rx_work | nfcmrvl_nci_unregister_dev
fw_dnld_over | nfcmrvl_fw_dnld_abort
release_firmware | fw_dnld_over
kfree(fw) //(1) | release_firmware
| kfree(fw) //(2)
The firmware struct is deallocated in position (1) and deallocated
in position (2) again.
The crash trace triggered by POC is like below:
BUG: KASAN: double-free or invalid-free in fw_dnld_over
Call Trace:
kfree
fw_dnld_over
nfcmrvl_nci_unregister_dev
nci_uart_tty_close
tty_ldisc_kill
tty_ldisc_hangup
__tty_hangup.part.0
tty_release
...
What's more, there are also use-after-free and null-ptr-deref bugs
in nfcmrvl_fw_dnld_start. If we deallocate firmware struct, gpio or
set null to the members of priv->fw_dnld in nfcmrvl_nci_unregister_dev,
then, we dereference firmware, gpio or the members of priv->fw_dnld in
nfcmrvl_fw_dnld_start, the UAF or NPD bugs will happen.
This patch reorders destructive operations after nci_unregister_device
in order to synchronize between cleanup routine and firmware download
routine.
The nci_unregister_device is well synchronized. If the device is
detaching, the firmware download routine will goto error. If firmware
download routine is executing, nci_unregister_device will wait until
firmware download routine is finished.
Bug: 234690530
Fixes: 3194c68701 ("NFC: nfcmrvl: add firmware download support")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I8cc1f6450c7fecf5f5994033931da1d23a522282
Provide a vendor hook android_vh_free_pages to clear the
information in struct page_ext, when the page is freed.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Iac8e3a72f59f8d3ae16dbc93d94034fe4b627d61
Create and export a function is_swap_slot_cache_enabled
to check whether the swap slot cache can be used.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Iaca9519b838e0c3c8c06acbec83003f8309aa363
Provide a vendor hook android_vh_swap_slot_cache_active to
pass the active status of swap_slots_cache. This status
will be used in the process of reclaiming the pages that
is required to be reclaimed to a specified swap location.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I8211760e0f37fe4a514f6ceaae9993925da8cd6d
Export swapcache_free_entries to be used in the alternative function
android_vh_drain_slots_cache_cpu to swap entries in swap slot cache,
it's usage is similar to the usage in drain_slots_cache_cpu.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ia89b1728d540c5cc8995a939a918e12c23057266
3 symbols are exported to be used in vendor hook android_vh_get_swap_page:
1)check_cache_active, used to get swap page from the specified
swap location, it's usage is similar to the usage in get_swap_page
2)scan_swap_map_slots, used to get swap page from the specified swap,
it's usage is similar to get_swap_pages
3)swap_alloc_cluster, used to get swap page from the specified swap,
it's usage is similar to get_swap_pages
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ie24c5d32a16c7cb87905d034095ec8fb070dbe0f
Three vendor hooks are provided to extend struct swap_slots_cache.
The extended data are used to record the information of the
specified reclaimed swap location:
1) android_vh_alloc_swap_slot_cache, replace the function
alloc_swap_slot_cache adding allocation of the extension
of struct swap_slots_cache;
2) android_vh_drain_slots_cache_cpu, replace the function
drain_slots_cache_cpu adding the initialization of the
extension of struct swap_slots_cache;
3) android_vh_get_swap_page, replace the function get_swap_page,
according to the reclaimed location information of the page,
get the the swap page from the specified swap location;
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I3bce6e8cf255df1d879b7c4022d54981cce7c273
The function swap_type_to_swap_info is exported to access the
swap_info_struct of the specified swap, which is regarded as
reserved extended memory.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I0107e7d561150f1945a4c161e886e9e03383fff6
Provide a vendor hook android_vh_si_swapinf to replace the
process of updating nr_to_be_unused. When the page is swapped
to a specified swap location, nr_to_be_unused should not be
updated. Because the specified swap is regarded as a reserved
extended memory.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ie41caec345658589bf908fb0f96d038d1fba21f3
Two vendor hooks are added to extend the struct swap_info_struct:
android_vh_alloc_si, extend the allocation of struct swap_info_struct,
adding data to record the information of specified reclaimed location;
android_vh_init_swap_info_struct, adding initializing the extension of
struct swap_info_struct;
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I0e1d8e38ba7dfd52b609b1c14eb78f8b0ef0f9e6
When the page is unused, a vendor hook android_vh_unuse_swap_page
should be called to specify that the page should not be swapped
to the specified swap location any more.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I3fc3675020517f7cc69c76a06150dfb2380dae21
Provide a vendor hook to replace the function free_swap_slot,
adding the free_swap_slot process of pages swapped to the
specified swap location(i.e., the reserved expended memory)
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Idd6d0007e64d56d556d1234a8b931fce06031809
The specified swap is regarded as reserved extended memory.
So nr_swap_pages and total_swap_pages should not be affected
by the specified swap.
Provide a vendor hook android_vh_account_swap_pages to replace
the updating process of nr_swap_pages and total_swap_pages.
When the page is swapped to the specified swap location,
nr_swap_pages and total_swap_pages should not be updated.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ib8dfb355d190399a037b9d9eda478a81c436e224
Add android_vh_page_referenced_one_end at the end of function
page_referenced_one to update the status that whether the page
need to be reclaimed to a specified swap location.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ia06a229956328ef776da5d163708dcb011a327fb
android_vh_count_pswpin, Update the write I/O statistics of the swap;
android_vh_count_pswpout, Update the read I/O statistics of the swap;
android_vh_count_swpout_vm_event, Replace count_swpout_vm_event with
adding updating the I/O statistics of the swap;
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I4eb69db59fe2d822555a508c2f0c6cd5ca9083d1
Provide a vendor hook to copy the status whether the page need to be
reclaimed to a specified swap location.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I1a451b40407718900b56de6ed17b7fd5ef56da01
android_vh_waiting_for_page_migration: provide a vendor hook
to force not to reclaim the page under migration to a specified
swap location, until the migration is finished.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Iceeae91cbd912d9c44d7eac25f1299bbff547388
android_vh_handle_pte_fault_end: after handle_pte_fault, update
the information that whether this page need to be reclaimed to
a swap location.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I0ceb02422fc858ed96fbb47e220bf96bdc8fa68c
android_vh_swapin_add_anon_rmap: after add pte mapping to an anonymous
page durning do_swap_page, update the status that whether this page
need to be reclaimed to a swap location, according to the information
of vm_fault.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I8a2d603102c315323817e6c9366db9b0da878344
android_vh_cow_user_page: when copy a page to a new page, set the
status that whether the new page should be reclaimed to a specified
swap location, according to the information of vm_fault.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ie445c7b034ca176ec1e8fd1cd67c88581bf9ddf4
Provide a vendor hook android_vh_page_isolated_for_reclaim to
process whether the page should be reclaimed to a specified
swap(i.e., the expanded memory).
This strategy will take into account the state of the current
process/application, resource usage, and other information.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Id80a377c87bea13922e7b23963b050ab37ba0cb0
Provide a vendor hook android_vh_snapshot_refaults to record the
refault statistics of WORKINGSET_RESTORE_ANON;
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I20eb5ea99bf21fa8ba34b45e87d2ab9e9cdca167
Provide a vendor hook android_vh_inactive_is_low to replace the
calculation process of inactive_ratio.
The alternative calculation algorithm takes into account the
difference between file pages and anonymous pages.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I6cf9c47fbc440852cc36e04f49d644146eb2c6af
The inclusion of the internal kernel/cgroup/cgroup-internal.h header
broke some androidci builds.
Bug: 233047575
Fixes: 1590a0e8e1 ("ANDROID: GKI: include more type definitions in vendor hooks")
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I3139b63e5bea277c6687ce1c3c69db35059f3825
After 7b26719a77c4 ("ANDROID: GKI: use internal type definitions in
vendor hooks") we stopped providing a forward declaration of 'struct
uclamp_se' and instead relied on pulling its definition from
linux/sched.h. the 'uclamp_se' structure is conditionally defined based
upon CONFIG_UCLAMP_TASK therefore causing a build error to show up for
the android_rvh_uclamp_eff_get trace point.
Fix this by providing a forward declaration of 'struct uclamp_se' like
before.
Fixes: 7b26719a77c4 ("ANDROID: GKI: use internal type definitions in vendor hooks")
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Change-Id: Iaa803d149150c1703435f9cfa52ea1406a9521fd
This reverts commit 5b7f84b1f9 which is
commit 2d151d3907 upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic222a9dfeaa3775f1173b4cd13de7e9ae959ccd9
This reverts commit ab610ee1d1 which is
5d8dbb7fb8 commit upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1843039a406d0e39cdbde7f1da9be30fb1cbcd6a
This reverts commit 20fd28df40 which is
f8d858e607 commit upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0597156be84f636d8196c81b2625a04bab57dc0c
This reverts commit 9856c3a129 which is
88d0adb5f1 commit upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4e7bf3d512309e061272648fdb5733e270ab4279
This reverts commit 57c1bbe709 which is
ec3bb89081 commit upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iebfe2659463646982cc41c7cd29db2d51ef5e6eb
This reverts commit 0d2e9d8000 which is
b58b1f563a commit upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a8403a202b21cda7f856ea143c5b01b78346078
This reverts commit 47f04f95ed which is
e6175a2ed1 commit upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibb0fcc031d2bf71f137d3c760d84858436acc801
This reverts commit 633be494c3 which is
commit 844f7eaaed upstream.
It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4224f0b86fdc8cfba5e18f9632ed191d18552a30
check_sync() checks for whether device driver DMA sync sg list entry count equals to map sg list entry count, but in struct dma_buf_ops, there has below interface:
int (*begin_cpu_access_partial)
int (*end_cpu_access_partial)
When vendor implement these interface in dma heap to support dma-buf partial cache sync for performance improvement, in dma_buf_ops of heap, we copy a sgtable from orginal sgtable but with necessary nents, it will less then nents used in map attachment, in the way, the following warning had occurred:
DMA-API: device_xxx: device driver syncs DMA sg list with different entry count [map count=5] [sync count=1]
Call trace:
check_sync+0x6d8/0xb40
debug_dma_sync_sg_for_cpu+0x114/0x16c
dma_sync_sg_for_cpu+0xa0/0xe4
So need change check conditation in check_sync to support dma-buf partial cache sync.
Bug: 236343688
Signed-off-by: Mingyuan Ma <mingyuan.ma@mediatek.com>
Signed-off-by: Yunfei Wang <yf.wang@mediatek.com>
Change-Id: I2f4db3b156e752eeb022927957f77a3fa534a573
(cherry picked from commit d61fe3ad4bab3f4bc040e7ac0c7ec919b50e8a43)
A panic can occur if the endpoint becomes disabled and the
uvcg_video_pump adds the request back to the req_free list after it has
already been queued to the endpoint. The endpoint complete will add the
request back to the req_free list. Invalidate the local request handle
once it's been queued.
<6>[ 246.796704][T13726] configfs-gadget gadget: uvc: uvc_function_set_alt(1, 0)
<3>[ 246.797078][ T26] list_add double add: new=ffffff878bee5c40, prev=ffffff878bee5c40, next=ffffff878b0f0a90.
<6>[ 246.797213][ T26] ------------[ cut here ]------------
<2>[ 246.797224][ T26] kernel BUG at lib/list_debug.c:31!
<6>[ 246.807073][ T26] Call trace:
<6>[ 246.807180][ T26] uvcg_video_pump+0x364/0x38c
<6>[ 246.807366][ T26] process_one_work+0x2a4/0x544
<6>[ 246.807394][ T26] worker_thread+0x350/0x784
<6>[ 246.807442][ T26] kthread+0x2ac/0x320
Fixes: f9897ec0f6 ("usb: gadget: uvc: only pump video data if necessary")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Vacura <w36195@motorola.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Bug: 236299719
Link: https://lore.kernel.org/all/20220617163154.16621-1-w36195@motorola.com/
Change-Id: Ie36696d51e0199fc4befca58032842137dece886
Signed-off-by: Dan Vacura <w36195@motorola.com>
Degradation of write speed caused by frequent disk access for cluster
bitmap update on every cluster allocation could be improved by
selective syncing bitmap buffer. Change to flush bitmap buffer only
for the directory related operations.
Signed-off-by: Hyeongseok Kim <hyeongseok@gmail.com>
Acked-by: Sungjong Seo <sj1557.seo@samsung.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Change-Id: I660931d6da488880337a33dd03b48cb0be0bb26c
Signed-off-by: Howard Chen <howardsoc@google.com>
(cherry picked from commit 23befe490b)
Bug: 233712676
In following scenario(diagram), when one thread X running dev_coredumpm()
adds devcd device to the framework which sends uevent notification to
userspace and another thread Y reads this uevent and call to
devcd_data_write() which eventually try to delete the queued timer that
is not initialized/queued yet.
So, debug object reports some warning and in the meantime, timer is
initialized and queued from X path. and from Y path, it gets reinitialized
again and timer->entry.pprev=NULL and try_to_grab_pending() stucks.
To fix this, introduce mutex and a boolean flag to serialize the behaviour.
cpu0(X) cpu1(Y)
dev_coredump() uevent sent to user space
device_add() ======================> user space process Y reads the
uevents writes to devcd fd
which results into writes to
devcd_data_write()
mod_delayed_work()
try_to_grab_pending()
del_timer()
debug_assert_init()
INIT_DELAYED_WORK()
schedule_delayed_work()
debug_object_fixup()
timer_fixup_assert_init()
timer_setup()
do_init_timer()
/*
Above call reinitializes
the timer to
timer->entry.pprev=NULL
and this will be checked
later in timer_pending() call.
*/
timer_pending()
!hlist_unhashed_lockless(&timer->entry)
!h->pprev
/*
del_timer() checks h->pprev and finds
it to be NULL due to which
try_to_grab_pending() stucks.
*/
Bug: 235577024
Change-Id: I5e86abf72e8dff6952ba493fd9f43a26b2b40352
Link: https://lore.kernel.org/lkml/2e1f81e2-428c-f11f-ce92-eb11048cb271@quicinc.com/
Link: https://lore.kernel.org/lkml/1653660220-19197-1-git-send-email-quic_mojha@quicinc.com/
Signed-off-by: Mukesh Ojha <quic_mojha@quicinc.com>
The current limitation of possible number of requests being handled is
dependent on the gadget speed. It makes more sense to depend on the
typical frame size when calculating the number of requests. This patch
is changing this and is using the previous limits as boundaries for
reasonable minimum and maximum number of requests.
For a 1080p jpeg encoded video stream with a maximum imagesize of
e.g. 800kB with a maxburst of 8 and an multiplier of 1 the resulting
number of requests is calculated to 49.
800768 1
nreqs = ------ * -------------- ~= 49
2 (1024 * 8 * 1)
Tested-by: Dan Vacura <w36195@motorola.com>
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20220529223848.105914-2-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 234757296
(cherry picked from commit 87d76b5f1dhttps://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-next)
Change-Id: I0228cbaa56d4e75bed33e1ef721ae3127d779faf
Signed-off-by: Dan Vacura <w36195@motorola.com>
The tracing_is_on interface has been exported, add it to the symbol table so that we can use it in the external module.
Leaf changes summary: 1 artifact changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 1 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
1 Added function:
[A] 'function int tracing_is_on()'
Bug: 193384408
Signed-off-by: xieliujie <xieliujie@oppo.com>
Change-Id: If9f923850ab1db76214240efd8337211972d3a67
commit e677edbcab upstream.
io_flush_timeouts() assumes the timeout isn't in progress of triggering
or being removed/canceled, so it unconditionally removes it from the
timeout list and attempts to cancel it.
Leave it on the list and let the normal timeout cancelation take care
of it.
Bug: 231494876
Cc: stable@vger.kernel.org # 5.5+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: Ie7dba41da32732391f8a85526fe20168bd431be8
Changes in 5.10.118
usb: gadget: fix race when gadget driver register via ioctl
io_uring: always grab file table for deferred statx
floppy: use a statically allocated error counter
Revert "drm/i915/opregion: check port number bounds for SWSCI display power state"
igc: Remove _I_PHY_ID checking
igc: Remove phy->type checking
igc: Update I226_K device ID
rtc: fix use-after-free on device removal
rtc: pcf2127: fix bug when reading alarm registers
um: Cleanup syscall_handler_t definition/cast, fix warning
Input: add bounds checking to input_set_capability()
Input: stmfts - fix reference leak in stmfts_input_open
nvme-pci: add quirks for Samsung X5 SSDs
gfs2: Disable page faults during lockless buffered reads
rtc: sun6i: Fix time overflow handling
crypto: stm32 - fix reference leak in stm32_crc_remove
crypto: x86/chacha20 - Avoid spurious jumps to other functions
ALSA: hda/realtek: Enable headset mic on Lenovo P360
s390/pci: improve zpci_dev reference counting
vhost_vdpa: don't setup irq offloading when irq_num < 0
tools/virtio: compile with -pthread
nvme-multipath: fix hang when disk goes live over reconnect
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
fs: fix an infinite loop in iomap_fiemap
MIPS: lantiq: check the return value of kzalloc()
drbd: remove usage of list iterator variable after loop
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
nilfs2: fix lockdep warnings in page operations for btree nodes
nilfs2: fix lockdep warnings during disk space reclamation
Revert "swiotlb: fix info leak with DMA_FROM_DEVICE"
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
ALSA: usb-audio: Restore Rane SL-1 quirk
ALSA: wavefront: Proper check of get_user() error
ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
perf: Fix sys_perf_event_open() race against self
selinux: fix bad cleanup on error in hashtab_duplicate()
Fix double fget() in vhost_net_set_backend()
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
KVM: x86/mmu: Update number of zapped pages even if page list is stable
arm64: paravirt: Use RCU read locks to guard stolen_time
arm64: mte: Ensure the cleared tags are visible before setting the PTE
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
libceph: fix potential use-after-free on linger ping and resends
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
net: ipa: record proper RX transaction count
net: macb: Increment rx bd head after allocating skb and buffer
net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm
xfrm: Add possibility to set the default to block if we have no policy
net: xfrm: fix shift-out-of-bounce
xfrm: make user policy API complete
xfrm: notify default policy on update
xfrm: fix dflt policy check when there is no policy configured
xfrm: rework default policy structure
xfrm: fix "disable_policy" flag use when arriving from different devices
net/sched: act_pedit: sanitize shift argument before usage
net: systemport: Fix an error handling path in bcm_sysport_probe()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
ice: fix possible under reporting of ethtool Tx and Rx statistics
clk: at91: generated: consider range when calculating best rate
net/qla3xxx: Fix a test in ql_reset_work()
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/mlx5e: Properly block LRO when XDP is enabled
net: af_key: add check for pfkey_broadcast in function pfkey_process
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
igb: skip phy status check where unavailable
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
riscv: dts: sifive: fu540-c000: align dma node name with dtschema
gpio: gpio-vf610: do not touch other bits when set the target bit
gpio: mvebu/pwm: Refuse requests with inverted polarity
perf bench numa: Address compiler error on s390
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
mac80211: fix rx reordering with non explicit / psmp ack policy
nl80211: validate S1G channel width
selftests: add ping test with ping_group_range tuned
nl80211: fix locking in nl80211_set_tx_bitrate_mask()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
net: atlantic: fix "frag[0] not initialized"
net: atlantic: reduce scope of is_rsc_complete
net: atlantic: add check for MAX_SKB_FRAGS
net: atlantic: verify hw_head_ lies within TX buffer ring
arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs
Input: ili210x - fix reset timing
dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
module: treat exit sections the same as init sections when !CONFIG_MODULE_UNLOAD
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
afs: Fix afs_getattr() to refetch file status if callback break occurred
include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
module: check for exit sections in layout_sections() instead of module_init_section()
Linux 5.10.118
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7093fab7ea7d43c42962f2d7fe799df255049a17
